#include "libpq/pqcomm.h"
#include "nodes/pg_list.h"
#include "regex/regex.h"

Include dependency graph for hba.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	HbaLine

struct	IdentLine

Macros
#define	USER_AUTH_LAST uaPeer /* Must be last value of this enum */

Typedefs
typedef enum UserAuth	UserAuth

typedef enum IPCompareMethod	IPCompareMethod

typedef enum ConnType	ConnType

typedef struct HbaLine	HbaLine

typedef struct IdentLine	IdentLine

typedef struct Port	hbaPort

Enumerations
enum	UserAuth { uaReject, uaImplicitReject, uaTrust, uaIdent, uaPassword, uaMD5, uaSCRAM, uaGSS, uaSSPI, uaPAM, uaBSD, uaLDAP, uaCert, uaRADIUS }

enum	IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll }

enum	ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL }

Functions
bool	load_hba (void)

bool	load_ident (void)

void	hba_getauthmethod (hbaPort *port)

int	check_usermap (const char usermap_name, const char pg_role, const char *auth_user, bool case_sensitive)

bool	pg_isblank (const char c)

Macro Definition Documentation

◆ USER_AUTH_LAST

#define USER_AUTH_LAST uaPeer /* Must be last value of this enum */

Definition at line 42 of file hba.h.

Referenced by fill_hba_line().

Typedef Documentation

◆ ConnType

typedef enum ConnType ConnType

◆ HbaLine

typedef struct HbaLine HbaLine

◆ hbaPort

typedef struct Port hbaPort

Definition at line 115 of file hba.h.

◆ IdentLine

typedef struct IdentLine IdentLine

◆ IPCompareMethod

typedef enum IPCompareMethod IPCompareMethod

◆ UserAuth

typedef enum UserAuth UserAuth

Enumeration Type Documentation

◆ ConnType

enum ConnType

Enumerator
ctLocal
ctHost
ctHostSSL
ctHostNoSSL

Definition at line 53 of file hba.h.

 {
     ctLocal,
     ctHost,
     ctHostSSL,
     ctHostNoSSL
 } ConnType;

◆ IPCompareMethod

enum IPCompareMethod

Enumerator
ipCmpMask
ipCmpSameHost
ipCmpSameNet
ipCmpAll

Definition at line 45 of file hba.h.

 {
     ipCmpMask,
     ipCmpSameHost,
     ipCmpSameNet,
     ipCmpAll
 } IPCompareMethod;

◆ UserAuth

enum UserAuth

Enumerator
uaReject
uaImplicitReject
uaTrust
uaIdent
uaPassword
uaMD5
uaSCRAM
uaGSS
uaSSPI
uaPAM
uaBSD
uaLDAP
uaCert
uaRADIUS

Definition at line 25 of file hba.h.

 {
     uaReject,
     uaImplicitReject,           /* Not a user-visible option */
     uaTrust,
     uaIdent,
     uaPassword,
     uaMD5,
     uaSCRAM,
     uaGSS,
     uaSSPI,
     uaPAM,
     uaBSD,
     uaLDAP,
     uaCert,
     uaRADIUS,
     uaPeer
 #define USER_AUTH_LAST uaPeer   /* Must be last value of this enum */
 } UserAuth;

Function Documentation

◆ check_usermap()

int check_usermap	(	const char *	usermap_name,
		const char *	pg_role,
		const char *	auth_user,
		bool	case_sensitive
	)

Definition at line 2858 of file hba.c.

References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.

Referenced by CheckSCRAMAuth(), and ident_inet().

 {
     bool        found_entry = false,
                 error = false;
 
     if (usermap_name == NULL || usermap_name[0] == '\0')
     {
         if (case_insensitive)
         {
             if (pg_strcasecmp(pg_role, auth_user) == 0)
                 return STATUS_OK;
         }
         else
         {
             if (strcmp(pg_role, auth_user) == 0)
                 return STATUS_OK;
         }
         ereport(LOG,
                 (errmsg("provided user name (%s) and authenticated user name (%s) do not match",
                         pg_role, auth_user)));
         return STATUS_ERROR;
     }
     else
     {
         ListCell   *line_cell;
 
         foreach(line_cell, parsed_ident_lines)
         {
             check_ident_usermap(lfirst(line_cell), usermap_name,
                                 pg_role, auth_user, case_insensitive,
                                 &found_entry, &error);
             if (found_entry || error)
                 break;
         }
     }
     if (!found_entry && !error)
     {
         ereport(LOG,
                 (errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
                         usermap_name, pg_role, auth_user)));
     }
     return found_entry ? STATUS_OK : STATUS_ERROR;
 }

◆ hba_getauthmethod()

void hba_getauthmethod ( hbaPort * port )

Definition at line 3024 of file hba.c.

References check_hba().

Referenced by ClientAuthentication().

 {
     check_hba(port);
 }

◆ load_hba()

bool load_hba ( void )

Definition at line 2126 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_hba_line(), PostmasterContext, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

 {
     FILE       *file;
     List       *hba_lines = NIL;
     ListCell   *line;
     List       *new_parsed_lines = NIL;
     bool        ok = true;
     MemoryContext linecxt;
     MemoryContext oldcxt;
     MemoryContext hbacxt;
 
     file = AllocateFile(HbaFileName, "r");
     if (file == NULL)
     {
         ereport(LOG,
                 (errcode_for_file_access(),
                  errmsg("could not open configuration file \"%s\": %m",
                         HbaFileName)));
         return false;
     }
 
     linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
     FreeFile(file);
 
     /* Now parse all the lines */
     Assert(PostmasterContext);
     hbacxt = AllocSetContextCreate(PostmasterContext,
                                    "hba parser context",
                                    ALLOCSET_SMALL_SIZES);
     oldcxt = MemoryContextSwitchTo(hbacxt);
     foreach(line, hba_lines)
     {
         TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
         HbaLine    *newline;
 
         /* don't parse lines that already have errors */
         if (tok_line->err_msg != NULL)
         {
             ok = false;
             continue;
         }
 
         if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
         {
             /* Parse error; remember there's trouble */
             ok = false;
 
             /*
              * Keep parsing the rest of the file so we can report errors on
              * more than the first line.  Error has already been logged, no
              * need for more chatter here.
              */
             continue;
         }
 
         new_parsed_lines = lappend(new_parsed_lines, newline);
     }
 
     /*
      * A valid HBA file must have at least one entry; else there's no way to
      * connect to the postmaster.  But only complain about this if we didn't
      * already have parsing errors.
      */
     if (ok && new_parsed_lines == NIL)
     {
         ereport(LOG,
                 (errcode(ERRCODE_CONFIG_FILE_ERROR),
                  errmsg("configuration file \"%s\" contains no entries",
                         HbaFileName)));
         ok = false;
     }
 
     /* Free tokenizer memory */
     MemoryContextDelete(linecxt);
     MemoryContextSwitchTo(oldcxt);
 
     if (!ok)
     {
         /* File contained one or more errors, so bail out */
         MemoryContextDelete(hbacxt);
         return false;
     }
 
     /* Loaded new file successfully, replace the one we use */
     if (parsed_hba_context != NULL)
         MemoryContextDelete(parsed_hba_context);
     parsed_hba_context = hbacxt;
     parsed_hba_lines = new_parsed_lines;
 
     return true;
 }

◆ load_ident()

bool load_ident ( void )

Definition at line 2913 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate, Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

 {
     FILE       *file;
     List       *ident_lines = NIL;
     ListCell   *line_cell,
                *parsed_line_cell;
     List       *new_parsed_lines = NIL;
     bool        ok = true;
     MemoryContext linecxt;
     MemoryContext oldcxt;
     MemoryContext ident_context;
     IdentLine  *newline;
 
     file = AllocateFile(IdentFileName, "r");
     if (file == NULL)
     {
         /* not fatal ... we just won't do any special ident maps */
         ereport(LOG,
                 (errcode_for_file_access(),
                  errmsg("could not open usermap file \"%s\": %m",
                         IdentFileName)));
         return false;
     }
 
     linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
     FreeFile(file);
 
     /* Now parse all the lines */
     Assert(PostmasterContext);
     ident_context = AllocSetContextCreate(PostmasterContext,
                                           "ident parser context",
                                           ALLOCSET_SMALL_SIZES);
     oldcxt = MemoryContextSwitchTo(ident_context);
     foreach(line_cell, ident_lines)
     {
         TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
 
         /* don't parse lines that already have errors */
         if (tok_line->err_msg != NULL)
         {
             ok = false;
             continue;
         }
 
         if ((newline = parse_ident_line(tok_line)) == NULL)
         {
             /* Parse error; remember there's trouble */
             ok = false;
 
             /*
              * Keep parsing the rest of the file so we can report errors on
              * more than the first line.  Error has already been logged, no
              * need for more chatter here.
              */
             continue;
         }
 
         new_parsed_lines = lappend(new_parsed_lines, newline);
     }
 
     /* Free tokenizer memory */
     MemoryContextDelete(linecxt);
     MemoryContextSwitchTo(oldcxt);
 
     if (!ok)
     {
         /*
          * File contained one or more errors, so bail out, first being careful
          * to clean up whatever we allocated.  Most stuff will go away via
          * MemoryContextDelete, but we have to clean up regexes explicitly.
          */
         foreach(parsed_line_cell, new_parsed_lines)
         {
             newline = (IdentLine *) lfirst(parsed_line_cell);
             if (newline->ident_user[0] == '/')
                 pg_regfree(&newline->re);
         }
         MemoryContextDelete(ident_context);
         return false;
     }
 
     /* Loaded new file successfully, replace the one we use */
     if (parsed_ident_lines != NIL)
     {
         foreach(parsed_line_cell, parsed_ident_lines)
         {
             newline = (IdentLine *) lfirst(parsed_line_cell);
             if (newline->ident_user[0] == '/')
                 pg_regfree(&newline->re);
         }
     }
     if (parsed_ident_context != NULL)
         MemoryContextDelete(parsed_ident_context);
 
     parsed_ident_context = ident_context;
     parsed_ident_lines = new_parsed_lines;
 
     return true;
 }

◆ pg_isblank()

bool pg_isblank ( const char c )

Definition at line 160 of file hba.c.

Referenced by interpret_ident_response(), and next_token().

 {
     return c == ' ' || c == '\t' || c == '\r';
 }

Data Structures

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

◆ USER_AUTH_LAST

Typedef Documentation

◆ ConnType

◆ HbaLine

◆ hbaPort

◆ IdentLine

◆ IPCompareMethod

◆ UserAuth

Enumeration Type Documentation

◆ ConnType

◆ IPCompareMethod

◆ UserAuth

Function Documentation

◆ check_usermap()

◆ hba_getauthmethod()

◆ load_hba()

◆ load_ident()

◆ pg_isblank()