PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
hba.h File Reference
#include "libpq/pqcomm.h"
#include "nodes/pg_list.h"
#include "regex/regex.h"
Include dependency graph for hba.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  HbaLine
 
struct  IdentLine
 

Macros

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */
 

Typedefs

typedef enum UserAuth UserAuth
 
typedef enum IPCompareMethod IPCompareMethod
 
typedef enum ConnType ConnType
 
typedef struct HbaLine HbaLine
 
typedef struct IdentLine IdentLine
 
typedef struct Port hbaPort
 

Enumerations

enum  UserAuth {
  uaReject, uaImplicitReject, uaTrust, uaIdent,
  uaPassword, uaMD5, uaSCRAM, uaGSS,
  uaSSPI, uaPAM, uaBSD, uaLDAP,
  uaCert, uaRADIUS
}
 
enum  IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll }
 
enum  ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL }
 

Functions

bool load_hba (void)
 
bool load_ident (void)
 
void hba_getauthmethod (hbaPort *port)
 
int check_usermap (const char *usermap_name, const char *pg_role, const char *auth_user, bool case_sensitive)
 
bool pg_isblank (const char c)
 

Macro Definition Documentation

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */

Definition at line 42 of file hba.h.

Referenced by fill_hba_line().

Typedef Documentation

Definition at line 113 of file hba.h.

Enumeration Type Documentation

enum ConnType
Enumerator
ctLocal 
ctHost 
ctHostSSL 
ctHostNoSSL 

Definition at line 53 of file hba.h.

54 {
55  ctLocal,
56  ctHost,
57  ctHostSSL,
59 } ConnType;
Definition: hba.h:57
ConnType
Definition: hba.h:53
Definition: hba.h:55
Definition: hba.h:56
Enumerator
ipCmpMask 
ipCmpSameHost 
ipCmpSameNet 
ipCmpAll 

Definition at line 45 of file hba.h.

46 {
47  ipCmpMask,
50  ipCmpAll
Definition: hba.h:47
IPCompareMethod
Definition: hba.h:45
Definition: hba.h:50
enum UserAuth
Enumerator
uaReject 
uaImplicitReject 
uaTrust 
uaIdent 
uaPassword 
uaMD5 
uaSCRAM 
uaGSS 
uaSSPI 
uaPAM 
uaBSD 
uaLDAP 
uaCert 
uaRADIUS 

Definition at line 25 of file hba.h.

26 {
27  uaReject,
28  uaImplicitReject, /* Not a user-visible option */
29  uaTrust,
30  uaIdent,
31  uaPassword,
32  uaMD5,
33  uaSCRAM,
34  uaGSS,
35  uaSSPI,
36  uaPAM,
37  uaBSD,
38  uaLDAP,
39  uaCert,
40  uaRADIUS,
41  uaPeer
42 #define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
43 } UserAuth;
UserAuth
Definition: hba.h:25
Definition: hba.h:30
Definition: hba.h:38
Definition: hba.h:32
Definition: hba.h:35
Definition: hba.h:34
Definition: hba.h:31
Definition: hba.h:39
Definition: hba.h:27
Definition: hba.h:29
Definition: hba.h:33
Definition: hba.h:37
Definition: hba.h:36
Definition: hba.h:40

Function Documentation

int check_usermap ( const char *  usermap_name,
const char *  pg_role,
const char *  auth_user,
bool  case_sensitive 
)

Definition at line 2821 of file hba.c.

References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, NULL, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.

Referenced by ident_inet().

2825 {
2826  bool found_entry = false,
2827  error = false;
2828 
2829  if (usermap_name == NULL || usermap_name[0] == '\0')
2830  {
2831  if (case_insensitive)
2832  {
2833  if (pg_strcasecmp(pg_role, auth_user) == 0)
2834  return STATUS_OK;
2835  }
2836  else
2837  {
2838  if (strcmp(pg_role, auth_user) == 0)
2839  return STATUS_OK;
2840  }
2841  ereport(LOG,
2842  (errmsg("provided user name (%s) and authenticated user name (%s) do not match",
2843  pg_role, auth_user)));
2844  return STATUS_ERROR;
2845  }
2846  else
2847  {
2848  ListCell *line_cell;
2849 
2850  foreach(line_cell, parsed_ident_lines)
2851  {
2852  check_ident_usermap(lfirst(line_cell), usermap_name,
2853  pg_role, auth_user, case_insensitive,
2854  &found_entry, &error);
2855  if (found_entry || error)
2856  break;
2857  }
2858  }
2859  if (!found_entry && !error)
2860  {
2861  ereport(LOG,
2862  (errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
2863  usermap_name, pg_role, auth_user)));
2864  }
2865  return found_entry ? STATUS_OK : STATUS_ERROR;
2866 }
static void check_ident_usermap(IdentLine *identLine, const char *usermap_name, const char *pg_role, const char *ident_user, bool case_insensitive, bool *found_p, bool *error_p)
Definition: hba.c:2685
static void error(void)
Definition: sql-dyntest.c:147
#define STATUS_ERROR
Definition: c.h:976
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
#define LOG
Definition: elog.h:26
#define ereport(elevel, rest)
Definition: elog.h:122
#define STATUS_OK
Definition: c.h:975
static List * parsed_ident_lines
Definition: hba.c:112
#define NULL
Definition: c.h:229
#define lfirst(lc)
Definition: pg_list.h:106
int errmsg(const char *fmt,...)
Definition: elog.c:797
void hba_getauthmethod ( hbaPort port)

Definition at line 2987 of file hba.c.

References check_hba().

Referenced by ClientAuthentication().

2988 {
2989  check_hba(port);
2990 }
static void check_hba(hbaPort *port)
Definition: hba.c:1993
bool load_hba ( void  )

Definition at line 2094 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, NULL, parse_hba_line(), PostmasterContext, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2095 {
2096  FILE *file;
2097  List *hba_lines = NIL;
2098  ListCell *line;
2099  List *new_parsed_lines = NIL;
2100  bool ok = true;
2101  MemoryContext linecxt;
2102  MemoryContext oldcxt;
2103  MemoryContext hbacxt;
2104 
2105  file = AllocateFile(HbaFileName, "r");
2106  if (file == NULL)
2107  {
2108  ereport(LOG,
2110  errmsg("could not open configuration file \"%s\": %m",
2111  HbaFileName)));
2112  return false;
2113  }
2114 
2115  linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
2116  FreeFile(file);
2117 
2118  /* Now parse all the lines */
2121  "hba parser context",
2123  oldcxt = MemoryContextSwitchTo(hbacxt);
2124  foreach(line, hba_lines)
2125  {
2126  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
2127  HbaLine *newline;
2128 
2129  /* don't parse lines that already have errors */
2130  if (tok_line->err_msg != NULL)
2131  {
2132  ok = false;
2133  continue;
2134  }
2135 
2136  if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
2137  {
2138  /* Parse error; remember there's trouble */
2139  ok = false;
2140 
2141  /*
2142  * Keep parsing the rest of the file so we can report errors on
2143  * more than the first line. Error has already been logged, no
2144  * need for more chatter here.
2145  */
2146  continue;
2147  }
2148 
2149  new_parsed_lines = lappend(new_parsed_lines, newline);
2150  }
2151 
2152  /*
2153  * A valid HBA file must have at least one entry; else there's no way to
2154  * connect to the postmaster. But only complain about this if we didn't
2155  * already have parsing errors.
2156  */
2157  if (ok && new_parsed_lines == NIL)
2158  {
2159  ereport(LOG,
2160  (errcode(ERRCODE_CONFIG_FILE_ERROR),
2161  errmsg("configuration file \"%s\" contains no entries",
2162  HbaFileName)));
2163  ok = false;
2164  }
2165 
2166  /* Free tokenizer memory */
2167  MemoryContextDelete(linecxt);
2168  MemoryContextSwitchTo(oldcxt);
2169 
2170  if (!ok)
2171  {
2172  /* File contained one or more errors, so bail out */
2173  MemoryContextDelete(hbacxt);
2174  return false;
2175  }
2176 
2177  /* Loaded new file successfully, replace the one we use */
2178  if (parsed_hba_context != NULL)
2180  parsed_hba_context = hbacxt;
2181  parsed_hba_lines = new_parsed_lines;
2182 
2183  return true;
2184 }
Definition: hba.h:61
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:175
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
int errcode(int sqlerrcode)
Definition: elog.c:575
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
static List * parsed_hba_lines
Definition: hba.c:101
char * HbaFileName
Definition: guc.c:463
static MemoryContext parsed_hba_context
Definition: hba.c:102
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2094
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
static HbaLine * parse_hba_line(TokenizedLine *tok_line, int elevel)
Definition: hba.c:945
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
#define NULL
Definition: c.h:229
#define Assert(condition)
Definition: c.h:675
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
int FreeFile(FILE *file)
Definition: fd.c:2277
int errmsg(const char *fmt,...)
Definition: elog.c:797
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45
bool load_ident ( void  )

Definition at line 2876 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, NULL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2877 {
2878  FILE *file;
2879  List *ident_lines = NIL;
2880  ListCell *line_cell,
2881  *parsed_line_cell;
2882  List *new_parsed_lines = NIL;
2883  bool ok = true;
2884  MemoryContext linecxt;
2885  MemoryContext oldcxt;
2886  MemoryContext ident_context;
2887  IdentLine *newline;
2888 
2889  file = AllocateFile(IdentFileName, "r");
2890  if (file == NULL)
2891  {
2892  /* not fatal ... we just won't do any special ident maps */
2893  ereport(LOG,
2895  errmsg("could not open usermap file \"%s\": %m",
2896  IdentFileName)));
2897  return false;
2898  }
2899 
2900  linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
2901  FreeFile(file);
2902 
2903  /* Now parse all the lines */
2905  ident_context = AllocSetContextCreate(PostmasterContext,
2906  "ident parser context",
2908  oldcxt = MemoryContextSwitchTo(ident_context);
2909  foreach(line_cell, ident_lines)
2910  {
2911  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
2912 
2913  /* don't parse lines that already have errors */
2914  if (tok_line->err_msg != NULL)
2915  {
2916  ok = false;
2917  continue;
2918  }
2919 
2920  if ((newline = parse_ident_line(tok_line)) == NULL)
2921  {
2922  /* Parse error; remember there's trouble */
2923  ok = false;
2924 
2925  /*
2926  * Keep parsing the rest of the file so we can report errors on
2927  * more than the first line. Error has already been logged, no
2928  * need for more chatter here.
2929  */
2930  continue;
2931  }
2932 
2933  new_parsed_lines = lappend(new_parsed_lines, newline);
2934  }
2935 
2936  /* Free tokenizer memory */
2937  MemoryContextDelete(linecxt);
2938  MemoryContextSwitchTo(oldcxt);
2939 
2940  if (!ok)
2941  {
2942  /*
2943  * File contained one or more errors, so bail out, first being careful
2944  * to clean up whatever we allocated. Most stuff will go away via
2945  * MemoryContextDelete, but we have to clean up regexes explicitly.
2946  */
2947  foreach(parsed_line_cell, new_parsed_lines)
2948  {
2949  newline = (IdentLine *) lfirst(parsed_line_cell);
2950  if (newline->ident_user[0] == '/')
2951  pg_regfree(&newline->re);
2952  }
2953  MemoryContextDelete(ident_context);
2954  return false;
2955  }
2956 
2957  /* Loaded new file successfully, replace the one we use */
2958  if (parsed_ident_lines != NIL)
2959  {
2960  foreach(parsed_line_cell, parsed_ident_lines)
2961  {
2962  newline = (IdentLine *) lfirst(parsed_line_cell);
2963  if (newline->ident_user[0] == '/')
2964  pg_regfree(&newline->re);
2965  }
2966  }
2967  if (parsed_ident_context != NULL)
2969 
2970  parsed_ident_context = ident_context;
2971  parsed_ident_lines = new_parsed_lines;
2972 
2973  return true;
2974 }
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
regex_t re
Definition: hba.h:109
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:175
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2094
char * IdentFileName
Definition: guc.c:464
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
static List * parsed_ident_lines
Definition: hba.c:112
static MemoryContext parsed_ident_context
Definition: hba.c:113
#define NULL
Definition: c.h:229
#define Assert(condition)
Definition: c.h:675
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
Definition: hba.h:102
int FreeFile(FILE *file)
Definition: fd.c:2277
char * ident_user
Definition: hba.h:107
int errmsg(const char *fmt,...)
Definition: elog.c:797
static IdentLine * parse_ident_line(TokenizedLine *tok_line)
Definition: hba.c:2608
void pg_regfree(regex_t *re)
Definition: regfree.c:49
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45
bool pg_isblank ( const char  c)

Definition at line 160 of file hba.c.

Referenced by interpret_ident_response(), and next_token().

161 {
162  return c == ' ' || c == '\t' || c == '\r';
163 }
char * c