On Fri, Aug 14, 2009 at 00:50, Stef Walter<stef-l...@memberwebs.com> wrote: > I love using postgresql, and have for a long time. I'm involved with > almost a hundred postgresql installs. But this is the first time I've > gotten into the code. > > Renumbering networks happens often, and will happen more frequently as > IPv4 space runs low. The IP based restrictions in pg_hba.conf is one of > the places where renumbering can break running installs. In addition > when postgresql is run in BSD jails, 127.0.0.1 is not available for use > in pg_hba.conf. > > It would be great if, in the cidr-address field of pg_hba.conf, we could > specify "samehost" and "samenet". These special values use the local > hosts network interface addresses. "samehost" allows an IP assigned to > the local machine. "samenet" allows any host on the subnets connected to > the local machine. > > This is similar to the "sameuser" value that's allowed in the database > field. > > A change like this would enable admins like myself to distribute > postgresql with something like this in the default pg_hba.conf file: > > host all all samenet md5 > hostssl all all 0.0.0.0/0 md5
Seems like a reasonable feature - especially the samehost part. > I've attached an initial patch which implements "samehost" and > "samenet". The patch looks more invasive than it really is, due to > necessary indentation change (ie: a if block), and moving some code into > a separate function. A couple of comments on the patch: * In general, don't include configure in the patch. Just configure.in. Makes it easier to read, and configure is normally built by the committer anyway. * How portable is this? For starters is clearly doesn't do Windows, which would need to be investigated for similar functionality, but how many others support getifaddr()? From what I can tell it's not in POSIX, at least. * The checks for "not supported" should happen at parsing time, not at runtime. * It needs to include documentation changes I haven't looked at the guts of the patch yet, those are just a couple of first questions. > Thanks for your time. How can I help get a feature like this into > postgresql? Please add it to the open commitfest (https://commitfest.postgresql.org/action/commitfest_view/open). This will cause it to be reviewed during the next commitfest, and then you just need to be around to answer any questions that reviewers come up with :-) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
