diff options
| author | Lexi Winter <lexi@le-fay.org> | 2025-07-22 08:57:54 +0100 |
|---|---|---|
| committer | Lexi Winter <lexi@le-fay.org> | 2025-07-22 08:57:54 +0100 |
| commit | 529a94419e99c8bc81303d6a423be87c5c87c2b5 (patch) | |
| tree | bed453a7dea7ecc13bad175abaf6c3b18ae3e778 | |
| parent | ab97b60b8f36ea153d4f29a3c5519bdb340661d2 (diff) | |
| download | lfldap-529a94419e99c8bc81303d6a423be87c5c87c2b5.tar.gz lfldap-529a94419e99c8bc81303d6a423be87c5c87c2b5.tar.bz2 | |
add a hook for postgresv1.5
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | postgres.sh | 27 |
2 files changed, 28 insertions, 0 deletions
@@ -10,6 +10,7 @@ HOOKS= apache24.sh \ opendkim.sh \ pf.sh \ postfix.sh \ + postgres.sh \ unbound.sh all: .PHONY diff --git a/postgres.sh b/postgres.sh new file mode 100644 index 0000000..5c0b97d --- /dev/null +++ b/postgres.sh @@ -0,0 +1,27 @@ +# This source code is released into the public domain. +# +# Postgres doesn't support any sort of defined ACL, so instead we just add +# hostssl entries for each prefix. + +POSTGRES_FILE="/var/db/postgres/pg_hba.ldap" +POSTGRES_TEMP="${POSTGRES_FILE}.ldaptmp" + +if [ ! -f "$POSTGRES_FILE" ]; then + exit 0 +fi + +awk <"$NETWORKS_FILE" >"$POSTGRES_TEMP" '{ + print "hostssl all all " $1 " scram-sha-256" +}' + +if cmp -s "$POSTGRES_TEMP" "$POSTGRES_FILE"; then + rm "$POSTGRES_TEMP" + exit 0 +fi + +printf '%s updated:\n\n' "$POSTGRES_FILE" +diff "$POSTGRES_FILE" "$POSTGRES_TEMP" +printf '\n' + +mv "$POSTGRES_TEMP" "$POSTGRES_FILE" +/usr/sbin/service postgresql reload |