When the global auth_user option was introduced in commit 4ea2306, it seems a lot of cases were not handled properly.
The option works only if it is defined before the databases
If the option is defined twice (for instance if it is defined in the main file and later in an included file), the value used will be the last one preceding the databases definitions, but the value displayed in show config will be the second one
When calling SET auth_user = marcel, the newly-set value is not applied unless you reload and did not define it in your configuration before the databases
If you change the option in the configuration and issue a RELOAD, the value applied will, again, depend on the location in the configuration file : if it is after the databases, a second RELOAD will be required to apply the change.
I suggest completely removing the current application of the config auth_user in parse_database in loader.c, and instead, in each code path that tries to use db->auth_user, add a second if branch to use the cf_auth_user instead. If these changes would be fine for you, I can implement them and submit a PR.
Regards
The text was updated successfully, but these errors were encountered:
A global auth_user setting was pretty confusing and fragile. It was
looked up while the configuration was read, so it only worked if it
was set before the [databases] section. Changing it at run time or
changing and reloading also worked in strange ways, depending on
circumstances, because of the ordering dependency.
To fix, look up the setting not while the configuration file is parsed
but later when we actually need it when authenticating a client
connection.
analysis and fix by @pinaraf (pgbouncer#393), some tweaking by me
closespgbouncer#391
Hello
When the global auth_user option was introduced in commit 4ea2306, it seems a lot of cases were not handled properly.
show config
will be the second oneSET auth_user = marcel
, the newly-set value is not applied unless you reload and did not define it in your configuration before the databasesRELOAD
, the value applied will, again, depend on the location in the configuration file : if it is after the databases, a secondRELOAD
will be required to apply the change.I suggest completely removing the current application of the config auth_user in parse_database in loader.c, and instead, in each code path that tries to use
db->auth_user
, add a second if branch to use thecf_auth_user
instead. If these changes would be fine for you, I can implement them and submit a PR.Regards
The text was updated successfully, but these errors were encountered: