PostgreSQL Source Code  git master
hba.h File Reference
#include "libpq/pqcomm.h"
#include "nodes/pg_list.h"
#include "regex/regex.h"
Include dependency graph for hba.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  HbaLine
 
struct  IdentLine
 

Macros

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */
 

Typedefs

typedef enum UserAuth UserAuth
 
typedef enum IPCompareMethod IPCompareMethod
 
typedef enum ConnType ConnType
 
typedef struct HbaLine HbaLine
 
typedef struct IdentLine IdentLine
 
typedef struct Port hbaPort
 

Enumerations

enum  UserAuth {
  uaReject, uaImplicitReject, uaTrust, uaIdent,
  uaPassword, uaMD5, uaSCRAM, uaGSS,
  uaSSPI, uaPAM, uaBSD, uaLDAP,
  uaCert, uaRADIUS
}
 
enum  IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll }
 
enum  ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL }
 

Functions

bool load_hba (void)
 
bool load_ident (void)
 
void hba_getauthmethod (hbaPort *port)
 
int check_usermap (const char *usermap_name, const char *pg_role, const char *auth_user, bool case_sensitive)
 
bool pg_isblank (const char c)
 

Macro Definition Documentation

◆ USER_AUTH_LAST

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */

Definition at line 42 of file hba.h.

Referenced by fill_hba_line().

Typedef Documentation

◆ ConnType

◆ HbaLine

◆ hbaPort

Definition at line 114 of file hba.h.

◆ IdentLine

◆ IPCompareMethod

◆ UserAuth

Enumeration Type Documentation

◆ ConnType

enum ConnType
Enumerator
ctLocal 
ctHost 
ctHostSSL 
ctHostNoSSL 

Definition at line 53 of file hba.h.

54 {
55  ctLocal,
56  ctHost,
57  ctHostSSL,
59 } ConnType;
Definition: hba.h:57
ConnType
Definition: hba.h:53
Definition: hba.h:55
Definition: hba.h:56

◆ IPCompareMethod

Enumerator
ipCmpMask 
ipCmpSameHost 
ipCmpSameNet 
ipCmpAll 

Definition at line 45 of file hba.h.

46 {
47  ipCmpMask,
50  ipCmpAll
Definition: hba.h:47
IPCompareMethod
Definition: hba.h:45
Definition: hba.h:50

◆ UserAuth

enum UserAuth
Enumerator
uaReject 
uaImplicitReject 
uaTrust 
uaIdent 
uaPassword 
uaMD5 
uaSCRAM 
uaGSS 
uaSSPI 
uaPAM 
uaBSD 
uaLDAP 
uaCert 
uaRADIUS 

Definition at line 25 of file hba.h.

26 {
27  uaReject,
28  uaImplicitReject, /* Not a user-visible option */
29  uaTrust,
30  uaIdent,
31  uaPassword,
32  uaMD5,
33  uaSCRAM,
34  uaGSS,
35  uaSSPI,
36  uaPAM,
37  uaBSD,
38  uaLDAP,
39  uaCert,
40  uaRADIUS,
41  uaPeer
42 #define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
43 } UserAuth;
UserAuth
Definition: hba.h:25
Definition: hba.h:30
Definition: hba.h:38
Definition: hba.h:32
Definition: hba.h:35
Definition: hba.h:34
Definition: hba.h:31
Definition: hba.h:39
Definition: hba.h:27
Definition: hba.h:29
Definition: hba.h:33
Definition: hba.h:37
Definition: hba.h:36
Definition: hba.h:40

Function Documentation

◆ check_usermap()

int check_usermap ( const char *  usermap_name,
const char *  pg_role,
const char *  auth_user,
bool  case_sensitive 
)

Definition at line 2844 of file hba.c.

References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.

Referenced by CheckSCRAMAuth(), and ident_inet().

2848 {
2849  bool found_entry = false,
2850  error = false;
2851 
2852  if (usermap_name == NULL || usermap_name[0] == '\0')
2853  {
2854  if (case_insensitive)
2855  {
2856  if (pg_strcasecmp(pg_role, auth_user) == 0)
2857  return STATUS_OK;
2858  }
2859  else
2860  {
2861  if (strcmp(pg_role, auth_user) == 0)
2862  return STATUS_OK;
2863  }
2864  ereport(LOG,
2865  (errmsg("provided user name (%s) and authenticated user name (%s) do not match",
2866  pg_role, auth_user)));
2867  return STATUS_ERROR;
2868  }
2869  else
2870  {
2871  ListCell *line_cell;
2872 
2873  foreach(line_cell, parsed_ident_lines)
2874  {
2875  check_ident_usermap(lfirst(line_cell), usermap_name,
2876  pg_role, auth_user, case_insensitive,
2877  &found_entry, &error);
2878  if (found_entry || error)
2879  break;
2880  }
2881  }
2882  if (!found_entry && !error)
2883  {
2884  ereport(LOG,
2885  (errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
2886  usermap_name, pg_role, auth_user)));
2887  }
2888  return found_entry ? STATUS_OK : STATUS_ERROR;
2889 }
static void check_ident_usermap(IdentLine *identLine, const char *usermap_name, const char *pg_role, const char *ident_user, bool case_insensitive, bool *found_p, bool *error_p)
Definition: hba.c:2708
static void error(void)
Definition: sql-dyntest.c:147
#define STATUS_ERROR
Definition: c.h:954
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
#define LOG
Definition: elog.h:26
#define ereport(elevel, rest)
Definition: elog.h:122
#define STATUS_OK
Definition: c.h:953
static List * parsed_ident_lines
Definition: hba.c:112
#define lfirst(lc)
Definition: pg_list.h:106
int errmsg(const char *fmt,...)
Definition: elog.c:797

◆ hba_getauthmethod()

void hba_getauthmethod ( hbaPort port)

Definition at line 3010 of file hba.c.

References check_hba().

Referenced by ClientAuthentication().

3011 {
3012  check_hba(port);
3013 }
static void check_hba(hbaPort *port)
Definition: hba.c:2011

◆ load_hba()

bool load_hba ( void  )

Definition at line 2112 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_hba_line(), PostmasterContext, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2113 {
2114  FILE *file;
2115  List *hba_lines = NIL;
2116  ListCell *line;
2117  List *new_parsed_lines = NIL;
2118  bool ok = true;
2119  MemoryContext linecxt;
2120  MemoryContext oldcxt;
2121  MemoryContext hbacxt;
2122 
2123  file = AllocateFile(HbaFileName, "r");
2124  if (file == NULL)
2125  {
2126  ereport(LOG,
2128  errmsg("could not open configuration file \"%s\": %m",
2129  HbaFileName)));
2130  return false;
2131  }
2132 
2133  linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
2134  FreeFile(file);
2135 
2136  /* Now parse all the lines */
2139  "hba parser context",
2141  oldcxt = MemoryContextSwitchTo(hbacxt);
2142  foreach(line, hba_lines)
2143  {
2144  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
2145  HbaLine *newline;
2146 
2147  /* don't parse lines that already have errors */
2148  if (tok_line->err_msg != NULL)
2149  {
2150  ok = false;
2151  continue;
2152  }
2153 
2154  if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
2155  {
2156  /* Parse error; remember there's trouble */
2157  ok = false;
2158 
2159  /*
2160  * Keep parsing the rest of the file so we can report errors on
2161  * more than the first line. Error has already been logged, no
2162  * need for more chatter here.
2163  */
2164  continue;
2165  }
2166 
2167  new_parsed_lines = lappend(new_parsed_lines, newline);
2168  }
2169 
2170  /*
2171  * A valid HBA file must have at least one entry; else there's no way to
2172  * connect to the postmaster. But only complain about this if we didn't
2173  * already have parsing errors.
2174  */
2175  if (ok && new_parsed_lines == NIL)
2176  {
2177  ereport(LOG,
2178  (errcode(ERRCODE_CONFIG_FILE_ERROR),
2179  errmsg("configuration file \"%s\" contains no entries",
2180  HbaFileName)));
2181  ok = false;
2182  }
2183 
2184  /* Free tokenizer memory */
2185  MemoryContextDelete(linecxt);
2186  MemoryContextSwitchTo(oldcxt);
2187 
2188  if (!ok)
2189  {
2190  /* File contained one or more errors, so bail out */
2191  MemoryContextDelete(hbacxt);
2192  return false;
2193  }
2194 
2195  /* Loaded new file successfully, replace the one we use */
2196  if (parsed_hba_context != NULL)
2198  parsed_hba_context = hbacxt;
2199  parsed_hba_lines = new_parsed_lines;
2200 
2201  return true;
2202 }
Definition: hba.h:61
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:180
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
int errcode(int sqlerrcode)
Definition: elog.c:575
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
static List * parsed_hba_lines
Definition: hba.c:101
char * HbaFileName
Definition: guc.c:464
static MemoryContext parsed_hba_context
Definition: hba.c:102
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2123
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
static HbaLine * parse_hba_line(TokenizedLine *tok_line, int elevel)
Definition: hba.c:945
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
#define Assert(condition)
Definition: c.h:670
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
int FreeFile(FILE *file)
Definition: fd.c:2315
int errmsg(const char *fmt,...)
Definition: elog.c:797
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45

◆ load_ident()

bool load_ident ( void  )

Definition at line 2899 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2900 {
2901  FILE *file;
2902  List *ident_lines = NIL;
2903  ListCell *line_cell,
2904  *parsed_line_cell;
2905  List *new_parsed_lines = NIL;
2906  bool ok = true;
2907  MemoryContext linecxt;
2908  MemoryContext oldcxt;
2909  MemoryContext ident_context;
2910  IdentLine *newline;
2911 
2912  file = AllocateFile(IdentFileName, "r");
2913  if (file == NULL)
2914  {
2915  /* not fatal ... we just won't do any special ident maps */
2916  ereport(LOG,
2918  errmsg("could not open usermap file \"%s\": %m",
2919  IdentFileName)));
2920  return false;
2921  }
2922 
2923  linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
2924  FreeFile(file);
2925 
2926  /* Now parse all the lines */
2928  ident_context = AllocSetContextCreate(PostmasterContext,
2929  "ident parser context",
2931  oldcxt = MemoryContextSwitchTo(ident_context);
2932  foreach(line_cell, ident_lines)
2933  {
2934  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
2935 
2936  /* don't parse lines that already have errors */
2937  if (tok_line->err_msg != NULL)
2938  {
2939  ok = false;
2940  continue;
2941  }
2942 
2943  if ((newline = parse_ident_line(tok_line)) == NULL)
2944  {
2945  /* Parse error; remember there's trouble */
2946  ok = false;
2947 
2948  /*
2949  * Keep parsing the rest of the file so we can report errors on
2950  * more than the first line. Error has already been logged, no
2951  * need for more chatter here.
2952  */
2953  continue;
2954  }
2955 
2956  new_parsed_lines = lappend(new_parsed_lines, newline);
2957  }
2958 
2959  /* Free tokenizer memory */
2960  MemoryContextDelete(linecxt);
2961  MemoryContextSwitchTo(oldcxt);
2962 
2963  if (!ok)
2964  {
2965  /*
2966  * File contained one or more errors, so bail out, first being careful
2967  * to clean up whatever we allocated. Most stuff will go away via
2968  * MemoryContextDelete, but we have to clean up regexes explicitly.
2969  */
2970  foreach(parsed_line_cell, new_parsed_lines)
2971  {
2972  newline = (IdentLine *) lfirst(parsed_line_cell);
2973  if (newline->ident_user[0] == '/')
2974  pg_regfree(&newline->re);
2975  }
2976  MemoryContextDelete(ident_context);
2977  return false;
2978  }
2979 
2980  /* Loaded new file successfully, replace the one we use */
2981  if (parsed_ident_lines != NIL)
2982  {
2983  foreach(parsed_line_cell, parsed_ident_lines)
2984  {
2985  newline = (IdentLine *) lfirst(parsed_line_cell);
2986  if (newline->ident_user[0] == '/')
2987  pg_regfree(&newline->re);
2988  }
2989  }
2990  if (parsed_ident_context != NULL)
2992 
2993  parsed_ident_context = ident_context;
2994  parsed_ident_lines = new_parsed_lines;
2995 
2996  return true;
2997 }
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
regex_t re
Definition: hba.h:110
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:180
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2123
char * IdentFileName
Definition: guc.c:465
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
static List * parsed_ident_lines
Definition: hba.c:112
static MemoryContext parsed_ident_context
Definition: hba.c:113
#define Assert(condition)
Definition: c.h:670
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
Definition: hba.h:103
int FreeFile(FILE *file)
Definition: fd.c:2315
char * ident_user
Definition: hba.h:108
int errmsg(const char *fmt,...)
Definition: elog.c:797
static IdentLine * parse_ident_line(TokenizedLine *tok_line)
Definition: hba.c:2631
void pg_regfree(regex_t *re)
Definition: regfree.c:49
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45

◆ pg_isblank()

bool pg_isblank ( const char  c)

Definition at line 160 of file hba.c.

Referenced by interpret_ident_response(), and next_token().

161 {
162  return c == ' ' || c == '\t' || c == '\r';
163 }
char * c