Authentication improvements:

A new pg_hba.conf column, USER
Allow specifiction of lists of users separated by commas
Allow group names specified by +
Allow include files containing lists of users specified by @
Allow lists of databases, and database files
Allow samegroup in database column to match group name matching dbname
Removal of secondary password files
Remove pg_passwd utility
Lots of code cleanup in user.c and hba.c
New data/global/pg_pwd format
New data/global/pg_group file

5 files changed, 26 insertions, 18 deletions

diff --git a/src/include/catalog/pg_proc.h b/src/include/catalog/pg_proc.h
index ac32bd69aa0..cd939a9c10a 100644
--- a/src/include/catalog/pg_proc.h
+++ b/src/include/catalog/pg_proc.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_proc.h,v 1.224 2002/03/29 19:06:19 tgl Exp $
+ * $Id: pg_proc.h,v 1.225 2002/04/04 04:25:52 momjian Exp $
  *
  * NOTES
  *	  The script catalog/genbki.sh reads this file and generates .bki
@@ -2101,8 +2101,8 @@ DESCR("does not match LIKE expression, case-insensitive");
 DATA(insert OID = 1637 (  like_escape		PGUID 12 f t t t 2 f 25 "25 25" 100 0 0 100 like_escape - _null_ ));
 DESCR("convert match pattern to use backslash escapes");
 
-DATA(insert OID = 1689 (  update_pg_pwd		  PGUID 12 f t f t 0 f 0  ""  100 0 0 100  update_pg_pwd - _null_ ));
-DESCR("update pg_pwd file");
+DATA(insert OID = 1689 (  update_pg_pwd_and_pg_group  PGUID 12 f t f t 0 f 0  ""  100 0 0 100  update_pg_pwd_and_pg_group - _null_ ));
+DESCR("update pg_pwd and pg_group files");
 
 /* Oracle Compatibility Related Functions - By Edmund Mergl <E.Mergl@bawue.de> */
 DATA(insert OID =  868 (  strpos	   PGUID 12 f t t t 2 f 23 "25 25" 100 0 0 100	textpos - _null_ ));
diff --git a/src/include/commands/user.h b/src/include/commands/user.h
index 351c2d6ef6d..046e022ae8f 100644
--- a/src/include/commands/user.h
+++ b/src/include/commands/user.h
@@ -3,15 +3,23 @@
  * user.h
  *
  *
- * $Id: user.h,v 1.17 2002/03/01 22:45:17 petere Exp $
+ * $Id: user.h,v 1.18 2002/04/04 04:25:53 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
 #ifndef USER_H
 #define USER_H
 
+#include "fmgr.h"
 #include "nodes/parsenodes.h"
 
+#define PWD_FILE	"pg_pwd"
+
+#define USER_GROUP_FILE	"pg_group"
+
+
+extern char *group_getfilename(void);
+extern char *user_getfilename(void);
 extern void CreateUser(CreateUserStmt *stmt);
 extern void AlterUser(AlterUserStmt *stmt);
 extern void AlterUserSet(AlterUserSetStmt *stmt);
@@ -21,6 +29,6 @@ extern void CreateGroup(CreateGroupStmt *stmt);
 extern void AlterGroup(AlterGroupStmt *stmt, const char *tag);
 extern void DropGroup(DropGroupStmt *stmt);
 
-extern Datum update_pg_pwd(PG_FUNCTION_ARGS);
+extern Datum update_pg_pwd_and_pg_group(PG_FUNCTION_ARGS);
 
 #endif   /* USER_H */
diff --git a/src/include/libpq/crypt.h b/src/include/libpq/crypt.h
index 458be1fd2cf..a521a0e2cee 100644
--- a/src/include/libpq/crypt.h
+++ b/src/include/libpq/crypt.h
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: crypt.h,v 1.19 2001/11/12 01:52:46 momjian Exp $
+ * $Id: crypt.h,v 1.20 2002/04/04 04:25:53 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -15,8 +15,6 @@
 
 #include "libpq/libpq-be.h"
 
-#define CRYPT_PWD_FILE_SEPSTR	"\t"
-
 /* Also defined in interfaces/odbc/md5.h */
 #define MD5_PASSWD_LEN	35
 
@@ -24,9 +22,6 @@
 						 strlen(passwd) == MD5_PASSWD_LEN)
 
 
-extern char *crypt_getpwdfilename(void);
-extern void load_password_cache(void);
-
 extern int md5_crypt_verify(const Port *port, const char *user,
 				 const char *pgpass);
 extern bool md5_hash(const void *buff, size_t len, char *hexsum);
diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
index 0d5ddbaf702..b9daf985f5c 100644
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@@ -4,7 +4,7 @@
  *	  Interface to hba.c
  *
  *
- * $Id: hba.h,v 1.31 2001/11/05 17:46:33 momjian Exp $
+ * $Id: hba.h,v 1.32 2002/04/04 04:25:54 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -15,15 +15,14 @@
 #include <netinet/in.h>
 #endif
 
+#include "nodes/pg_list.h"
+
 #define CONF_FILE "pg_hba.conf"
  /* Name of the config file  */
 
 #define USERMAP_FILE "pg_ident.conf"
  /* Name of the usermap file */
 
-#define OLD_CONF_FILE "pg_hba"
- /* Name of the config file in prior releases of Postgres. */
-
 #define IDENT_PORT 113
  /* Standard TCP port number for Ident service.  Assigned by IANA */
 
@@ -46,8 +45,15 @@ typedef enum UserAuth
 
 typedef struct Port hbaPort;
 
+#define MAX_TOKEN	256
+
+extern void next_token(FILE *fp, char *buf, const int bufsz);
+extern List **get_user_line(const char *user);
+extern void load_hba(void);
+extern void load_ident(void);
+extern void load_user(void);
+extern void load_group(void);
 extern int	hba_getauthmethod(hbaPort *port);
 extern int	authident(hbaPort *port);
-extern void load_hba_and_ident(void);
 
 #endif
diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h
index 4fb64473924..99f7fae88bf 100644
--- a/src/include/miscadmin.h
+++ b/src/include/miscadmin.h
@@ -12,7 +12,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: miscadmin.h,v 1.101 2002/03/04 01:46:04 tgl Exp $
+ * $Id: miscadmin.h,v 1.102 2002/04/04 04:25:51 momjian Exp $
  *
  * NOTES
  *	  some of the information in this file should be moved to
@@ -219,7 +219,6 @@ extern int FindExec(char *full_path, const char *argv0,
 extern int	CheckPathAccess(char *path, char *name, int open_mode);
 
 #ifdef CYR_RECODE
-extern void GetCharSetByHost(char *TableName, int host, const char *DataDir);
 extern void SetCharSet(void);
 extern char *convertstr(unsigned char *buff, int len, int dest);
 #endif