PostgreSQL Source Code
git master
|
#include "postgres.h"
#include <sys/param.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <pwd.h>
#include <unistd.h>
#include "commands/user.h"
#include "common/ip.h"
#include "common/md5.h"
#include "libpq/auth.h"
#include "libpq/crypt.h"
#include "libpq/libpq.h"
#include "libpq/pqformat.h"
#include "libpq/sasl.h"
#include "libpq/scram.h"
#include "miscadmin.h"
#include "port/pg_bswap.h"
#include "postmaster/postmaster.h"
#include "replication/walsender.h"
#include "storage/ipc.h"
#include "utils/memutils.h"
Go to the source code of this file.
Data Structures | |
struct | radius_attribute |
struct | radius_packet |
Macros | |
#define | IDENT_USERNAME_MAX 512 |
#define | IDENT_PORT 113 |
#define | PG_MAX_AUTH_TOKEN_LENGTH 65535 |
#define | HOSTNAME_LOOKUP_DETAIL(port) |
#define | RADIUS_VECTOR_LENGTH 16 |
#define | RADIUS_HEADER_LENGTH 20 |
#define | RADIUS_MAX_PASSWORD_LENGTH 128 |
#define | RADIUS_BUFFER_SIZE 1024 |
#define | RADIUS_ACCESS_REQUEST 1 |
#define | RADIUS_ACCESS_ACCEPT 2 |
#define | RADIUS_ACCESS_REJECT 3 |
#define | RADIUS_USER_NAME 1 |
#define | RADIUS_PASSWORD 2 |
#define | RADIUS_SERVICE_TYPE 6 |
#define | RADIUS_NAS_IDENTIFIER 32 |
#define | RADIUS_AUTHENTICATE_ONLY 8 |
#define | RADIUS_TIMEOUT 3 |
Functions | |
static void | auth_failed (Port *port, int status, const char *logdetail) |
static char * | recv_password_packet (Port *port) |
static void | set_authn_id (Port *port, const char *id) |
static int | CheckPasswordAuth (Port *port, const char **logdetail) |
static int | CheckPWChallengeAuth (Port *port, const char **logdetail) |
static int | CheckMD5Auth (Port *port, char *shadow_pass, const char **logdetail) |
static int | ident_inet (hbaPort *port) |
static int | auth_peer (hbaPort *port) |
static int | CheckRADIUSAuth (Port *port) |
static int | PerformRadiusTransaction (const char *server, const char *secret, const char *portstr, const char *identifier, const char *user_name, const char *passwd) |
void | ClientAuthentication (Port *port) |
void | sendAuthRequest (Port *port, AuthRequest areq, const char *extradata, int extralen) |
static bool | interpret_ident_response (const char *ident_response, char *ident_user) |
static void | radius_add_attribute (radius_packet *packet, uint8 type, const unsigned char *data, int len) |
Variables | |
char * | pg_krb_server_keyfile |
bool | pg_krb_caseins_users |
bool | pg_gss_accept_delegation |
ClientAuthentication_hook_type | ClientAuthentication_hook = NULL |
#define HOSTNAME_LOOKUP_DETAIL | ( | port | ) |
|
static |
Definition at line 246 of file auth.c.
References _, ereport, errcode(), ERRCODE_INVALID_PASSWORD, errdetail_log(), errmsg(), FATAL, gettext_noop, port, proc_exit(), psprintf(), STATUS_EOF, uaBSD, uaCert, uaGSS, uaIdent, uaImplicitReject, uaLDAP, uaMD5, uaPAM, uaPassword, uaPeer, uaRADIUS, uaReject, uaSCRAM, uaSSPI, and uaTrust.
Referenced by ClientAuthentication().
|
static |
Definition at line 1855 of file auth.c.
References Assert, ClientConnectionInfo::authn_id, buf, check_usermap(), ereport, errcode(), errcode_for_socket_access(), errmsg(), getpeereid(), LOG, MyClientConnectionInfo, port, set_authn_id(), and STATUS_ERROR.
Referenced by ClientAuthentication().
|
static |
Definition at line 882 of file auth.c.
References AUTH_REQ_MD5, ereport, errmsg(), LOG, md5_crypt_verify(), pfree(), pg_strong_random(), port, recv_password_packet(), sendAuthRequest(), STATUS_EOF, and STATUS_ERROR.
Referenced by CheckPWChallengeAuth().
|
static |
Definition at line 787 of file auth.c.
References AUTH_REQ_PASSWORD, get_role_password(), pfree(), plain_crypt_verify(), port, recv_password_packet(), sendAuthRequest(), set_authn_id(), STATUS_EOF, STATUS_ERROR, and STATUS_OK.
Referenced by ClientAuthentication().
|
static |
Definition at line 822 of file auth.c.
References Assert, CheckMD5Auth(), CheckSASLAuth(), get_password_type(), get_role_password(), Password_encryption, PASSWORD_TYPE_MD5, pfree(), pg_be_scram_mech, port, set_authn_id(), STATUS_OK, uaMD5, and uaSCRAM.
Referenced by ClientAuthentication().
|
static |
Definition at line 2844 of file auth.c.
References Assert, AUTH_REQ_PASSWORD, ereport, errmsg(), lfirst, list_head(), list_length(), lnext(), LOG, NIL, PerformRadiusTransaction(), pfree(), port, RADIUS_MAX_PASSWORD_LENGTH, recv_password_packet(), sendAuthRequest(), set_authn_id(), STATUS_EOF, STATUS_ERROR, and STATUS_OK.
Referenced by ClientAuthentication().
void ClientAuthentication | ( | Port * | port | ) |
Definition at line 382 of file auth.c.
References _, am_db_walsender, am_walsender, Assert, auth_failed(), auth_peer(), AUTH_REQ_GSS, AUTH_REQ_OK, AUTH_REQ_SSPI, ClientConnectionInfo::authn_id, CHECK_FOR_INTERRUPTS, CheckPasswordAuth(), CheckPWChallengeAuth(), CheckRADIUSAuth(), ClientAuthentication_hook, clientCertFull, clientCertOff, ereport, errcode(), errmsg(), FATAL, hba_authname(), hba_getauthmethod(), HOSTNAME_LOOKUP_DETAIL, ident_inet(), LOG, Log_connections, MemoryContextAllocZero(), MyClientConnectionInfo, pg_getnameinfo_all(), port, secure_loaded_verify_locations(), sendAuthRequest(), STATUS_ERROR, STATUS_OK, TopMemoryContext, uaBSD, uaCert, uaGSS, uaIdent, uaImplicitReject, uaLDAP, uaMD5, uaPAM, uaPassword, uaPeer, uaRADIUS, uaReject, uaSCRAM, uaSSPI, and uaTrust.
Referenced by PerformAuthentication().
|
static |
Definition at line 1670 of file auth.c.
References SockAddr::addr, bind, CHECK_FOR_INTERRUPTS, check_usermap(), closesocket, connect, EINTR, ereport, errcode_for_socket_access(), errmsg(), IDENT_PORT, IDENT_USERNAME_MAX, interpret_ident_response(), LOG, pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_getnameinfo_all(), PGINVALID_SOCKET, port, recv, SockAddr::salen, send, set_authn_id(), snprintf, socket, and STATUS_ERROR.
Referenced by ClientAuthentication().
|
static |
Definition at line 1589 of file auth.c.
References i, IDENT_USERNAME_MAX, and pg_isblank().
Referenced by ident_inet().
|
static |
Definition at line 2939 of file auth.c.
References bind, closesocket, radius_packet::code, EINTR, ereport, errmsg(), gai_strerror(), gettimeofday(), i, radius_packet::id, j, radius_packet::length, LOG, MemSet, now(), palloc(), pfree(), pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_hton16, pg_hton32, pg_md5_binary(), pg_ntoh16, pg_strong_random(), PGINVALID_SOCKET, port, portstr, RADIUS_ACCESS_ACCEPT, RADIUS_ACCESS_REJECT, RADIUS_ACCESS_REQUEST, radius_add_attribute(), RADIUS_AUTHENTICATE_ONLY, RADIUS_BUFFER_SIZE, RADIUS_HEADER_LENGTH, RADIUS_MAX_PASSWORD_LENGTH, RADIUS_NAS_IDENTIFIER, RADIUS_PASSWORD, RADIUS_SERVICE_TYPE, RADIUS_TIMEOUT, RADIUS_USER_NAME, RADIUS_VECTOR_LENGTH, select, socket, STATUS_EOF, STATUS_ERROR, STATUS_OK, and radius_packet::vector.
Referenced by CheckRADIUSAuth().
|
static |
Definition at line 2818 of file auth.c.
References radius_attribute::attribute, radius_attribute::data, data, elog, len, radius_attribute::length, radius_packet::length, RADIUS_BUFFER_SIZE, type, and WARNING.
Referenced by PerformRadiusTransaction().
|
static |
Definition at line 706 of file auth.c.
References buf, DEBUG5, elog, ereport, errcode(), ERRCODE_INVALID_PASSWORD, errmsg(), ERROR, initStringInfo(), pfree(), PG_MAX_AUTH_TOKEN_LENGTH, pq_getbyte(), pq_getmessage(), pq_startmsgread(), and PqMsg_PasswordMessage.
Referenced by CheckMD5Auth(), CheckPasswordAuth(), and CheckRADIUSAuth().
void sendAuthRequest | ( | Port * | port, |
AuthRequest | areq, | ||
const char * | extradata, | ||
int | extralen | ||
) |
Definition at line 676 of file auth.c.
References AUTH_REQ_OK, AUTH_REQ_SASL_FIN, buf, CHECK_FOR_INTERRUPTS, pq_beginmessage(), pq_endmessage(), pq_flush, pq_sendbytes(), pq_sendint32(), and PqMsg_AuthenticationRequest.
Referenced by CheckMD5Auth(), CheckPasswordAuth(), CheckRADIUSAuth(), CheckSASLAuth(), and ClientAuthentication().
|
static |
Definition at line 344 of file auth.c.
References Assert, ClientConnectionInfo::auth_method, ClientConnectionInfo::authn_id, ereport, errdetail_log(), errmsg(), FATAL, hba_authname(), LOG, Log_connections, MemoryContextStrdup(), MyClientConnectionInfo, port, and TopMemoryContext.
Referenced by auth_peer(), CheckPasswordAuth(), CheckPWChallengeAuth(), CheckRADIUSAuth(), and ident_inet().
ClientAuthentication_hook_type ClientAuthentication_hook = NULL |
Definition at line 230 of file auth.c.
Referenced by _PG_init(), ClientAuthentication(), and sepgsql_init_client_label().
bool pg_gss_accept_delegation |
Definition at line 166 of file auth.c.
Referenced by secure_open_gssapi().
char* pg_krb_server_keyfile |
Definition at line 164 of file auth.c.
Referenced by secure_open_gssapi().