Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commitcfac702

Browse files
Add new message for explicit rejection by pg_hba.conf. Implicit
rejection retains same message as before.
1 parent7bc76d5 commitcfac702

File tree

3 files changed

+42
-10
lines changed

3 files changed

+42
-10
lines changed

‎src/backend/libpq/auth.c

Lines changed: 37 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.198 2010/03/30 16:08:22 petere Exp $
11+
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.199 2010/04/19 19:02:18 sriggs Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -363,11 +363,42 @@ ClientAuthentication(Port *port)
363363
caseuaReject:
364364

365365
/*
366-
* This could have come from an explicit "reject" entry in
367-
* pg_hba.conf, but more likely it means there was no matching
368-
* entry. Take pity on the poor user and issue a helpful error
369-
* message. NOTE: this is not a security breach, because all the
370-
* info reported here is known at the frontend and must be assumed
366+
* An explicit "reject" entry in pg_hba.conf. Take pity on the poor
367+
* user and issue a helpful error message.
368+
* NOTE: this is not a security breach, because all the info
369+
* reported here is known at the frontend and must be assumed
370+
* known to bad guys. We're merely helping out the less clueful
371+
* good guys.
372+
*/
373+
{
374+
charhostinfo[NI_MAXHOST];
375+
376+
pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,
377+
hostinfo,sizeof(hostinfo),
378+
NULL,0,
379+
NI_NUMERICHOST);
380+
381+
#ifdefUSE_SSL
382+
ereport(FATAL,
383+
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
384+
errmsg("pg_hba.conf rejects host \"%s\", user \"%s\", database \"%s\", %s",
385+
hostinfo,port->user_name,port->database_name,
386+
port->ssl ?_("SSL on") :_("SSL off"))));
387+
#else
388+
ereport(FATAL,
389+
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
390+
errmsg("pg_hba.conf rejects host \"%s\", user \"%s\", database \"%s\"",
391+
hostinfo,port->user_name,port->database_name)));
392+
#endif
393+
break;
394+
}
395+
396+
caseuaImplicitReject:
397+
398+
/*
399+
* No matching entry so tell the user we fell through.
400+
* NOTE: this is not a security breach, because all the info
401+
* reported here is known at the frontend and must be assumed
371402
* known to bad guys. We're merely helping out the less clueful
372403
* good guys.
373404
*/

‎src/backend/libpq/hba.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
*
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.204 2010/03/24 17:05:45 tgl Exp $
13+
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.205 2010/04/19 19:02:18 sriggs Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -1389,9 +1389,9 @@ check_hba(hbaPort *port)
13891389
return true;
13901390
}
13911391

1392-
/* If no matching entry was found,synthesize 'reject' entry. */
1392+
/* If no matching entry was found,then implicitly reject. */
13931393
hba=palloc0(sizeof(HbaLine));
1394-
hba->auth_method=uaReject;
1394+
hba->auth_method=uaImplicitReject;
13951395
port->hba=hba;
13961396
return true;
13971397

‎src/include/libpq/hba.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* Interface to hba.c
55
*
66
*
7-
* $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.61 2010/01/27 12:12:00 mha Exp $
7+
* $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.62 2010/04/19 19:02:18 sriggs Exp $
88
*
99
*-------------------------------------------------------------------------
1010
*/
@@ -18,6 +18,7 @@
1818
typedefenumUserAuth
1919
{
2020
uaReject,
21+
uaImplicitReject,
2122
uaKrb5,
2223
uaTrust,
2324
uaIdent,

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp