From: Gabriele Bartolini Date: Fri, 14 Apr 2017 08:23:39 +0000 (+0200) Subject: Global management of `auth_user` X-Git-Tag: pgbouncer_1_8~25^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4ea2306b94647333a9ed8a62b897cd872e3f0005;p=pgbouncer Global management of `auth_user` Fixes #142 Signed-off-by: Gabriele Bartolini --- diff --git a/doc/config.rst b/doc/config.rst index 49750a1..33f4bf5 100644 --- a/doc/config.rst +++ b/doc/config.rst @@ -149,6 +149,16 @@ is used it needs to be installed into each database. Default: ``SELECT usename, passwd FROM pg_shadow WHERE usename=$1`` +auth_user +--------- + +If ``auth_user`` is set, any user not specified in auth_file will be +queried through the ``auth_query`` query from pg_shadow in the database +using ``auth_user``. Auth_user's password will be taken from ``auth_file``. + +Direct access to pg_shadow requires admin rights. It's preferable to +use non-admin user that calls SECURITY DEFINER function instead. + pool_mode --------- @@ -858,12 +868,7 @@ username, meaning that there will be one pool per user. auth_user --------- -If ``auth_user`` is set, any user not specified in auth_file will be -queried from pg_shadow in the database using ``auth_user``. Auth_user's -password will be taken from ``auth_file``. - -Direct access to pg_shadow requires admin rights. It's preferable to -use non-admin user that calls SECURITY DEFINER function instead. +Override of the global ``auth_user`` setting, if specified. pool_size --------- diff --git a/include/bouncer.h b/include/bouncer.h index 1e6bb92..92b1416 100644 --- a/include/bouncer.h +++ b/include/bouncer.h @@ -430,6 +430,7 @@ extern usec_t cf_dns_zone_check_period; extern int cf_auth_type; extern char *cf_auth_file; extern char *cf_auth_query; +extern char *cf_auth_user; extern char *cf_auth_hba_file; extern char *cf_pidfile; diff --git a/src/loader.c b/src/loader.c index 85a3cc7..3392651 100644 --- a/src/loader.c +++ b/src/loader.c @@ -193,7 +193,7 @@ bool parse_database(void *base, const char *name, const char *connstr) char *port = "5432"; char *username = NULL; char *password = ""; - char *auth_username = NULL; + char *auth_username = cf_auth_user; char *client_encoding = NULL; char *datestyle = NULL; char *timezone = NULL; diff --git a/src/main.c b/src/main.c index d7429e0..1bc2446 100644 --- a/src/main.c +++ b/src/main.c @@ -90,6 +90,7 @@ int cf_tcp_keepintvl; int cf_auth_type = AUTH_MD5; char *cf_auth_file; char *cf_auth_hba_file; +char *cf_auth_user; char *cf_auth_query; int cf_max_client_conn; @@ -214,6 +215,7 @@ CF_ABS("unix_socket_group", CF_STR, cf_unix_socket_group, CF_NO_RELOAD, ""), CF_ABS("auth_type", CF_LOOKUP(auth_type_map), cf_auth_type, 0, "md5"), CF_ABS("auth_file", CF_STR, cf_auth_file, 0, "unconfigured_file"), CF_ABS("auth_hba_file", CF_STR, cf_auth_hba_file, 0, ""), +CF_ABS("auth_user", CF_STR, cf_auth_user, 0, NULL), CF_ABS("auth_query", CF_STR, cf_auth_query, 0, "SELECT usename, passwd FROM pg_shadow WHERE usename=$1"), CF_ABS("pool_mode", CF_LOOKUP(pool_mode_map), cf_pool_mode, 0, "session"), CF_ABS("max_client_conn", CF_INT, cf_max_client_conn, 0, "100"), @@ -785,6 +787,7 @@ static void cleanup(void) xfree(&cf_auth_file); xfree(&cf_auth_hba_file); xfree(&cf_auth_query); + xfree(&cf_auth_user); xfree(&cf_server_reset_query); xfree(&cf_server_check_query); xfree(&cf_ignore_startup_params);