I am working with the pgAdmin git source and I am having trouble understanding the adminpack functions being used.
In the file pgadmin/frm/frmHbaConfig.cpp, the pg_hba.conf edit form constructor appears to get the absolute path to the configuration file and stores this value in "serverFileName" ("SHOW hba_file"). The value is then used to few lines down in a call to "SELECT pg_file_read(...)".
Net Search suggests that pg_file_read can be used to access files in the pg data/log directories only. Experimenting on my localhost, any attempt to use a "../" or and absolute path results in an error.
What I'm having a problem understanding is how the pg_file_read function can work in this context. I can access files in the data directory nicely, but emulating the queries being used in the pgAdmin code will not work. What magic was built into the code to get around the absolute path security?
No magic. pg_file_read() calls pg_read_file. Here is the main comment of this function:
/*¬ * Convert a "text" filename argument to C string, and check it's allowable.¬ *¬ * Filename may be absolute or relative to the DataDir, but we only allow¬ * absolute paths that match DataDir or Log_directory.¬ */¬
So the path may be absolute but, in such a case, it must contain the data directory.