From e27f52f3a1814e646733f51b8c24547371bef3eb Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 18 Oct 2011 20:09:18 -0400 Subject: [PATCH] Reject empty pg_hba.conf files. An empty HBA file is surely an error, since it means there is no way to connect to the server. We've not heard identifiable reports of people actually doing that, but this will also close off the case Thom Brown just complained of, namely pointing hba_file at a directory. (On at least some platforms with some directories, it will read as an empty file.) Perhaps this should be back-patched, but given the lack of previous complaints, I won't add extra work for the translators. --- src/backend/libpq/hba.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index 1ee030f6aa..d2a6db1478 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -1685,9 +1685,13 @@ check_hba(hbaPort *port) /* * Read the config file and create a List of HbaLine records for the contents. * - * The configuration is read into a temporary list, and if any parse error occurs - * the old list is kept in place and false is returned. Only if the whole file - * parses Ok is the list replaced, and the function returns true. + * The configuration is read into a temporary list, and if any parse error + * occurs the old list is kept in place and false is returned. Only if the + * whole file parses OK is the list replaced, and the function returns true. + * + * On a false result, caller will take care of reporting a FATAL error in case + * this is the initial startup. If it happens on reload, we just keep running + * with the old data. */ bool load_hba(void) @@ -1710,12 +1714,6 @@ load_hba(void) (errcode_for_file_access(), errmsg("could not open configuration file \"%s\": %m", HbaFileName))); - - /* - * Caller will take care of making this a FATAL error in case this is - * the initial startup. If it happens on reload, we just keep the old - * version around. - */ return false; } @@ -1755,13 +1753,27 @@ load_hba(void) new_parsed_lines = lappend(new_parsed_lines, newline); } + /* + * A valid HBA file must have at least one entry; else there's no way + * to connect to the postmaster. But only complain about this if we + * didn't already have parsing errors. + */ + if (ok && new_parsed_lines == NIL) + { + ereport(LOG, + (errcode(ERRCODE_CONFIG_FILE_ERROR), + errmsg("configuration file \"%s\" contains no entries", + HbaFileName))); + ok = false; + } + /* Free tokenizer memory */ MemoryContextDelete(linecxt); MemoryContextSwitchTo(oldcxt); if (!ok) { - /* Parsing failed at one or more rows, so bail out */ + /* File contained one or more errors, so bail out */ MemoryContextDelete(hbacxt); return false; } -- GitLab