Pg_Hba

Parses PostgreSQL’s pg_hba.conf

Author: Aurelien Bompard aure.nosp@m.lien@bompa.nosp@m.rd.org About: Reference The file format is described in PostgreSQL’s documentation: http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html

Summary
Pg_HbaParses PostgreSQL’s pg_hba.conf
LicenseThis file is licensed under the LGPL v2+, like the rest of Augeas.
Configuration filesThis lens applies to pg_hba.conf.
Generic primitives
ipaddrCIDR or ip+netmask
hostnameHostname, FQDN or part of an FQDN possibly starting with a dot.
Columns definitions
ipaddr_or_hostname
databaseTODO: support for quoted strings
userTODO: support for quoted strings
address
optionpart of method
methodcan contain an option
Records definitions
record_localwhen type is “local”, there is no “address” field
remtypesnon-local connection types
record_remote
recordA sequence of record_local or record_remote entries
filterThe pg_hba.conf conf file
lnsThe pg_hba.conf lens

License

This file is licensed under the LGPL v2+, like the rest of Augeas.

Configuration files

This lens applies to pg_hba.conf.  See filter for exact locations.

Generic primitives

ipaddr

let ipaddr = /[0-9a-fA-F:.]+(\/[0-9]+|[ \t]+[0-9.]+)/

CIDR or ip+netmask

hostname

let hostname = /\.?[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*/

Hostname, FQDN or part of an FQDN possibly starting with a dot.  Taken from the syslog lens.

Columns definitions

ipaddr_or_hostname

let ipaddr_or_hostname = ipaddr | hostname

database

let database = comma_sep_list "database"

TODO: support for quoted strings

user

let user = comma_sep_list "user"

TODO: support for quoted strings

address

let address = [ label "address" . store ipaddr_or_hostname ]

option

let option = let value_start = label "value" . Sep.equal in [ label "option" . store Rx.word . (Quote.quote_spaces value_start)? ]

part of method

method

let method = [ label "method" . store /[A-Za-z][A-Za-z0-9]+/ . ( Sep.tab . option )* ]

can contain an option

Records definitions

record_local

let record_local = [ label "type" . store "local" ] . Sep.tab . database . Sep.tab . user . Sep.tab . method

when type is “local”, there is no “address” field

remtypes

let remtypes = "host" | "hostssl" | "hostnossl"

non-local connection types

record_remote

let record_remote = [ label "type" . store remtypes ] . Sep.tab . database . Sep.tab . user . Sep.tab . address . Sep.tab . method

record

let record = [ seq "entries" . (record_local | record_remote) . eol ]

A sequence of record_local or record_remote entries

filter

The pg_hba.conf conf file

lns

let lns = ( record | Util.comment | Util.empty ) *

The pg_hba.conf lens

let ipaddr = /[0-9a-fA-F:.]+(\/[0-9]+|[ \t]+[0-9.]+)/
CIDR or ip+netmask
let hostname = /\.?[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*/
Hostname, FQDN or part of an FQDN possibly starting with a dot.
let ipaddr_or_hostname = ipaddr | hostname
let database = comma_sep_list "database"
TODO: support for quoted strings
let user = comma_sep_list "user"
TODO: support for quoted strings
let address = [ label "address" . store ipaddr_or_hostname ]
let option = let value_start = label "value" . Sep.equal in [ label "option" . store Rx.word . (Quote.quote_spaces value_start)? ]
part of method
let method = [ label "method" . store /[A-Za-z][A-Za-z0-9]+/ . ( Sep.tab . option )* ]
can contain an option
let record_local = [ label "type" . store "local" ] . Sep.tab . database . Sep.tab . user . Sep.tab . method
when type is “local”, there is no “address” field
let remtypes = "host" | "hostssl" | "hostnossl"
non-local connection types
let record_remote = [ label "type" . store remtypes ] . Sep.tab . database . Sep.tab . user . Sep.tab . address . Sep.tab . method
let record = [ seq "entries" . (record_local | record_remote) . eol ]
A sequence of record_local or record_remote entries
let lns = ( record | Util.comment | Util.empty ) *
The pg_hba.conf lens
The pg_hba.conf conf file
Close