Skip to content

Commit 0b71743

Browse files
michaelpqmichaelpq
committed
Track behavior of \1 in pg_ident.conf when quoted
Entries of pg-user in pg_ident.conf that are quoted and include '\1' allow a replacement from a subexpression in a system user regexp. This commit adds a test to track this behavior and a note in the documentation, as it could be affected by the use of an AuthToken for the pg-user in the IdentLines parsed. This subject has come up in the discussion aimed at extending the support of pg-user in ident entries for more patterns. Author: Jelte Fennema Discussion: https://postgr.es/m/CAGECzQRNow4MwkBjgPxywXdJU_K3a9+Pm78JB7De3yQwwkTDew@mail.gmail.com
1 parent da5800d commit 0b71743

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

doc/src/sgml/client-auth.sgml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -960,6 +960,9 @@ mymap /^(.*)@otherdomain\.com$ guest
960960
will remove the domain part for users with system user names that end with
961961
<literal>@mydomain.com</literal>, and allow any user whose system name ends with
962962
<literal>@otherdomain.com</literal> to log in as <literal>guest</literal>.
963+
Quoting a <replaceable>database-username</replaceable> containing
964+
<literal>\1</literal> <emphasis>does not</emphasis> make
965+
<literal>\1</literal> lose its special meaning.
963966
</para>
964967

965968
<tip>

src/test/authentication/t/003_peer.pl

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,19 @@ sub find_in_log
153153
log_like =>
154154
[qr/connection authenticated: identity="$system_user" method=peer/]);
155155

156+
# Success as the regular expression matches and \1 is replaced in the given
157+
# subexpression, even if quoted.
158+
reset_pg_ident($node, 'mypeermap', qq{/^$system_user(.*)\$},
159+
'"test\1mapuser"');
160+
test_role(
161+
$node,
162+
qq{testmapuser},
163+
'peer',
164+
0,
165+
'with regular expression in user name map with quoted \1 replaced',
166+
log_like =>
167+
[qr/connection authenticated: identity="$system_user" method=peer/]);
168+
156169
# Failure as the regular expression does not include a subexpression, but
157170
# the database user contains \1, requesting a replacement.
158171
reset_pg_ident($node, 'mypeermap', qq{/^$system_user\$}, '\1testmapuser');

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy