Support suffix matching of host names in pg_hba.conf

A name starting with a dot can be used to match a suffix of the actual
host name (e.g., .example.com matches foo.example.com).

src/backend/libpq/hba.c

@@ -564,6 +564,26 @@ ipv6eq(struct sockaddr_in6 *a, struct sockaddr_in6 *b)
 
 #endif /* HAVE_IPV6 */
 
+/*
+ * Check whether host name matches pattern.
+ */
+static bool
+hostname_match(const char *pattern, const char *actual_hostname)
+{
+	if (pattern[0] == '.')		/* suffix match */
+	{
+		size_t plen = strlen(pattern);
+		size_t hlen = strlen(actual_hostname);
+
+		if (hlen < plen)
+			return false;
+
+		return (pg_strcasecmp(pattern, actual_hostname + (hlen - plen)) == 0);
+	}
+	else
+		return (pg_strcasecmp(pattern, actual_hostname) == 0);
+}
+
 /*
  * Check to see if a connecting IP matches a given host name.
  */
@@ -588,7 +608,7 @@ check_hostname(hbaPort *port, const char *hostname)
 		port->remote_hostname = pstrdup(remote_hostname);
 	}
 
-	if (pg_strcasecmp(port->remote_hostname, hostname) != 0)
+	if (!hostname_match(hostname, port->remote_hostname))
 		return false;
 
 	/* Lookup IP from host name and check against original IP */

src/backend/libpq/pg_hba.conf.sample

@@ -32,7 +32,8 @@
 # ADDRESS specifies the set of hosts the record matches.  It can be a
 # host name, or it is made up of an IP address and a CIDR mask that is
 # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
-# specifies the number of significant bits in the mask.
+# specifies the number of significant bits in the mask.  A host name
+# that starts with a dot (.) matches a suffix of the actual host name.
 # Alternatively, you can write an IP address and netmask in separate
 # columns to specify the set of hosts.  Instead of a CIDR-address, you
 # can write "samehost" to match any of the server's own IP addresses,