NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit7ed616f

committed

Improve log messages related to pg_hba.conf not matching a connection.

Include details on whether GSS encryption has been activated;since we added "hostgssenc" type HBA entries, that's relevant info.Kyotaro Horiguchi and Tom Lane. Back-patch to v12 whereGSS encryption was introduced.Discussion:https://postgr.es/m/e5b0b6ed05764324a2f3fe7acfc766d5@smhi.se

1 parent4cfdd8a commit7ed616fCopy full SHA for 7ed616f

File tree

1 file changed

+28

-44

lines changed

src/backend/libpq
- auth.c

1 file changed

+28

-44

lines changed

`‎src/backend/libpq/auth.c‎`

Lines changed: 28 additions & 44 deletions

Original file line number	Diff line number	Diff line change
`@@ -400,44 +400,37 @@ ClientAuthentication(Port *port)`
`400`	`400`	`*/`
`401`	`401`	`{`
`402`	`402`	`charhostinfo[NI_MAXHOST];`
	`403`	`+constchar*encryption_state;`
`403`	`404`
`404`	`405`	`pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,`
`405`	`406`	`hostinfo,sizeof(hostinfo),`
`406`	`407`	`NULL,0,`
`407`	`408`	`NI_NUMERICHOST);`
`408`	`409`
`409`		`-if (am_walsender)`
`410`		`-{`
	`410`	`+encryption_state=`
	`411`	`+#ifdefENABLE_GSS`
	`412`	`+(port->gss&&port->gss->enc) ?_("GSS encryption") :`
	`413`	`+#endif`
`411`	`414`	`#ifdefUSE_SSL`
	`415`	`+port->ssl_in_use ?_("SSL on") :`
	`416`	`+#endif`
	`417`	`+_("SSL off");`
	`418`	`+`
	`419`	`+if (am_walsender)`
`412`	`420`	`ereport(FATAL,`
`413`	`421`	`(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
	`422`	`+/* translator: last %s describes encryption state */`
`414`	`423`	`errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",`
`415`	`424`	`hostinfo,port->user_name,`
`416`		`-port->ssl_in_use ?_("SSL on") :_("SSL off"))));`
`417`		`-#else`
`418`		`-ereport(FATAL,`
`419`		`-(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
`420`		`-errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\"",`
`421`		`-hostinfo,port->user_name)));`
`422`		`-#endif`
`423`		`-}`
	`425`	`+encryption_state)));`
`424`	`426`	`else`
`425`		`-{`
`426`		`-#ifdefUSE_SSL`
`427`	`427`	`ereport(FATAL,`
`428`	`428`	`(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
	`429`	`+/* translator: last %s describes encryption state */`
`429`	`430`	`errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",`
`430`	`431`	`hostinfo,port->user_name,`
`431`	`432`	`port->database_name,`
`432`		`-port->ssl_in_use ?_("SSL on") :_("SSL off"))));`
`433`		`-#else`
`434`		`-ereport(FATAL,`
`435`		`-(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
`436`		`-errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\"",`
`437`		`-hostinfo,port->user_name,`
`438`		`-port->database_name)));`
`439`		`-#endif`
`440`		`-}`
	`433`	`+encryption_state)));`
`441`	`434`	`break;`
`442`	`435`	`}`
`443`	`436`
`@@ -453,12 +446,22 @@ ClientAuthentication(Port *port)`
`453`	`446`	`*/`
`454`	`447`	`{`
`455`	`448`	`charhostinfo[NI_MAXHOST];`
	`449`	`+constchar*encryption_state;`
`456`	`450`
`457`	`451`	`pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,`
`458`	`452`	`hostinfo,sizeof(hostinfo),`
`459`	`453`	`NULL,0,`
`460`	`454`	`NI_NUMERICHOST);`
`461`	`455`
	`456`	`+encryption_state=`
	`457`	`+#ifdefENABLE_GSS`
	`458`	`+(port->gss&&port->gss->enc) ?_("GSS encryption") :`
	`459`	`+#endif`
	`460`	`+#ifdefUSE_SSL`
	`461`	`+port->ssl_in_use ?_("SSL on") :`
	`462`	`+#endif`
	`463`	`+_("SSL off");`
	`464`	`+`
`462`	`465`	`#defineHOSTNAME_LOOKUP_DETAIL(port) \`
`463`	`466`	`(port->remote_hostname ? \`
`464`	`467`	`(port->remote_hostname_resolv == +1 ? \`
`@@ -481,41 +484,22 @@ ClientAuthentication(Port *port)`
`481`	`484`	`0))`
`482`	`485`
`483`	`486`	`if (am_walsender)`
`484`		`-{`
`485`		`-#ifdefUSE_SSL`
`486`	`487`	`ereport(FATAL,`
`487`	`488`	`(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
	`489`	`+/* translator: last %s describes encryption state */`
`488`	`490`	`errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",`
`489`	`491`	`hostinfo,port->user_name,`
`490`		`-port->ssl_in_use ?_("SSL on") :_("SSL off")),`
	`492`	`+encryption_state),`
`491`	`493`	`HOSTNAME_LOOKUP_DETAIL(port)));`
`492`		`-#else`
`493`		`-ereport(FATAL,`
`494`		`-(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
`495`		`-errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\"",`
`496`		`-hostinfo,port->user_name),`
`497`		`-HOSTNAME_LOOKUP_DETAIL(port)));`
`498`		`-#endif`
`499`		`-}`
`500`	`494`	`else`
`501`		`-{`
`502`		`-#ifdefUSE_SSL`
`503`	`495`	`ereport(FATAL,`
`504`	`496`	`(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
	`497`	`+/* translator: last %s describes encryption state */`
`505`	`498`	`errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",`
`506`	`499`	`hostinfo,port->user_name,`
`507`	`500`	`port->database_name,`
`508`		`-port->ssl_in_use ?_("SSL on") :_("SSL off")),`
`509`		`-HOSTNAME_LOOKUP_DETAIL(port)));`
`510`		`-#else`
`511`		`-ereport(FATAL,`
`512`		`-(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
`513`		`-errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"",`
`514`		`-hostinfo,port->user_name,`
`515`		`-port->database_name),`
	`501`	`+encryption_state),`
`516`	`502`	`HOSTNAME_LOOKUP_DETAIL(port)));`
`517`		`-#endif`
`518`		`-}`
`519`	`503`	`break;`
`520`	`504`	`}`
`521`	`505`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit7ed616f

File tree

1 file changed

1 file changed

`‎src/backend/libpq/auth.c‎`

0 commit comments