Allow continuations in "pg_hba.conf" files

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Allow continuations in "pg_hba.conf" files

Fabien COELHO-3

Hello,

After writing an unreadable and stupidly long line for ldap
authentification in a "pg_hba.conf" file, I figured out that allowing
continuations looked simple enough and should just be done.

Patch attached.

--
Fabien.

pg-hba-cont-1.patch (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Allow continuations in "pg_hba.conf" files

Justin Pryzby
Hi,

On Wed, Mar 25, 2020 at 07:09:38PM +0100, Fabien COELHO wrote:
>
> Hello,
>
> After writing an unreadable and stupidly long line for ldap authentification
> in a "pg_hba.conf" file, I figured out that allowing continuations looked
> simple enough and should just be done.

I tried this briefly.

> -   Records cannot be continued across lines.
> +   Records can be backslash-continued across lines.

Maybe say: "lines ending with a backslash are logically continued on the next
line", or similar.

> + /* else we have a continuation, just blank it and loop */
> + continuations++;
> + *curend++ = ' ';

Since it puts a blank there, it creates a "word" boundary, which I gather
worked for your use case.  But I wonder whether it's needed to add a space (or
otherwise, document that lines cannot be split beween words?).

You might compare this behavior with that of makefiles (or find a better
example) which I happen to recall *don't* add a space; if you want that, you
have to end the line with: " \" not just "\".

Anyway, I checked that the current patch handles users split across lines, like:
alice,\
bob,\
carol

As written, that depends on the parser's behavior of ignoring commas and
blanks, since it sees:
"alice,[SPACE]bob,[SPACE]carol"

Maybe it'd be nice to avoid depending on that.

I tried with a username called "alice,bob", split across lines:

"alice,\
bob",\

But then your patch makes it look for a user called "alice, bob" (with a
space).  I realize that's not a compelling argument :)

Note, that also appears to affect the "username maps" file.  So mention in that
chapter, too.
https://www.postgresql.org/docs/current/auth-username-maps.html

Cheers,
--
Justin


Reply | Threaded
Open this post in threaded view
|

Re: Allow continuations in "pg_hba.conf" files

Fabien COELHO-3

Hello Justin,

thanks for the feedback.

>> -   Records cannot be continued across lines.
>> +   Records can be backslash-continued across lines.
>
> Maybe say: "lines ending with a backslash are logically continued on the next
> line", or similar.

I tried to change it along that.

> Since it puts a blank there, it creates a "word" boundary, which I gather
> worked for your use case.  But I wonder whether it's needed to add a space (or
> otherwise, document that lines cannot be split beween words?).

Hmmm. Ok, you are right. I hesitated while doing it. I removed the char
instead, so that it does not add a word break.

> Note, that also appears to affect the "username maps" file.  So mention
> in that chapter, too.
> https://www.postgresql.org/docs/current/auth-username-maps.html

Indeed, the same tokenizer is used. I updated a sentence to point on
continuations.

--
Fabien.

pg-hba-cont-2.patch (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Allow continuations in "pg_hba.conf" files

David Zhang
Hi Fabien,
Should we consider the case "\ ", i.e. one or more spaces after the backslash?
For example, if I replace a user map
"mymap   /^(.*)@mydomain\.com$      \1" with
"mymap   /^(.*)@mydomain\.com$      \ "
"\1"
by adding one extra space after the backslash, then I got the pg_role="\\"
but I think what we expect is pg_role="\\1"
Reply | Threaded
Open this post in threaded view
|

Re: Allow continuations in "pg_hba.conf" files

Kyotaro Horiguchi-4
At Thu, 02 Apr 2020 00:20:12 +0000, David Zhang <[hidden email]> wrote in
> Hi Fabien,
> Should we consider the case "\ ", i.e. one or more spaces after the backslash?
> For example, if I replace a user map
> "mymap   /^(.*)@mydomain\.com$      \1" with
> "mymap   /^(.*)@mydomain\.com$      \ "
> "\1"
> by adding one extra space after the backslash, then I got the pg_role="\\"
> but I think what we expect is pg_role="\\1"

FWIW, I don't think so. Generally a trailing backspace is an escape
character for the following newline.  And '\ ' is a escaped space,
which is usualy menas a space itself.

In this case escape character doesn't work generally and I think it is
natural that a backslash in the middle of a line is a backslash
character itself.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center


Reply | Threaded
Open this post in threaded view
|

Re: Allow continuations in "pg_hba.conf" files

Fabien COELHO-3

Hello,

> FWIW, I don't think so. Generally a trailing backspace is an escape
> character for the following newline.  And '\ ' is a escaped space,
> which is usualy menas a space itself.
>
> In this case escape character doesn't work generally and I think it is
> natural that a backslash in the middle of a line is a backslash
> character itself.

I concur: The backslash char is only a continuation as the very last
character of the line, before cr/nl line ending markers.

There are no assumption about backslash escaping, quotes and such, which
seems reasonable given the lexing structure of the files, i.e. records of
space-separated words, and # line comments.

--
Fabien.


Reply | Threaded
Open this post in threaded view
|

Re: Allow continuations in "pg_hba.conf" files

Justin Pryzby
On Thu, Apr 02, 2020 at 07:25:36AM +0200, Fabien COELHO wrote:

>
> Hello,
>
> > FWIW, I don't think so. Generally a trailing backspace is an escape
> > character for the following newline.  And '\ ' is a escaped space,
> > which is usualy menas a space itself.
> >
> > In this case escape character doesn't work generally and I think it is
> > natural that a backslash in the middle of a line is a backslash
> > character itself.
>
> I concur: The backslash char is only a continuation as the very last
> character of the line, before cr/nl line ending markers.
>
> There are no assumption about backslash escaping, quotes and such, which
> seems reasonable given the lexing structure of the files, i.e. records of
> space-separated words, and # line comments.

Quoting does allow words containing spaces:

https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
|A record is made up of a number of fields which are separated by spaces and/or
|tabs. Fields can contain white space if the field value is double-quoted.
|Quoting one of the keywords in a database, user, or address field (e.g., all or
|replication) makes the word lose its special meaning, and just match a
|database, user, or host with that name.

--
Justin


Reply | Threaded
Open this post in threaded view
|

Re: Allow continuations in "pg_hba.conf" files

Fabien COELHO-3

Hi Justin,

>> There are no assumption about backslash escaping, quotes and such, which
>> seems reasonable given the lexing structure of the files, i.e. records of
>> space-separated words, and # line comments.
>
> Quoting does allow words containing spaces:

Ok.

I meant that the continuation handling does not care of that, i.e. if the
continuation is within quotes, then the quoted stuff is implicitely
continuated, there is no different rule because it is within quotes.

--
Fabien.