Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8bddc86

Browse files
committed
Add application_name to connection authorized msg
The connection authorized message has quite a bit of useful informationin it, but didn't include the application_name (when provided), so let'sadd that as it can be very useful.Note that at the point where we're emitting the connection authorizedmessage, we haven't processed GUCs, so it's not possible to get this byusing log_line_prefix (which pulls from the GUC). There's alsosomething to be said for having this included in the connectionauthorized message and then not needing to repeat it for every line, ashaving it in log_line_prefix would do.The GUC cleans the application name to pure-ascii, so do that here too,but pull out the logic for cleaning up a string into its own functionin common and re-use it from those places, and check_cluster_name whichwas doing the same thing.Author: Don Seiler <don@seiler.us>Discussion:https://postgr.es/m/CAHJZqBB_Pxv8HRfoh%2BAB4KxSQQuPVvtYCzMg7woNR3r7dfmopw%40mail.gmail.com
1 parent2b04dfc commit8bddc86

File tree

6 files changed

+99
-30
lines changed

6 files changed

+99
-30
lines changed

‎src/backend/postmaster/postmaster.c

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,7 @@
9999
#include"catalog/pg_control.h"
100100
#include"common/file_perm.h"
101101
#include"common/ip.h"
102+
#include"common/string.h"
102103
#include"lib/ilist.h"
103104
#include"libpq/auth.h"
104105
#include"libpq/libpq.h"
@@ -2096,6 +2097,21 @@ ProcessStartupPacket(Port *port, bool SSLdone)
20962097
pstrdup(nameptr));
20972098
port->guc_options=lappend(port->guc_options,
20982099
pstrdup(valptr));
2100+
2101+
/*
2102+
* Copy application_name to port if we come across it. This
2103+
* is done so we can log the application_name in the
2104+
* connection authorization message. Note that the GUC would
2105+
* be used but we haven't gone through GUC setup yet.
2106+
*/
2107+
if (strcmp(nameptr,"application_name")==0)
2108+
{
2109+
char*tmp_app_name=pstrdup(valptr);
2110+
2111+
pg_clean_ascii(tmp_app_name);
2112+
2113+
port->application_name=tmp_app_name;
2114+
}
20992115
}
21002116
offset=valoffset+strlen(valptr)+1;
21012117
}

‎src/backend/utils/init/postinit.c

Lines changed: 38 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -249,34 +249,56 @@ PerformAuthentication(Port *port)
249249
#ifdefUSE_SSL
250250
if (port->ssl_in_use)
251251
ereport(LOG,
252-
(errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
253-
port->user_name,
254-
be_tls_get_version(port),
255-
be_tls_get_cipher(port),
256-
be_tls_get_cipher_bits(port),
257-
be_tls_get_compression(port) ?_("on") :_("off"))));
252+
(port->application_name!=NULL
253+
?errmsg("replication connection authorized: user=%s application_name=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
254+
port->user_name,
255+
port->application_name,
256+
be_tls_get_version(port),
257+
be_tls_get_cipher(port),
258+
be_tls_get_cipher_bits(port),
259+
be_tls_get_compression(port) ?_("on") :_("off"))
260+
:errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
261+
port->user_name,
262+
be_tls_get_version(port),
263+
be_tls_get_cipher(port),
264+
be_tls_get_cipher_bits(port),
265+
be_tls_get_compression(port) ?_("on") :_("off"))));
258266
else
259267
#endif
260268
ereport(LOG,
261-
(errmsg("replication connection authorized: user=%s",
262-
port->user_name)));
269+
(port->application_name!=NULL
270+
?errmsg("replication connection authorized: user=%s application_name=%s",
271+
port->user_name,
272+
port->application_name)
273+
:errmsg("replication connection authorized: user=%s",
274+
port->user_name)));
263275
}
264276
else
265277
{
266278
#ifdefUSE_SSL
267279
if (port->ssl_in_use)
268280
ereport(LOG,
269-
(errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
270-
port->user_name,port->database_name,
271-
be_tls_get_version(port),
272-
be_tls_get_cipher(port),
273-
be_tls_get_cipher_bits(port),
274-
be_tls_get_compression(port) ?_("on") :_("off"))));
281+
(port->application_name!=NULL
282+
?errmsg("connection authorized: user=%s database=%s application_name=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
283+
port->user_name,port->database_name,port->application_name,
284+
be_tls_get_version(port),
285+
be_tls_get_cipher(port),
286+
be_tls_get_cipher_bits(port),
287+
be_tls_get_compression(port) ?_("on") :_("off"))
288+
:errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
289+
port->user_name,port->database_name,
290+
be_tls_get_version(port),
291+
be_tls_get_cipher(port),
292+
be_tls_get_cipher_bits(port),
293+
be_tls_get_compression(port) ?_("on") :_("off"))));
275294
else
276295
#endif
277296
ereport(LOG,
278-
(errmsg("connection authorized: user=%s database=%s",
279-
port->user_name,port->database_name)));
297+
(port->application_name!=NULL
298+
?errmsg("connection authorized: user=%s database=%s application_name=%s",
299+
port->user_name,port->database_name,port->application_name)
300+
:errmsg("connection authorized: user=%s database=%s",
301+
port->user_name,port->database_name)));
280302
}
281303
}
282304

‎src/backend/utils/misc/guc.c

Lines changed: 3 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@
4141
#include"commands/vacuum.h"
4242
#include"commands/variable.h"
4343
#include"commands/trigger.h"
44+
#include"common/string.h"
4445
#include"funcapi.h"
4546
#include"jit/jit.h"
4647
#include"libpq/auth.h"
@@ -10760,13 +10761,7 @@ static bool
1076010761
check_application_name(char**newval,void**extra,GucSourcesource)
1076110762
{
1076210763
/* Only allow clean ASCII chars in the application name */
10763-
char*p;
10764-
10765-
for (p=*newval;*p;p++)
10766-
{
10767-
if (*p<32||*p>126)
10768-
*p='?';
10769-
}
10764+
pg_clean_ascii(*newval);
1077010765

1077110766
return true;
1077210767
}
@@ -10782,13 +10777,7 @@ static bool
1078210777
check_cluster_name(char**newval,void**extra,GucSourcesource)
1078310778
{
1078410779
/* Only allow clean ASCII chars in the cluster name */
10785-
char*p;
10786-
10787-
for (p=*newval;*p;p++)
10788-
{
10789-
if (*p<32||*p>126)
10790-
*p='?';
10791-
}
10780+
pg_clean_ascii(*newval);
1079210781

1079310782
return true;
1079410783
}

‎src/common/string.c

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,3 +56,37 @@ strtoint(const char *pg_restrict str, char **pg_restrict endptr, int base)
5656
errno=ERANGE;
5757
return (int)val;
5858
}
59+
60+
61+
/*
62+
* pg_clean_ascii -- Replace any non-ASCII chars with a '?' char
63+
*
64+
* Modifies the string passed in which must be '\0'-terminated.
65+
*
66+
* This function exists specifically to deal with filtering out
67+
* non-ASCII characters in a few places where the client can provide an almost
68+
* arbitrary string (and it isn't checked to ensure it's a valid username or
69+
* database name or similar) and we don't want to have control characters or other
70+
* things ending up in the log file where server admins might end up with a
71+
* messed up terminal when looking at them.
72+
*
73+
* In general, this function should NOT be used- instead, consider how to handle
74+
* the string without needing to filter out the non-ASCII characters.
75+
*
76+
* Ultimately, we'd like to improve the situation to not require stripping out
77+
* all non-ASCII but perform more intelligent filtering which would allow UTF or
78+
* similar, but it's unclear exactly what we should allow, so stick to ASCII only
79+
* for now.
80+
*/
81+
void
82+
pg_clean_ascii(char*str)
83+
{
84+
/* Only allow clean ASCII chars in the string */
85+
char*p;
86+
87+
for (p=str;*p!='\0';p++)
88+
{
89+
if (*p<32||*p>126)
90+
*p='?';
91+
}
92+
}

‎src/include/common/string.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,6 @@
1313
externboolpg_str_endswith(constchar*str,constchar*end);
1414
externintstrtoint(constchar*pg_restrictstr,char**pg_restrictendptr,
1515
intbase);
16+
externvoidpg_clean_ascii(char*str);
1617

1718
#endif/* COMMON_STRING_H */

‎src/include/libpq/libpq-be.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,13 @@ typedef struct Port
138138
char*cmdline_options;
139139
List*guc_options;
140140

141+
/*
142+
* The startup packet application name, only used here for the "connection
143+
* authorized" log message. We shouldn't use this post-startup, instead
144+
* the GUC should be used as application can change it afterward.
145+
*/
146+
char*application_name;
147+
141148
/*
142149
* Information that needs to be held during the authentication cycle.
143150
*/

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp