Loading...
Searching...
No Matches
hba.h File Reference
Include dependency graph for hba.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Data Structures | |
| struct | AuthToken |
| struct | HbaLine |
| struct | IdentLine |
| struct | HostsLine |
| struct | TokenizedAuthLine |
Macros | |
| #define | USER_AUTH_LAST uaOAuth /* Must be last value of this enum */ |
Enumerations | |
| enum | UserAuth { uaReject , uaImplicitReject , uaTrust , uaIdent , uaPassword , uaMD5 , uaSCRAM , uaGSS , uaSSPI , uaPAM , uaBSD , uaLDAP , uaCert , uaPeer , uaOAuth } |
| enum | IPCompareMethod { ipCmpMask , ipCmpSameHost , ipCmpSameNet , ipCmpAll } |
| enum | ConnType { ctLocal , ctHost , ctHostSSL , ctHostNoSSL , ctHostGSS , ctHostNoGSS } |
| enum | ClientCertMode { clientCertOff , clientCertCA , clientCertFull } |
| enum | ClientCertName { clientCertCN , clientCertDN } |
| enum | HostsFileLoadResult { HOSTSFILE_LOAD_OK = 0 , HOSTSFILE_LOAD_FAILED , HOSTSFILE_EMPTY , HOSTSFILE_MISSING , HOSTSFILE_DISABLED } |
Functions | |
| bool | load_hba (void) |
| bool | load_ident (void) |
| const char * | hba_authname (UserAuth auth_method) |
| void | hba_getauthmethod (Port *port) |
| int | check_usermap (const char *usermap_name, const char *pg_user, const char *system_user, bool case_insensitive) |
| HbaLine * | parse_hba_line (TokenizedAuthLine *tok_line, int elevel) |
| IdentLine * | parse_ident_line (TokenizedAuthLine *tok_line, int elevel) |
| FILE * | open_auth_file (const char *filename, int elevel, int depth, char **err_msg) |
| void | free_auth_file (FILE *file, int depth) |
| void | tokenize_auth_file (const char *filename, FILE *file, List **tok_lines, int elevel, int depth) |
Macro Definition Documentation
◆ USER_AUTH_LAST
Typedef Documentation
◆ AuthToken
◆ ClientCertMode
◆ ClientCertName
◆ ConnType
◆ HbaLine
◆ HostsFileLoadResult
◆ HostsLine
◆ IdentLine
◆ IPCompareMethod
◆ Port
◆ TokenizedAuthLine
◆ UserAuth
Enumeration Type Documentation
◆ ClientCertMode
| Enumerator | |
|---|---|
| clientCertOff | |
| clientCertCA | |
| clientCertFull | |
◆ ClientCertName
| Enumerator | |
|---|---|
| clientCertCN | |
| clientCertDN | |
◆ ConnType
| Enumerator | |
|---|---|
| ctLocal | |
| ctHost | |
| ctHostSSL | |
| ctHostNoSSL | |
| ctHostGSS | |
| ctHostNoGSS | |
Definition at line 57 of file hba.h.
58{
59 ctLocal,
60 ctHost,
61 ctHostSSL,
62 ctHostNoSSL,
63 ctHostGSS,
64 ctHostNoGSS,
65} ConnType;
◆ HostsFileLoadResult
| Enumerator | |
|---|---|
| HOSTSFILE_LOAD_OK | |
| HOSTSFILE_LOAD_FAILED | |
| HOSTSFILE_EMPTY | |
| HOSTSFILE_MISSING | |
| HOSTSFILE_DISABLED | |
Definition at line 168 of file hba.h.
169{
170 HOSTSFILE_LOAD_OK = 0,
172 HOSTSFILE_EMPTY,
173 HOSTSFILE_MISSING,
174 HOSTSFILE_DISABLED,
175} HostsFileLoadResult;
◆ IPCompareMethod
| Enumerator | |
|---|---|
| ipCmpMask | |
| ipCmpSameHost | |
| ipCmpSameNet | |
| ipCmpAll | |
◆ UserAuth
| Enumerator | |
|---|---|
| uaReject | |
| uaImplicitReject | |
| uaTrust | |
| uaIdent | |
| uaPassword | |
| uaMD5 | |
| uaSCRAM | |
| uaGSS | |
| uaSSPI | |
| uaPAM | |
| uaBSD | |
| uaLDAP | |
| uaCert | |
| uaPeer | |
| uaOAuth | |
Function Documentation
◆ check_usermap()
|
extern |
Definition at line 2791 of file hba.c.
2795{
2798
2800 {
2802 {
2805 }
2806 else
2807 {
2810 }
2813 pg_user, system_user)));
2815 }
2816 else
2817 {
2819
2821 {
2826 break;
2827 }
2828 }
2830 {
2834 }
2836}
static void check_ident_usermap(IdentLine *identLine, const char *usermap_name, const char *pg_user, const char *system_user, bool case_insensitive, bool *found_p, bool *error_p)
Definition hba.c:2626
Definition pg_list.h:46
References check_ident_usermap(), ereport, errmsg, error(), fb(), lfirst, LOG, parsed_ident_lines, pg_strcasecmp(), STATUS_ERROR, STATUS_OK, and system_user().
Referenced by auth_peer(), ident_inet(), and validate().
◆ free_auth_file()
Definition at line 568 of file hba.c.
569{
570 FreeFile(file);
571
572 /* If this is the last cleanup, remove the tokenization context */
574 {
577 }
578}
References CONF_FILE_START_DEPTH, fb(), FreeFile(), MemoryContextDelete(), and tokenize_context.
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_hosts(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
◆ hba_authname()
Definition at line 2948 of file hba.c.
2949{
2951}
References UserAuthName.
Referenced by ClientAuthentication(), fill_hba_line(), InitPostgres(), ParallelWorkerMain(), and set_authn_id().
◆ hba_getauthmethod()
Definition at line 2935 of file hba.c.
2936{
2938}
References check_hba(), and port.
Referenced by ClientAuthentication().
◆ load_hba()
Definition at line 2452 of file hba.c.
2453{
2454 FILE *file;
2456 ListCell *line;
2461
2464 {
2465 /* error already logged */
2466 return false;
2467 }
2468
2470
2471 /* Now parse all the lines */
2474 "hba parser context",
2475 ALLOCSET_SMALL_SIZES);
2478 {
2481
2482 /* don't parse lines that already have errors */
2484 {
2486 continue;
2487 }
2488
2490 {
2491 /* Parse error; remember there's trouble */
2493
2494 /*
2495 * Keep parsing the rest of the file so we can report errors on
2496 * more than the first line. Error has already been logged, no
2497 * need for more chatter here.
2498 */
2499 continue;
2500 }
2501
2503 }
2504
2505 /*
2506 * A valid HBA file must have at least one entry; else there's no way to
2507 * connect to the postmaster. But only complain about this if we didn't
2508 * already have parsing errors.
2509 */
2511 {
2515 HbaFileName)));
2517 }
2518
2519 /* Free tokenizer memory */
2520 free_auth_file(file, 0);
2522
2524 {
2525 /*
2526 * File contained one or more errors, so bail out. MemoryContextDelete
2527 * is enough to clean up everything, including regexes.
2528 */
2530 return false;
2531 }
2532
2533 /* Loaded new file successfully, replace the one we use */
2538
2539 return true;
2540}
HbaLine * parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
Definition hba.c:1324
void tokenize_auth_file(const char *filename, FILE *file, List **tok_lines, int elevel, int depth)
Definition hba.c:687
FILE * open_auth_file(const char *filename, int elevel, int depth, char **err_msg)
Definition hba.c:593
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition palloc.h:124
Definition pg_list.h:54
Definition memnodes.h:118
Definition hba.h:187
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, errcode(), errmsg, fb(), free_auth_file(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline, NIL, open_auth_file(), parse_hba_line(), parsed_hba_context, parsed_hba_lines, PostmasterContext, and tokenize_auth_file().
Referenced by PerformAuthentication(), PostmasterMain(), and process_pm_reload_request().
◆ load_ident()
Definition at line 2846 of file hba.c.
2847{
2848 FILE *file;
2856
2857 /* not FATAL ... we just won't do any special ident maps */
2860 {
2861 /* error already logged */
2862 return false;
2863 }
2864
2866
2867 /* Now parse all the lines */
2870 "ident parser context",
2871 ALLOCSET_SMALL_SIZES);
2874 {
2876
2877 /* don't parse lines that already have errors */
2879 {
2881 continue;
2882 }
2883
2885 {
2886 /* Parse error; remember there's trouble */
2888
2889 /*
2890 * Keep parsing the rest of the file so we can report errors on
2891 * more than the first line. Error has already been logged, no
2892 * need for more chatter here.
2893 */
2894 continue;
2895 }
2896
2898 }
2899
2900 /* Free tokenizer memory */
2901 free_auth_file(file, 0);
2903
2905 {
2906 /*
2907 * File contained one or more errors, so bail out. MemoryContextDelete
2908 * is enough to clean up everything, including regexes.
2909 */
2911 return false;
2912 }
2913
2914 /* Loaded new file successfully, replace the one we use */
2917
2920
2921 return true;
2922}
IdentLine * parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
Definition hba.c:2558
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, fb(), free_auth_file(), IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline, NIL, open_auth_file(), parse_ident_line(), parsed_ident_context, parsed_ident_lines, PostmasterContext, and tokenize_auth_file().
Referenced by PerformAuthentication(), PostmasterMain(), and process_pm_reload_request().
◆ open_auth_file()
Definition at line 593 of file hba.c.
595{
596 FILE *file;
597
598 /*
599 * Reject too-deep include nesting depth. This is just a safety check to
600 * avoid dumping core due to stack overflow if an include file loops back
601 * to itself. The maximum nesting depth is pretty arbitrary.
602 */
604 {
605 ereport(elevel,
606 (errcode_for_file_access(),
608 filename)));
609 if (err_msg)
611 filename);
613 }
614
617 {
619
620 ereport(elevel,
621 (errcode_for_file_access(),
623 filename)));
624 if (err_msg)
625 {
628 filename);
629 }
630 /* the caller may care about some specific errno */
633 }
634
635 /*
636 * When opening the top-level file, create the memory context used for the
637 * tokenization. This will be closed with this file when coming back to
638 * this level of cleanup.
639 */
641 {
642 /*
643 * A context may be present, but assume that it has been eliminated
644 * already.
645 */
647 "tokenize_context",
649 }
650
651 return file;
652}
References AllocateFile(), ALLOCSET_START_SMALL_SIZES, AllocSetContextCreate, CONF_FILE_MAX_DEPTH, CONF_FILE_START_DEPTH, CurrentMemoryContext, ereport, errcode_for_file_access(), errmsg, fb(), filename, psprintf(), and tokenize_context.
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_hosts(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
◆ parse_hba_line()
|
extern |
Definition at line 1324 of file hba.c.
1325{
1332 int ret;
1335 ListCell *field;
1340
1343 parsedline->linenumber = line_num;
1345
1346 /* Check the record type. */
1351 {
1352 ereport(elevel,
1357 line_num, file_name)));
1358 *err_msg = "multiple values specified for connection type";
1360 }
1363 {
1365 }
1371 {
1372
1374 {
1376 /* Log a warning if SSL support is not active */
1377#ifdef USE_SSL
1379 {
1380 ereport(elevel,
1385 line_num, file_name)));
1386 *err_msg = "hostssl record cannot match because SSL is disabled";
1387 }
1388#else
1389 ereport(elevel,
1393 line_num, file_name)));
1394 *err_msg = "hostssl record cannot match because SSL is not supported by this build";
1395#endif
1396 }
1398 {
1400#ifndef ENABLE_GSS
1401 ereport(elevel,
1405 line_num, file_name)));
1406 *err_msg = "hostgssenc record cannot match because GSSAPI is not supported by this build";
1407#endif
1408 }
1413 else
1414 {
1415 /* "host" */
1417 }
1418 } /* record type */
1419 else
1420 {
1421 ereport(elevel,
1424 token->string),
1426 line_num, file_name)));
1429 }
1430
1431 /* Get the databases. */
1433 if (!field)
1434 {
1435 ereport(elevel,
1439 line_num, file_name)));
1440 *err_msg = "end-of-line before database specification";
1442 }
1446 {
1448
1449 /* Compile a regexp for the database token, if necessary */
1452
1454 }
1455
1456 /* Get the roles. */
1458 if (!field)
1459 {
1460 ereport(elevel,
1464 line_num, file_name)));
1465 *err_msg = "end-of-line before role specification";
1467 }
1471 {
1473
1474 /* Compile a regexp from the role token, if necessary */
1477
1479 }
1480
1482 {
1483 /* Read the IP address field. (with or without CIDR netmask) */
1485 if (!field)
1486 {
1487 ereport(elevel,
1491 line_num, file_name)));
1492 *err_msg = "end-of-line before IP address specification";
1494 }
1497 {
1498 ereport(elevel,
1503 line_num, file_name)));
1504 *err_msg = "multiple values specified for host address";
1506 }
1508
1510 {
1512 }
1514 {
1515 /* Any IP on this host is allowed to connect */
1517 }
1519 {
1520 /* Any IP on the host's subnets is allowed to connect */
1522 }
1523 else
1524 {
1525 /* IP and netmask are specified */
1527
1528 /* need a modifiable copy of token */
1530
1531 /* Check if it has a CIDR suffix and if so isolate it */
1535
1536 /* Get the IP address either way */
1539 hints.ai_socktype = 0;
1540 hints.ai_protocol = 0;
1541 hints.ai_addrlen = 0;
1545
1548 {
1550 gai_result->ai_addrlen);
1552 }
1555 else
1556 {
1557 ereport(elevel,
1562 line_num, file_name)));
1568 }
1569
1571
1572 /* Get the netmask */
1574 {
1576 {
1577 ereport(elevel,
1580 token->string),
1582 line_num, file_name)));
1584 token->string);
1586 }
1587
1589 parsedline->addr.ss_family) < 0)
1590 {
1591 ereport(elevel,
1594 token->string),
1596 line_num, file_name)));
1598 token->string);
1600 }
1603 }
1605 {
1606 /* Read the mask field. */
1609 if (!field)
1610 {
1611 ereport(elevel,
1616 line_num, file_name)));
1617 *err_msg = "end-of-line before netmask specification";
1619 }
1622 {
1623 ereport(elevel,
1627 line_num, file_name)));
1628 *err_msg = "multiple values specified for netmask";
1630 }
1632
1636 {
1637 ereport(elevel,
1642 line_num, file_name)));
1648 }
1649
1651 gai_result->ai_addrlen);
1654
1656 {
1657 ereport(elevel,
1661 line_num, file_name)));
1662 *err_msg = "IP address and mask do not match";
1664 }
1665 }
1666 }
1667 } /* != ctLocal */
1668
1669 /* Get the authentication method */
1671 if (!field)
1672 {
1673 ereport(elevel,
1677 line_num, file_name)));
1678 *err_msg = "end-of-line before authentication method";
1680 }
1683 {
1684 ereport(elevel,
1689 line_num, file_name)));
1690 *err_msg = "multiple values specified for authentication type";
1692 }
1694
1705#ifdef ENABLE_GSS
1707#else
1709#endif
1711#ifdef ENABLE_SSPI
1713#else
1715#endif
1723#ifdef USE_PAM
1725#else
1727#endif
1729#ifdef USE_BSD_AUTH
1731#else
1733#endif
1735#ifdef USE_LDAP
1737#else
1739#endif
1741#ifdef USE_SSL
1743#else
1745#endif
1748 else
1749 {
1750 ereport(elevel,
1753 token->string),
1755 line_num, file_name)));
1757 token->string);
1759 }
1760
1762 {
1763 ereport(elevel,
1766 token->string),
1768 line_num, file_name)));
1770 token->string);
1772 }
1773
1774 /*
1775 * XXX: When using ident on local connections, change it to peer, for
1776 * backwards compatibility.
1777 */
1781
1782 /* Invalid authentication combinations */
1785 {
1786 ereport(elevel,
1790 line_num, file_name)));
1791 *err_msg = "gssapi authentication is not supported on local sockets";
1793 }
1794
1797 {
1798 ereport(elevel,
1802 line_num, file_name)));
1803 *err_msg = "peer authentication is only supported on local sockets";
1805 }
1806
1807 /*
1808 * SSPI authentication can never be enabled on ctLocal connections,
1809 * because it's only supported on Windows, where ctLocal isn't supported.
1810 */
1811
1812
1815 {
1816 ereport(elevel,
1820 line_num, file_name)));
1821 *err_msg = "cert authentication is only supported on hostssl connections";
1823 }
1824
1825 /*
1826 * For GSS and SSPI, set the default value of include_realm to true.
1827 * Having include_realm set to false is dangerous in multi-realm
1828 * situations and is generally considered bad practice. We keep the
1829 * capability around for backwards compatibility, but we might want to
1830 * remove it at some point in the future. Users who still need to strip
1831 * the realm off would be better served by using an appropriate regex in a
1832 * pg_ident.conf mapping.
1833 */
1837
1838 /*
1839 * For SSPI, include_realm defaults to the SAM-compatible domain (aka
1840 * NetBIOS name) and user names instead of the Kerberos principal name for
1841 * compatibility.
1842 */
1844 {
1847 }
1848
1849 /* Parse remaining arguments */
1851 {
1854 {
1856
1858
1862 {
1863 /*
1864 * Got something that's not a name=value pair.
1865 */
1866 ereport(elevel,
1870 line_num, file_name)));
1872 token->string);
1874 }
1875
1878 /* parse_hba_auth_opt already logged the error message */
1881 }
1882 }
1883
1884 /*
1885 * Check if the selected authentication method has any mandatory arguments
1886 * that are not set.
1887 */
1889 {
1890#ifndef HAVE_LDAP_INITIALIZE
1891 /* Not mandatory for OpenLDAP, because it can use DNS SRV records */
1893#endif
1894
1895 /*
1896 * LDAP can operate in two modes: either with a direct bind, using
1897 * ldapprefix and ldapsuffix, or using a search+bind, using
1898 * ldapbasedn, ldapbinddn, ldapbindpasswd and one of
1899 * ldapsearchattribute or ldapsearchfilter. Disallow mixing these
1900 * parameters.
1901 */
1903 {
1905 parsedline->ldapbinddn ||
1906 parsedline->ldapbindpasswd ||
1907 parsedline->ldapsearchattribute ||
1908 parsedline->ldapsearchfilter)
1909 {
1910 ereport(elevel,
1914 line_num, file_name)));
1915 *err_msg = "cannot mix options for simple bind and search+bind modes";
1917 }
1918 }
1920 {
1921 ereport(elevel,
1923 errmsg("authentication method \"ldap\" requires argument \"ldapbasedn\", \"ldapprefix\", or \"ldapsuffix\" to be set"),
1925 line_num, file_name)));
1926 *err_msg = "authentication method \"ldap\" requires argument \"ldapbasedn\", \"ldapprefix\", or \"ldapsuffix\" to be set";
1928 }
1929
1930 /*
1931 * When using search+bind, you can either use a simple attribute
1932 * (defaulting to "uid") or a fully custom search filter. You can't
1933 * do both.
1934 */
1936 {
1937 ereport(elevel,
1941 line_num, file_name)));
1942 *err_msg = "cannot use ldapsearchattribute together with ldapsearchfilter";
1944 }
1945 }
1946
1947 /*
1948 * Enforce any parameters implied by other settings.
1949 */
1951 {
1952 /*
1953 * For auth method cert, client certificate validation is mandatory,
1954 * and it implies the level of verify-full.
1955 */
1957 }
1958
1959 /*
1960 * Enforce proper configuration of OAuth authentication.
1961 */
1963 {
1966
1967 /* Ensure a validator library is set and permitted by the config. */
1970
1971 /*
1972 * Supplying a usermap combined with the option to skip usermapping is
1973 * nonsensical and indicates a configuration error.
1974 */
1976 {
1977 ereport(elevel,
1979 /* translator: strings are replaced with hba options */
1981 "map", "delegate_ident_mapping"),
1983 line_num, file_name));
1984 *err_msg = "map cannot be used in combination with delegate_ident_mapping";
1986 }
1987 }
1988
1990}
bool check_oauth_validator(HbaLine *hbaline, int elevel, char **err_msg)
Definition auth-oauth.c:857
memcpy(sums, checksumBaseOffsets, sizeof(checksumBaseOffsets))
int errhint(const char *fmt,...) pg_attribute_printf(1
static bool parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline, int elevel, char **err_msg)
Definition hba.c:2000
static int regcomp_auth_token(AuthToken *token, char *filename, int line_num, char **err_msg, int elevel)
Definition hba.c:299
int pg_sockaddr_cidr_mask(struct sockaddr_storage *mask, char *numbits, int family)
Definition ifaddr.c:105
void pg_freeaddrinfo_all(int hint_ai_family, struct addrinfo *ai)
Definition ip.c:85
int pg_getaddrinfo_all(const char *hostname, const char *servname, const struct addrinfo *hintp, struct addrinfo **result)
Definition ip.c:56
Definition oauth-curl.c:184
References Assert, check_oauth_validator(), clientCertFull, copy_auth_token(), ctHost, ctHostGSS, ctHostNoGSS, ctHostNoSSL, ctHostSSL, ctLocal, EnableSSL, ereport, errcode(), errcontext, errhint(), errmsg, fb(), gai_strerror(), ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, lappend(), lfirst, linitial, list_head(), lnext(), MANDATORY_AUTH_ARG, memcpy(), NIL, palloc0_object, parse_hba_auth_opt(), pfree(), pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_sockaddr_cidr_mask(), psprintf(), pstrdup(), regcomp_auth_token(), str, token, token_is_keyword, uaBSD, uaCert, uaGSS, uaIdent, uaLDAP, uaMD5, uaOAuth, uaPAM, uaPassword, uaPeer, uaReject, uaSCRAM, uaSSPI, uaTrust, and val.
Referenced by fill_hba_view(), and load_hba().
◆ parse_ident_line()
|
extern |
Definition at line 2558 of file hba.c.
2559{
2563 ListCell *field;
2567
2570
2572 parsedline->linenumber = line_num;
2573
2574 /* Get the map token (must exist) */
2579
2580 /* Get the ident user token */
2582 IDENT_FIELD_ABSENT(field);
2586
2587 /* Copy the ident user token */
2589
2590 /* Get the PG rolename token */
2592 IDENT_FIELD_ABSENT(field);
2597
2598 /*
2599 * Now that the field validation is done, compile a regex from the user
2600 * tokens, if necessary.
2601 */
2603 err_msg, elevel))
2604 {
2605 /* err_msg includes the error to report */
2607 }
2608
2610 err_msg, elevel))
2611 {
2612 /* err_msg includes the error to report */
2614 }
2615
2617}
References Assert, copy_auth_token(), fb(), IDENT_FIELD_ABSENT, IDENT_MULTI_VALUE, lfirst, linitial, list_head(), lnext(), NIL, palloc0_object, pstrdup(), regcomp_auth_token(), and token.
Referenced by fill_ident_view(), and load_ident().
◆ tokenize_auth_file()
|
extern |
Definition at line 687 of file hba.c.
689{
690 int line_number = 1;
695 tokenize_error_callback_arg callback_arg;
696
698
700 callback_arg.linenum = line_number;
701
703 tokenerrcontext.arg = &callback_arg;
706
707 /*
708 * Do all the local tokenization in its own context, to ease the cleanup
709 * of any memory allocated while tokenizing.
710 */
712 "tokenize_auth_file",
713 ALLOCSET_SMALL_SIZES);
715
717
720
722 {
730
731 /* Collect the next input line, handling backslash continuations */
733
735 {
736 /* Strip trailing newline, including \r in case we're on Windows */
738
739 /*
740 * Check for backslash continuation. The backslash must be after
741 * the last place we found a continuation, else two backslashes
742 * followed by two \n's would behave surprisingly.
743 */
746 {
747 /* Continuation, so strip it and keep reading */
750 continuations++;
751 continue;
752 }
753
754 /* Nope, so we have the whole line */
755 break;
756 }
757
759 {
760 /* I/O error! */
762
763 ereport(elevel,
764 (errcode_for_file_access(),
768 filename);
769 break;
770 }
771
772 /* Parse fields */
775 {
777
779 elevel, depth, &err_msg);
780 /* add field to line, unless we are at EOL or comment start */
782 {
783 /*
784 * lappend() may do its own allocations, so move to the
785 * context for the list of tokens.
786 */
790 }
791 }
792
793 /*
794 * Reached EOL; no need to emit line to TokenizedAuthLine list if it's
795 * boring.
796 */
799
800 /* If the line is valid, check if that's an include directive */
802 {
803 AuthToken *first,
804 *second;
805
808
810 {
812 elevel, depth + 1, false, &err_msg);
813
814 if (err_msg)
816
817 /*
818 * tokenize_auth_file() has taken care of creating the
819 * TokenizedAuthLines.
820 */
822 }
824 {
829
831 &num_filenames, &err_msg);
832
834 {
835 /* the error is in err_msg, so create an entry */
837 }
838
841 {
843 elevel, depth + 1, false, &err_msg);
844 /* cumulate errors if any */
845 if (err_msg)
846 {
850 }
851 }
852
853 /* clean up things */
857
858 /*
859 * If there were no errors, the line is fully processed,
860 * bypass the general TokenizedAuthLine processing.
861 */
864
865 /* Otherwise, process the cumulated errors, if any. */
866 err_msg = err_buf.data;
868 }
870 {
871
873 elevel, depth + 1, true, &err_msg);
874 if (err_msg)
876
877 /*
878 * tokenize_auth_file() has taken care of creating the
879 * TokenizedAuthLines.
880 */
882 }
883 }
884
885process_line:
886
887 /*
888 * General processing: report the error if any and emit line to the
889 * TokenizedAuthLine. This is saved in the memory context dedicated
890 * to this list.
891 */
896 tok_line->line_num = line_number;
901
902next_line:
903 line_number += continuations + 1;
904 callback_arg.linenum = line_number;
905 }
906
909
911}
char ** GetConfFilesInDir(const char *includedir, const char *calling_file, int elevel, int *num_filenames, char **err_msg)
Definition conffiles.c:70
static List * next_field_expand(const char *filename, char **lineptr, int elevel, int depth, char **err_msg)
Definition hba.c:377
static void tokenize_include_file(const char *outer_filename, const char *inc_filename, List **tok_lines, int elevel, int depth, bool missing_ok, char **err_msg)
Definition hba.c:436
bool pg_get_line_append(FILE *stream, StringInfo buf, PromptInterruptContext *prompt_ctx)
Definition pg_get_line.c:124
void appendStringInfoString(StringInfo str, const char *s)
Definition stringinfo.c:230
Definition elog.h:298
Definition stringinfo.h:47
Definition mbprint.h:17
Definition hba.c:64
References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, appendStringInfoChar(), appendStringInfoString(), Assert, buf, CONF_FILE_START_DEPTH, CurrentMemoryContext, ereport, errcode_for_file_access(), errmsg, error_context_stack, fb(), tokenize_error_callback_arg::filename, filename, GetConfFilesInDir(), i, initStringInfo(), lappend(), tokenize_error_callback_arg::linenum, linitial, linitial_node, list_length(), lsecond_node, MemoryContextDelete(), MemoryContextSwitchTo(), next_field_expand(), NIL, palloc0_object, pfree(), pg_get_line_append(), pg_strip_crlf(), ErrorContextCallback::previous, psprintf(), pstrdup(), resetStringInfo(), AuthToken::string, tokenize_context, tokenize_error_callback(), and tokenize_include_file().
Referenced by fill_hba_view(), fill_ident_view(), load_hba(), load_hosts(), load_ident(), tokenize_expand_file(), and tokenize_include_file().
