Bug#639016: updates for pg_hba.conf for 9.1, version 2

Tue, 23 Aug 2011 10:42:17 -0700 

Package: postgresql-common
Version: 119
Severity: minor
Tags: patch

A second attempt on top of bug #632702.

I have separated things so that the new spelling "peer" is used only
for "local" connections.

Also, I have adjusted the regular expressions so that the newly added,
but commented out, replication lines are also affected by the
adjustments.

diff -Nru postgresql-common-119/debian/changelog postgresql-common-119+nmu1/debian/changelog
--- postgresql-common-119/debian/changelog	2011-08-08 16:33:23.000000000 +0300
+++ postgresql-common-119+nmu1/debian/changelog	2011-08-23 14:05:35.000000000 +0300
@@ -1,3 +1,11 @@
+postgresql-common (119+nmu1) unstable; urgency=low
+
+  * pg_createcluster:
+    - Use "peer" instead of "ident" on local socket connections from 9.1 on.
+    - Apply pg_hba.conf adjustments to replication connections as well.
+
+ -- Peter Eisentraut <pet...@debian.org>  Tue, 23 Aug 2011 14:04:09 +0300
+
 postgresql-common (119) unstable; urgency=low
 
   [ Martin Pitt ]
diff -Nru postgresql-common-119/pg_createcluster postgresql-common-119+nmu1/pg_createcluster
--- postgresql-common-119/pg_createcluster	2011-08-08 14:27:50.000000000 +0300
+++ postgresql-common-119+nmu1/pg_createcluster	2011-08-23 13:59:59.000000000 +0300
@@ -33,6 +33,11 @@
     } else {
 	$ident_method = 'ident sameuser';
     }
+    if ($_[0] ge '9.1') {
+	$peer_method = 'peer';
+    } else {
+	$peer_method = $ident_method;
+    }
 
     if (system 'install', '-d', '-o', $_[2], '-g', $_[3], $datadir) {
         error 'could not create data directory; you might need to run this program with root privileges';
@@ -146,19 +151,19 @@
 	# add superuser entry before column description line
 	if ($search && /#.*TYPE\s+DATABASE/) {
 	    push @lines, $su_comment;
-	    $s = sprintf "%-7s %-15s %-39s %s\n", 'local', 'all', $user, $ident_method;
+	    $s = sprintf "%-7s %-15s %-39s %s\n", 'local', 'all', $user, $peer_method;
 	    push @lines, $s;
 	    push @lines, "\n";
 	    $search = 0;
 	}
 
 	# default authentication for Unix socket connections
-	if ($line =~ /^local/) {
-	    $line =~ s/trust/$ident_method/;
+	if ($line =~ /^#?local/) {
+	    $line =~ s/trust/$peer_method/;
 	}
 
 	# default authentication for TCP connections
-	if ($line =~ /^host/) {
+	if ($line =~ /^#?host/) {
 	    $line =~ s/($ident_method|trust)/md5/;
 	}
 	push @lines, $line;

Reply via email to