NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit29fcd22

committed

Improve error reporting behavior in parse_hba(): give more complete

error report for getaddrinfo failures, point at correct token for syntaxerrors in all cases, don't log redundant messages.

1 parent178c08d commit29fcd22Copy full SHA for 29fcd22

File tree

1 file changed

+61

-46

lines changed

src/backend/libpq
- hba.c

1 file changed

+61

-46

lines changed

`‎src/backend/libpq/hba.c`

Lines changed: 61 additions & 46 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`*`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.120 2004/02/02 16:58:30 neilc Exp $`
	`13`	`+ * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.121 2004/05/19 22:06:16 tgl Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -518,58 +518,60 @@ check_db(char dbname, char user, char *param_str)`
`518`	`518`	`/*`
`519`	`519`	`*Scan the rest of a host record (after the mask field)`
`520`	`520`	`and return the interpretation of it as userauth_p, *auth_arg_p, and`
`521`		`- **error_p. line points to the next token of the line.`
	`521`	`+ *error_p. line points to the next token of the line, and is`
	`522`	`+ *advanced over successfully-read tokens.`
`522`	`523`	`*/`
`523`	`524`	`staticvoid`
`524`		`-parse_hba_auth(Listline,UserAuthuserauth_p,char**auth_arg_p,`
	`525`	`+parse_hba_auth(List*line,UserAuthuserauth_p,char**auth_arg_p,`
`525`	`526`	`bool*error_p)`
`526`	`527`	`{`
`527`	`528`	`char*token;`
`528`	`529`
`529`	`530`	`*auth_arg_p=NULL;`
`530`	`531`
`531`		`-if (!line)`
`532`		`-*error_p= true;`
`533`		`-else`
	`532`	`+/* Get authentication type token. */`
	`533`	`+if (!*line)`
`534`	`534`	`{`
`535`		`-/* Get authentication type token. */`
`536`		`-token=lfirst(line);`
`537`		`-if (strcmp(token,"trust")==0)`
`538`		`-*userauth_p=uaTrust;`
`539`		`-elseif (strcmp(token,"ident")==0)`
`540`		`-*userauth_p=uaIdent;`
`541`		`-elseif (strcmp(token,"password")==0)`
`542`		`-*userauth_p=uaPassword;`
`543`		`-elseif (strcmp(token,"krb4")==0)`
`544`		`-*userauth_p=uaKrb4;`
`545`		`-elseif (strcmp(token,"krb5")==0)`
`546`		`-*userauth_p=uaKrb5;`
`547`		`-elseif (strcmp(token,"reject")==0)`
`548`		`-*userauth_p=uaReject;`
`549`		`-elseif (strcmp(token,"md5")==0)`
`550`		`-*userauth_p=uaMD5;`
`551`		`-elseif (strcmp(token,"crypt")==0)`
`552`		`-*userauth_p=uaCrypt;`
	`535`	`+*error_p= true;`
	`536`	`+return;`
	`537`	`+}`
	`538`	`+token=lfirst(*line);`
	`539`	`+if (strcmp(token,"trust")==0)`
	`540`	`+*userauth_p=uaTrust;`
	`541`	`+elseif (strcmp(token,"ident")==0)`
	`542`	`+*userauth_p=uaIdent;`
	`543`	`+elseif (strcmp(token,"password")==0)`
	`544`	`+*userauth_p=uaPassword;`
	`545`	`+elseif (strcmp(token,"krb4")==0)`
	`546`	`+*userauth_p=uaKrb4;`
	`547`	`+elseif (strcmp(token,"krb5")==0)`
	`548`	`+*userauth_p=uaKrb5;`
	`549`	`+elseif (strcmp(token,"reject")==0)`
	`550`	`+*userauth_p=uaReject;`
	`551`	`+elseif (strcmp(token,"md5")==0)`
	`552`	`+*userauth_p=uaMD5;`
	`553`	`+elseif (strcmp(token,"crypt")==0)`
	`554`	`+*userauth_p=uaCrypt;`
`553`	`555`	`#ifdefUSE_PAM`
`554`		`-elseif (strcmp(token, "pam")==0)`
`555`		`-*userauth_p=uaPAM;`
	`556`	`+elseif (strcmp(token, "pam")==0)`
	`557`	`+*userauth_p=uaPAM;`
`556`	`558`	`#endif`
`557`		`-else`
`558`		`-*error_p= true;`
`559`		`-line=lnext(line);`
	`559`	`+else`
	`560`	`+{`
	`561`	`+*error_p= true;`
	`562`	`+return;`
`560`	`563`	`}`
	`564`	`+line=lnext(line);`
`561`	`565`
`562`		`-if (!*error_p)`
	`566`	`+/* Get the authentication argument token, if any */`
	`567`	`+if (*line)`
`563`	`568`	`{`
`564`		`-/* Get the authentication argument token, if any */`
`565`		`-if (line)`
`566`		`-{`
`567`		`-token=lfirst(line);`
`568`		`-*auth_arg_p=pstrdup(token);`
`569`		`-/* If there is more on the line, it is an error */`
`570`		`-if (lnext(line))`
`571`		`-*error_p= true;`
`572`		`-}`
	`569`	`+token=lfirst(*line);`
	`570`	`+*auth_arg_p=pstrdup(token);`
	`571`	`+line=lnext(line);`
	`572`	`+/* If there is more on the line, it is an error */`
	`573`	`+if (*line)`
	`574`	`+*error_p= true;`
`573`	`575`	`}`
`574`	`576`	`}`
`575`	`577`
`@@ -623,7 +625,7 @@ parse_hba(List line, hbaPort port, bool found_p, bool error_p)`
`623`	`625`	`gotohba_syntax;`
`624`	`626`
`625`	`627`	`/* Read the rest of the line. */`
`626`		`-parse_hba_auth(line,&port->auth_method,&port->auth_arg,error_p);`
	`628`	`+parse_hba_auth(&line,&port->auth_method,&port->auth_arg,error_p);`
`627`	`629`	`if (*error_p)`
`628`	`630`	`gotohba_syntax;`
`629`	`631`
`@@ -704,13 +706,13 @@ parse_hba(List line, hbaPort port, bool found_p, bool error_p)`
`704`	`706`	`{`
`705`	`707`	`ereport(LOG,`
`706`	`708`	`(errcode(ERRCODE_CONFIG_FILE_ERROR),`
`707`		`-errmsg("invalid IP address \"%s\" in pg_hba.conf file: %s",`
`708`		`-token,gai_strerror(ret))));`
	`709`	`+errmsg("invalid IP address \"%s\" in pg_hba.conf file line %d: %s",`
	`710`	`+token,line_number,gai_strerror(ret))));`
`709`	`711`	`if (cidr_slash)`
`710`	`712`	`*cidr_slash='/';`
`711`	`713`	`if (gai_result)`
`712`	`714`	`freeaddrinfo_all(hints.ai_family,gai_result);`
`713`		`-gotohba_syntax;`
	`715`	`+gotohba_other_error;`
`714`	`716`	`}`
`715`	`717`
`716`	`718`	`if (cidr_slash)`
`@@ -736,16 +738,26 @@ parse_hba(List line, hbaPort port, bool found_p, bool error_p)`
`736`	`738`	`ret=getaddrinfo_all(token,NULL,&hints,&gai_result);`
`737`	`739`	`if (ret\|\| !gai_result)`
`738`	`740`	`{`
	`741`	`+ereport(LOG,`
	`742`	`+(errcode(ERRCODE_CONFIG_FILE_ERROR),`
	`743`	`+errmsg("invalid IP mask \"%s\" in pg_hba.conf file line %d: %s",`
	`744`	`+token,line_number,gai_strerror(ret))));`
`739`	`745`	`if (gai_result)`
`740`	`746`	`freeaddrinfo_all(hints.ai_family,gai_result);`
`741`		`-gotohba_syntax;`
	`747`	`+gotohba_other_error;`
`742`	`748`	`}`
`743`	`749`
`744`	`750`	`memcpy(&mask,gai_result->ai_addr,gai_result->ai_addrlen);`
`745`	`751`	`freeaddrinfo_all(hints.ai_family,gai_result);`
`746`	`752`
`747`	`753`	`if (addr.ss_family!=mask.ss_family)`
`748`		`-gotohba_syntax;`
	`754`	`+{`
	`755`	`+ereport(LOG,`
	`756`	`+(errcode(ERRCODE_CONFIG_FILE_ERROR),`
	`757`	`+errmsg("IP address and mask do not match in pg_hba.conf file line %d",`
	`758`	`+line_number)));`
	`759`	`+gotohba_other_error;`
	`760`	`+}`
`749`	`761`	`}`
`750`	`762`
`751`	`763`	`if (addr.ss_family!=port->raddr.addr.ss_family)`
`@@ -778,13 +790,14 @@ parse_hba(List line, hbaPort port, bool found_p, bool error_p)`
`778`	`790`	`line=lnext(line);`
`779`	`791`	`if (!line)`
`780`	`792`	`gotohba_syntax;`
`781`		`-parse_hba_auth(line,&port->auth_method,&port->auth_arg,error_p);`
	`793`	`+parse_hba_auth(&line,&port->auth_method,&port->auth_arg,error_p);`
`782`	`794`	`if (*error_p)`
`783`	`795`	`gotohba_syntax;`
`784`	`796`	`}`
`785`	`797`	`else`
`786`	`798`	`gotohba_syntax;`
`787`	`799`
	`800`	`+/* Does the entry match database and user? */`
`788`	`801`	`if (!check_db(port->database_name,port->user_name,db))`
`789`	`802`	`return;`
`790`	`803`	`if (!check_user(port->user_name,user))`
`@@ -806,6 +819,8 @@ parse_hba(List line, hbaPort port, bool found_p, bool error_p)`
`806`	`819`	`errmsg("missing field in pg_hba.conf file at end of line %d",`
`807`	`820`	`line_number)));`
`808`	`821`
	`822`	`+/* Come here if suitable message already logged */`
	`823`	`+hba_other_error:`
`809`	`824`	`*error_p= true;`
`810`	`825`	`}`
`811`	`826`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit29fcd22

File tree

1 file changed

1 file changed

`‎src/backend/libpq/hba.c`

0 commit comments