PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
hba.h File Reference
#include "libpq/pqcomm.h"
#include "nodes/pg_list.h"
#include "regex/regex.h"
Include dependency graph for hba.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  HbaLine
 
struct  IdentLine
 

Macros

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */
 

Typedefs

typedef enum UserAuth UserAuth
 
typedef enum IPCompareMethod IPCompareMethod
 
typedef enum ConnType ConnType
 
typedef struct HbaLine HbaLine
 
typedef struct IdentLine IdentLine
 
typedef struct Port hbaPort
 

Enumerations

enum  UserAuth {
  uaReject, uaImplicitReject, uaTrust, uaIdent,
  uaPassword, uaMD5, uaSCRAM, uaGSS,
  uaSSPI, uaPAM, uaBSD, uaLDAP,
  uaCert, uaRADIUS
}
 
enum  IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll }
 
enum  ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL }
 

Functions

bool load_hba (void)
 
bool load_ident (void)
 
void hba_getauthmethod (hbaPort *port)
 
int check_usermap (const char *usermap_name, const char *pg_role, const char *auth_user, bool case_sensitive)
 
bool pg_isblank (const char c)
 

Macro Definition Documentation

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */

Definition at line 42 of file hba.h.

Referenced by fill_hba_line().

Typedef Documentation

Definition at line 113 of file hba.h.

Enumeration Type Documentation

enum ConnType
Enumerator
ctLocal 
ctHost 
ctHostSSL 
ctHostNoSSL 

Definition at line 53 of file hba.h.

54 {
55  ctLocal,
56  ctHost,
57  ctHostSSL,
59 } ConnType;
Definition: hba.h:57
ConnType
Definition: hba.h:53
Definition: hba.h:55
Definition: hba.h:56
Enumerator
ipCmpMask 
ipCmpSameHost 
ipCmpSameNet 
ipCmpAll 

Definition at line 45 of file hba.h.

46 {
47  ipCmpMask,
50  ipCmpAll
Definition: hba.h:47
IPCompareMethod
Definition: hba.h:45
Definition: hba.h:50
enum UserAuth
Enumerator
uaReject 
uaImplicitReject 
uaTrust 
uaIdent 
uaPassword 
uaMD5 
uaSCRAM 
uaGSS 
uaSSPI 
uaPAM 
uaBSD 
uaLDAP 
uaCert 
uaRADIUS 

Definition at line 25 of file hba.h.

26 {
27  uaReject,
28  uaImplicitReject, /* Not a user-visible option */
29  uaTrust,
30  uaIdent,
31  uaPassword,
32  uaMD5,
33  uaSCRAM,
34  uaGSS,
35  uaSSPI,
36  uaPAM,
37  uaBSD,
38  uaLDAP,
39  uaCert,
40  uaRADIUS,
41  uaPeer
42 #define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
43 } UserAuth;
UserAuth
Definition: hba.h:25
Definition: hba.h:30
Definition: hba.h:38
Definition: hba.h:32
Definition: hba.h:35
Definition: hba.h:34
Definition: hba.h:31
Definition: hba.h:39
Definition: hba.h:27
Definition: hba.h:29
Definition: hba.h:33
Definition: hba.h:37
Definition: hba.h:36
Definition: hba.h:40

Function Documentation

int check_usermap ( const char *  usermap_name,
const char *  pg_role,
const char *  auth_user,
bool  case_sensitive 
)

Definition at line 2818 of file hba.c.

References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, NULL, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.

Referenced by ident_inet().

2822 {
2823  bool found_entry = false,
2824  error = false;
2825 
2826  if (usermap_name == NULL || usermap_name[0] == '\0')
2827  {
2828  if (case_insensitive)
2829  {
2830  if (pg_strcasecmp(pg_role, auth_user) == 0)
2831  return STATUS_OK;
2832  }
2833  else
2834  {
2835  if (strcmp(pg_role, auth_user) == 0)
2836  return STATUS_OK;
2837  }
2838  ereport(LOG,
2839  (errmsg("provided user name (%s) and authenticated user name (%s) do not match",
2840  pg_role, auth_user)));
2841  return STATUS_ERROR;
2842  }
2843  else
2844  {
2845  ListCell *line_cell;
2846 
2847  foreach(line_cell, parsed_ident_lines)
2848  {
2849  check_ident_usermap(lfirst(line_cell), usermap_name,
2850  pg_role, auth_user, case_insensitive,
2851  &found_entry, &error);
2852  if (found_entry || error)
2853  break;
2854  }
2855  }
2856  if (!found_entry && !error)
2857  {
2858  ereport(LOG,
2859  (errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
2860  usermap_name, pg_role, auth_user)));
2861  }
2862  return found_entry ? STATUS_OK : STATUS_ERROR;
2863 }
static void check_ident_usermap(IdentLine *identLine, const char *usermap_name, const char *pg_role, const char *ident_user, bool case_insensitive, bool *found_p, bool *error_p)
Definition: hba.c:2682
static void error(void)
Definition: sql-dyntest.c:147
#define STATUS_ERROR
Definition: c.h:976
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
#define LOG
Definition: elog.h:26
#define ereport(elevel, rest)
Definition: elog.h:122
#define STATUS_OK
Definition: c.h:975
static List * parsed_ident_lines
Definition: hba.c:112
#define NULL
Definition: c.h:229
#define lfirst(lc)
Definition: pg_list.h:106
int errmsg(const char *fmt,...)
Definition: elog.c:797
void hba_getauthmethod ( hbaPort port)

Definition at line 2984 of file hba.c.

References check_hba().

Referenced by ClientAuthentication().

2985 {
2986  check_hba(port);
2987 }
static void check_hba(hbaPort *port)
Definition: hba.c:1990
bool load_hba ( void  )

Definition at line 2091 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, NULL, parse_hba_line(), PostmasterContext, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2092 {
2093  FILE *file;
2094  List *hba_lines = NIL;
2095  ListCell *line;
2096  List *new_parsed_lines = NIL;
2097  bool ok = true;
2098  MemoryContext linecxt;
2099  MemoryContext oldcxt;
2100  MemoryContext hbacxt;
2101 
2102  file = AllocateFile(HbaFileName, "r");
2103  if (file == NULL)
2104  {
2105  ereport(LOG,
2107  errmsg("could not open configuration file \"%s\": %m",
2108  HbaFileName)));
2109  return false;
2110  }
2111 
2112  linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
2113  FreeFile(file);
2114 
2115  /* Now parse all the lines */
2118  "hba parser context",
2120  oldcxt = MemoryContextSwitchTo(hbacxt);
2121  foreach(line, hba_lines)
2122  {
2123  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
2124  HbaLine *newline;
2125 
2126  /* don't parse lines that already have errors */
2127  if (tok_line->err_msg != NULL)
2128  {
2129  ok = false;
2130  continue;
2131  }
2132 
2133  if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
2134  {
2135  /* Parse error; remember there's trouble */
2136  ok = false;
2137 
2138  /*
2139  * Keep parsing the rest of the file so we can report errors on
2140  * more than the first line. Error has already been logged, no
2141  * need for more chatter here.
2142  */
2143  continue;
2144  }
2145 
2146  new_parsed_lines = lappend(new_parsed_lines, newline);
2147  }
2148 
2149  /*
2150  * A valid HBA file must have at least one entry; else there's no way to
2151  * connect to the postmaster. But only complain about this if we didn't
2152  * already have parsing errors.
2153  */
2154  if (ok && new_parsed_lines == NIL)
2155  {
2156  ereport(LOG,
2157  (errcode(ERRCODE_CONFIG_FILE_ERROR),
2158  errmsg("configuration file \"%s\" contains no entries",
2159  HbaFileName)));
2160  ok = false;
2161  }
2162 
2163  /* Free tokenizer memory */
2164  MemoryContextDelete(linecxt);
2165  MemoryContextSwitchTo(oldcxt);
2166 
2167  if (!ok)
2168  {
2169  /* File contained one or more errors, so bail out */
2170  MemoryContextDelete(hbacxt);
2171  return false;
2172  }
2173 
2174  /* Loaded new file successfully, replace the one we use */
2175  if (parsed_hba_context != NULL)
2177  parsed_hba_context = hbacxt;
2178  parsed_hba_lines = new_parsed_lines;
2179 
2180  return true;
2181 }
Definition: hba.h:61
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:175
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
int errcode(int sqlerrcode)
Definition: elog.c:575
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
static List * parsed_hba_lines
Definition: hba.c:101
char * HbaFileName
Definition: guc.c:466
static MemoryContext parsed_hba_context
Definition: hba.c:102
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2094
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
static HbaLine * parse_hba_line(TokenizedLine *tok_line, int elevel)
Definition: hba.c:942
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
#define NULL
Definition: c.h:229
#define Assert(condition)
Definition: c.h:675
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
int FreeFile(FILE *file)
Definition: fd.c:2277
int errmsg(const char *fmt,...)
Definition: elog.c:797
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45
bool load_ident ( void  )

Definition at line 2873 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, NULL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2874 {
2875  FILE *file;
2876  List *ident_lines = NIL;
2877  ListCell *line_cell,
2878  *parsed_line_cell;
2879  List *new_parsed_lines = NIL;
2880  bool ok = true;
2881  MemoryContext linecxt;
2882  MemoryContext oldcxt;
2883  MemoryContext ident_context;
2884  IdentLine *newline;
2885 
2886  file = AllocateFile(IdentFileName, "r");
2887  if (file == NULL)
2888  {
2889  /* not fatal ... we just won't do any special ident maps */
2890  ereport(LOG,
2892  errmsg("could not open usermap file \"%s\": %m",
2893  IdentFileName)));
2894  return false;
2895  }
2896 
2897  linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
2898  FreeFile(file);
2899 
2900  /* Now parse all the lines */
2902  ident_context = AllocSetContextCreate(PostmasterContext,
2903  "ident parser context",
2905  oldcxt = MemoryContextSwitchTo(ident_context);
2906  foreach(line_cell, ident_lines)
2907  {
2908  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
2909 
2910  /* don't parse lines that already have errors */
2911  if (tok_line->err_msg != NULL)
2912  {
2913  ok = false;
2914  continue;
2915  }
2916 
2917  if ((newline = parse_ident_line(tok_line)) == NULL)
2918  {
2919  /* Parse error; remember there's trouble */
2920  ok = false;
2921 
2922  /*
2923  * Keep parsing the rest of the file so we can report errors on
2924  * more than the first line. Error has already been logged, no
2925  * need for more chatter here.
2926  */
2927  continue;
2928  }
2929 
2930  new_parsed_lines = lappend(new_parsed_lines, newline);
2931  }
2932 
2933  /* Free tokenizer memory */
2934  MemoryContextDelete(linecxt);
2935  MemoryContextSwitchTo(oldcxt);
2936 
2937  if (!ok)
2938  {
2939  /*
2940  * File contained one or more errors, so bail out, first being careful
2941  * to clean up whatever we allocated. Most stuff will go away via
2942  * MemoryContextDelete, but we have to clean up regexes explicitly.
2943  */
2944  foreach(parsed_line_cell, new_parsed_lines)
2945  {
2946  newline = (IdentLine *) lfirst(parsed_line_cell);
2947  if (newline->ident_user[0] == '/')
2948  pg_regfree(&newline->re);
2949  }
2950  MemoryContextDelete(ident_context);
2951  return false;
2952  }
2953 
2954  /* Loaded new file successfully, replace the one we use */
2955  if (parsed_ident_lines != NIL)
2956  {
2957  foreach(parsed_line_cell, parsed_ident_lines)
2958  {
2959  newline = (IdentLine *) lfirst(parsed_line_cell);
2960  if (newline->ident_user[0] == '/')
2961  pg_regfree(&newline->re);
2962  }
2963  }
2964  if (parsed_ident_context != NULL)
2966 
2967  parsed_ident_context = ident_context;
2968  parsed_ident_lines = new_parsed_lines;
2969 
2970  return true;
2971 }
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
regex_t re
Definition: hba.h:109
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:175
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2094
char * IdentFileName
Definition: guc.c:467
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
static List * parsed_ident_lines
Definition: hba.c:112
static MemoryContext parsed_ident_context
Definition: hba.c:113
#define NULL
Definition: c.h:229
#define Assert(condition)
Definition: c.h:675
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
Definition: hba.h:102
int FreeFile(FILE *file)
Definition: fd.c:2277
char * ident_user
Definition: hba.h:107
int errmsg(const char *fmt,...)
Definition: elog.c:797
static IdentLine * parse_ident_line(TokenizedLine *tok_line)
Definition: hba.c:2605
void pg_regfree(regex_t *re)
Definition: regfree.c:49
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45
bool pg_isblank ( const char  c)

Definition at line 160 of file hba.c.

Referenced by interpret_ident_response(), and next_token().

161 {
162  return c == ' ' || c == '\t' || c == '\r';
163 }
char * c