Loading...
Searching...
No Matches
hba.h File Reference
Include dependency graph for hba.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Data Structures | |
| struct | AuthToken |
| struct | HbaLine |
| struct | IdentLine |
| struct | TokenizedAuthLine |
Macros | |
| #define | USER_AUTH_LAST uaOAuth /* Must be last value of this enum */ |
Enumerations | |
| enum | UserAuth { uaReject , uaImplicitReject , uaTrust , uaIdent , uaPassword , uaMD5 , uaSCRAM , uaGSS , uaSSPI , uaPAM , uaBSD , uaLDAP , uaCert , uaRADIUS , uaPeer , uaOAuth } |
| enum | IPCompareMethod { ipCmpMask , ipCmpSameHost , ipCmpSameNet , ipCmpAll } |
| enum | ConnType { ctLocal , ctHost , ctHostSSL , ctHostNoSSL , ctHostGSS , ctHostNoGSS } |
| enum | ClientCertMode { clientCertOff , clientCertCA , clientCertFull } |
| enum | ClientCertName { clientCertCN , clientCertDN } |
Functions | |
| bool | load_hba (void) |
| bool | load_ident (void) |
| const char * | hba_authname (UserAuth auth_method) |
| void | hba_getauthmethod (Port *port) |
| int | check_usermap (const char *usermap_name, const char *pg_user, const char *system_user, bool case_insensitive) |
| HbaLine * | parse_hba_line (TokenizedAuthLine *tok_line, int elevel) |
| IdentLine * | parse_ident_line (TokenizedAuthLine *tok_line, int elevel) |
| FILE * | open_auth_file (const char *filename, int elevel, int depth, char **err_msg) |
| void | free_auth_file (FILE *file, int depth) |
| void | tokenize_auth_file (const char *filename, FILE *file, List **tok_lines, int elevel, int depth) |
Macro Definition Documentation
◆ USER_AUTH_LAST
Typedef Documentation
◆ AuthToken
◆ ClientCertMode
◆ ClientCertName
◆ ConnType
◆ HbaLine
◆ IdentLine
◆ IPCompareMethod
◆ Port
◆ TokenizedAuthLine
◆ UserAuth
Enumeration Type Documentation
◆ ClientCertMode
| Enumerator | |
|---|---|
| clientCertOff | |
| clientCertCA | |
| clientCertFull | |
◆ ClientCertName
| Enumerator | |
|---|---|
| clientCertCN | |
| clientCertDN | |
◆ ConnType
| Enumerator | |
|---|---|
| ctLocal | |
| ctHost | |
| ctHostSSL | |
| ctHostNoSSL | |
| ctHostGSS | |
| ctHostNoGSS | |
Definition at line 58 of file hba.h.
59{
60 ctLocal,
61 ctHost,
62 ctHostSSL,
63 ctHostNoSSL,
64 ctHostGSS,
65 ctHostNoGSS,
66} ConnType;
◆ IPCompareMethod
| Enumerator | |
|---|---|
| ipCmpMask | |
| ipCmpSameHost | |
| ipCmpSameNet | |
| ipCmpAll | |
◆ UserAuth
| Enumerator | |
|---|---|
| uaReject | |
| uaImplicitReject | |
| uaTrust | |
| uaIdent | |
| uaPassword | |
| uaMD5 | |
| uaSCRAM | |
| uaGSS | |
| uaSSPI | |
| uaPAM | |
| uaBSD | |
| uaLDAP | |
| uaCert | |
| uaRADIUS | |
| uaPeer | |
| uaOAuth | |
Function Documentation
◆ check_usermap()
|
extern |
Definition at line 2981 of file hba.c.
2985{
2988
2990 {
2992 {
2995 }
2996 else
2997 {
3000 }
3003 pg_user, system_user)));
3005 }
3006 else
3007 {
3009
3011 {
3016 break;
3017 }
3018 }
3020 {
3024 }
3026}
static void check_ident_usermap(IdentLine *identLine, const char *usermap_name, const char *pg_user, const char *system_user, bool case_insensitive, bool *found_p, bool *error_p)
Definition hba.c:2816
Definition pg_list.h:46
References check_ident_usermap(), ereport, errmsg(), error(), fb(), lfirst, LOG, parsed_ident_lines, pg_strcasecmp(), STATUS_ERROR, STATUS_OK, and system_user().
Referenced by auth_peer(), ident_inet(), and validate().
◆ free_auth_file()
Definition at line 569 of file hba.c.
570{
571 FreeFile(file);
572
573 /* If this is the last cleanup, remove the tokenization context */
575 {
578 }
579}
References CONF_FILE_START_DEPTH, fb(), FreeFile(), MemoryContextDelete(), and tokenize_context.
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
◆ hba_authname()
Definition at line 3138 of file hba.c.
3139{
3141}
References UserAuthName.
Referenced by ClientAuthentication(), fill_hba_line(), InitPostgres(), ParallelWorkerMain(), and set_authn_id().
◆ hba_getauthmethod()
Definition at line 3125 of file hba.c.
3126{
3128}
References check_hba(), and port.
Referenced by ClientAuthentication().
◆ load_hba()
Definition at line 2642 of file hba.c.
2643{
2644 FILE *file;
2646 ListCell *line;
2651
2654 {
2655 /* error already logged */
2656 return false;
2657 }
2658
2660
2661 /* Now parse all the lines */
2664 "hba parser context",
2665 ALLOCSET_SMALL_SIZES);
2668 {
2671
2672 /* don't parse lines that already have errors */
2674 {
2676 continue;
2677 }
2678
2680 {
2681 /* Parse error; remember there's trouble */
2683
2684 /*
2685 * Keep parsing the rest of the file so we can report errors on
2686 * more than the first line. Error has already been logged, no
2687 * need for more chatter here.
2688 */
2689 continue;
2690 }
2691
2693 }
2694
2695 /*
2696 * A valid HBA file must have at least one entry; else there's no way to
2697 * connect to the postmaster. But only complain about this if we didn't
2698 * already have parsing errors.
2699 */
2701 {
2705 HbaFileName)));
2707 }
2708
2709 /* Free tokenizer memory */
2710 free_auth_file(file, 0);
2712
2714 {
2715 /*
2716 * File contained one or more errors, so bail out. MemoryContextDelete
2717 * is enough to clean up everything, including regexes.
2718 */
2720 return false;
2721 }
2722
2723 /* Loaded new file successfully, replace the one we use */
2728
2729 return true;
2730}
HbaLine * parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
Definition hba.c:1325
void tokenize_auth_file(const char *filename, FILE *file, List **tok_lines, int elevel, int depth)
Definition hba.c:688
FILE * open_auth_file(const char *filename, int elevel, int depth, char **err_msg)
Definition hba.c:594
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition palloc.h:124
Definition pg_list.h:54
Definition memnodes.h:118
Definition hba.h:164
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, errcode(), errmsg(), fb(), free_auth_file(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline, NIL, open_auth_file(), parse_hba_line(), parsed_hba_context, parsed_hba_lines, PostmasterContext, and tokenize_auth_file().
Referenced by PerformAuthentication(), PostmasterMain(), and process_pm_reload_request().
◆ load_ident()
Definition at line 3036 of file hba.c.
3037{
3038 FILE *file;
3046
3047 /* not FATAL ... we just won't do any special ident maps */
3050 {
3051 /* error already logged */
3052 return false;
3053 }
3054
3056
3057 /* Now parse all the lines */
3060 "ident parser context",
3061 ALLOCSET_SMALL_SIZES);
3064 {
3066
3067 /* don't parse lines that already have errors */
3069 {
3071 continue;
3072 }
3073
3075 {
3076 /* Parse error; remember there's trouble */
3078
3079 /*
3080 * Keep parsing the rest of the file so we can report errors on
3081 * more than the first line. Error has already been logged, no
3082 * need for more chatter here.
3083 */
3084 continue;
3085 }
3086
3088 }
3089
3090 /* Free tokenizer memory */
3091 free_auth_file(file, 0);
3093
3095 {
3096 /*
3097 * File contained one or more errors, so bail out. MemoryContextDelete
3098 * is enough to clean up everything, including regexes.
3099 */
3101 return false;
3102 }
3103
3104 /* Loaded new file successfully, replace the one we use */
3107
3110
3111 return true;
3112}
IdentLine * parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
Definition hba.c:2748
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, fb(), free_auth_file(), IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline, NIL, open_auth_file(), parse_ident_line(), parsed_ident_context, parsed_ident_lines, PostmasterContext, and tokenize_auth_file().
Referenced by PerformAuthentication(), PostmasterMain(), and process_pm_reload_request().
◆ open_auth_file()
Definition at line 594 of file hba.c.
596{
597 FILE *file;
598
599 /*
600 * Reject too-deep include nesting depth. This is just a safety check to
601 * avoid dumping core due to stack overflow if an include file loops back
602 * to itself. The maximum nesting depth is pretty arbitrary.
603 */
605 {
606 ereport(elevel,
607 (errcode_for_file_access(),
609 filename)));
610 if (err_msg)
612 filename);
614 }
615
618 {
620
621 ereport(elevel,
622 (errcode_for_file_access(),
624 filename)));
625 if (err_msg)
626 {
629 filename);
630 }
631 /* the caller may care about some specific errno */
634 }
635
636 /*
637 * When opening the top-level file, create the memory context used for the
638 * tokenization. This will be closed with this file when coming back to
639 * this level of cleanup.
640 */
642 {
643 /*
644 * A context may be present, but assume that it has been eliminated
645 * already.
646 */
648 "tokenize_context",
650 }
651
652 return file;
653}
References AllocateFile(), ALLOCSET_START_SMALL_SIZES, AllocSetContextCreate, CONF_FILE_MAX_DEPTH, CONF_FILE_START_DEPTH, CurrentMemoryContext, ereport, errcode_for_file_access(), errmsg(), fb(), filename, psprintf(), and tokenize_context.
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
◆ parse_hba_line()
|
extern |
Definition at line 1325 of file hba.c.
1326{
1333 int ret;
1336 ListCell *field;
1341
1344 parsedline->linenumber = line_num;
1346
1347 /* Check the record type. */
1352 {
1353 ereport(elevel,
1358 line_num, file_name)));
1359 *err_msg = "multiple values specified for connection type";
1361 }
1364 {
1366 }
1372 {
1373
1375 {
1377 /* Log a warning if SSL support is not active */
1378#ifdef USE_SSL
1380 {
1381 ereport(elevel,
1386 line_num, file_name)));
1387 *err_msg = "hostssl record cannot match because SSL is disabled";
1388 }
1389#else
1390 ereport(elevel,
1394 line_num, file_name)));
1395 *err_msg = "hostssl record cannot match because SSL is not supported by this build";
1396#endif
1397 }
1399 {
1401#ifndef ENABLE_GSS
1402 ereport(elevel,
1406 line_num, file_name)));
1407 *err_msg = "hostgssenc record cannot match because GSSAPI is not supported by this build";
1408#endif
1409 }
1414 else
1415 {
1416 /* "host" */
1418 }
1419 } /* record type */
1420 else
1421 {
1422 ereport(elevel,
1425 token->string),
1427 line_num, file_name)));
1430 }
1431
1432 /* Get the databases. */
1434 if (!field)
1435 {
1436 ereport(elevel,
1440 line_num, file_name)));
1441 *err_msg = "end-of-line before database specification";
1443 }
1447 {
1449
1450 /* Compile a regexp for the database token, if necessary */
1453
1455 }
1456
1457 /* Get the roles. */
1459 if (!field)
1460 {
1461 ereport(elevel,
1465 line_num, file_name)));
1466 *err_msg = "end-of-line before role specification";
1468 }
1472 {
1474
1475 /* Compile a regexp from the role token, if necessary */
1478
1480 }
1481
1483 {
1484 /* Read the IP address field. (with or without CIDR netmask) */
1486 if (!field)
1487 {
1488 ereport(elevel,
1492 line_num, file_name)));
1493 *err_msg = "end-of-line before IP address specification";
1495 }
1498 {
1499 ereport(elevel,
1504 line_num, file_name)));
1505 *err_msg = "multiple values specified for host address";
1507 }
1509
1511 {
1513 }
1515 {
1516 /* Any IP on this host is allowed to connect */
1518 }
1520 {
1521 /* Any IP on the host's subnets is allowed to connect */
1523 }
1524 else
1525 {
1526 /* IP and netmask are specified */
1528
1529 /* need a modifiable copy of token */
1531
1532 /* Check if it has a CIDR suffix and if so isolate it */
1536
1537 /* Get the IP address either way */
1540 hints.ai_socktype = 0;
1541 hints.ai_protocol = 0;
1542 hints.ai_addrlen = 0;
1546
1549 {
1551 gai_result->ai_addrlen);
1553 }
1556 else
1557 {
1558 ereport(elevel,
1563 line_num, file_name)));
1569 }
1570
1572
1573 /* Get the netmask */
1575 {
1577 {
1578 ereport(elevel,
1581 token->string),
1583 line_num, file_name)));
1585 token->string);
1587 }
1588
1590 parsedline->addr.ss_family) < 0)
1591 {
1592 ereport(elevel,
1595 token->string),
1597 line_num, file_name)));
1599 token->string);
1601 }
1604 }
1606 {
1607 /* Read the mask field. */
1610 if (!field)
1611 {
1612 ereport(elevel,
1617 line_num, file_name)));
1618 *err_msg = "end-of-line before netmask specification";
1620 }
1623 {
1624 ereport(elevel,
1628 line_num, file_name)));
1629 *err_msg = "multiple values specified for netmask";
1631 }
1633
1637 {
1638 ereport(elevel,
1643 line_num, file_name)));
1649 }
1650
1652 gai_result->ai_addrlen);
1655
1657 {
1658 ereport(elevel,
1662 line_num, file_name)));
1663 *err_msg = "IP address and mask do not match";
1665 }
1666 }
1667 }
1668 } /* != ctLocal */
1669
1670 /* Get the authentication method */
1672 if (!field)
1673 {
1674 ereport(elevel,
1678 line_num, file_name)));
1679 *err_msg = "end-of-line before authentication method";
1681 }
1684 {
1685 ereport(elevel,
1690 line_num, file_name)));
1691 *err_msg = "multiple values specified for authentication type";
1693 }
1695
1706#ifdef ENABLE_GSS
1708#else
1710#endif
1712#ifdef ENABLE_SSPI
1714#else
1716#endif
1724#ifdef USE_PAM
1726#else
1728#endif
1730#ifdef USE_BSD_AUTH
1732#else
1734#endif
1736#ifdef USE_LDAP
1738#else
1740#endif
1742#ifdef USE_SSL
1744#else
1746#endif
1751 else
1752 {
1753 ereport(elevel,
1756 token->string),
1758 line_num, file_name)));
1760 token->string);
1762 }
1763
1765 {
1766 ereport(elevel,
1769 token->string),
1771 line_num, file_name)));
1773 token->string);
1775 }
1776
1777 /*
1778 * XXX: When using ident on local connections, change it to peer, for
1779 * backwards compatibility.
1780 */
1784
1785 /* Invalid authentication combinations */
1788 {
1789 ereport(elevel,
1793 line_num, file_name)));
1794 *err_msg = "gssapi authentication is not supported on local sockets";
1796 }
1797
1800 {
1801 ereport(elevel,
1805 line_num, file_name)));
1806 *err_msg = "peer authentication is only supported on local sockets";
1808 }
1809
1810 /*
1811 * SSPI authentication can never be enabled on ctLocal connections,
1812 * because it's only supported on Windows, where ctLocal isn't supported.
1813 */
1814
1815
1818 {
1819 ereport(elevel,
1823 line_num, file_name)));
1824 *err_msg = "cert authentication is only supported on hostssl connections";
1826 }
1827
1828 /*
1829 * For GSS and SSPI, set the default value of include_realm to true.
1830 * Having include_realm set to false is dangerous in multi-realm
1831 * situations and is generally considered bad practice. We keep the
1832 * capability around for backwards compatibility, but we might want to
1833 * remove it at some point in the future. Users who still need to strip
1834 * the realm off would be better served by using an appropriate regex in a
1835 * pg_ident.conf mapping.
1836 */
1840
1841 /*
1842 * For SSPI, include_realm defaults to the SAM-compatible domain (aka
1843 * NetBIOS name) and user names instead of the Kerberos principal name for
1844 * compatibility.
1845 */
1847 {
1850 }
1851
1852 /* Parse remaining arguments */
1854 {
1857 {
1859
1861
1865 {
1866 /*
1867 * Got something that's not a name=value pair.
1868 */
1869 ereport(elevel,
1873 line_num, file_name)));
1875 token->string);
1877 }
1878
1881 /* parse_hba_auth_opt already logged the error message */
1884 }
1885 }
1886
1887 /*
1888 * Check if the selected authentication method has any mandatory arguments
1889 * that are not set.
1890 */
1892 {
1893#ifndef HAVE_LDAP_INITIALIZE
1894 /* Not mandatory for OpenLDAP, because it can use DNS SRV records */
1896#endif
1897
1898 /*
1899 * LDAP can operate in two modes: either with a direct bind, using
1900 * ldapprefix and ldapsuffix, or using a search+bind, using
1901 * ldapbasedn, ldapbinddn, ldapbindpasswd and one of
1902 * ldapsearchattribute or ldapsearchfilter. Disallow mixing these
1903 * parameters.
1904 */
1906 {
1908 parsedline->ldapbinddn ||
1909 parsedline->ldapbindpasswd ||
1910 parsedline->ldapsearchattribute ||
1911 parsedline->ldapsearchfilter)
1912 {
1913 ereport(elevel,
1917 line_num, file_name)));
1918 *err_msg = "cannot mix options for simple bind and search+bind modes";
1920 }
1921 }
1923 {
1924 ereport(elevel,
1926 errmsg("authentication method \"ldap\" requires argument \"ldapbasedn\", \"ldapprefix\", or \"ldapsuffix\" to be set"),
1928 line_num, file_name)));
1929 *err_msg = "authentication method \"ldap\" requires argument \"ldapbasedn\", \"ldapprefix\", or \"ldapsuffix\" to be set";
1931 }
1932
1933 /*
1934 * When using search+bind, you can either use a simple attribute
1935 * (defaulting to "uid") or a fully custom search filter. You can't
1936 * do both.
1937 */
1939 {
1940 ereport(elevel,
1944 line_num, file_name)));
1945 *err_msg = "cannot use ldapsearchattribute together with ldapsearchfilter";
1947 }
1948 }
1949
1951 {
1954
1956 {
1957 ereport(elevel,
1961 line_num, file_name)));
1962 *err_msg = "list of RADIUS servers cannot be empty";
1964 }
1965
1967 {
1968 ereport(elevel,
1972 line_num, file_name)));
1973 *err_msg = "list of RADIUS secrets cannot be empty";
1975 }
1976
1977 /*
1978 * Verify length of option lists - each can be 0 (except for secrets,
1979 * but that's already checked above), 1 (use the same value
1980 * everywhere) or the same as the number of servers.
1981 */
1984 {
1985 ereport(elevel,
1987 errmsg("the number of RADIUS secrets (%d) must be 1 or the same as the number of RADIUS servers (%d)",
1991 line_num, file_name)));
1992 *err_msg = psprintf("the number of RADIUS secrets (%d) must be 1 or the same as the number of RADIUS servers (%d)",
1996 }
2000 {
2001 ereport(elevel,
2003 errmsg("the number of RADIUS ports (%d) must be 1 or the same as the number of RADIUS servers (%d)",
2007 line_num, file_name)));
2008 *err_msg = psprintf("the number of RADIUS ports (%d) must be 1 or the same as the number of RADIUS servers (%d)",
2012 }
2016 {
2017 ereport(elevel,
2019 errmsg("the number of RADIUS identifiers (%d) must be 1 or the same as the number of RADIUS servers (%d)",
2023 line_num, file_name)));
2024 *err_msg = psprintf("the number of RADIUS identifiers (%d) must be 1 or the same as the number of RADIUS servers (%d)",
2028 }
2029 }
2030
2031 /*
2032 * Enforce any parameters implied by other settings.
2033 */
2035 {
2036 /*
2037 * For auth method cert, client certificate validation is mandatory,
2038 * and it implies the level of verify-full.
2039 */
2041 }
2042
2043 /*
2044 * Enforce proper configuration of OAuth authentication.
2045 */
2047 {
2050
2051 /* Ensure a validator library is set and permitted by the config. */
2054
2055 /*
2056 * Supplying a usermap combined with the option to skip usermapping is
2057 * nonsensical and indicates a configuration error.
2058 */
2060 {
2061 ereport(elevel,
2063 /* translator: strings are replaced with hba options */
2065 "map", "delegate_ident_mapping"),
2067 line_num, file_name));
2068 *err_msg = "map cannot be used in combination with delegate_ident_mapping";
2070 }
2071 }
2072
2074}
bool check_oauth_validator(HbaLine *hbaline, int elevel, char **err_msg)
Definition auth-oauth.c:820
static bool parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline, int elevel, char **err_msg)
Definition hba.c:2084
static int regcomp_auth_token(AuthToken *token, char *filename, int line_num, char **err_msg, int elevel)
Definition hba.c:300
int pg_sockaddr_cidr_mask(struct sockaddr_storage *mask, char *numbits, int family)
Definition ifaddr.c:105
void pg_freeaddrinfo_all(int hint_ai_family, struct addrinfo *ai)
Definition ip.c:85
int pg_getaddrinfo_all(const char *hostname, const char *servname, const struct addrinfo *hintp, struct addrinfo **result)
Definition ip.c:56
Definition oauth-curl.c:192
References Assert, check_oauth_validator(), clientCertFull, copy_auth_token(), ctHost, ctHostGSS, ctHostNoGSS, ctHostNoSSL, ctHostSSL, ctLocal, EnableSSL, ereport, errcode(), errcontext, errhint(), errmsg(), fb(), gai_strerror(), ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, lappend(), lfirst, linitial, list_head(), list_length(), lnext(), MANDATORY_AUTH_ARG, NIL, palloc0_object, parse_hba_auth_opt(), pfree(), pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_sockaddr_cidr_mask(), psprintf(), pstrdup(), regcomp_auth_token(), str, token, token_is_keyword, uaBSD, uaCert, uaGSS, uaIdent, uaLDAP, uaMD5, uaOAuth, uaPAM, uaPassword, uaPeer, uaRADIUS, uaReject, uaSCRAM, uaSSPI, uaTrust, and val.
Referenced by fill_hba_view(), and load_hba().
◆ parse_ident_line()
|
extern |
Definition at line 2748 of file hba.c.
2749{
2753 ListCell *field;
2757
2760
2762 parsedline->linenumber = line_num;
2763
2764 /* Get the map token (must exist) */
2769
2770 /* Get the ident user token */
2772 IDENT_FIELD_ABSENT(field);
2776
2777 /* Copy the ident user token */
2779
2780 /* Get the PG rolename token */
2782 IDENT_FIELD_ABSENT(field);
2787
2788 /*
2789 * Now that the field validation is done, compile a regex from the user
2790 * tokens, if necessary.
2791 */
2793 err_msg, elevel))
2794 {
2795 /* err_msg includes the error to report */
2797 }
2798
2800 err_msg, elevel))
2801 {
2802 /* err_msg includes the error to report */
2804 }
2805
2807}
References Assert, copy_auth_token(), fb(), IDENT_FIELD_ABSENT, IDENT_MULTI_VALUE, lfirst, linitial, list_head(), lnext(), NIL, palloc0_object, pstrdup(), regcomp_auth_token(), and token.
Referenced by fill_ident_view(), and load_ident().
◆ tokenize_auth_file()
|
extern |
Definition at line 688 of file hba.c.
690{
691 int line_number = 1;
696 tokenize_error_callback_arg callback_arg;
697
699
701 callback_arg.linenum = line_number;
702
704 tokenerrcontext.arg = &callback_arg;
707
708 /*
709 * Do all the local tokenization in its own context, to ease the cleanup
710 * of any memory allocated while tokenizing.
711 */
713 "tokenize_auth_file",
714 ALLOCSET_SMALL_SIZES);
716
718
721
723 {
731
732 /* Collect the next input line, handling backslash continuations */
734
736 {
737 /* Strip trailing newline, including \r in case we're on Windows */
739
740 /*
741 * Check for backslash continuation. The backslash must be after
742 * the last place we found a continuation, else two backslashes
743 * followed by two \n's would behave surprisingly.
744 */
747 {
748 /* Continuation, so strip it and keep reading */
751 continuations++;
752 continue;
753 }
754
755 /* Nope, so we have the whole line */
756 break;
757 }
758
760 {
761 /* I/O error! */
763
764 ereport(elevel,
765 (errcode_for_file_access(),
769 filename);
770 break;
771 }
772
773 /* Parse fields */
776 {
778
780 elevel, depth, &err_msg);
781 /* add field to line, unless we are at EOL or comment start */
783 {
784 /*
785 * lappend() may do its own allocations, so move to the
786 * context for the list of tokens.
787 */
791 }
792 }
793
794 /*
795 * Reached EOL; no need to emit line to TokenizedAuthLine list if it's
796 * boring.
797 */
800
801 /* If the line is valid, check if that's an include directive */
803 {
804 AuthToken *first,
805 *second;
806
809
811 {
813 elevel, depth + 1, false, &err_msg);
814
815 if (err_msg)
817
818 /*
819 * tokenize_auth_file() has taken care of creating the
820 * TokenizedAuthLines.
821 */
823 }
825 {
830
832 &num_filenames, &err_msg);
833
835 {
836 /* the error is in err_msg, so create an entry */
838 }
839
842 {
844 elevel, depth + 1, false, &err_msg);
845 /* cumulate errors if any */
846 if (err_msg)
847 {
851 }
852 }
853
854 /* clean up things */
858
859 /*
860 * If there were no errors, the line is fully processed,
861 * bypass the general TokenizedAuthLine processing.
862 */
865
866 /* Otherwise, process the cumulated errors, if any. */
867 err_msg = err_buf.data;
869 }
871 {
872
874 elevel, depth + 1, true, &err_msg);
875 if (err_msg)
877
878 /*
879 * tokenize_auth_file() has taken care of creating the
880 * TokenizedAuthLines.
881 */
883 }
884 }
885
886process_line:
887
888 /*
889 * General processing: report the error if any and emit line to the
890 * TokenizedAuthLine. This is saved in the memory context dedicated
891 * to this list.
892 */
897 tok_line->line_num = line_number;
902
903next_line:
904 line_number += continuations + 1;
905 callback_arg.linenum = line_number;
906 }
907
910
912}
char ** GetConfFilesInDir(const char *includedir, const char *calling_file, int elevel, int *num_filenames, char **err_msg)
Definition conffiles.c:70
static List * next_field_expand(const char *filename, char **lineptr, int elevel, int depth, char **err_msg)
Definition hba.c:378
static void tokenize_include_file(const char *outer_filename, const char *inc_filename, List **tok_lines, int elevel, int depth, bool missing_ok, char **err_msg)
Definition hba.c:437
bool pg_get_line_append(FILE *stream, StringInfo buf, PromptInterruptContext *prompt_ctx)
Definition pg_get_line.c:124
void appendStringInfoString(StringInfo str, const char *s)
Definition stringinfo.c:230
Definition elog.h:296
Definition stringinfo.h:47
Definition mbprint.h:17
Definition hba.c:64
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, appendStringInfoChar(), appendStringInfoString(), Assert, buf, CONF_FILE_START_DEPTH, CurrentMemoryContext, ereport, errcode_for_file_access(), errmsg(), error_context_stack, fb(), tokenize_error_callback_arg::filename, filename, GetConfFilesInDir(), i, initStringInfo(), lappend(), tokenize_error_callback_arg::linenum, linitial, linitial_node, list_length(), lsecond_node, MemoryContextDelete(), MemoryContextSwitchTo(), next_field_expand(), NIL, palloc0_object, pfree(), pg_get_line_append(), pg_strip_crlf(), ErrorContextCallback::previous, psprintf(), pstrdup(), resetStringInfo(), AuthToken::string, tokenize_context, tokenize_error_callback(), and tokenize_include_file().
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
