Definition at line 345 of file auth.c.
References _, SockAddr::addr, am_walsender, Assert, auth_failed(), HbaLine::auth_method, auth_peer(), AUTH_REQ_GSS, AUTH_REQ_OK, AUTH_REQ_SSPI, CHECK_FOR_INTERRUPTS, CheckPasswordAuth(), CheckPWChallengeAuth(), CheckRADIUSAuth(), ClientAuthentication_hook, HbaLine::clientcert, clientCertFull, clientCertOff, Port::database_name, ereport, errcode(), errmsg(), FATAL, Port::gss, Port::hba, hba_getauthmethod(), HOSTNAME_LOOKUP_DETAIL, ident_inet(), MemoryContextAllocZero(), NI_MAXHOST, NI_NUMERICHOST, Port::peer_cert_valid, pg_getnameinfo_all(), port, Port::raddr, SockAddr::salen, secure_loaded_verify_locations(), sendAuthRequest(), Port::ssl_in_use, status(), STATUS_ERROR, STATUS_OK, TopMemoryContext, uaBSD, uaCert, uaGSS, uaIdent, uaImplicitReject, uaLDAP, uaMD5, uaPAM, uaPassword, uaRADIUS, uaReject, uaSCRAM, uaSSPI, uaTrust, and Port::user_name.
Referenced by PerformAuthentication().
348 char *logdetail = NULL;
370 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
371 errmsg(
"client certificates can only be checked if a root certificate store is available")));
381 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
382 errmsg(
"connection requires a valid client certificate")));
404 const char *encryption_state;
407 hostinfo,
sizeof(hostinfo),
413 (port->
gss && port->
gss->enc) ?
_(
"GSS encryption") :
422 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
424 errmsg(
"pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
429 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
431 errmsg(
"pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
450 const char *encryption_state;
453 hostinfo,
sizeof(hostinfo),
459 (port->
gss && port->
gss->enc) ?
_(
"GSS encryption") :
466 #define HOSTNAME_LOOKUP_DETAIL(port) \ 467 (port->remote_hostname ? \ 468 (port->remote_hostname_resolv == +1 ? \ 469 errdetail_log("Client IP address resolved to \"%s\", forward lookup matches.", \ 470 port->remote_hostname) : \ 471 port->remote_hostname_resolv == 0 ? \ 472 errdetail_log("Client IP address resolved to \"%s\", forward lookup not checked.", \ 473 port->remote_hostname) : \ 474 port->remote_hostname_resolv == -1 ? \ 475 errdetail_log("Client IP address resolved to \"%s\", forward lookup does not match.", \ 476 port->remote_hostname) : \ 477 port->remote_hostname_resolv == -2 ? \ 478 errdetail_log("Could not translate client host name \"%s\" to IP address: %s.", \ 479 port->remote_hostname, \ 480 gai_strerror(port->remote_hostname_errcode)) : \ 482 : (port->remote_hostname_resolv == -2 ? \ 483 errdetail_log("Could not resolve client IP address to a host name: %s.", \ 484 gai_strerror(port->remote_hostname_errcode)) : \ 489 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
491 errmsg(
"no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
497 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
499 errmsg(
"no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
510 if (port->
gss == NULL)
511 port->
gss = (pg_gssinfo *)
514 port->
gss->auth =
true;
521 status = pg_GSS_checkauth(port);
525 status = pg_GSS_recvauth(port);
534 if (port->
gss == NULL)
535 port->
gss = (pg_gssinfo *)
539 status = pg_SSPI_recvauth(port);
564 status = CheckPAMAuth(port, port->
user_name,
"");
572 status = CheckBSDAuth(port, port->
user_name);
580 status = CheckLDAPAuth(port);
603 status = CheckCertAuth(port);
#define HOSTNAME_LOOKUP_DETAIL(port)
static int auth_peer(hbaPort *port)
static void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, int extralen)
struct sockaddr_storage addr
int errcode(int sqlerrcode)
static int CheckRADIUSAuth(Port *port)
static int CheckPWChallengeAuth(Port *port, char **logdetail)
void hba_getauthmethod(hbaPort *port)
ClientAuthentication_hook_type ClientAuthentication_hook
MemoryContext TopMemoryContext
static int ident_inet(hbaPort *port)
static int CheckPasswordAuth(Port *port, char **logdetail)
void * MemoryContextAllocZero(MemoryContext context, Size size)
#define ereport(elevel,...)
#define Assert(condition)
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
ClientCertMode clientcert
bool secure_loaded_verify_locations(void)
int errmsg(const char *fmt,...)
static void auth_failed(Port *port, int status, char *logdetail)
#define CHECK_FOR_INTERRUPTS()
static void static void status(const char *fmt,...) pg_attribute_printf(1