Header And Logo
|
#include "libpq/pqcomm.h"#include "nodes/pg_list.h"#include "regex/regex.h"
Go to the source code of this file.
Data Structures | |
| struct | HbaLine |
| struct | IdentLine |
Typedefs | |
| typedef enum UserAuth | UserAuth |
| typedef enum IPCompareMethod | IPCompareMethod |
| typedef enum ConnType | ConnType |
| typedef struct HbaLine | HbaLine |
| typedef struct IdentLine | IdentLine |
| typedef struct Port | hbaPort |
Enumerations | |
| enum | UserAuth { uaReject, uaImplicitReject, uaKrb5, uaTrust, uaIdent, uaPassword, uaMD5, uaGSS, uaSSPI, uaPAM, uaLDAP, uaCert, uaRADIUS, uaPeer } |
| enum | IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll } |
| enum | ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL } |
Functions | |
| bool | load_hba (void) |
| bool | load_ident (void) |
| void | hba_getauthmethod (hbaPort *port) |
| int | check_usermap (const char *usermap_name, const char *pg_role, const char *auth_user, bool case_sensitive) |
| bool | pg_isblank (const char c) |
| typedef enum IPCompareMethod IPCompareMethod |
| enum ConnType |
Definition at line 45 of file hba.h.
{
ctLocal,
ctHost,
ctHostSSL,
ctHostNoSSL
} ConnType;
| enum IPCompareMethod |
| enum UserAuth |
| uaReject | |
| uaImplicitReject | |
| uaKrb5 | |
| uaTrust | |
| uaIdent | |
| uaPassword | |
| uaMD5 | |
| uaGSS | |
| uaSSPI | |
| uaPAM | |
| uaLDAP | |
| uaCert | |
| uaRADIUS | |
| uaPeer |
Definition at line 19 of file hba.h.
{
uaReject,
uaImplicitReject,
uaKrb5,
uaTrust,
uaIdent,
uaPassword,
uaMD5,
uaGSS,
uaSSPI,
uaPAM,
uaLDAP,
uaCert,
uaRADIUS,
uaPeer
} UserAuth;
| int check_usermap | ( | const char * | usermap_name, | |
| const char * | pg_role, | |||
| const char * | auth_user, | |||
| bool | case_sensitive | |||
| ) |
Definition at line 2100 of file hba.c.
References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, NULL, pg_strcasecmp(), and STATUS_OK.
Referenced by ident_inet().
{
bool found_entry = false,
error = false;
if (usermap_name == NULL || usermap_name[0] == '\0')
{
if (case_insensitive)
{
if (pg_strcasecmp(pg_role, auth_user) == 0)
return STATUS_OK;
}
else
{
if (strcmp(pg_role, auth_user) == 0)
return STATUS_OK;
}
ereport(LOG,
(errmsg("provided user name (%s) and authenticated user name (%s) do not match",
pg_role, auth_user)));
return STATUS_ERROR;
}
else
{
ListCell *line_cell;
foreach(line_cell, parsed_ident_lines)
{
check_ident_usermap(lfirst(line_cell), usermap_name,
pg_role, auth_user, case_insensitive,
&found_entry, &error);
if (found_entry || error)
break;
}
}
if (!found_entry && !error)
{
ereport(LOG,
(errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
usermap_name, pg_role, auth_user)));
}
return found_entry ? STATUS_OK : STATUS_ERROR;
}
| void hba_getauthmethod | ( | hbaPort * | port | ) |
Definition at line 2265 of file hba.c.
References check_hba().
Referenced by ClientAuthentication().
{
check_hba(port);
}
| bool load_hba | ( | void | ) |
Definition at line 1782 of file hba.c.
References AllocateFile(), ALLOCSET_DEFAULT_MAXSIZE, ALLOCSET_DEFAULT_MINSIZE, AllocSetContextCreate(), ereport, errcode(), errcode_for_file_access(), errmsg(), forthree, FreeFile(), HbaFileName, lappend(), lfirst, lfirst_int, LOG, MemoryContextDelete(), MemoryContextReset(), MemoryContextSwitchTo(), NIL, NULL, parse_hba_line(), tokenize_file(), and TopMemoryContext.
Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().
{
FILE *file;
List *hba_lines = NIL;
List *hba_line_nums = NIL;
List *hba_raw_lines = NIL;
ListCell *line,
*line_num,
*raw_line;
List *new_parsed_lines = NIL;
bool ok = true;
MemoryContext linecxt;
MemoryContext oldcxt;
MemoryContext hbacxt;
file = AllocateFile(HbaFileName, "r");
if (file == NULL)
{
ereport(LOG,
(errcode_for_file_access(),
errmsg("could not open configuration file \"%s\": %m",
HbaFileName)));
return false;
}
linecxt = tokenize_file(HbaFileName, file, &hba_lines, &hba_line_nums, &hba_raw_lines);
FreeFile(file);
/* Now parse all the lines */
hbacxt = AllocSetContextCreate(TopMemoryContext,
"hba parser context",
ALLOCSET_DEFAULT_MINSIZE,
ALLOCSET_DEFAULT_MINSIZE,
ALLOCSET_DEFAULT_MAXSIZE);
oldcxt = MemoryContextSwitchTo(hbacxt);
forthree(line, hba_lines, line_num, hba_line_nums, raw_line, hba_raw_lines)
{
HbaLine *newline;
if ((newline = parse_hba_line(lfirst(line), lfirst_int(line_num), lfirst(raw_line))) == NULL)
{
/*
* Parse error in the file, so indicate there's a problem. NB: a
* problem in a line will free the memory for all previous lines
* as well!
*/
MemoryContextReset(hbacxt);
new_parsed_lines = NIL;
ok = false;
/*
* Keep parsing the rest of the file so we can report errors on
* more than the first row. Error has already been reported in the
* parsing function, so no need to log it here.
*/
continue;
}
new_parsed_lines = lappend(new_parsed_lines, newline);
}
/*
* A valid HBA file must have at least one entry; else there's no way to
* connect to the postmaster. But only complain about this if we didn't
* already have parsing errors.
*/
if (ok && new_parsed_lines == NIL)
{
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("configuration file \"%s\" contains no entries",
HbaFileName)));
ok = false;
}
/* Free tokenizer memory */
MemoryContextDelete(linecxt);
MemoryContextSwitchTo(oldcxt);
if (!ok)
{
/* File contained one or more errors, so bail out */
MemoryContextDelete(hbacxt);
return false;
}
/* Loaded new file successfully, replace the one we use */
if (parsed_hba_context != NULL)
MemoryContextDelete(parsed_hba_context);
parsed_hba_context = hbacxt;
parsed_hba_lines = new_parsed_lines;
return true;
}
| bool load_ident | ( | void | ) |
Definition at line 2155 of file hba.c.
References AllocateFile(), ALLOCSET_DEFAULT_MAXSIZE, ALLOCSET_DEFAULT_MINSIZE, AllocSetContextCreate(), ereport, errcode_for_file_access(), errmsg(), forboth, FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, lfirst_int, LOG, MemoryContextDelete(), MemoryContextReset(), MemoryContextSwitchTo(), NULL, parse_ident_line(), pg_regfree(), IdentLine::re, tokenize_file(), and TopMemoryContext.
Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().
{
FILE *file;
List *ident_lines = NIL;
List *ident_line_nums = NIL;
ListCell *line_cell,
*num_cell,
*parsed_line_cell;
List *new_parsed_lines = NIL;
bool ok = true;
MemoryContext linecxt;
MemoryContext oldcxt;
MemoryContext ident_context;
IdentLine *newline;
file = AllocateFile(IdentFileName, "r");
if (file == NULL)
{
/* not fatal ... we just won't do any special ident maps */
ereport(LOG,
(errcode_for_file_access(),
errmsg("could not open usermap file \"%s\": %m",
IdentFileName)));
return false;
}
linecxt = tokenize_file(IdentFileName, file, &ident_lines, &ident_line_nums, NULL);
FreeFile(file);
/* Now parse all the lines */
ident_context = AllocSetContextCreate(TopMemoryContext,
"ident parser context",
ALLOCSET_DEFAULT_MINSIZE,
ALLOCSET_DEFAULT_MINSIZE,
ALLOCSET_DEFAULT_MAXSIZE);
oldcxt = MemoryContextSwitchTo(ident_context);
forboth(line_cell, ident_lines, num_cell, ident_line_nums)
{
if ((newline = parse_ident_line(lfirst(line_cell), lfirst_int(num_cell))) == NULL)
{
/*
* Parse error in the file, so indicate there's a problem. Free
* all the memory and regular expressions of lines parsed so far.
*/
foreach(parsed_line_cell, new_parsed_lines)
{
newline = (IdentLine *) lfirst(parsed_line_cell);
if (newline->ident_user[0] == '/')
pg_regfree(&newline->re);
}
MemoryContextReset(ident_context);
new_parsed_lines = NIL;
ok = false;
/*
* Keep parsing the rest of the file so we can report errors on
* more than the first row. Error has already been reported in the
* parsing function, so no need to log it here.
*/
continue;
}
new_parsed_lines = lappend(new_parsed_lines, newline);
}
/* Free tokenizer memory */
MemoryContextDelete(linecxt);
MemoryContextSwitchTo(oldcxt);
if (!ok)
{
/* File contained one or more errors, so bail out */
foreach(parsed_line_cell, new_parsed_lines)
{
newline = (IdentLine *) lfirst(parsed_line_cell);
if (newline->ident_user[0] == '/')
pg_regfree(&newline->re);
}
MemoryContextDelete(ident_context);
return false;
}
/* Loaded new file successfully, replace the one we use */
if (parsed_ident_lines != NULL)
{
foreach(parsed_line_cell, parsed_ident_lines)
{
newline = (IdentLine *) lfirst(parsed_line_cell);
if (newline->ident_user[0] == '/')
pg_regfree(&newline->re);
}
MemoryContextDelete(parsed_ident_context);
}
parsed_ident_context = ident_context;
parsed_ident_lines = new_parsed_lines;
return true;
}
| bool pg_isblank | ( | const char | c | ) |
Definition at line 108 of file hba.c.
Referenced by interpret_ident_response(), and next_token().
1.7.1