Flat file cleanup phase 2: make it work for pg_group. The flat group

file now identifies group members by usesysid not name; this avoids
needing to depend on SearchSysCache which we can't use during startup.
(The old representation was entirely broken anyway, since we did not
regenerate the file following RENAME USER.)  It's only a 95% solution
because if the group membership list is big enough to be toasted out
of line, we cannot read it during startup.  I think this will do for
the moment, until we have time to implement the planned pg_role
replacement for pg_group.

2 files changed, 28 insertions, 21 deletions

diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index fcc7db2112d..58e80334f61 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -9,7 +9,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.61 2004/12/31 21:59:50 pgsql Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.62 2005/02/20 04:45:57 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -42,14 +42,18 @@ md5_crypt_verify(const Port *port, const char *user, char *client_pass)
 	if ((line = get_user_line(user)) == NULL)
 		return STATUS_ERROR;
 
-	/* Skip over username */
-	token = lnext(list_head(*line));
+	/* Skip over username and usesysid */
+	token = list_head(*line);
+	if (token)
+		token = lnext(token);
+	if (token)
+		token = lnext(token);
 	if (token)
 	{
-		shadow_pass = lfirst(token);
+		shadow_pass = (char *) lfirst(token);
 		token = lnext(token);
 		if (token)
-			valuntil = lfirst(token);
+			valuntil = (char *) lfirst(token);
 	}
 
 	if (shadow_pass == NULL || *shadow_pass == '\0')
@@ -142,16 +146,14 @@ md5_crypt_verify(const Port *port, const char *user, char *client_pass)
 		/*
 		 * Password OK, now check to be sure we are not past valuntil
 		 */
-		AbsoluteTime vuntil,
-					current;
+		AbsoluteTime vuntil;
 
-		if (!valuntil)
+		if (valuntil == NULL || *valuntil == '\0')
 			vuntil = INVALID_ABSTIME;
 		else
 			vuntil = DatumGetAbsoluteTime(DirectFunctionCall1(abstimein,
 											 CStringGetDatum(valuntil)));
-		current = GetCurrentAbsoluteTime();
-		if (vuntil != INVALID_ABSTIME && vuntil < current)
+		if (vuntil != INVALID_ABSTIME && vuntil < GetCurrentAbsoluteTime())
 			retval = STATUS_ERROR;
 		else
 			retval = STATUS_OK;
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index f96eaec0f2d..9a65ee1610c 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.138 2005/02/20 02:21:40 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.139 2005/02/20 04:45:57 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -498,23 +498,28 @@ get_user_line(const char *user)
 
 
 /*
- * Check group for a specific user.
+ * Does user belong to group?
  */
 static bool
 check_group(char *group, char *user)
 {
 	List	  **line;
+	ListCell   *line_item;
+	char	   *usesysid;
 
-	if ((line = get_group_line(group)) != NULL)
-	{
-		ListCell   *line_item;
+	if ((line = get_user_line(user)) == NULL)
+		return false;			/* if user not exist, say "no" */
+	/* Skip over username to get usesysid */
+	usesysid = (char *) lsecond(*line);
 
-		/* skip over the group name */
-		for_each_cell(line_item, lnext(list_head(*line)))
-		{
-			if (strcmp(lfirst(line_item), user) == 0)
-				return true;
-		}
+	if ((line = get_group_line(group)) == NULL)
+		return false;			/* if group not exist, say "no" */
+
+	/* skip over the group name, examine all the member usesysid's */
+	for_each_cell(line_item, lnext(list_head(*line)))
+	{
+		if (strcmp((char *) lfirst(line_item), usesysid) == 0)
+			return true;
 	}
 
 	return false;