1996-10-12 09:47:12 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* hba.c
|
1997-09-07 07:04:48 +02:00
|
|
|
* Routines to handle host based authentication (that's the scheme
|
|
|
|
|
* wherein you authenticate a user by seeing what IP address the system
|
2008-08-01 11:09:49 +02:00
|
|
|
* says he comes from and choosing authentication method based on it).
|
1996-10-12 09:47:12 +02:00
|
|
|
*
|
2018-01-03 05:30:12 +01:00
|
|
|
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
|
2001-08-02 01:52:50 +02:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
2010-09-20 22:08:53 +02:00
|
|
|
* src/backend/libpq/hba.c
|
1996-10-12 09:47:12 +02:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
2001-08-01 00:55:45 +02:00
|
|
|
#include "postgres.h"
|
|
|
|
|
|
2005-02-26 19:43:34 +01:00
|
|
|
#include <ctype.h>
|
1996-10-12 09:47:12 +02:00
|
|
|
#include <pwd.h>
|
1997-08-27 05:48:50 +02:00
|
|
|
#include <fcntl.h>
|
2001-08-21 17:21:25 +02:00
|
|
|
#include <sys/param.h>
|
2001-09-07 21:52:54 +02:00
|
|
|
#include <sys/socket.h>
|
1996-10-12 09:47:12 +02:00
|
|
|
#include <netinet/in.h>
|
|
|
|
|
#include <arpa/inet.h>
|
1996-11-03 08:00:57 +01:00
|
|
|
#include <unistd.h>
|
1996-10-12 09:47:12 +02:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
#include "access/htup_details.h"
|
2011-04-11 00:02:17 +02:00
|
|
|
#include "catalog/pg_collation.h"
|
2017-01-31 00:00:26 +01:00
|
|
|
#include "catalog/pg_type.h"
|
2016-09-02 12:49:59 +02:00
|
|
|
#include "common/ip.h"
|
2017-01-31 00:00:26 +01:00
|
|
|
#include "funcapi.h"
|
2016-09-02 12:49:59 +02:00
|
|
|
#include "libpq/ifaddr.h"
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "libpq/libpq.h"
|
2017-01-31 00:00:26 +01:00
|
|
|
#include "miscadmin.h"
|
2011-04-26 21:40:11 +02:00
|
|
|
#include "postmaster/postmaster.h"
|
2008-11-28 15:26:58 +01:00
|
|
|
#include "regex/regex.h"
|
2010-01-15 10:19:10 +01:00
|
|
|
#include "replication/walsender.h"
|
2000-07-08 05:04:41 +02:00
|
|
|
#include "storage/fd.h"
|
2009-08-29 21:26:52 +02:00
|
|
|
#include "utils/acl.h"
|
2017-01-31 00:00:26 +01:00
|
|
|
#include "utils/builtins.h"
|
2017-03-22 17:55:16 +01:00
|
|
|
#include "utils/varlena.h"
|
2004-07-11 02:18:45 +02:00
|
|
|
#include "utils/guc.h"
|
2009-08-29 21:26:52 +02:00
|
|
|
#include "utils/lsyscache.h"
|
2011-06-20 23:20:14 +02:00
|
|
|
#include "utils/memutils.h"
|
1999-10-23 05:13:33 +02:00
|
|
|
|
2012-12-04 05:29:56 +01:00
|
|
|
#ifdef USE_LDAP
|
2012-12-04 23:25:51 +01:00
|
|
|
#ifdef WIN32
|
|
|
|
|
#include <winldap.h>
|
|
|
|
|
#else
|
2012-12-04 05:29:56 +01:00
|
|
|
#include <ldap.h>
|
|
|
|
|
#endif
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-07-13 18:49:20 +02:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
#define MAX_TOKEN 256
|
2013-03-10 15:54:37 +01:00
|
|
|
#define MAX_LINE 8192
|
2004-02-02 17:58:30 +01:00
|
|
|
|
2009-10-01 03:58:58 +02:00
|
|
|
/* callback data for check_network_callback */
|
|
|
|
|
typedef struct check_network_data
|
|
|
|
|
{
|
|
|
|
|
IPCompareMethod method; /* test method */
|
|
|
|
|
SockAddr *raddr; /* client's actual address */
|
|
|
|
|
bool result; /* set to true if match */
|
|
|
|
|
} check_network_data;
|
|
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
|
|
|
|
|
#define token_is_keyword(t, k) (!t->quoted && strcmp(t->string, k) == 0)
|
|
|
|
|
#define token_matches(t, k) (strcmp(t->string, k) == 0)
|
|
|
|
|
|
|
|
|
|
/*
|
2017-01-27 19:43:00 +01:00
|
|
|
* A single string token lexed from a config file, together with whether
|
2011-06-20 23:20:14 +02:00
|
|
|
* the token had been quoted.
|
|
|
|
|
*/
|
|
|
|
|
typedef struct HbaToken
|
|
|
|
|
{
|
2012-06-10 21:20:04 +02:00
|
|
|
char *string;
|
|
|
|
|
bool quoted;
|
2011-06-20 23:20:14 +02:00
|
|
|
} HbaToken;
|
|
|
|
|
|
2017-01-27 19:43:00 +01:00
|
|
|
/*
|
|
|
|
|
* TokenizedLine represents one line lexed from a config file.
|
|
|
|
|
* Each item in the "fields" list is a sub-list of HbaTokens.
|
|
|
|
|
* We don't emit a TokenizedLine for empty or all-comment lines,
|
|
|
|
|
* so "fields" is never NIL (nor are any of its sub-lists).
|
2017-01-31 00:00:26 +01:00
|
|
|
* Exception: if an error occurs during tokenization, we might
|
|
|
|
|
* have fields == NIL, in which case err_msg != NULL.
|
2017-01-27 19:43:00 +01:00
|
|
|
*/
|
|
|
|
|
typedef struct TokenizedLine
|
|
|
|
|
{
|
|
|
|
|
List *fields; /* List of lists of HbaTokens */
|
|
|
|
|
int line_num; /* Line number */
|
|
|
|
|
char *raw_line; /* Raw line text */
|
2017-01-31 00:00:26 +01:00
|
|
|
char *err_msg; /* Error message if any */
|
2017-01-27 19:43:00 +01:00
|
|
|
} TokenizedLine;
|
|
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
/*
|
|
|
|
|
* pre-parsed content of HBA config file: list of HbaLine structs.
|
|
|
|
|
* parsed_hba_context is the memory context where it lives.
|
|
|
|
|
*/
|
2008-09-15 14:32:57 +02:00
|
|
|
static List *parsed_hba_lines = NIL;
|
2011-06-20 23:20:14 +02:00
|
|
|
static MemoryContext parsed_hba_context = NULL;
|
2008-09-15 14:32:57 +02:00
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
/*
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
* pre-parsed content of ident mapping file: list of IdentLine structs.
|
|
|
|
|
* parsed_ident_context is the memory context where it lives.
|
|
|
|
|
*
|
|
|
|
|
* NOTE: the IdentLine structs can contain pre-compiled regular expressions
|
|
|
|
|
* that live outside the memory context. Before destroying or resetting the
|
2017-02-06 10:33:58 +01:00
|
|
|
* memory context, they need to be explicitly free'd.
|
2001-08-01 00:55:45 +02:00
|
|
|
*/
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
static List *parsed_ident_lines = NIL;
|
|
|
|
|
static MemoryContext parsed_ident_context = NULL;
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
/*
|
|
|
|
|
* The following character array represents the names of the authentication
|
|
|
|
|
* methods that are supported by PostgreSQL.
|
|
|
|
|
*
|
|
|
|
|
* Note: keep this in sync with the UserAuth enum in hba.h.
|
|
|
|
|
*/
|
|
|
|
|
static const char *const UserAuthName[] =
|
|
|
|
|
{
|
|
|
|
|
"reject",
|
|
|
|
|
"implicit reject", /* Not a user-visible option */
|
|
|
|
|
"trust",
|
|
|
|
|
"ident",
|
|
|
|
|
"password",
|
|
|
|
|
"md5",
|
2017-04-18 13:50:50 +02:00
|
|
|
"scram-sha256",
|
2017-01-31 00:00:26 +01:00
|
|
|
"gss",
|
|
|
|
|
"sspi",
|
|
|
|
|
"pam",
|
|
|
|
|
"bsd",
|
|
|
|
|
"ldap",
|
|
|
|
|
"cert",
|
|
|
|
|
"radius",
|
|
|
|
|
"peer"
|
|
|
|
|
};
|
|
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
static MemoryContext tokenize_file(const char *filename, FILE *file,
|
2017-01-31 00:00:26 +01:00
|
|
|
List **tok_lines, int elevel);
|
2011-06-20 23:20:14 +02:00
|
|
|
static List *tokenize_inc_file(List *tokens, const char *outer_filename,
|
2017-01-31 00:00:26 +01:00
|
|
|
const char *inc_filename, int elevel, char **err_msg);
|
2011-06-20 23:20:14 +02:00
|
|
|
static bool parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline,
|
2017-01-31 00:00:26 +01:00
|
|
|
int elevel, char **err_msg);
|
2017-10-31 15:34:31 +01:00
|
|
|
static bool verify_option_list_length(List *options, const char *optionname,
|
|
|
|
|
List *masters, const char *mastername, int line_num);
|
2017-01-31 00:00:26 +01:00
|
|
|
static ArrayType *gethba_options(HbaLine *hba);
|
|
|
|
|
static void fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
|
|
|
|
|
int lineno, HbaLine *hba, const char *err_msg);
|
|
|
|
|
static void fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc);
|
|
|
|
|
|
1999-10-23 05:13:33 +02:00
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
/*
|
2003-04-13 06:07:17 +02:00
|
|
|
* isblank() exists in the ISO C99 spec, but it's not very portable yet,
|
|
|
|
|
* so provide our own version.
|
2001-08-01 00:55:45 +02:00
|
|
|
*/
|
2008-08-01 11:09:49 +02:00
|
|
|
bool
|
2003-04-13 06:07:17 +02:00
|
|
|
pg_isblank(const char c)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2002-06-26 16:52:08 +02:00
|
|
|
return c == ' ' || c == '\t' || c == '\r';
|
1996-10-28 10:03:50 +01:00
|
|
|
}
|
|
|
|
|
|
1996-10-12 09:47:12 +02:00
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2017-01-31 00:00:26 +01:00
|
|
|
* Grab one token out of the string pointed to by *lineptr.
|
|
|
|
|
*
|
2013-03-10 15:54:37 +01:00
|
|
|
* Tokens are strings of non-blank
|
2005-06-29 00:16:45 +02:00
|
|
|
* characters bounded by blank characters, commas, beginning of line, and
|
|
|
|
|
* end of line. Blank means space or tab. Tokens can be delimited by
|
2008-07-24 19:43:45 +02:00
|
|
|
* double quotes (this allows the inclusion of blanks, but not newlines).
|
2017-01-31 00:00:26 +01:00
|
|
|
* Comments (started by an unquoted '#') are skipped.
|
|
|
|
|
*
|
|
|
|
|
* The token, if any, is returned at *buf (a buffer of size bufsz), and
|
|
|
|
|
* *lineptr is advanced past the token.
|
2005-06-29 00:16:45 +02:00
|
|
|
*
|
2010-03-06 01:45:49 +01:00
|
|
|
* Also, we set *initial_quote to indicate whether there was quoting before
|
|
|
|
|
* the first character. (We use that to prevent "@x" from being treated
|
|
|
|
|
* as a file inclusion request. Note that @"x" should be so treated;
|
|
|
|
|
* we want to allow that to support embedded spaces in file paths.)
|
2017-01-31 00:00:26 +01:00
|
|
|
*
|
2011-06-20 23:20:14 +02:00
|
|
|
* We set *terminating_comma to indicate whether the token is terminated by a
|
2017-01-31 00:00:26 +01:00
|
|
|
* comma (which is not returned).
|
|
|
|
|
*
|
|
|
|
|
* In event of an error, log a message at ereport level elevel, and also
|
|
|
|
|
* set *err_msg to a string describing the error. Currently the only
|
|
|
|
|
* possible error is token too long for buf.
|
2005-06-29 00:16:45 +02:00
|
|
|
*
|
2017-08-16 06:22:32 +02:00
|
|
|
* If successful: store null-terminated token at *buf and return true.
|
|
|
|
|
* If no more tokens on line: set *buf = '\0' and return false.
|
|
|
|
|
* If error: fill buf with truncated or misformatted token and return false.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2005-06-29 00:16:45 +02:00
|
|
|
static bool
|
2017-01-31 00:00:26 +01:00
|
|
|
next_token(char **lineptr, char *buf, int bufsz,
|
|
|
|
|
bool *initial_quote, bool *terminating_comma,
|
|
|
|
|
int elevel, char **err_msg)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
int c;
|
2002-12-11 23:17:11 +01:00
|
|
|
char *start_buf = buf;
|
2017-01-31 00:42:41 +01:00
|
|
|
char *end_buf = buf + (bufsz - 1);
|
2002-04-04 06:25:54 +02:00
|
|
|
bool in_quote = false;
|
|
|
|
|
bool was_quote = false;
|
2004-08-29 07:07:03 +02:00
|
|
|
bool saw_quote = false;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
Assert(end_buf > start_buf);
|
|
|
|
|
|
2010-03-06 01:45:49 +01:00
|
|
|
*initial_quote = false;
|
2011-06-20 23:20:14 +02:00
|
|
|
*terminating_comma = false;
|
2010-03-06 01:45:49 +01:00
|
|
|
|
2017-01-31 00:42:41 +01:00
|
|
|
/* Move over any whitespace and commas preceding the next token */
|
2013-03-10 15:54:37 +01:00
|
|
|
while ((c = (*(*lineptr)++)) != '\0' && (pg_isblank(c) || c == ','))
|
2001-07-30 16:50:24 +02:00
|
|
|
;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
/*
|
2017-01-31 00:42:41 +01:00
|
|
|
* Build a token in buf of next characters up to EOL, unquoted comma, or
|
|
|
|
|
* unquoted whitespace.
|
2004-02-02 17:58:30 +01:00
|
|
|
*/
|
2017-01-31 00:42:41 +01:00
|
|
|
while (c != '\0' &&
|
2008-07-24 19:43:45 +02:00
|
|
|
(!pg_isblank(c) || in_quote))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-02-02 17:58:30 +01:00
|
|
|
/* skip comments to EOL */
|
|
|
|
|
if (c == '#' && !in_quote)
|
|
|
|
|
{
|
2017-01-31 00:42:41 +01:00
|
|
|
while ((c = (*(*lineptr)++)) != '\0')
|
2004-02-02 17:58:30 +01:00
|
|
|
;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (buf >= end_buf)
|
|
|
|
|
{
|
2004-05-25 21:11:14 +02:00
|
|
|
*buf = '\0';
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2004-02-02 17:58:30 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errmsg("authentication file token too long, skipping: \"%s\"",
|
|
|
|
|
start_buf)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "authentication file token too long";
|
2004-02-02 17:58:30 +01:00
|
|
|
/* Discard remainder of line */
|
2017-01-31 00:42:41 +01:00
|
|
|
while ((c = (*(*lineptr)++)) != '\0')
|
2004-02-02 17:58:30 +01:00
|
|
|
;
|
2017-01-31 00:42:41 +01:00
|
|
|
/* Un-eat the '\0', in case we're called again */
|
|
|
|
|
(*lineptr)--;
|
2017-01-31 00:00:26 +01:00
|
|
|
return false;
|
2004-02-02 17:58:30 +01:00
|
|
|
}
|
|
|
|
|
|
2017-01-31 00:42:41 +01:00
|
|
|
/* we do not pass back a terminating comma in the token */
|
2008-07-24 19:43:45 +02:00
|
|
|
if (c == ',' && !in_quote)
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
|
|
|
|
*terminating_comma = true;
|
2004-02-02 17:58:30 +01:00
|
|
|
break;
|
2011-06-20 23:20:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (c != '"' || was_quote)
|
|
|
|
|
*buf++ = c;
|
2004-02-02 17:58:30 +01:00
|
|
|
|
|
|
|
|
/* Literal double-quote is two double-quotes */
|
|
|
|
|
if (in_quote && c == '"')
|
|
|
|
|
was_quote = !was_quote;
|
|
|
|
|
else
|
|
|
|
|
was_quote = false;
|
|
|
|
|
|
|
|
|
|
if (c == '"')
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-02-02 17:58:30 +01:00
|
|
|
in_quote = !in_quote;
|
|
|
|
|
saw_quote = true;
|
2010-03-06 01:45:49 +01:00
|
|
|
if (buf == start_buf)
|
|
|
|
|
*initial_quote = true;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2013-03-10 15:54:37 +01:00
|
|
|
c = *(*lineptr)++;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2003-12-25 04:44:05 +01:00
|
|
|
|
2004-02-02 17:58:30 +01:00
|
|
|
/*
|
2017-01-31 00:42:41 +01:00
|
|
|
* Un-eat the char right after the token (critical in case it is '\0',
|
|
|
|
|
* else next call will read past end of string).
|
2004-02-02 17:58:30 +01:00
|
|
|
*/
|
2013-03-10 15:54:37 +01:00
|
|
|
(*lineptr)--;
|
2004-02-02 17:58:30 +01:00
|
|
|
|
|
|
|
|
*buf = '\0';
|
2003-12-25 04:44:05 +01:00
|
|
|
|
2005-06-29 00:16:45 +02:00
|
|
|
return (saw_quote || buf > start_buf);
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
|
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
/*
|
|
|
|
|
* Construct a palloc'd HbaToken struct, copying the given string.
|
|
|
|
|
*/
|
2011-06-20 23:20:14 +02:00
|
|
|
static HbaToken *
|
2017-01-31 00:00:26 +01:00
|
|
|
make_hba_token(const char *token, bool quoted)
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
|
|
|
|
HbaToken *hbatoken;
|
|
|
|
|
int toklen;
|
|
|
|
|
|
|
|
|
|
toklen = strlen(token);
|
2017-01-31 00:00:26 +01:00
|
|
|
/* we copy string into same palloc block as the struct */
|
2011-06-20 23:20:14 +02:00
|
|
|
hbatoken = (HbaToken *) palloc(sizeof(HbaToken) + toklen + 1);
|
|
|
|
|
hbatoken->string = (char *) hbatoken + sizeof(HbaToken);
|
|
|
|
|
hbatoken->quoted = quoted;
|
|
|
|
|
memcpy(hbatoken->string, token, toklen + 1);
|
|
|
|
|
|
|
|
|
|
return hbatoken;
|
|
|
|
|
}
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/*
|
2011-06-20 23:20:14 +02:00
|
|
|
* Copy a HbaToken struct into freshly palloc'd memory.
|
|
|
|
|
*/
|
|
|
|
|
static HbaToken *
|
|
|
|
|
copy_hba_token(HbaToken *in)
|
|
|
|
|
{
|
2012-06-10 21:20:04 +02:00
|
|
|
HbaToken *out = make_hba_token(in->string, in->quoted);
|
2011-06-20 23:20:14 +02:00
|
|
|
|
|
|
|
|
return out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2013-03-10 15:54:37 +01:00
|
|
|
* Tokenize one HBA field from a line, handling file inclusion and comma lists.
|
2004-09-18 03:22:58 +02:00
|
|
|
*
|
2017-01-31 00:00:26 +01:00
|
|
|
* filename: current file's pathname (needed to resolve relative pathnames)
|
|
|
|
|
* *lineptr: current line pointer, which will be advanced past field
|
|
|
|
|
*
|
|
|
|
|
* In event of an error, log a message at ereport level elevel, and also
|
|
|
|
|
* set *err_msg to a string describing the error. Note that the result
|
|
|
|
|
* may be non-NIL anyway, so *err_msg must be tested to determine whether
|
|
|
|
|
* there was an error.
|
|
|
|
|
*
|
|
|
|
|
* The result is a List of HbaToken structs, one for each token in the field,
|
2011-06-20 23:20:14 +02:00
|
|
|
* or NIL if we reached EOL.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2011-06-20 23:20:14 +02:00
|
|
|
static List *
|
2017-01-31 00:00:26 +01:00
|
|
|
next_field_expand(const char *filename, char **lineptr,
|
|
|
|
|
int elevel, char **err_msg)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
|
|
|
|
char buf[MAX_TOKEN];
|
|
|
|
|
bool trailing_comma;
|
2010-03-06 01:45:49 +01:00
|
|
|
bool initial_quote;
|
2011-06-20 23:20:14 +02:00
|
|
|
List *tokens = NIL;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
if (!next_token(lineptr, buf, sizeof(buf),
|
|
|
|
|
&initial_quote, &trailing_comma,
|
|
|
|
|
elevel, err_msg))
|
2002-04-04 06:25:54 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* Is this referencing a file? */
|
2010-03-06 01:45:49 +01:00
|
|
|
if (!initial_quote && buf[0] == '@' && buf[1] != '\0')
|
2017-01-31 00:00:26 +01:00
|
|
|
tokens = tokenize_inc_file(tokens, filename, buf + 1,
|
|
|
|
|
elevel, err_msg);
|
2002-04-04 06:25:54 +02:00
|
|
|
else
|
2011-06-20 23:20:14 +02:00
|
|
|
tokens = lappend(tokens, make_hba_token(buf, initial_quote));
|
2017-01-31 00:00:26 +01:00
|
|
|
} while (trailing_comma && (*err_msg == NULL));
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
return tokens;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2011-06-20 23:20:14 +02:00
|
|
|
* tokenize_inc_file
|
2012-06-10 21:20:04 +02:00
|
|
|
* Expand a file included from another file into an hba "field"
|
2011-06-20 23:20:14 +02:00
|
|
|
*
|
|
|
|
|
* Opens and tokenises a file included from another HBA config file with @,
|
|
|
|
|
* and returns all values found therein as a flat list of HbaTokens. If a
|
2017-01-31 00:00:26 +01:00
|
|
|
* @-token is found, recursively expand it. The newly read tokens are
|
|
|
|
|
* appended to "tokens" (so that foo,bar,@baz does what you expect).
|
|
|
|
|
* All new tokens are allocated in caller's memory context.
|
|
|
|
|
*
|
|
|
|
|
* In event of an error, log a message at ereport level elevel, and also
|
|
|
|
|
* set *err_msg to a string describing the error. Note that the result
|
|
|
|
|
* may be non-NIL anyway, so *err_msg must be tested to determine whether
|
|
|
|
|
* there was an error.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2011-06-20 23:20:14 +02:00
|
|
|
static List *
|
|
|
|
|
tokenize_inc_file(List *tokens,
|
|
|
|
|
const char *outer_filename,
|
2017-01-31 00:00:26 +01:00
|
|
|
const char *inc_filename,
|
|
|
|
|
int elevel,
|
|
|
|
|
char **err_msg)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
|
|
|
|
char *inc_fullname;
|
|
|
|
|
FILE *inc_file;
|
2002-09-04 22:31:48 +02:00
|
|
|
List *inc_lines;
|
2011-06-20 23:20:14 +02:00
|
|
|
ListCell *inc_line;
|
|
|
|
|
MemoryContext linecxt;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2004-12-27 20:19:24 +01:00
|
|
|
if (is_absolute_path(inc_filename))
|
|
|
|
|
{
|
|
|
|
|
/* absolute path is taken as-is */
|
|
|
|
|
inc_fullname = pstrdup(inc_filename);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* relative path is relative to dir of calling file */
|
|
|
|
|
inc_fullname = (char *) palloc(strlen(outer_filename) + 1 +
|
|
|
|
|
strlen(inc_filename) + 1);
|
|
|
|
|
strcpy(inc_fullname, outer_filename);
|
|
|
|
|
get_parent_directory(inc_fullname);
|
|
|
|
|
join_path_components(inc_fullname, inc_fullname, inc_filename);
|
|
|
|
|
canonicalize_path(inc_fullname);
|
|
|
|
|
}
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
inc_file = AllocateFile(inc_fullname, "r");
|
2004-12-27 20:19:24 +01:00
|
|
|
if (inc_file == NULL)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
int save_errno = errno;
|
|
|
|
|
|
|
|
|
|
ereport(elevel,
|
2003-07-22 21:00:12 +02:00
|
|
|
(errcode_for_file_access(),
|
|
|
|
|
errmsg("could not open secondary authentication file \"@%s\" as \"%s\": %m",
|
|
|
|
|
inc_filename, inc_fullname)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("could not open secondary authentication file \"@%s\" as \"%s\": %s",
|
|
|
|
|
inc_filename, inc_fullname, strerror(save_errno));
|
2002-04-04 06:25:54 +02:00
|
|
|
pfree(inc_fullname);
|
2011-06-20 23:20:14 +02:00
|
|
|
return tokens;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* There is possible recursion here if the file contains @ */
|
2017-01-31 00:00:26 +01:00
|
|
|
linecxt = tokenize_file(inc_fullname, inc_file, &inc_lines, elevel);
|
2004-12-27 20:19:24 +01:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
FreeFile(inc_file);
|
2004-12-27 20:19:24 +01:00
|
|
|
pfree(inc_fullname);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2017-01-27 19:43:00 +01:00
|
|
|
/* Copy all tokens found in the file and append to the tokens list */
|
2011-06-20 23:20:14 +02:00
|
|
|
foreach(inc_line, inc_lines)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2017-01-27 19:43:00 +01:00
|
|
|
TokenizedLine *tok_line = (TokenizedLine *) lfirst(inc_line);
|
2011-06-20 23:20:14 +02:00
|
|
|
ListCell *inc_field;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
/* If any line has an error, propagate that up to caller */
|
|
|
|
|
if (tok_line->err_msg)
|
|
|
|
|
{
|
|
|
|
|
*err_msg = pstrdup(tok_line->err_msg);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-27 19:43:00 +01:00
|
|
|
foreach(inc_field, tok_line->fields)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2011-06-20 23:20:14 +02:00
|
|
|
List *inc_tokens = lfirst(inc_field);
|
|
|
|
|
ListCell *inc_token;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
foreach(inc_token, inc_tokens)
|
|
|
|
|
{
|
|
|
|
|
HbaToken *token = lfirst(inc_token);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
tokens = lappend(tokens, copy_hba_token(token));
|
|
|
|
|
}
|
|
|
|
|
}
|
2004-12-27 20:19:24 +01:00
|
|
|
}
|
|
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
MemoryContextDelete(linecxt);
|
|
|
|
|
return tokens;
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
|
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2017-01-27 19:43:00 +01:00
|
|
|
* Tokenize the given file.
|
2011-06-20 23:20:14 +02:00
|
|
|
*
|
2017-01-27 19:43:00 +01:00
|
|
|
* The output is a list of TokenizedLine structs; see struct definition above.
|
2004-12-27 20:19:24 +01:00
|
|
|
*
|
2017-01-31 00:00:26 +01:00
|
|
|
* filename: the absolute path to the target file
|
|
|
|
|
* file: the already-opened target file
|
|
|
|
|
* tok_lines: receives output list
|
|
|
|
|
* elevel: message logging level
|
|
|
|
|
*
|
|
|
|
|
* Errors are reported by logging messages at ereport level elevel and by
|
|
|
|
|
* adding TokenizedLine structs containing non-null err_msg fields to the
|
|
|
|
|
* output list.
|
2011-06-20 23:20:14 +02:00
|
|
|
*
|
|
|
|
|
* Return value is a memory context which contains all memory allocated by
|
2017-01-27 19:43:00 +01:00
|
|
|
* this function (it's a child of caller's context).
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2011-06-20 23:20:14 +02:00
|
|
|
static MemoryContext
|
2017-01-31 00:00:26 +01:00
|
|
|
tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2001-08-01 00:55:45 +02:00
|
|
|
int line_number = 1;
|
2012-06-10 21:20:04 +02:00
|
|
|
MemoryContext linecxt;
|
|
|
|
|
MemoryContext oldcxt;
|
2011-06-20 23:20:14 +02:00
|
|
|
|
2015-07-02 00:55:39 +02:00
|
|
|
linecxt = AllocSetContextCreate(CurrentMemoryContext,
|
Add macros to make AllocSetContextCreate() calls simpler and safer.
I found that half a dozen (nearly 5%) of our AllocSetContextCreate calls
had typos in the context-sizing parameters. While none of these led to
especially significant problems, they did create minor inefficiencies,
and it's now clear that expecting people to copy-and-paste those calls
accurately is not a great idea. Let's reduce the risk of future errors
by introducing single macros that encapsulate the common use-cases.
Three such macros are enough to cover all but two special-purpose contexts;
those two calls can be left as-is, I think.
While this patch doesn't in itself improve matters for third-party
extensions, it doesn't break anything for them either, and they can
gradually adopt the simplified notation over time.
In passing, change TopMemoryContext to use the default allocation
parameters. Formerly it could only be extended 8K at a time. That was
probably reasonable when this code was written; but nowadays we create
many more contexts than we did then, so that it's not unusual to have a
couple hundred K in TopMemoryContext, even without considering various
dubious code that sticks other things there. There seems no good reason
not to let it use growing blocks like most other contexts.
Back-patch to 9.6, mostly because that's still close enough to HEAD that
it's easy to do so, and keeping the branches in sync can be expected to
avoid some future back-patching pain. The bugs fixed by these changes
don't seem to be significant enough to justify fixing them further back.
Discussion: <21072.1472321324@sss.pgh.pa.us>
2016-08-27 23:50:38 +02:00
|
|
|
"tokenize_file",
|
|
|
|
|
ALLOCSET_SMALL_SIZES);
|
2011-06-20 23:20:14 +02:00
|
|
|
oldcxt = MemoryContextSwitchTo(linecxt);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2017-01-27 19:43:00 +01:00
|
|
|
*tok_lines = NIL;
|
2004-05-26 06:41:50 +02:00
|
|
|
|
2010-03-03 21:31:09 +01:00
|
|
|
while (!feof(file) && !ferror(file))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2013-05-29 22:58:43 +02:00
|
|
|
char rawline[MAX_LINE];
|
|
|
|
|
char *lineptr;
|
2017-01-27 19:43:00 +01:00
|
|
|
List *current_line = NIL;
|
2017-01-31 00:00:26 +01:00
|
|
|
char *err_msg = NULL;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2013-03-10 15:54:37 +01:00
|
|
|
if (!fgets(rawline, sizeof(rawline), file))
|
2017-01-31 00:00:26 +01:00
|
|
|
{
|
|
|
|
|
int save_errno = errno;
|
|
|
|
|
|
|
|
|
|
if (!ferror(file))
|
|
|
|
|
break; /* normal EOF */
|
|
|
|
|
/* I/O error! */
|
|
|
|
|
ereport(elevel,
|
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
|
errmsg("could not read file \"%s\": %m", filename)));
|
|
|
|
|
err_msg = psprintf("could not read file \"%s\": %s",
|
|
|
|
|
filename, strerror(save_errno));
|
|
|
|
|
rawline[0] = '\0';
|
|
|
|
|
}
|
2013-05-29 22:58:43 +02:00
|
|
|
if (strlen(rawline) == MAX_LINE - 1)
|
2017-01-31 00:00:26 +01:00
|
|
|
{
|
2013-03-10 15:54:37 +01:00
|
|
|
/* Line too long! */
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2013-03-10 15:54:37 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("authentication file line too long"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_number, filename)));
|
2017-01-31 00:00:26 +01:00
|
|
|
err_msg = "authentication file line too long";
|
|
|
|
|
}
|
2013-03-10 15:54:37 +01:00
|
|
|
|
|
|
|
|
/* Strip trailing linebreak from rawline */
|
2013-06-13 01:50:52 +02:00
|
|
|
lineptr = rawline + strlen(rawline) - 1;
|
|
|
|
|
while (lineptr >= rawline && (*lineptr == '\n' || *lineptr == '\r'))
|
|
|
|
|
*lineptr-- = '\0';
|
2013-03-10 15:54:37 +01:00
|
|
|
|
2017-01-27 19:43:00 +01:00
|
|
|
/* Parse fields */
|
2013-03-10 15:54:37 +01:00
|
|
|
lineptr = rawline;
|
2017-01-31 00:00:26 +01:00
|
|
|
while (*lineptr && err_msg == NULL)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2017-01-27 19:43:00 +01:00
|
|
|
List *current_field;
|
|
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
current_field = next_field_expand(filename, &lineptr,
|
|
|
|
|
elevel, &err_msg);
|
2017-01-27 19:43:00 +01:00
|
|
|
/* add field to line, unless we are at EOL or comment start */
|
|
|
|
|
if (current_field != NIL)
|
|
|
|
|
current_line = lappend(current_line, current_field);
|
|
|
|
|
}
|
2013-03-10 15:54:37 +01:00
|
|
|
|
2017-01-27 19:43:00 +01:00
|
|
|
/* Reached EOL; emit line to TokenizedLine list unless it's boring */
|
2017-01-31 00:00:26 +01:00
|
|
|
if (current_line != NIL || err_msg != NULL)
|
2017-01-27 19:43:00 +01:00
|
|
|
{
|
|
|
|
|
TokenizedLine *tok_line;
|
|
|
|
|
|
|
|
|
|
tok_line = (TokenizedLine *) palloc(sizeof(TokenizedLine));
|
|
|
|
|
tok_line->fields = current_line;
|
|
|
|
|
tok_line->line_num = line_number;
|
|
|
|
|
tok_line->raw_line = pstrdup(rawline);
|
2017-01-31 00:00:26 +01:00
|
|
|
tok_line->err_msg = err_msg;
|
2017-01-27 19:43:00 +01:00
|
|
|
*tok_lines = lappend(*tok_lines, tok_line);
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
2017-01-27 19:43:00 +01:00
|
|
|
|
2013-03-10 15:54:37 +01:00
|
|
|
line_number++;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
|
|
|
|
|
MemoryContextSwitchTo(oldcxt);
|
|
|
|
|
|
|
|
|
|
return linecxt;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
/*
|
2005-06-29 00:16:45 +02:00
|
|
|
* Does user belong to role?
|
|
|
|
|
*
|
2009-08-29 21:26:52 +02:00
|
|
|
* userid is the OID of the role given as the attempted login identifier.
|
2005-06-29 00:16:45 +02:00
|
|
|
* We check to see if it is a member of the specified role name.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2003-04-03 23:25:02 +02:00
|
|
|
static bool
|
2009-08-29 21:26:52 +02:00
|
|
|
is_member(Oid userid, const char *role)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2009-08-29 21:26:52 +02:00
|
|
|
Oid roleid;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2009-08-29 21:26:52 +02:00
|
|
|
if (!OidIsValid(userid))
|
2005-06-29 00:16:45 +02:00
|
|
|
return false; /* if user not exist, say "no" */
|
2004-05-26 06:41:50 +02:00
|
|
|
|
2010-08-05 16:45:09 +02:00
|
|
|
roleid = get_role_oid(role, true);
|
2005-02-20 05:45:59 +01:00
|
|
|
|
2009-08-29 21:26:52 +02:00
|
|
|
if (!OidIsValid(roleid))
|
|
|
|
|
return false; /* if target role not exist, say "no" */
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2012-06-10 21:20:04 +02:00
|
|
|
/*
|
|
|
|
|
* See if user is directly or indirectly a member of role. For this
|
|
|
|
|
* purpose, a superuser is not considered to be automatically a member of
|
|
|
|
|
* the role, so group auth only applies to explicit membership.
|
2011-11-03 17:45:02 +01:00
|
|
|
*/
|
|
|
|
|
return is_member_of_role_nosuper(userid, roleid);
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2011-06-20 23:20:14 +02:00
|
|
|
* Check HbaToken list for a match to role, allowing group names.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2003-04-03 23:25:02 +02:00
|
|
|
static bool
|
2011-06-20 23:20:14 +02:00
|
|
|
check_role(const char *role, Oid roleid, List *tokens)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2012-06-10 21:20:04 +02:00
|
|
|
ListCell *cell;
|
|
|
|
|
HbaToken *tok;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
foreach(cell, tokens)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2011-06-20 23:20:14 +02:00
|
|
|
tok = lfirst(cell);
|
|
|
|
|
if (!tok->quoted && tok->string[0] == '+')
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2011-06-20 23:20:14 +02:00
|
|
|
if (is_member(roleid, tok->string + 1))
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (token_matches(tok, role) ||
|
|
|
|
|
token_is_keyword(tok, "all"))
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
2003-04-03 23:25:02 +02:00
|
|
|
return false;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2011-06-20 23:20:14 +02:00
|
|
|
* Check to see if db/role combination matches HbaToken list.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2003-04-03 23:25:02 +02:00
|
|
|
static bool
|
2011-06-20 23:20:14 +02:00
|
|
|
check_db(const char *dbname, const char *role, Oid roleid, List *tokens)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2012-06-10 21:20:04 +02:00
|
|
|
ListCell *cell;
|
|
|
|
|
HbaToken *tok;
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
foreach(cell, tokens)
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2011-06-20 23:20:14 +02:00
|
|
|
tok = lfirst(cell);
|
2017-02-13 22:50:29 +01:00
|
|
|
if (am_walsender && !am_db_walsender)
|
2010-04-21 05:32:53 +02:00
|
|
|
{
|
2017-05-17 22:31:56 +02:00
|
|
|
/*
|
|
|
|
|
* physical replication walsender connections can only match
|
|
|
|
|
* replication keyword
|
|
|
|
|
*/
|
2011-06-20 23:20:14 +02:00
|
|
|
if (token_is_keyword(tok, "replication"))
|
2010-04-21 05:32:53 +02:00
|
|
|
return true;
|
|
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (token_is_keyword(tok, "all"))
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (token_is_keyword(tok, "sameuser"))
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (strcmp(dbname, role) == 0)
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (token_is_keyword(tok, "samegroup") ||
|
|
|
|
|
token_is_keyword(tok, "samerole"))
|
2002-04-04 06:25:54 +02:00
|
|
|
{
|
2009-08-29 21:26:52 +02:00
|
|
|
if (is_member(roleid, dbname))
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2002-04-04 06:25:54 +02:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (token_is_keyword(tok, "replication"))
|
2010-04-21 05:32:53 +02:00
|
|
|
continue; /* never match this if not walsender */
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (token_matches(tok, dbname))
|
2003-04-03 23:25:02 +02:00
|
|
|
return true;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
2003-04-03 23:25:02 +02:00
|
|
|
return false;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
|
2010-10-15 21:53:39 +02:00
|
|
|
static bool
|
2017-06-21 20:39:04 +02:00
|
|
|
ipv4eq(struct sockaddr_in *a, struct sockaddr_in *b)
|
2010-10-15 21:53:39 +02:00
|
|
|
{
|
|
|
|
|
return (a->sin_addr.s_addr == b->sin_addr.s_addr);
|
|
|
|
|
}
|
|
|
|
|
|
2010-10-16 16:12:16 +02:00
|
|
|
#ifdef HAVE_IPV6
|
|
|
|
|
|
2010-10-15 21:53:39 +02:00
|
|
|
static bool
|
2017-06-21 20:39:04 +02:00
|
|
|
ipv6eq(struct sockaddr_in6 *a, struct sockaddr_in6 *b)
|
2010-10-15 21:53:39 +02:00
|
|
|
{
|
2011-04-10 17:42:00 +02:00
|
|
|
int i;
|
2010-10-15 21:53:39 +02:00
|
|
|
|
|
|
|
|
for (i = 0; i < 16; i++)
|
|
|
|
|
if (a->sin6_addr.s6_addr[i] != b->sin6_addr.s6_addr[i])
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
Phase 2 of pgindent updates.
Change pg_bsd_indent to follow upstream rules for placement of comments
to the right of code, and remove pgindent hack that caused comments
following #endif to not obey the general rule.
Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using
the published version of pg_bsd_indent, but a hacked-up version that
tried to minimize the amount of movement of comments to the right of
code. The situation of interest is where such a comment has to be
moved to the right of its default placement at column 33 because there's
code there. BSD indent has always moved right in units of tab stops
in such cases --- but in the previous incarnation, indent was working
in 8-space tab stops, while now it knows we use 4-space tabs. So the
net result is that in about half the cases, such comments are placed
one tab stop left of before. This is better all around: it leaves
more room on the line for comment text, and it means that in such
cases the comment uniformly starts at the next 4-space tab stop after
the code, rather than sometimes one and sometimes two tabs after.
Also, ensure that comments following #endif are indented the same
as comments following other preprocessor commands such as #else.
That inconsistency turns out to have been self-inflicted damage
from a poorly-thought-through post-indent "fixup" in pgindent.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:18:54 +02:00
|
|
|
#endif /* HAVE_IPV6 */
|
2010-10-16 16:12:16 +02:00
|
|
|
|
2010-10-24 14:54:00 +02:00
|
|
|
/*
|
|
|
|
|
* Check whether host name matches pattern.
|
|
|
|
|
*/
|
|
|
|
|
static bool
|
|
|
|
|
hostname_match(const char *pattern, const char *actual_hostname)
|
|
|
|
|
{
|
|
|
|
|
if (pattern[0] == '.') /* suffix match */
|
|
|
|
|
{
|
2011-04-10 17:42:00 +02:00
|
|
|
size_t plen = strlen(pattern);
|
|
|
|
|
size_t hlen = strlen(actual_hostname);
|
2010-10-24 14:54:00 +02:00
|
|
|
|
|
|
|
|
if (hlen < plen)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return (pg_strcasecmp(pattern, actual_hostname + (hlen - plen)) == 0);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
return (pg_strcasecmp(pattern, actual_hostname) == 0);
|
|
|
|
|
}
|
|
|
|
|
|
2010-10-15 21:53:39 +02:00
|
|
|
/*
|
|
|
|
|
* Check to see if a connecting IP matches a given host name.
|
|
|
|
|
*/
|
|
|
|
|
static bool
|
|
|
|
|
check_hostname(hbaPort *port, const char *hostname)
|
|
|
|
|
{
|
2011-04-10 17:42:00 +02:00
|
|
|
struct addrinfo *gai_result,
|
|
|
|
|
*gai;
|
2010-10-15 21:53:39 +02:00
|
|
|
int ret;
|
|
|
|
|
bool found;
|
|
|
|
|
|
Fix assorted issues in client host name lookup.
The code for matching clients to pg_hba.conf lines that specify host names
(instead of IP address ranges) failed to complain if reverse DNS lookup
failed; instead it silently didn't match, so that you might end up getting
a surprising "no pg_hba.conf entry for ..." error, as seen in bug #9518
from Mike Blackwell. Since we don't want to make this a fatal error in
situations where pg_hba.conf contains a mixture of host names and IP
addresses (clients matching one of the numeric entries should not have to
have rDNS data), remember the lookup failure and mention it as DETAIL if
we get to "no pg_hba.conf entry". Apply the same approach to forward-DNS
lookup failures, too, rather than treating them as immediate hard errors.
Along the way, fix a couple of bugs that prevented us from detecting an
rDNS lookup error reliably, and make sure that we make only one rDNS lookup
attempt; formerly, if the lookup attempt failed, the code would try again
for each host name entry in pg_hba.conf. Since more or less the whole
point of this design is to ensure there's only one lookup attempt not one
per entry, the latter point represents a performance bug that seems
sufficient justification for back-patching.
Also, adjust src/port/getaddrinfo.c so that it plays as well as it can
with this code. Which is not all that well, since it does not have actual
support for rDNS lookup, but at least it should return the expected (and
required by spec) error codes so that the main code correctly perceives the
lack of functionality as a lookup failure. It's unlikely that PG is still
being used in production on any machines that require our getaddrinfo.c,
so I'm not excited about working harder than this.
To keep the code in the various branches similar, this includes
back-patching commits c424d0d1052cb4053c8712ac44123f9b9a9aa3f2 and
1997f34db4687e671690ed054c8f30bb501b1168 into 9.2 and earlier.
Back-patch to 9.1 where the facility for hostnames in pg_hba.conf was
introduced.
2014-04-02 23:11:24 +02:00
|
|
|
/* Quick out if remote host name already known bad */
|
|
|
|
|
if (port->remote_hostname_resolv < 0)
|
|
|
|
|
return false;
|
|
|
|
|
|
2010-10-15 21:53:39 +02:00
|
|
|
/* Lookup remote host name if not already done */
|
|
|
|
|
if (!port->remote_hostname)
|
|
|
|
|
{
|
|
|
|
|
char remote_hostname[NI_MAXHOST];
|
|
|
|
|
|
Fix assorted issues in client host name lookup.
The code for matching clients to pg_hba.conf lines that specify host names
(instead of IP address ranges) failed to complain if reverse DNS lookup
failed; instead it silently didn't match, so that you might end up getting
a surprising "no pg_hba.conf entry for ..." error, as seen in bug #9518
from Mike Blackwell. Since we don't want to make this a fatal error in
situations where pg_hba.conf contains a mixture of host names and IP
addresses (clients matching one of the numeric entries should not have to
have rDNS data), remember the lookup failure and mention it as DETAIL if
we get to "no pg_hba.conf entry". Apply the same approach to forward-DNS
lookup failures, too, rather than treating them as immediate hard errors.
Along the way, fix a couple of bugs that prevented us from detecting an
rDNS lookup error reliably, and make sure that we make only one rDNS lookup
attempt; formerly, if the lookup attempt failed, the code would try again
for each host name entry in pg_hba.conf. Since more or less the whole
point of this design is to ensure there's only one lookup attempt not one
per entry, the latter point represents a performance bug that seems
sufficient justification for back-patching.
Also, adjust src/port/getaddrinfo.c so that it plays as well as it can
with this code. Which is not all that well, since it does not have actual
support for rDNS lookup, but at least it should return the expected (and
required by spec) error codes so that the main code correctly perceives the
lack of functionality as a lookup failure. It's unlikely that PG is still
being used in production on any machines that require our getaddrinfo.c,
so I'm not excited about working harder than this.
To keep the code in the various branches similar, this includes
back-patching commits c424d0d1052cb4053c8712ac44123f9b9a9aa3f2 and
1997f34db4687e671690ed054c8f30bb501b1168 into 9.2 and earlier.
Back-patch to 9.1 where the facility for hostnames in pg_hba.conf was
introduced.
2014-04-02 23:11:24 +02:00
|
|
|
ret = pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
|
|
|
|
|
remote_hostname, sizeof(remote_hostname),
|
|
|
|
|
NULL, 0,
|
|
|
|
|
NI_NAMEREQD);
|
|
|
|
|
if (ret != 0)
|
|
|
|
|
{
|
|
|
|
|
/* remember failure; don't complain in the postmaster log yet */
|
|
|
|
|
port->remote_hostname_resolv = -2;
|
|
|
|
|
port->remote_hostname_errcode = ret;
|
2010-10-15 21:53:39 +02:00
|
|
|
return false;
|
Fix assorted issues in client host name lookup.
The code for matching clients to pg_hba.conf lines that specify host names
(instead of IP address ranges) failed to complain if reverse DNS lookup
failed; instead it silently didn't match, so that you might end up getting
a surprising "no pg_hba.conf entry for ..." error, as seen in bug #9518
from Mike Blackwell. Since we don't want to make this a fatal error in
situations where pg_hba.conf contains a mixture of host names and IP
addresses (clients matching one of the numeric entries should not have to
have rDNS data), remember the lookup failure and mention it as DETAIL if
we get to "no pg_hba.conf entry". Apply the same approach to forward-DNS
lookup failures, too, rather than treating them as immediate hard errors.
Along the way, fix a couple of bugs that prevented us from detecting an
rDNS lookup error reliably, and make sure that we make only one rDNS lookup
attempt; formerly, if the lookup attempt failed, the code would try again
for each host name entry in pg_hba.conf. Since more or less the whole
point of this design is to ensure there's only one lookup attempt not one
per entry, the latter point represents a performance bug that seems
sufficient justification for back-patching.
Also, adjust src/port/getaddrinfo.c so that it plays as well as it can
with this code. Which is not all that well, since it does not have actual
support for rDNS lookup, but at least it should return the expected (and
required by spec) error codes so that the main code correctly perceives the
lack of functionality as a lookup failure. It's unlikely that PG is still
being used in production on any machines that require our getaddrinfo.c,
so I'm not excited about working harder than this.
To keep the code in the various branches similar, this includes
back-patching commits c424d0d1052cb4053c8712ac44123f9b9a9aa3f2 and
1997f34db4687e671690ed054c8f30bb501b1168 into 9.2 and earlier.
Back-patch to 9.1 where the facility for hostnames in pg_hba.conf was
introduced.
2014-04-02 23:11:24 +02:00
|
|
|
}
|
2010-10-15 21:53:39 +02:00
|
|
|
|
|
|
|
|
port->remote_hostname = pstrdup(remote_hostname);
|
|
|
|
|
}
|
|
|
|
|
|
Fix assorted issues in client host name lookup.
The code for matching clients to pg_hba.conf lines that specify host names
(instead of IP address ranges) failed to complain if reverse DNS lookup
failed; instead it silently didn't match, so that you might end up getting
a surprising "no pg_hba.conf entry for ..." error, as seen in bug #9518
from Mike Blackwell. Since we don't want to make this a fatal error in
situations where pg_hba.conf contains a mixture of host names and IP
addresses (clients matching one of the numeric entries should not have to
have rDNS data), remember the lookup failure and mention it as DETAIL if
we get to "no pg_hba.conf entry". Apply the same approach to forward-DNS
lookup failures, too, rather than treating them as immediate hard errors.
Along the way, fix a couple of bugs that prevented us from detecting an
rDNS lookup error reliably, and make sure that we make only one rDNS lookup
attempt; formerly, if the lookup attempt failed, the code would try again
for each host name entry in pg_hba.conf. Since more or less the whole
point of this design is to ensure there's only one lookup attempt not one
per entry, the latter point represents a performance bug that seems
sufficient justification for back-patching.
Also, adjust src/port/getaddrinfo.c so that it plays as well as it can
with this code. Which is not all that well, since it does not have actual
support for rDNS lookup, but at least it should return the expected (and
required by spec) error codes so that the main code correctly perceives the
lack of functionality as a lookup failure. It's unlikely that PG is still
being used in production on any machines that require our getaddrinfo.c,
so I'm not excited about working harder than this.
To keep the code in the various branches similar, this includes
back-patching commits c424d0d1052cb4053c8712ac44123f9b9a9aa3f2 and
1997f34db4687e671690ed054c8f30bb501b1168 into 9.2 and earlier.
Back-patch to 9.1 where the facility for hostnames in pg_hba.conf was
introduced.
2014-04-02 23:11:24 +02:00
|
|
|
/* Now see if remote host name matches this pg_hba line */
|
2010-10-24 14:54:00 +02:00
|
|
|
if (!hostname_match(hostname, port->remote_hostname))
|
2010-10-15 21:53:39 +02:00
|
|
|
return false;
|
|
|
|
|
|
Fix assorted issues in client host name lookup.
The code for matching clients to pg_hba.conf lines that specify host names
(instead of IP address ranges) failed to complain if reverse DNS lookup
failed; instead it silently didn't match, so that you might end up getting
a surprising "no pg_hba.conf entry for ..." error, as seen in bug #9518
from Mike Blackwell. Since we don't want to make this a fatal error in
situations where pg_hba.conf contains a mixture of host names and IP
addresses (clients matching one of the numeric entries should not have to
have rDNS data), remember the lookup failure and mention it as DETAIL if
we get to "no pg_hba.conf entry". Apply the same approach to forward-DNS
lookup failures, too, rather than treating them as immediate hard errors.
Along the way, fix a couple of bugs that prevented us from detecting an
rDNS lookup error reliably, and make sure that we make only one rDNS lookup
attempt; formerly, if the lookup attempt failed, the code would try again
for each host name entry in pg_hba.conf. Since more or less the whole
point of this design is to ensure there's only one lookup attempt not one
per entry, the latter point represents a performance bug that seems
sufficient justification for back-patching.
Also, adjust src/port/getaddrinfo.c so that it plays as well as it can
with this code. Which is not all that well, since it does not have actual
support for rDNS lookup, but at least it should return the expected (and
required by spec) error codes so that the main code correctly perceives the
lack of functionality as a lookup failure. It's unlikely that PG is still
being used in production on any machines that require our getaddrinfo.c,
so I'm not excited about working harder than this.
To keep the code in the various branches similar, this includes
back-patching commits c424d0d1052cb4053c8712ac44123f9b9a9aa3f2 and
1997f34db4687e671690ed054c8f30bb501b1168 into 9.2 and earlier.
Back-patch to 9.1 where the facility for hostnames in pg_hba.conf was
introduced.
2014-04-02 23:11:24 +02:00
|
|
|
/* If we already verified the forward lookup, we're done */
|
2010-10-15 21:53:39 +02:00
|
|
|
if (port->remote_hostname_resolv == +1)
|
|
|
|
|
return true;
|
|
|
|
|
|
Fix assorted issues in client host name lookup.
The code for matching clients to pg_hba.conf lines that specify host names
(instead of IP address ranges) failed to complain if reverse DNS lookup
failed; instead it silently didn't match, so that you might end up getting
a surprising "no pg_hba.conf entry for ..." error, as seen in bug #9518
from Mike Blackwell. Since we don't want to make this a fatal error in
situations where pg_hba.conf contains a mixture of host names and IP
addresses (clients matching one of the numeric entries should not have to
have rDNS data), remember the lookup failure and mention it as DETAIL if
we get to "no pg_hba.conf entry". Apply the same approach to forward-DNS
lookup failures, too, rather than treating them as immediate hard errors.
Along the way, fix a couple of bugs that prevented us from detecting an
rDNS lookup error reliably, and make sure that we make only one rDNS lookup
attempt; formerly, if the lookup attempt failed, the code would try again
for each host name entry in pg_hba.conf. Since more or less the whole
point of this design is to ensure there's only one lookup attempt not one
per entry, the latter point represents a performance bug that seems
sufficient justification for back-patching.
Also, adjust src/port/getaddrinfo.c so that it plays as well as it can
with this code. Which is not all that well, since it does not have actual
support for rDNS lookup, but at least it should return the expected (and
required by spec) error codes so that the main code correctly perceives the
lack of functionality as a lookup failure. It's unlikely that PG is still
being used in production on any machines that require our getaddrinfo.c,
so I'm not excited about working harder than this.
To keep the code in the various branches similar, this includes
back-patching commits c424d0d1052cb4053c8712ac44123f9b9a9aa3f2 and
1997f34db4687e671690ed054c8f30bb501b1168 into 9.2 and earlier.
Back-patch to 9.1 where the facility for hostnames in pg_hba.conf was
introduced.
2014-04-02 23:11:24 +02:00
|
|
|
/* Lookup IP from host name and check against original IP */
|
2010-10-15 21:53:39 +02:00
|
|
|
ret = getaddrinfo(port->remote_hostname, NULL, NULL, &gai_result);
|
|
|
|
|
if (ret != 0)
|
Fix assorted issues in client host name lookup.
The code for matching clients to pg_hba.conf lines that specify host names
(instead of IP address ranges) failed to complain if reverse DNS lookup
failed; instead it silently didn't match, so that you might end up getting
a surprising "no pg_hba.conf entry for ..." error, as seen in bug #9518
from Mike Blackwell. Since we don't want to make this a fatal error in
situations where pg_hba.conf contains a mixture of host names and IP
addresses (clients matching one of the numeric entries should not have to
have rDNS data), remember the lookup failure and mention it as DETAIL if
we get to "no pg_hba.conf entry". Apply the same approach to forward-DNS
lookup failures, too, rather than treating them as immediate hard errors.
Along the way, fix a couple of bugs that prevented us from detecting an
rDNS lookup error reliably, and make sure that we make only one rDNS lookup
attempt; formerly, if the lookup attempt failed, the code would try again
for each host name entry in pg_hba.conf. Since more or less the whole
point of this design is to ensure there's only one lookup attempt not one
per entry, the latter point represents a performance bug that seems
sufficient justification for back-patching.
Also, adjust src/port/getaddrinfo.c so that it plays as well as it can
with this code. Which is not all that well, since it does not have actual
support for rDNS lookup, but at least it should return the expected (and
required by spec) error codes so that the main code correctly perceives the
lack of functionality as a lookup failure. It's unlikely that PG is still
being used in production on any machines that require our getaddrinfo.c,
so I'm not excited about working harder than this.
To keep the code in the various branches similar, this includes
back-patching commits c424d0d1052cb4053c8712ac44123f9b9a9aa3f2 and
1997f34db4687e671690ed054c8f30bb501b1168 into 9.2 and earlier.
Back-patch to 9.1 where the facility for hostnames in pg_hba.conf was
introduced.
2014-04-02 23:11:24 +02:00
|
|
|
{
|
|
|
|
|
/* remember failure; don't complain in the postmaster log yet */
|
|
|
|
|
port->remote_hostname_resolv = -2;
|
|
|
|
|
port->remote_hostname_errcode = ret;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2010-10-15 21:53:39 +02:00
|
|
|
|
|
|
|
|
found = false;
|
|
|
|
|
for (gai = gai_result; gai; gai = gai->ai_next)
|
|
|
|
|
{
|
|
|
|
|
if (gai->ai_addr->sa_family == port->raddr.addr.ss_family)
|
|
|
|
|
{
|
|
|
|
|
if (gai->ai_addr->sa_family == AF_INET)
|
|
|
|
|
{
|
|
|
|
|
if (ipv4eq((struct sockaddr_in *) gai->ai_addr,
|
2017-06-21 20:39:04 +02:00
|
|
|
(struct sockaddr_in *) &port->raddr.addr))
|
2010-10-15 21:53:39 +02:00
|
|
|
{
|
|
|
|
|
found = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-10-16 16:12:16 +02:00
|
|
|
#ifdef HAVE_IPV6
|
2010-10-15 21:53:39 +02:00
|
|
|
else if (gai->ai_addr->sa_family == AF_INET6)
|
|
|
|
|
{
|
|
|
|
|
if (ipv6eq((struct sockaddr_in6 *) gai->ai_addr,
|
2017-06-21 20:39:04 +02:00
|
|
|
(struct sockaddr_in6 *) &port->raddr.addr))
|
2010-10-15 21:53:39 +02:00
|
|
|
{
|
|
|
|
|
found = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-10-16 16:12:16 +02:00
|
|
|
#endif
|
2010-10-15 21:53:39 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (gai_result)
|
|
|
|
|
freeaddrinfo(gai_result);
|
|
|
|
|
|
|
|
|
|
if (!found)
|
|
|
|
|
elog(DEBUG2, "pg_hba.conf host name \"%s\" rejected because address resolution did not return a match with IP address of client",
|
|
|
|
|
hostname);
|
|
|
|
|
|
|
|
|
|
port->remote_hostname_resolv = found ? +1 : -1;
|
|
|
|
|
|
|
|
|
|
return found;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-01 03:58:58 +02:00
|
|
|
/*
|
|
|
|
|
* Check to see if a connecting IP matches the given address and netmask.
|
|
|
|
|
*/
|
|
|
|
|
static bool
|
2017-06-21 20:39:04 +02:00
|
|
|
check_ip(SockAddr *raddr, struct sockaddr *addr, struct sockaddr *mask)
|
2009-10-01 03:58:58 +02:00
|
|
|
{
|
2015-02-17 18:49:18 +01:00
|
|
|
if (raddr->addr.ss_family == addr->sa_family &&
|
|
|
|
|
pg_range_sockaddr(&raddr->addr,
|
|
|
|
|
(struct sockaddr_storage *) addr,
|
|
|
|
|
(struct sockaddr_storage *) mask))
|
|
|
|
|
return true;
|
|
|
|
|
return false;
|
2009-10-01 03:58:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* pg_foreach_ifaddr callback: does client addr match this machine interface?
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2017-06-21 20:39:04 +02:00
|
|
|
check_network_callback(struct sockaddr *addr, struct sockaddr *netmask,
|
2009-10-01 03:58:58 +02:00
|
|
|
void *cb_data)
|
|
|
|
|
{
|
|
|
|
|
check_network_data *cn = (check_network_data *) cb_data;
|
|
|
|
|
struct sockaddr_storage mask;
|
|
|
|
|
|
|
|
|
|
/* Already found a match? */
|
|
|
|
|
if (cn->result)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (cn->method == ipCmpSameHost)
|
|
|
|
|
{
|
|
|
|
|
/* Make an all-ones netmask of appropriate length for family */
|
|
|
|
|
pg_sockaddr_cidr_mask(&mask, NULL, addr->sa_family);
|
2017-06-21 20:39:04 +02:00
|
|
|
cn->result = check_ip(cn->raddr, addr, (struct sockaddr *) &mask);
|
2009-10-01 03:58:58 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Use the netmask of the interface itself */
|
|
|
|
|
cn->result = check_ip(cn->raddr, addr, netmask);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Use pg_foreach_ifaddr to check a samehost or samenet match
|
|
|
|
|
*/
|
|
|
|
|
static bool
|
|
|
|
|
check_same_host_or_net(SockAddr *raddr, IPCompareMethod method)
|
|
|
|
|
{
|
|
|
|
|
check_network_data cn;
|
|
|
|
|
|
|
|
|
|
cn.method = method;
|
|
|
|
|
cn.raddr = raddr;
|
|
|
|
|
cn.result = false;
|
|
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
|
if (pg_foreach_ifaddr(check_network_callback, &cn) < 0)
|
|
|
|
|
{
|
|
|
|
|
elog(LOG, "error enumerating network interfaces: %m");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cn.result;
|
|
|
|
|
}
|
|
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2008-10-23 15:31:10 +02:00
|
|
|
/*
|
|
|
|
|
* Macros used to check and report on invalid configuration options.
|
2017-01-31 00:00:26 +01:00
|
|
|
* On error: log a message at level elevel, set *err_msg, and exit the function.
|
|
|
|
|
* These macros are not as general-purpose as they look, because they know
|
|
|
|
|
* what the calling function's error-exit value is.
|
|
|
|
|
*
|
2008-10-23 15:31:10 +02:00
|
|
|
* INVALID_AUTH_OPTION = reports when an option is specified for a method where it's
|
2009-06-11 16:49:15 +02:00
|
|
|
* not supported.
|
2008-10-23 15:31:10 +02:00
|
|
|
* REQUIRE_AUTH_OPTION = same as INVALID_AUTH_OPTION, except it also checks if the
|
2009-06-11 16:49:15 +02:00
|
|
|
* method is actually the one specified. Used as a shortcut when
|
|
|
|
|
* the option is only valid for one authentication method.
|
2008-10-23 15:31:10 +02:00
|
|
|
* MANDATORY_AUTH_ARG = check if a required option is set for an authentication method,
|
2009-06-11 16:49:15 +02:00
|
|
|
* reporting error if it's not.
|
2008-10-23 15:31:10 +02:00
|
|
|
*/
|
2017-01-31 00:00:26 +01:00
|
|
|
#define INVALID_AUTH_OPTION(optname, validmethods) \
|
|
|
|
|
do { \
|
|
|
|
|
ereport(elevel, \
|
2008-10-23 15:31:10 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR), \
|
2009-04-15 23:42:50 +02:00
|
|
|
/* translator: the second %s is a list of auth methods */ \
|
|
|
|
|
errmsg("authentication option \"%s\" is only valid for authentication methods %s", \
|
|
|
|
|
optname, _(validmethods)), \
|
2008-10-23 15:31:10 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"", \
|
|
|
|
|
line_num, HbaFileName))); \
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("authentication option \"%s\" is only valid for authentication methods %s", \
|
|
|
|
|
optname, validmethods); \
|
2008-10-24 14:48:31 +02:00
|
|
|
return false; \
|
2017-01-31 00:00:26 +01:00
|
|
|
} while (0)
|
2008-10-23 15:31:10 +02:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
#define REQUIRE_AUTH_OPTION(methodval, optname, validmethods) \
|
|
|
|
|
do { \
|
2011-06-20 23:20:14 +02:00
|
|
|
if (hbaline->auth_method != methodval) \
|
2009-01-02 12:34:03 +01:00
|
|
|
INVALID_AUTH_OPTION(optname, validmethods); \
|
2017-01-31 00:00:26 +01:00
|
|
|
} while (0)
|
2008-10-23 15:31:10 +02:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
#define MANDATORY_AUTH_ARG(argvar, argname, authname) \
|
|
|
|
|
do { \
|
|
|
|
|
if (argvar == NULL) { \
|
|
|
|
|
ereport(elevel, \
|
2008-10-23 15:31:10 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR), \
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("authentication method \"%s\" requires argument \"%s\" to be set", \
|
2008-10-23 15:31:10 +02:00
|
|
|
authname, argname), \
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"", \
|
|
|
|
|
line_num, HbaFileName))); \
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("authentication method \"%s\" requires argument \"%s\" to be set", \
|
|
|
|
|
authname, argname); \
|
2013-04-16 04:33:24 +02:00
|
|
|
return NULL; \
|
2008-10-23 15:31:10 +02:00
|
|
|
} \
|
2017-01-31 00:00:26 +01:00
|
|
|
} while (0)
|
2008-10-23 15:31:10 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
/*
|
2017-01-31 00:00:26 +01:00
|
|
|
* Macros for handling pg_ident problems.
|
|
|
|
|
* Much as above, but currently the message level is hardwired as LOG
|
|
|
|
|
* and there is no provision for an err_msg string.
|
|
|
|
|
*
|
2011-06-20 23:20:14 +02:00
|
|
|
* IDENT_FIELD_ABSENT:
|
2017-01-31 00:00:26 +01:00
|
|
|
* Log a message and exit the function if the given ident field ListCell is
|
2011-06-20 23:20:14 +02:00
|
|
|
* not populated.
|
|
|
|
|
*
|
|
|
|
|
* IDENT_MULTI_VALUE:
|
2017-01-31 00:00:26 +01:00
|
|
|
* Log a message and exit the function if the given ident token List has more
|
2011-06-20 23:20:14 +02:00
|
|
|
* than one element.
|
|
|
|
|
*/
|
2017-01-31 00:00:26 +01:00
|
|
|
#define IDENT_FIELD_ABSENT(field) \
|
|
|
|
|
do { \
|
2011-06-20 23:20:14 +02:00
|
|
|
if (!field) { \
|
|
|
|
|
ereport(LOG, \
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR), \
|
|
|
|
|
errmsg("missing entry in file \"%s\" at end of line %d", \
|
2017-01-27 19:43:00 +01:00
|
|
|
IdentFileName, line_num))); \
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
return NULL; \
|
2011-06-20 23:20:14 +02:00
|
|
|
} \
|
2017-01-31 00:00:26 +01:00
|
|
|
} while (0)
|
2011-06-20 23:20:14 +02:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
#define IDENT_MULTI_VALUE(tokens) \
|
|
|
|
|
do { \
|
2011-06-20 23:20:14 +02:00
|
|
|
if (tokens->length > 1) { \
|
|
|
|
|
ereport(LOG, \
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR), \
|
|
|
|
|
errmsg("multiple values in ident field"), \
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"", \
|
2017-01-27 19:43:00 +01:00
|
|
|
line_num, IdentFileName))); \
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
return NULL; \
|
2011-06-20 23:20:14 +02:00
|
|
|
} \
|
2017-01-31 00:00:26 +01:00
|
|
|
} while (0)
|
2011-06-20 23:20:14 +02:00
|
|
|
|
2008-10-23 15:31:10 +02:00
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2011-06-20 23:20:14 +02:00
|
|
|
* Parse one tokenised line from the hba config file and store the result in a
|
2017-01-27 19:43:00 +01:00
|
|
|
* HbaLine structure.
|
2011-06-20 23:20:14 +02:00
|
|
|
*
|
2017-01-31 00:00:26 +01:00
|
|
|
* If parsing fails, log a message at ereport level elevel, store an error
|
|
|
|
|
* string in tok_line->err_msg, and return NULL. (Some non-error conditions
|
|
|
|
|
* can also result in such messages.)
|
2011-06-20 23:20:14 +02:00
|
|
|
*
|
|
|
|
|
* Note: this function leaks memory when an error occurs. Caller is expected
|
|
|
|
|
* to have set a memory context that will be reset if this function returns
|
|
|
|
|
* NULL.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2011-06-20 23:20:14 +02:00
|
|
|
static HbaLine *
|
2017-01-31 00:00:26 +01:00
|
|
|
parse_hba_line(TokenizedLine *tok_line, int elevel)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2017-01-27 19:43:00 +01:00
|
|
|
int line_num = tok_line->line_num;
|
2017-01-31 00:00:26 +01:00
|
|
|
char **err_msg = &tok_line->err_msg;
|
2011-06-20 23:20:14 +02:00
|
|
|
char *str;
|
2003-09-06 01:07:21 +02:00
|
|
|
struct addrinfo *gai_result;
|
2003-08-04 02:43:34 +02:00
|
|
|
struct addrinfo hints;
|
2003-06-12 09:36:51 +02:00
|
|
|
int ret;
|
2003-09-06 01:07:21 +02:00
|
|
|
char *cidr_slash;
|
2008-09-15 14:32:57 +02:00
|
|
|
char *unsupauth;
|
2011-06-20 23:20:14 +02:00
|
|
|
ListCell *field;
|
|
|
|
|
List *tokens;
|
|
|
|
|
ListCell *tokencell;
|
|
|
|
|
HbaToken *token;
|
2012-06-10 21:20:04 +02:00
|
|
|
HbaLine *parsedline;
|
2008-09-15 14:32:57 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
parsedline = palloc0(sizeof(HbaLine));
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->linenumber = line_num;
|
2017-01-27 19:43:00 +01:00
|
|
|
parsedline->rawline = pstrdup(tok_line->raw_line);
|
2008-09-15 14:32:57 +02:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/* Check the record type. */
|
2017-01-27 19:43:00 +01:00
|
|
|
Assert(tok_line->fields != NIL);
|
|
|
|
|
field = list_head(tok_line->fields);
|
2011-06-20 23:20:14 +02:00
|
|
|
tokens = lfirst(field);
|
|
|
|
|
if (tokens->length > 1)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("multiple values specified for connection type"),
|
|
|
|
|
errhint("Specify exactly one connection type per line."),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "multiple values specified for connection type";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
token = linitial(tokens);
|
|
|
|
|
if (strcmp(token->string, "local") == 0)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
2011-05-30 20:11:13 +02:00
|
|
|
#ifdef HAVE_UNIX_SOCKETS
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->conntype = ctLocal;
|
2011-05-30 20:11:13 +02:00
|
|
|
#else
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-05-30 20:11:13 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("local connections are not supported by this build"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "local connections are not supported by this build";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2011-05-30 20:11:13 +02:00
|
|
|
#endif
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "host") == 0 ||
|
|
|
|
|
strcmp(token->string, "hostssl") == 0 ||
|
|
|
|
|
strcmp(token->string, "hostnossl") == 0)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2002-12-06 05:37:05 +01:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
if (token->string[4] == 's') /* "hostssl" */
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2017-01-03 03:37:12 +01:00
|
|
|
parsedline->conntype = ctHostSSL;
|
|
|
|
|
/* Log a warning if SSL support is not active */
|
2001-08-02 16:27:40 +02:00
|
|
|
#ifdef USE_SSL
|
2017-01-03 03:37:12 +01:00
|
|
|
if (!EnableSSL)
|
2017-01-31 00:00:26 +01:00
|
|
|
{
|
|
|
|
|
ereport(elevel,
|
2011-04-26 21:40:11 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errmsg("hostssl record cannot match because SSL is disabled"),
|
2011-04-26 21:40:11 +02:00
|
|
|
errhint("Set ssl = on in postgresql.conf."),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "hostssl record cannot match because SSL is disabled";
|
|
|
|
|
}
|
1999-09-27 05:13:16 +02:00
|
|
|
#else
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-10-27 21:04:45 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2017-01-03 03:37:12 +01:00
|
|
|
errmsg("hostssl record cannot match because SSL is not supported by this build"),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errhint("Compile with --with-openssl to use SSL connections."),
|
2008-10-27 21:04:45 +01:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "hostssl record cannot match because SSL is not supported by this build";
|
1999-09-27 05:13:16 +02:00
|
|
|
#endif
|
2001-08-02 16:27:40 +02:00
|
|
|
}
|
Phase 2 of pgindent updates.
Change pg_bsd_indent to follow upstream rules for placement of comments
to the right of code, and remove pgindent hack that caused comments
following #endif to not obey the general rule.
Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using
the published version of pg_bsd_indent, but a hacked-up version that
tried to minimize the amount of movement of comments to the right of
code. The situation of interest is where such a comment has to be
moved to the right of its default placement at column 33 because there's
code there. BSD indent has always moved right in units of tab stops
in such cases --- but in the previous incarnation, indent was working
in 8-space tab stops, while now it knows we use 4-space tabs. So the
net result is that in about half the cases, such comments are placed
one tab stop left of before. This is better all around: it leaves
more room on the line for comment text, and it means that in such
cases the comment uniformly starts at the next 4-space tab stop after
the code, rather than sometimes one and sometimes two tabs after.
Also, ensure that comments following #endif are indented the same
as comments following other preprocessor commands such as #else.
That inconsistency turns out to have been self-inflicted damage
from a poorly-thought-through post-indent "fixup" in pgindent.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:18:54 +02:00
|
|
|
else if (token->string[4] == 'n') /* "hostnossl" */
|
At long last I put together a patch to support 4 client SSL negotiation
modes (and replace the requiressl boolean). The four options were first
spelled out by Magnus Hagander <mha@sollentuna.net> on 2000-08-23 in email
to pgsql-hackers, archived here:
http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php
My original less-flexible patch and the ensuing thread are archived at:
http://dbforums.com/t623845.html
Attached is a new patch, including documentation.
To sum up, there's a new client parameter "sslmode" and environment
variable "PGSSLMODE", with these options:
sslmode description
------- -----------
disable Unencrypted non-SSL only
allow Negotiate, prefer non-SSL
prefer Negotiate, prefer SSL (default)
require Require SSL
The only change to the server is a new pg_hba.conf line type,
"hostnossl", for specifying connections that are not allowed to use SSL
(for example, to prevent servers on a local network from accidentally
using SSL and wasting cycles). Thus the 3 pg_hba.conf line types are:
pg_hba.conf line types
----------------------
host applies to either SSL or regular connections
hostssl applies only to SSL connections
hostnossl applies only to regular connections
These client and server options, the postgresql.conf ssl = false option,
and finally the possibility of compiling with no SSL support at all,
make quite a range of combinations to test. I threw together a test
script to try many of them out. It's in a separate tarball with its
config files, a patch to psql so it'll announce SSL connections even in
absence of a tty, and the test output. The test is especially informative
when run on the same tty the postmaster was started on, so the FATAL:
errors during negotiation are interleaved with the psql client output.
I saw Tom write that new submissions for 7.4 have to be in before midnight
local time, and since I'm on the east coast in the US, this just makes it
in before the bell. :)
Jon Jensen
2003-07-26 15:50:02 +02:00
|
|
|
{
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->conntype = ctHostNoSSL;
|
At long last I put together a patch to support 4 client SSL negotiation
modes (and replace the requiressl boolean). The four options were first
spelled out by Magnus Hagander <mha@sollentuna.net> on 2000-08-23 in email
to pgsql-hackers, archived here:
http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php
My original less-flexible patch and the ensuing thread are archived at:
http://dbforums.com/t623845.html
Attached is a new patch, including documentation.
To sum up, there's a new client parameter "sslmode" and environment
variable "PGSSLMODE", with these options:
sslmode description
------- -----------
disable Unencrypted non-SSL only
allow Negotiate, prefer non-SSL
prefer Negotiate, prefer SSL (default)
require Require SSL
The only change to the server is a new pg_hba.conf line type,
"hostnossl", for specifying connections that are not allowed to use SSL
(for example, to prevent servers on a local network from accidentally
using SSL and wasting cycles). Thus the 3 pg_hba.conf line types are:
pg_hba.conf line types
----------------------
host applies to either SSL or regular connections
hostssl applies only to SSL connections
hostnossl applies only to regular connections
These client and server options, the postgresql.conf ssl = false option,
and finally the possibility of compiling with no SSL support at all,
make quite a range of combinations to test. I threw together a test
script to try many of them out. It's in a separate tarball with its
config files, a patch to psql so it'll announce SSL connections even in
absence of a tty, and the test output. The test is especially informative
when run on the same tty the postmaster was started on, so the FATAL:
errors during negotiation are interleaved with the psql client output.
I saw Tom write that new submissions for 7.4 have to be in before midnight
local time, and since I'm on the east coast in the US, this just makes it
in before the bell. :)
Jon Jensen
2003-07-26 15:50:02 +02:00
|
|
|
}
|
2009-06-11 16:49:15 +02:00
|
|
|
else
|
2008-09-15 14:32:57 +02:00
|
|
|
{
|
2014-11-25 08:39:31 +01:00
|
|
|
/* "host" */
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->conntype = ctHost;
|
|
|
|
|
}
|
2009-06-11 16:49:15 +02:00
|
|
|
} /* record type */
|
2008-09-15 14:32:57 +02:00
|
|
|
else
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-10-27 21:04:45 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid connection type \"%s\"",
|
2011-06-20 23:20:14 +02:00
|
|
|
token->string),
|
2008-10-27 21:04:45 +01:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("invalid connection type \"%s\"", token->string);
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2008-10-27 21:04:45 +01:00
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
/* Get the databases. */
|
|
|
|
|
field = lnext(field);
|
|
|
|
|
if (!field)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-10-27 21:04:45 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("end-of-line before database specification"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "end-of-line before database specification";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
parsedline->databases = NIL;
|
|
|
|
|
tokens = lfirst(field);
|
|
|
|
|
foreach(tokencell, tokens)
|
|
|
|
|
{
|
|
|
|
|
parsedline->databases = lappend(parsedline->databases,
|
|
|
|
|
copy_hba_token(lfirst(tokencell)));
|
2008-10-27 21:04:45 +01:00
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
/* Get the roles. */
|
|
|
|
|
field = lnext(field);
|
|
|
|
|
if (!field)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-10-27 21:04:45 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("end-of-line before role specification"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "end-of-line before role specification";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
parsedline->roles = NIL;
|
|
|
|
|
tokens = lfirst(field);
|
|
|
|
|
foreach(tokencell, tokens)
|
|
|
|
|
{
|
|
|
|
|
parsedline->roles = lappend(parsedline->roles,
|
|
|
|
|
copy_hba_token(lfirst(tokencell)));
|
2008-10-27 21:04:45 +01:00
|
|
|
}
|
2002-04-04 06:25:54 +02:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
if (parsedline->conntype != ctLocal)
|
|
|
|
|
{
|
2003-06-12 09:36:51 +02:00
|
|
|
/* Read the IP address field. (with or without CIDR netmask) */
|
2011-06-20 23:20:14 +02:00
|
|
|
field = lnext(field);
|
|
|
|
|
if (!field)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-10-27 21:04:45 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2009-06-21 22:15:32 +02:00
|
|
|
errmsg("end-of-line before IP address specification"),
|
2008-10-27 21:04:45 +01:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "end-of-line before IP address specification";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2008-10-27 21:04:45 +01:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
tokens = lfirst(field);
|
|
|
|
|
if (tokens->length > 1)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("multiple values specified for host address"),
|
|
|
|
|
errhint("Specify one address range per line."),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "multiple values specified for host address";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
token = linitial(tokens);
|
2009-10-01 03:58:58 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
if (token_is_keyword(token, "all"))
|
2010-10-18 21:14:47 +02:00
|
|
|
{
|
|
|
|
|
parsedline->ip_cmp_method = ipCmpAll;
|
|
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (token_is_keyword(token, "samehost"))
|
2003-06-12 09:36:51 +02:00
|
|
|
{
|
2009-10-01 03:58:58 +02:00
|
|
|
/* Any IP on this host is allowed to connect */
|
|
|
|
|
parsedline->ip_cmp_method = ipCmpSameHost;
|
2003-06-12 09:36:51 +02:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (token_is_keyword(token, "samenet"))
|
2003-06-12 09:36:51 +02:00
|
|
|
{
|
2009-10-01 03:58:58 +02:00
|
|
|
/* Any IP on the host's subnets is allowed to connect */
|
|
|
|
|
parsedline->ip_cmp_method = ipCmpSameNet;
|
2003-06-12 09:36:51 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2009-10-01 03:58:58 +02:00
|
|
|
/* IP and netmask are specified */
|
|
|
|
|
parsedline->ip_cmp_method = ipCmpMask;
|
|
|
|
|
|
|
|
|
|
/* need a modifiable copy of token */
|
2011-06-20 23:20:14 +02:00
|
|
|
str = pstrdup(token->string);
|
2009-10-01 03:58:58 +02:00
|
|
|
|
|
|
|
|
/* Check if it has a CIDR suffix and if so isolate it */
|
2011-06-20 23:20:14 +02:00
|
|
|
cidr_slash = strchr(str, '/');
|
2009-10-01 03:58:58 +02:00
|
|
|
if (cidr_slash)
|
|
|
|
|
*cidr_slash = '\0';
|
|
|
|
|
|
|
|
|
|
/* Get the IP address either way */
|
|
|
|
|
hints.ai_flags = AI_NUMERICHOST;
|
2014-04-16 19:20:54 +02:00
|
|
|
hints.ai_family = AF_UNSPEC;
|
2009-10-01 03:58:58 +02:00
|
|
|
hints.ai_socktype = 0;
|
|
|
|
|
hints.ai_protocol = 0;
|
|
|
|
|
hints.ai_addrlen = 0;
|
|
|
|
|
hints.ai_canonname = NULL;
|
|
|
|
|
hints.ai_addr = NULL;
|
|
|
|
|
hints.ai_next = NULL;
|
2003-06-12 09:36:51 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
ret = pg_getaddrinfo_all(str, NULL, &hints, &gai_result);
|
2010-10-15 21:53:39 +02:00
|
|
|
if (ret == 0 && gai_result)
|
|
|
|
|
memcpy(&parsedline->addr, gai_result->ai_addr,
|
|
|
|
|
gai_result->ai_addrlen);
|
|
|
|
|
else if (ret == EAI_NONAME)
|
2011-06-20 23:20:14 +02:00
|
|
|
parsedline->hostname = str;
|
2010-10-15 21:53:39 +02:00
|
|
|
else
|
2003-09-06 01:07:21 +02:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2004-05-20 00:06:16 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2009-10-01 03:58:58 +02:00
|
|
|
errmsg("invalid IP address \"%s\": %s",
|
2011-06-20 23:20:14 +02:00
|
|
|
str, gai_strerror(ret)),
|
2008-09-15 22:55:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("invalid IP address \"%s\": %s",
|
|
|
|
|
str, gai_strerror(ret));
|
2003-09-06 01:07:21 +02:00
|
|
|
if (gai_result)
|
2005-10-17 18:24:20 +02:00
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2003-09-06 01:07:21 +02:00
|
|
|
}
|
2003-07-22 21:00:12 +02:00
|
|
|
|
2005-10-17 18:24:20 +02:00
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
2003-06-12 09:36:51 +02:00
|
|
|
|
2009-10-01 03:58:58 +02:00
|
|
|
/* Get the netmask */
|
|
|
|
|
if (cidr_slash)
|
2004-05-20 00:06:16 +02:00
|
|
|
{
|
2010-10-15 21:53:39 +02:00
|
|
|
if (parsedline->hostname)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2010-10-15 21:53:39 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("specifying both host name and CIDR mask is invalid: \"%s\"",
|
2011-06-20 23:20:14 +02:00
|
|
|
token->string),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("specifying both host name and CIDR mask is invalid: \"%s\"",
|
|
|
|
|
token->string);
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2010-10-15 21:53:39 +02:00
|
|
|
}
|
|
|
|
|
|
2009-10-01 03:58:58 +02:00
|
|
|
if (pg_sockaddr_cidr_mask(&parsedline->mask, cidr_slash + 1,
|
|
|
|
|
parsedline->addr.ss_family) < 0)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2009-10-01 03:58:58 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid CIDR mask in address \"%s\"",
|
2011-06-20 23:20:14 +02:00
|
|
|
token->string),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("invalid CIDR mask in address \"%s\"",
|
|
|
|
|
token->string);
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2009-10-01 03:58:58 +02:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
pfree(str);
|
2009-10-01 03:58:58 +02:00
|
|
|
}
|
2010-10-15 21:53:39 +02:00
|
|
|
else if (!parsedline->hostname)
|
2009-10-01 03:58:58 +02:00
|
|
|
{
|
|
|
|
|
/* Read the mask field. */
|
2011-06-20 23:20:14 +02:00
|
|
|
pfree(str);
|
|
|
|
|
field = lnext(field);
|
|
|
|
|
if (!field)
|
2009-10-01 03:58:58 +02:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2009-10-01 03:58:58 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errmsg("end-of-line before netmask specification"),
|
2011-06-20 23:20:14 +02:00
|
|
|
errhint("Specify an address range in CIDR notation, or provide a separate netmask."),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "end-of-line before netmask specification";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
tokens = lfirst(field);
|
|
|
|
|
if (tokens->length > 1)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2012-06-10 21:20:04 +02:00
|
|
|
errmsg("multiple values specified for netmask"),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "multiple values specified for netmask";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2009-10-01 03:58:58 +02:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
token = linitial(tokens);
|
2009-10-01 03:58:58 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
ret = pg_getaddrinfo_all(token->string, NULL,
|
|
|
|
|
&hints, &gai_result);
|
2009-10-01 03:58:58 +02:00
|
|
|
if (ret || !gai_result)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2009-10-01 03:58:58 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid IP mask \"%s\": %s",
|
2011-06-20 23:20:14 +02:00
|
|
|
token->string, gai_strerror(ret)),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("invalid IP mask \"%s\": %s",
|
|
|
|
|
token->string, gai_strerror(ret));
|
2009-10-01 03:58:58 +02:00
|
|
|
if (gai_result)
|
|
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2009-10-01 03:58:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memcpy(&parsedline->mask, gai_result->ai_addr,
|
|
|
|
|
gai_result->ai_addrlen);
|
|
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
|
|
|
|
|
|
|
|
|
if (parsedline->addr.ss_family != parsedline->mask.ss_family)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2009-10-01 03:58:58 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2010-05-26 18:43:13 +02:00
|
|
|
errmsg("IP address and mask do not match"),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "IP address and mask do not match";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2009-10-01 03:58:58 +02:00
|
|
|
}
|
2004-05-20 00:06:16 +02:00
|
|
|
}
|
2003-06-12 09:36:51 +02:00
|
|
|
}
|
2009-06-11 16:49:15 +02:00
|
|
|
} /* != ctLocal */
|
2008-09-15 14:32:57 +02:00
|
|
|
|
|
|
|
|
/* Get the authentication method */
|
2011-06-20 23:20:14 +02:00
|
|
|
field = lnext(field);
|
|
|
|
|
if (!field)
|
2008-10-27 21:04:45 +01:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-10-27 21:04:45 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("end-of-line before authentication method"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "end-of-line before authentication method";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
tokens = lfirst(field);
|
|
|
|
|
if (tokens->length > 1)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("multiple values specified for authentication type"),
|
|
|
|
|
errhint("Specify exactly one authentication type per line."),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "multiple values specified for authentication type";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2008-10-27 21:04:45 +01:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
token = linitial(tokens);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
unsupauth = NULL;
|
2011-06-20 23:20:14 +02:00
|
|
|
if (strcmp(token->string, "trust") == 0)
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->auth_method = uaTrust;
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "ident") == 0)
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->auth_method = uaIdent;
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "peer") == 0)
|
2011-03-19 18:44:35 +01:00
|
|
|
parsedline->auth_method = uaPeer;
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "password") == 0)
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->auth_method = uaPassword;
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "gss") == 0)
|
2008-09-15 14:32:57 +02:00
|
|
|
#ifdef ENABLE_GSS
|
|
|
|
|
parsedline->auth_method = uaGSS;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "gss";
|
|
|
|
|
#endif
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "sspi") == 0)
|
2008-09-15 14:32:57 +02:00
|
|
|
#ifdef ENABLE_SSPI
|
|
|
|
|
parsedline->auth_method = uaSSPI;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "sspi";
|
|
|
|
|
#endif
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "reject") == 0)
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->auth_method = uaReject;
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "md5") == 0)
|
2008-11-20 21:45:30 +01:00
|
|
|
{
|
|
|
|
|
if (Db_user_namespace)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-11-20 21:45:30 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2010-05-26 18:43:13 +02:00
|
|
|
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "MD5 authentication is not supported when \"db_user_namespace\" is enabled";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2008-11-20 21:45:30 +01:00
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
parsedline->auth_method = uaMD5;
|
2008-11-20 21:45:30 +01:00
|
|
|
}
|
2017-04-18 13:50:50 +02:00
|
|
|
else if (strcmp(token->string, "scram-sha-256") == 0)
|
Allow SCRAM authentication, when pg_hba.conf says 'md5'.
If a user has a SCRAM verifier in pg_authid.rolpassword, there's no reason
we cannot attempt to perform SCRAM authentication instead of MD5. The worst
that can happen is that the client doesn't support SCRAM, and the
authentication will fail. But previously, it would fail for sure, because
we would not even try. SCRAM is strictly more secure than MD5, so there's
no harm in trying it. This allows for a more graceful transition from MD5
passwords to SCRAM, as user passwords can be changed to SCRAM verifiers
incrementally, without changing pg_hba.conf.
Refactor the code in auth.c to support that better. Notably, we now have to
look up the user's pg_authid entry before sending the password challenge,
also when performing MD5 authentication. Also simplify the concept of a
"doomed" authentication. Previously, if a user had a password, but it had
expired, we still performed SCRAM authentication (but always returned error
at the end) using the salt and iteration count from the expired password.
Now we construct a fake salt, like we do when the user doesn't have a
password or doesn't exist at all. That simplifies get_role_password(), and
we can don't need to distinguish the "user has expired password", and
"user does not exist" cases in auth.c.
On second thoughts, also rename uaSASL to uaSCRAM. It refers to the
mechanism specified in pg_hba.conf, and while we use SASL for SCRAM
authentication at the protocol level, the mechanism should be called SCRAM,
not SASL. As a comparison, we have uaLDAP, even though it looks like the
plain 'password' authentication at the protocol level.
Discussion: https://www.postgresql.org/message-id/6425.1489506016@sss.pgh.pa.us
Reviewed-by: Michael Paquier
2017-03-24 12:32:21 +01:00
|
|
|
parsedline->auth_method = uaSCRAM;
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "pam") == 0)
|
2008-09-15 14:32:57 +02:00
|
|
|
#ifdef USE_PAM
|
|
|
|
|
parsedline->auth_method = uaPAM;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "pam";
|
2016-04-08 19:51:54 +02:00
|
|
|
#endif
|
|
|
|
|
else if (strcmp(token->string, "bsd") == 0)
|
|
|
|
|
#ifdef USE_BSD_AUTH
|
|
|
|
|
parsedline->auth_method = uaBSD;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "bsd";
|
2008-09-15 14:32:57 +02:00
|
|
|
#endif
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "ldap") == 0)
|
2008-09-15 14:32:57 +02:00
|
|
|
#ifdef USE_LDAP
|
|
|
|
|
parsedline->auth_method = uaLDAP;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "ldap";
|
2008-11-20 12:48:26 +01:00
|
|
|
#endif
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "cert") == 0)
|
2008-11-20 12:48:26 +01:00
|
|
|
#ifdef USE_SSL
|
|
|
|
|
parsedline->auth_method = uaCert;
|
|
|
|
|
#else
|
|
|
|
|
unsupauth = "cert";
|
2008-09-15 14:32:57 +02:00
|
|
|
#endif
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(token->string, "radius") == 0)
|
2010-01-27 13:12:00 +01:00
|
|
|
parsedline->auth_method = uaRADIUS;
|
2008-09-15 14:32:57 +02:00
|
|
|
else
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-09-15 14:32:57 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid authentication method \"%s\"",
|
2011-06-20 23:20:14 +02:00
|
|
|
token->string),
|
2008-09-15 22:55:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("invalid authentication method \"%s\"",
|
|
|
|
|
token->string);
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2008-09-15 14:32:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (unsupauth)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-09-15 14:32:57 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2011-04-26 21:56:28 +02:00
|
|
|
errmsg("invalid authentication method \"%s\": not supported by this build",
|
2011-06-20 23:20:14 +02:00
|
|
|
token->string),
|
2008-09-15 22:55:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
2009-06-11 16:49:15 +02:00
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("invalid authentication method \"%s\": not supported by this build",
|
|
|
|
|
token->string);
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2008-09-15 14:32:57 +02:00
|
|
|
}
|
|
|
|
|
|
2011-03-19 18:44:35 +01:00
|
|
|
/*
|
|
|
|
|
* XXX: When using ident on local connections, change it to peer, for
|
|
|
|
|
* backwards compatibility.
|
|
|
|
|
*/
|
|
|
|
|
if (parsedline->conntype == ctLocal &&
|
|
|
|
|
parsedline->auth_method == uaIdent)
|
|
|
|
|
parsedline->auth_method = uaPeer;
|
|
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/* Invalid authentication combinations */
|
2010-03-08 10:57:26 +01:00
|
|
|
if (parsedline->conntype == ctLocal &&
|
|
|
|
|
parsedline->auth_method == uaGSS)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2010-03-08 10:57:26 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errmsg("gssapi authentication is not supported on local sockets"),
|
2010-03-08 10:57:26 +01:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "gssapi authentication is not supported on local sockets";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2010-03-08 10:57:26 +01:00
|
|
|
}
|
2010-07-06 21:19:02 +02:00
|
|
|
|
2011-03-19 18:44:35 +01:00
|
|
|
if (parsedline->conntype != ctLocal &&
|
|
|
|
|
parsedline->auth_method == uaPeer)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-03-19 18:44:35 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errmsg("peer authentication is only supported on local sockets"),
|
2011-03-19 18:44:35 +01:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "peer authentication is only supported on local sockets";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2011-03-19 18:44:35 +01:00
|
|
|
}
|
|
|
|
|
|
2010-03-08 10:57:26 +01:00
|
|
|
/*
|
2010-07-06 21:19:02 +02:00
|
|
|
* SSPI authentication can never be enabled on ctLocal connections,
|
|
|
|
|
* because it's only supported on Windows, where ctLocal isn't supported.
|
2010-03-08 10:57:26 +01:00
|
|
|
*/
|
2012-01-27 20:39:38 +01:00
|
|
|
|
|
|
|
|
|
2008-11-20 12:48:26 +01:00
|
|
|
if (parsedline->conntype != ctHostSSL &&
|
|
|
|
|
parsedline->auth_method == uaCert)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-11-20 12:48:26 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("cert authentication is only supported on hostssl connections"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "cert authentication is only supported on hostssl connections";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2008-11-20 12:48:26 +01:00
|
|
|
}
|
|
|
|
|
|
2015-11-06 17:18:27 +01:00
|
|
|
/*
|
|
|
|
|
* For GSS and SSPI, set the default value of include_realm to true.
|
|
|
|
|
* Having include_realm set to false is dangerous in multi-realm
|
|
|
|
|
* situations and is generally considered bad practice. We keep the
|
|
|
|
|
* capability around for backwards compatibility, but we might want to
|
|
|
|
|
* remove it at some point in the future. Users who still need to strip
|
|
|
|
|
* the realm off would be better served by using an appropriate regex in a
|
|
|
|
|
* pg_ident.conf mapping.
|
|
|
|
|
*/
|
|
|
|
|
if (parsedline->auth_method == uaGSS ||
|
|
|
|
|
parsedline->auth_method == uaSSPI)
|
|
|
|
|
parsedline->include_realm = true;
|
|
|
|
|
|
2016-04-08 20:23:52 +02:00
|
|
|
/*
|
|
|
|
|
* For SSPI, include_realm defaults to the SAM-compatible domain (aka
|
|
|
|
|
* NetBIOS name) and user names instead of the Kerberos principal name for
|
|
|
|
|
* compatibility.
|
|
|
|
|
*/
|
|
|
|
|
if (parsedline->auth_method == uaSSPI)
|
|
|
|
|
{
|
|
|
|
|
parsedline->compat_realm = true;
|
|
|
|
|
parsedline->upn_username = false;
|
|
|
|
|
}
|
|
|
|
|
|
2008-10-23 15:31:10 +02:00
|
|
|
/* Parse remaining arguments */
|
2011-06-20 23:20:14 +02:00
|
|
|
while ((field = lnext(field)) != NULL)
|
2008-09-15 14:32:57 +02:00
|
|
|
{
|
2011-06-20 23:20:14 +02:00
|
|
|
tokens = lfirst(field);
|
|
|
|
|
foreach(tokencell, tokens)
|
2003-09-05 22:31:36 +02:00
|
|
|
{
|
2011-06-20 23:20:14 +02:00
|
|
|
char *val;
|
2012-06-10 21:20:04 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
token = lfirst(tokencell);
|
|
|
|
|
|
|
|
|
|
str = pstrdup(token->string);
|
|
|
|
|
val = strchr(str, '=');
|
|
|
|
|
if (val == NULL)
|
2008-11-20 10:29:36 +01:00
|
|
|
{
|
|
|
|
|
/*
|
2011-06-20 23:20:14 +02:00
|
|
|
* Got something that's not a name=value pair.
|
2008-11-20 10:29:36 +01:00
|
|
|
*/
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2008-10-23 15:31:10 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2011-06-20 23:20:14 +02:00
|
|
|
errmsg("authentication option not in name=value format: %s", token->string),
|
2008-10-23 15:31:10 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("authentication option not in name=value format: %s",
|
|
|
|
|
token->string);
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2003-09-05 22:31:36 +02:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
|
2012-06-10 21:20:04 +02:00
|
|
|
*val++ = '\0'; /* str now holds "name", val holds "value" */
|
2017-01-31 00:00:26 +01:00
|
|
|
if (!parse_hba_auth_opt(str, val, parsedline, elevel, err_msg))
|
2011-06-20 23:20:14 +02:00
|
|
|
/* parse_hba_auth_opt already logged the error message */
|
|
|
|
|
return NULL;
|
|
|
|
|
pfree(str);
|
2003-09-05 22:31:36 +02:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2008-10-23 15:31:10 +02:00
|
|
|
|
|
|
|
|
/*
|
2009-06-11 16:49:15 +02:00
|
|
|
* Check if the selected authentication method has any mandatory arguments
|
|
|
|
|
* that are not set.
|
2008-10-23 15:31:10 +02:00
|
|
|
*/
|
|
|
|
|
if (parsedline->auth_method == uaLDAP)
|
|
|
|
|
{
|
|
|
|
|
MANDATORY_AUTH_ARG(parsedline->ldapserver, "ldapserver", "ldap");
|
2009-12-12 22:35:21 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* LDAP can operate in two modes: either with a direct bind, using
|
2010-02-26 03:01:40 +01:00
|
|
|
* ldapprefix and ldapsuffix, or using a search+bind, using
|
2017-09-12 15:46:14 +02:00
|
|
|
* ldapbasedn, ldapbinddn, ldapbindpasswd and one of
|
|
|
|
|
* ldapsearchattribute or ldapsearchfilter. Disallow mixing these
|
|
|
|
|
* parameters.
|
2009-12-12 22:35:21 +01:00
|
|
|
*/
|
|
|
|
|
if (parsedline->ldapprefix || parsedline->ldapsuffix)
|
|
|
|
|
{
|
|
|
|
|
if (parsedline->ldapbasedn ||
|
|
|
|
|
parsedline->ldapbinddn ||
|
|
|
|
|
parsedline->ldapbindpasswd ||
|
2017-09-12 15:46:14 +02:00
|
|
|
parsedline->ldapsearchattribute ||
|
|
|
|
|
parsedline->ldapsearchfilter)
|
2009-12-12 22:35:21 +01:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2009-12-12 22:35:21 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2017-09-12 15:46:14 +02:00
|
|
|
errmsg("cannot use ldapbasedn, ldapbinddn, ldapbindpasswd, ldapsearchattribute, ldapsearchfilter or ldapurl together with ldapprefix"),
|
2009-12-12 22:35:21 +01:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-09-12 15:46:14 +02:00
|
|
|
*err_msg = "cannot use ldapbasedn, ldapbinddn, ldapbindpasswd, ldapsearchattribute, ldapsearchfilter or ldapurl together with ldapprefix";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2009-12-12 22:35:21 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (!parsedline->ldapbasedn)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2009-12-12 22:35:21 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2010-03-21 01:17:59 +01:00
|
|
|
errmsg("authentication method \"ldap\" requires argument \"ldapbasedn\", \"ldapprefix\", or \"ldapsuffix\" to be set"),
|
2009-12-12 22:35:21 +01:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "authentication method \"ldap\" requires argument \"ldapbasedn\", \"ldapprefix\", or \"ldapsuffix\" to be set";
|
2011-06-20 23:20:14 +02:00
|
|
|
return NULL;
|
2009-12-12 22:35:21 +01:00
|
|
|
}
|
2017-09-12 15:46:14 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* When using search+bind, you can either use a simple attribute
|
|
|
|
|
* (defaulting to "uid") or a fully custom search filter. You can't
|
|
|
|
|
* do both.
|
|
|
|
|
*/
|
|
|
|
|
if (parsedline->ldapsearchattribute && parsedline->ldapsearchfilter)
|
|
|
|
|
{
|
|
|
|
|
ereport(elevel,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("cannot use ldapsearchattribute together with ldapsearchfilter"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
*err_msg = "cannot use ldapsearchattribute together with ldapsearchfilter";
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
2008-11-20 12:48:26 +01:00
|
|
|
|
2010-01-27 13:12:00 +01:00
|
|
|
if (parsedline->auth_method == uaRADIUS)
|
|
|
|
|
{
|
2017-03-22 17:55:16 +01:00
|
|
|
MANDATORY_AUTH_ARG(parsedline->radiusservers, "radiusservers", "radius");
|
|
|
|
|
MANDATORY_AUTH_ARG(parsedline->radiussecrets, "radiussecrets", "radius");
|
|
|
|
|
|
|
|
|
|
if (list_length(parsedline->radiusservers) < 1)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("list of RADIUS servers cannot be empty"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (list_length(parsedline->radiussecrets) < 1)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("list of RADIUS secrets cannot be empty"),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Verify length of option lists - each can be 0 (except for secrets,
|
|
|
|
|
* but that's already checked above), 1 (use the same value
|
|
|
|
|
* everywhere) or the same as the number of servers.
|
|
|
|
|
*/
|
|
|
|
|
if (!verify_option_list_length(parsedline->radiussecrets,
|
|
|
|
|
"RADIUS secrets",
|
|
|
|
|
parsedline->radiusservers,
|
|
|
|
|
"RADIUS servers",
|
|
|
|
|
line_num))
|
|
|
|
|
return NULL;
|
|
|
|
|
if (!verify_option_list_length(parsedline->radiusports,
|
|
|
|
|
"RADIUS ports",
|
|
|
|
|
parsedline->radiusservers,
|
|
|
|
|
"RADIUS servers",
|
|
|
|
|
line_num))
|
|
|
|
|
return NULL;
|
|
|
|
|
if (!verify_option_list_length(parsedline->radiusidentifiers,
|
|
|
|
|
"RADIUS identifiers",
|
|
|
|
|
parsedline->radiusservers,
|
|
|
|
|
"RADIUS servers",
|
|
|
|
|
line_num))
|
|
|
|
|
return NULL;
|
2010-01-27 13:12:00 +01:00
|
|
|
}
|
|
|
|
|
|
2008-11-20 12:48:26 +01:00
|
|
|
/*
|
|
|
|
|
* Enforce any parameters implied by other settings.
|
|
|
|
|
*/
|
|
|
|
|
if (parsedline->auth_method == uaCert)
|
|
|
|
|
{
|
|
|
|
|
parsedline->clientcert = true;
|
|
|
|
|
}
|
2009-06-11 16:49:15 +02:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
return parsedline;
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
|
|
|
|
|
2017-03-22 17:55:16 +01:00
|
|
|
|
|
|
|
|
static bool
|
2017-10-31 15:34:31 +01:00
|
|
|
verify_option_list_length(List *options, const char *optionname, List *masters, const char *mastername, int line_num)
|
2017-03-22 17:55:16 +01:00
|
|
|
{
|
|
|
|
|
if (list_length(options) == 0 ||
|
|
|
|
|
list_length(options) == 1 ||
|
|
|
|
|
list_length(options) == list_length(masters))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2017-09-11 17:20:47 +02:00
|
|
|
errmsg("the number of %s (%d) must be 1 or the same as the number of %s (%d)",
|
2017-03-22 17:55:16 +01:00
|
|
|
optionname,
|
|
|
|
|
list_length(options),
|
|
|
|
|
mastername,
|
|
|
|
|
list_length(masters)
|
|
|
|
|
),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2011-06-20 23:20:14 +02:00
|
|
|
* Parse one name-value pair as an authentication option into the given
|
|
|
|
|
* HbaLine. Return true if we successfully parse the option, false if we
|
2017-01-31 00:00:26 +01:00
|
|
|
* encounter an error. In the event of an error, also log a message at
|
|
|
|
|
* ereport level elevel, and store a message string into *err_msg.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
|
|
|
|
static bool
|
2017-01-31 00:00:26 +01:00
|
|
|
parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline,
|
|
|
|
|
int elevel, char **err_msg)
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
int line_num = hbaline->linenumber;
|
|
|
|
|
|
2012-12-04 12:41:21 +01:00
|
|
|
#ifdef USE_LDAP
|
2012-12-04 05:29:56 +01:00
|
|
|
hbaline->ldapscope = LDAP_SCOPE_SUBTREE;
|
2012-12-04 12:41:21 +01:00
|
|
|
#endif
|
2012-12-04 05:29:56 +01:00
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
if (strcmp(name, "map") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (hbaline->auth_method != uaIdent &&
|
|
|
|
|
hbaline->auth_method != uaPeer &&
|
|
|
|
|
hbaline->auth_method != uaGSS &&
|
|
|
|
|
hbaline->auth_method != uaSSPI &&
|
|
|
|
|
hbaline->auth_method != uaCert)
|
2014-01-15 17:24:01 +01:00
|
|
|
INVALID_AUTH_OPTION("map", gettext_noop("ident, peer, gssapi, sspi, and cert"));
|
2011-06-20 23:20:14 +02:00
|
|
|
hbaline->usermap = pstrdup(val);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "clientcert") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (hbaline->conntype != ctHostSSL)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errmsg("clientcert can only be configured for \"hostssl\" rows"),
|
2012-06-10 21:20:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "clientcert can only be configured for \"hostssl\" rows";
|
2011-06-20 23:20:14 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (strcmp(val, "1") == 0)
|
|
|
|
|
{
|
|
|
|
|
hbaline->clientcert = true;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (hbaline->auth_method == uaCert)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("clientcert can not be set to 0 when using \"cert\" authentication"),
|
2012-06-10 21:20:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "clientcert can not be set to 0 when using \"cert\" authentication";
|
2011-06-20 23:20:14 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
hbaline->clientcert = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "pamservice") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaPAM, "pamservice", "pam");
|
|
|
|
|
hbaline->pamservice = pstrdup(val);
|
|
|
|
|
}
|
2016-04-08 16:45:16 +02:00
|
|
|
else if (strcmp(name, "pam_use_hostname") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaPAM, "pam_use_hostname", "pam");
|
|
|
|
|
if (strcmp(val, "1") == 0)
|
|
|
|
|
hbaline->pam_use_hostname = true;
|
|
|
|
|
else
|
|
|
|
|
hbaline->pam_use_hostname = false;
|
|
|
|
|
|
|
|
|
|
}
|
2012-12-04 05:29:56 +01:00
|
|
|
else if (strcmp(name, "ldapurl") == 0)
|
|
|
|
|
{
|
2012-12-04 12:41:21 +01:00
|
|
|
#ifdef LDAP_API_FEATURE_X_OPENLDAP
|
2012-12-04 05:29:56 +01:00
|
|
|
LDAPURLDesc *urldata;
|
2013-05-29 22:58:43 +02:00
|
|
|
int rc;
|
2012-12-04 12:41:21 +01:00
|
|
|
#endif
|
2012-12-04 05:29:56 +01:00
|
|
|
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapurl", "ldap");
|
|
|
|
|
#ifdef LDAP_API_FEATURE_X_OPENLDAP
|
|
|
|
|
rc = ldap_url_parse(val, &urldata);
|
|
|
|
|
if (rc != LDAP_SUCCESS)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2013-05-29 22:58:43 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("could not parse LDAP URL \"%s\": %s", val, ldap_err2string(rc))));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("could not parse LDAP URL \"%s\": %s",
|
|
|
|
|
val, ldap_err2string(rc));
|
2012-12-04 05:29:56 +01:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strcmp(urldata->lud_scheme, "ldap") != 0)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2012-12-04 05:29:56 +01:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errmsg("unsupported LDAP URL scheme: %s", urldata->lud_scheme)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("unsupported LDAP URL scheme: %s",
|
|
|
|
|
urldata->lud_scheme);
|
2012-12-04 05:29:56 +01:00
|
|
|
ldap_free_urldesc(urldata);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-10 20:21:32 +01:00
|
|
|
if (urldata->lud_host)
|
|
|
|
|
hbaline->ldapserver = pstrdup(urldata->lud_host);
|
2012-12-04 05:29:56 +01:00
|
|
|
hbaline->ldapport = urldata->lud_port;
|
2017-11-10 20:21:32 +01:00
|
|
|
if (urldata->lud_dn)
|
|
|
|
|
hbaline->ldapbasedn = pstrdup(urldata->lud_dn);
|
2012-12-04 05:29:56 +01:00
|
|
|
|
|
|
|
|
if (urldata->lud_attrs)
|
Phase 2 of pgindent updates.
Change pg_bsd_indent to follow upstream rules for placement of comments
to the right of code, and remove pgindent hack that caused comments
following #endif to not obey the general rule.
Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using
the published version of pg_bsd_indent, but a hacked-up version that
tried to minimize the amount of movement of comments to the right of
code. The situation of interest is where such a comment has to be
moved to the right of its default placement at column 33 because there's
code there. BSD indent has always moved right in units of tab stops
in such cases --- but in the previous incarnation, indent was working
in 8-space tab stops, while now it knows we use 4-space tabs. So the
net result is that in about half the cases, such comments are placed
one tab stop left of before. This is better all around: it leaves
more room on the line for comment text, and it means that in such
cases the comment uniformly starts at the next 4-space tab stop after
the code, rather than sometimes one and sometimes two tabs after.
Also, ensure that comments following #endif are indented the same
as comments following other preprocessor commands such as #else.
That inconsistency turns out to have been self-inflicted damage
from a poorly-thought-through post-indent "fixup" in pgindent.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:18:54 +02:00
|
|
|
hbaline->ldapsearchattribute = pstrdup(urldata->lud_attrs[0]); /* only use first one */
|
2012-12-04 05:29:56 +01:00
|
|
|
hbaline->ldapscope = urldata->lud_scope;
|
|
|
|
|
if (urldata->lud_filter)
|
2017-09-12 15:46:14 +02:00
|
|
|
hbaline->ldapsearchfilter = pstrdup(urldata->lud_filter);
|
2012-12-04 05:29:56 +01:00
|
|
|
ldap_free_urldesc(urldata);
|
2013-05-29 22:58:43 +02:00
|
|
|
#else /* not OpenLDAP */
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2012-12-04 05:29:56 +01:00
|
|
|
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
|
|
|
|
errmsg("LDAP URLs not supported on this platform")));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = "LDAP URLs not supported on this platform";
|
Phase 2 of pgindent updates.
Change pg_bsd_indent to follow upstream rules for placement of comments
to the right of code, and remove pgindent hack that caused comments
following #endif to not obey the general rule.
Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using
the published version of pg_bsd_indent, but a hacked-up version that
tried to minimize the amount of movement of comments to the right of
code. The situation of interest is where such a comment has to be
moved to the right of its default placement at column 33 because there's
code there. BSD indent has always moved right in units of tab stops
in such cases --- but in the previous incarnation, indent was working
in 8-space tab stops, while now it knows we use 4-space tabs. So the
net result is that in about half the cases, such comments are placed
one tab stop left of before. This is better all around: it leaves
more room on the line for comment text, and it means that in such
cases the comment uniformly starts at the next 4-space tab stop after
the code, rather than sometimes one and sometimes two tabs after.
Also, ensure that comments following #endif are indented the same
as comments following other preprocessor commands such as #else.
That inconsistency turns out to have been self-inflicted damage
from a poorly-thought-through post-indent "fixup" in pgindent.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:18:54 +02:00
|
|
|
#endif /* not OpenLDAP */
|
2012-12-04 05:29:56 +01:00
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(name, "ldaptls") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldaptls", "ldap");
|
|
|
|
|
if (strcmp(val, "1") == 0)
|
|
|
|
|
hbaline->ldaptls = true;
|
|
|
|
|
else
|
|
|
|
|
hbaline->ldaptls = false;
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "ldapserver") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapserver", "ldap");
|
|
|
|
|
hbaline->ldapserver = pstrdup(val);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "ldapport") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapport", "ldap");
|
|
|
|
|
hbaline->ldapport = atoi(val);
|
|
|
|
|
if (hbaline->ldapport == 0)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid LDAP port number: \"%s\"", val),
|
2012-06-10 21:20:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("invalid LDAP port number: \"%s\"", val);
|
2011-06-20 23:20:14 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "ldapbinddn") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapbinddn", "ldap");
|
|
|
|
|
hbaline->ldapbinddn = pstrdup(val);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "ldapbindpasswd") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapbindpasswd", "ldap");
|
|
|
|
|
hbaline->ldapbindpasswd = pstrdup(val);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "ldapsearchattribute") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapsearchattribute", "ldap");
|
|
|
|
|
hbaline->ldapsearchattribute = pstrdup(val);
|
|
|
|
|
}
|
2017-09-12 15:46:14 +02:00
|
|
|
else if (strcmp(name, "ldapsearchfilter") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapsearchfilter", "ldap");
|
|
|
|
|
hbaline->ldapsearchfilter = pstrdup(val);
|
|
|
|
|
}
|
2011-06-20 23:20:14 +02:00
|
|
|
else if (strcmp(name, "ldapbasedn") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapbasedn", "ldap");
|
|
|
|
|
hbaline->ldapbasedn = pstrdup(val);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "ldapprefix") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapprefix", "ldap");
|
|
|
|
|
hbaline->ldapprefix = pstrdup(val);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "ldapsuffix") == 0)
|
|
|
|
|
{
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaLDAP, "ldapsuffix", "ldap");
|
|
|
|
|
hbaline->ldapsuffix = pstrdup(val);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "krb_realm") == 0)
|
|
|
|
|
{
|
2014-01-15 17:24:01 +01:00
|
|
|
if (hbaline->auth_method != uaGSS &&
|
2011-06-20 23:20:14 +02:00
|
|
|
hbaline->auth_method != uaSSPI)
|
2014-01-15 17:24:01 +01:00
|
|
|
INVALID_AUTH_OPTION("krb_realm", gettext_noop("gssapi and sspi"));
|
2011-06-20 23:20:14 +02:00
|
|
|
hbaline->krb_realm = pstrdup(val);
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "include_realm") == 0)
|
|
|
|
|
{
|
2014-01-15 17:24:01 +01:00
|
|
|
if (hbaline->auth_method != uaGSS &&
|
2011-06-20 23:20:14 +02:00
|
|
|
hbaline->auth_method != uaSSPI)
|
2014-01-15 17:24:01 +01:00
|
|
|
INVALID_AUTH_OPTION("include_realm", gettext_noop("gssapi and sspi"));
|
2011-06-20 23:20:14 +02:00
|
|
|
if (strcmp(val, "1") == 0)
|
|
|
|
|
hbaline->include_realm = true;
|
|
|
|
|
else
|
|
|
|
|
hbaline->include_realm = false;
|
|
|
|
|
}
|
2016-04-08 20:23:52 +02:00
|
|
|
else if (strcmp(name, "compat_realm") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (hbaline->auth_method != uaSSPI)
|
|
|
|
|
INVALID_AUTH_OPTION("compat_realm", gettext_noop("sspi"));
|
|
|
|
|
if (strcmp(val, "1") == 0)
|
|
|
|
|
hbaline->compat_realm = true;
|
|
|
|
|
else
|
|
|
|
|
hbaline->compat_realm = false;
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(name, "upn_username") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (hbaline->auth_method != uaSSPI)
|
|
|
|
|
INVALID_AUTH_OPTION("upn_username", gettext_noop("sspi"));
|
|
|
|
|
if (strcmp(val, "1") == 0)
|
|
|
|
|
hbaline->upn_username = true;
|
|
|
|
|
else
|
|
|
|
|
hbaline->upn_username = false;
|
|
|
|
|
}
|
2017-03-22 17:55:16 +01:00
|
|
|
else if (strcmp(name, "radiusservers") == 0)
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
|
|
|
|
struct addrinfo *gai_result;
|
|
|
|
|
struct addrinfo hints;
|
2012-06-10 21:20:04 +02:00
|
|
|
int ret;
|
2017-03-22 17:55:16 +01:00
|
|
|
List *parsed_servers;
|
|
|
|
|
ListCell *l;
|
2017-05-17 22:31:56 +02:00
|
|
|
char *dupval = pstrdup(val);
|
2011-06-20 23:20:14 +02:00
|
|
|
|
2017-03-22 17:55:16 +01:00
|
|
|
REQUIRE_AUTH_OPTION(uaRADIUS, "radiusservers", "radius");
|
2011-06-20 23:20:14 +02:00
|
|
|
|
2017-03-22 17:55:16 +01:00
|
|
|
if (!SplitIdentifierString(dupval, ',', &parsed_servers))
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
2017-03-22 17:55:16 +01:00
|
|
|
/* syntax error in list */
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2017-03-22 17:55:16 +01:00
|
|
|
errmsg("could not parse RADIUS server list \"%s\"",
|
|
|
|
|
val),
|
2012-06-10 21:20:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2011-06-20 23:20:14 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
2017-03-22 17:55:16 +01:00
|
|
|
|
|
|
|
|
/* For each entry in the list, translate it */
|
|
|
|
|
foreach(l, parsed_servers)
|
|
|
|
|
{
|
|
|
|
|
MemSet(&hints, 0, sizeof(hints));
|
|
|
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
|
|
|
hints.ai_family = AF_UNSPEC;
|
|
|
|
|
|
|
|
|
|
ret = pg_getaddrinfo_all((char *) lfirst(l), NULL, &hints, &gai_result);
|
|
|
|
|
if (ret || !gai_result)
|
|
|
|
|
{
|
|
|
|
|
ereport(elevel,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("could not translate RADIUS server name \"%s\" to address: %s",
|
|
|
|
|
(char *) lfirst(l), gai_strerror(ret)),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
if (gai_result)
|
|
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
|
|
|
|
|
|
|
|
|
list_free(parsed_servers);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
pg_freeaddrinfo_all(hints.ai_family, gai_result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* All entries are OK, so store them */
|
|
|
|
|
hbaline->radiusservers = parsed_servers;
|
|
|
|
|
hbaline->radiusservers_s = pstrdup(val);
|
2011-06-20 23:20:14 +02:00
|
|
|
}
|
2017-03-22 17:55:16 +01:00
|
|
|
else if (strcmp(name, "radiusports") == 0)
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
2017-03-22 17:55:16 +01:00
|
|
|
List *parsed_ports;
|
|
|
|
|
ListCell *l;
|
2017-05-17 22:31:56 +02:00
|
|
|
char *dupval = pstrdup(val);
|
2017-03-22 17:55:16 +01:00
|
|
|
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaRADIUS, "radiusports", "radius");
|
|
|
|
|
|
|
|
|
|
if (!SplitIdentifierString(dupval, ',', &parsed_ports))
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2017-03-22 17:55:16 +01:00
|
|
|
errmsg("could not parse RADIUS port list \"%s\"",
|
|
|
|
|
val),
|
2012-06-10 21:20:04 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("invalid RADIUS port number: \"%s\"", val);
|
2011-06-20 23:20:14 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
2017-03-22 17:55:16 +01:00
|
|
|
|
|
|
|
|
foreach(l, parsed_ports)
|
|
|
|
|
{
|
|
|
|
|
if (atoi(lfirst(l)) == 0)
|
|
|
|
|
{
|
|
|
|
|
ereport(elevel,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("invalid RADIUS port number: \"%s\"", val),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
hbaline->radiusports = parsed_ports;
|
|
|
|
|
hbaline->radiusports_s = pstrdup(val);
|
2011-06-20 23:20:14 +02:00
|
|
|
}
|
2017-03-22 17:55:16 +01:00
|
|
|
else if (strcmp(name, "radiussecrets") == 0)
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
2017-03-22 17:55:16 +01:00
|
|
|
List *parsed_secrets;
|
2017-05-17 22:31:56 +02:00
|
|
|
char *dupval = pstrdup(val);
|
2017-03-22 17:55:16 +01:00
|
|
|
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaRADIUS, "radiussecrets", "radius");
|
|
|
|
|
|
|
|
|
|
if (!SplitIdentifierString(dupval, ',', &parsed_secrets))
|
|
|
|
|
{
|
|
|
|
|
/* syntax error in list */
|
|
|
|
|
ereport(elevel,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("could not parse RADIUS secret list \"%s\"",
|
|
|
|
|
val),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hbaline->radiussecrets = parsed_secrets;
|
|
|
|
|
hbaline->radiussecrets_s = pstrdup(val);
|
2011-06-20 23:20:14 +02:00
|
|
|
}
|
2017-03-22 17:55:16 +01:00
|
|
|
else if (strcmp(name, "radiusidentifiers") == 0)
|
2011-06-20 23:20:14 +02:00
|
|
|
{
|
2017-03-22 17:55:16 +01:00
|
|
|
List *parsed_identifiers;
|
2017-05-17 22:31:56 +02:00
|
|
|
char *dupval = pstrdup(val);
|
2017-03-22 17:55:16 +01:00
|
|
|
|
|
|
|
|
REQUIRE_AUTH_OPTION(uaRADIUS, "radiusidentifiers", "radius");
|
|
|
|
|
|
|
|
|
|
if (!SplitIdentifierString(dupval, ',', &parsed_identifiers))
|
|
|
|
|
{
|
|
|
|
|
/* syntax error in list */
|
|
|
|
|
ereport(elevel,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("could not parse RADIUS identifiers list \"%s\"",
|
|
|
|
|
val),
|
|
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hbaline->radiusidentifiers = parsed_identifiers;
|
|
|
|
|
hbaline->radiusidentifiers_s = pstrdup(val);
|
2011-06-20 23:20:14 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ereport(elevel,
|
2011-06-20 23:20:14 +02:00
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
2012-06-10 21:20:04 +02:00
|
|
|
errmsg("unrecognized authentication option name: \"%s\"",
|
|
|
|
|
name),
|
2011-06-20 23:20:14 +02:00
|
|
|
errcontext("line %d of configuration file \"%s\"",
|
|
|
|
|
line_num, HbaFileName)));
|
2017-01-31 00:00:26 +01:00
|
|
|
*err_msg = psprintf("unrecognized authentication option name: \"%s\"",
|
|
|
|
|
name);
|
2011-06-20 23:20:14 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Scan the pre-parsed hba file, looking for a match to the port's connection
|
|
|
|
|
* request.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2001-07-30 16:50:24 +02:00
|
|
|
check_hba(hbaPort *port)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2009-08-29 21:26:52 +02:00
|
|
|
Oid roleid;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *line;
|
2009-06-11 16:49:15 +02:00
|
|
|
HbaLine *hba;
|
1999-05-25 18:15:34 +02:00
|
|
|
|
2009-08-29 21:26:52 +02:00
|
|
|
/* Get the target role's OID. Note we do not error out for bad role. */
|
2010-08-05 16:45:09 +02:00
|
|
|
roleid = get_role_oid(port->user_name, true);
|
2009-08-29 21:26:52 +02:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
foreach(line, parsed_hba_lines)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2008-09-15 14:32:57 +02:00
|
|
|
hba = (HbaLine *) lfirst(line);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/* Check connection type */
|
|
|
|
|
if (hba->conntype == ctLocal)
|
|
|
|
|
{
|
|
|
|
|
if (!IS_AF_UNIX(port->raddr.addr.ss_family))
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (IS_AF_UNIX(port->raddr.addr.ss_family))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Check SSL state */
|
Break out OpenSSL-specific code to separate files.
This refactoring is in preparation for adding support for other SSL
implementations, with no user-visible effects. There are now two #defines,
USE_OPENSSL which is defined when building with OpenSSL, and USE_SSL which
is defined when building with any SSL implementation. Currently, OpenSSL is
the only implementation so the two #defines go together, but USE_SSL is
supposed to be used for implementation-independent code.
The libpq SSL code is changed to use a custom BIO, which does all the raw
I/O, like we've been doing in the backend for a long time. That makes it
possible to use MSG_NOSIGNAL to block SIGPIPE when using SSL, which avoids
a couple of syscall for each send(). Probably doesn't make much performance
difference in practice - the SSL encryption is expensive enough to mask the
effect - but it was a natural result of this refactoring.
Based on a patch by Martijn van Oosterhout from 2006. Briefly reviewed by
Alvaro Herrera, Andreas Karlsson, Jeff Janes.
2014-08-11 10:54:19 +02:00
|
|
|
if (port->ssl_in_use)
|
2008-09-15 14:32:57 +02:00
|
|
|
{
|
|
|
|
|
/* Connection is SSL, match both "host" and "hostssl" */
|
|
|
|
|
if (hba->conntype == ctHostNoSSL)
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Connection is not SSL, match both "host" and "hostnossl" */
|
|
|
|
|
if (hba->conntype == ctHostSSL)
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check IP address */
|
2009-10-01 03:58:58 +02:00
|
|
|
switch (hba->ip_cmp_method)
|
2008-09-15 14:32:57 +02:00
|
|
|
{
|
2009-10-01 03:58:58 +02:00
|
|
|
case ipCmpMask:
|
2010-10-15 21:53:39 +02:00
|
|
|
if (hba->hostname)
|
|
|
|
|
{
|
|
|
|
|
if (!check_hostname(port,
|
|
|
|
|
hba->hostname))
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (!check_ip(&port->raddr,
|
2017-06-21 20:39:04 +02:00
|
|
|
(struct sockaddr *) &hba->addr,
|
|
|
|
|
(struct sockaddr *) &hba->mask))
|
2010-10-15 21:53:39 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
2009-10-01 03:58:58 +02:00
|
|
|
break;
|
2010-10-18 21:14:47 +02:00
|
|
|
case ipCmpAll:
|
|
|
|
|
break;
|
2009-10-01 03:58:58 +02:00
|
|
|
case ipCmpSameHost:
|
|
|
|
|
case ipCmpSameNet:
|
|
|
|
|
if (!check_same_host_or_net(&port->raddr,
|
|
|
|
|
hba->ip_cmp_method))
|
|
|
|
|
continue;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
/* shouldn't get here, but deem it no-match if so */
|
2008-09-15 14:32:57 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
2009-06-11 16:49:15 +02:00
|
|
|
} /* != ctLocal */
|
2008-09-15 14:32:57 +02:00
|
|
|
|
|
|
|
|
/* Check database and role */
|
2009-08-29 21:26:52 +02:00
|
|
|
if (!check_db(port->database_name, port->user_name, roleid,
|
2011-06-20 23:20:14 +02:00
|
|
|
hba->databases))
|
2008-09-15 14:32:57 +02:00
|
|
|
continue;
|
|
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
if (!check_role(port->user_name, roleid, hba->roles))
|
2008-09-15 14:32:57 +02:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Found a record that matched! */
|
|
|
|
|
port->hba = hba;
|
2011-06-20 23:20:14 +02:00
|
|
|
return;
|
1998-01-27 04:25:14 +01:00
|
|
|
}
|
2008-09-15 14:32:57 +02:00
|
|
|
|
2010-04-19 21:02:18 +02:00
|
|
|
/* If no matching entry was found, then implicitly reject. */
|
2008-09-15 14:32:57 +02:00
|
|
|
hba = palloc0(sizeof(HbaLine));
|
2010-04-19 21:02:18 +02:00
|
|
|
hba->auth_method = uaImplicitReject;
|
2008-09-15 14:32:57 +02:00
|
|
|
port->hba = hba;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Read the config file and create a List of HbaLine records for the contents.
|
|
|
|
|
*
|
2011-10-19 02:09:18 +02:00
|
|
|
* The configuration is read into a temporary list, and if any parse error
|
2014-05-06 18:12:18 +02:00
|
|
|
* occurs the old list is kept in place and false is returned. Only if the
|
2011-10-19 02:09:18 +02:00
|
|
|
* whole file parses OK is the list replaced, and the function returns true.
|
|
|
|
|
*
|
|
|
|
|
* On a false result, caller will take care of reporting a FATAL error in case
|
|
|
|
|
* this is the initial startup. If it happens on reload, we just keep running
|
|
|
|
|
* with the old data.
|
2008-09-15 14:32:57 +02:00
|
|
|
*/
|
|
|
|
|
bool
|
2001-08-01 00:55:45 +02:00
|
|
|
load_hba(void)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2004-10-10 01:13:22 +02:00
|
|
|
FILE *file;
|
2009-06-11 16:49:15 +02:00
|
|
|
List *hba_lines = NIL;
|
2017-01-27 19:43:00 +01:00
|
|
|
ListCell *line;
|
2009-06-11 16:49:15 +02:00
|
|
|
List *new_parsed_lines = NIL;
|
|
|
|
|
bool ok = true;
|
2012-06-10 21:20:04 +02:00
|
|
|
MemoryContext linecxt;
|
|
|
|
|
MemoryContext oldcxt;
|
|
|
|
|
MemoryContext hbacxt;
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2004-10-10 01:13:22 +02:00
|
|
|
file = AllocateFile(HbaFileName, "r");
|
2002-04-04 06:25:54 +02:00
|
|
|
if (file == NULL)
|
2009-03-04 09:43:15 +01:00
|
|
|
{
|
2009-03-04 19:43:38 +01:00
|
|
|
ereport(LOG,
|
2003-07-22 21:00:12 +02:00
|
|
|
(errcode_for_file_access(),
|
2003-09-25 08:58:07 +02:00
|
|
|
errmsg("could not open configuration file \"%s\": %m",
|
2004-10-10 01:13:22 +02:00
|
|
|
HbaFileName)));
|
2009-03-04 09:43:15 +01:00
|
|
|
return false;
|
|
|
|
|
}
|
2002-12-14 19:49:37 +01:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
|
2002-12-14 19:49:37 +01:00
|
|
|
FreeFile(file);
|
2008-09-15 14:32:57 +02:00
|
|
|
|
|
|
|
|
/* Now parse all the lines */
|
2015-07-02 00:55:39 +02:00
|
|
|
Assert(PostmasterContext);
|
|
|
|
|
hbacxt = AllocSetContextCreate(PostmasterContext,
|
2011-06-20 23:20:14 +02:00
|
|
|
"hba parser context",
|
Add macros to make AllocSetContextCreate() calls simpler and safer.
I found that half a dozen (nearly 5%) of our AllocSetContextCreate calls
had typos in the context-sizing parameters. While none of these led to
especially significant problems, they did create minor inefficiencies,
and it's now clear that expecting people to copy-and-paste those calls
accurately is not a great idea. Let's reduce the risk of future errors
by introducing single macros that encapsulate the common use-cases.
Three such macros are enough to cover all but two special-purpose contexts;
those two calls can be left as-is, I think.
While this patch doesn't in itself improve matters for third-party
extensions, it doesn't break anything for them either, and they can
gradually adopt the simplified notation over time.
In passing, change TopMemoryContext to use the default allocation
parameters. Formerly it could only be extended 8K at a time. That was
probably reasonable when this code was written; but nowadays we create
many more contexts than we did then, so that it's not unusual to have a
couple hundred K in TopMemoryContext, even without considering various
dubious code that sticks other things there. There seems no good reason
not to let it use growing blocks like most other contexts.
Back-patch to 9.6, mostly because that's still close enough to HEAD that
it's easy to do so, and keeping the branches in sync can be expected to
avoid some future back-patching pain. The bugs fixed by these changes
don't seem to be significant enough to justify fixing them further back.
Discussion: <21072.1472321324@sss.pgh.pa.us>
2016-08-27 23:50:38 +02:00
|
|
|
ALLOCSET_SMALL_SIZES);
|
2011-06-20 23:20:14 +02:00
|
|
|
oldcxt = MemoryContextSwitchTo(hbacxt);
|
2017-01-27 19:43:00 +01:00
|
|
|
foreach(line, hba_lines)
|
2008-09-15 14:32:57 +02:00
|
|
|
{
|
2017-01-27 19:43:00 +01:00
|
|
|
TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
|
2009-06-11 16:49:15 +02:00
|
|
|
HbaLine *newline;
|
2008-09-15 14:32:57 +02:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
/* don't parse lines that already have errors */
|
|
|
|
|
if (tok_line->err_msg != NULL)
|
2008-09-15 14:32:57 +02:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
ok = false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
|
|
|
|
|
{
|
|
|
|
|
/* Parse error; remember there's trouble */
|
2009-10-03 22:04:39 +02:00
|
|
|
ok = false;
|
2009-03-07 22:28:00 +01:00
|
|
|
|
|
|
|
|
/*
|
2009-06-11 16:49:15 +02:00
|
|
|
* Keep parsing the rest of the file so we can report errors on
|
2017-01-31 00:00:26 +01:00
|
|
|
* more than the first line. Error has already been logged, no
|
|
|
|
|
* need for more chatter here.
|
2009-03-07 22:28:00 +01:00
|
|
|
*/
|
|
|
|
|
continue;
|
2008-09-15 14:32:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
new_parsed_lines = lappend(new_parsed_lines, newline);
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-19 02:09:18 +02:00
|
|
|
/*
|
2012-06-10 21:20:04 +02:00
|
|
|
* A valid HBA file must have at least one entry; else there's no way to
|
|
|
|
|
* connect to the postmaster. But only complain about this if we didn't
|
|
|
|
|
* already have parsing errors.
|
2011-10-19 02:09:18 +02:00
|
|
|
*/
|
|
|
|
|
if (ok && new_parsed_lines == NIL)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
|
|
|
errmsg("configuration file \"%s\" contains no entries",
|
|
|
|
|
HbaFileName)));
|
|
|
|
|
ok = false;
|
|
|
|
|
}
|
|
|
|
|
|
2011-06-20 23:20:14 +02:00
|
|
|
/* Free tokenizer memory */
|
|
|
|
|
MemoryContextDelete(linecxt);
|
|
|
|
|
MemoryContextSwitchTo(oldcxt);
|
2009-10-03 22:04:39 +02:00
|
|
|
|
2009-03-07 22:28:00 +01:00
|
|
|
if (!ok)
|
|
|
|
|
{
|
2011-10-19 02:09:18 +02:00
|
|
|
/* File contained one or more errors, so bail out */
|
2011-06-20 23:20:14 +02:00
|
|
|
MemoryContextDelete(hbacxt);
|
2009-03-07 22:28:00 +01:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
/* Loaded new file successfully, replace the one we use */
|
2011-06-20 23:20:14 +02:00
|
|
|
if (parsed_hba_context != NULL)
|
|
|
|
|
MemoryContextDelete(parsed_hba_context);
|
|
|
|
|
parsed_hba_context = hbacxt;
|
2008-09-15 14:32:57 +02:00
|
|
|
parsed_hba_lines = new_parsed_lines;
|
|
|
|
|
|
|
|
|
|
return true;
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
|
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
/*
|
|
|
|
|
* This macro specifies the maximum number of authentication options
|
|
|
|
|
* that are possible with any given authentication method that is supported.
|
|
|
|
|
* Currently LDAP supports 10, so the macro value is well above the most any
|
|
|
|
|
* method needs.
|
|
|
|
|
*/
|
|
|
|
|
#define MAX_HBA_OPTIONS 12
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a text array listing the options specified in the HBA line.
|
|
|
|
|
* Return NULL if no options are specified.
|
|
|
|
|
*/
|
|
|
|
|
static ArrayType *
|
|
|
|
|
gethba_options(HbaLine *hba)
|
|
|
|
|
{
|
|
|
|
|
int noptions;
|
|
|
|
|
Datum options[MAX_HBA_OPTIONS];
|
|
|
|
|
|
|
|
|
|
noptions = 0;
|
|
|
|
|
|
|
|
|
|
if (hba->auth_method == uaGSS || hba->auth_method == uaSSPI)
|
|
|
|
|
{
|
|
|
|
|
if (hba->include_realm)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum("include_realm=true");
|
|
|
|
|
|
|
|
|
|
if (hba->krb_realm)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("krb_realm=%s", hba->krb_realm));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (hba->usermap)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("map=%s", hba->usermap));
|
|
|
|
|
|
|
|
|
|
if (hba->clientcert)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum("clientcert=true");
|
|
|
|
|
|
|
|
|
|
if (hba->pamservice)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("pamservice=%s", hba->pamservice));
|
|
|
|
|
|
|
|
|
|
if (hba->auth_method == uaLDAP)
|
|
|
|
|
{
|
|
|
|
|
if (hba->ldapserver)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapserver=%s", hba->ldapserver));
|
|
|
|
|
|
|
|
|
|
if (hba->ldapport)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapport=%d", hba->ldapport));
|
|
|
|
|
|
|
|
|
|
if (hba->ldaptls)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum("ldaptls=true");
|
|
|
|
|
|
|
|
|
|
if (hba->ldapprefix)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapprefix=%s", hba->ldapprefix));
|
|
|
|
|
|
|
|
|
|
if (hba->ldapsuffix)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapsuffix=%s", hba->ldapsuffix));
|
|
|
|
|
|
|
|
|
|
if (hba->ldapbasedn)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapbasedn=%s", hba->ldapbasedn));
|
|
|
|
|
|
|
|
|
|
if (hba->ldapbinddn)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapbinddn=%s", hba->ldapbinddn));
|
|
|
|
|
|
|
|
|
|
if (hba->ldapbindpasswd)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapbindpasswd=%s",
|
|
|
|
|
hba->ldapbindpasswd));
|
|
|
|
|
|
|
|
|
|
if (hba->ldapsearchattribute)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapsearchattribute=%s",
|
|
|
|
|
hba->ldapsearchattribute));
|
|
|
|
|
|
2017-09-12 15:46:14 +02:00
|
|
|
if (hba->ldapsearchfilter)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapsearchfilter=%s",
|
|
|
|
|
hba->ldapsearchfilter));
|
|
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
if (hba->ldapscope)
|
|
|
|
|
options[noptions++] =
|
|
|
|
|
CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (hba->auth_method == uaRADIUS)
|
|
|
|
|
{
|
2017-03-22 17:55:16 +01:00
|
|
|
if (hba->radiusservers_s)
|
2017-01-31 00:00:26 +01:00
|
|
|
options[noptions++] =
|
2017-03-22 17:55:16 +01:00
|
|
|
CStringGetTextDatum(psprintf("radiusservers=%s", hba->radiusservers_s));
|
2017-01-31 00:00:26 +01:00
|
|
|
|
2017-03-22 17:55:16 +01:00
|
|
|
if (hba->radiussecrets_s)
|
2017-01-31 00:00:26 +01:00
|
|
|
options[noptions++] =
|
2017-03-22 17:55:16 +01:00
|
|
|
CStringGetTextDatum(psprintf("radiussecrets=%s", hba->radiussecrets_s));
|
2017-01-31 00:00:26 +01:00
|
|
|
|
2017-03-22 17:55:16 +01:00
|
|
|
if (hba->radiusidentifiers_s)
|
2017-01-31 00:00:26 +01:00
|
|
|
options[noptions++] =
|
2017-03-22 17:55:16 +01:00
|
|
|
CStringGetTextDatum(psprintf("radiusidentifiers=%s", hba->radiusidentifiers_s));
|
2017-01-31 00:00:26 +01:00
|
|
|
|
2017-03-22 17:55:16 +01:00
|
|
|
if (hba->radiusports_s)
|
2017-01-31 00:00:26 +01:00
|
|
|
options[noptions++] =
|
2017-03-22 17:55:16 +01:00
|
|
|
CStringGetTextDatum(psprintf("radiusports=%s", hba->radiusports_s));
|
2017-01-31 00:00:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Assert(noptions <= MAX_HBA_OPTIONS);
|
|
|
|
|
|
|
|
|
|
if (noptions > 0)
|
|
|
|
|
return construct_array(options, noptions, TEXTOID, -1, false, 'i');
|
|
|
|
|
else
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Number of columns in pg_hba_file_rules view */
|
|
|
|
|
#define NUM_PG_HBA_FILE_RULES_ATTS 9
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* fill_hba_line: build one row of pg_hba_file_rules view, add it to tuplestore
|
|
|
|
|
*
|
|
|
|
|
* tuple_store: where to store data
|
|
|
|
|
* tupdesc: tuple descriptor for the view
|
|
|
|
|
* lineno: pg_hba.conf line number (must always be valid)
|
|
|
|
|
* hba: parsed line data (can be NULL, in which case err_msg should be set)
|
|
|
|
|
* err_msg: error message (NULL if none)
|
|
|
|
|
*
|
|
|
|
|
* Note: leaks memory, but we don't care since this is run in a short-lived
|
|
|
|
|
* memory context.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
|
|
|
|
|
int lineno, HbaLine *hba, const char *err_msg)
|
|
|
|
|
{
|
|
|
|
|
Datum values[NUM_PG_HBA_FILE_RULES_ATTS];
|
|
|
|
|
bool nulls[NUM_PG_HBA_FILE_RULES_ATTS];
|
|
|
|
|
char buffer[NI_MAXHOST];
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
int index;
|
|
|
|
|
ListCell *lc;
|
|
|
|
|
const char *typestr;
|
|
|
|
|
const char *addrstr;
|
|
|
|
|
const char *maskstr;
|
|
|
|
|
ArrayType *options;
|
|
|
|
|
|
|
|
|
|
Assert(tupdesc->natts == NUM_PG_HBA_FILE_RULES_ATTS);
|
|
|
|
|
|
|
|
|
|
memset(values, 0, sizeof(values));
|
|
|
|
|
memset(nulls, 0, sizeof(nulls));
|
|
|
|
|
index = 0;
|
|
|
|
|
|
|
|
|
|
/* line_number */
|
|
|
|
|
values[index++] = Int32GetDatum(lineno);
|
|
|
|
|
|
|
|
|
|
if (hba != NULL)
|
|
|
|
|
{
|
|
|
|
|
/* type */
|
|
|
|
|
/* Avoid a default: case so compiler will warn about missing cases */
|
|
|
|
|
typestr = NULL;
|
|
|
|
|
switch (hba->conntype)
|
|
|
|
|
{
|
|
|
|
|
case ctLocal:
|
|
|
|
|
typestr = "local";
|
|
|
|
|
break;
|
|
|
|
|
case ctHost:
|
|
|
|
|
typestr = "host";
|
|
|
|
|
break;
|
|
|
|
|
case ctHostSSL:
|
|
|
|
|
typestr = "hostssl";
|
|
|
|
|
break;
|
|
|
|
|
case ctHostNoSSL:
|
|
|
|
|
typestr = "hostnossl";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (typestr)
|
|
|
|
|
values[index++] = CStringGetTextDatum(typestr);
|
|
|
|
|
else
|
|
|
|
|
nulls[index++] = true;
|
|
|
|
|
|
|
|
|
|
/* database */
|
|
|
|
|
if (hba->databases)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Flatten HbaToken list to string list. It might seem that we
|
|
|
|
|
* should re-quote any quoted tokens, but that has been rejected
|
|
|
|
|
* on the grounds that it makes it harder to compare the array
|
|
|
|
|
* elements to other system catalogs. That makes entries like
|
|
|
|
|
* "all" or "samerole" formally ambiguous ... but users who name
|
|
|
|
|
* databases/roles that way are inflicting their own pain.
|
|
|
|
|
*/
|
|
|
|
|
List *names = NIL;
|
|
|
|
|
|
|
|
|
|
foreach(lc, hba->databases)
|
|
|
|
|
{
|
|
|
|
|
HbaToken *tok = lfirst(lc);
|
|
|
|
|
|
|
|
|
|
names = lappend(names, tok->string);
|
|
|
|
|
}
|
|
|
|
|
values[index++] = PointerGetDatum(strlist_to_textarray(names));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
nulls[index++] = true;
|
|
|
|
|
|
|
|
|
|
/* user */
|
|
|
|
|
if (hba->roles)
|
|
|
|
|
{
|
|
|
|
|
/* Flatten HbaToken list to string list; see comment above */
|
|
|
|
|
List *roles = NIL;
|
|
|
|
|
|
|
|
|
|
foreach(lc, hba->roles)
|
|
|
|
|
{
|
|
|
|
|
HbaToken *tok = lfirst(lc);
|
|
|
|
|
|
|
|
|
|
roles = lappend(roles, tok->string);
|
|
|
|
|
}
|
|
|
|
|
values[index++] = PointerGetDatum(strlist_to_textarray(roles));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
nulls[index++] = true;
|
|
|
|
|
|
|
|
|
|
/* address and netmask */
|
|
|
|
|
/* Avoid a default: case so compiler will warn about missing cases */
|
|
|
|
|
addrstr = maskstr = NULL;
|
|
|
|
|
switch (hba->ip_cmp_method)
|
|
|
|
|
{
|
|
|
|
|
case ipCmpMask:
|
|
|
|
|
if (hba->hostname)
|
|
|
|
|
{
|
|
|
|
|
addrstr = hba->hostname;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (pg_getnameinfo_all(&hba->addr, sizeof(hba->addr),
|
|
|
|
|
buffer, sizeof(buffer),
|
|
|
|
|
NULL, 0,
|
|
|
|
|
NI_NUMERICHOST) == 0)
|
|
|
|
|
{
|
|
|
|
|
clean_ipv6_addr(hba->addr.ss_family, buffer);
|
|
|
|
|
addrstr = pstrdup(buffer);
|
|
|
|
|
}
|
|
|
|
|
if (pg_getnameinfo_all(&hba->mask, sizeof(hba->mask),
|
|
|
|
|
buffer, sizeof(buffer),
|
|
|
|
|
NULL, 0,
|
|
|
|
|
NI_NUMERICHOST) == 0)
|
|
|
|
|
{
|
|
|
|
|
clean_ipv6_addr(hba->mask.ss_family, buffer);
|
|
|
|
|
maskstr = pstrdup(buffer);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ipCmpAll:
|
|
|
|
|
addrstr = "all";
|
|
|
|
|
break;
|
|
|
|
|
case ipCmpSameHost:
|
|
|
|
|
addrstr = "samehost";
|
|
|
|
|
break;
|
|
|
|
|
case ipCmpSameNet:
|
|
|
|
|
addrstr = "samenet";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (addrstr)
|
|
|
|
|
values[index++] = CStringGetTextDatum(addrstr);
|
|
|
|
|
else
|
|
|
|
|
nulls[index++] = true;
|
|
|
|
|
if (maskstr)
|
|
|
|
|
values[index++] = CStringGetTextDatum(maskstr);
|
|
|
|
|
else
|
|
|
|
|
nulls[index++] = true;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make sure UserAuthName[] tracks additions to the UserAuth enum
|
|
|
|
|
*/
|
|
|
|
|
StaticAssertStmt(lengthof(UserAuthName) == USER_AUTH_LAST + 1,
|
|
|
|
|
"UserAuthName[] must match the UserAuth enum");
|
|
|
|
|
|
|
|
|
|
/* auth_method */
|
|
|
|
|
values[index++] = CStringGetTextDatum(UserAuthName[hba->auth_method]);
|
|
|
|
|
|
|
|
|
|
/* options */
|
|
|
|
|
options = gethba_options(hba);
|
|
|
|
|
if (options)
|
|
|
|
|
values[index++] = PointerGetDatum(options);
|
|
|
|
|
else
|
|
|
|
|
nulls[index++] = true;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* no parsing result, so set relevant fields to nulls */
|
|
|
|
|
memset(&nulls[1], true, (NUM_PG_HBA_FILE_RULES_ATTS - 2) * sizeof(bool));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* error */
|
|
|
|
|
if (err_msg)
|
|
|
|
|
values[NUM_PG_HBA_FILE_RULES_ATTS - 1] = CStringGetTextDatum(err_msg);
|
|
|
|
|
else
|
|
|
|
|
nulls[NUM_PG_HBA_FILE_RULES_ATTS - 1] = true;
|
|
|
|
|
|
|
|
|
|
tuple = heap_form_tuple(tupdesc, values, nulls);
|
|
|
|
|
tuplestore_puttuple(tuple_store, tuple);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Read the pg_hba.conf file and fill the tuplestore with view records.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
|
|
|
|
|
{
|
|
|
|
|
FILE *file;
|
|
|
|
|
List *hba_lines = NIL;
|
|
|
|
|
ListCell *line;
|
|
|
|
|
MemoryContext linecxt;
|
|
|
|
|
MemoryContext hbacxt;
|
|
|
|
|
MemoryContext oldcxt;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* In the unlikely event that we can't open pg_hba.conf, we throw an
|
|
|
|
|
* error, rather than trying to report it via some sort of view entry.
|
|
|
|
|
* (Most other error conditions should result in a message in a view
|
|
|
|
|
* entry.)
|
|
|
|
|
*/
|
|
|
|
|
file = AllocateFile(HbaFileName, "r");
|
|
|
|
|
if (file == NULL)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
|
errmsg("could not open configuration file \"%s\": %m",
|
|
|
|
|
HbaFileName)));
|
|
|
|
|
|
|
|
|
|
linecxt = tokenize_file(HbaFileName, file, &hba_lines, DEBUG3);
|
|
|
|
|
FreeFile(file);
|
|
|
|
|
|
|
|
|
|
/* Now parse all the lines */
|
|
|
|
|
hbacxt = AllocSetContextCreate(CurrentMemoryContext,
|
|
|
|
|
"hba parser context",
|
|
|
|
|
ALLOCSET_SMALL_SIZES);
|
|
|
|
|
oldcxt = MemoryContextSwitchTo(hbacxt);
|
|
|
|
|
foreach(line, hba_lines)
|
|
|
|
|
{
|
|
|
|
|
TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
|
|
|
|
|
HbaLine *hbaline = NULL;
|
|
|
|
|
|
|
|
|
|
/* don't parse lines that already have errors */
|
|
|
|
|
if (tok_line->err_msg == NULL)
|
|
|
|
|
hbaline = parse_hba_line(tok_line, DEBUG3);
|
|
|
|
|
|
|
|
|
|
fill_hba_line(tuple_store, tupdesc, tok_line->line_num,
|
|
|
|
|
hbaline, tok_line->err_msg);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free tokenizer memory */
|
|
|
|
|
MemoryContextDelete(linecxt);
|
|
|
|
|
/* Free parse_hba_line memory */
|
|
|
|
|
MemoryContextSwitchTo(oldcxt);
|
|
|
|
|
MemoryContextDelete(hbacxt);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* SQL-accessible SRF to return all the entries in the pg_hba.conf file.
|
|
|
|
|
*/
|
|
|
|
|
Datum
|
|
|
|
|
pg_hba_file_rules(PG_FUNCTION_ARGS)
|
|
|
|
|
{
|
|
|
|
|
Tuplestorestate *tuple_store;
|
|
|
|
|
TupleDesc tupdesc;
|
|
|
|
|
MemoryContext old_cxt;
|
|
|
|
|
ReturnSetInfo *rsi;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We must use the Materialize mode to be safe against HBA file changes
|
|
|
|
|
* while the cursor is open. It's also more efficient than having to look
|
|
|
|
|
* up our current position in the parsed list every time.
|
|
|
|
|
*/
|
|
|
|
|
rsi = (ReturnSetInfo *) fcinfo->resultinfo;
|
|
|
|
|
|
|
|
|
|
/* Check to see if caller supports us returning a tuplestore */
|
|
|
|
|
if (rsi == NULL || !IsA(rsi, ReturnSetInfo))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
|
|
|
|
errmsg("set-valued function called in context that cannot accept a set")));
|
|
|
|
|
if (!(rsi->allowedModes & SFRM_Materialize))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
|
|
|
|
errmsg("materialize mode required, but it is not " \
|
|
|
|
|
"allowed in this context")));
|
|
|
|
|
|
|
|
|
|
rsi->returnMode = SFRM_Materialize;
|
|
|
|
|
|
|
|
|
|
/* Build a tuple descriptor for our result type */
|
|
|
|
|
if (get_call_result_type(fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE)
|
|
|
|
|
elog(ERROR, "return type must be a row type");
|
|
|
|
|
|
|
|
|
|
/* Build tuplestore to hold the result rows */
|
|
|
|
|
old_cxt = MemoryContextSwitchTo(rsi->econtext->ecxt_per_query_memory);
|
|
|
|
|
|
|
|
|
|
tuple_store =
|
|
|
|
|
tuplestore_begin_heap(rsi->allowedModes & SFRM_Materialize_Random,
|
|
|
|
|
false, work_mem);
|
|
|
|
|
rsi->setDesc = tupdesc;
|
|
|
|
|
rsi->setResult = tuple_store;
|
|
|
|
|
|
|
|
|
|
MemoryContextSwitchTo(old_cxt);
|
|
|
|
|
|
|
|
|
|
/* Fill the tuplestore */
|
|
|
|
|
fill_hba_view(tuple_store, tupdesc);
|
|
|
|
|
|
|
|
|
|
PG_RETURN_NULL();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
* Parse one tokenised line from the ident config file and store the result in
|
2017-01-27 19:43:00 +01:00
|
|
|
* an IdentLine structure.
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2017-01-31 00:00:26 +01:00
|
|
|
* If parsing fails, log a message and return NULL.
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
*
|
|
|
|
|
* If ident_user is a regular expression (ie. begins with a slash), it is
|
|
|
|
|
* compiled and stored in IdentLine structure.
|
|
|
|
|
*
|
|
|
|
|
* Note: this function leaks memory when an error occurs. Caller is expected
|
|
|
|
|
* to have set a memory context that will be reset if this function returns
|
|
|
|
|
* NULL.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
static IdentLine *
|
2017-01-27 19:43:00 +01:00
|
|
|
parse_ident_line(TokenizedLine *tok_line)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2017-01-27 19:43:00 +01:00
|
|
|
int line_num = tok_line->line_num;
|
2011-06-20 23:20:14 +02:00
|
|
|
ListCell *field;
|
|
|
|
|
List *tokens;
|
|
|
|
|
HbaToken *token;
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
IdentLine *parsedline;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2017-01-27 19:43:00 +01:00
|
|
|
Assert(tok_line->fields != NIL);
|
|
|
|
|
field = list_head(tok_line->fields);
|
2001-08-01 00:55:45 +02:00
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
parsedline = palloc0(sizeof(IdentLine));
|
2017-01-27 19:43:00 +01:00
|
|
|
parsedline->linenumber = line_num;
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
/* Get the map token (must exist) */
|
2011-06-20 23:20:14 +02:00
|
|
|
tokens = lfirst(field);
|
|
|
|
|
IDENT_MULTI_VALUE(tokens);
|
|
|
|
|
token = linitial(tokens);
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
parsedline->usermap = pstrdup(token->string);
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2005-06-21 03:20:09 +02:00
|
|
|
/* Get the ident user token */
|
2011-06-20 23:20:14 +02:00
|
|
|
field = lnext(field);
|
|
|
|
|
IDENT_FIELD_ABSENT(field);
|
|
|
|
|
tokens = lfirst(field);
|
|
|
|
|
IDENT_MULTI_VALUE(tokens);
|
|
|
|
|
token = linitial(tokens);
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
parsedline->ident_user = pstrdup(token->string);
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/* Get the PG rolename token */
|
2011-06-20 23:20:14 +02:00
|
|
|
field = lnext(field);
|
|
|
|
|
IDENT_FIELD_ABSENT(field);
|
|
|
|
|
tokens = lfirst(field);
|
|
|
|
|
IDENT_MULTI_VALUE(tokens);
|
|
|
|
|
token = linitial(tokens);
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
parsedline->pg_role = pstrdup(token->string);
|
2008-11-28 15:26:58 +01:00
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
if (parsedline->ident_user[0] == '/')
|
2008-10-23 15:31:10 +02:00
|
|
|
{
|
2008-11-28 15:26:58 +01:00
|
|
|
/*
|
2009-06-11 16:49:15 +02:00
|
|
|
* When system username starts with a slash, treat it as a regular
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
* expression. Pre-compile it.
|
2008-11-28 15:26:58 +01:00
|
|
|
*/
|
|
|
|
|
int r;
|
|
|
|
|
pg_wchar *wstr;
|
|
|
|
|
int wlen;
|
|
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
wstr = palloc((strlen(parsedline->ident_user + 1) + 1) * sizeof(pg_wchar));
|
|
|
|
|
wlen = pg_mb2wchar_with_len(parsedline->ident_user + 1,
|
|
|
|
|
wstr, strlen(parsedline->ident_user + 1));
|
2008-11-28 15:26:58 +01:00
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
r = pg_regcomp(&parsedline->re, wstr, wlen, REG_ADVANCED, C_COLLATION_OID);
|
2008-11-28 15:26:58 +01:00
|
|
|
if (r)
|
|
|
|
|
{
|
2009-06-11 16:49:15 +02:00
|
|
|
char errstr[100];
|
2008-11-28 15:26:58 +01:00
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
pg_regerror(r, &parsedline->re, errstr, sizeof(errstr));
|
2009-06-24 15:39:42 +02:00
|
|
|
ereport(LOG,
|
2008-11-28 15:26:58 +01:00
|
|
|
(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
|
2010-05-26 18:43:13 +02:00
|
|
|
errmsg("invalid regular expression \"%s\": %s",
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
parsedline->ident_user + 1, errstr)));
|
2008-11-28 15:26:58 +01:00
|
|
|
|
|
|
|
|
pfree(wstr);
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
return NULL;
|
2008-11-28 15:26:58 +01:00
|
|
|
}
|
|
|
|
|
pfree(wstr);
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return parsedline;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Process one line from the parsed ident config lines.
|
|
|
|
|
*
|
|
|
|
|
* Compare input parsed ident line to the needed map, pg_role and ident_user.
|
|
|
|
|
* *found_p and *error_p are set according to our results.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
check_ident_usermap(IdentLine *identLine, const char *usermap_name,
|
|
|
|
|
const char *pg_role, const char *ident_user,
|
|
|
|
|
bool case_insensitive, bool *found_p, bool *error_p)
|
|
|
|
|
{
|
|
|
|
|
*found_p = false;
|
|
|
|
|
*error_p = false;
|
|
|
|
|
|
|
|
|
|
if (strcmp(identLine->usermap, usermap_name) != 0)
|
|
|
|
|
/* Line does not match the map name we're looking for, so just abort */
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Match? */
|
|
|
|
|
if (identLine->ident_user[0] == '/')
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* When system username starts with a slash, treat it as a regular
|
|
|
|
|
* expression. In this case, we process the system username as a
|
|
|
|
|
* regular expression that returns exactly one match. This is replaced
|
|
|
|
|
* for \1 in the database username string, if present.
|
|
|
|
|
*/
|
|
|
|
|
int r;
|
|
|
|
|
regmatch_t matches[2];
|
|
|
|
|
pg_wchar *wstr;
|
|
|
|
|
int wlen;
|
|
|
|
|
char *ofs;
|
|
|
|
|
char *regexp_pgrole;
|
2008-11-28 15:26:58 +01:00
|
|
|
|
|
|
|
|
wstr = palloc((strlen(ident_user) + 1) * sizeof(pg_wchar));
|
|
|
|
|
wlen = pg_mb2wchar_with_len(ident_user, wstr, strlen(ident_user));
|
|
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
r = pg_regexec(&identLine->re, wstr, wlen, 0, NULL, 2, matches, 0);
|
2008-11-28 15:26:58 +01:00
|
|
|
if (r)
|
|
|
|
|
{
|
2009-06-11 16:49:15 +02:00
|
|
|
char errstr[100];
|
2008-11-28 15:26:58 +01:00
|
|
|
|
|
|
|
|
if (r != REG_NOMATCH)
|
|
|
|
|
{
|
|
|
|
|
/* REG_NOMATCH is not an error, everything else is */
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
pg_regerror(r, &identLine->re, errstr, sizeof(errstr));
|
2009-06-24 15:39:42 +02:00
|
|
|
ereport(LOG,
|
2008-11-28 15:26:58 +01:00
|
|
|
(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
errmsg("regular expression match for \"%s\" failed: %s",
|
|
|
|
|
identLine->ident_user + 1, errstr)));
|
2008-11-28 15:26:58 +01:00
|
|
|
*error_p = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pfree(wstr);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
pfree(wstr);
|
|
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
if ((ofs = strstr(identLine->pg_role, "\\1")) != NULL)
|
2008-11-28 15:26:58 +01:00
|
|
|
{
|
Replace a bunch more uses of strncpy() with safer coding.
strncpy() has a well-deserved reputation for being unsafe, so make an
effort to get rid of nearly all occurrences in HEAD.
A large fraction of the remaining uses were passing length less than or
equal to the known strlen() of the source, in which case no null-padding
can occur and the behavior is equivalent to memcpy(), though doubtless
slower and certainly harder to reason about. So just use memcpy() in
these cases.
In other cases, use either StrNCpy() or strlcpy() as appropriate (depending
on whether padding to the full length of the destination buffer seems
useful).
I left a few strncpy() calls alone in the src/timezone/ code, to keep it
in sync with upstream (the IANA tzcode distribution). There are also a
few such calls in ecpg that could possibly do with more analysis.
AFAICT, none of these changes are more than cosmetic, except for the four
occurrences in fe-secure-openssl.c, which are in fact buggy: an overlength
source leads to a non-null-terminated destination buffer and ensuing
misbehavior. These don't seem like security issues, first because no stack
clobber is possible and second because if your values of sslcert etc are
coming from untrusted sources then you've got problems way worse than this.
Still, it's undesirable to have unpredictable behavior for overlength
inputs, so back-patch those four changes to all active branches.
2015-01-24 19:05:42 +01:00
|
|
|
int offset;
|
|
|
|
|
|
2008-11-28 15:26:58 +01:00
|
|
|
/* substitution of the first argument requested */
|
|
|
|
|
if (matches[1].rm_so < 0)
|
2009-06-24 15:39:42 +02:00
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
2008-11-28 15:26:58 +01:00
|
|
|
(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
|
2009-03-25 15:12:02 +01:00
|
|
|
errmsg("regular expression \"%s\" has no subexpressions as requested by backreference in \"%s\"",
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
identLine->ident_user + 1, identLine->pg_role)));
|
2009-06-24 15:39:42 +02:00
|
|
|
*error_p = true;
|
|
|
|
|
return;
|
|
|
|
|
}
|
2009-06-11 16:49:15 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* length: original length minus length of \1 plus length of match
|
|
|
|
|
* plus null terminator
|
|
|
|
|
*/
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
regexp_pgrole = palloc0(strlen(identLine->pg_role) - 2 + (matches[1].rm_eo - matches[1].rm_so) + 1);
|
Replace a bunch more uses of strncpy() with safer coding.
strncpy() has a well-deserved reputation for being unsafe, so make an
effort to get rid of nearly all occurrences in HEAD.
A large fraction of the remaining uses were passing length less than or
equal to the known strlen() of the source, in which case no null-padding
can occur and the behavior is equivalent to memcpy(), though doubtless
slower and certainly harder to reason about. So just use memcpy() in
these cases.
In other cases, use either StrNCpy() or strlcpy() as appropriate (depending
on whether padding to the full length of the destination buffer seems
useful).
I left a few strncpy() calls alone in the src/timezone/ code, to keep it
in sync with upstream (the IANA tzcode distribution). There are also a
few such calls in ecpg that could possibly do with more analysis.
AFAICT, none of these changes are more than cosmetic, except for the four
occurrences in fe-secure-openssl.c, which are in fact buggy: an overlength
source leads to a non-null-terminated destination buffer and ensuing
misbehavior. These don't seem like security issues, first because no stack
clobber is possible and second because if your values of sslcert etc are
coming from untrusted sources then you've got problems way worse than this.
Still, it's undesirable to have unpredictable behavior for overlength
inputs, so back-patch those four changes to all active branches.
2015-01-24 19:05:42 +01:00
|
|
|
offset = ofs - identLine->pg_role;
|
|
|
|
|
memcpy(regexp_pgrole, identLine->pg_role, offset);
|
|
|
|
|
memcpy(regexp_pgrole + offset,
|
2009-06-11 16:49:15 +02:00
|
|
|
ident_user + matches[1].rm_so,
|
|
|
|
|
matches[1].rm_eo - matches[1].rm_so);
|
|
|
|
|
strcat(regexp_pgrole, ofs + 2);
|
2008-11-28 15:26:58 +01:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* no substitution, so copy the match */
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
regexp_pgrole = pstrdup(identLine->pg_role);
|
2008-11-28 15:26:58 +01:00
|
|
|
}
|
|
|
|
|
|
2009-06-11 16:49:15 +02:00
|
|
|
/*
|
|
|
|
|
* now check if the username actually matched what the user is trying
|
|
|
|
|
* to connect as
|
|
|
|
|
*/
|
2008-11-28 15:26:58 +01:00
|
|
|
if (case_insensitive)
|
|
|
|
|
{
|
|
|
|
|
if (pg_strcasecmp(regexp_pgrole, pg_role) == 0)
|
|
|
|
|
*found_p = true;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (strcmp(regexp_pgrole, pg_role) == 0)
|
|
|
|
|
*found_p = true;
|
|
|
|
|
}
|
|
|
|
|
pfree(regexp_pgrole);
|
|
|
|
|
|
|
|
|
|
return;
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2008-11-28 15:26:58 +01:00
|
|
|
/* Not regular expression, so make complete match */
|
|
|
|
|
if (case_insensitive)
|
|
|
|
|
{
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
if (pg_strcasecmp(identLine->pg_role, pg_role) == 0 &&
|
|
|
|
|
pg_strcasecmp(identLine->ident_user, ident_user) == 0)
|
2008-11-28 15:26:58 +01:00
|
|
|
*found_p = true;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
if (strcmp(identLine->pg_role, pg_role) == 0 &&
|
|
|
|
|
strcmp(identLine->ident_user, ident_user) == 0)
|
2008-11-28 15:26:58 +01:00
|
|
|
*found_p = true;
|
|
|
|
|
}
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
2001-07-30 16:50:24 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Scan the (pre-parsed) ident usermap file line by line, looking for a match
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2010-03-24 18:05:45 +01:00
|
|
|
* See if the user with ident username "auth_user" is allowed to act
|
|
|
|
|
* as Postgres user "pg_role" according to usermap "usermap_name".
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2009-06-11 16:49:15 +02:00
|
|
|
* Special case: Usermap NULL, equivalent to what was previously called
|
2010-03-24 18:05:45 +01:00
|
|
|
* "sameuser" or "samerole", means don't look in the usermap file.
|
|
|
|
|
* That's an implied map wherein "pg_role" must be identical to
|
|
|
|
|
* "auth_user" in order to be authorized.
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2008-10-23 15:31:10 +02:00
|
|
|
* Iff authorized, return STATUS_OK, otherwise return STATUS_ERROR.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2008-10-23 15:31:10 +02:00
|
|
|
int
|
|
|
|
|
check_usermap(const char *usermap_name,
|
2009-06-11 16:49:15 +02:00
|
|
|
const char *pg_role,
|
|
|
|
|
const char *auth_user,
|
|
|
|
|
bool case_insensitive)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
bool found_entry = false,
|
|
|
|
|
error = false;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
if (usermap_name == NULL || usermap_name[0] == '\0')
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2008-10-23 15:31:10 +02:00
|
|
|
if (case_insensitive)
|
|
|
|
|
{
|
|
|
|
|
if (pg_strcasecmp(pg_role, auth_user) == 0)
|
|
|
|
|
return STATUS_OK;
|
|
|
|
|
}
|
2009-06-11 16:49:15 +02:00
|
|
|
else
|
|
|
|
|
{
|
2008-10-23 15:31:10 +02:00
|
|
|
if (strcmp(pg_role, auth_user) == 0)
|
|
|
|
|
return STATUS_OK;
|
|
|
|
|
}
|
|
|
|
|
ereport(LOG,
|
2010-03-21 01:17:59 +01:00
|
|
|
(errmsg("provided user name (%s) and authenticated user name (%s) do not match",
|
2010-03-24 18:05:45 +01:00
|
|
|
pg_role, auth_user)));
|
2008-10-23 15:31:10 +02:00
|
|
|
return STATUS_ERROR;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
ListCell *line_cell;
|
2004-05-26 06:41:50 +02:00
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
foreach(line_cell, parsed_ident_lines)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
check_ident_usermap(lfirst(line_cell), usermap_name,
|
|
|
|
|
pg_role, auth_user, case_insensitive,
|
2004-05-26 06:41:50 +02:00
|
|
|
&found_entry, &error);
|
2001-07-30 16:50:24 +02:00
|
|
|
if (found_entry || error)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-10-23 15:31:10 +02:00
|
|
|
if (!found_entry && !error)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
2010-05-26 18:43:13 +02:00
|
|
|
(errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
|
|
|
|
|
usermap_name, pg_role, auth_user)));
|
2008-10-23 15:31:10 +02:00
|
|
|
}
|
2009-06-11 16:49:15 +02:00
|
|
|
return found_entry ? STATUS_OK : STATUS_ERROR;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
* Read the ident config file and create a List of IdentLine records for
|
|
|
|
|
* the contents.
|
2011-06-20 23:20:14 +02:00
|
|
|
*
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
* This works the same as load_hba(), but for the user config file.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
bool
|
2001-08-01 00:55:45 +02:00
|
|
|
load_ident(void)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-10-10 01:13:22 +02:00
|
|
|
FILE *file;
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
List *ident_lines = NIL;
|
|
|
|
|
ListCell *line_cell,
|
|
|
|
|
*parsed_line_cell;
|
|
|
|
|
List *new_parsed_lines = NIL;
|
|
|
|
|
bool ok = true;
|
|
|
|
|
MemoryContext linecxt;
|
|
|
|
|
MemoryContext oldcxt;
|
|
|
|
|
MemoryContext ident_context;
|
2013-05-29 22:58:43 +02:00
|
|
|
IdentLine *newline;
|
2001-07-30 16:50:24 +02:00
|
|
|
|
2004-10-10 01:13:22 +02:00
|
|
|
file = AllocateFile(IdentFileName, "r");
|
2001-07-30 16:50:24 +02:00
|
|
|
if (file == NULL)
|
|
|
|
|
{
|
2004-10-10 01:13:22 +02:00
|
|
|
/* not fatal ... we just won't do any special ident maps */
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode_for_file_access(),
|
2010-05-26 18:43:13 +02:00
|
|
|
errmsg("could not open usermap file \"%s\": %m",
|
2004-10-10 01:13:22 +02:00
|
|
|
IdentFileName)));
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
return false;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
FreeFile(file);
|
|
|
|
|
|
|
|
|
|
/* Now parse all the lines */
|
2015-07-02 00:55:39 +02:00
|
|
|
Assert(PostmasterContext);
|
|
|
|
|
ident_context = AllocSetContextCreate(PostmasterContext,
|
2013-05-29 22:58:43 +02:00
|
|
|
"ident parser context",
|
Add macros to make AllocSetContextCreate() calls simpler and safer.
I found that half a dozen (nearly 5%) of our AllocSetContextCreate calls
had typos in the context-sizing parameters. While none of these led to
especially significant problems, they did create minor inefficiencies,
and it's now clear that expecting people to copy-and-paste those calls
accurately is not a great idea. Let's reduce the risk of future errors
by introducing single macros that encapsulate the common use-cases.
Three such macros are enough to cover all but two special-purpose contexts;
those two calls can be left as-is, I think.
While this patch doesn't in itself improve matters for third-party
extensions, it doesn't break anything for them either, and they can
gradually adopt the simplified notation over time.
In passing, change TopMemoryContext to use the default allocation
parameters. Formerly it could only be extended 8K at a time. That was
probably reasonable when this code was written; but nowadays we create
many more contexts than we did then, so that it's not unusual to have a
couple hundred K in TopMemoryContext, even without considering various
dubious code that sticks other things there. There seems no good reason
not to let it use growing blocks like most other contexts.
Back-patch to 9.6, mostly because that's still close enough to HEAD that
it's easy to do so, and keeping the branches in sync can be expected to
avoid some future back-patching pain. The bugs fixed by these changes
don't seem to be significant enough to justify fixing them further back.
Discussion: <21072.1472321324@sss.pgh.pa.us>
2016-08-27 23:50:38 +02:00
|
|
|
ALLOCSET_SMALL_SIZES);
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
oldcxt = MemoryContextSwitchTo(ident_context);
|
2017-01-27 19:43:00 +01:00
|
|
|
foreach(line_cell, ident_lines)
|
2001-07-30 16:50:24 +02:00
|
|
|
{
|
2017-01-27 19:43:00 +01:00
|
|
|
TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
|
|
|
|
|
|
2017-01-31 00:00:26 +01:00
|
|
|
/* don't parse lines that already have errors */
|
|
|
|
|
if (tok_line->err_msg != NULL)
|
|
|
|
|
{
|
|
|
|
|
ok = false;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-27 19:43:00 +01:00
|
|
|
if ((newline = parse_ident_line(tok_line)) == NULL)
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
/* Parse error; remember there's trouble */
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
ok = false;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Keep parsing the rest of the file so we can report errors on
|
2017-01-31 00:00:26 +01:00
|
|
|
* more than the first line. Error has already been logged, no
|
|
|
|
|
* need for more chatter here.
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
*/
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
new_parsed_lines = lappend(new_parsed_lines, newline);
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
|
|
|
|
|
/* Free tokenizer memory */
|
|
|
|
|
MemoryContextDelete(linecxt);
|
|
|
|
|
MemoryContextSwitchTo(oldcxt);
|
|
|
|
|
|
|
|
|
|
if (!ok)
|
|
|
|
|
{
|
2017-01-31 00:00:26 +01:00
|
|
|
/*
|
|
|
|
|
* File contained one or more errors, so bail out, first being careful
|
|
|
|
|
* to clean up whatever we allocated. Most stuff will go away via
|
|
|
|
|
* MemoryContextDelete, but we have to clean up regexes explicitly.
|
|
|
|
|
*/
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
foreach(parsed_line_cell, new_parsed_lines)
|
|
|
|
|
{
|
|
|
|
|
newline = (IdentLine *) lfirst(parsed_line_cell);
|
|
|
|
|
if (newline->ident_user[0] == '/')
|
|
|
|
|
pg_regfree(&newline->re);
|
|
|
|
|
}
|
|
|
|
|
MemoryContextDelete(ident_context);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Loaded new file successfully, replace the one we use */
|
2013-10-24 13:03:26 +02:00
|
|
|
if (parsed_ident_lines != NIL)
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
{
|
|
|
|
|
foreach(parsed_line_cell, parsed_ident_lines)
|
|
|
|
|
{
|
|
|
|
|
newline = (IdentLine *) lfirst(parsed_line_cell);
|
|
|
|
|
if (newline->ident_user[0] == '/')
|
|
|
|
|
pg_regfree(&newline->re);
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-10-24 13:03:26 +02:00
|
|
|
if (parsed_ident_context != NULL)
|
|
|
|
|
MemoryContextDelete(parsed_ident_context);
|
|
|
|
|
|
Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.
This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.
Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.
Amit Kapila
2012-09-21 16:41:22 +02:00
|
|
|
parsed_ident_context = ident_context;
|
|
|
|
|
parsed_ident_lines = new_parsed_lines;
|
|
|
|
|
|
|
|
|
|
return true;
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
1996-10-12 09:47:12 +02:00
|
|
|
|
2001-07-30 16:50:24 +02:00
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Determine what authentication method should be used when accessing database
|
2014-05-06 18:12:18 +02:00
|
|
|
* "database" from frontend "raddr", user "user". Return the method and
|
2001-10-25 07:50:21 +02:00
|
|
|
* an optional argument (stored in fields of *port), and STATUS_OK.
|
2001-08-01 00:55:45 +02:00
|
|
|
*
|
2011-06-20 23:20:14 +02:00
|
|
|
* If the file does not contain any entry matching the request, we return
|
|
|
|
|
* method = uaImplicitReject.
|
2001-07-30 16:50:24 +02:00
|
|
|
*/
|
2011-06-20 23:20:14 +02:00
|
|
|
void
|
2001-07-30 16:50:24 +02:00
|
|
|
hba_getauthmethod(hbaPort *port)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2011-06-20 23:20:14 +02:00
|
|
|
check_hba(port);
|
2001-07-30 16:50:24 +02:00
|
|
|
}
|
