PostgreSQL Source Code  git master
hba.h File Reference
#include "libpq/pqcomm.h"
#include "nodes/pg_list.h"
#include "regex/regex.h"
Include dependency graph for hba.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  HbaLine
 
struct  IdentLine
 

Macros

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */
 

Typedefs

typedef enum UserAuth UserAuth
 
typedef enum IPCompareMethod IPCompareMethod
 
typedef enum ConnType ConnType
 
typedef struct HbaLine HbaLine
 
typedef struct IdentLine IdentLine
 
typedef struct Port hbaPort
 

Enumerations

enum  UserAuth {
  uaReject, uaImplicitReject, uaTrust, uaIdent,
  uaPassword, uaMD5, uaSCRAM, uaGSS,
  uaSSPI, uaPAM, uaBSD, uaLDAP,
  uaCert, uaRADIUS
}
 
enum  IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll }
 
enum  ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL }
 

Functions

bool load_hba (void)
 
bool load_ident (void)
 
void hba_getauthmethod (hbaPort *port)
 
int check_usermap (const char *usermap_name, const char *pg_role, const char *auth_user, bool case_sensitive)
 
bool pg_isblank (const char c)
 

Macro Definition Documentation

◆ USER_AUTH_LAST

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */

Definition at line 42 of file hba.h.

Referenced by fill_hba_line().

Typedef Documentation

◆ ConnType

◆ HbaLine

◆ hbaPort

Definition at line 115 of file hba.h.

◆ IdentLine

◆ IPCompareMethod

◆ UserAuth

Enumeration Type Documentation

◆ ConnType

enum ConnType
Enumerator
ctLocal 
ctHost 
ctHostSSL 
ctHostNoSSL 

Definition at line 53 of file hba.h.

54 {
55  ctLocal,
56  ctHost,
57  ctHostSSL,
59 } ConnType;
Definition: hba.h:57
ConnType
Definition: hba.h:53
Definition: hba.h:55
Definition: hba.h:56

◆ IPCompareMethod

Enumerator
ipCmpMask 
ipCmpSameHost 
ipCmpSameNet 
ipCmpAll 

Definition at line 45 of file hba.h.

46 {
47  ipCmpMask,
50  ipCmpAll
Definition: hba.h:47
IPCompareMethod
Definition: hba.h:45
Definition: hba.h:50

◆ UserAuth

enum UserAuth
Enumerator
uaReject 
uaImplicitReject 
uaTrust 
uaIdent 
uaPassword 
uaMD5 
uaSCRAM 
uaGSS 
uaSSPI 
uaPAM 
uaBSD 
uaLDAP 
uaCert 
uaRADIUS 

Definition at line 25 of file hba.h.

26 {
27  uaReject,
28  uaImplicitReject, /* Not a user-visible option */
29  uaTrust,
30  uaIdent,
31  uaPassword,
32  uaMD5,
33  uaSCRAM,
34  uaGSS,
35  uaSSPI,
36  uaPAM,
37  uaBSD,
38  uaLDAP,
39  uaCert,
40  uaRADIUS,
41  uaPeer
42 #define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
43 } UserAuth;
UserAuth
Definition: hba.h:25
Definition: hba.h:30
Definition: hba.h:38
Definition: hba.h:32
Definition: hba.h:35
Definition: hba.h:34
Definition: hba.h:31
Definition: hba.h:39
Definition: hba.h:27
Definition: hba.h:29
Definition: hba.h:33
Definition: hba.h:37
Definition: hba.h:36
Definition: hba.h:40

Function Documentation

◆ check_usermap()

int check_usermap ( const char *  usermap_name,
const char *  pg_role,
const char *  auth_user,
bool  case_sensitive 
)

Definition at line 2858 of file hba.c.

References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.

Referenced by CheckSCRAMAuth(), and ident_inet().

2862 {
2863  bool found_entry = false,
2864  error = false;
2865 
2866  if (usermap_name == NULL || usermap_name[0] == '\0')
2867  {
2868  if (case_insensitive)
2869  {
2870  if (pg_strcasecmp(pg_role, auth_user) == 0)
2871  return STATUS_OK;
2872  }
2873  else
2874  {
2875  if (strcmp(pg_role, auth_user) == 0)
2876  return STATUS_OK;
2877  }
2878  ereport(LOG,
2879  (errmsg("provided user name (%s) and authenticated user name (%s) do not match",
2880  pg_role, auth_user)));
2881  return STATUS_ERROR;
2882  }
2883  else
2884  {
2885  ListCell *line_cell;
2886 
2887  foreach(line_cell, parsed_ident_lines)
2888  {
2889  check_ident_usermap(lfirst(line_cell), usermap_name,
2890  pg_role, auth_user, case_insensitive,
2891  &found_entry, &error);
2892  if (found_entry || error)
2893  break;
2894  }
2895  }
2896  if (!found_entry && !error)
2897  {
2898  ereport(LOG,
2899  (errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
2900  usermap_name, pg_role, auth_user)));
2901  }
2902  return found_entry ? STATUS_OK : STATUS_ERROR;
2903 }
static void check_ident_usermap(IdentLine *identLine, const char *usermap_name, const char *pg_role, const char *ident_user, bool case_insensitive, bool *found_p, bool *error_p)
Definition: hba.c:2722
static void error(void)
Definition: sql-dyntest.c:147
#define STATUS_ERROR
Definition: c.h:998
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
#define LOG
Definition: elog.h:26
#define ereport(elevel, rest)
Definition: elog.h:122
#define STATUS_OK
Definition: c.h:997
static List * parsed_ident_lines
Definition: hba.c:112
#define lfirst(lc)
Definition: pg_list.h:106
int errmsg(const char *fmt,...)
Definition: elog.c:797

◆ hba_getauthmethod()

void hba_getauthmethod ( hbaPort port)

Definition at line 3024 of file hba.c.

References check_hba().

Referenced by ClientAuthentication().

3025 {
3026  check_hba(port);
3027 }
static void check_hba(hbaPort *port)
Definition: hba.c:2025

◆ load_hba()

bool load_hba ( void  )

Definition at line 2126 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_hba_line(), PostmasterContext, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2127 {
2128  FILE *file;
2129  List *hba_lines = NIL;
2130  ListCell *line;
2131  List *new_parsed_lines = NIL;
2132  bool ok = true;
2133  MemoryContext linecxt;
2134  MemoryContext oldcxt;
2135  MemoryContext hbacxt;
2136 
2137  file = AllocateFile(HbaFileName, "r");
2138  if (file == NULL)
2139  {
2140  ereport(LOG,
2142  errmsg("could not open configuration file \"%s\": %m",
2143  HbaFileName)));
2144  return false;
2145  }
2146 
2147  linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
2148  FreeFile(file);
2149 
2150  /* Now parse all the lines */
2153  "hba parser context",
2155  oldcxt = MemoryContextSwitchTo(hbacxt);
2156  foreach(line, hba_lines)
2157  {
2158  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
2159  HbaLine *newline;
2160 
2161  /* don't parse lines that already have errors */
2162  if (tok_line->err_msg != NULL)
2163  {
2164  ok = false;
2165  continue;
2166  }
2167 
2168  if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
2169  {
2170  /* Parse error; remember there's trouble */
2171  ok = false;
2172 
2173  /*
2174  * Keep parsing the rest of the file so we can report errors on
2175  * more than the first line. Error has already been logged, no
2176  * need for more chatter here.
2177  */
2178  continue;
2179  }
2180 
2181  new_parsed_lines = lappend(new_parsed_lines, newline);
2182  }
2183 
2184  /*
2185  * A valid HBA file must have at least one entry; else there's no way to
2186  * connect to the postmaster. But only complain about this if we didn't
2187  * already have parsing errors.
2188  */
2189  if (ok && new_parsed_lines == NIL)
2190  {
2191  ereport(LOG,
2192  (errcode(ERRCODE_CONFIG_FILE_ERROR),
2193  errmsg("configuration file \"%s\" contains no entries",
2194  HbaFileName)));
2195  ok = false;
2196  }
2197 
2198  /* Free tokenizer memory */
2199  MemoryContextDelete(linecxt);
2200  MemoryContextSwitchTo(oldcxt);
2201 
2202  if (!ok)
2203  {
2204  /* File contained one or more errors, so bail out */
2205  MemoryContextDelete(hbacxt);
2206  return false;
2207  }
2208 
2209  /* Loaded new file successfully, replace the one we use */
2210  if (parsed_hba_context != NULL)
2212  parsed_hba_context = hbacxt;
2213  parsed_hba_lines = new_parsed_lines;
2214 
2215  return true;
2216 }
Definition: hba.h:61
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:198
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:207
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
int errcode(int sqlerrcode)
Definition: elog.c:575
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
static List * parsed_hba_lines
Definition: hba.c:101
char * HbaFileName
Definition: guc.c:464
static MemoryContext parsed_hba_context
Definition: hba.c:102
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2353
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
#define AllocSetContextCreate(parent, name, allocparams)
Definition: memutils.h:165
static HbaLine * parse_hba_line(TokenizedLine *tok_line, int elevel)
Definition: hba.c:945
#define Assert(condition)
Definition: c.h:688
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
int FreeFile(FILE *file)
Definition: fd.c:2545
int errmsg(const char *fmt,...)
Definition: elog.c:797
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45

◆ load_ident()

bool load_ident ( void  )

Definition at line 2913 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2914 {
2915  FILE *file;
2916  List *ident_lines = NIL;
2917  ListCell *line_cell,
2918  *parsed_line_cell;
2919  List *new_parsed_lines = NIL;
2920  bool ok = true;
2921  MemoryContext linecxt;
2922  MemoryContext oldcxt;
2923  MemoryContext ident_context;
2924  IdentLine *newline;
2925 
2926  file = AllocateFile(IdentFileName, "r");
2927  if (file == NULL)
2928  {
2929  /* not fatal ... we just won't do any special ident maps */
2930  ereport(LOG,
2932  errmsg("could not open usermap file \"%s\": %m",
2933  IdentFileName)));
2934  return false;
2935  }
2936 
2937  linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
2938  FreeFile(file);
2939 
2940  /* Now parse all the lines */
2942  ident_context = AllocSetContextCreate(PostmasterContext,
2943  "ident parser context",
2945  oldcxt = MemoryContextSwitchTo(ident_context);
2946  foreach(line_cell, ident_lines)
2947  {
2948  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
2949 
2950  /* don't parse lines that already have errors */
2951  if (tok_line->err_msg != NULL)
2952  {
2953  ok = false;
2954  continue;
2955  }
2956 
2957  if ((newline = parse_ident_line(tok_line)) == NULL)
2958  {
2959  /* Parse error; remember there's trouble */
2960  ok = false;
2961 
2962  /*
2963  * Keep parsing the rest of the file so we can report errors on
2964  * more than the first line. Error has already been logged, no
2965  * need for more chatter here.
2966  */
2967  continue;
2968  }
2969 
2970  new_parsed_lines = lappend(new_parsed_lines, newline);
2971  }
2972 
2973  /* Free tokenizer memory */
2974  MemoryContextDelete(linecxt);
2975  MemoryContextSwitchTo(oldcxt);
2976 
2977  if (!ok)
2978  {
2979  /*
2980  * File contained one or more errors, so bail out, first being careful
2981  * to clean up whatever we allocated. Most stuff will go away via
2982  * MemoryContextDelete, but we have to clean up regexes explicitly.
2983  */
2984  foreach(parsed_line_cell, new_parsed_lines)
2985  {
2986  newline = (IdentLine *) lfirst(parsed_line_cell);
2987  if (newline->ident_user[0] == '/')
2988  pg_regfree(&newline->re);
2989  }
2990  MemoryContextDelete(ident_context);
2991  return false;
2992  }
2993 
2994  /* Loaded new file successfully, replace the one we use */
2995  if (parsed_ident_lines != NIL)
2996  {
2997  foreach(parsed_line_cell, parsed_ident_lines)
2998  {
2999  newline = (IdentLine *) lfirst(parsed_line_cell);
3000  if (newline->ident_user[0] == '/')
3001  pg_regfree(&newline->re);
3002  }
3003  }
3004  if (parsed_ident_context != NULL)
3006 
3007  parsed_ident_context = ident_context;
3008  parsed_ident_lines = new_parsed_lines;
3009 
3010  return true;
3011 }
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:198
regex_t re
Definition: hba.h:111
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:207
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2353
char * IdentFileName
Definition: guc.c:465
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
#define AllocSetContextCreate(parent, name, allocparams)
Definition: memutils.h:165
static List * parsed_ident_lines
Definition: hba.c:112
static MemoryContext parsed_ident_context
Definition: hba.c:113
#define Assert(condition)
Definition: c.h:688
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
Definition: hba.h:104
int FreeFile(FILE *file)
Definition: fd.c:2545
char * ident_user
Definition: hba.h:109
int errmsg(const char *fmt,...)
Definition: elog.c:797
static IdentLine * parse_ident_line(TokenizedLine *tok_line)
Definition: hba.c:2645
void pg_regfree(regex_t *re)
Definition: regfree.c:49
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45

◆ pg_isblank()

bool pg_isblank ( const char  c)

Definition at line 160 of file hba.c.

Referenced by interpret_ident_response(), and next_token().

161 {
162  return c == ' ' || c == '\t' || c == '\r';
163 }
char * c