PostgreSQL Source Code
git master
|
#include "postgres.h"
#include <ctype.h>
#include <pwd.h>
#include <fcntl.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include "catalog/pg_collation.h"
#include "common/ip.h"
#include "common/string.h"
#include "libpq/hba.h"
#include "libpq/ifaddr.h"
#include "libpq/libpq-be.h"
#include "postmaster/postmaster.h"
#include "regex/regex.h"
#include "replication/walsender.h"
#include "storage/fd.h"
#include "utils/acl.h"
#include "utils/conffiles.h"
#include "utils/guc.h"
#include "utils/memutils.h"
#include "utils/varlena.h"
Go to the source code of this file.
Data Structures | |
struct | check_network_data |
struct | tokenize_error_callback_arg |
Macros | |
#define | token_has_regexp(t) (t->regex != NULL) |
#define | token_is_member_check(t) (!t->quoted && t->string[0] == '+') |
#define | token_is_keyword(t, k) (!t->quoted && strcmp(t->string, k) == 0) |
#define | token_matches(t, k) (strcmp(t->string, k) == 0) |
#define | token_matches_insensitive(t, k) (pg_strcasecmp(t->string, k) == 0) |
#define | INVALID_AUTH_OPTION(optname, validmethods) |
#define | REQUIRE_AUTH_OPTION(methodval, optname, validmethods) |
#define | MANDATORY_AUTH_ARG(argvar, argname, authname) |
#define | IDENT_FIELD_ABSENT(field) |
#define | IDENT_MULTI_VALUE(tokens) |
Typedefs | |
typedef struct check_network_data | check_network_data |
Functions | |
StaticAssertDecl (lengthof(UserAuthName)==USER_AUTH_LAST+1, "UserAuthName[] must match the UserAuth enum") | |
static List * | tokenize_expand_file (List *tokens, const char *outer_filename, const char *inc_filename, int elevel, int depth, char **err_msg) |
static bool | parse_hba_auth_opt (char *name, char *val, HbaLine *hbaline, int elevel, char **err_msg) |
static int | regcomp_auth_token (AuthToken *token, char *filename, int line_num, char **err_msg, int elevel) |
static int | regexec_auth_token (const char *match, AuthToken *token, size_t nmatch, regmatch_t pmatch[]) |
static void | tokenize_error_callback (void *arg) |
bool | pg_isblank (const char c) |
static bool | next_token (char **lineptr, StringInfo buf, bool *initial_quote, bool *terminating_comma) |
static AuthToken * | make_auth_token (const char *token, bool quoted) |
static void | free_auth_token (AuthToken *token) |
static AuthToken * | copy_auth_token (AuthToken *in) |
static List * | next_field_expand (const char *filename, char **lineptr, int elevel, int depth, char **err_msg) |
static void | tokenize_include_file (const char *outer_filename, const char *inc_filename, List **tok_lines, int elevel, int depth, bool missing_ok, char **err_msg) |
void | free_auth_file (FILE *file, int depth) |
FILE * | open_auth_file (const char *filename, int elevel, int depth, char **err_msg) |
void | tokenize_auth_file (const char *filename, FILE *file, List **tok_lines, int elevel, int depth) |
static bool | is_member (Oid userid, const char *role) |
static bool | check_role (const char *role, Oid roleid, List *tokens, bool case_insensitive) |
static bool | check_db (const char *dbname, const char *role, Oid roleid, List *tokens) |
static bool | ipv4eq (struct sockaddr_in *a, struct sockaddr_in *b) |
static bool | ipv6eq (struct sockaddr_in6 *a, struct sockaddr_in6 *b) |
static bool | hostname_match (const char *pattern, const char *actual_hostname) |
static bool | check_hostname (hbaPort *port, const char *hostname) |
static bool | check_ip (SockAddr *raddr, struct sockaddr *addr, struct sockaddr *mask) |
static void | check_network_callback (struct sockaddr *addr, struct sockaddr *netmask, void *cb_data) |
static bool | check_same_host_or_net (SockAddr *raddr, IPCompareMethod method) |
HbaLine * | parse_hba_line (TokenizedAuthLine *tok_line, int elevel) |
static void | check_hba (hbaPort *port) |
bool | load_hba (void) |
IdentLine * | parse_ident_line (TokenizedAuthLine *tok_line, int elevel) |
static void | check_ident_usermap (IdentLine *identLine, const char *usermap_name, const char *pg_user, const char *system_user, bool case_insensitive, bool *found_p, bool *error_p) |
int | check_usermap (const char *usermap_name, const char *pg_user, const char *system_user, bool case_insensitive) |
bool | load_ident (void) |
void | hba_getauthmethod (hbaPort *port) |
const char * | hba_authname (UserAuth auth_method) |
Variables | |
static MemoryContext | tokenize_context = NULL |
static List * | parsed_hba_lines = NIL |
static MemoryContext | parsed_hba_context = NULL |
static List * | parsed_ident_lines = NIL |
static MemoryContext | parsed_ident_context = NULL |
static const char *const | UserAuthName [] |
#define IDENT_FIELD_ABSENT | ( | field | ) |
#define IDENT_MULTI_VALUE | ( | tokens | ) |
#define INVALID_AUTH_OPTION | ( | optname, | |
validmethods | |||
) |
#define MANDATORY_AUTH_ARG | ( | argvar, | |
argname, | |||
authname | |||
) |
#define REQUIRE_AUTH_OPTION | ( | methodval, | |
optname, | |||
validmethods | |||
) |
#define token_is_keyword | ( | t, | |
k | |||
) | (!t->quoted && strcmp(t->string, k) == 0) |
#define token_is_member_check | ( | t | ) | (!t->quoted && t->string[0] == '+') |
#define token_matches_insensitive | ( | t, | |
k | |||
) | (pg_strcasecmp(t->string, k) == 0) |
typedef struct check_network_data check_network_data |
Definition at line 991 of file hba.c.
References am_db_walsender, am_walsender, dbname, is_member(), lfirst, REG_OKAY, regexec_auth_token(), token_has_regexp, token_is_keyword, and token_matches.
Referenced by check_hba().
|
static |
Definition at line 2473 of file hba.c.
References HbaLine::addr, HbaLine::auth_method, check_db(), check_hostname(), check_ip(), check_role(), check_same_host_or_net(), HbaLine::conntype, ctHostGSS, ctHostNoGSS, ctHostNoSSL, ctHostSSL, ctLocal, HbaLine::databases, get_role_oid(), HbaLine::hostname, HbaLine::ip_cmp_method, ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, lfirst, HbaLine::mask, palloc0(), parsed_hba_lines, port, HbaLine::roles, and uaImplicitReject.
Referenced by hba_getauthmethod().
|
static |
Definition at line 1076 of file hba.c.
References DEBUG2, elog, hostname, hostname_match(), ipv4eq(), ipv6eq(), pg_getnameinfo_all(), port, and pstrdup().
Referenced by check_hba().
|
static |
Definition at line 2761 of file hba.c.
References check_role(), ereport, errcode(), errmsg(), free_auth_token(), get_role_oid(), list_make1, LOG, make_auth_token(), palloc0(), pfree(), pg_regerror(), IdentLine::pg_user, REG_NOMATCH, AuthToken::regex, regexec_auth_token(), regmatch_t, AuthToken::string, system_user(), IdentLine::system_user, token_has_regexp, token_is_member_check, token_matches, token_matches_insensitive, and IdentLine::usermap.
Referenced by check_usermap().
|
static |
Definition at line 1167 of file hba.c.
References SockAddr::addr, and pg_range_sockaddr().
Referenced by check_hba(), and check_network_callback().
|
static |
Definition at line 1181 of file hba.c.
References check_ip(), ipCmpSameHost, check_network_data::method, pg_sockaddr_cidr_mask(), check_network_data::raddr, and check_network_data::result.
Referenced by check_same_host_or_net().
|
static |
Definition at line 952 of file hba.c.
References is_member(), lfirst, REG_OKAY, regexec_auth_token(), AuthToken::string, token_has_regexp, token_is_keyword, token_is_member_check, token_matches, and token_matches_insensitive.
Referenced by check_hba(), and check_ident_usermap().
|
static |
Definition at line 1208 of file hba.c.
References check_network_callback(), ereport, errmsg(), LOG, check_network_data::method, pg_foreach_ifaddr(), check_network_data::raddr, and check_network_data::result.
Referenced by check_hba().
int check_usermap | ( | const char * | usermap_name, |
const char * | pg_user, | ||
const char * | system_user, | ||
bool | case_insensitive | ||
) |
Definition at line 2908 of file hba.c.
References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, parsed_ident_lines, pg_strcasecmp(), STATUS_ERROR, STATUS_OK, and system_user().
Referenced by auth_peer(), and ident_inet().
Definition at line 288 of file hba.c.
References make_auth_token(), AuthToken::quoted, and AuthToken::string.
Referenced by parse_hba_line(), and parse_ident_line().
void free_auth_file | ( | FILE * | file, |
int | depth | ||
) |
Definition at line 570 of file hba.c.
References CONF_FILE_START_DEPTH, FreeFile(), MemoryContextDelete(), and tokenize_context.
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
|
static |
Definition at line 278 of file hba.c.
References pg_regfree(), token, and token_has_regexp.
Referenced by check_ident_usermap().
const char* hba_authname | ( | UserAuth | auth_method | ) |
Definition at line 3065 of file hba.c.
References UserAuthName.
Referenced by ClientAuthentication(), fill_hba_line(), InitPostgres(), ParallelWorkerMain(), and set_authn_id().
void hba_getauthmethod | ( | hbaPort * | port | ) |
Definition at line 3052 of file hba.c.
References check_hba(), and port.
Referenced by ClientAuthentication().
|
static |
|
static |
|
static |
|
static |
Definition at line 923 of file hba.c.
References get_role_oid(), is_member_of_role_nosuper(), and OidIsValid.
Referenced by check_db(), and check_role().
bool load_hba | ( | void | ) |
Definition at line 2587 of file hba.c.
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, TokenizedAuthLine::err_msg, errcode(), errmsg(), free_auth_file(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline, NIL, open_auth_file(), parse_hba_line(), parsed_hba_context, parsed_hba_lines, PostmasterContext, and tokenize_auth_file().
Referenced by PerformAuthentication(), PostmasterMain(), and process_pm_reload_request().
bool load_ident | ( | void | ) |
Definition at line 2963 of file hba.c.
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, TokenizedAuthLine::err_msg, free_auth_file(), IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline, NIL, open_auth_file(), parse_ident_line(), parsed_ident_context, parsed_ident_lines, PostmasterContext, and tokenize_auth_file().
Referenced by PerformAuthentication(), PostmasterMain(), and process_pm_reload_request().
|
static |
Definition at line 257 of file hba.c.
References palloc0(), AuthToken::quoted, AuthToken::regex, AuthToken::string, and token.
Referenced by check_ident_usermap(), copy_auth_token(), and next_field_expand().
|
static |
Definition at line 379 of file hba.c.
References buf, filename, initStringInfo(), lappend(), make_auth_token(), MemoryContextSwitchTo(), next_token(), NIL, pfree(), tokenize_context, and tokenize_expand_file().
Referenced by tokenize_auth_file().
|
static |
Definition at line 185 of file hba.c.
References appendStringInfoChar(), buf, pg_isblank(), and resetStringInfo().
Referenced by base_yylex(), filtered_base_yylex(), and next_field_expand().
FILE* open_auth_file | ( | const char * | filename, |
int | elevel, | ||
int | depth, | ||
char ** | err_msg | ||
) |
Definition at line 595 of file hba.c.
References AllocateFile(), ALLOCSET_START_SMALL_SIZES, AllocSetContextCreate, CONF_FILE_MAX_DEPTH, CONF_FILE_START_DEPTH, CurrentMemoryContext, ereport, errcode_for_file_access(), errmsg(), filename, psprintf(), and tokenize_context.
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
|
static |
Definition at line 2053 of file hba.c.
References HbaLine::auth_method, HbaLine::clientcert, clientCertCA, clientCertCN, clientCertDN, clientCertFull, HbaLine::clientcertname, HbaLine::compat_realm, HbaLine::conntype, ctHostSSL, ereport, errcode(), errcontext, errmsg(), gai_strerror(), gettext_noop, HbaLine::include_realm, INVALID_AUTH_OPTION, HbaLine::krb_realm, HbaLine::ldapbasedn, HbaLine::ldapbinddn, HbaLine::ldapbindpasswd, HbaLine::ldapport, HbaLine::ldapprefix, HbaLine::ldapscheme, HbaLine::ldapscope, HbaLine::ldapsearchattribute, HbaLine::ldapsearchfilter, HbaLine::ldapserver, HbaLine::ldapsuffix, HbaLine::ldaptls, lfirst, HbaLine::linenumber, list_free(), MemSet, name, HbaLine::pam_use_hostname, HbaLine::pamservice, pg_freeaddrinfo_all(), pg_getaddrinfo_all(), psprintf(), pstrdup(), HbaLine::radiusidentifiers, HbaLine::radiusidentifiers_s, HbaLine::radiusports, HbaLine::radiusports_s, HbaLine::radiussecrets, HbaLine::radiussecrets_s, HbaLine::radiusservers, HbaLine::radiusservers_s, REQUIRE_AUTH_OPTION, HbaLine::sourcefile, SplitGUCList(), uaCert, uaGSS, uaIdent, uaLDAP, uaPAM, uaPeer, uaRADIUS, uaSSPI, HbaLine::upn_username, HbaLine::usermap, and val.
Referenced by parse_hba_line().
HbaLine* parse_hba_line | ( | TokenizedAuthLine * | tok_line, |
int | elevel | ||
) |
Definition at line 1326 of file hba.c.
References HbaLine::addr, HbaLine::addrlen, Assert, HbaLine::auth_method, HbaLine::clientcert, clientCertFull, HbaLine::compat_realm, HbaLine::conntype, copy_auth_token(), ctHost, ctHostGSS, ctHostNoGSS, ctHostNoSSL, ctHostSSL, ctLocal, HbaLine::databases, EnableSSL, ereport, TokenizedAuthLine::err_msg, errcode(), errcontext, errhint(), errmsg(), TokenizedAuthLine::fields, TokenizedAuthLine::file_name, gai_strerror(), HbaLine::hostname, HbaLine::include_realm, HbaLine::ip_cmp_method, ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, lappend(), HbaLine::ldapbasedn, HbaLine::ldapbinddn, HbaLine::ldapbindpasswd, HbaLine::ldapprefix, HbaLine::ldapsearchattribute, HbaLine::ldapsearchfilter, HbaLine::ldapserver, HbaLine::ldapsuffix, List::length, lfirst, TokenizedAuthLine::line_num, HbaLine::linenumber, linitial, list_head(), list_length(), lnext(), MANDATORY_AUTH_ARG, HbaLine::mask, HbaLine::masklen, NIL, palloc0(), parse_hba_auth_opt(), pfree(), pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_sockaddr_cidr_mask(), psprintf(), pstrdup(), HbaLine::radiusidentifiers, HbaLine::radiusports, HbaLine::radiussecrets, HbaLine::radiusservers, TokenizedAuthLine::raw_line, HbaLine::rawline, regcomp_auth_token(), HbaLine::roles, HbaLine::sourcefile, str, token, token_is_keyword, uaBSD, uaCert, uaGSS, uaIdent, uaLDAP, uaMD5, uaPAM, uaPassword, uaPeer, uaRADIUS, uaReject, uaSCRAM, uaSSPI, uaTrust, HbaLine::upn_username, and val.
Referenced by fill_hba_view(), and load_hba().
IdentLine* parse_ident_line | ( | TokenizedAuthLine * | tok_line, |
int | elevel | ||
) |
Definition at line 2693 of file hba.c.
References Assert, copy_auth_token(), TokenizedAuthLine::err_msg, TokenizedAuthLine::fields, TokenizedAuthLine::file_name, IDENT_FIELD_ABSENT, IDENT_MULTI_VALUE, lfirst, TokenizedAuthLine::line_num, IdentLine::linenumber, linitial, list_head(), lnext(), NIL, palloc0(), IdentLine::pg_user, pstrdup(), regcomp_auth_token(), IdentLine::system_user, token, and IdentLine::usermap.
Referenced by fill_ident_view(), and load_ident().
bool pg_isblank | ( | const char | c | ) |
Definition at line 144 of file hba.c.
Referenced by interpret_ident_response(), and next_token().
|
static |
Definition at line 301 of file hba.c.
References Assert, ereport, errcode(), errcontext, errmsg(), filename, palloc(), palloc0(), pfree(), pg_mb2wchar_with_len(), pg_regcomp(), pg_regerror(), psprintf(), REG_ADVANCED, regex_t, and token.
Referenced by parse_hba_line(), and parse_ident_line().
|
static |
Definition at line 346 of file hba.c.
References Assert, palloc(), pfree(), pg_mb2wchar_with_len(), pg_regexec(), and token.
Referenced by check_db(), check_ident_usermap(), and check_role().
StaticAssertDecl | ( | lengthof(UserAuthName) | = =USER_AUTH_LAST+1 , |
"UserAuthName []must match the UserAuth enum" | |||
) |
void tokenize_auth_file | ( | const char * | filename, |
FILE * | file, | ||
List ** | tok_lines, | ||
int | elevel, | ||
int | depth | ||
) |
Definition at line 689 of file hba.c.
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, appendStringInfoChar(), appendStringInfoString(), ErrorContextCallback::arg, Assert, buf, ErrorContextCallback::callback, CONF_FILE_START_DEPTH, CurrentMemoryContext, StringInfoData::data, ereport, TokenizedAuthLine::err_msg, errcode_for_file_access(), errmsg(), error_context_stack, TokenizedAuthLine::fields, TokenizedAuthLine::file_name, tokenize_error_callback_arg::filename, filename, GetConfFilesInDir(), i, initStringInfo(), lappend(), StringInfoData::len, TokenizedAuthLine::line_num, tokenize_error_callback_arg::linenum, linitial, linitial_node, list_length(), lsecond_node, MemoryContextDelete(), MemoryContextSwitchTo(), next_field_expand(), NIL, palloc0(), pfree(), pg_get_line_append(), pg_strip_crlf(), ErrorContextCallback::previous, psprintf(), pstrdup(), TokenizedAuthLine::raw_line, resetStringInfo(), AuthToken::string, tokenize_context, tokenize_error_callback(), and tokenize_include_file().
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
|
static |
Definition at line 660 of file hba.c.
References arg, errcontext, tokenize_error_callback_arg::filename, and tokenize_error_callback_arg::linenum.
Referenced by tokenize_auth_file().
|
static |
Definition at line 493 of file hba.c.
References AbsoluteConfigLocation(), TokenizedAuthLine::err_msg, TokenizedAuthLine::fields, free_auth_file(), lappend(), lfirst, MemoryContextSwitchTo(), NIL, open_auth_file(), pfree(), pstrdup(), token, tokenize_auth_file(), and tokenize_context.
Referenced by next_field_expand().
|
static |
Definition at line 438 of file hba.c.
References AbsoluteConfigLocation(), Assert, ereport, errmsg(), free_auth_file(), open_auth_file(), pfree(), and tokenize_auth_file().
Referenced by tokenize_auth_file().
|
static |
Definition at line 86 of file hba.c.
Referenced by load_hba().
Definition at line 85 of file hba.c.
Referenced by check_hba(), and load_hba().
|
static |
Definition at line 93 of file hba.c.
Referenced by load_ident().
Definition at line 92 of file hba.c.
Referenced by check_usermap(), and load_ident().
|
static |
Definition at line 79 of file hba.c.
Referenced by free_auth_file(), next_field_expand(), open_auth_file(), tokenize_auth_file(), and tokenize_expand_file().
|
static |
Definition at line 101 of file hba.c.
Referenced by hba_authname().