1996-10-12 09:47:12 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* hba.c
|
1997-09-07 07:04:48 +02:00
|
|
|
* Routines to handle host based authentication (that's the scheme
|
|
|
|
|
* wherein you authenticate a user by seeing what IP address the system
|
2008-08-01 11:09:49 +02:00
|
|
|
* says he comes from and choosing authentication method based on it).
|
1996-10-12 09:47:12 +02:00
|
|
|
*
|
2009-01-01 18:24:05 +01:00
|
|
|
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
|
2001-08-02 01:52:50 +02:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
2009-03-25 15:12:02 +01:00
|
|
|
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.184 2009/03/25 14:12:02 petere Exp $
|
1996-10-12 09:47:12 +02:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
2001-08-01 00:55:45 +02:00
|
|
|
#include "postgres.h"
|
|
|
|
|
|
2005-02-26 19:43:34 +01:00
|
|
|
#include <ctype.h>
|
1996-10-12 09:47:12 +02:00
|
|
|
#include <pwd.h>
|
1997-08-27 05:48:50 +02:00
|
|
|
#include <fcntl.h>
|
2001-08-21 17:21:25 +02:00
|
|
|
#include <sys/param.h>
|
2001-09-07 21:52:54 +02:00
|
|
|
#include <sys/socket.h>
|
1996-10-12 09:47:12 +02:00
|
|
|
#include <netinet/in.h>
|
|
|
|
|
#include <arpa/inet.h>
|
1996-11-03 08:00:57 +01:00
|
|
|
#include <unistd.h>
|
1996-10-12 09:47:12 +02:00
|
|
|
|
2006-07-13 18:49:20 +02:00
|
|
|
#include "libpq/ip.h"
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "libpq/libpq.h"
|
2008-11-28 15:26:58 +01:00
|
|
|
#include "regex/regex.h"
|
2000-07-08 05:04:41 +02:00
|
|
|
#include "storage/fd.h"
|
2005-02-20 03:22:07 +01:00
|
|
|
#include "utils/flatfiles.h"
|
2004-07-11 02:18:45 +02:00
|
|
|
#include "utils/guc.h"
|
1996-10-12 09:47:12 +02:00
|
|
|
|
1999-10-23 05:13:33 +02:00
|
|
|
|
2006-07-13 18:49:20 +02:00
|
|
|
|
2005-02-26 19:43:34 +01:00
|
|
|
#define atooid(x) ((Oid) strtoul((x), NULL, 10))
|
2005-07-29 21:30:09 +02:00
|
|
|
#define atoxid(x) ((TransactionId) strtoul((x), NULL, 10))
|
2005-02-26 19:43:34 +01:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/* This is used to separate values in multi-valued column strings */
|
2002-09-04 22:31:48 +02:00
|
|
|
#define MULTI_VALUE_SEP "\001"
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
#define MAX_TOKEN 256
|
|
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/* pre-parsed content of HBA config file */
|
|
|
|
|
static List *parsed_hba_lines = NIL;
|
|
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
/*
|
2008-09-15 14:32:57 +02:00
|
|
|
* These variables hold the pre-parsed contents of the ident
|
2005-06-28 07:09:14 +02:00
|
|
|
* configuration files, as well as the flat auth file.
|
|
|
|
|
* Each is a list of sublists, one sublist for
|
2001-10-25 07:50:21 +02:00
|
|
|
* each (non-empty, non-comment) line of the file. Each sublist's
|
2001-08-01 00:55:45 +02:00
|
|
|
* first item is an integer line number (so we can give somewhat-useful
|
|
|
|
|
* location info in error messages). Remaining items are palloc'd strings,
|
|
|
|
|
* one string per token on the line. Note there will always be at least
|
|
|
|
|
* one token, since blank lines are not entered in the data structure.
|
|
|
|
|
*/
|
2004-05-26 06:41:50 +02:00
|
|
|
|
2004-10-10 01:13:22 +02:00
|
|
|
/* pre-parsed content of ident usermap file and corresponding line #s */
|
2004-08-29 07:07:03 +02:00
|
|
|
static List *ident_lines = NIL;
|
|
|
|
|
static List *ident_line_nums = NIL;
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/* pre-parsed content of flat auth file and corresponding line #s */
|
|
|
|
|
static List *role_lines = NIL;
|
|
|
|
|
static List *role_line_nums = NIL;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
/* sorted entries so we can do binary search lookups */
|
2005-06-28 07:09:14 +02:00
|
|
|
static List **role_sorted = NULL; /* sorted role list, for bsearch() */
|
|
|
|
|
static int role_length;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2004-12-27 20:19:24 +01:00
|
|
|
static void tokenize_file(const char *filename, FILE *file,
|
2005-10-15 04:49:52 +02:00
|
|
|
List **lines, List **line_nums);
|
2004-12-27 20:19:24 +01:00
|
|
|
static char *tokenize_inc_file(const char *outer_filename,
|
2005-10-15 04:49:52 +02:00
|
|
|
const char *inc_filename);
|
1999-10-23 05:13:33 +02:00
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
/*
|
2003-04-13 06:07:17 +02:00
|
|
|
* isblank() exists in the ISO C99 spec, but it's not very portable yet,
|
|
|
|
|
* so provide our own version.
|
2001-08-01 00:55:45 +02:00
|
|
|
*/
|
2008-08-01 11:09:49 +02:00
|
|
|
bool
|
2003-04-13 06:07:17 +02:00
|
|
|
pg_isblank(const char c)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2002-06-26 16:52:08 +02:00
|
|
|
return c == ' ' || c == '\t' || c == '\r';
|
1996-10-28 10:03:50 +01:00
|
|
|
}
|
|
|
|
|
|
1996-10-12 09:47:12 +02:00
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2004-02-02 17:58:30 +01:00
|
|
|
* Grab one token out of fp. Tokens are strings of non-blank
|
2005-06-29 00:16:45 +02:00
|
|
|
* characters bounded by blank characters, commas, beginning of line, and
|
|
|
|
|
* end of line. Blank means space or tab. Tokens can be delimited by
|
2008-07-24 19:43:45 +02:00
|
|
|
* double quotes (this allows the inclusion of blanks, but not newlines).
|
2005-06-29 00:16:45 +02:00
|
|
|
*
|
|
|
|
|
* The token, if any, is returned at *buf (a buffer of size bufsz).
|
|
|
|
|
*
|
|
|
|
|
* If successful: store null-terminated token at *buf and return TRUE.
|
|
|
|
|
* If no more tokens on line: set *buf = '\0' and return FALSE.
|
|
|
|
|
*
|
|
|
|
|
* Leave file positioned at the character immediately after the token or EOF,
|
|
|
|
|
* whichever comes first. If no more tokens on line, position the file to the
|
|
|
|
|
* beginning of the next line or EOF, whichever comes first.
|
|
|
|
|
*
|
|
|
|
|
* Handle comments. Treat unquoted keywords that might be role names or
|
2008-07-24 19:43:45 +02:00
|
|
|
* database names specially, by appending a newline to them. Also, when
|
|
|
|
|
* a token is terminated by a comma, the comma is included in the returned
|
|
|
|
|
* token.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2005-06-29 00:16:45 +02:00
|
|
|
static bool
|
2004-02-02 17:58:30 +01:00
|
|
|
next_token(FILE *fp, char *buf, int bufsz)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
int c;
|
2002-12-11 23:17:11 +01:00
|
|
|
char *start_buf = buf;
|
2003-12-25 04:44:05 +01:00
|
|
|
char *end_buf = buf + (bufsz - 2);
|
2002-04-04 06:25:54 +02:00
|
|
|
bool in_quote = false;
|
|
|
|
|
bool was_quote = false;
|
2004-08-29 07:07:03 +02:00
|
|
|
bool saw_quote = false;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
Assert(end_buf > start_buf);
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/* Move over initial whitespace and commas */
|
2003-04-13 06:07:17 +02:00
|
|
|
while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ','))
|
2001-07-30 16:50:24 +02:00
|
|
|
;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
if (c == EOF || c == '\n')
|
|
|
|
|
{
|
|
|
|
|
*buf = '\0';
|
2005-06-29 00:16:45 +02:00
|
|
|
return false;
|
2004-02-02 17:58:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Build a token in buf of next characters up to EOF, EOL, unquoted comma,
|
|
|
|
|
* or unquoted whitespace.
|
2004-02-02 17:58:30 +01:00
|
|
|
*/
|
|
|
|
|
while (c != EOF && c != '\n' &&
|
2008-07-24 19:43:45 +02:00
|
|
|
(!pg_isblank(c) || in_quote))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-02-02 17:58:30 +01:00
|
|
|
/* skip comments to EOL */
|
|
|
|
|
if (c == '#' && !in_quote)
|
|
|
|
|
{
|
|
|
|
|
while ((c = getc(fp)) != EOF && c != '\n')
|
|
|
|
|
;
|
|
|
|
|
/* If only comment, consume EOL too; return EOL */
|
|
|
|
|
if (c != EOF && buf == start_buf)
|
|
|
|
|
c = getc(fp);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (buf >= end_buf)
|
|
|
|
|
{
|
2004-05-25 21:11:14 +02:00
|
|
|
*buf = '\0';
|
2004-02-02 17:58:30 +01:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("authentication file token too long, skipping: \"%s\"",
|
|
|
|
|
start_buf)));
|
2004-02-02 17:58:30 +01:00
|
|
|
/* Discard remainder of line */
|
|
|
|
|
while ((c = getc(fp)) != EOF && c != '\n')
|
|
|
|
|
;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2008-07-24 19:43:45 +02:00
|
|
|
if (c != '"' || was_quote)
|
2004-02-02 17:58:30 +01:00
|
|
|
*buf++ = c;
|
|
|
|
|
|
|
|
|
|
/* We pass back the comma so the caller knows there is more */
|
2008-07-24 19:43:45 +02:00
|
|
|
if (c == ',' && !in_quote)
|
2004-02-02 17:58:30 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* Literal double-quote is two double-quotes */
|
|
|
|
|
if (in_quote && c == '"')
|
|
|
|
|
was_quote = !was_quote;
|
|
|
|
|
else
|
|
|
|
|
was_quote = false;
|
|
|
|
|
|
|
|
|
|
if (c == '"')
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-02-02 17:58:30 +01:00
|
|
|
in_quote = !in_quote;
|
|
|
|
|
saw_quote = true;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
c = getc(fp);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2003-12-25 04:44:05 +01:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Put back the char right after the token (critical in case it is EOL,
|
|
|
|
|
* since we need to detect end-of-line at next call).
|
2004-02-02 17:58:30 +01:00
|
|
|
*/
|
|
|
|
|
if (c != EOF)
|
|
|
|
|
ungetc(c, fp);
|
|
|
|
|
|
|
|
|
|
*buf = '\0';
|
2003-12-25 04:44:05 +01:00
|
|
|
|
2004-08-29 07:07:03 +02:00
|
|
|
if (!saw_quote &&
|
|
|
|
|
(strcmp(start_buf, "all") == 0 ||
|
|
|
|
|
strcmp(start_buf, "sameuser") == 0 ||
|
2005-06-28 07:09:14 +02:00
|
|
|
strcmp(start_buf, "samegroup") == 0 ||
|
|
|
|
|
strcmp(start_buf, "samerole") == 0))
|
2003-12-25 04:44:05 +01:00
|
|
|
{
|
|
|
|
|
/* append newline to a magical keyword */
|
|
|
|
|
*buf++ = '\n';
|
2004-02-02 17:58:30 +01:00
|
|
|
*buf = '\0';
|
2003-12-25 04:44:05 +01:00
|
|
|
}
|
2005-06-29 00:16:45 +02:00
|
|
|
|
|
|
|
|
return (saw_quote || buf > start_buf);
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/*
|
2002-09-04 22:31:48 +02:00
|
|
|
* Tokenize file and handle file inclusion and comma lists. We have
|
|
|
|
|
* to break apart the commas to expand any file names then
|
|
|
|
|
* reconstruct with commas.
|
2004-09-18 03:22:58 +02:00
|
|
|
*
|
2005-06-29 00:16:45 +02:00
|
|
|
* The result is a palloc'd string, or NULL if we have reached EOL.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
|
|
|
|
static char *
|
2004-12-27 20:19:24 +01:00
|
|
|
next_token_expand(const char *filename, FILE *file)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
|
|
|
|
char buf[MAX_TOKEN];
|
|
|
|
|
char *comma_str = pstrdup("");
|
2005-06-29 00:16:45 +02:00
|
|
|
bool got_something = false;
|
2002-04-04 06:25:54 +02:00
|
|
|
bool trailing_comma;
|
|
|
|
|
char *incbuf;
|
2004-11-17 20:54:24 +01:00
|
|
|
int needed;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
2005-06-29 00:16:45 +02:00
|
|
|
if (!next_token(file, buf, sizeof(buf)))
|
2002-04-04 06:25:54 +02:00
|
|
|
break;
|
|
|
|
|
|
2005-06-29 00:16:45 +02:00
|
|
|
got_something = true;
|
|
|
|
|
|
|
|
|
|
if (strlen(buf) > 0 && buf[strlen(buf) - 1] == ',')
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
|
|
|
|
trailing_comma = true;
|
2002-09-04 22:31:48 +02:00
|
|
|
buf[strlen(buf) - 1] = '\0';
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
trailing_comma = false;
|
|
|
|
|
|
|
|
|
|
/* Is this referencing a file? */
|
|
|
|
|
if (buf[0] == '@')
|
2004-12-27 20:19:24 +01:00
|
|
|
incbuf = tokenize_inc_file(filename, buf + 1);
|
2002-04-04 06:25:54 +02:00
|
|
|
else
|
|
|
|
|
incbuf = pstrdup(buf);
|
|
|
|
|
|
2004-11-17 20:54:24 +01:00
|
|
|
needed = strlen(comma_str) + strlen(incbuf) + 1;
|
|
|
|
|
if (trailing_comma)
|
|
|
|
|
needed++;
|
|
|
|
|
comma_str = repalloc(comma_str, needed);
|
2002-04-04 06:25:54 +02:00
|
|
|
strcat(comma_str, incbuf);
|
|
|
|
|
if (trailing_comma)
|
|
|
|
|
strcat(comma_str, MULTI_VALUE_SEP);
|
2004-11-17 20:54:24 +01:00
|
|
|
pfree(incbuf);
|
2002-04-04 06:25:54 +02:00
|
|
|
} while (trailing_comma);
|
|
|
|
|
|
2005-06-29 00:16:45 +02:00
|
|
|
if (!got_something)
|
|
|
|
|
{
|
|
|
|
|
pfree(comma_str);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
return comma_str;
|
|
|
|
|
}
|
|
|
|
|
|
1996-10-12 09:47:12 +02:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/*
|
|
|
|
|
* Free memory used by lines/tokens (i.e., structure built by tokenize_file)
|
|
|
|
|
*/
|
1996-10-12 09:47:12 +02:00
|
|
|
static void
|
2004-05-26 06:41:50 +02:00
|
|
|
free_lines(List **lines, List **line_nums)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
/*
|
|
|
|
|
* Either both must be non-NULL, or both must be NULL
|
|
|
|
|
*/
|
|
|
|
|
Assert((*lines != NIL && *line_nums != NIL) ||
|
|
|
|
|
(*lines == NIL && *line_nums == NIL));
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
if (*lines)
|
|
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
/*
|
2004-08-29 07:07:03 +02:00
|
|
|
* "lines" is a list of lists; each of those sublists consists of
|
|
|
|
|
* palloc'ed tokens, so we want to free each pointed-to token in a
|
|
|
|
|
* sublist, followed by the sublist itself, and finally the whole
|
|
|
|
|
* list.
|
2004-05-26 06:41:50 +02:00
|
|
|
*/
|
|
|
|
|
ListCell *line;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
foreach(line, *lines)
|
|
|
|
|
{
|
|
|
|
|
List *ln = lfirst(line);
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *token;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
foreach(token, ln)
|
2002-04-04 06:25:54 +02:00
|
|
|
pfree(lfirst(token));
|
|
|
|
|
/* free the sublist structure itself */
|
2004-05-26 06:41:50 +02:00
|
|
|
list_free(ln);
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
/* free the list structure itself */
|
2004-05-26 06:41:50 +02:00
|
|
|
list_free(*lines);
|
2002-04-04 06:25:54 +02:00
|
|
|
/* clear the static variable */
|
|
|
|
|
*lines = NIL;
|
|
|
|
|
}
|
2004-05-26 06:41:50 +02:00
|
|
|
|
|
|
|
|
if (*line_nums)
|
|
|
|
|
{
|
|
|
|
|
list_free(*line_nums);
|
|
|
|
|
*line_nums = NIL;
|
|
|
|
|
}
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static char *
|
2004-12-27 20:19:24 +01:00
|
|
|
tokenize_inc_file(const char *outer_filename,
|
|
|
|
|
const char *inc_filename)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
|
|
|
|
char *inc_fullname;
|
|
|
|
|
FILE *inc_file;
|
2002-09-04 22:31:48 +02:00
|
|
|
List *inc_lines;
|
2004-05-26 06:41:50 +02:00
|
|
|
List *inc_line_nums;
|
|
|
|
|
ListCell *line;
|
2004-12-27 20:19:24 +01:00
|
|
|
char *comma_str;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2004-12-27 20:19:24 +01:00
|
|
|
if (is_absolute_path(inc_filename))
|
|
|
|
|
{
|
|
|
|
|
/* absolute path is taken as-is */
|
|
|
|
|
inc_fullname = pstrdup(inc_filename);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* relative path is relative to dir of calling file */
|
|
|
|
|
inc_fullname = (char *) palloc(strlen(outer_filename) + 1 +
|
|
|
|
|
strlen(inc_filename) + 1);
|
|
|
|
|
strcpy(inc_fullname, outer_filename);
|
|
|
|
|
get_parent_directory(inc_fullname);
|
|
|
|
|
join_path_components(inc_fullname, inc_fullname, inc_filename);
|
|
|
|
|
canonicalize_path(inc_fullname);
|
|
|
|
|
}
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
inc_file = AllocateFile(inc_fullname, "r");
|
2004-12-27 20:19:24 +01:00
|
|
|
if (inc_file == NULL)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
|
errmsg("could not open secondary authentication file \"@%s\" as \"%s\": %m",
|
|
|
|
|
inc_filename, inc_fullname)));
|
2002-04-04 06:25:54 +02:00
|
|
|
pfree(inc_fullname);
|
|
|
|
|
|
2004-12-27 20:19:24 +01:00
|
|
|
/* return single space, it matches nothing */
|
|
|
|
|
return pstrdup(" ");
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* There is possible recursion here if the file contains @ */
|
2004-12-27 20:19:24 +01:00
|
|
|
tokenize_file(inc_fullname, inc_file, &inc_lines, &inc_line_nums);
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
FreeFile(inc_file);
|
2004-12-27 20:19:24 +01:00
|
|
|
pfree(inc_fullname);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2004-11-17 20:54:24 +01:00
|
|
|
/* Create comma-separated string from List */
|
2004-12-27 20:19:24 +01:00
|
|
|
comma_str = pstrdup("");
|
2002-04-04 06:25:54 +02:00
|
|
|
foreach(line, inc_lines)
|
|
|
|
|
{
|
2004-08-29 07:07:03 +02:00
|
|
|
List *token_list = (List *) lfirst(line);
|
|
|
|
|
ListCell *token;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
foreach(token, token_list)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2005-10-15 04:49:52 +02:00
|
|
|
int oldlen = strlen(comma_str);
|
|
|
|
|
int needed;
|
2004-11-17 20:54:24 +01:00
|
|
|
|
|
|
|
|
needed = oldlen + strlen(lfirst(token)) + 1;
|
|
|
|
|
if (oldlen > 0)
|
|
|
|
|
needed++;
|
|
|
|
|
comma_str = repalloc(comma_str, needed);
|
|
|
|
|
if (oldlen > 0)
|
2002-04-04 06:25:54 +02:00
|
|
|
strcat(comma_str, MULTI_VALUE_SEP);
|
|
|
|
|
strcat(comma_str, lfirst(token));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
free_lines(&inc_lines, &inc_line_nums);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2004-12-27 20:19:24 +01:00
|
|
|
/* if file is empty, return single space rather than empty string */
|
|
|
|
|
if (strlen(comma_str) == 0)
|
|
|
|
|
{
|
|
|
|
|
pfree(comma_str);
|
|
|
|
|
return pstrdup(" ");
|
|
|
|
|
}
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
return comma_str;
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2004-05-26 06:41:50 +02:00
|
|
|
* Tokenize the given file, storing the resulting data into two lists:
|
|
|
|
|
* a list of sublists, each sublist containing the tokens in a line of
|
|
|
|
|
* the file, and a list of line numbers.
|
2004-12-27 20:19:24 +01:00
|
|
|
*
|
|
|
|
|
* filename must be the absolute path to the target file.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2004-05-26 06:41:50 +02:00
|
|
|
static void
|
2004-12-27 20:19:24 +01:00
|
|
|
tokenize_file(const char *filename, FILE *file,
|
|
|
|
|
List **lines, List **line_nums)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
List *current_line = NIL;
|
2001-08-01 00:55:45 +02:00
|
|
|
int line_number = 1;
|
2002-04-04 06:25:54 +02:00
|
|
|
char *buf;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
*lines = *line_nums = NIL;
|
|
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
while (!feof(file))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-12-27 20:19:24 +01:00
|
|
|
buf = next_token_expand(filename, file);
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/* add token to list, unless we are at EOL or comment start */
|
2005-06-29 00:16:45 +02:00
|
|
|
if (buf)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
if (current_line == NIL)
|
|
|
|
|
{
|
|
|
|
|
/* make a new line List, record its line number */
|
|
|
|
|
current_line = lappend(current_line, buf);
|
|
|
|
|
*lines = lappend(*lines, current_line);
|
|
|
|
|
*line_nums = lappend_int(*line_nums, line_number);
|
|
|
|
|
}
|
|
|
|
|
else
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
/* append token to current line's list */
|
|
|
|
|
current_line = lappend(current_line, buf);
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
2001-08-01 00:55:45 +02:00
|
|
|
{
|
2002-04-04 06:25:54 +02:00
|
|
|
/* we are at real or logical EOL, so force a new line List */
|
2004-05-26 06:41:50 +02:00
|
|
|
current_line = NIL;
|
|
|
|
|
/* Advance line number whenever we reach EOL */
|
2001-08-01 00:55:45 +02:00
|
|
|
line_number++;
|
2004-05-26 06:41:50 +02:00
|
|
|
}
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Compare two lines based on their role/member names.
|
2002-04-29 00:49:07 +02:00
|
|
|
*
|
|
|
|
|
* Used for bsearch() lookup.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2005-06-28 07:09:14 +02:00
|
|
|
role_bsearch_cmp(const void *role, const void *list)
|
2002-04-29 00:49:07 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
char *role2 = linitial(*(List **) list);
|
2002-04-29 00:49:07 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
return strcmp(role, role2);
|
2002-04-29 00:49:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Lookup a role name in the pg_auth file
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2005-10-15 04:49:52 +02:00
|
|
|
List **
|
2005-06-28 07:09:14 +02:00
|
|
|
get_role_line(const char *role)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2003-12-05 16:50:31 +01:00
|
|
|
/* On some versions of Solaris, bsearch of zero items dumps core */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (role_length == 0)
|
2003-12-05 16:50:31 +01:00
|
|
|
return NULL;
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
return (List **) bsearch((void *) role,
|
|
|
|
|
(void *) role_sorted,
|
|
|
|
|
role_length,
|
2002-09-04 22:31:48 +02:00
|
|
|
sizeof(List *),
|
2005-06-28 07:09:14 +02:00
|
|
|
role_bsearch_cmp);
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2005-06-29 00:16:45 +02:00
|
|
|
* Does user belong to role?
|
|
|
|
|
*
|
|
|
|
|
* user is always the name given as the attempted login identifier.
|
|
|
|
|
* We check to see if it is a member of the specified role name.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2003-04-03 23:25:02 +02:00
|
|
|
static bool
|
2005-06-29 00:16:45 +02:00
|
|
|
is_member(const char *user, const char *role)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
List **line;
|
2005-02-20 05:45:59 +01:00
|
|
|
ListCell *line_item;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2005-06-29 00:16:45 +02:00
|
|
|
if ((line = get_role_line(user)) == NULL)
|
|
|
|
|
return false; /* if user not exist, say "no" */
|
2004-05-26 06:41:50 +02:00
|
|
|
|
2005-06-29 00:16:45 +02:00
|
|
|
/* A user always belongs to its own role */
|
|
|
|
|
if (strcmp(user, role) == 0)
|
|
|
|
|
return true;
|
2005-02-20 05:45:59 +01:00
|
|
|
|
2005-06-29 00:16:45 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* skip over the role name, password, valuntil, examine all the membership
|
|
|
|
|
* entries
|
2005-06-29 00:16:45 +02:00
|
|
|
*/
|
|
|
|
|
if (list_length(*line) < 4)
|
|
|
|
|
return false;
|
|
|
|
|
for_each_cell(line_item, lnext(lnext(lnext(list_head(*line)))))
|
2005-02-20 05:45:59 +01:00
|
|
|
{
|
2005-06-29 00:16:45 +02:00
|
|
|
if (strcmp((char *) lfirst(line_item), role) == 0)
|
2005-02-20 05:45:59 +01:00
|
|
|
return true;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2003-04-03 23:25:02 +02:00
|
|
|
return false;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2005-06-29 00:16:45 +02:00
|
|
|
* Check comma-separated list for a match to role, allowing group names.
|
|
|
|
|
*
|
|
|
|
|
* NB: param_str is destructively modified! In current usage, this is
|
|
|
|
|
* okay only because this code is run after forking off from the postmaster,
|
|
|
|
|
* and so it doesn't matter that we clobber the stored hba info.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2003-04-03 23:25:02 +02:00
|
|
|
static bool
|
2005-06-29 00:16:45 +02:00
|
|
|
check_role(const char *role, char *param_str)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2002-09-04 22:31:48 +02:00
|
|
|
char *tok;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2005-06-29 00:16:45 +02:00
|
|
|
for (tok = strtok(param_str, MULTI_VALUE_SEP);
|
|
|
|
|
tok != NULL;
|
|
|
|
|
tok = strtok(NULL, MULTI_VALUE_SEP))
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
|
|
|
|
if (tok[0] == '+')
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2005-06-29 00:16:45 +02:00
|
|
|
if (is_member(role, tok + 1))
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
2005-06-28 07:09:14 +02:00
|
|
|
else if (strcmp(tok, role) == 0 ||
|
2003-12-25 04:44:05 +01:00
|
|
|
strcmp(tok, "all\n") == 0)
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
2001-08-01 00:55:45 +02:00
|
|
|
|
2003-04-03 23:25:02 +02:00
|
|
|
return false;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Check to see if db/role combination matches param string.
|
2005-06-29 00:16:45 +02:00
|
|
|
*
|
|
|
|
|
* NB: param_str is destructively modified! In current usage, this is
|
|
|
|
|
* okay only because this code is run after forking off from the postmaster,
|
|
|
|
|
* and so it doesn't matter that we clobber the stored hba info.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2003-04-03 23:25:02 +02:00
|
|
|
static bool
|
2005-06-29 00:16:45 +02:00
|
|
|
check_db(const char *dbname, const char *role, char *param_str)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2002-09-04 22:31:48 +02:00
|
|
|
char *tok;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2005-06-29 00:16:45 +02:00
|
|
|
for (tok = strtok(param_str, MULTI_VALUE_SEP);
|
|
|
|
|
tok != NULL;
|
|
|
|
|
tok = strtok(NULL, MULTI_VALUE_SEP))
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2003-12-25 04:44:05 +01:00
|
|
|
if (strcmp(tok, "all\n") == 0)
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2003-12-25 04:44:05 +01:00
|
|
|
else if (strcmp(tok, "sameuser\n") == 0)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (strcmp(dbname, role) == 0)
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
2005-06-28 07:09:14 +02:00
|
|
|
else if (strcmp(tok, "samegroup\n") == 0 ||
|
|
|
|
|
strcmp(tok, "samerole\n") == 0)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2005-06-29 00:16:45 +02:00
|
|
|
if (is_member(role, dbname))
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
else if (strcmp(tok, dbname) == 0)
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
2003-04-03 23:25:02 +02:00
|
|
|
return false;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-10-23 15:31:10 +02:00
|
|
|
/*
|
|
|
|
|
* Macros used to check and report on invalid configuration options.
|
|
|
|
|
* INVALID_AUTH_OPTION = reports when an option is specified for a method where it's
|
|
|
|
|
* not supported.
|
|
|
|
|
* REQUIRE_AUTH_OPTION = same as INVALID_AUTH_OPTION, except it also checks if the
|
|
|
|
|
* method is actually the one specified. Used as a shortcut when
|
|
|
|
|
* the option is only valid for one authentication method.
|
|
|
|
|
* MANDATORY_AUTH_ARG = check if a required option is set for an authentication method,
|
|
|
|
|
* reporting error if it's not.
|
|
|
|
|
*/
|
|
|
|
|
#define INVALID_AUTH_OPTION(optname, validmethods) do {\
|
|
|
|
|
ereport(LOG, \
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR), \
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("authentication option \"%s\" is only valid for authentication methods \"%s\"", \
|
2008-10-23 15:31:10 +02:00
|
|
|
optname, validmethods), \
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"", \
|
|
|
|
|
line_num, HbaFileName))); \
|
2008-10-24 14:48:31 +02:00
|
|
|
return false; \
|
2008-10-23 15:31:10 +02:00
|
|
|
} while (0);
|
|
|
|
|
|
|
|
|
|
#define REQUIRE_AUTH_OPTION(methodval, optname, validmethods) do {\
|
|
|
|
|
if (parsedline->auth_method != methodval) \
|
2009-01-02 12:34:03 +01:00
|
|
|
INVALID_AUTH_OPTION(optname, validmethods); \
|
2008-10-23 15:31:10 +02:00
|
|
|
} while (0);
|
|
|
|
|
|
|
|
|
|
#define MANDATORY_AUTH_ARG(argvar, argname, authname) do {\
|
|
|
|
|
if (argvar == NULL) {\
|
|
|
|
|
ereport(LOG, \
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR), \
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("authentication method \"%s\" requires argument \"%s\" to be set", \
|
2008-10-23 15:31:10 +02:00
|
|
|
authname, argname), \
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"", \
|
|
|
|
|
line_num, HbaFileName))); \
|
2008-10-24 14:48:31 +02:00
|
|
|
return false; \
|
2008-10-23 15:31:10 +02:00
|
|
|
} \
|
|
|
|
|
} while (0);
|
|
|
|
|
|
|
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2008-09-15 14:32:57 +02:00
|
|
|
* Parse one line in the hba config file and store the result in
|
|
|
|
|
* a HbaLine structure.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2008-09-15 14:32:57 +02:00
|
|
|
static bool
|
|
|
|
|
parse_hba_line(List *line, int line_num, HbaLine *parsedline)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
char *token;
|
2003-09-06 01:07:21 +02:00
|
|
|
struct addrinfo *gai_result;
|
2003-08-04 02:43:34 +02:00
|
|
|
struct addrinfo hints;
|
2003-06-12 09:36:51 +02:00
|
|
|
int ret;
|
2003-09-06 01:07:21 +02:00
|
|
|
char *cidr_slash;
|
2008-09-15 14:32:57 +02:00
|
|
|
char *unsupauth;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *line_item;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
line_item = list_head(line);
|
2008-09-15 14:32:57 +02:00
|
|
|
|
|
|
|
|
parsedline->linenumber = line_num;
|
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/* Check the record type. */
|
2004-05-26 06:41:50 +02:00
|
|
|
token = lfirst(line_item);
|
2001-07-30 16:50:24 +02:00
|
|
|
if (strcmp(token, "local") == 0)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->conntype = ctLocal;
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
At long last I put together a patch to support 4 client SSL negotiation
modes (and replace the requiressl boolean). The four options were first
spelled out by Magnus Hagander <mha@sollentuna.net> on 2000-08-23 in email
to pgsql-hackers, archived here:
http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php
My original less-flexible patch and the ensuing thread are archived at:
http://dbforums.com/t623845.html
Attached is a new patch, including documentation.
To sum up, there's a new client parameter "sslmode" and environment
variable "PGSSLMODE", with these options:
sslmode description
------- -----------
disable Unencrypted non-SSL only
allow Negotiate, prefer non-SSL
prefer Negotiate, prefer SSL (default)
require Require SSL
The only change to the server is a new pg_hba.conf line type,
"hostnossl", for specifying connections that are not allowed to use SSL
(for example, to prevent servers on a local network from accidentally
using SSL and wasting cycles). Thus the 3 pg_hba.conf line types are:
pg_hba.conf line types
----------------------
host applies to either SSL or regular connections
hostssl applies only to SSL connections
hostnossl applies only to regular connections
These client and server options, the postgresql.conf ssl = false option,
and finally the possibility of compiling with no SSL support at all,
make quite a range of combinations to test. I threw together a test
script to try many of them out. It's in a separate tarball with its
config files, a patch to psql so it'll announce SSL connections even in
absence of a tty, and the test output. The test is especially informative
when run on the same tty the postmaster was started on, so the FATAL:
errors during negotiation are interleaved with the psql client output.
I saw Tom write that new submissions for 7.4 have to be in before midnight
local time, and since I'm on the east coast in the US, this just makes it
in before the bell. :)
Jon Jensen
2003-07-26 15:50:02 +02:00
|
|
|
else if (strcmp(token, "host") == 0
|
2003-08-04 02:43:34 +02:00
|
|
|
|| strcmp(token, "hostssl") == 0
|
|
|
|
|
|| strcmp(token, "hostnossl") == 0)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2002-12-06 05:37:05 +01:00
|
|
|
|
2003-08-04 02:43:34 +02:00
|
|
|
if (token[4] == 's') /* "hostssl" */
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2001-08-02 16:27:40 +02:00
|
|
|
#ifdef USE_SSL
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->conntype = ctHostSSL;
|
1999-09-27 05:13:16 +02:00
|
|
|
#else
|
2008-10-27 21:04:45 +01:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("hostssl not supported on this platform"),
|
|
|
|
|
errhint("compile with --enable-ssl to use SSL connections"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
1999-09-27 05:13:16 +02:00
|
|
|
#endif
|
2001-08-02 16:27:40 +02:00
|
|
|
}
|
At long last I put together a patch to support 4 client SSL negotiation
modes (and replace the requiressl boolean). The four options were first
spelled out by Magnus Hagander <mha@sollentuna.net> on 2000-08-23 in email
to pgsql-hackers, archived here:
http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php
My original less-flexible patch and the ensuing thread are archived at:
http://dbforums.com/t623845.html
Attached is a new patch, including documentation.
To sum up, there's a new client parameter "sslmode" and environment
variable "PGSSLMODE", with these options:
sslmode description
------- -----------
disable Unencrypted non-SSL only
allow Negotiate, prefer non-SSL
prefer Negotiate, prefer SSL (default)
require Require SSL
The only change to the server is a new pg_hba.conf line type,
"hostnossl", for specifying connections that are not allowed to use SSL
(for example, to prevent servers on a local network from accidentally
using SSL and wasting cycles). Thus the 3 pg_hba.conf line types are:
pg_hba.conf line types
----------------------
host applies to either SSL or regular connections
hostssl applies only to SSL connections
hostnossl applies only to regular connections
These client and server options, the postgresql.conf ssl = false option,
and finally the possibility of compiling with no SSL support at all,
make quite a range of combinations to test. I threw together a test
script to try many of them out. It's in a separate tarball with its
config files, a patch to psql so it'll announce SSL connections even in
absence of a tty, and the test output. The test is especially informative
when run on the same tty the postmaster was started on, so the FATAL:
errors during negotiation are interleaved with the psql client output.
I saw Tom write that new submissions for 7.4 have to be in before midnight
local time, and since I'm on the east coast in the US, this just makes it
in before the bell. :)
Jon Jensen
2003-07-26 15:50:02 +02:00
|
|
|
#ifdef USE_SSL
|
2003-08-04 02:43:34 +02:00
|
|
|
else if (token[4] == 'n') /* "hostnossl" */
|
At long last I put together a patch to support 4 client SSL negotiation
modes (and replace the requiressl boolean). The four options were first
spelled out by Magnus Hagander <mha@sollentuna.net> on 2000-08-23 in email
to pgsql-hackers, archived here:
http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php
My original less-flexible patch and the ensuing thread are archived at:
http://dbforums.com/t623845.html
Attached is a new patch, including documentation.
To sum up, there's a new client parameter "sslmode" and environment
variable "PGSSLMODE", with these options:
sslmode description
------- -----------
disable Unencrypted non-SSL only
allow Negotiate, prefer non-SSL
prefer Negotiate, prefer SSL (default)
require Require SSL
The only change to the server is a new pg_hba.conf line type,
"hostnossl", for specifying connections that are not allowed to use SSL
(for example, to prevent servers on a local network from accidentally
using SSL and wasting cycles). Thus the 3 pg_hba.conf line types are:
pg_hba.conf line types
----------------------
host applies to either SSL or regular connections
hostssl applies only to SSL connections
hostnossl applies only to regular connections
These client and server options, the postgresql.conf ssl = false option,
and finally the possibility of compiling with no SSL support at all,
make quite a range of combinations to test. I threw together a test
script to try many of them out. It's in a separate tarball with its
config files, a patch to psql so it'll announce SSL connections even in
absence of a tty, and the test output. The test is especially informative
when run on the same tty the postmaster was started on, so the FATAL:
errors during negotiation are interleaved with the psql client output.
I saw Tom write that new submissions for 7.4 have to be in before midnight
local time, and since I'm on the east coast in the US, this just makes it
in before the bell. :)
Jon Jensen
2003-07-26 15:50:02 +02:00
|
|
|
{
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->conntype = ctHostNoSSL;
|
At long last I put together a patch to support 4 client SSL negotiation
modes (and replace the requiressl boolean). The four options were first
spelled out by Magnus Hagander <mha@sollentuna.net> on 2000-08-23 in email
to pgsql-hackers, archived here:
http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php
My original less-flexible patch and the ensuing thread are archived at:
http://dbforums.com/t623845.html
Attached is a new patch, including documentation.
To sum up, there's a new client parameter "sslmode" and environment
variable "PGSSLMODE", with these options:
sslmode description
------- -----------
disable Unencrypted non-SSL only
allow Negotiate, prefer non-SSL
prefer Negotiate, prefer SSL (default)
require Require SSL
The only change to the server is a new pg_hba.conf line type,
"hostnossl", for specifying connections that are not allowed to use SSL
(for example, to prevent servers on a local network from accidentally
using SSL and wasting cycles). Thus the 3 pg_hba.conf line types are:
pg_hba.conf line types
----------------------
host applies to either SSL or regular connections
hostssl applies only to SSL connections
hostnossl applies only to regular connections
These client and server options, the postgresql.conf ssl = false option,
and finally the possibility of compiling with no SSL support at all,
make quite a range of combinations to test. I threw together a test
script to try many of them out. It's in a separate tarball with its
config files, a patch to psql so it'll announce SSL connections even in
absence of a tty, and the test output. The test is especially informative
when run on the same tty the postmaster was started on, so the FATAL:
errors during negotiation are interleaved with the psql client output.
I saw Tom write that new submissions for 7.4 have to be in before midnight
local time, and since I'm on the east coast in the US, this just makes it
in before the bell. :)
Jon Jensen
2003-07-26 15:50:02 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
2008-09-15 14:32:57 +02:00
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* "host", or "hostnossl" and SSL support not built in */
|
|
|
|
|
parsedline->conntype = ctHost;
|
|
|
|
|
}
|
|
|
|
|
} /* record type */
|
|
|
|
|
else
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid connection type \"%s\"",
|
|
|
|
|
token),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/* Get the database. */
|
|
|
|
|
line_item = lnext(line_item);
|
|
|
|
|
if (!line_item)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("end-of-line before database specification"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->database = pstrdup(lfirst(line_item));
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/* Get the role. */
|
|
|
|
|
line_item = lnext(line_item);
|
|
|
|
|
if (!line_item)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("end-of-line before role specification"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->role = pstrdup(lfirst(line_item));
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
if (parsedline->conntype != ctLocal)
|
|
|
|
|
{
|
2003-06-12 09:36:51 +02:00
|
|
|
/* Read the IP address field. (with or without CIDR netmask) */
|
2004-05-26 06:41:50 +02:00
|
|
|
line_item = lnext(line_item);
|
|
|
|
|
if (!line_item)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("end-of-line before ip address specification"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
token = pstrdup(lfirst(line_item));
|
2003-01-06 04:18:27 +01:00
|
|
|
|
2003-06-12 09:36:51 +02:00
|
|
|
/* Check if it has a CIDR suffix and if so isolate it */
|
2003-08-04 02:43:34 +02:00
|
|
|
cidr_slash = strchr(token, '/');
|
2003-06-12 09:36:51 +02:00
|
|
|
if (cidr_slash)
|
|
|
|
|
*cidr_slash = '\0';
|
2003-06-12 04:12:58 +02:00
|
|
|
|
2003-09-06 01:07:21 +02:00
|
|
|
/* Get the IP address either way */
|
2003-06-12 09:36:51 +02:00
|
|
|
hints.ai_flags = AI_NUMERICHOST;
|
|
|
|
|
hints.ai_family = PF_UNSPEC;
|
|
|
|
|
hints.ai_socktype = 0;
|
|
|
|
|
hints.ai_protocol = 0;
|
|
|
|
|
hints.ai_addrlen = 0;
|
|
|
|
|
hints.ai_canonname = NULL;
|
|
|
|
|
hints.ai_addr = NULL;
|
|
|
|
|
hints.ai_next = NULL;
|
|
|
|
|
|
2005-10-17 18:24:20 +02:00
|
|
|
ret = pg_getaddrinfo_all(token, NULL, &hints, &gai_result);
|
2003-09-06 01:07:21 +02:00
|
|
|
if (ret || !gai_result)
|
2003-06-12 09:36:51 +02:00
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2008-09-15 14:32:57 +02:00
|
|
|
errmsg("invalid IP address \"%s\": %s",
|
|
|
|
|
token, gai_strerror(ret)),
|
2008-09-15 22:55:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2003-06-12 09:36:51 +02:00
|
|
|
if (cidr_slash)
|
|
|
|
|
*cidr_slash = '/';
|
2003-09-06 01:07:21 +02:00
|
|
|
if (gai_result)
|
2005-10-17 18:24:20 +02:00
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2003-06-12 09:36:51 +02:00
|
|
|
}
|
2003-01-06 04:18:27 +01:00
|
|
|
|
2003-07-24 01:30:41 +02:00
|
|
|
if (cidr_slash)
|
|
|
|
|
*cidr_slash = '/';
|
|
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
memcpy(&parsedline->addr, gai_result->ai_addr, gai_result->ai_addrlen);
|
2005-10-17 18:24:20 +02:00
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
2003-09-06 01:07:21 +02:00
|
|
|
|
2003-06-12 09:36:51 +02:00
|
|
|
/* Get the netmask */
|
|
|
|
|
if (cidr_slash)
|
|
|
|
|
{
|
2008-09-15 14:32:57 +02:00
|
|
|
if (pg_sockaddr_cidr_mask(&parsedline->mask, cidr_slash + 1,
|
|
|
|
|
parsedline->addr.ss_family) < 0)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid CIDR mask in address \"%s\"",
|
|
|
|
|
token),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2003-06-12 09:36:51 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Read the mask field. */
|
2004-05-26 06:41:50 +02:00
|
|
|
line_item = lnext(line_item);
|
|
|
|
|
if (!line_item)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("end-of-line before netmask specification"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2004-05-26 06:41:50 +02:00
|
|
|
token = lfirst(line_item);
|
2003-06-12 09:36:51 +02:00
|
|
|
|
2005-10-17 18:24:20 +02:00
|
|
|
ret = pg_getaddrinfo_all(token, NULL, &hints, &gai_result);
|
2003-09-06 01:07:21 +02:00
|
|
|
if (ret || !gai_result)
|
|
|
|
|
{
|
2004-05-20 00:06:16 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2008-09-15 14:32:57 +02:00
|
|
|
errmsg("invalid IP mask \"%s\": %s",
|
|
|
|
|
token, gai_strerror(ret)),
|
2008-09-15 22:55:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2003-09-06 01:07:21 +02:00
|
|
|
if (gai_result)
|
2005-10-17 18:24:20 +02:00
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2003-09-06 01:07:21 +02:00
|
|
|
}
|
2003-07-22 21:00:12 +02:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
memcpy(&parsedline->mask, gai_result->ai_addr, gai_result->ai_addrlen);
|
2005-10-17 18:24:20 +02:00
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
2003-06-12 09:36:51 +02:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
if (parsedline->addr.ss_family != parsedline->mask.ss_family)
|
2004-05-20 00:06:16 +02:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2004-10-12 23:54:45 +02:00
|
|
|
errmsg("IP address and mask do not match in file \"%s\" line %d",
|
2004-10-10 01:13:22 +02:00
|
|
|
HbaFileName, line_num)));
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2004-05-20 00:06:16 +02:00
|
|
|
}
|
2003-06-12 09:36:51 +02:00
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
} /* != ctLocal */
|
|
|
|
|
|
|
|
|
|
/* Get the authentication method */
|
|
|
|
|
line_item = lnext(line_item);
|
|
|
|
|
if (!line_item)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("end-of-line before authentication method"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
token = lfirst(line_item);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
unsupauth = NULL;
|
|
|
|
|
if (strcmp(token, "trust") == 0)
|
|
|
|
|
parsedline->auth_method = uaTrust;
|
|
|
|
|
else if (strcmp(token, "ident") == 0)
|
|
|
|
|
parsedline->auth_method = uaIdent;
|
|
|
|
|
else if (strcmp(token, "password") == 0)
|
|
|
|
|
parsedline->auth_method = uaPassword;
|
|
|
|
|
else if (strcmp(token, "krb5") == 0)
|
|
|
|
|
#ifdef KRB5
|
|
|
|
|
parsedline->auth_method = uaKrb5;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "krb5";
|
|
|
|
|
#endif
|
|
|
|
|
else if (strcmp(token, "gss") == 0)
|
|
|
|
|
#ifdef ENABLE_GSS
|
|
|
|
|
parsedline->auth_method = uaGSS;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "gss";
|
|
|
|
|
#endif
|
|
|
|
|
else if (strcmp(token, "sspi") == 0)
|
|
|
|
|
#ifdef ENABLE_SSPI
|
|
|
|
|
parsedline->auth_method = uaSSPI;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "sspi";
|
|
|
|
|
#endif
|
|
|
|
|
else if (strcmp(token, "reject") == 0)
|
|
|
|
|
parsedline->auth_method = uaReject;
|
|
|
|
|
else if (strcmp(token, "md5") == 0)
|
2008-11-20 21:45:30 +01:00
|
|
|
{
|
|
|
|
|
if (Db_user_namespace)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->auth_method = uaMD5;
|
2008-11-20 21:45:30 +01:00
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
else if (strcmp(token, "pam") == 0)
|
|
|
|
|
#ifdef USE_PAM
|
|
|
|
|
parsedline->auth_method = uaPAM;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "pam";
|
|
|
|
|
#endif
|
|
|
|
|
else if (strcmp(token, "ldap") == 0)
|
|
|
|
|
#ifdef USE_LDAP
|
|
|
|
|
parsedline->auth_method = uaLDAP;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "ldap";
|
2008-11-20 12:48:26 +01:00
|
|
|
#endif
|
|
|
|
|
else if (strcmp(token, "cert") == 0)
|
|
|
|
|
#ifdef USE_SSL
|
|
|
|
|
parsedline->auth_method = uaCert;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "cert";
|
2008-09-15 14:32:57 +02:00
|
|
|
#endif
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid authentication method \"%s\"",
|
|
|
|
|
token),
|
2008-09-15 22:55:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2008-09-15 14:32:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (unsupauth)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid authentication method \"%s\": not supported on this platform",
|
|
|
|
|
token),
|
2008-09-15 22:55:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2008-09-15 14:32:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Invalid authentication combinations */
|
|
|
|
|
if (parsedline->conntype == ctLocal &&
|
|
|
|
|
parsedline->auth_method == uaKrb5)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("krb5 authentication is not supported on local sockets"),
|
2008-09-15 22:55:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2008-09-15 14:32:57 +02:00
|
|
|
}
|
|
|
|
|
|
2008-11-20 12:48:26 +01:00
|
|
|
if (parsedline->conntype != ctHostSSL &&
|
|
|
|
|
parsedline->auth_method == uaCert)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("cert authentication is only supported on hostssl connections"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2008-10-23 15:31:10 +02:00
|
|
|
/* Parse remaining arguments */
|
|
|
|
|
while ((line_item = lnext(line_item)) != NULL)
|
2008-09-15 14:32:57 +02:00
|
|
|
{
|
2008-10-23 15:31:10 +02:00
|
|
|
char *c;
|
|
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
token = lfirst(line_item);
|
|
|
|
|
|
2008-10-23 15:31:10 +02:00
|
|
|
c = strchr(token, '=');
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Got something that's not a name=value pair.
|
|
|
|
|
*
|
|
|
|
|
* XXX: attempt to do some backwards compatible parsing here?
|
|
|
|
|
*/
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("authentication option not in name=value format: %s", token),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
|
|
|
|
else
|
2003-09-05 22:31:36 +02:00
|
|
|
{
|
2008-10-23 15:31:10 +02:00
|
|
|
*c++ = '\0'; /* token now holds "name", c holds "value" */
|
|
|
|
|
if (strcmp(token, "map") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (parsedline->auth_method != uaIdent &&
|
|
|
|
|
parsedline->auth_method != uaKrb5 &&
|
|
|
|
|
parsedline->auth_method != uaGSS &&
|
2008-11-20 12:48:26 +01:00
|
|
|
parsedline->auth_method != uaSSPI &&
|
|
|
|
|
parsedline->auth_method != uaCert)
|
|
|
|
|
INVALID_AUTH_OPTION("map", "ident, krb5, gssapi, sspi and cert");
|
2008-10-23 15:31:10 +02:00
|
|
|
parsedline->usermap = pstrdup(c);
|
|
|
|
|
}
|
2008-11-20 10:29:36 +01:00
|
|
|
else if (strcmp(token, "clientcert") == 0)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Since we require ctHostSSL, this really can never happen on non-SSL-enabled
|
|
|
|
|
* builds, so don't bother checking for USE_SSL.
|
|
|
|
|
*/
|
|
|
|
|
if (parsedline->conntype != ctHostSSL)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("clientcert can only be configured for \"hostssl\" rows"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (strcmp(c, "1") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (!secure_loaded_verify_locations())
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("client certificates can only be checked if a root certificate store is available"),
|
|
|
|
|
errdetail("make sure the root certificate store is present and readable"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
parsedline->clientcert = true;
|
|
|
|
|
}
|
|
|
|
|
else
|
2008-11-20 12:48:26 +01:00
|
|
|
{
|
|
|
|
|
if (parsedline->auth_method == uaCert)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("clientcert can not be set to 0 when using \"cert\" authentication"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2008-11-20 10:29:36 +01:00
|
|
|
parsedline->clientcert = false;
|
2008-11-20 12:48:26 +01:00
|
|
|
}
|
2008-11-20 10:29:36 +01:00
|
|
|
}
|
2008-10-23 15:31:10 +02:00
|
|
|
else if (strcmp(token, "pamservice") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaPAM, "pamservice", "pam");
|
|
|
|
|
parsedline->pamservice = pstrdup(c);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(token, "ldaptls") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldaptls", "ldap");
|
|
|
|
|
if (strcmp(c, "1") == 0)
|
|
|
|
|
parsedline->ldaptls = true;
|
|
|
|
|
else
|
|
|
|
|
parsedline->ldaptls = false;
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(token, "ldapserver") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapserver", "ldap");
|
|
|
|
|
parsedline->ldapserver = pstrdup(c);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(token, "ldapport") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapport", "ldap");
|
|
|
|
|
parsedline->ldapport = atoi(c);
|
|
|
|
|
if (parsedline->ldapport == 0)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("invalid LDAP port number: \"%s\"", c),
|
2008-10-23 15:31:10 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(token, "ldapprefix") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapprefix", "ldap");
|
|
|
|
|
parsedline->ldapprefix = pstrdup(c);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(token, "ldapsuffix") == 0)
|
2003-09-05 22:31:36 +02:00
|
|
|
{
|
2008-10-23 15:31:10 +02:00
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapsuffix", "ldap");
|
|
|
|
|
parsedline->ldapsuffix = pstrdup(c);
|
2003-09-05 22:31:36 +02:00
|
|
|
}
|
2009-01-07 13:38:11 +01:00
|
|
|
else if (strcmp(token, "krb_server_hostname") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaKrb5, "krb_server_hostname", "krb5");
|
|
|
|
|
parsedline->krb_server_hostname = pstrdup(c);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(token, "krb_realm") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (parsedline->auth_method != uaKrb5 &&
|
|
|
|
|
parsedline->auth_method != uaGSS &&
|
|
|
|
|
parsedline->auth_method != uaSSPI)
|
|
|
|
|
INVALID_AUTH_OPTION("krb_realm", "krb5, gssapi and sspi");
|
|
|
|
|
parsedline->krb_realm = pstrdup(c);
|
|
|
|
|
}
|
2009-01-07 14:09:21 +01:00
|
|
|
else if (strcmp(token, "include_realm") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (parsedline->auth_method != uaKrb5 &&
|
|
|
|
|
parsedline->auth_method != uaGSS &&
|
|
|
|
|
parsedline->auth_method != uaSSPI)
|
|
|
|
|
INVALID_AUTH_OPTION("include_realm", "krb5, gssapi and sspi");
|
|
|
|
|
if (strcmp(c, "1") == 0)
|
|
|
|
|
parsedline->include_realm = true;
|
|
|
|
|
else
|
|
|
|
|
parsedline->include_realm = false;
|
|
|
|
|
}
|
2003-09-05 22:31:36 +02:00
|
|
|
else
|
|
|
|
|
{
|
2008-10-23 15:31:10 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("unknown authentication option name: \"%s\"", token),
|
2008-10-23 15:31:10 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2008-10-24 14:48:31 +02:00
|
|
|
return false;
|
2003-09-05 22:31:36 +02:00
|
|
|
}
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2008-10-23 15:31:10 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if the selected authentication method has any mandatory arguments that
|
|
|
|
|
* are not set.
|
|
|
|
|
*/
|
|
|
|
|
if (parsedline->auth_method == uaLDAP)
|
|
|
|
|
{
|
|
|
|
|
MANDATORY_AUTH_ARG(parsedline->ldapserver, "ldapserver", "ldap");
|
|
|
|
|
}
|
2008-11-20 12:48:26 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Enforce any parameters implied by other settings.
|
|
|
|
|
*/
|
|
|
|
|
if (parsedline->auth_method == uaCert)
|
|
|
|
|
{
|
|
|
|
|
parsedline->clientcert = true;
|
|
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
|
|
|
|
|
return true;
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Scan the (pre-parsed) hba file line by line, looking for a match
|
2001-08-01 00:55:45 +02:00
|
|
|
* to the port's connection request.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
|
|
|
|
static bool
|
|
|
|
|
check_hba(hbaPort *port)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *line;
|
2008-09-15 14:32:57 +02:00
|
|
|
HbaLine *hba;
|
1999-05-25 18:15:34 +02:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
foreach(line, parsed_hba_lines)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2008-09-15 14:32:57 +02:00
|
|
|
hba = (HbaLine *) lfirst(line);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/* Check connection type */
|
|
|
|
|
if (hba->conntype == ctLocal)
|
|
|
|
|
{
|
|
|
|
|
if (!IS_AF_UNIX(port->raddr.addr.ss_family))
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (IS_AF_UNIX(port->raddr.addr.ss_family))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Check SSL state */
|
|
|
|
|
#ifdef USE_SSL
|
|
|
|
|
if (port->ssl)
|
|
|
|
|
{
|
|
|
|
|
/* Connection is SSL, match both "host" and "hostssl" */
|
|
|
|
|
if (hba->conntype == ctHostNoSSL)
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Connection is not SSL, match both "host" and "hostnossl" */
|
|
|
|
|
if (hba->conntype == ctHostSSL)
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
/* No SSL support, so reject "hostssl" lines */
|
|
|
|
|
if (hba->conntype == ctHostSSL)
|
|
|
|
|
continue;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Check IP address */
|
|
|
|
|
if (port->raddr.addr.ss_family == hba->addr.ss_family)
|
|
|
|
|
{
|
|
|
|
|
if (!pg_range_sockaddr(&port->raddr.addr, &hba->addr, &hba->mask))
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
#ifdef HAVE_IPV6
|
|
|
|
|
else if (hba->addr.ss_family == AF_INET &&
|
|
|
|
|
port->raddr.addr.ss_family == AF_INET6)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Wrong address family. We allow only one case: if the file has
|
|
|
|
|
* IPv4 and the port is IPv6, promote the file address to IPv6 and
|
|
|
|
|
* try to match that way.
|
|
|
|
|
*/
|
|
|
|
|
struct sockaddr_storage addrcopy, maskcopy;
|
|
|
|
|
memcpy(&addrcopy, &hba->addr, sizeof(addrcopy));
|
|
|
|
|
memcpy(&maskcopy, &hba->mask, sizeof(maskcopy));
|
|
|
|
|
pg_promote_v4_to_v6_addr(&addrcopy);
|
|
|
|
|
pg_promote_v4_to_v6_mask(&maskcopy);
|
|
|
|
|
|
|
|
|
|
if (!pg_range_sockaddr(&port->raddr.addr, &addrcopy, &maskcopy))
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
#endif /* HAVE_IPV6 */
|
|
|
|
|
else
|
|
|
|
|
/* Wrong address family, no IPV6 */
|
|
|
|
|
continue;
|
|
|
|
|
} /* != ctLocal */
|
|
|
|
|
|
|
|
|
|
/* Check database and role */
|
|
|
|
|
if (!check_db(port->database_name, port->user_name, hba->database))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (!check_role(port->user_name, hba->role))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Found a record that matched! */
|
|
|
|
|
port->hba = hba;
|
2001-07-30 16:50:24 +02:00
|
|
|
return true;
|
1998-01-27 04:25:14 +01:00
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
|
|
|
|
|
/* If no matching entry was found, synthesize 'reject' entry. */
|
|
|
|
|
hba = palloc0(sizeof(HbaLine));
|
|
|
|
|
hba->auth_method = uaReject;
|
|
|
|
|
port->hba = hba;
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
/* XXX:
|
|
|
|
|
* Return false only happens if we have a parsing error, which we can
|
|
|
|
|
* no longer have (parsing now in postmaster). Consider changing API.
|
|
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1996-10-12 09:47:12 +02:00
|
|
|
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Load role/password mapping file
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
|
|
|
|
void
|
2005-06-28 07:09:14 +02:00
|
|
|
load_role(void)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2004-12-27 20:19:24 +01:00
|
|
|
char *filename;
|
2005-06-28 07:09:14 +02:00
|
|
|
FILE *role_file;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2003-04-03 23:25:02 +02:00
|
|
|
/* Discard any old data */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (role_lines || role_line_nums)
|
|
|
|
|
free_lines(&role_lines, &role_line_nums);
|
2005-10-15 04:49:52 +02:00
|
|
|
if (role_sorted)
|
2005-06-28 07:09:14 +02:00
|
|
|
pfree(role_sorted);
|
|
|
|
|
role_sorted = NULL;
|
|
|
|
|
role_length = 0;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2004-12-27 20:19:24 +01:00
|
|
|
/* Read in the file contents */
|
2005-06-28 07:09:14 +02:00
|
|
|
filename = auth_getflatfilename();
|
|
|
|
|
role_file = AllocateFile(filename, "r");
|
2004-12-27 20:19:24 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
if (role_file == NULL)
|
2004-12-27 20:19:24 +01:00
|
|
|
{
|
|
|
|
|
/* no complaint if not there */
|
|
|
|
|
if (errno != ENOENT)
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
|
errmsg("could not open file \"%s\": %m", filename)));
|
|
|
|
|
pfree(filename);
|
2002-04-04 06:25:54 +02:00
|
|
|
return;
|
2004-12-27 20:19:24 +01:00
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
tokenize_file(filename, role_file, &role_lines, &role_line_nums);
|
2004-12-27 20:19:24 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
FreeFile(role_file);
|
2004-12-27 20:19:24 +01:00
|
|
|
pfree(filename);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/* create array for binary searching */
|
|
|
|
|
role_length = list_length(role_lines);
|
|
|
|
|
if (role_length)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2005-10-15 04:49:52 +02:00
|
|
|
int i = 0;
|
|
|
|
|
ListCell *line;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2005-07-28 17:30:55 +02:00
|
|
|
/* We assume the flat file was written already-sorted */
|
2005-06-28 07:09:14 +02:00
|
|
|
role_sorted = palloc(role_length * sizeof(List *));
|
|
|
|
|
foreach(line, role_lines)
|
|
|
|
|
role_sorted[i++] = lfirst(line);
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/*
|
|
|
|
|
* Free the contents of a hba record
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
free_hba_record(HbaLine *record)
|
|
|
|
|
{
|
|
|
|
|
if (record->database)
|
|
|
|
|
pfree(record->database);
|
|
|
|
|
if (record->role)
|
|
|
|
|
pfree(record->role);
|
2008-10-23 15:31:10 +02:00
|
|
|
if (record->pamservice)
|
|
|
|
|
pfree(record->pamservice);
|
|
|
|
|
if (record->ldapserver)
|
|
|
|
|
pfree(record->ldapserver);
|
|
|
|
|
if (record->ldapprefix)
|
|
|
|
|
pfree(record->ldapprefix);
|
|
|
|
|
if (record->ldapsuffix)
|
|
|
|
|
pfree(record->ldapsuffix);
|
2009-01-07 13:38:11 +01:00
|
|
|
if (record->krb_server_hostname)
|
|
|
|
|
pfree(record->krb_server_hostname);
|
|
|
|
|
if (record->krb_realm)
|
|
|
|
|
pfree(record->krb_realm);
|
2008-09-15 14:32:57 +02:00
|
|
|
}
|
2002-04-04 06:25:54 +02:00
|
|
|
|
1998-12-14 07:50:32 +01:00
|
|
|
/*
|
2008-09-15 14:32:57 +02:00
|
|
|
* Free all records on the parsed HBA list
|
1998-12-14 07:50:32 +01:00
|
|
|
*/
|
2008-09-15 14:32:57 +02:00
|
|
|
static void
|
|
|
|
|
clean_hba_list(List *lines)
|
|
|
|
|
{
|
|
|
|
|
ListCell *line;
|
|
|
|
|
|
|
|
|
|
foreach(line, lines)
|
|
|
|
|
{
|
|
|
|
|
HbaLine *parsed = (HbaLine *)lfirst(line);
|
|
|
|
|
if (parsed)
|
|
|
|
|
free_hba_record(parsed);
|
|
|
|
|
}
|
|
|
|
|
list_free(lines);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Read the config file and create a List of HbaLine records for the contents.
|
|
|
|
|
*
|
|
|
|
|
* The configuration is read into a temporary list, and if any parse error occurs
|
|
|
|
|
* the old list is kept in place and false is returned. Only if the whole file
|
|
|
|
|
* parses Ok is the list replaced, and the function returns true.
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2001-08-01 00:55:45 +02:00
|
|
|
load_hba(void)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2004-10-10 01:13:22 +02:00
|
|
|
FILE *file;
|
2008-09-15 14:32:57 +02:00
|
|
|
List *hba_lines = NIL;
|
|
|
|
|
List *hba_line_nums = NIL;
|
|
|
|
|
ListCell *line, *line_num;
|
|
|
|
|
List *new_parsed_lines = NIL;
|
2009-03-07 22:28:00 +01:00
|
|
|
bool ok = true;
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2004-10-10 01:13:22 +02:00
|
|
|
file = AllocateFile(HbaFileName, "r");
|
2002-04-04 06:25:54 +02:00
|
|
|
if (file == NULL)
|
2009-03-04 09:43:15 +01:00
|
|
|
{
|
2009-03-04 19:43:38 +01:00
|
|
|
ereport(LOG,
|
2003-07-22 21:00:12 +02:00
|
|
|
(errcode_for_file_access(),
|
2003-09-25 08:58:07 +02:00
|
|
|
errmsg("could not open configuration file \"%s\": %m",
|
2004-10-10 01:13:22 +02:00
|
|
|
HbaFileName)));
|
2009-03-04 09:43:15 +01:00
|
|
|
/*
|
|
|
|
|
* Caller will take care of making this a FATAL error in case this is
|
|
|
|
|
* the initial startup. If it happens on reload, we just keep the
|
|
|
|
|
* old version around.
|
|
|
|
|
*/
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2002-12-14 19:49:37 +01:00
|
|
|
|
2004-12-27 20:19:24 +01:00
|
|
|
tokenize_file(HbaFileName, file, &hba_lines, &hba_line_nums);
|
2002-12-14 19:49:37 +01:00
|
|
|
FreeFile(file);
|
2008-09-15 14:32:57 +02:00
|
|
|
|
|
|
|
|
/* Now parse all the lines */
|
|
|
|
|
forboth(line, hba_lines, line_num, hba_line_nums)
|
|
|
|
|
{
|
|
|
|
|
HbaLine *newline;
|
|
|
|
|
|
|
|
|
|
newline = palloc0(sizeof(HbaLine));
|
|
|
|
|
|
|
|
|
|
if (!parse_hba_line(lfirst(line), lfirst_int(line_num), newline))
|
|
|
|
|
{
|
2009-03-07 22:28:00 +01:00
|
|
|
/* Parse error in the file, so indicate there's a problem */
|
2008-09-15 14:32:57 +02:00
|
|
|
free_hba_record(newline);
|
|
|
|
|
pfree(newline);
|
2009-03-07 22:28:00 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Keep parsing the rest of the file so we can report errors
|
|
|
|
|
* on more than the first row. Error has already been reported
|
|
|
|
|
* in the parsing function, so no need to log it here.
|
|
|
|
|
*/
|
|
|
|
|
ok = false;
|
|
|
|
|
continue;
|
2008-09-15 14:32:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
new_parsed_lines = lappend(new_parsed_lines, newline);
|
|
|
|
|
}
|
|
|
|
|
|
2009-03-07 22:28:00 +01:00
|
|
|
if (!ok)
|
|
|
|
|
{
|
|
|
|
|
/* Parsing failed at one or more rows, so bail out */
|
|
|
|
|
clean_hba_list(new_parsed_lines);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/* Loaded new file successfully, replace the one we use */
|
|
|
|
|
clean_hba_list(parsed_hba_lines);
|
|
|
|
|
parsed_hba_lines = new_parsed_lines;
|
|
|
|
|
|
|
|
|
|
/* Free the temporary lists */
|
|
|
|
|
free_lines(&hba_lines, &hba_line_nums);
|
|
|
|
|
|
|
|
|
|
return true;
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
|
|
|
|
|
2005-02-26 19:43:34 +01:00
|
|
|
/*
|
|
|
|
|
* Read and parse one line from the flat pg_database file.
|
|
|
|
|
*
|
|
|
|
|
* Returns TRUE on success, FALSE if EOF; bad data causes elog(FATAL).
|
|
|
|
|
*
|
|
|
|
|
* Output parameters:
|
|
|
|
|
* dbname: gets database name (must be of size NAMEDATALEN bytes)
|
|
|
|
|
* dboid: gets database OID
|
|
|
|
|
* dbtablespace: gets database's default tablespace's OID
|
Fix recently-understood problems with handling of XID freezing, particularly
in PITR scenarios. We now WAL-log the replacement of old XIDs with
FrozenTransactionId, so that such replacement is guaranteed to propagate to
PITR slave databases. Also, rather than relying on hint-bit updates to be
preserved, pg_clog is not truncated until all instances of an XID are known to
have been replaced by FrozenTransactionId. Add new GUC variables and
pg_autovacuum columns to allow management of the freezing policy, so that
users can trade off the size of pg_clog against the amount of freezing work
done. Revise the already-existing code that forces autovacuum of tables
approaching the wraparound point to make it more bulletproof; also, revise the
autovacuum logic so that anti-wraparound vacuuming is done per-table rather
than per-database. initdb forced because of changes in pg_class, pg_database,
and pg_autovacuum catalogs. Heikki Linnakangas, Simon Riggs, and Tom Lane.
2006-11-05 23:42:10 +01:00
|
|
|
* dbfrozenxid: gets database's frozen XID
|
2005-02-26 19:43:34 +01:00
|
|
|
*
|
|
|
|
|
* This is not much related to the other functions in hba.c, but we put it
|
|
|
|
|
* here because it uses the next_token() infrastructure.
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-07-29 21:30:09 +02:00
|
|
|
read_pg_database_line(FILE *fp, char *dbname, Oid *dboid,
|
Fix recently-understood problems with handling of XID freezing, particularly
in PITR scenarios. We now WAL-log the replacement of old XIDs with
FrozenTransactionId, so that such replacement is guaranteed to propagate to
PITR slave databases. Also, rather than relying on hint-bit updates to be
preserved, pg_clog is not truncated until all instances of an XID are known to
have been replaced by FrozenTransactionId. Add new GUC variables and
pg_autovacuum columns to allow management of the freezing policy, so that
users can trade off the size of pg_clog against the amount of freezing work
done. Revise the already-existing code that forces autovacuum of tables
approaching the wraparound point to make it more bulletproof; also, revise the
autovacuum logic so that anti-wraparound vacuuming is done per-table rather
than per-database. initdb forced because of changes in pg_class, pg_database,
and pg_autovacuum catalogs. Heikki Linnakangas, Simon Riggs, and Tom Lane.
2006-11-05 23:42:10 +01:00
|
|
|
Oid *dbtablespace, TransactionId *dbfrozenxid)
|
2005-02-26 19:43:34 +01:00
|
|
|
{
|
|
|
|
|
char buf[MAX_TOKEN];
|
|
|
|
|
|
|
|
|
|
if (feof(fp))
|
|
|
|
|
return false;
|
2005-06-29 00:16:45 +02:00
|
|
|
if (!next_token(fp, buf, sizeof(buf)))
|
2005-02-26 19:43:34 +01:00
|
|
|
return false;
|
|
|
|
|
if (strlen(buf) >= NAMEDATALEN)
|
|
|
|
|
elog(FATAL, "bad data in flat pg_database file");
|
|
|
|
|
strcpy(dbname, buf);
|
|
|
|
|
next_token(fp, buf, sizeof(buf));
|
|
|
|
|
if (!isdigit((unsigned char) buf[0]))
|
|
|
|
|
elog(FATAL, "bad data in flat pg_database file");
|
|
|
|
|
*dboid = atooid(buf);
|
|
|
|
|
next_token(fp, buf, sizeof(buf));
|
|
|
|
|
if (!isdigit((unsigned char) buf[0]))
|
|
|
|
|
elog(FATAL, "bad data in flat pg_database file");
|
|
|
|
|
*dbtablespace = atooid(buf);
|
|
|
|
|
next_token(fp, buf, sizeof(buf));
|
|
|
|
|
if (!isdigit((unsigned char) buf[0]))
|
|
|
|
|
elog(FATAL, "bad data in flat pg_database file");
|
Fix recently-understood problems with handling of XID freezing, particularly
in PITR scenarios. We now WAL-log the replacement of old XIDs with
FrozenTransactionId, so that such replacement is guaranteed to propagate to
PITR slave databases. Also, rather than relying on hint-bit updates to be
preserved, pg_clog is not truncated until all instances of an XID are known to
have been replaced by FrozenTransactionId. Add new GUC variables and
pg_autovacuum columns to allow management of the freezing policy, so that
users can trade off the size of pg_clog against the amount of freezing work
done. Revise the already-existing code that forces autovacuum of tables
approaching the wraparound point to make it more bulletproof; also, revise the
autovacuum logic so that anti-wraparound vacuuming is done per-table rather
than per-database. initdb forced because of changes in pg_class, pg_database,
and pg_autovacuum catalogs. Heikki Linnakangas, Simon Riggs, and Tom Lane.
2006-11-05 23:42:10 +01:00
|
|
|
*dbfrozenxid = atoxid(buf);
|
2005-02-26 19:43:34 +01:00
|
|
|
/* expect EOL next */
|
2005-06-29 00:16:45 +02:00
|
|
|
if (next_token(fp, buf, sizeof(buf)))
|
2005-02-26 19:43:34 +01:00
|
|
|
elog(FATAL, "bad data in flat pg_database file");
|
|
|
|
|
return true;
|
|
|
|
|
}
|
1996-10-12 09:47:12 +02:00
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2001-08-01 00:55:45 +02:00
|
|
|
* Process one line from the ident config file.
|
|
|
|
|
*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Take the line and compare it to the needed map, pg_role and ident_user.
|
2001-08-01 00:55:45 +02:00
|
|
|
* *found_p and *error_p are set according to our results.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
1996-10-12 09:47:12 +02:00
|
|
|
static void
|
2004-05-26 06:41:50 +02:00
|
|
|
parse_ident_usermap(List *line, int line_number, const char *usermap_name,
|
2005-06-28 07:09:14 +02:00
|
|
|
const char *pg_role, const char *ident_user,
|
2008-10-23 15:31:10 +02:00
|
|
|
bool case_insensitive, bool *found_p, bool *error_p)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *line_item;
|
2001-10-25 07:50:21 +02:00
|
|
|
char *token;
|
|
|
|
|
char *file_map;
|
2005-06-28 07:09:14 +02:00
|
|
|
char *file_pgrole;
|
2001-10-25 07:50:21 +02:00
|
|
|
char *file_ident_user;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
|
|
|
|
*found_p = false;
|
2001-08-01 00:55:45 +02:00
|
|
|
*error_p = false;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
|
|
|
|
Assert(line != NIL);
|
2004-05-26 06:41:50 +02:00
|
|
|
line_item = list_head(line);
|
2001-08-01 00:55:45 +02:00
|
|
|
|
|
|
|
|
/* Get the map token (must exist) */
|
2004-05-26 06:41:50 +02:00
|
|
|
token = lfirst(line_item);
|
2001-07-30 16:50:24 +02:00
|
|
|
file_map = token;
|
|
|
|
|
|
2005-06-21 03:20:09 +02:00
|
|
|
/* Get the ident user token */
|
2004-05-26 06:41:50 +02:00
|
|
|
line_item = lnext(line_item);
|
2005-06-21 03:20:09 +02:00
|
|
|
if (!line_item)
|
2001-07-30 16:50:24 +02:00
|
|
|
goto ident_syntax;
|
2004-05-26 06:41:50 +02:00
|
|
|
token = lfirst(line_item);
|
2001-08-01 00:55:45 +02:00
|
|
|
file_ident_user = token;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/* Get the PG rolename token */
|
2004-05-26 06:41:50 +02:00
|
|
|
line_item = lnext(line_item);
|
2005-06-21 03:20:09 +02:00
|
|
|
if (!line_item)
|
2001-08-01 00:55:45 +02:00
|
|
|
goto ident_syntax;
|
2004-05-26 06:41:50 +02:00
|
|
|
token = lfirst(line_item);
|
2005-06-28 07:09:14 +02:00
|
|
|
file_pgrole = token;
|
2001-08-01 00:55:45 +02:00
|
|
|
|
2008-11-28 15:26:58 +01:00
|
|
|
if (strcmp(file_map, usermap_name) != 0)
|
|
|
|
|
/* Line does not match the map name we're looking for, so just abort */
|
|
|
|
|
return;
|
|
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
/* Match? */
|
2008-11-28 15:26:58 +01:00
|
|
|
if (file_ident_user[0] == '/')
|
2008-10-23 15:31:10 +02:00
|
|
|
{
|
2008-11-28 15:26:58 +01:00
|
|
|
/*
|
|
|
|
|
* When system username starts with a slash, treat it as a regular expression.
|
|
|
|
|
* In this case, we process the system username as a regular expression that
|
|
|
|
|
* returns exactly one match. This is replaced for \1 in the database username
|
|
|
|
|
* string, if present.
|
|
|
|
|
*/
|
|
|
|
|
int r;
|
|
|
|
|
regex_t re;
|
|
|
|
|
regmatch_t matches[2];
|
|
|
|
|
pg_wchar *wstr;
|
|
|
|
|
int wlen;
|
|
|
|
|
char *ofs;
|
|
|
|
|
char *regexp_pgrole;
|
|
|
|
|
|
|
|
|
|
wstr = palloc((strlen(file_ident_user+1) + 1) * sizeof(pg_wchar));
|
|
|
|
|
wlen = pg_mb2wchar_with_len(file_ident_user+1, wstr, strlen(file_ident_user+1));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX: Major room for optimization: regexps could be compiled when the file is loaded
|
|
|
|
|
* and then re-used in every connection.
|
|
|
|
|
*/
|
|
|
|
|
r = pg_regcomp(&re, wstr, wlen, REG_ADVANCED);
|
|
|
|
|
if (r)
|
|
|
|
|
{
|
|
|
|
|
char errstr[100];
|
|
|
|
|
|
|
|
|
|
pg_regerror(r, &re, errstr, sizeof(errstr));
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("invalid regular expression \"%s\": %s", file_ident_user+1, errstr)));
|
2008-11-28 15:26:58 +01:00
|
|
|
|
|
|
|
|
pfree(wstr);
|
|
|
|
|
*error_p = true;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
pfree(wstr);
|
|
|
|
|
|
|
|
|
|
wstr = palloc((strlen(ident_user) + 1) * sizeof(pg_wchar));
|
|
|
|
|
wlen = pg_mb2wchar_with_len(ident_user, wstr, strlen(ident_user));
|
|
|
|
|
|
|
|
|
|
r = pg_regexec(&re, wstr, wlen, 0, NULL, 2, matches,0);
|
|
|
|
|
if (r)
|
|
|
|
|
{
|
|
|
|
|
char errstr[100];
|
|
|
|
|
|
|
|
|
|
if (r != REG_NOMATCH)
|
|
|
|
|
{
|
|
|
|
|
/* REG_NOMATCH is not an error, everything else is */
|
|
|
|
|
pg_regerror(r, &re, errstr, sizeof(errstr));
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("regular expression match for \"%s\" failed: %s", file_ident_user+1, errstr)));
|
2008-11-28 15:26:58 +01:00
|
|
|
*error_p = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pfree(wstr);
|
|
|
|
|
pg_regfree(&re);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
pfree(wstr);
|
|
|
|
|
|
|
|
|
|
if ((ofs = strstr(file_pgrole, "\\1")) != NULL)
|
|
|
|
|
{
|
|
|
|
|
/* substitution of the first argument requested */
|
|
|
|
|
if (matches[1].rm_so < 0)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("regular expression \"%s\" has no subexpressions as requested by backreference in \"%s\"",
|
2008-11-28 15:26:58 +01:00
|
|
|
file_ident_user+1, file_pgrole)));
|
|
|
|
|
/* length: original length minus length of \1 plus length of match plus null terminator */
|
|
|
|
|
regexp_pgrole = palloc0(strlen(file_pgrole) - 2 + (matches[1].rm_eo-matches[1].rm_so) + 1);
|
|
|
|
|
strncpy(regexp_pgrole, file_pgrole, (ofs-file_pgrole));
|
|
|
|
|
memcpy(regexp_pgrole+strlen(regexp_pgrole),
|
|
|
|
|
ident_user+matches[1].rm_so,
|
|
|
|
|
matches[1].rm_eo-matches[1].rm_so);
|
|
|
|
|
strcat(regexp_pgrole, ofs+2);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* no substitution, so copy the match */
|
|
|
|
|
regexp_pgrole = pstrdup(file_pgrole);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pg_regfree(&re);
|
|
|
|
|
|
|
|
|
|
/* now check if the username actually matched what the user is trying to connect as */
|
|
|
|
|
if (case_insensitive)
|
|
|
|
|
{
|
|
|
|
|
if (pg_strcasecmp(regexp_pgrole, pg_role) == 0)
|
|
|
|
|
*found_p = true;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (strcmp(regexp_pgrole, pg_role) == 0)
|
|
|
|
|
*found_p = true;
|
|
|
|
|
}
|
|
|
|
|
pfree(regexp_pgrole);
|
|
|
|
|
|
|
|
|
|
return;
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2008-11-28 15:26:58 +01:00
|
|
|
/* Not regular expression, so make complete match */
|
|
|
|
|
if (case_insensitive)
|
|
|
|
|
{
|
|
|
|
|
if (pg_strcasecmp(file_pgrole, pg_role) == 0 &&
|
|
|
|
|
pg_strcasecmp(file_ident_user, ident_user) == 0)
|
|
|
|
|
*found_p = true;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (strcmp(file_pgrole, pg_role) == 0 &&
|
|
|
|
|
strcmp(file_ident_user, ident_user) == 0)
|
|
|
|
|
*found_p = true;
|
|
|
|
|
}
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
2005-06-21 03:20:09 +02:00
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
ident_syntax:
|
2005-06-21 03:20:09 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("missing entry in file \"%s\" at end of line %d",
|
|
|
|
|
IdentFileName, line_number)));
|
2001-07-30 16:50:24 +02:00
|
|
|
*error_p = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Scan the (pre-parsed) ident usermap file line by line, looking for a match
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2001-10-25 07:50:21 +02:00
|
|
|
* See if the user with ident username "ident_user" is allowed to act
|
2005-06-28 07:09:14 +02:00
|
|
|
* as Postgres user "pgrole" according to usermap "usermap_name".
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2008-09-15 14:32:57 +02:00
|
|
|
* Special case: Usermap NULL, equivalent to what was previously called
|
|
|
|
|
* "sameuser" or "samerole", don't look in the usermap
|
2005-06-28 07:09:14 +02:00
|
|
|
* file. That's an implied map where "pgrole" must be identical to
|
2001-10-25 07:50:21 +02:00
|
|
|
* "ident_user" in order to be authorized.
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2008-10-23 15:31:10 +02:00
|
|
|
* Iff authorized, return STATUS_OK, otherwise return STATUS_ERROR.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2008-10-23 15:31:10 +02:00
|
|
|
int
|
|
|
|
|
check_usermap(const char *usermap_name,
|
2005-06-28 07:09:14 +02:00
|
|
|
const char *pg_role,
|
2008-10-23 15:31:10 +02:00
|
|
|
const char *auth_user,
|
|
|
|
|
bool case_insensitive)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
bool found_entry = false,
|
|
|
|
|
error = false;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
if (usermap_name == NULL || usermap_name[0] == '\0')
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2008-10-23 15:31:10 +02:00
|
|
|
if (case_insensitive)
|
|
|
|
|
{
|
|
|
|
|
if (pg_strcasecmp(pg_role, auth_user) == 0)
|
|
|
|
|
return STATUS_OK;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if (strcmp(pg_role, auth_user) == 0)
|
|
|
|
|
return STATUS_OK;
|
|
|
|
|
}
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("provided username (%s) and authenticated username (%s) don't match",
|
|
|
|
|
auth_user, pg_role)));
|
|
|
|
|
return STATUS_ERROR;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2004-08-29 07:07:03 +02:00
|
|
|
ListCell *line_cell,
|
|
|
|
|
*num_cell;
|
2004-05-26 06:41:50 +02:00
|
|
|
|
|
|
|
|
forboth(line_cell, ident_lines, num_cell, ident_line_nums)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
parse_ident_usermap(lfirst(line_cell), lfirst_int(num_cell),
|
2008-10-23 15:31:10 +02:00
|
|
|
usermap_name, pg_role, auth_user, case_insensitive,
|
2004-05-26 06:41:50 +02:00
|
|
|
&found_entry, &error);
|
2001-07-30 16:50:24 +02:00
|
|
|
if (found_entry || error)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-10-23 15:31:10 +02:00
|
|
|
if (!found_entry && !error)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
2009-03-25 15:12:02 +01:00
|
|
|
(errmsg("no match in usermap for user \"%s\" authenticated as \"%s\"",
|
2008-10-23 15:31:10 +02:00
|
|
|
pg_role, auth_user),
|
2009-03-25 15:12:02 +01:00
|
|
|
errcontext("usermap \"%s\"", usermap_name)));
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
|
|
|
|
return found_entry?STATUS_OK:STATUS_ERROR;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2001-08-01 00:55:45 +02:00
|
|
|
* Read the ident config file and create a List of Lists of tokens in the file.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2002-04-04 06:25:54 +02:00
|
|
|
void
|
2001-08-01 00:55:45 +02:00
|
|
|
load_ident(void)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-10-10 01:13:22 +02:00
|
|
|
FILE *file;
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
if (ident_lines || ident_line_nums)
|
|
|
|
|
free_lines(&ident_lines, &ident_line_nums);
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2004-10-10 01:13:22 +02:00
|
|
|
file = AllocateFile(IdentFileName, "r");
|
2001-07-30 16:50:24 +02:00
|
|
|
if (file == NULL)
|
|
|
|
|
{
|
2004-10-10 01:13:22 +02:00
|
|
|
/* not fatal ... we just won't do any special ident maps */
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode_for_file_access(),
|
2003-09-25 08:58:07 +02:00
|
|
|
errmsg("could not open Ident usermap file \"%s\": %m",
|
2004-10-10 01:13:22 +02:00
|
|
|
IdentFileName)));
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2004-12-27 20:19:24 +01:00
|
|
|
tokenize_file(IdentFileName, file, &ident_lines, &ident_line_nums);
|
2001-07-30 16:50:24 +02:00
|
|
|
FreeFile(file);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
1996-10-12 09:47:12 +02:00
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Determine what authentication method should be used when accessing database
|
|
|
|
|
* "database" from frontend "raddr", user "user". Return the method and
|
|
|
|
|
* an optional argument (stored in fields of *port), and STATUS_OK.
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Note that STATUS_ERROR indicates a problem with the hba config file.
|
|
|
|
|
* If the file is OK but does not contain any entry matching the request,
|
|
|
|
|
* we return STATUS_OK and method = uaReject.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
1998-01-26 02:42:53 +01:00
|
|
|
int
|
2001-07-30 16:50:24 +02:00
|
|
|
hba_getauthmethod(hbaPort *port)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2001-07-30 16:50:24 +02:00
|
|
|
if (check_hba(port))
|
|
|
|
|
return STATUS_OK;
|
|
|
|
|
else
|
1998-01-26 02:42:53 +01:00
|
|
|
return STATUS_ERROR;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
