Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pHeF1-0006K2-HX for pgsql-hackers@arkaria.postgresql.org; Tue, 17 Jan 2023 05:10:36 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1pHeF0-0003b1-Do for pgsql-hackers@arkaria.postgresql.org; Tue, 17 Jan 2023 05:10:34 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pHeEy-0003VQ-JY for pgsql-hackers@lists.postgresql.org; Tue, 17 Jan 2023 05:10:34 +0000 Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pHeEv-0007SJ-JB for pgsql-hackers@lists.postgresql.org; Tue, 17 Jan 2023 05:10:31 +0000 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id C4D565C014F; Tue, 17 Jan 2023 00:10:25 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Tue, 17 Jan 2023 00:10:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paquier.xyz; h= cc:cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm3; t=1673932225; x=1674018625; bh=eBn3UzPjOc KOApsGQUwX5xCXTpHBNwq8F+jAoNXc4pQ=; b=lyuMECv+Y9WQwktKPcQfIDFf2J yUIVQ+mHsFYeZJ7SImrUani9LLNOE2mViWCG6Jks6PRLa94oZzlFoxYaaeEpLPeH XcTJ/7miWuc4zG5/H/A+vZNozueVUq4N3g92eMhIGH9S59q8E6gSjuMo2RAbQRFv Rkj+VzHyeBj8YBNrTpQdO29tS+GPIY7zYokga2pLM419D4bO4k6GkcRsHscU7Tp5 cWmiEaYuuJT/a+HKIBbPQ+Vv5muP+7aEgFzCEWM3kISnjA95CYPl/ZdzeXvBhQOO 1C4w8OEuDvkWII8y3PduCYPYf6GP9CTGPTUmVgIAXIcqopRWKDFQ/CxrtqWw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1673932225; x=1674018625; bh=eBn3UzPjOcKOApsGQUwX5xCXTpHB Nwq8F+jAoNXc4pQ=; b=TZ3WK7170k/JDavJ53jLU3+EaMiKidayqPJAI2DOKJo5 DlN4hS1GFe0tLPW6RSDlFtSgItfZ2CIwg5QAt9edgi5PPyH9htz0gcVgqzj5SpAG m266zIotZOoCerQsar0WcY9BeyC7G/o31LHbGvgspG3UR81BZI8qC12sF/rVgfMu 9D7qeMib+e2Pq89ZKhXuBrmTXIsodqmlYJNG+QcQYUvTbZLs1mSXJYHWHJEu/bgx TEWcSVhswf1dLcQyU83Uc0cqqGNinwTtSTM5CORKuxTs4GsdP+J9Hwj7r4wDhlk9 jaYBl2M5yDetlHf9y2R+XZjqBkzSxRIulxf1GSsCWg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedruddthedgkeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne gfrhhlucfvnfffucdljedtmdenucfjughrpeffhffvvefukfhfgggtuggjsehgtderredt tddvnecuhfhrohhmpefoihgthhgrvghlucfrrghquhhivghruceomhhitghhrggvlhesph grqhhuihgvrhdrgiihiieqnecuggftrfgrthhtvghrnhepteelieefudffhffhtdetleeg geegfffhkeeuveetiefgudduvedutefggeeivdejnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepmhhitghhrggvlhesphgrqhhuihgvrhdrgiih ii X-ME-Proxy: Feedback-ID: i0fe9450f:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 17 Jan 2023 00:10:23 -0500 (EST) Date: Tue, 17 Jan 2023 14:10:18 +0900 From: Michael Paquier To: Jelte Fennema Cc: Jelte Fennema , "isaac.morland@gmail.com" , "pgsql-hackers@lists.postgresql.org" , Nathan Bossart , Andrew Dunstan Subject: Re: [EXTERNAL] Re: [PATCH] Support using "all" for the db user in pg_ident.conf Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="noGynxPu+d65PpwZ" Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --noGynxPu+d65PpwZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 16, 2023 at 11:53:57AM +0100, Jelte Fennema wrote: >> Perhaps it would be simpler to use copy_auth_token() in this code path >> and always free the resulting token? >=20 > I initially tried that when working on the patch, but copy_auth_token > (surprisingly) doesn't copy the regex field into the new AuthToken. > So we'd have to regenerate it conditionally. Making the copy > conditional seemed just as simple code-wise, with the added > bonus that it's not doing a useless copy. Okay, I can live with that. >> In the code path where system-user is a regexp, could it be better >> to skip the replacement of \1 in the new AuthToken if pg-user is >> itself a regexp? The compiled regexp would be the same, but it could >> be considered as a bit confusing, as it can be thought that the >> compiled regexp of pg-user happened after the replacement? >=20 > I updated 0004 to prioritize membership checks and regexes over > substitution of \1. I also added tests for this. Prioritizing "all" over > substitution of \1 is not necessary, since by definition "all" does > not include \1. Thanks, 0003 is OK, so applied now. 0004 looks fine as well, be it for the tests (I am hesitating to tweak things a bit here actually for the role names), the code or the docs, still I am planning a second lookup. -- Michael --noGynxPu+d65PpwZ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEG72nH6vTowiyblFKnvQgOdbyQH0FAmPGLboACgkQnvQgOdby QH0BtRAApqHVWkc9LhiiNzhoeZ3uiX/wOpP1H8v+LwIGURt4E+Mpt9TJ/nRioSD1 SMbae6vqpwx05wDL/iIkvF8iN75yfrLN0t8qtlL0wCHU/qwYOFZ++ydoK+mCTUvD 44IeARtS/ZAjWzksFQVN0JBSJ1ESdYk146hWaY89zx2PjlKvT+Erz2jBDivRov3V 99uFbqR+ZgTrTNHRJnkU57fdRkJlKgWJaY69rGW+n/9d60BKtZzPsnVIwAE+Myzg ZVu+DwNNREPBp0XbGaFu4ICAc1+l2dLtGeE0xFKLLsoOofxqY9RcIrm0yCaDvWZk VXg2nxqi8/BIGiZGIKWLzgvBLumw9MWsLuVloAU9NC0ORK7497UV3vYbmgPXsGxN KtzfdE4A0DLOX+yhU9NSoCt5Vqp/ehxf36x+KEKIH0xB9R2zLMkylO7oWvVNXAOg W/9wOjXOaIbFjLkDNPjrWbwTOYCZ7jum8ArRU8VusZQk9f5Ga3UB5RxhpQFnqdZR syt323Y4duV2Uz1yVz90nxt0HO7XS467D45MEXEwITwGHwKBX3WNPfu2ZtB6bapa i3/hqni6wiNm2X1CvpfkOrh0NdWQoPtGW6rVfj3v4wHtuAhde237tu9ZSNaLIaqc 0k8fSgZtJ1SepxMyfVlrx2Dl7yKDsOXTBDdbfHOoP6k0PtVYiTo= =k+Pf -----END PGP SIGNATURE----- --noGynxPu+d65PpwZ--