NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitcfac702

committed

Add new message for explicit rejection by pg_hba.conf. Implicit

rejection retains same message as before.

1 parent7bc76d5 commitcfac702Copy full SHA for cfac702

File tree

3 files changed

+42

-10

lines changed

src
- backend/libpq
  - auth.c
  - hba.c
- include/libpq
  - hba.h

3 files changed

+42

-10

lines changed

`‎src/backend/libpq/auth.c`

Lines changed: 37 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.198 2010/03/30 16:08:22 petere Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.199 2010/04/19 19:02:18 sriggs Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -363,11 +363,42 @@ ClientAuthentication(Port *port)`
`363`	`363`	`caseuaReject:`
`364`	`364`
`365`	`365`	`/*`
`366`		`- * This could have come from an explicit "reject" entry in`
`367`		`- * pg_hba.conf, but more likely it means there was no matching`
`368`		`- * entry. Take pity on the poor user and issue a helpful error`
`369`		`- * message. NOTE: this is not a security breach, because all the`
`370`		`- * info reported here is known at the frontend and must be assumed`
	`366`	`+ * An explicit "reject" entry in pg_hba.conf. Take pity on the poor`
	`367`	`+ * user and issue a helpful error message.`
	`368`	`+ * NOTE: this is not a security breach, because all the info`
	`369`	`+ * reported here is known at the frontend and must be assumed`
	`370`	`+ * known to bad guys. We're merely helping out the less clueful`
	`371`	`+ * good guys.`
	`372`	`+ */`
	`373`	`+{`
	`374`	`+charhostinfo[NI_MAXHOST];`
	`375`	`+`
	`376`	`+pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,`
	`377`	`+hostinfo,sizeof(hostinfo),`
	`378`	`+NULL,0,`
	`379`	`+NI_NUMERICHOST);`
	`380`	`+`
	`381`	`+#ifdefUSE_SSL`
	`382`	`+ereport(FATAL,`
	`383`	`+(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
	`384`	`+errmsg("pg_hba.conf rejects host \"%s\", user \"%s\", database \"%s\", %s",`
	`385`	`+hostinfo,port->user_name,port->database_name,`
	`386`	`+port->ssl ?_("SSL on") :_("SSL off"))));`
	`387`	`+#else`
	`388`	`+ereport(FATAL,`
	`389`	`+(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
	`390`	`+errmsg("pg_hba.conf rejects host \"%s\", user \"%s\", database \"%s\"",`
	`391`	`+hostinfo,port->user_name,port->database_name)));`
	`392`	`+#endif`
	`393`	`+break;`
	`394`	`+}`
	`395`	`+`
	`396`	`+caseuaImplicitReject:`
	`397`	`+`
	`398`	`+/*`
	`399`	`+ * No matching entry so tell the user we fell through.`
	`400`	`+ * NOTE: this is not a security breach, because all the info`
	`401`	`+ * reported here is known at the frontend and must be assumed`
`371`	`402`	`* known to bad guys. We're merely helping out the less clueful`
`372`	`403`	`* good guys.`
`373`	`404`	`*/`

`‎src/backend/libpq/hba.c`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`*`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.204 2010/03/24 17:05:45 tgl Exp $`
	`13`	`+ * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.205 2010/04/19 19:02:18 sriggs Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -1389,9 +1389,9 @@ check_hba(hbaPort *port)`
`1389`	`1389`	`return true;`
`1390`	`1390`	`}`
`1391`	`1391`
`1392`		`-/* If no matching entry was found,synthesize 'reject' entry. */`
	`1392`	`+/* If no matching entry was found,then implicitly reject. */`
`1393`	`1393`	`hba=palloc0(sizeof(HbaLine));`
`1394`		`-hba->auth_method=uaReject;`
	`1394`	`+hba->auth_method=uaImplicitReject;`
`1395`	`1395`	`port->hba=hba;`
`1396`	`1396`	`return true;`
`1397`	`1397`

`‎src/include/libpq/hba.h`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`* Interface to hba.c`
`5`	`5`	`*`
`6`	`6`	`*`
`7`		`- * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.61 2010/01/27 12:12:00 mha Exp $`
	`7`	`+ * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.62 2010/04/19 19:02:18 sriggs Exp $`
`8`	`8`	`*`
`9`	`9`	`*-------------------------------------------------------------------------`
`10`	`10`	`*/`
`@@ -18,6 +18,7 @@`
`18`	`18`	`typedefenumUserAuth`
`19`	`19`	`{`
`20`	`20`	`uaReject,`
	`21`	`+uaImplicitReject,`
`21`	`22`	`uaKrb5,`
`22`	`23`	`uaTrust,`
`23`	`24`	`uaIdent,`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitcfac702

File tree

3 files changed

3 files changed

`‎src/backend/libpq/auth.c`

`‎src/backend/libpq/hba.c`

`‎src/include/libpq/hba.h`

0 commit comments