diff options
| author | Michael Paquier | 2022-10-19 01:08:49 +0000 |
|---|---|---|
| committer | Michael Paquier | 2022-10-19 01:08:49 +0000 |
| commit | fc579e11c6b8400f8d4ea2438c72bde006774370 (patch) | |
| tree | 4202575da984df4342ce01e0a3fb051346ef0e30 /src/include | |
| parent | 8bf66dedd88673f94122c3f3337e7d58e561ef4f (diff) | |
Refactor regular expression handling in hba.c
AuthToken gains a regular expression, and IdentLine is changed so as it
uses an AuthToken rather than tracking separately the ident user string
used for the regex compilation and its generated regex_t. In the case
of pg_ident.conf, a set of AuthTokens is built in the pre-parsing phase
of the file, and an extra regular expression is compiled when building
the list of IdentLines, after checking the sanity of the fields in a
pre-parsed entry.
The logic in charge of computing and executing regular expressions is
now done in a new set of routines called respectively
regcomp_auth_token() and regexec_auth_token() that are wrappers around
pg_regcomp() and pg_regexec(), working on AuthTokens. While on it, this
patch adds a routine able to free an AuthToken, free_auth_token(), to
simplify a bit the logic around the requirement of using a specific free
routine for computed regular expressions. Note that there are no
functional or behavior changes introduced by this commit.
The goal of this patch is to ease the use of regular expressions with
more items of pg_hba.conf (user list, database list, potentially
hostnames) where AuthTokens are used extensively. This will be tackled
later in a separate patch.
Author: Bertrand Drouvot, Michael Paquier
Discussion: https://postgr.es/m/fff0d7c1-8ad4-76a1-9db3-0ab6ec338bf7@amazon.com
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/libpq/hba.h | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h index d06da818060..cec2e2665f7 100644 --- a/src/include/libpq/hba.h +++ b/src/include/libpq/hba.h @@ -77,6 +77,20 @@ typedef enum ClientCertName clientCertDN } ClientCertName; +/* + * A single string token lexed from an authentication configuration file + * (pg_ident.conf or pg_hba.conf), together with whether the token has + * been quoted. If "string" begins with a slash, it may optionally + * contain a regular expression (currently used for pg_ident.conf when + * building IdentLines). + */ +typedef struct AuthToken +{ + char *string; + bool quoted; + regex_t *regex; +} AuthToken; + typedef struct HbaLine { int linenumber; @@ -127,23 +141,11 @@ typedef struct IdentLine int linenumber; char *usermap; - char *ident_user; char *pg_role; - regex_t re; + AuthToken *token; } IdentLine; /* - * A single string token lexed from an authentication configuration file - * (pg_ident.conf or pg_hba.conf), together with whether the token has - * been quoted. - */ -typedef struct AuthToken -{ - char *string; - bool quoted; -} AuthToken; - -/* * TokenizedAuthLine represents one line lexed from an authentication * configuration file. Each item in the "fields" list is a sub-list of * AuthTokens. We don't emit a TokenizedAuthLine for empty or all-comment |