<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.125 2002/08/15 14:26:15 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.126 2002/08/18 03:03:25 momjian Exp $
-->
<Chapter Id="runtime">
</varlistentry>
<varlistentry>
+ <term><varname>DB_USER_NAMESPACE</varname> (<type>boolean</type>)</term>
+ <listitem>
+ <para>
+ This allows per-database user names. You can create users as <literal>
+ username@dbname</>. When <literal>username</> is passed by the client,
+ <literal>@</> and the database name is appended to the user name and
+ that database-specific user name is looked up by the server.
+ When creating user names containing <literal>@</>, you will need
+ to quote the user name.
+ </para>
+ <para>
+ With this option enabled, you can still create ordinary global
+ users. Simply append <literal>@</> when specifying the user name
+ in the client. The <literal>@</> will be stripped off and looked up
+ by the server.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<indexterm>
<primary>deadlock</primary>
<secondary>timeout</secondary>
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.82 2002/06/20 20:29:28 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.83 2002/08/18 03:03:25 momjian Exp $
*
*-------------------------------------------------------------------------
*/
version, PG_KRB4_VERSION);
return STATUS_ERROR;
}
- if (strncmp(port->user, auth_data.pname, SM_USER) != 0)
+ if (strncmp(port->user, auth_data.pname, SM_DATABASE_USER) != 0)
{
elog(LOG, "pg_krb4_recvauth: name \"%s\" != \"%s\"",
port->user, auth_data.pname);
}
kusername = pg_an_to_ln(kusername);
- if (strncmp(port->user, kusername, SM_USER))
+ if (strncmp(port->user, kusername, SM_DATABASE_USER))
{
elog(LOG, "pg_krb5_recvauth: user name \"%s\" != krb5 name \"%s\"",
port->user, kusername);
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.284 2002/08/17 15:12:06 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.285 2002/08/18 03:03:25 momjian Exp $
*
* NOTES
*
sigset_t UnBlockSig,
BlockSig,
AuthBlockSig;
-
#else
int UnBlockSig,
BlockSig,
bool HostnameLookup; /* for ps display */
bool ShowPortNumber;
bool Log_connections = false;
+bool Db_user_namespace = false;
+
/* Startup/shutdown state */
static pid_t StartupPID = 0,
if (port->user[0] == '\0')
elog(FATAL, "no PostgreSQL user name specified in startup packet");
+ if (Db_user_namespace)
+ {
+ /*
+ * If user@, it is a global user, remove '@'.
+ * We only want to do this if there is an '@' at the end and no
+ * earlier in the user string or they may fake as a local user
+ * of another database attaching to this database.
+ */
+ if (strchr(port->user, '@') == port->user + strlen(port->user)-1)
+ *strchr(port->user, '@') = '\0';
+ else
+ {
+ /* Append '@' and dbname */
+ char hold_user[SM_DATABASE_USER+1];
+ snprintf(hold_user, SM_DATABASE_USER+1, "%s@%s", port->user,
+ port->database);
+ strcpy(port->user, hold_user);
+ }
+ }
+
/*
* If we're going to reject the connection due to database state, say
* so now instead of wasting cycles on an authentication exchange.
if (FindExec(fullprogname, argv[0], "postmaster") < 0)
return false;
- filename = palloc(strlen(DataDir) + 20);
+ filename = palloc(strlen(DataDir) + 17);
sprintf(filename, "%s/postmaster.opts", DataDir);
- fp = fopen(filename, "w");
- if (fp == NULL)
+ if ((fp = fopen(filename, "w")) == NULL)
{
postmaster_error("cannot create file %s: %s",
filename, strerror(errno));
* command, configuration file, and command line options.
* See src/backend/utils/misc/README for more information.
*
- * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.82 2002/08/15 02:51:26 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.83 2002/08/18 03:03:25 momjian Exp $
*
* Copyright 2000 by PostgreSQL Global Development Group
* Written by Peter Eisentraut <peter_e@gmx.net>.
{ "transform_null_equals", PGC_USERSET }, &Transform_null_equals,
false, NULL, NULL
},
+ {
+ { "db_user_namespace", PGC_SIGHUP }, &Db_user_namespace,
+ false, NULL, NULL
+ },
{
{ NULL, 0 }, NULL, false, NULL, NULL
#
# Message display
#
-
#server_min_messages = notice # Values, in order of decreasing detail:
# debug5, debug4, debug3, debug2, debug1,
# info, notice, warning, error, log, fatal,
#sql_inheritance = true
#transform_null_equals = false
#statement_timeout = 0 # 0 is disabled
+#db_user_namespace = false
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: libpq-be.h,v 1.32 2002/06/20 20:29:49 momjian Exp $
+ * $Id: libpq-be.h,v 1.33 2002/08/18 03:03:26 momjian Exp $
*
*-------------------------------------------------------------------------
*/
ProtocolVersion proto;
char database[SM_DATABASE + 1];
- char user[SM_USER + 1];
+ char user[SM_DATABASE_USER + 1];
char options[SM_OPTIONS + 1];
char tty[SM_TTY + 1];
char auth_arg[MAX_AUTH_ARG];
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: pqcomm.h,v 1.65 2002/08/12 14:35:26 tgl Exp $
+ * $Id: pqcomm.h,v 1.66 2002/08/18 03:03:26 momjian Exp $
*
*-------------------------------------------------------------------------
*/
#define SM_DATABASE 64
/* SM_USER should be the same size as the others. bjm 2002-06-02 */
#define SM_USER 32
+/* We append database name if db_user_namespace true. */
+#define SM_DATABASE_USER (SM_DATABASE+SM_USER+1) /* +1 for @ */
#define SM_OPTIONS 64
#define SM_UNUSED 64
#define SM_TTY 64
{
ProtocolVersion protoVersion; /* Protocol version */
char database[SM_DATABASE]; /* Database name */
+ /* Db_user_namespace appends dbname */
char user[SM_USER]; /* User name */
char options[SM_OPTIONS]; /* Optional additional args */
char unused[SM_UNUSED]; /* Unused */
char tty[SM_TTY]; /* Tty for debug output */
} StartupPacket;
+extern bool Db_user_namespace;
/* These are the authentication requests sent by the backend. */