Global management of `auth_user`

Fixes #142

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@2ndQuadrant.it>

diff --git a/doc/config.rst b/doc/config.rst
index 49750a1e6c44c3cdfeb077882c82c26379f0324a..33f4bf5fe881c20db20f222cfc655a5291218f13 100644 (file)
--- a/doc/config.rst
+++ b/doc/config.rst
@@ -149,6 +149,16 @@ is used it needs to be installed into each database.
 
 Default: ``SELECT usename, passwd FROM pg_shadow WHERE usename=$1``
 
+auth_user
+---------
+
+If ``auth_user`` is set, any user not specified in auth_file will be
+queried through the ``auth_query`` query from pg_shadow in the database
+using ``auth_user``. Auth_user's password will be taken from ``auth_file``.
+
+Direct access to pg_shadow requires admin rights.  It's preferable to
+use non-admin user that calls SECURITY DEFINER function instead.
+
 pool_mode
 ---------
 
@@ -858,12 +868,7 @@ username, meaning that there will be one pool per user.
 auth_user
 ---------
 
-If ``auth_user`` is set, any user not specified in auth_file will be
-queried from pg_shadow in the database using ``auth_user``. Auth_user's
-password will be taken from ``auth_file``.
-
-Direct access to pg_shadow requires admin rights.  It's preferable to
-use non-admin user that calls SECURITY DEFINER function instead.
+Override of the global ``auth_user`` setting, if specified.
 
 pool_size
 ---------

diff --git a/include/bouncer.h b/include/bouncer.h
index 1e6bb920c45de1977b304b650fef10e9fd8f0d44..92b1416d2532e6227c4004c31788fc3e9309df86 100644 (file)
--- a/include/bouncer.h
+++ b/include/bouncer.h
@@ -430,6 +430,7 @@ extern usec_t cf_dns_zone_check_period;
 extern int cf_auth_type;
 extern char *cf_auth_file;
 extern char *cf_auth_query;
+extern char *cf_auth_user;
 extern char *cf_auth_hba_file;
 
 extern char *cf_pidfile;

diff --git a/src/loader.c b/src/loader.c
index 85a3cc74f43e5022d69532a5e8cb09e7d4b84093..3392651e1d404067c08e0d46afa89f14c099297e 100644 (file)
--- a/src/loader.c
+++ b/src/loader.c
@@ -193,7 +193,7 @@ bool parse_database(void *base, const char *name, const char *connstr)
        char *port = "5432";
        char *username = NULL;
        char *password = "";
-       char *auth_username = NULL;
+       char *auth_username = cf_auth_user;
        char *client_encoding = NULL;
        char *datestyle = NULL;
        char *timezone = NULL;

diff --git a/src/main.c b/src/main.c
index d7429e057d82fe2bd188b972e4d83dcccaa98927..1bc24464a9387e865fbb1f944b09a53fee5d1ccb 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -90,6 +90,7 @@ int cf_tcp_keepintvl;
 int cf_auth_type = AUTH_MD5;
 char *cf_auth_file;
 char *cf_auth_hba_file;
+char *cf_auth_user;
 char *cf_auth_query;
 
 int cf_max_client_conn;
@@ -214,6 +215,7 @@ CF_ABS("unix_socket_group", CF_STR, cf_unix_socket_group, CF_NO_RELOAD, ""),
 CF_ABS("auth_type", CF_LOOKUP(auth_type_map), cf_auth_type, 0, "md5"),
 CF_ABS("auth_file", CF_STR, cf_auth_file, 0, "unconfigured_file"),
 CF_ABS("auth_hba_file", CF_STR, cf_auth_hba_file, 0, ""),
+CF_ABS("auth_user", CF_STR, cf_auth_user, 0, NULL),
 CF_ABS("auth_query", CF_STR, cf_auth_query, 0, "SELECT usename, passwd FROM pg_shadow WHERE usename=$1"),
 CF_ABS("pool_mode", CF_LOOKUP(pool_mode_map), cf_pool_mode, 0, "session"),
 CF_ABS("max_client_conn", CF_INT, cf_max_client_conn, 0, "100"),
@@ -785,6 +787,7 @@ static void cleanup(void)
        xfree(&cf_auth_file);
        xfree(&cf_auth_hba_file);
        xfree(&cf_auth_query);
+       xfree(&cf_auth_user);
        xfree(&cf_server_reset_query);
        xfree(&cf_server_check_query);
        xfree(&cf_ignore_startup_params);