Re: [HACKERS] [TODO] Process pg_hba.conf keywords as case-insensitive

[Heikki Linnakangas]

On 07/23/2014 09:14 AM, Viswanatham kirankumar wrote:
On 16 July 2014 23:12, Tom Lane wrote
Christoph Berg <c...@df7cb.de> writes:
Re: Viswanatham kirankumar 2014-07-16
<ec867def52699d4189b584a14baa7c2165440...@blreml504-mbx.china.huawei.com>
Attached patch is implementing following TODO item Process
pg_hba.conf keywords as case-insensitive

Hmm. I see a case for accepting "ALL" (as in hosts.allow(5)), so +1 on
that, but I don't think the other keywords like "host" and "peer"
should be valid in upper case.

I think the argument was that SQL users are accustomed to thinking that 
keywords are
case-insensitive.  It makes sense to me that we should adopt that same 
convention in pg_hba.conf.

Re-reading the original thread, there was also concern about whether
we should try to make quoting/casefolding behave more like it does in SQL,
specifically for matching pg_hba.conf items to SQL identifiers (database and 
role names).
This patch doesn't seem to have addressed that part of it, but I think we need 
to think those
things through before we just do a blind s/strcmp/pg_strcasecmp/g.  Otherwise 
we might
find that we've added ambiguity that will give us trouble when we do try to fix 
that.

I had updated as per you review comments

1) database and role names behave similar to SQL identifiers (case-sensitive / 
case-folding).

2) users and user-groups only requires special handling and behavior as follows
     Normal user :
       A. unquoted ( USER ) will be treated as user ( downcase ).
       B. quoted  ( "USeR" )  will be treated as USeR (case-sensitive).
       C. quoted ( "+USER" ) will be treated as normal user +USER (i.e. will 
not be considered as user-group) and case-sensitive as string is quoted.
    User Group :
       A. unquoted ( +USERGROUP ) will be treated as +usergruop ( downcase ).
       B. plus quoted ( +"UserGROUP"  ) will be treated as +UserGROUP 
(case-sensitive).

3) Host name is not a SQL object so it will be treated as case-sensitive
    except for all, samehost, samenet are considered as keywords.
    For these user need to use quotes to differentiate between hostname and 
keywords.

4) All the fixed keywords mention in pg_hba.conf and Client Authentication 
section will be considered as keywords
     Eg: host, local, hostssl etc..


With this patch, database (and role?) names are compared 
case-insensitively. For example:

local  MixedDB all trust
local  mixedDB all reject

psql -d "mixedDB"
psql (9.5devel)
Type "help" for help.

mixedDB=#

That connection should've matched that 2nd line, and be rejected.

PS. Please update the docs.

- Heikki



--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers