PostgreSQL Source Code: src/include/libpq/auth.h File Reference (original) (raw)
372{
374 const char *logdetail = NULL;
375
376
377
378
379
380
381
383
385
386
387
388
389
390
392 {
393
396 (errcode(ERRCODE_CONFIG_FILE_ERROR),
397 errmsg("client certificates can only be checked if a root certificate store is available")));
398
399
400
401
402
403
404
405 if (->peer_cert_valid)
407 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
408 errmsg("connection requires a valid client certificate")));
409 }
410
411
412
413
414 switch (port->hba->auth_method)
415 {
417
418
419
420
421
422
423
424
425
426
427
428 {
429 char hostinfo[NI_MAXHOST];
430 const char *encryption_state;
431
433 hostinfo, sizeof(hostinfo),
434 NULL, 0,
435 NI_NUMERICHOST);
436
437 encryption_state =
438#ifdef ENABLE_GSS
439 (port->gss && port->gss->enc) ? _("GSS encryption") :
440#endif
441#ifdef USE_SSL
442 port->ssl_in_use ? _("SSL encryption") :
443#endif
444 _("no encryption");
445
448 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
449
450 errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
451 hostinfo, port->user_name,
452 encryption_state)));
453 else
455 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
456
457 errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
458 hostinfo, port->user_name,
459 port->database_name,
460 encryption_state)));
461 break;
462 }
463
465
466
467
468
469
470
471
472
473
474 {
475 char hostinfo[NI_MAXHOST];
476 const char *encryption_state;
477
479 hostinfo, sizeof(hostinfo),
480 NULL, 0,
481 NI_NUMERICHOST);
482
483 encryption_state =
484#ifdef ENABLE_GSS
485 (port->gss && port->gss->enc) ? _("GSS encryption") :
486#endif
487#ifdef USE_SSL
488 port->ssl_in_use ? _("SSL encryption") :
489#endif
490 _("no encryption");
491
492#define HOSTNAME_LOOKUP_DETAIL(port) \
493 (port->remote_hostname ? \
494 (port->remote_hostname_resolv == +1 ? \
495 errdetail_log("Client IP address resolved to \"%s\", forward lookup matches.", \
496 port->remote_hostname) : \
497 port->remote_hostname_resolv == 0 ? \
498 errdetail_log("Client IP address resolved to \"%s\", forward lookup not checked.", \
499 port->remote_hostname) : \
500 port->remote_hostname_resolv == -1 ? \
501 errdetail_log("Client IP address resolved to \"%s\", forward lookup does not match.", \
502 port->remote_hostname) : \
503 port->remote_hostname_resolv == -2 ? \
504 errdetail_log("Could not translate client host name \"%s\" to IP address: %s.", \
505 port->remote_hostname, \
506 gai_strerror(port->remote_hostname_errcode)) : \
507 0) \
508 : (port->remote_hostname_resolv == -2 ? \
509 errdetail_log("Could not resolve client IP address to a host name: %s.", \
510 gai_strerror(port->remote_hostname_errcode)) : \
511 0))
512
515 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
516
517 errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
518 hostinfo, port->user_name,
519 encryption_state),
521 else
523 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
524
525 errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
526 hostinfo, port->user_name,
527 port->database_name,
528 encryption_state),
530 break;
531 }
532
534#ifdef ENABLE_GSS
535
536 if (port->gss == NULL)
537 port->gss = (pg_gssinfo *)
539 sizeof(pg_gssinfo));
540 port->gss->auth = true;
541
542
543
544
545
546 if (port->gss->enc)
547 status = pg_GSS_checkauth(port);
548 else
549 {
551 status = pg_GSS_recvauth(port);
552 }
553#else
555#endif
556 break;
557
559#ifdef ENABLE_SSPI
560 if (port->gss == NULL)
561 port->gss = (pg_gssinfo *)
563 sizeof(pg_gssinfo));
565 status = pg_SSPI_recvauth(port);
566#else
568#endif
569 break;
570
573 break;
574
577 break;
578
582 break;
583
586 break;
587
589#ifdef USE_PAM
590 status = CheckPAMAuth(port, port->user_name, "");
591#else
593#endif
594 break;
595
597#ifdef USE_BSD_AUTH
598 status = CheckBSDAuth(port, port->user_name);
599#else
601#endif
602 break;
603
605#ifdef USE_LDAP
606 status = CheckLDAPAuth(port);
607#else
609#endif
610 break;
613 break;
615
618 break;
621 break;
622 }
623
626 {
627
628
629
630
631#ifdef USE_SSL
632 status = CheckCertAuth(port);
633#else
635#endif
636 }
637
641 {
642
643
644
645
646
647
649 errmsg("connection authenticated: user=\"%s\" method=%s "
650 "(%s:%d)",
652 port->hba->sourcefile, port->hba->linenumber));
653 }
654
656 (*ClientAuthentication_hook) (port, status);
657
660 else
662}
const pg_be_sasl_mech pg_be_oauth_mech
int CheckSASLAuth(const pg_be_sasl_mech *mech, Port *port, char *shadow_pass, const char **logdetail)
void sendAuthRequest(Port *port, AuthRequest areq, const void *extradata, int extralen)
static int CheckPWChallengeAuth(Port *port, const char **logdetail)
static int ident_inet(hbaPort *port)
static int CheckRADIUSAuth(Port *port)
static void auth_failed(Port *port, int status, const char *logdetail)
ClientAuthentication_hook_type ClientAuthentication_hook
static int auth_peer(hbaPort *port)
#define HOSTNAME_LOOKUP_DETAIL(port)
static int CheckPasswordAuth(Port *port, const char **logdetail)
@ LOG_CONNECTION_AUTHENTICATION
bool secure_loaded_verify_locations(void)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
Assert(PointerIsAligned(start, uint64))
void hba_getauthmethod(hbaPort *port)
const char * hba_authname(UserAuth auth_method)
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
void * MemoryContextAllocZero(MemoryContext context, Size size)
MemoryContext TopMemoryContext
#define CHECK_FOR_INTERRUPTS()
ClientConnectionInfo MyClientConnectionInfo