PostgreSQL Source Code
git master
|
#include "postgres.h"
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include "commands/user.h"
#include "common/ip.h"
#include "common/md5.h"
#include "common/scram-common.h"
#include "libpq/auth.h"
#include "libpq/crypt.h"
#include "libpq/libpq.h"
#include "libpq/pqformat.h"
#include "libpq/scram.h"
#include "miscadmin.h"
#include "port/pg_bswap.h"
#include "replication/walsender.h"
#include "storage/ipc.h"
#include "utils/memutils.h"
#include "utils/timestamp.h"
Go to the source code of this file.
Data Structures | |
struct | radius_attribute |
struct | radius_packet |
Macros | |
#define | IDENT_USERNAME_MAX 512 |
#define | IDENT_PORT 113 |
#define | PG_MAX_AUTH_TOKEN_LENGTH 65535 |
#define | PG_MAX_SASL_MESSAGE_LENGTH 1024 |
#define | HOSTNAME_LOOKUP_DETAIL(port) |
#define | RADIUS_VECTOR_LENGTH 16 |
#define | RADIUS_HEADER_LENGTH 20 |
#define | RADIUS_MAX_PASSWORD_LENGTH 128 |
#define | RADIUS_BUFFER_SIZE 1024 |
#define | RADIUS_ACCESS_REQUEST 1 |
#define | RADIUS_ACCESS_ACCEPT 2 |
#define | RADIUS_ACCESS_REJECT 3 |
#define | RADIUS_USER_NAME 1 |
#define | RADIUS_PASSWORD 2 |
#define | RADIUS_SERVICE_TYPE 6 |
#define | RADIUS_NAS_IDENTIFIER 32 |
#define | RADIUS_AUTHENTICATE_ONLY 8 |
#define | RADIUS_TIMEOUT 3 |
Functions | |
static void | sendAuthRequest (Port *port, AuthRequest areq, const char *extradata, int extralen) |
static void | auth_failed (Port *port, int status, char *logdetail) |
static char * | recv_password_packet (Port *port) |
static int | CheckPasswordAuth (Port *port, char **logdetail) |
static int | CheckPWChallengeAuth (Port *port, char **logdetail) |
static int | CheckMD5Auth (Port *port, char *shadow_pass, char **logdetail) |
static int | CheckSCRAMAuth (Port *port, char *shadow_pass, char **logdetail) |
static int | ident_inet (hbaPort *port) |
static int | auth_peer (hbaPort *port) |
static int | CheckRADIUSAuth (Port *port) |
static int | PerformRadiusTransaction (const char *server, const char *secret, const char *portstr, const char *identifier, const char *user_name, const char *passwd) |
void | ClientAuthentication (Port *port) |
static bool | interpret_ident_response (const char *ident_response, char *ident_user) |
static void | radius_add_attribute (radius_packet *packet, uint8 type, const unsigned char *data, int len) |
Variables | |
char * | pg_krb_server_keyfile |
bool | pg_krb_caseins_users |
ClientAuthentication_hook_type | ClientAuthentication_hook = NULL |
#define HOSTNAME_LOOKUP_DETAIL | ( | port | ) |
Referenced by ClientAuthentication().
#define IDENT_PORT 113 |
Definition at line 71 of file auth.c.
Referenced by ident_inet().
#define IDENT_USERNAME_MAX 512 |
Definition at line 68 of file auth.c.
Referenced by ident_inet(), and interpret_ident_response().
#define PG_MAX_AUTH_TOKEN_LENGTH 65535 |
Definition at line 221 of file auth.c.
Referenced by CheckSCRAMAuth().
#define PG_MAX_SASL_MESSAGE_LENGTH 1024 |
Definition at line 229 of file auth.c.
Referenced by CheckSCRAMAuth().
#define RADIUS_ACCESS_ACCEPT 2 |
Definition at line 2872 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_ACCESS_REJECT 3 |
Definition at line 2873 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_ACCESS_REQUEST 1 |
Definition at line 2871 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_AUTHENTICATE_ONLY 8 |
Definition at line 2882 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_BUFFER_SIZE 1024 |
Definition at line 2851 of file auth.c.
Referenced by PerformRadiusTransaction(), and radius_add_attribute().
#define RADIUS_HEADER_LENGTH 20 |
Definition at line 2847 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_MAX_PASSWORD_LENGTH 128 |
Definition at line 2848 of file auth.c.
Referenced by CheckRADIUSAuth(), and PerformRadiusTransaction().
#define RADIUS_NAS_IDENTIFIER 32 |
Definition at line 2879 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_PASSWORD 2 |
Definition at line 2877 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_SERVICE_TYPE 6 |
Definition at line 2878 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_TIMEOUT 3 |
Definition at line 2885 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_USER_NAME 1 |
Definition at line 2876 of file auth.c.
Referenced by PerformRadiusTransaction().
#define RADIUS_VECTOR_LENGTH 16 |
Definition at line 2846 of file auth.c.
Referenced by PerformRadiusTransaction().
|
static |
Definition at line 257 of file auth.c.
References _, HbaLine::auth_method, ereport, errcode(), ERRCODE_INVALID_PASSWORD, errdetail_log(), errmsg(), FATAL, gettext_noop, Port::hba, HbaLine::linenumber, proc_exit(), psprintf(), HbaLine::rawline, STATUS_EOF, uaBSD, uaCert, uaGSS, uaIdent, uaImplicitReject, uaLDAP, uaMD5, uaPAM, uaPassword, uaRADIUS, uaReject, uaSCRAM, uaSSPI, uaTrust, and Port::user_name.
Referenced by ClientAuthentication().
|
static |
Definition at line 1923 of file auth.c.
References _, SockAddr::addr, appendBinaryStringInfo(), appendStringInfo(), appendStringInfoChar(), appendStringInfoString(), Assert, HbaLine::auth_method, AUTH_REQ_PASSWORD, calloc, check_usermap(), HbaLine::clientcert, clientCertFull, HbaLine::conntype, ctLocal, StringInfoData::data, ereport, errcode(), errcode_for_socket_access(), errdetail(), errdetail_plural(), errhint(), errmsg(), errmsg_internal(), error(), free, gai_strerror, getpeereid(), Port::hba, i, initStringInfo(), HbaLine::ldapbasedn, HbaLine::ldapbinddn, HbaLine::ldapbindpasswd, HbaLine::ldapport, HbaLine::ldapprefix, HbaLine::ldapscheme, HbaLine::ldapscope, HbaLine::ldapsearchattribute, HbaLine::ldapsearchfilter, HbaLine::ldapserver, HbaLine::ldapsuffix, HbaLine::ldaptls, StringInfoData::len, LOG, NI_MAXHOST, NI_NUMERICHOST, NI_NUMERICSERV, output(), HbaLine::pam_use_hostname, HbaLine::pamservice, password, Port::peer_cn, pfree(), pg_getnameinfo_all(), port, psprintf(), pstrdup(), Port::raddr, recv_password_packet(), SockAddr::salen, sendAuthRequest(), Port::sock, STATUS_EOF, STATUS_ERROR, STATUS_OK, strerror, uaCert, unconstify, user, Port::user_name, HbaLine::usermap, and WARNING.
Referenced by ClientAuthentication().
|
static |
Definition at line 823 of file auth.c.
References AUTH_REQ_MD5, Db_user_namespace, ereport, errcode(), errmsg(), FATAL, LOG, md5_crypt_verify(), pfree(), pg_strong_random(), recv_password_packet(), sendAuthRequest(), STATUS_EOF, STATUS_ERROR, and Port::user_name.
Referenced by CheckPWChallengeAuth().
|
static |
Definition at line 735 of file auth.c.
References AUTH_REQ_PASSWORD, get_role_password(), pfree(), plain_crypt_verify(), recv_password_packet(), sendAuthRequest(), STATUS_EOF, STATUS_ERROR, and Port::user_name.
Referenced by ClientAuthentication().
|
static |
Definition at line 767 of file auth.c.
References Assert, HbaLine::auth_method, CheckMD5Auth(), CheckSCRAMAuth(), get_password_type(), get_role_password(), Port::hba, Password_encryption, PASSWORD_TYPE_MD5, pfree(), STATUS_ERROR, STATUS_OK, uaMD5, uaSCRAM, and Port::user_name.
Referenced by ClientAuthentication().
|
static |
Definition at line 2914 of file auth.c.
References Assert, AUTH_REQ_PASSWORD, ereport, errmsg(), Port::hba, lfirst, list_head(), list_length(), lnext(), LOG, offsetof, PerformRadiusTransaction(), pfree(), RADIUS_MAX_PASSWORD_LENGTH, HbaLine::radiusidentifiers, HbaLine::radiusports, HbaLine::radiussecrets, HbaLine::radiusservers, recv_password_packet(), sendAuthRequest(), STATUS_EOF, STATUS_ERROR, STATUS_OK, and Port::user_name.
Referenced by ClientAuthentication().
|
static |
Definition at line 860 of file auth.c.
References _, appendStringInfoChar(), Assert, AUTH_REQ_GSS_CONT, AUTH_REQ_SASL, AUTH_REQ_SASL_CONT, AUTH_REQ_SASL_FIN, buf, CHECK_FOR_INTERRUPTS, check_usermap(), HbaLine::compat_realm, StringInfoData::data, DEBUG2, DEBUG4, DEBUG5, elog, ereport, errcode(), errdetail_internal(), errmsg(), errmsg_internal(), ERROR, FATAL, free, Port::gss, Port::hba, HbaLine::include_realm, initStringInfo(), HbaLine::krb_realm, StringInfoData::len, LOG, malloc, MAXPGPATH, MemoryContextStrdup(), output(), palloc(), pfree(), pg_be_scram_exchange(), pg_be_scram_get_mechanisms(), pg_be_scram_init(), pg_GSS_error(), pg_krb_caseins_users, pg_krb_server_keyfile, PG_MAX_AUTH_TOKEN_LENGTH, PG_MAX_SASL_MESSAGE_LENGTH, pg_strcasecmp(), port, pq_getbyte(), pq_getmessage(), pq_getmsgbytes(), pq_getmsgend(), pq_getmsgint(), pq_getmsgrawstring(), pq_startmsgread(), psprintf(), SASL_EXCHANGE_CONTINUE, SASL_EXCHANGE_SUCCESS, sendAuthRequest(), setenv, status(), STATUS_EOF, STATUS_ERROR, STATUS_OK, TopMemoryContext, HbaLine::upn_username, Port::user_name, and HbaLine::usermap.
Referenced by CheckPWChallengeAuth().
void ClientAuthentication | ( | Port * | port | ) |
Definition at line 345 of file auth.c.
References _, SockAddr::addr, am_db_walsender, am_walsender, Assert, auth_failed(), HbaLine::auth_method, auth_peer(), AUTH_REQ_GSS, AUTH_REQ_OK, AUTH_REQ_SSPI, CHECK_FOR_INTERRUPTS, CheckPasswordAuth(), CheckPWChallengeAuth(), CheckRADIUSAuth(), ClientAuthentication_hook, HbaLine::clientcert, clientCertFull, clientCertOff, Port::database_name, ereport, errcode(), errmsg(), FATAL, Port::gss, Port::hba, hba_getauthmethod(), HOSTNAME_LOOKUP_DETAIL, ident_inet(), MemoryContextAllocZero(), NI_MAXHOST, NI_NUMERICHOST, Port::peer_cert_valid, pg_getnameinfo_all(), port, Port::raddr, SockAddr::salen, secure_loaded_verify_locations(), sendAuthRequest(), Port::ssl_in_use, status(), STATUS_ERROR, STATUS_OK, TopMemoryContext, uaBSD, uaCert, uaGSS, uaIdent, uaImplicitReject, uaLDAP, uaMD5, uaPAM, uaPassword, uaRADIUS, uaReject, uaSCRAM, uaSSPI, uaTrust, and Port::user_name.
Referenced by PerformAuthentication().
|
static |
Definition at line 1745 of file auth.c.
References SockAddr::addr, addrinfo::ai_addr, addrinfo::ai_addrlen, addrinfo::ai_family, AI_NUMERICHOST, addrinfo::ai_protocol, addrinfo::ai_socktype, bind, CHECK_FOR_INTERRUPTS, check_usermap(), closesocket, connect, EINTR, ereport, errcode_for_socket_access(), errmsg(), Port::hba, IDENT_PORT, IDENT_USERNAME_MAX, interpret_ident_response(), Port::laddr, LOG, NI_MAXHOST, NI_MAXSERV, NI_NUMERICHOST, NI_NUMERICSERV, pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_getnameinfo_all(), PGINVALID_SOCKET, Port::raddr, recv, SockAddr::salen, send, snprintf, socket, STATUS_ERROR, Port::user_name, and HbaLine::usermap.
Referenced by ClientAuthentication().
|
static |
Definition at line 1662 of file auth.c.
References i, IDENT_USERNAME_MAX, and pg_isblank().
Referenced by ident_inet().
|
static |
Definition at line 3007 of file auth.c.
References addrinfo::ai_family, addrinfo::ai_socktype, bind, closesocket, radius_packet::code, EINTR, ereport, errmsg(), gai_strerror, gettimeofday(), i, radius_packet::id, radius_packet::length, LOG, MemSet, palloc(), pfree(), pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_hton16, pg_hton32, pg_md5_binary(), pg_ntoh16, pg_strong_random(), PGINVALID_SOCKET, port, RADIUS_ACCESS_ACCEPT, RADIUS_ACCESS_REJECT, RADIUS_ACCESS_REQUEST, radius_add_attribute(), RADIUS_AUTHENTICATE_ONLY, RADIUS_BUFFER_SIZE, RADIUS_HEADER_LENGTH, RADIUS_MAX_PASSWORD_LENGTH, RADIUS_NAS_IDENTIFIER, RADIUS_PASSWORD, RADIUS_SERVICE_TYPE, RADIUS_TIMEOUT, RADIUS_USER_NAME, RADIUS_VECTOR_LENGTH, select, socket, STATUS_EOF, STATUS_ERROR, STATUS_OK, and radius_packet::vector.
Referenced by CheckRADIUSAuth().
|
static |
Definition at line 2888 of file auth.c.
References radius_attribute::attribute, radius_attribute::data, elog, radius_attribute::length, radius_packet::length, RADIUS_BUFFER_SIZE, generate_unaccent_rules::type, and WARNING.
Referenced by PerformRadiusTransaction().
|
static |
Definition at line 653 of file auth.c.
References buf, StringInfoData::data, DEBUG5, elog, ereport, errcode(), ERRCODE_INVALID_PASSWORD, errmsg(), ERROR, initStringInfo(), StringInfoData::len, pfree(), pq_getbyte(), pq_getmessage(), and pq_startmsgread().
Referenced by auth_peer(), CheckMD5Auth(), CheckPasswordAuth(), and CheckRADIUSAuth().
|
static |
Definition at line 623 of file auth.c.
References AUTH_REQ_OK, AUTH_REQ_SASL_FIN, buf, CHECK_FOR_INTERRUPTS, pq_beginmessage(), pq_endmessage(), pq_flush, pq_sendbytes(), and pq_sendint32().
Referenced by auth_peer(), CheckMD5Auth(), CheckPasswordAuth(), CheckRADIUSAuth(), CheckSCRAMAuth(), and ClientAuthentication().
ClientAuthentication_hook_type ClientAuthentication_hook = NULL |
Definition at line 241 of file auth.c.
Referenced by _PG_init(), ClientAuthentication(), and sepgsql_init_client_label().
bool pg_krb_caseins_users |
Definition at line 170 of file auth.c.
Referenced by CheckSCRAMAuth().
char* pg_krb_server_keyfile |
Definition at line 169 of file auth.c.
Referenced by CheckSCRAMAuth(), and secure_open_gssapi().