#include "libpq/pqcomm.h"
#include "nodes/pg_list.h"
#include "regex/regex.h"

Include dependency graph for hba.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	HbaLine

struct	IdentLine

Macros
#define	USER_AUTH_LAST uaPeer /* Must be last value of this enum */

Typedefs
typedef enum UserAuth	UserAuth

typedef enum IPCompareMethod	IPCompareMethod

typedef enum ConnType	ConnType

typedef struct HbaLine	HbaLine

typedef struct IdentLine	IdentLine

typedef struct Port	hbaPort

Enumerations
enum	UserAuth { uaReject, uaImplicitReject, uaTrust, uaIdent, uaPassword, uaMD5, uaSCRAM, uaGSS, uaSSPI, uaPAM, uaBSD, uaLDAP, uaCert, uaRADIUS }

enum	IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll }

enum	ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL }

Functions
bool	load_hba (void)

bool	load_ident (void)

void	hba_getauthmethod (hbaPort *port)

int	check_usermap (const char usermap_name, const char pg_role, const char *auth_user, bool case_sensitive)

bool	pg_isblank (const char c)

Macro Definition Documentation

#define USER_AUTH_LAST uaPeer /* Must be last value of this enum */

Definition at line 42 of file hba.h.

Referenced by fill_hba_line().

Typedef Documentation

typedef enum ConnType ConnType

typedef struct HbaLine HbaLine

typedef struct Port hbaPort

Definition at line 114 of file hba.h.

typedef struct IdentLine IdentLine

typedef enum IPCompareMethod IPCompareMethod

typedef enum UserAuth UserAuth

Enumeration Type Documentation

enum ConnType

Enumerator
ctLocal
ctHost
ctHostSSL
ctHostNoSSL

Definition at line 53 of file hba.h.

 {
     ctLocal,
     ctHost,
     ctHostSSL,
     ctHostNoSSL
 } ConnType;

enum IPCompareMethod

Enumerator
ipCmpMask
ipCmpSameHost
ipCmpSameNet
ipCmpAll

Definition at line 45 of file hba.h.

 {
     ipCmpMask,
     ipCmpSameHost,
     ipCmpSameNet,
     ipCmpAll
 } IPCompareMethod;

enum UserAuth

Enumerator
uaReject
uaImplicitReject
uaTrust
uaIdent
uaPassword
uaMD5
uaSCRAM
uaGSS
uaSSPI
uaPAM
uaBSD
uaLDAP
uaCert
uaRADIUS

Definition at line 25 of file hba.h.

 {
     uaReject,
     uaImplicitReject,           /* Not a user-visible option */
     uaTrust,
     uaIdent,
     uaPassword,
     uaMD5,
     uaSCRAM,
     uaGSS,
     uaSSPI,
     uaPAM,
     uaBSD,
     uaLDAP,
     uaCert,
     uaRADIUS,
     uaPeer
 #define USER_AUTH_LAST uaPeer   /* Must be last value of this enum */
 } UserAuth;

Function Documentation

int check_usermap	(	const char *	usermap_name,
		const char *	pg_role,
		const char *	auth_user,
		bool	case_sensitive
	)

Definition at line 2842 of file hba.c.

References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.

Referenced by ident_inet().

 {
     bool        found_entry = false,
                 error = false;
 
     if (usermap_name == NULL || usermap_name[0] == '\0')
     {
         if (case_insensitive)
         {
             if (pg_strcasecmp(pg_role, auth_user) == 0)
                 return STATUS_OK;
         }
         else
         {
             if (strcmp(pg_role, auth_user) == 0)
                 return STATUS_OK;
         }
         ereport(LOG,
                 (errmsg("provided user name (%s) and authenticated user name (%s) do not match",
                         pg_role, auth_user)));
         return STATUS_ERROR;
     }
     else
     {
         ListCell   *line_cell;
 
         foreach(line_cell, parsed_ident_lines)
         {
             check_ident_usermap(lfirst(line_cell), usermap_name,
                                 pg_role, auth_user, case_insensitive,
                                 &found_entry, &error);
             if (found_entry || error)
                 break;
         }
     }
     if (!found_entry && !error)
     {
         ereport(LOG,
                 (errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
                         usermap_name, pg_role, auth_user)));
     }
     return found_entry ? STATUS_OK : STATUS_ERROR;
 }

void hba_getauthmethod ( hbaPort * port )

Definition at line 3008 of file hba.c.

References check_hba().

Referenced by ClientAuthentication().

 {
     check_hba(port);
 }

bool load_hba ( void )

Definition at line 2110 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_hba_line(), PostmasterContext, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

 {
     FILE       *file;
     List       *hba_lines = NIL;
     ListCell   *line;
     List       *new_parsed_lines = NIL;
     bool        ok = true;
     MemoryContext linecxt;
     MemoryContext oldcxt;
     MemoryContext hbacxt;
 
     file = AllocateFile(HbaFileName, "r");
     if (file == NULL)
     {
         ereport(LOG,
                 (errcode_for_file_access(),
                  errmsg("could not open configuration file \"%s\": %m",
                         HbaFileName)));
         return false;
     }
 
     linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
     FreeFile(file);
 
     /* Now parse all the lines */
     Assert(PostmasterContext);
     hbacxt = AllocSetContextCreate(PostmasterContext,
                                    "hba parser context",
                                    ALLOCSET_SMALL_SIZES);
     oldcxt = MemoryContextSwitchTo(hbacxt);
     foreach(line, hba_lines)
     {
         TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
         HbaLine    *newline;
 
         /* don't parse lines that already have errors */
         if (tok_line->err_msg != NULL)
         {
             ok = false;
             continue;
         }
 
         if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
         {
             /* Parse error; remember there's trouble */
             ok = false;
 
             /*
              * Keep parsing the rest of the file so we can report errors on
              * more than the first line.  Error has already been logged, no
              * need for more chatter here.
              */
             continue;
         }
 
         new_parsed_lines = lappend(new_parsed_lines, newline);
     }
 
     /*
      * A valid HBA file must have at least one entry; else there's no way to
      * connect to the postmaster.  But only complain about this if we didn't
      * already have parsing errors.
      */
     if (ok && new_parsed_lines == NIL)
     {
         ereport(LOG,
                 (errcode(ERRCODE_CONFIG_FILE_ERROR),
                  errmsg("configuration file \"%s\" contains no entries",
                         HbaFileName)));
         ok = false;
     }
 
     /* Free tokenizer memory */
     MemoryContextDelete(linecxt);
     MemoryContextSwitchTo(oldcxt);
 
     if (!ok)
     {
         /* File contained one or more errors, so bail out */
         MemoryContextDelete(hbacxt);
         return false;
     }
 
     /* Loaded new file successfully, replace the one we use */
     if (parsed_hba_context != NULL)
         MemoryContextDelete(parsed_hba_context);
     parsed_hba_context = hbacxt;
     parsed_hba_lines = new_parsed_lines;
 
     return true;
 }

bool load_ident ( void )

Definition at line 2897 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

 {
     FILE       *file;
     List       *ident_lines = NIL;
     ListCell   *line_cell,
                *parsed_line_cell;
     List       *new_parsed_lines = NIL;
     bool        ok = true;
     MemoryContext linecxt;
     MemoryContext oldcxt;
     MemoryContext ident_context;
     IdentLine  *newline;
 
     file = AllocateFile(IdentFileName, "r");
     if (file == NULL)
     {
         /* not fatal ... we just won't do any special ident maps */
         ereport(LOG,
                 (errcode_for_file_access(),
                  errmsg("could not open usermap file \"%s\": %m",
                         IdentFileName)));
         return false;
     }
 
     linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
     FreeFile(file);
 
     /* Now parse all the lines */
     Assert(PostmasterContext);
     ident_context = AllocSetContextCreate(PostmasterContext,
                                           "ident parser context",
                                           ALLOCSET_SMALL_SIZES);
     oldcxt = MemoryContextSwitchTo(ident_context);
     foreach(line_cell, ident_lines)
     {
         TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
 
         /* don't parse lines that already have errors */
         if (tok_line->err_msg != NULL)
         {
             ok = false;
             continue;
         }
 
         if ((newline = parse_ident_line(tok_line)) == NULL)
         {
             /* Parse error; remember there's trouble */
             ok = false;
 
             /*
              * Keep parsing the rest of the file so we can report errors on
              * more than the first line.  Error has already been logged, no
              * need for more chatter here.
              */
             continue;
         }
 
         new_parsed_lines = lappend(new_parsed_lines, newline);
     }
 
     /* Free tokenizer memory */
     MemoryContextDelete(linecxt);
     MemoryContextSwitchTo(oldcxt);
 
     if (!ok)
     {
         /*
          * File contained one or more errors, so bail out, first being careful
          * to clean up whatever we allocated.  Most stuff will go away via
          * MemoryContextDelete, but we have to clean up regexes explicitly.
          */
         foreach(parsed_line_cell, new_parsed_lines)
         {
             newline = (IdentLine *) lfirst(parsed_line_cell);
             if (newline->ident_user[0] == '/')
                 pg_regfree(&newline->re);
         }
         MemoryContextDelete(ident_context);
         return false;
     }
 
     /* Loaded new file successfully, replace the one we use */
     if (parsed_ident_lines != NIL)
     {
         foreach(parsed_line_cell, parsed_ident_lines)
         {
             newline = (IdentLine *) lfirst(parsed_line_cell);
             if (newline->ident_user[0] == '/')
                 pg_regfree(&newline->re);
         }
     }
     if (parsed_ident_context != NULL)
         MemoryContextDelete(parsed_ident_context);
 
     parsed_ident_context = ident_context;
     parsed_ident_lines = new_parsed_lines;
 
     return true;
 }

bool pg_isblank ( const char c )

Definition at line 160 of file hba.c.

Referenced by interpret_ident_response(), and next_token().

 {
     return c == ' ' || c == '\t' || c == '\r';
 }

Data Structures

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation