Commit e27f52f3 authored by Tom Lane's avatar Tom Lane

Reject empty pg_hba.conf files.

An empty HBA file is surely an error, since it means there is no way to
connect to the server.  We've not heard identifiable reports of people
actually doing that, but this will also close off the case Thom Brown just
complained of, namely pointing hba_file at a directory.  (On at least some
platforms with some directories, it will read as an empty file.)

Perhaps this should be back-patched, but given the lack of previous
complaints, I won't add extra work for the translators.
parent 7c19e044
...@@ -1685,9 +1685,13 @@ check_hba(hbaPort *port) ...@@ -1685,9 +1685,13 @@ check_hba(hbaPort *port)
/* /*
* Read the config file and create a List of HbaLine records for the contents. * Read the config file and create a List of HbaLine records for the contents.
* *
* The configuration is read into a temporary list, and if any parse error occurs * The configuration is read into a temporary list, and if any parse error
* the old list is kept in place and false is returned. Only if the whole file * occurs the old list is kept in place and false is returned. Only if the
* parses Ok is the list replaced, and the function returns true. * whole file parses OK is the list replaced, and the function returns true.
*
* On a false result, caller will take care of reporting a FATAL error in case
* this is the initial startup. If it happens on reload, we just keep running
* with the old data.
*/ */
bool bool
load_hba(void) load_hba(void)
...@@ -1710,12 +1714,6 @@ load_hba(void) ...@@ -1710,12 +1714,6 @@ load_hba(void)
(errcode_for_file_access(), (errcode_for_file_access(),
errmsg("could not open configuration file \"%s\": %m", errmsg("could not open configuration file \"%s\": %m",
HbaFileName))); HbaFileName)));
/*
* Caller will take care of making this a FATAL error in case this is
* the initial startup. If it happens on reload, we just keep the old
* version around.
*/
return false; return false;
} }
...@@ -1755,13 +1753,27 @@ load_hba(void) ...@@ -1755,13 +1753,27 @@ load_hba(void)
new_parsed_lines = lappend(new_parsed_lines, newline); new_parsed_lines = lappend(new_parsed_lines, newline);
} }
/*
* A valid HBA file must have at least one entry; else there's no way
* to connect to the postmaster. But only complain about this if we
* didn't already have parsing errors.
*/
if (ok && new_parsed_lines == NIL)
{
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("configuration file \"%s\" contains no entries",
HbaFileName)));
ok = false;
}
/* Free tokenizer memory */ /* Free tokenizer memory */
MemoryContextDelete(linecxt); MemoryContextDelete(linecxt);
MemoryContextSwitchTo(oldcxt); MemoryContextSwitchTo(oldcxt);
if (!ok) if (!ok)
{ {
/* Parsing failed at one or more rows, so bail out */ /* File contained one or more errors, so bail out */
MemoryContextDelete(hbacxt); MemoryContextDelete(hbacxt);
return false; return false;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment