Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3995c42

Browse files
committed
Improve log messages related to pg_hba.conf not matching a connection.
Include details on whether GSS encryption has been activated;since we added "hostgssenc" type HBA entries, that's relevant info.Kyotaro Horiguchi and Tom Lane. Back-patch to v12 whereGSS encryption was introduced.Discussion:https://postgr.es/m/e5b0b6ed05764324a2f3fe7acfc766d5@smhi.se
1 parent622ae46 commit3995c42

File tree

1 file changed

+28
-44
lines changed

1 file changed

+28
-44
lines changed

‎src/backend/libpq/auth.c

Lines changed: 28 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -401,44 +401,37 @@ ClientAuthentication(Port *port)
401401
*/
402402
{
403403
charhostinfo[NI_MAXHOST];
404+
constchar*encryption_state;
404405

405406
pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,
406407
hostinfo,sizeof(hostinfo),
407408
NULL,0,
408409
NI_NUMERICHOST);
409410

410-
if (am_walsender)
411-
{
411+
encryption_state=
412+
#ifdefENABLE_GSS
413+
(port->gss&&port->gss->enc) ?_("GSS encryption") :
414+
#endif
412415
#ifdefUSE_SSL
416+
port->ssl_in_use ?_("SSL encryption") :
417+
#endif
418+
_("no encryption");
419+
420+
if (am_walsender)
413421
ereport(FATAL,
414422
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
423+
/* translator: last %s describes encryption state */
415424
errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
416425
hostinfo,port->user_name,
417-
port->ssl_in_use ?_("SSL on") :_("SSL off"))));
418-
#else
419-
ereport(FATAL,
420-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
421-
errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\"",
422-
hostinfo,port->user_name)));
423-
#endif
424-
}
426+
encryption_state)));
425427
else
426-
{
427-
#ifdefUSE_SSL
428428
ereport(FATAL,
429429
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
430+
/* translator: last %s describes encryption state */
430431
errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
431432
hostinfo,port->user_name,
432433
port->database_name,
433-
port->ssl_in_use ?_("SSL on") :_("SSL off"))));
434-
#else
435-
ereport(FATAL,
436-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
437-
errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\"",
438-
hostinfo,port->user_name,
439-
port->database_name)));
440-
#endif
441-
}
434+
encryption_state)));
442435
break;
443436
}
444437

@@ -454,12 +447,22 @@ ClientAuthentication(Port *port)
454447
*/
455448
{
456449
charhostinfo[NI_MAXHOST];
450+
constchar*encryption_state;
457451

458452
pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,
459453
hostinfo,sizeof(hostinfo),
460454
NULL,0,
461455
NI_NUMERICHOST);
462456

457+
encryption_state=
458+
#ifdefENABLE_GSS
459+
(port->gss&&port->gss->enc) ?_("GSS encryption") :
460+
#endif
461+
#ifdefUSE_SSL
462+
port->ssl_in_use ?_("SSL encryption") :
463+
#endif
464+
_("no encryption");
465+
463466
#defineHOSTNAME_LOOKUP_DETAIL(port) \
464467
(port->remote_hostname ? \
465468
(port->remote_hostname_resolv == +1 ? \
@@ -482,41 +485,22 @@ ClientAuthentication(Port *port)
482485
0))
483486

484487
if (am_walsender)
485-
{
486-
#ifdefUSE_SSL
487488
ereport(FATAL,
488489
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
490+
/* translator: last %s describes encryption state */
489491
errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
490492
hostinfo,port->user_name,
491-
port->ssl_in_use ?_("SSL on") :_("SSL off")),
493+
encryption_state),
492494
HOSTNAME_LOOKUP_DETAIL(port)));
493-
#else
494-
ereport(FATAL,
495-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
496-
errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\"",
497-
hostinfo,port->user_name),
498-
HOSTNAME_LOOKUP_DETAIL(port)));
499-
#endif
500-
}
501495
else
502-
{
503-
#ifdefUSE_SSL
504496
ereport(FATAL,
505497
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
498+
/* translator: last %s describes encryption state */
506499
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
507500
hostinfo,port->user_name,
508501
port->database_name,
509-
port->ssl_in_use ?_("SSL on") :_("SSL off")),
510-
HOSTNAME_LOOKUP_DETAIL(port)));
511-
#else
512-
ereport(FATAL,
513-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
514-
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"",
515-
hostinfo,port->user_name,
516-
port->database_name),
502+
encryption_state),
517503
HOSTNAME_LOOKUP_DETAIL(port)));
518-
#endif
519-
}
520504
break;
521505
}
522506

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp