PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
hba.h File Reference
#include "libpq/pqcomm.h"
#include "nodes/pg_list.h"
#include "regex/regex.h"
Include dependency graph for hba.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  HbaLine
 
struct  IdentLine
 

Macros

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */
 

Typedefs

typedef enum UserAuth UserAuth
 
typedef enum IPCompareMethod IPCompareMethod
 
typedef enum ConnType ConnType
 
typedef struct HbaLine HbaLine
 
typedef struct IdentLine IdentLine
 
typedef struct Port hbaPort
 

Enumerations

enum  UserAuth {
  uaReject, uaImplicitReject, uaTrust, uaIdent,
  uaPassword, uaMD5, uaGSS, uaSSPI,
  uaPAM, uaBSD, uaLDAP, uaCert,
  uaRADIUS
}
 
enum  IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll }
 
enum  ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL }
 

Functions

bool load_hba (void)
 
bool load_ident (void)
 
void hba_getauthmethod (hbaPort *port)
 
int check_usermap (const char *usermap_name, const char *pg_role, const char *auth_user, bool case_sensitive)
 
bool pg_isblank (const char c)
 

Macro Definition Documentation

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */

Definition at line 41 of file hba.h.

Referenced by fill_hba_line().

Typedef Documentation

Definition at line 108 of file hba.h.

Enumeration Type Documentation

enum ConnType
Enumerator
ctLocal 
ctHost 
ctHostSSL 
ctHostNoSSL 

Definition at line 52 of file hba.h.

53 {
54  ctLocal,
55  ctHost,
56  ctHostSSL,
58 } ConnType;
Definition: hba.h:56
ConnType
Definition: hba.h:52
Definition: hba.h:54
Definition: hba.h:55
Enumerator
ipCmpMask 
ipCmpSameHost 
ipCmpSameNet 
ipCmpAll 

Definition at line 44 of file hba.h.

45 {
46  ipCmpMask,
49  ipCmpAll
Definition: hba.h:46
IPCompareMethod
Definition: hba.h:44
Definition: hba.h:49
enum UserAuth
Enumerator
uaReject 
uaImplicitReject 
uaTrust 
uaIdent 
uaPassword 
uaMD5 
uaGSS 
uaSSPI 
uaPAM 
uaBSD 
uaLDAP 
uaCert 
uaRADIUS 

Definition at line 25 of file hba.h.

26 {
27  uaReject,
28  uaImplicitReject, /* Not a user-visible option */
29  uaTrust,
30  uaIdent,
31  uaPassword,
32  uaMD5,
33  uaGSS,
34  uaSSPI,
35  uaPAM,
36  uaBSD,
37  uaLDAP,
38  uaCert,
39  uaRADIUS,
40  uaPeer
41 #define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
42 } UserAuth;
UserAuth
Definition: hba.h:25
Definition: hba.h:30
Definition: hba.h:37
Definition: hba.h:32
Definition: hba.h:34
Definition: hba.h:33
Definition: hba.h:31
Definition: hba.h:38
Definition: hba.h:27
Definition: hba.h:29
Definition: hba.h:36
Definition: hba.h:35
Definition: hba.h:39

Function Documentation

int check_usermap ( const char *  usermap_name,
const char *  pg_role,
const char *  auth_user,
bool  case_sensitive 
)

Definition at line 2672 of file hba.c.

References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, NULL, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.

Referenced by ident_inet().

2676 {
2677  bool found_entry = false,
2678  error = false;
2679 
2680  if (usermap_name == NULL || usermap_name[0] == '\0')
2681  {
2682  if (case_insensitive)
2683  {
2684  if (pg_strcasecmp(pg_role, auth_user) == 0)
2685  return STATUS_OK;
2686  }
2687  else
2688  {
2689  if (strcmp(pg_role, auth_user) == 0)
2690  return STATUS_OK;
2691  }
2692  ereport(LOG,
2693  (errmsg("provided user name (%s) and authenticated user name (%s) do not match",
2694  pg_role, auth_user)));
2695  return STATUS_ERROR;
2696  }
2697  else
2698  {
2699  ListCell *line_cell;
2700 
2701  foreach(line_cell, parsed_ident_lines)
2702  {
2703  check_ident_usermap(lfirst(line_cell), usermap_name,
2704  pg_role, auth_user, case_insensitive,
2705  &found_entry, &error);
2706  if (found_entry || error)
2707  break;
2708  }
2709  }
2710  if (!found_entry && !error)
2711  {
2712  ereport(LOG,
2713  (errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
2714  usermap_name, pg_role, auth_user)));
2715  }
2716  return found_entry ? STATUS_OK : STATUS_ERROR;
2717 }
static void check_ident_usermap(IdentLine *identLine, const char *usermap_name, const char *pg_role, const char *ident_user, bool case_insensitive, bool *found_p, bool *error_p)
Definition: hba.c:2536
static void error(void)
Definition: sql-dyntest.c:147
#define STATUS_ERROR
Definition: c.h:972
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
#define LOG
Definition: elog.h:26
#define ereport(elevel, rest)
Definition: elog.h:122
#define STATUS_OK
Definition: c.h:971
static List * parsed_ident_lines
Definition: hba.c:114
#define NULL
Definition: c.h:226
#define lfirst(lc)
Definition: pg_list.h:106
int errmsg(const char *fmt,...)
Definition: elog.c:797
void hba_getauthmethod ( hbaPort port)

Definition at line 2838 of file hba.c.

References check_hba().

Referenced by ClientAuthentication().

2839 {
2840  check_hba(port);
2841 }
static void check_hba(hbaPort *port)
Definition: hba.c:1844
bool load_hba ( void  )

Definition at line 1945 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, NULL, parse_hba_line(), PostmasterContext, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

1946 {
1947  FILE *file;
1948  List *hba_lines = NIL;
1949  ListCell *line;
1950  List *new_parsed_lines = NIL;
1951  bool ok = true;
1952  MemoryContext linecxt;
1953  MemoryContext oldcxt;
1954  MemoryContext hbacxt;
1955 
1956  file = AllocateFile(HbaFileName, "r");
1957  if (file == NULL)
1958  {
1959  ereport(LOG,
1961  errmsg("could not open configuration file \"%s\": %m",
1962  HbaFileName)));
1963  return false;
1964  }
1965 
1966  linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
1967  FreeFile(file);
1968 
1969  /* Now parse all the lines */
1972  "hba parser context",
1974  oldcxt = MemoryContextSwitchTo(hbacxt);
1975  foreach(line, hba_lines)
1976  {
1977  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
1978  HbaLine *newline;
1979 
1980  /* don't parse lines that already have errors */
1981  if (tok_line->err_msg != NULL)
1982  {
1983  ok = false;
1984  continue;
1985  }
1986 
1987  if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
1988  {
1989  /* Parse error; remember there's trouble */
1990  ok = false;
1991 
1992  /*
1993  * Keep parsing the rest of the file so we can report errors on
1994  * more than the first line. Error has already been logged, no
1995  * need for more chatter here.
1996  */
1997  continue;
1998  }
1999 
2000  new_parsed_lines = lappend(new_parsed_lines, newline);
2001  }
2002 
2003  /*
2004  * A valid HBA file must have at least one entry; else there's no way to
2005  * connect to the postmaster. But only complain about this if we didn't
2006  * already have parsing errors.
2007  */
2008  if (ok && new_parsed_lines == NIL)
2009  {
2010  ereport(LOG,
2011  (errcode(ERRCODE_CONFIG_FILE_ERROR),
2012  errmsg("configuration file \"%s\" contains no entries",
2013  HbaFileName)));
2014  ok = false;
2015  }
2016 
2017  /* Free tokenizer memory */
2018  MemoryContextDelete(linecxt);
2019  MemoryContextSwitchTo(oldcxt);
2020 
2021  if (!ok)
2022  {
2023  /* File contained one or more errors, so bail out */
2024  MemoryContextDelete(hbacxt);
2025  return false;
2026  }
2027 
2028  /* Loaded new file successfully, replace the one we use */
2029  if (parsed_hba_context != NULL)
2031  parsed_hba_context = hbacxt;
2032  parsed_hba_lines = new_parsed_lines;
2033 
2034  return true;
2035 }
Definition: hba.h:60
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:155
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
int errcode(int sqlerrcode)
Definition: elog.c:575
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
static List * parsed_hba_lines
Definition: hba.c:103
char * HbaFileName
Definition: guc.c:465
static MemoryContext parsed_hba_context
Definition: hba.c:104
char * err_msg
Definition: hba.c:96
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2043
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
static HbaLine * parse_hba_line(TokenizedLine *tok_line, int elevel)
Definition: hba.c:941
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:440
#define NULL
Definition: c.h:226
#define Assert(condition)
Definition: c.h:671
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:469
int FreeFile(FILE *file)
Definition: fd.c:2226
int errmsg(const char *fmt,...)
Definition: elog.c:797
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45
bool load_ident ( void  )

Definition at line 2727 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, NULL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2728 {
2729  FILE *file;
2730  List *ident_lines = NIL;
2731  ListCell *line_cell,
2732  *parsed_line_cell;
2733  List *new_parsed_lines = NIL;
2734  bool ok = true;
2735  MemoryContext linecxt;
2736  MemoryContext oldcxt;
2737  MemoryContext ident_context;
2738  IdentLine *newline;
2739 
2740  file = AllocateFile(IdentFileName, "r");
2741  if (file == NULL)
2742  {
2743  /* not fatal ... we just won't do any special ident maps */
2744  ereport(LOG,
2746  errmsg("could not open usermap file \"%s\": %m",
2747  IdentFileName)));
2748  return false;
2749  }
2750 
2751  linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
2752  FreeFile(file);
2753 
2754  /* Now parse all the lines */
2756  ident_context = AllocSetContextCreate(PostmasterContext,
2757  "ident parser context",
2759  oldcxt = MemoryContextSwitchTo(ident_context);
2760  foreach(line_cell, ident_lines)
2761  {
2762  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
2763 
2764  /* don't parse lines that already have errors */
2765  if (tok_line->err_msg != NULL)
2766  {
2767  ok = false;
2768  continue;
2769  }
2770 
2771  if ((newline = parse_ident_line(tok_line)) == NULL)
2772  {
2773  /* Parse error; remember there's trouble */
2774  ok = false;
2775 
2776  /*
2777  * Keep parsing the rest of the file so we can report errors on
2778  * more than the first line. Error has already been logged, no
2779  * need for more chatter here.
2780  */
2781  continue;
2782  }
2783 
2784  new_parsed_lines = lappend(new_parsed_lines, newline);
2785  }
2786 
2787  /* Free tokenizer memory */
2788  MemoryContextDelete(linecxt);
2789  MemoryContextSwitchTo(oldcxt);
2790 
2791  if (!ok)
2792  {
2793  /*
2794  * File contained one or more errors, so bail out, first being careful
2795  * to clean up whatever we allocated. Most stuff will go away via
2796  * MemoryContextDelete, but we have to clean up regexes explicitly.
2797  */
2798  foreach(parsed_line_cell, new_parsed_lines)
2799  {
2800  newline = (IdentLine *) lfirst(parsed_line_cell);
2801  if (newline->ident_user[0] == '/')
2802  pg_regfree(&newline->re);
2803  }
2804  MemoryContextDelete(ident_context);
2805  return false;
2806  }
2807 
2808  /* Loaded new file successfully, replace the one we use */
2809  if (parsed_ident_lines != NIL)
2810  {
2811  foreach(parsed_line_cell, parsed_ident_lines)
2812  {
2813  newline = (IdentLine *) lfirst(parsed_line_cell);
2814  if (newline->ident_user[0] == '/')
2815  pg_regfree(&newline->re);
2816  }
2817  }
2818  if (parsed_ident_context != NULL)
2820 
2821  parsed_ident_context = ident_context;
2822  parsed_ident_lines = new_parsed_lines;
2823 
2824  return true;
2825 }
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
regex_t re
Definition: hba.h:104
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:155
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
char * err_msg
Definition: hba.c:96
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2043
char * IdentFileName
Definition: guc.c:466
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:440
static List * parsed_ident_lines
Definition: hba.c:114
static MemoryContext parsed_ident_context
Definition: hba.c:115
#define NULL
Definition: c.h:226
#define Assert(condition)
Definition: c.h:671
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:469
Definition: hba.h:97
int FreeFile(FILE *file)
Definition: fd.c:2226
char * ident_user
Definition: hba.h:102
int errmsg(const char *fmt,...)
Definition: elog.c:797
static IdentLine * parse_ident_line(TokenizedLine *tok_line)
Definition: hba.c:2459
void pg_regfree(regex_t *re)
Definition: regfree.c:49
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45
bool pg_isblank ( const char  c)

Definition at line 159 of file hba.c.

Referenced by interpret_ident_response(), and next_token().

160 {
161  return c == ' ' || c == '\t' || c == '\r';
162 }
char * c