388 const char *logdetail = NULL;
410 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
411 errmsg(
"client certificates can only be checked if a root certificate store is available")));
419 if (!
port->peer_cert_valid)
421 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
422 errmsg(
"connection requires a valid client certificate")));
428 switch (
port->hba->auth_method)
444 const char *encryption_state;
447 hostinfo,
sizeof(hostinfo),
453 (
port->gss &&
port->gss->enc) ?
_(
"GSS encryption") :
456 port->ssl_in_use ?
_(
"SSL encryption") :
462 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
464 errmsg(
"pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
465 hostinfo,
port->user_name,
469 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
471 errmsg(
"pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
472 hostinfo,
port->user_name,
490 const char *encryption_state;
493 hostinfo,
sizeof(hostinfo),
499 (
port->gss &&
port->gss->enc) ?
_(
"GSS encryption") :
502 port->ssl_in_use ?
_(
"SSL encryption") :
506 #define HOSTNAME_LOOKUP_DETAIL(port) \
507 (port->remote_hostname ? \
508 (port->remote_hostname_resolv == +1 ? \
509 errdetail_log("Client IP address resolved to \"%s\", forward lookup matches.", \
510 port->remote_hostname) : \
511 port->remote_hostname_resolv == 0 ? \
512 errdetail_log("Client IP address resolved to \"%s\", forward lookup not checked.", \
513 port->remote_hostname) : \
514 port->remote_hostname_resolv == -1 ? \
515 errdetail_log("Client IP address resolved to \"%s\", forward lookup does not match.", \
516 port->remote_hostname) : \
517 port->remote_hostname_resolv == -2 ? \
518 errdetail_log("Could not translate client host name \"%s\" to IP address: %s.", \
519 port->remote_hostname, \
520 gai_strerror(port->remote_hostname_errcode)) : \
522 : (port->remote_hostname_resolv == -2 ? \
523 errdetail_log("Could not resolve client IP address to a host name: %s.", \
524 gai_strerror(port->remote_hostname_errcode)) : \
529 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
531 errmsg(
"no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
532 hostinfo,
port->user_name,
537 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
539 errmsg(
"no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
540 hostinfo,
port->user_name,
550 if (
port->gss == NULL)
551 port->gss = (pg_gssinfo *)
554 port->gss->auth =
true;
574 if (
port->gss == NULL)
575 port->gss = (pg_gssinfo *)
void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, int extralen)
static int CheckPWChallengeAuth(Port *port, const char **logdetail)
static int ident_inet(hbaPort *port)
static int CheckRADIUSAuth(Port *port)
static void auth_failed(Port *port, int status, const char *logdetail)
ClientAuthentication_hook_type ClientAuthentication_hook
static int auth_peer(hbaPort *port)
#define HOSTNAME_LOOKUP_DETAIL(port)
static int CheckPasswordAuth(Port *port, const char **logdetail)
bool secure_loaded_verify_locations(void)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
void hba_getauthmethod(hbaPort *port)
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
Assert(fmt[strlen(fmt) - 1] !='\n')
MemoryContext TopMemoryContext
void * MemoryContextAllocZero(MemoryContext context, Size size)
#define CHECK_FOR_INTERRUPTS()
static void static void status(const char *fmt,...) pg_attribute_printf(1