386 const char *logdetail = NULL;
408 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
409 errmsg(
"client certificates can only be checked if a root certificate store is available")));
417 if (!
port->peer_cert_valid)
419 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
420 errmsg(
"connection requires a valid client certificate")));
426 switch (
port->hba->auth_method)
441 char hostinfo[NI_MAXHOST];
442 const char *encryption_state;
445 hostinfo,
sizeof(hostinfo),
451 (
port->gss &&
port->gss->enc) ?
_(
"GSS encryption") :
454 port->ssl_in_use ?
_(
"SSL encryption") :
460 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
462 errmsg(
"pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
463 hostinfo,
port->user_name,
467 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
469 errmsg(
"pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
470 hostinfo,
port->user_name,
487 char hostinfo[NI_MAXHOST];
488 const char *encryption_state;
491 hostinfo,
sizeof(hostinfo),
497 (
port->gss &&
port->gss->enc) ?
_(
"GSS encryption") :
500 port->ssl_in_use ?
_(
"SSL encryption") :
504 #define HOSTNAME_LOOKUP_DETAIL(port) \
505 (port->remote_hostname ? \
506 (port->remote_hostname_resolv == +1 ? \
507 errdetail_log("Client IP address resolved to \"%s\", forward lookup matches.", \
508 port->remote_hostname) : \
509 port->remote_hostname_resolv == 0 ? \
510 errdetail_log("Client IP address resolved to \"%s\", forward lookup not checked.", \
511 port->remote_hostname) : \
512 port->remote_hostname_resolv == -1 ? \
513 errdetail_log("Client IP address resolved to \"%s\", forward lookup does not match.", \
514 port->remote_hostname) : \
515 port->remote_hostname_resolv == -2 ? \
516 errdetail_log("Could not translate client host name \"%s\" to IP address: %s.", \
517 port->remote_hostname, \
518 gai_strerror(port->remote_hostname_errcode)) : \
520 : (port->remote_hostname_resolv == -2 ? \
521 errdetail_log("Could not resolve client IP address to a host name: %s.", \
522 gai_strerror(port->remote_hostname_errcode)) : \
527 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
529 errmsg(
"no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
530 hostinfo,
port->user_name,
535 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
537 errmsg(
"no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
538 hostinfo,
port->user_name,
548 if (
port->gss == NULL)
549 port->gss = (pg_gssinfo *)
552 port->gss->auth =
true;
559 status = pg_GSS_checkauth(
port);
563 status = pg_GSS_recvauth(
port);
572 if (
port->gss == NULL)
573 port->gss = (pg_gssinfo *)
577 status = pg_SSPI_recvauth(
port);
602 status = CheckPAMAuth(
port,
port->user_name,
"");
610 status = CheckBSDAuth(
port,
port->user_name);
618 status = CheckLDAPAuth(
port);
641 status = CheckCertAuth(
port);
648 (*ClientAuthentication_hook) (
port, status);
void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, int extralen)
static int CheckPWChallengeAuth(Port *port, const char **logdetail)
static int ident_inet(hbaPort *port)
static int CheckRADIUSAuth(Port *port)
static void auth_failed(Port *port, int status, const char *logdetail)
ClientAuthentication_hook_type ClientAuthentication_hook
static int auth_peer(hbaPort *port)
#define HOSTNAME_LOOKUP_DETAIL(port)
static int CheckPasswordAuth(Port *port, const char **logdetail)
bool secure_loaded_verify_locations(void)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
void hba_getauthmethod(hbaPort *port)
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
Assert(fmt[strlen(fmt) - 1] !='\n')
MemoryContext TopMemoryContext
void * MemoryContextAllocZero(MemoryContext context, Size size)
#define CHECK_FOR_INTERRUPTS()