PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
hba.h File Reference
#include "libpq/pqcomm.h"
#include "nodes/pg_list.h"
#include "regex/regex.h"
Include dependency graph for hba.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  HbaLine
 
struct  IdentLine
 

Macros

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */
 

Typedefs

typedef enum UserAuth UserAuth
 
typedef enum IPCompareMethod IPCompareMethod
 
typedef enum ConnType ConnType
 
typedef struct HbaLine HbaLine
 
typedef struct IdentLine IdentLine
 
typedef struct Port hbaPort
 

Enumerations

enum  UserAuth {
  uaReject, uaImplicitReject, uaTrust, uaIdent,
  uaPassword, uaMD5, uaSCRAM, uaGSS,
  uaSSPI, uaPAM, uaBSD, uaLDAP,
  uaCert, uaRADIUS
}
 
enum  IPCompareMethod { ipCmpMask, ipCmpSameHost, ipCmpSameNet, ipCmpAll }
 
enum  ConnType { ctLocal, ctHost, ctHostSSL, ctHostNoSSL }
 

Functions

bool load_hba (void)
 
bool load_ident (void)
 
void hba_getauthmethod (hbaPort *port)
 
int check_usermap (const char *usermap_name, const char *pg_role, const char *auth_user, bool case_sensitive)
 
bool pg_isblank (const char c)
 

Macro Definition Documentation

#define USER_AUTH_LAST   uaPeer /* Must be last value of this enum */

Definition at line 42 of file hba.h.

Referenced by fill_hba_line().

Typedef Documentation

Definition at line 114 of file hba.h.

Enumeration Type Documentation

enum ConnType
Enumerator
ctLocal 
ctHost 
ctHostSSL 
ctHostNoSSL 

Definition at line 53 of file hba.h.

54 {
55  ctLocal,
56  ctHost,
57  ctHostSSL,
59 } ConnType;
Definition: hba.h:57
ConnType
Definition: hba.h:53
Definition: hba.h:55
Definition: hba.h:56
Enumerator
ipCmpMask 
ipCmpSameHost 
ipCmpSameNet 
ipCmpAll 

Definition at line 45 of file hba.h.

46 {
47  ipCmpMask,
50  ipCmpAll
Definition: hba.h:47
IPCompareMethod
Definition: hba.h:45
Definition: hba.h:50
enum UserAuth
Enumerator
uaReject 
uaImplicitReject 
uaTrust 
uaIdent 
uaPassword 
uaMD5 
uaSCRAM 
uaGSS 
uaSSPI 
uaPAM 
uaBSD 
uaLDAP 
uaCert 
uaRADIUS 

Definition at line 25 of file hba.h.

26 {
27  uaReject,
28  uaImplicitReject, /* Not a user-visible option */
29  uaTrust,
30  uaIdent,
31  uaPassword,
32  uaMD5,
33  uaSCRAM,
34  uaGSS,
35  uaSSPI,
36  uaPAM,
37  uaBSD,
38  uaLDAP,
39  uaCert,
40  uaRADIUS,
41  uaPeer
42 #define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
43 } UserAuth;
UserAuth
Definition: hba.h:25
Definition: hba.h:30
Definition: hba.h:38
Definition: hba.h:32
Definition: hba.h:35
Definition: hba.h:34
Definition: hba.h:31
Definition: hba.h:39
Definition: hba.h:27
Definition: hba.h:29
Definition: hba.h:33
Definition: hba.h:37
Definition: hba.h:36
Definition: hba.h:40

Function Documentation

int check_usermap ( const char *  usermap_name,
const char *  pg_role,
const char *  auth_user,
bool  case_sensitive 
)

Definition at line 2842 of file hba.c.

References check_ident_usermap(), ereport, errmsg(), error(), lfirst, LOG, pg_strcasecmp(), STATUS_ERROR, and STATUS_OK.

Referenced by ident_inet().

2846 {
2847  bool found_entry = false,
2848  error = false;
2849 
2850  if (usermap_name == NULL || usermap_name[0] == '\0')
2851  {
2852  if (case_insensitive)
2853  {
2854  if (pg_strcasecmp(pg_role, auth_user) == 0)
2855  return STATUS_OK;
2856  }
2857  else
2858  {
2859  if (strcmp(pg_role, auth_user) == 0)
2860  return STATUS_OK;
2861  }
2862  ereport(LOG,
2863  (errmsg("provided user name (%s) and authenticated user name (%s) do not match",
2864  pg_role, auth_user)));
2865  return STATUS_ERROR;
2866  }
2867  else
2868  {
2869  ListCell *line_cell;
2870 
2871  foreach(line_cell, parsed_ident_lines)
2872  {
2873  check_ident_usermap(lfirst(line_cell), usermap_name,
2874  pg_role, auth_user, case_insensitive,
2875  &found_entry, &error);
2876  if (found_entry || error)
2877  break;
2878  }
2879  }
2880  if (!found_entry && !error)
2881  {
2882  ereport(LOG,
2883  (errmsg("no match in usermap \"%s\" for user \"%s\" authenticated as \"%s\"",
2884  usermap_name, pg_role, auth_user)));
2885  }
2886  return found_entry ? STATUS_OK : STATUS_ERROR;
2887 }
static void check_ident_usermap(IdentLine *identLine, const char *usermap_name, const char *pg_role, const char *ident_user, bool case_insensitive, bool *found_p, bool *error_p)
Definition: hba.c:2706
static void error(void)
Definition: sql-dyntest.c:147
#define STATUS_ERROR
Definition: c.h:965
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
#define LOG
Definition: elog.h:26
#define ereport(elevel, rest)
Definition: elog.h:122
#define STATUS_OK
Definition: c.h:964
static List * parsed_ident_lines
Definition: hba.c:112
#define lfirst(lc)
Definition: pg_list.h:106
int errmsg(const char *fmt,...)
Definition: elog.c:797
void hba_getauthmethod ( hbaPort port)

Definition at line 3008 of file hba.c.

References check_hba().

Referenced by ClientAuthentication().

3009 {
3010  check_hba(port);
3011 }
static void check_hba(hbaPort *port)
Definition: hba.c:2009
bool load_hba ( void  )

Definition at line 2110 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode(), errcode_for_file_access(), errmsg(), FreeFile(), HbaFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_hba_line(), PostmasterContext, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2111 {
2112  FILE *file;
2113  List *hba_lines = NIL;
2114  ListCell *line;
2115  List *new_parsed_lines = NIL;
2116  bool ok = true;
2117  MemoryContext linecxt;
2118  MemoryContext oldcxt;
2119  MemoryContext hbacxt;
2120 
2121  file = AllocateFile(HbaFileName, "r");
2122  if (file == NULL)
2123  {
2124  ereport(LOG,
2126  errmsg("could not open configuration file \"%s\": %m",
2127  HbaFileName)));
2128  return false;
2129  }
2130 
2131  linecxt = tokenize_file(HbaFileName, file, &hba_lines, LOG);
2132  FreeFile(file);
2133 
2134  /* Now parse all the lines */
2137  "hba parser context",
2139  oldcxt = MemoryContextSwitchTo(hbacxt);
2140  foreach(line, hba_lines)
2141  {
2142  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line);
2143  HbaLine *newline;
2144 
2145  /* don't parse lines that already have errors */
2146  if (tok_line->err_msg != NULL)
2147  {
2148  ok = false;
2149  continue;
2150  }
2151 
2152  if ((newline = parse_hba_line(tok_line, LOG)) == NULL)
2153  {
2154  /* Parse error; remember there's trouble */
2155  ok = false;
2156 
2157  /*
2158  * Keep parsing the rest of the file so we can report errors on
2159  * more than the first line. Error has already been logged, no
2160  * need for more chatter here.
2161  */
2162  continue;
2163  }
2164 
2165  new_parsed_lines = lappend(new_parsed_lines, newline);
2166  }
2167 
2168  /*
2169  * A valid HBA file must have at least one entry; else there's no way to
2170  * connect to the postmaster. But only complain about this if we didn't
2171  * already have parsing errors.
2172  */
2173  if (ok && new_parsed_lines == NIL)
2174  {
2175  ereport(LOG,
2176  (errcode(ERRCODE_CONFIG_FILE_ERROR),
2177  errmsg("configuration file \"%s\" contains no entries",
2178  HbaFileName)));
2179  ok = false;
2180  }
2181 
2182  /* Free tokenizer memory */
2183  MemoryContextDelete(linecxt);
2184  MemoryContextSwitchTo(oldcxt);
2185 
2186  if (!ok)
2187  {
2188  /* File contained one or more errors, so bail out */
2189  MemoryContextDelete(hbacxt);
2190  return false;
2191  }
2192 
2193  /* Loaded new file successfully, replace the one we use */
2194  if (parsed_hba_context != NULL)
2196  parsed_hba_context = hbacxt;
2197  parsed_hba_lines = new_parsed_lines;
2198 
2199  return true;
2200 }
Definition: hba.h:61
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:175
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
int errcode(int sqlerrcode)
Definition: elog.c:575
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
static List * parsed_hba_lines
Definition: hba.c:101
char * HbaFileName
Definition: guc.c:463
static MemoryContext parsed_hba_context
Definition: hba.c:102
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2094
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
static HbaLine * parse_hba_line(TokenizedLine *tok_line, int elevel)
Definition: hba.c:945
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
#define Assert(condition)
Definition: c.h:664
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
int FreeFile(FILE *file)
Definition: fd.c:2277
int errmsg(const char *fmt,...)
Definition: elog.c:797
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45
bool load_ident ( void  )

Definition at line 2897 of file hba.c.

References AllocateFile(), ALLOCSET_SMALL_SIZES, AllocSetContextCreate(), Assert, ereport, TokenizedLine::err_msg, errcode_for_file_access(), errmsg(), FreeFile(), IdentLine::ident_user, IdentFileName, lappend(), lfirst, LOG, MemoryContextDelete(), MemoryContextSwitchTo(), newline(), NIL, parse_ident_line(), pg_regfree(), PostmasterContext, IdentLine::re, and tokenize_file().

Referenced by PerformAuthentication(), PostmasterMain(), and SIGHUP_handler().

2898 {
2899  FILE *file;
2900  List *ident_lines = NIL;
2901  ListCell *line_cell,
2902  *parsed_line_cell;
2903  List *new_parsed_lines = NIL;
2904  bool ok = true;
2905  MemoryContext linecxt;
2906  MemoryContext oldcxt;
2907  MemoryContext ident_context;
2908  IdentLine *newline;
2909 
2910  file = AllocateFile(IdentFileName, "r");
2911  if (file == NULL)
2912  {
2913  /* not fatal ... we just won't do any special ident maps */
2914  ereport(LOG,
2916  errmsg("could not open usermap file \"%s\": %m",
2917  IdentFileName)));
2918  return false;
2919  }
2920 
2921  linecxt = tokenize_file(IdentFileName, file, &ident_lines, LOG);
2922  FreeFile(file);
2923 
2924  /* Now parse all the lines */
2926  ident_context = AllocSetContextCreate(PostmasterContext,
2927  "ident parser context",
2929  oldcxt = MemoryContextSwitchTo(ident_context);
2930  foreach(line_cell, ident_lines)
2931  {
2932  TokenizedLine *tok_line = (TokenizedLine *) lfirst(line_cell);
2933 
2934  /* don't parse lines that already have errors */
2935  if (tok_line->err_msg != NULL)
2936  {
2937  ok = false;
2938  continue;
2939  }
2940 
2941  if ((newline = parse_ident_line(tok_line)) == NULL)
2942  {
2943  /* Parse error; remember there's trouble */
2944  ok = false;
2945 
2946  /*
2947  * Keep parsing the rest of the file so we can report errors on
2948  * more than the first line. Error has already been logged, no
2949  * need for more chatter here.
2950  */
2951  continue;
2952  }
2953 
2954  new_parsed_lines = lappend(new_parsed_lines, newline);
2955  }
2956 
2957  /* Free tokenizer memory */
2958  MemoryContextDelete(linecxt);
2959  MemoryContextSwitchTo(oldcxt);
2960 
2961  if (!ok)
2962  {
2963  /*
2964  * File contained one or more errors, so bail out, first being careful
2965  * to clean up whatever we allocated. Most stuff will go away via
2966  * MemoryContextDelete, but we have to clean up regexes explicitly.
2967  */
2968  foreach(parsed_line_cell, new_parsed_lines)
2969  {
2970  newline = (IdentLine *) lfirst(parsed_line_cell);
2971  if (newline->ident_user[0] == '/')
2972  pg_regfree(&newline->re);
2973  }
2974  MemoryContextDelete(ident_context);
2975  return false;
2976  }
2977 
2978  /* Loaded new file successfully, replace the one we use */
2979  if (parsed_ident_lines != NIL)
2980  {
2981  foreach(parsed_line_cell, parsed_ident_lines)
2982  {
2983  newline = (IdentLine *) lfirst(parsed_line_cell);
2984  if (newline->ident_user[0] == '/')
2985  pg_regfree(&newline->re);
2986  }
2987  }
2988  if (parsed_ident_context != NULL)
2990 
2991  parsed_ident_context = ident_context;
2992  parsed_ident_lines = new_parsed_lines;
2993 
2994  return true;
2995 }
#define NIL
Definition: pg_list.h:69
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:200
regex_t re
Definition: hba.h:110
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:175
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
#define LOG
Definition: elog.h:26
static chr newline(void)
Definition: regc_lex.c:1137
char * err_msg
Definition: hba.c:94
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2094
char * IdentFileName
Definition: guc.c:464
#define ereport(elevel, rest)
Definition: elog.h:122
List * lappend(List *list, void *datum)
Definition: list.c:128
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
static List * parsed_ident_lines
Definition: hba.c:112
static MemoryContext parsed_ident_context
Definition: hba.c:113
#define Assert(condition)
Definition: c.h:664
#define lfirst(lc)
Definition: pg_list.h:106
static MemoryContext tokenize_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:470
Definition: hba.h:103
int FreeFile(FILE *file)
Definition: fd.c:2277
char * ident_user
Definition: hba.h:108
int errmsg(const char *fmt,...)
Definition: elog.c:797
static IdentLine * parse_ident_line(TokenizedLine *tok_line)
Definition: hba.c:2629
void pg_regfree(regex_t *re)
Definition: regfree.c:49
Definition: pg_list.h:45
MemoryContext PostmasterContext
Definition: mcxt.c:45
bool pg_isblank ( const char  c)

Definition at line 160 of file hba.c.

Referenced by interpret_ident_response(), and next_token().

161 {
162  return c == ' ' || c == '\t' || c == '\r';
163 }
char * c