PostgreSQL Source Code
git master
|
#include "postgres.h"
#include <ctype.h>
#include <pwd.h>
#include <fcntl.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include "access/htup_details.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_type.h"
#include "common/ip.h"
#include "funcapi.h"
#include "libpq/ifaddr.h"
#include "libpq/libpq.h"
#include "miscadmin.h"
#include "postmaster/postmaster.h"
#include "regex/regex.h"
#include "replication/walsender.h"
#include "storage/fd.h"
#include "utils/acl.h"
#include "utils/builtins.h"
#include "utils/varlena.h"
#include "utils/guc.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
Go to the source code of this file.
Data Structures | |
struct | check_network_data |
struct | HbaToken |
struct | TokenizedLine |
Macros | |
#define | MAX_TOKEN 256 |
#define | MAX_LINE 8192 |
#define | token_is_keyword(t, k) (!t->quoted && strcmp(t->string, k) == 0) |
#define | token_matches(t, k) (strcmp(t->string, k) == 0) |
#define | INVALID_AUTH_OPTION(optname, validmethods) |
#define | REQUIRE_AUTH_OPTION(methodval, optname, validmethods) |
#define | MANDATORY_AUTH_ARG(argvar, argname, authname) |
#define | IDENT_FIELD_ABSENT(field) |
#define | IDENT_MULTI_VALUE(tokens) |
#define | MAX_HBA_OPTIONS 12 |
#define | NUM_PG_HBA_FILE_RULES_ATTS 9 |
Typedefs | |
typedef struct check_network_data | check_network_data |
typedef struct HbaToken | HbaToken |
typedef struct TokenizedLine | TokenizedLine |
Functions | |
static MemoryContext | tokenize_file (const char *filename, FILE *file, List **tok_lines, int elevel) |
static List * | tokenize_inc_file (List *tokens, const char *outer_filename, const char *inc_filename, int elevel, char **err_msg) |
static bool | parse_hba_auth_opt (char *name, char *val, HbaLine *hbaline, int elevel, char **err_msg) |
static bool | verify_option_list_length (List *options, const char *optionname, List *masters, const char *mastername, int line_num) |
static ArrayType * | gethba_options (HbaLine *hba) |
static void | fill_hba_line (Tuplestorestate *tuple_store, TupleDesc tupdesc, int lineno, HbaLine *hba, const char *err_msg) |
static void | fill_hba_view (Tuplestorestate *tuple_store, TupleDesc tupdesc) |
bool | pg_isblank (const char c) |
static bool | next_token (char **lineptr, char *buf, int bufsz, bool *initial_quote, bool *terminating_comma, int elevel, char **err_msg) |
static HbaToken * | make_hba_token (const char *token, bool quoted) |
static HbaToken * | copy_hba_token (HbaToken *in) |
static List * | next_field_expand (const char *filename, char **lineptr, int elevel, char **err_msg) |
static bool | is_member (Oid userid, const char *role) |
static bool | check_role (const char *role, Oid roleid, List *tokens) |
static bool | check_db (const char *dbname, const char *role, Oid roleid, List *tokens) |
static bool | ipv4eq (struct sockaddr_in *a, struct sockaddr_in *b) |
static bool | hostname_match (const char *pattern, const char *actual_hostname) |
static bool | check_hostname (hbaPort *port, const char *hostname) |
static bool | check_ip (SockAddr *raddr, struct sockaddr *addr, struct sockaddr *mask) |
static void | check_network_callback (struct sockaddr *addr, struct sockaddr *netmask, void *cb_data) |
static bool | check_same_host_or_net (SockAddr *raddr, IPCompareMethod method) |
static HbaLine * | parse_hba_line (TokenizedLine *tok_line, int elevel) |
static void | check_hba (hbaPort *port) |
bool | load_hba (void) |
Datum | pg_hba_file_rules (PG_FUNCTION_ARGS) |
static IdentLine * | parse_ident_line (TokenizedLine *tok_line) |
static void | check_ident_usermap (IdentLine *identLine, const char *usermap_name, const char *pg_role, const char *ident_user, bool case_insensitive, bool *found_p, bool *error_p) |
int | check_usermap (const char *usermap_name, const char *pg_role, const char *auth_user, bool case_insensitive) |
bool | load_ident (void) |
void | hba_getauthmethod (hbaPort *port) |
Variables | |
static List * | parsed_hba_lines = NIL |
static MemoryContext | parsed_hba_context = NULL |
static List * | parsed_ident_lines = NIL |
static MemoryContext | parsed_ident_context = NULL |
static const char *const | UserAuthName [] |
#define IDENT_FIELD_ABSENT | ( | field | ) |
Definition at line 908 of file hba.c.
Referenced by parse_ident_line().
#define IDENT_MULTI_VALUE | ( | tokens | ) |
Definition at line 919 of file hba.c.
Referenced by parse_ident_line().
#define INVALID_AUTH_OPTION | ( | optname, | |
validmethods | |||
) |
Definition at line 860 of file hba.c.
Referenced by parse_hba_auth_opt().
#define MANDATORY_AUTH_ARG | ( | argvar, | |
argname, | |||
authname | |||
) |
Definition at line 880 of file hba.c.
Referenced by parse_hba_line().
#define MAX_HBA_OPTIONS 12 |
Definition at line 2224 of file hba.c.
Referenced by gethba_options().
#define MAX_LINE 8192 |
Definition at line 57 of file hba.c.
Referenced by tokenize_file().
#define MAX_TOKEN 256 |
Definition at line 56 of file hba.c.
Referenced by next_field_expand().
#define NUM_PG_HBA_FILE_RULES_ATTS 9 |
Definition at line 2339 of file hba.c.
Referenced by fill_hba_line().
#define REQUIRE_AUTH_OPTION | ( | methodval, | |
optname, | |||
validmethods | |||
) |
Definition at line 874 of file hba.c.
Referenced by parse_hba_auth_opt().
#define token_is_keyword | ( | t, | |
k | |||
) | (!t->quoted && strcmp(t->string, k) == 0) |
Definition at line 68 of file hba.c.
Referenced by check_db(), check_role(), and parse_hba_line().
#define token_matches | ( | t, | |
k | |||
) | (strcmp(t->string, k) == 0) |
Definition at line 69 of file hba.c.
Referenced by check_db(), and check_role().
typedef struct TokenizedLine TokenizedLine |
Definition at line 610 of file hba.c.
References am_db_walsender, am_walsender, is_member(), lfirst, token_is_keyword, and token_matches.
Referenced by check_hba().
|
static |
Definition at line 2025 of file hba.c.
References SockAddr::addr, HbaLine::addr, HbaLine::auth_method, check_db(), check_hostname(), check_ip(), check_role(), check_same_host_or_net(), HbaLine::conntype, ctHostNoSSL, ctHostSSL, ctLocal, Port::database_name, HbaLine::databases, get_role_oid(), Port::hba, HbaLine::hostname, HbaLine::ip_cmp_method, ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, IS_AF_UNIX, lfirst, HbaLine::mask, palloc0(), Port::raddr, HbaLine::roles, Port::ssl_in_use, uaImplicitReject, and Port::user_name.
Referenced by hba_getauthmethod().
Definition at line 693 of file hba.c.
References SockAddr::addr, addrinfo::ai_addr, addrinfo::ai_next, DEBUG2, elog, freeaddrinfo, getaddrinfo, hostname_match(), ipv4eq(), NI_MAXHOST, NI_NAMEREQD, pg_getnameinfo_all(), pstrdup(), Port::raddr, Port::remote_hostname, Port::remote_hostname_errcode, Port::remote_hostname_resolv, and SockAddr::salen.
Referenced by check_hba().
|
static |
Definition at line 2722 of file hba.c.
References ereport, errcode(), errmsg(), IdentLine::ident_user, LOG, palloc(), palloc0(), pfree(), pg_mb2wchar_with_len(), pg_regerror(), pg_regexec(), IdentLine::pg_role, pg_strcasecmp(), pstrdup(), IdentLine::re, REG_NOMATCH, regmatch_t::rm_eo, regmatch_t::rm_so, and IdentLine::usermap.
Referenced by check_usermap().
Definition at line 786 of file hba.c.
References SockAddr::addr, and pg_range_sockaddr().
Referenced by check_hba(), and check_network_callback().
|
static |
Definition at line 800 of file hba.c.
References check_ip(), ipCmpSameHost, check_network_data::method, pg_sockaddr_cidr_mask(), check_network_data::raddr, and check_network_data::result.
Referenced by check_same_host_or_net().
Definition at line 586 of file hba.c.
References is_member(), lfirst, HbaToken::quoted, HbaToken::string, token_is_keyword, and token_matches.
Referenced by check_hba().
|
static |
Definition at line 827 of file hba.c.
References check_network_callback(), elog, LOG, check_network_data::method, pg_foreach_ifaddr(), check_network_data::raddr, and check_network_data::result.
Referenced by check_hba().
int check_usermap | ( | const char * | usermap_name, |
const char * | pg_role, | ||
const char * | auth_user, | ||
bool | case_insensitive | ||
) |
Definition at line 2858 of file hba.c.
References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.
Referenced by CheckSCRAMAuth(), and ident_inet().
Definition at line 307 of file hba.c.
References make_hba_token(), HbaToken::quoted, and HbaToken::string.
Referenced by parse_hba_line(), and tokenize_inc_file().
|
static |
Definition at line 2354 of file hba.c.
References HbaLine::addr, Assert, HbaLine::auth_method, buffer, clean_ipv6_addr(), HbaLine::conntype, CStringGetTextDatum, ctHost, ctHostNoSSL, ctHostSSL, ctLocal, HbaLine::databases, gethba_options(), heap_form_tuple(), HbaLine::hostname, Int32GetDatum, HbaLine::ip_cmp_method, ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, lappend(), lengthof, lfirst, HbaLine::mask, tupleDesc::natts, NI_MAXHOST, NI_NUMERICHOST, NIL, NUM_PG_HBA_FILE_RULES_ATTS, options, pg_getnameinfo_all(), PointerGetDatum, pstrdup(), HbaLine::roles, StaticAssertStmt, HbaToken::string, strlist_to_textarray(), tuplestore_puttuple(), USER_AUTH_LAST, UserAuthName, and values.
Referenced by fill_hba_view().
|
static |
Definition at line 2528 of file hba.c.
References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate, CurrentMemoryContext, DEBUG3, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), ERROR, fill_hba_line(), FreeFile(), HbaFileName, lfirst, TokenizedLine::line_num, MemoryContextDelete(), MemoryContextSwitchTo(), NIL, parse_hba_line(), and tokenize_file().
Referenced by pg_hba_file_rules().
Definition at line 2231 of file hba.c.
References Assert, HbaLine::auth_method, HbaLine::clientcert, construct_array(), CStringGetTextDatum, HbaLine::include_realm, HbaLine::krb_realm, HbaLine::ldapbasedn, HbaLine::ldapbinddn, HbaLine::ldapbindpasswd, HbaLine::ldapport, HbaLine::ldapprefix, HbaLine::ldapscope, HbaLine::ldapsearchattribute, HbaLine::ldapsearchfilter, HbaLine::ldapserver, HbaLine::ldapsuffix, HbaLine::ldaptls, MAX_HBA_OPTIONS, noptions, HbaLine::pamservice, psprintf(), HbaLine::radiusidentifiers_s, HbaLine::radiusports_s, HbaLine::radiussecrets_s, HbaLine::radiusservers_s, uaGSS, uaLDAP, uaRADIUS, uaSSPI, and HbaLine::usermap.
Referenced by fill_hba_line().
void hba_getauthmethod | ( | hbaPort * | port | ) |
Definition at line 3024 of file hba.c.
References check_hba().
Referenced by ClientAuthentication().
|
static |
|
static |
Definition at line 562 of file hba.c.
References get_role_oid(), is_member_of_role_nosuper(), and OidIsValid.
Referenced by check_db(), and check_role().
bool load_hba | ( | void | ) |
Definition at line 2126 of file hba.c.
References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_hba_line(), PostmasterContext, and tokenize_file().
Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().
bool load_ident | ( | void | ) |
Definition at line 2913 of file hba.c.
References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().
Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().
Definition at line 288 of file hba.c.
References palloc(), HbaToken::quoted, and HbaToken::string.
Referenced by copy_hba_token(), and next_field_expand().
|
static |
Definition at line 330 of file hba.c.
References buf, lappend(), make_hba_token(), MAX_TOKEN, next_token(), NIL, and tokenize_inc_file().
Referenced by tokenize_file().
|
static |
Definition at line 195 of file hba.c.
References Assert, buf, ereport, errcode(), errmsg(), and pg_isblank().
Referenced by base_yylex(), filtered_base_yylex(), and next_field_expand().
|
static |
Definition at line 1647 of file hba.c.
References addrinfo::ai_family, addrinfo::ai_socktype, HbaLine::auth_method, HbaLine::clientcert, HbaLine::compat_realm, HbaLine::conntype, ctHostSSL, ereport, errcode(), errcontext, errmsg(), gai_strerror, gettext_noop, HbaFileName, HbaLine::include_realm, INVALID_AUTH_OPTION, HbaLine::krb_realm, HbaLine::ldapbasedn, HbaLine::ldapbinddn, HbaLine::ldapbindpasswd, HbaLine::ldapport, HbaLine::ldapprefix, HbaLine::ldapscheme, HbaLine::ldapscope, HbaLine::ldapsearchattribute, HbaLine::ldapsearchfilter, HbaLine::ldapserver, HbaLine::ldapsuffix, HbaLine::ldaptls, lfirst, HbaLine::linenumber, list_free(), MemSet, HbaLine::pam_use_hostname, HbaLine::pamservice, pg_freeaddrinfo_all(), pg_getaddrinfo_all(), psprintf(), pstrdup(), HbaLine::radiusidentifiers, HbaLine::radiusidentifiers_s, HbaLine::radiusports, HbaLine::radiusports_s, HbaLine::radiussecrets, HbaLine::radiussecrets_s, HbaLine::radiusservers, HbaLine::radiusservers_s, REQUIRE_AUTH_OPTION, SplitIdentifierString(), uaCert, uaGSS, uaIdent, uaLDAP, uaPAM, uaRADIUS, uaSSPI, HbaLine::upn_username, and HbaLine::usermap.
Referenced by parse_hba_line().
|
static |
Definition at line 945 of file hba.c.
References HbaLine::addr, addrinfo::ai_addr, addrinfo::ai_addrlen, addrinfo::ai_canonname, addrinfo::ai_family, addrinfo::ai_flags, addrinfo::ai_next, AI_NUMERICHOST, addrinfo::ai_protocol, addrinfo::ai_socktype, Assert, HbaLine::auth_method, HbaLine::clientcert, HbaLine::compat_realm, HbaLine::conntype, copy_hba_token(), ctHost, ctHostNoSSL, ctHostSSL, ctLocal, HbaLine::databases, Db_user_namespace, EAI_NONAME, EnableSSL, ereport, TokenizedLine::err_msg, errcode(), errcontext, errhint(), errmsg(), TokenizedLine::fields, gai_strerror, HbaFileName, HbaLine::hostname, HbaLine::include_realm, HbaLine::ip_cmp_method, ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, lappend(), HbaLine::ldapbasedn, HbaLine::ldapbinddn, HbaLine::ldapbindpasswd, HbaLine::ldapprefix, HbaLine::ldapsearchattribute, HbaLine::ldapsearchfilter, HbaLine::ldapserver, HbaLine::ldapsuffix, List::length, lfirst, TokenizedLine::line_num, HbaLine::linenumber, linitial, list_head(), list_length(), lnext, LOG, MANDATORY_AUTH_ARG, HbaLine::mask, NIL, palloc0(), parse_hba_auth_opt(), pfree(), pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_sockaddr_cidr_mask(), psprintf(), pstrdup(), HbaLine::radiusidentifiers, HbaLine::radiusports, HbaLine::radiussecrets, HbaLine::radiusservers, TokenizedLine::raw_line, HbaLine::rawline, HbaLine::roles, generate_unaccent_rules::str, HbaToken::string, token_is_keyword, uaBSD, uaCert, uaGSS, uaIdent, uaLDAP, uaMD5, uaPAM, uaPassword, uaRADIUS, uaReject, uaSCRAM, uaSSPI, uaTrust, HbaLine::upn_username, val, and verify_option_list_length().
Referenced by fill_hba_view(), and load_hba().
|
static |
Definition at line 2645 of file hba.c.
References Assert, ereport, errcode(), errmsg(), TokenizedLine::fields, IDENT_FIELD_ABSENT, IDENT_MULTI_VALUE, IdentLine::ident_user, lfirst, TokenizedLine::line_num, IdentLine::linenumber, linitial, list_head(), lnext, LOG, NIL, palloc(), palloc0(), pfree(), pg_mb2wchar_with_len(), pg_regcomp(), pg_regerror(), IdentLine::pg_role, pstrdup(), IdentLine::re, REG_ADVANCED, HbaToken::string, and IdentLine::usermap.
Referenced by load_ident().
Datum pg_hba_file_rules | ( | PG_FUNCTION_ARGS | ) |
Definition at line 2582 of file hba.c.
References ReturnSetInfo::allowedModes, ReturnSetInfo::econtext, ExprContext::ecxt_per_query_memory, elog, ereport, errcode(), errmsg(), ERROR, fill_hba_view(), get_call_result_type(), IsA, MemoryContextSwitchTo(), PG_RETURN_NULL, ReturnSetInfo::returnMode, ReturnSetInfo::setDesc, ReturnSetInfo::setResult, SFRM_Materialize, SFRM_Materialize_Random, tuplestore_begin_heap(), TYPEFUNC_COMPOSITE, and work_mem.
bool pg_isblank | ( | const char | c | ) |
Definition at line 160 of file hba.c.
Referenced by interpret_ident_response(), and next_token().
|
static |
Definition at line 470 of file hba.c.
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, CurrentMemoryContext, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errcontext, errmsg(), TokenizedLine::fields, lappend(), TokenizedLine::line_num, MAX_LINE, MemoryContextSwitchTo(), next_field_expand(), NIL, palloc(), psprintf(), pstrdup(), TokenizedLine::raw_line, and strerror().
Referenced by fill_hba_view(), load_hba(), load_ident(), and tokenize_inc_file().
|
static |
Definition at line 372 of file hba.c.
References AllocateFile(), canonicalize_path(), copy_hba_token(), ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), TokenizedLine::fields, FreeFile(), get_parent_directory(), is_absolute_path, join_path_components(), lappend(), lfirst, MemoryContextDelete(), palloc(), pfree(), psprintf(), pstrdup(), strerror(), and tokenize_file().
Referenced by next_field_expand().
|
static |
Definition at line 1620 of file hba.c.
References ereport, errcode(), errcontext, errmsg(), HbaFileName, list_length(), and LOG.
Referenced by parse_hba_line().
|
static |
|
static |
|
static |
Definition at line 121 of file hba.c.
Referenced by fill_hba_line().