database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-09 06:21:09 +03:00
Code Activity

Authentication improvements:

Browse Source 
A new pg_hba.conf column, USER
Allow specifiction of lists of users separated by commas
Allow group names specified by +
Allow include files containing lists of users specified by @
Allow lists of databases, and database files
Allow samegroup in database column to match group name matching dbname
Removal of secondary password files
Remove pg_passwd utility
Lots of code cleanup in user.c and hba.c
New data/global/pg_pwd format
New data/global/pg_group file
This commit is contained in:
Bruce Momjian
2002-04-04 04:25:54 +00:00
parent af10378ab0
commit 43a3543a4e
25 changed files with 1453 additions and 1931 deletions
Download Patch File Download Diff File Expand all files Collapse all files

415
src/backend/commands/user.c
View File

@@ -6,7 +6,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.94 2002/03/26 19:15:48 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.95 2002/04/04 04:25:45 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -15,6 +15,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>
#include "access/heapam.h"
@@ -27,6 +28,7 @@
#include "libpq/crypt.h"
#include "miscadmin.h"
#include "storage/pmsignal.h"
#include "utils/acl.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
@@ -39,22 +41,75 @@ extern bool Password_encryption;
static void CheckPgUserAclNotNull(void);
/*---------------------------------------------------------------------
* write_password_file / update_pg_pwd
/*
* fputs_quote
*
* copy the modified contents of pg_shadow to a file used by the postmaster
* for user authentication. The file is stored as $PGDATA/global/pg_pwd.
* Outputs string in quotes, with double-quotes duplicated.
* We could use quote_ident(), but that expects varlena.
*/
static void fputs_quote(char *str, FILE *fp)
{
fputc('"', fp);
while (*str)
{
fputc(*str, fp);
if (*str == '"')
fputc('"', fp);
str++;
}
fputc('"', fp);
}
/*
* group_getfilename --- get full pathname of group file
*
* This function set is both a trigger function for direct updates to pg_shadow
* as well as being called directly from create/alter/drop user.
*
* We raise an error to force transaction rollback if we detect an illegal
* username or password --- illegal being defined as values that would
* mess up the pg_pwd parser.
*---------------------------------------------------------------------
* Note that result string is palloc'd, and should be freed by the caller.
*/
char *
group_getfilename(void)
{
int bufsize;
char *pfnam;
bufsize = strlen(DataDir) + strlen("/global/") +
strlen(USER_GROUP_FILE) + 1;
pfnam = (char *) palloc(bufsize);
snprintf(pfnam, bufsize, "%s/global/%s", DataDir, USER_GROUP_FILE);
return pfnam;
}
/*
* Get full pathname of password file.
* Note that result string is palloc'd, and should be freed by the caller.
*/
char *
user_getfilename(void)
{
int bufsize;
char *pfnam;
bufsize = strlen(DataDir) + strlen("/global/") +
strlen(PWD_FILE) + 1;
pfnam = (char *) palloc(bufsize);
snprintf(pfnam, bufsize, "%s/global/%s", DataDir, PWD_FILE);
return pfnam;
}
/*
* write_group_file for trigger update_pg_pwd_and_pg_group
*/
static void
write_password_file(Relation rel)
write_group_file(Relation urel, Relation grel)
{
char *filename,
*tempname;
@@ -63,14 +118,14 @@ write_password_file(Relation rel)
mode_t oumask;
HeapScanDesc scan;
HeapTuple tuple;
TupleDesc dsc = RelationGetDescr(rel);
TupleDesc dsc = RelationGetDescr(grel);
/*
* Create a temporary filename to be renamed later. This prevents the
* backend from clobbering the pg_pwd file while the postmaster might
* backend from clobbering the pg_group file while the postmaster might
* be reading from it.
*/
filename = crypt_getpwdfilename();
filename = group_getfilename();
bufsize = strlen(filename) + 12;
tempname = (char *) palloc(bufsize);
@@ -79,88 +134,89 @@ write_password_file(Relation rel)
fp = AllocateFile(tempname, "w");
umask(oumask);
if (fp == NULL)
elog(ERROR, "write_password_file: unable to write %s: %m", tempname);
elog(ERROR, "write_group_file: unable to write %s: %m", tempname);
/* read table */
scan = heap_beginscan(rel, false, SnapshotSelf, 0, NULL);
scan = heap_beginscan(grel, false, SnapshotSelf, 0, NULL);
while (HeapTupleIsValid(tuple = heap_getnext(scan, 0)))
{
Datum datum_n,
datum_p,
datum_v;
bool null_n,
null_p,
null_v;
char *str_n,
*str_p,
*str_v;
int i;
Datum datum, grolist_datum;
bool isnull;
char *groname;
IdList *grolist_p;
AclId *aidp;
int i, j,
num;
char *usename;
bool first_user = true;
datum_n = heap_getattr(tuple, Anum_pg_shadow_usename, dsc, &null_n);
if (null_n)
continue; /* ignore NULL usernames */
str_n = DatumGetCString(DirectFunctionCall1(nameout, datum_n));
datum = heap_getattr(tuple, Anum_pg_group_groname, dsc, &isnull);
if (isnull)
continue; /* ignore NULL groupnames */
groname = (char *) DatumGetName(datum);
datum_p = heap_getattr(tuple, Anum_pg_shadow_passwd, dsc, &null_p);
grolist_datum = heap_getattr(tuple, Anum_pg_group_grolist, dsc, &isnull);
/* Ignore NULL group lists */
if (isnull)
continue;
grolist_p = DatumGetIdListP(grolist_datum);
/*
* It can be argued that people having a null password shouldn't
* be allowed to connect under password authentication, because
* they need to have a password set up first. If you think
* assuming an empty password in that case is better, change this
* logic to look something like the code for valuntil.
* Check for illegal characters in the group name.
*/
if (null_p)
i = strcspn(groname, "\n");
if (groname[i] != '\0')
{
pfree(str_n);
elog(LOG, "Invalid group name '%s'", groname);
continue;
}
str_p = DatumGetCString(DirectFunctionCall1(textout, datum_p));
datum_v = heap_getattr(tuple, Anum_pg_shadow_valuntil, dsc, &null_v);
if (null_v)
str_v = pstrdup("\\N");
else
str_v = DatumGetCString(DirectFunctionCall1(nabstimeout, datum_v));
/* be sure the IdList is not toasted */
/* scan it */
num = IDLIST_NUM(grolist_p);
aidp = IDLIST_DAT(grolist_p);
for (i = 0; i < num; ++i)
{
tuple = SearchSysCache(SHADOWSYSID,
PointerGetDatum(aidp[i]),
0, 0, 0);
if (HeapTupleIsValid(tuple))
{
usename = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
/*
* Check for illegal characters in the username and password.
*/
i = strcspn(str_n, CRYPT_PWD_FILE_SEPSTR "\n");
if (str_n[i] != '\0')
elog(ERROR, "Invalid user name '%s'", str_n);
i = strcspn(str_p, CRYPT_PWD_FILE_SEPSTR "\n");
if (str_p[i] != '\0')
elog(ERROR, "Invalid user password '%s'", str_p);
/*
* Check for illegal characters in the user name.
*/
j = strcspn(usename, "\n");
if (usename[j] != '\0')
{
elog(LOG, "Invalid user name '%s'", usename);
continue;
}
/*
* The extra columns we emit here are not really necessary. To
* remove them, the parser in backend/libpq/crypt.c would need to
* be adjusted.
*/
fprintf(fp,
"%s"
CRYPT_PWD_FILE_SEPSTR
"0"
CRYPT_PWD_FILE_SEPSTR
"x"
CRYPT_PWD_FILE_SEPSTR
"x"
CRYPT_PWD_FILE_SEPSTR
"x"
CRYPT_PWD_FILE_SEPSTR
"x"
CRYPT_PWD_FILE_SEPSTR
"%s"
CRYPT_PWD_FILE_SEPSTR
"%s\n",
str_n,
str_p,
str_v);
/* File format is:
* "dbname" "user1","user2","user3"
* This matches pg_hba.conf.
*/
if (first_user)
{
fputs_quote(groname, fp);
fputs("\t", fp);
}
else
fputs(" ", fp);
pfree(str_n);
pfree(str_p);
pfree(str_v);
first_user = false;
fputs_quote(usename, fp);
ReleaseSysCache(tuple);
}
}
if (!first_user)
fputs("\n", fp);
/* if IdList was toasted, free detoasted copy */
if ((Pointer) grolist_p != DatumGetPointer(grolist_datum))
pfree(grolist_p);
}
heap_endscan(scan);
@@ -178,29 +234,154 @@ write_password_file(Relation rel)
pfree((void *) tempname);
pfree((void *) filename);
}
/*
* write_password_file for trigger update_pg_pwd_and_pg_group
*
* copy the modified contents of pg_shadow to a file used by the postmaster
* for user authentication. The file is stored as $PGDATA/global/pg_pwd.
*
* This function set is both a trigger function for direct updates to pg_shadow
* as well as being called directly from create/alter/drop user.
*
* We raise an error to force transaction rollback if we detect an illegal
* username or password --- illegal being defined as values that would
* mess up the pg_pwd parser.
*/
static void
write_user_file(Relation urel)
{
char *filename,
*tempname;
int bufsize;
FILE *fp;
mode_t oumask;
HeapScanDesc scan;
HeapTuple tuple;
TupleDesc dsc = RelationGetDescr(urel);
/*
* Signal the postmaster to reload its password-file cache.
* Create a temporary filename to be renamed later. This prevents the
* backend from clobbering the pg_pwd file while the postmaster might
* be reading from it.
*/
SendPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE);
filename = user_getfilename();
bufsize = strlen(filename) + 12;
tempname = (char *) palloc(bufsize);
snprintf(tempname, bufsize, "%s.%d", filename, MyProcPid);
oumask = umask((mode_t) 077);
fp = AllocateFile(tempname, "w");
umask(oumask);
if (fp == NULL)
elog(ERROR, "write_password_file: unable to write %s: %m", tempname);
/* read table */
scan = heap_beginscan(urel, false, SnapshotSelf, 0, NULL);
while (HeapTupleIsValid(tuple = heap_getnext(scan, 0)))
{
Datum datum;
bool isnull;
char *usename,
*passwd,
*valuntil;
int i;
datum = heap_getattr(tuple, Anum_pg_shadow_usename, dsc, &isnull);
if (isnull)
continue; /* ignore NULL usernames */
usename = (char *) DatumGetName(datum);
datum = heap_getattr(tuple, Anum_pg_shadow_passwd, dsc, &isnull);
/*
* It can be argued that people having a null password shouldn't
* be allowed to connect under password authentication, because
* they need to have a password set up first. If you think
* assuming an empty password in that case is better, change this
* logic to look something like the code for valuntil.
*/
if (isnull)
continue;
passwd = DatumGetCString(DirectFunctionCall1(textout, datum));
datum = heap_getattr(tuple, Anum_pg_shadow_valuntil, dsc, &isnull);
if (isnull)
valuntil = pstrdup("");
else
valuntil = DatumGetCString(DirectFunctionCall1(nabstimeout, datum));
/*
* Check for illegal characters in the username and password.
*/
i = strcspn(usename, "\n");
if (usename[i] != '\0')
elog(ERROR, "Invalid user name '%s'", usename);
i = strcspn(passwd, "\n");
if (passwd[i] != '\0')
elog(ERROR, "Invalid user password '%s'", passwd);
/*
* The extra columns we emit here are not really necessary. To
* remove them, the parser in backend/libpq/crypt.c would need to
* be adjusted.
*/
fputs_quote(usename, fp);
fputs(" ", fp);
fputs_quote(passwd, fp);
fputs(" ", fp);
fputs_quote(valuntil, fp);
pfree(passwd);
pfree(valuntil);
}
heap_endscan(scan);
fflush(fp);
if (ferror(fp))
elog(ERROR, "%s: %m", tempname);
FreeFile(fp);
/*
* Rename the temp file to its final name, deleting the old pg_pwd. We
* expect that rename(2) is an atomic action.
*/
if (rename(tempname, filename))
elog(ERROR, "rename %s to %s: %m", tempname, filename);
pfree((void *) tempname);
pfree((void *) filename);
}
/* This is the wrapper for triggers. */
Datum
update_pg_pwd(PG_FUNCTION_ARGS)
update_pg_pwd_and_pg_group(PG_FUNCTION_ARGS)
{
/*
* ExclusiveLock ensures no one modifies pg_shadow while we read it,
* and that only one backend rewrites the flat file at a time. It's
* OK to allow normal reads of pg_shadow in parallel, however.
*/
Relation rel = heap_openr(ShadowRelationName, ExclusiveLock);
Relation urel = heap_openr(ShadowRelationName, ExclusiveLock);
Relation grel = heap_openr(GroupRelationName, ExclusiveLock);
write_password_file(rel);
write_user_file(urel);
write_group_file(urel, grel);
/* OK to release lock, since we did not modify the relation */
heap_close(rel, ExclusiveLock);
heap_close(grel, ExclusiveLock);
heap_close(urel, ExclusiveLock);
/*
* Signal the postmaster to reload its password & group-file cache.
*/
SendPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE);
return PointerGetDatum(NULL);
}
@@ -445,15 +626,15 @@ CreateUser(CreateUserStmt *stmt)
AlterGroup(&ags, "CREATE USER");
}
/*
* Write the updated pg_shadow data to the flat password file.
*/
write_password_file(pg_shadow_rel);
/*
* Now we can clean up; but keep lock until commit.
*/
heap_close(pg_shadow_rel, NoLock);
/*
* Write the updated pg_shadow and pg_group data to the flat file.
*/
update_pg_pwd_and_pg_group(NULL);
}
@@ -679,15 +860,15 @@ AlterUser(AlterUserStmt *stmt)
ReleaseSysCache(tuple);
heap_freetuple(new_tuple);
/*
* Write the updated pg_shadow data to the flat password file.
*/
write_password_file(pg_shadow_rel);
/*
* Now we can clean up.
*/
heap_close(pg_shadow_rel, NoLock);
/*
* Write the updated pg_shadow and pg_group data to the flat file.
*/
update_pg_pwd_and_pg_group(NULL);
}
@@ -733,7 +914,7 @@ AlterUserSet(AlterUserSetStmt *stmt)
{
Datum datum;
bool isnull;
ArrayType *a;
ArrayType *array;
repl_null[Anum_pg_shadow_useconfig-1] = ' ';
@@ -741,17 +922,17 @@ AlterUserSet(AlterUserSetStmt *stmt)
Anum_pg_shadow_useconfig, &isnull);
if (valuestr)
a = GUCArrayAdd(isnull
array = GUCArrayAdd(isnull
? NULL
: (ArrayType *) pg_detoast_datum((struct varlena *)datum),
stmt->variable, valuestr);
else
a = GUCArrayDelete(isnull
array = GUCArrayDelete(isnull
? NULL
: (ArrayType *) pg_detoast_datum((struct varlena *)datum),
stmt->variable);
repl_val[Anum_pg_shadow_useconfig-1] = PointerGetDatum(a);
repl_val[Anum_pg_shadow_useconfig-1] = PointerGetDatum(array);
}
newtuple = heap_modifytuple(oldtuple, rel, repl_val, repl_null, repl_repl);
@@ -846,7 +1027,7 @@ DropUser(DropUserStmt *stmt)
datum = heap_getattr(tmp_tuple, Anum_pg_database_datname,
pg_dsc, &null);
Assert(!null);
dbname = DatumGetCString(DirectFunctionCall1(nameout, datum));
dbname = (char *) DatumGetName(datum);
elog(ERROR, "DROP USER: user \"%s\" owns database \"%s\", cannot be removed%s",
user, dbname,
(length(stmt->users) > 1) ? " (no users removed)" : "");
@@ -900,15 +1081,15 @@ DropUser(DropUserStmt *stmt)
CommandCounterIncrement();
}
/*
* Write the updated pg_shadow data to the flat password file.
*/
write_password_file(pg_shadow_rel);
/*
* Now we can clean up.
*/
heap_close(pg_shadow_rel, NoLock);
/*
* Write the updated pg_shadow and pg_group data to the flat file.
*/
update_pg_pwd_and_pg_group(NULL);
}
@@ -1111,6 +1292,11 @@ CreateGroup(CreateGroupStmt *stmt)
}
heap_close(pg_group_rel, NoLock);
/*
* Write the updated pg_shadow and pg_group data to the flat file.
*/
update_pg_pwd_and_pg_group(NULL);
}
@@ -1366,7 +1552,15 @@ AlterGroup(AlterGroupStmt *stmt, const char *tag)
ReleaseSysCache(group_tuple);
/*
* Write the updated pg_shadow and pg_group data to the flat files.
*/
heap_close(pg_group_rel, NoLock);
/*
* Write the updated pg_shadow and pg_group data to the flat file.
*/
update_pg_pwd_and_pg_group(NULL);
}
@@ -1419,4 +1613,9 @@ DropGroup(DropGroupStmt *stmt)
elog(ERROR, "DROP GROUP: group \"%s\" does not exist", stmt->name);
heap_close(pg_group_rel, NoLock);
/*
* Write the updated pg_shadow and pg_group data to the flat file.
*/
update_pg_pwd_and_pg_group(NULL);
}

6
src/backend/libpq/Makefile
View File

@@ -4,7 +4,7 @@
# Makefile for libpq subsystem (backend half of libpq interface)
#
# IDENTIFICATION
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.29 2002/03/04 01:46:02 tgl Exp $
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.30 2002/04/04 04:25:46 momjian Exp $
#
#-------------------------------------------------------------------------
@@ -14,9 +14,7 @@ include $(top_builddir)/src/Makefile.global
# be-fsstubs is here for historical reasons, probably belongs elsewhere
OBJS = be-fsstubs.o \
auth.o crypt.o hba.o md5.o password.o \
pqcomm.o pqformat.o pqsignal.o
OBJS = be-fsstubs.o auth.o crypt.o hba.o md5.o pqcomm.o pqformat.o pqsignal.o
all: SUBSYS.o

24
src/backend/libpq/auth.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.79 2002/03/05 07:57:45 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.80 2002/04/04 04:25:47 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -34,7 +34,6 @@
#include "miscadmin.h"
static void sendAuthRequest(Port *port, AuthRequest areq);
static int checkPassword(Port *port, char *user, char *password);
static int old_be_recvauth(Port *port);
static int map_old_to_new(Port *port, UserAuth old, int status);
static void auth_failed(Port *port, int status);
@@ -381,7 +380,7 @@ recv_and_check_passwordv0(Port *port)
saved = port->auth_method;
port->auth_method = uaPassword;
status = checkPassword(port, user, password);
status = md5_crypt_verify(port, user, password);
port->auth_method = saved;
@@ -663,7 +662,7 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg, struct pam_re
initStringInfo(&buf);
pq_getstr(&buf);
/* Do not echo failed password to logs, for security. */
elog(DEBUG5, "received PAM packet");
@@ -810,26 +809,13 @@ recv_and_check_password_packet(Port *port)
/* Do not echo failed password to logs, for security. */
elog(DEBUG5, "received password packet");
result = checkPassword(port, port->user, buf.data);
result = md5_crypt_verify(port, port->user, buf.data);
pfree(buf.data);
return result;
}
/*
* Handle `password' and `crypt' records. If an auth argument was
* specified, use the respective file. Else use pg_shadow passwords.
*/
static int
checkPassword(Port *port, char *user, char *password)
{
if (port->auth_arg[0] != '\0')
return verify_password(port, user, password);
return md5_crypt_verify(port, user, password);
}
/*
* Server demux routine for incoming authentication information for protocol
* version 0.

232
src/backend/libpq/crypt.c
View File

@@ -9,13 +9,12 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.44 2002/03/04 01:46:03 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.45 2002/04/04 04:25:47 momjian Exp $
*
*-------------------------------------------------------------------------
*/
#include "postgres.h"
#include <errno.h>
#include <unistd.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
@@ -25,231 +24,10 @@
#include "libpq/libpq.h"
#include "miscadmin.h"
#include "storage/fd.h"
#include "nodes/pg_list.h"
#include "utils/nabstime.h"
#define CRYPT_PWD_FILE "pg_pwd"
static char **pwd_cache = NULL;
static int pwd_cache_count = 0;
/*
* crypt_getpwdfilename --- get full pathname of password file
*
* Note that result string is palloc'd, and should be freed by the caller.
*/
char *
crypt_getpwdfilename(void)
{
int bufsize;
char *pfnam;
bufsize = strlen(DataDir) + 8 + strlen(CRYPT_PWD_FILE) + 1;
pfnam = (char *) palloc(bufsize);
snprintf(pfnam, bufsize, "%s/global/%s", DataDir, CRYPT_PWD_FILE);
return pfnam;
}
/*
* Open the password file if possible (return NULL if not)
*/
static FILE *
crypt_openpwdfile(void)
{
char *filename;
FILE *pwdfile;
filename = crypt_getpwdfilename();
pwdfile = AllocateFile(filename, "r");
if (pwdfile == NULL && errno != ENOENT)
elog(LOG, "could not open %s: %m", filename);
pfree(filename);
return pwdfile;
}
/*
* Compare two password-file lines on the basis of their usernames.
*
* Can also be used to compare just a username against a password-file
* line (for bsearch).
*/
static int
compar_user(const void *user_a, const void *user_b)
{
char *login_a;
char *login_b;
int len_a,
len_b,
result;
login_a = *((char **) user_a);
login_b = *((char **) user_b);
/*
* We only really want to compare the user logins which are first and
* are terminated by CRYPT_PWD_FILE_SEPSTR. (NB: this code
* effectively assumes that CRYPT_PWD_FILE_SEPSTR is just one char.)
*/
len_a = strcspn(login_a, CRYPT_PWD_FILE_SEPSTR);
len_b = strcspn(login_b, CRYPT_PWD_FILE_SEPSTR);
result = strncmp(login_a, login_b, Min(len_a, len_b));
if (result == 0) /* one could be a prefix of the other */
result = (len_a - len_b);
return result;
}
/*
* Load or reload the password-file cache
*/
void
load_password_cache(void)
{
FILE *pwd_file;
char buffer[1024];
/*
* If for some reason we fail to open the password file, preserve the
* old cache contents; this seems better than dropping the cache if,
* say, we are temporarily out of filetable slots.
*/
if (!(pwd_file = crypt_openpwdfile()))
return;
/* free any old data */
if (pwd_cache)
{
while (--pwd_cache_count >= 0)
pfree(pwd_cache[pwd_cache_count]);
pfree(pwd_cache);
pwd_cache = NULL;
pwd_cache_count = 0;
}
/*
* Read the file and store its lines in current memory context, which
* we expect will be PostmasterContext. That context will live as
* long as we need the cache to live, ie, until just after each
* postmaster child has completed client authentication.
*/
while (fgets(buffer, sizeof(buffer), pwd_file) != NULL)
{
int blen;
/*
* We must remove the return char at the end of the string, as
* this will affect the correct parsing of the password entry.
*/
if (buffer[(blen = strlen(buffer) - 1)] == '\n')
buffer[blen] = '\0';
if (pwd_cache == NULL)
pwd_cache = (char **)
palloc(sizeof(char *) * (pwd_cache_count + 1));
else
pwd_cache = (char **)
repalloc((void *) pwd_cache,
sizeof(char *) * (pwd_cache_count + 1));
pwd_cache[pwd_cache_count++] = pstrdup(buffer);
}
FreeFile(pwd_file);
/*
* Now sort the entries in the cache for faster searching later.
*/
qsort((void *) pwd_cache, pwd_cache_count, sizeof(char *), compar_user);
}
/*
* Parse a line of the password file to extract password and valid-until date.
*/
static bool
crypt_parsepwdentry(char *buffer, char **pwd, char **valdate)
{
char *parse = buffer;
int count,
i;
*pwd = NULL;
*valdate = NULL;
/*
* skip to the password field
*/
for (i = 0; i < 6; i++)
{
parse += strcspn(parse, CRYPT_PWD_FILE_SEPSTR);
if (*parse == '\0')
return false;
parse++;
}
/*
* store a copy of user password to return
*/
count = strcspn(parse, CRYPT_PWD_FILE_SEPSTR);
*pwd = (char *) palloc(count + 1);
memcpy(*pwd, parse, count);
(*pwd)[count] = '\0';
parse += count;
if (*parse == '\0')
{
pfree(*pwd);
*pwd = NULL;
return false;
}
parse++;
/*
* store a copy of the date login becomes invalid
*/
count = strcspn(parse, CRYPT_PWD_FILE_SEPSTR);
*valdate = (char *) palloc(count + 1);
memcpy(*valdate, parse, count);
(*valdate)[count] = '\0';
return true;
}
/*
* Lookup a username in the password-file cache,
* return his password and valid-until date.
*/
static bool
crypt_getloginfo(const char *user, char **passwd, char **valuntil)
{
*passwd = NULL;
*valuntil = NULL;
if (pwd_cache)
{
char **pwd_entry;
pwd_entry = (char **) bsearch((void *) &user,
(void *) pwd_cache,
pwd_cache_count,
sizeof(char *),
compar_user);
if (pwd_entry)
{
if (crypt_parsepwdentry(*pwd_entry, passwd, valuntil))
return true;
}
}
return false;
}
/*-------------------------------------------------------------------------*/
int
md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
{
@@ -257,10 +35,14 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
*valuntil,
*crypt_pwd;
int retval = STATUS_ERROR;
List **line;
if (!crypt_getloginfo(user, &passwd, &valuntil))
if ((line = get_user_line(user)) == NULL)
return STATUS_ERROR;
passwd = lfirst(lnext(lnext(*line)));
valuntil = lfirst(lnext(lnext(lnext(*line))));
if (passwd == NULL || *passwd == '\0')
{
if (passwd)

828
src/backend/libpq/hba.c
View File

File diff suppressed because it is too large Load Diff

109
src/backend/libpq/password.c
View File

@@ -1,109 +0,0 @@
/*
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: password.c,v 1.41 2002/03/04 01:46:03 tgl Exp $
*
*/
#include <errno.h>
#include <unistd.h>
#include "postgres.h"
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
#include "libpq/libpq.h"
#include "libpq/password.h"
#include "libpq/crypt.h"
#include "miscadmin.h"
#include "storage/fd.h"
int
verify_password(const Port *port, const char *user, const char *password)
{
char *pw_file_fullname;
FILE *pw_file;
pw_file_fullname = (char *) palloc(strlen(DataDir) + strlen(port->auth_arg) + 2);
strcpy(pw_file_fullname, DataDir);
strcat(pw_file_fullname, "/");
strcat(pw_file_fullname, port->auth_arg);
pw_file = AllocateFile(pw_file_fullname, PG_BINARY_R);
if (!pw_file)
{
elog(LOG, "verify_password: Unable to open password file \"%s\": %m",
pw_file_fullname);
pfree(pw_file_fullname);
return STATUS_ERROR;
}
pfree(pw_file_fullname);
while (!feof(pw_file))
{
char pw_file_line[255],
*p,
*test_user,
*test_pw;
if (fgets(pw_file_line, sizeof(pw_file_line), pw_file) == NULL)
pw_file_line[0] = '\0';
/* kill the newline */
if (strlen(pw_file_line) > 0 &&
pw_file_line[strlen(pw_file_line) - 1] == '\n')
pw_file_line[strlen(pw_file_line) - 1] = '\0';
p = pw_file_line;
test_user = strtok(p, ":");
if (!test_user || test_user[0] == '\0')
continue;
test_pw = strtok(NULL, ":");
if (strcmp(user, test_user) == 0)
{
/* we're outta here one way or the other, so close file */
FreeFile(pw_file);
/*
* If the password is empty or "+" then we use the regular
* pg_shadow passwords. If we use crypt then we have to use
* pg_shadow passwords no matter what. This is because the
* current code needs non-encrypted passwords to encrypt with
* a random salt.
*/
if (port->auth_method == uaMD5 ||
port->auth_method == uaCrypt ||
test_pw == NULL ||
test_pw[0] == '\0' ||
strcmp(test_pw, "+") == 0)
return md5_crypt_verify(port, user, password);
/* external password file is crypt-only */
if (strcmp(crypt(password, test_pw), test_pw) == 0)
{
/* it matched. */
return STATUS_OK;
}
elog(LOG, "verify_password: password mismatch for '%s'",
user);
return STATUS_ERROR;
}
}
FreeFile(pw_file);
elog(LOG, "verify_password: user '%s' not found in password file",
user);
return STATUS_ERROR;
}

183
src/backend/libpq/pg_hba.conf.sample
View File

@@ -42,22 +42,36 @@
#
# Format:
#
# host DBNAME IP_ADDRESS ADDRESS_MASK AUTH_TYPE [AUTH_ARGUMENT]
# host DATABASE USER IP_ADDRESS MASK AUTH_TYPE
#
# DBNAME can be:
# o a database name
# o "all", which means the record matches all databases
# o "sameuser", which means users can only access databases whose name
# is the same as their username
# DATABASE can be:
# o a database name
# o "sameuser", which means a user can only access a database with the
# same name as their user name
# o "samegroup", which means a user can only access databases when they
# are members of a group with the same name as the database name
# o "all", which matches all databases
# o a list of database names, separated by commas
# o a file name containing database names, starting with '@'
#
# IP_ADDRESS and ADDRESS_MASK are standard dotted decimal IP address and
# USER can be:
# o a user name
# o "all", which matches all users
# o a list of user names, separated by commas
# o a group name, starting with '+'
# o a file name containing user names, starting with '@'
#
# Files read using '@' can contain comma-separated database/user names,
# or one name per line. The files can also contain comments using '#'.
#
# IP_ADDRESS and MASK are standard dotted decimal IP address and
# mask values. IP addresses can only be specified numerically, not as
# domain or host names.
#
# Do not prevent the superuser from accessing the template1 database.
# Various utility commands need access to template1.
#
# AUTH_TYPE and AUTH_ARGUMENT are described below.
# AUTH_TYPE is described below.
#
#
# hostssl
@@ -65,10 +79,8 @@
#
# The format of this record is identical to "host".
#
#
#
# It specifies hosts that required connection via secure SSL. "host"
# records allow SSL connections too, but "hostssl" only allows SSL-secured
# It specifies hosts that require connection via secure SSL. "host"
# allows SSL connections too, but "hostssl" requires SSL-secured
# connections.
#
# This keyword is only available if the server was compiled with SSL
@@ -82,10 +94,10 @@
# connections. Without this record, UNIX-socket connections are disallowed
#
# Format:
# local DBNAME AUTH_TYPE [AUTH_ARGUMENT]
# local DATABASE USER AUTH_TYPE
#
# This format is identical to the "host" record type except there are no
# IP_ADDRESS and ADDRESS_MASK fields.
# IP_ADDRESS and MASK fields.
#
#
#
@@ -96,57 +108,38 @@
# has an AUTH_TYPE.
#
# trust:
# No authentication is done. Any valid username is accepted,
# No authentication is done. Any valid user name is accepted,
# including the PostgreSQL superuser. This option should
# be used only for hosts where all users are trusted.
#
# password:
# Authentication is done by matching a password supplied
# in clear by the host. If no AUTH_ARGUMENT is used, the
# password is compared with the user's entry in the
# pg_shadow table.
#
# If AUTH_ARGUMENT is specified, the username is looked up
# in that file in the $PGDATA directory. If the username
# is found but there is no password, the password is looked
# up in pg_shadow. If a password exists in the file, it is
# used instead. These secondary files allow fine-grained
# control over who can access which databases and whether
# a non-default password is required. The same file can be
# used in multiple records for easier administration.
# Password files can be maintained with the pg_passwd(1)
# utility. Remember, these passwords override pg_shadow
# passwords. Also, such passwords are passed over the network
# in cleartext, meaning this should not be used on untrusted
# networks.
#
# md5:
# Same as "password", except the password is encrypted over the
# network. This method is preferable to "password" and "crypt"
# except for pre-7.2 clients that don't support it. NOTE: md5 can
# use usernames stored in secondary password files but ignores
# passwords stored there. The pg_shadow password will always be
# used.
# Requires the client to supply an MD5 encrypted password for
# authentication. This is the only method that allows encrypted
# passwords to be stored in pg_shadow.
#
# crypt:
# Same as "md5", but uses crypt for pre-7.2 clients. You can
# not store encrypted passwords in pg_shadow if you use this
# method.
# Same as "md5", but uses crypt for pre-7.2 clients.
#
# password:
# Same as "md5", but the password is sent in cleartext over
# the network. This should not be used on untrusted
# networks.
#
# ident:
# For TCP/IP connections, authentication is done by contacting the
# ident server on the client host. This is only as secure as the
# client machine. On machines that support unix-domain socket
# credentials (currently Linux, FreeBSD, NetBSD, and BSD/OS), this
# method also works for "local" connections.
# client machine. You must specify the map name after the 'ident'
# keyword. It determines how to map remote user names to
# PostgreSQL user names. If you use "sameuser", the user names are
# assumed to be identical. If not, the map name is looked up
# in the $PGDATA/pg_ident.conf file. The connection is accepted if
# that file contains an entry for this map name with the
# ident-supplied username and the requested PostgreSQL username.
#
# AUTH_ARGUMENT is required. It determines how to map remote user
# names to PostgreSQL user names. If you use "sameuser", the user
# names are assumed to be the identical. If not, AUTH_ARGUMENT is
# assumed to be a map name found in the $PGDATA/pg_ident.conf
# file. The connection is accepted if that file contains an entry
# for this map name with the ident-supplied username and the
# requested PostgreSQL username.
# On machines that support unix-domain socket credentials
# (currently Linux, FreeBSD, NetBSD, and BSD/OS), ident allows
# reliable authentication of 'local' connections without ident
# running on the local machine.
#
# krb4:
# Kerberos V4 authentication is used. Allowed only for
@@ -157,10 +150,10 @@
# TCP/IP connections, not for local UNIX-domain sockets.
#
# pam:
# Authentication is passed off to PAM (PostgreSQL must be
# configured --with-pam), using the default service name
# "postgresql" - you can specify your own service name by
# setting AUTH_ARGUMENT to the desired service name.
# Authentication is done by PAM using the default service name
# "postgresql". You can specify your own service name by adding
# the service name after the 'pam' keyword. To use this option,
# PostgreSQL must be configured --with-pam.
#
# reject:
# Reject the connection. This is used to reject certain hosts
@@ -177,60 +170,70 @@
# Allow any user on the local system to connect to any database under any
# username using Unix-domain sockets (the default for local connections):
#
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
# local all trust
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
# local all all trust
#
# The same using local loopback TCP/IP connections:
#
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
# host all 127.0.0.1 255.255.255.255 trust
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
# host all all 127.0.0.1 255.255.255.255 trust
#
# Allow any user from any host with IP address 192.168.93.x to
# connect to database "template1" as the same username that ident reports
# for the connection (typically his Unix username):
#
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
# host template1 192.168.93.0 255.255.255.0 ident sameuser
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
# host template1 all 192.168.93.0 255.255.255.0 ident sameuser
#
# Allow a user from host 192.168.12.10 to connect to database "template1"
# if the user's password in pg_shadow is correctly supplied:
# if the user's password is correctly supplied:
#
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
# host template1 192.168.12.10 255.255.255.255 md5
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
# host template1 all 192.168.12.10 255.255.255.255 md5
#
# In the absence of preceding "host" lines, these two lines will reject
# all connection from 192.168.54.1 (since that entry will be matched
# first), but allow Kerberos V5 connections from anywhere else on the
# Internet. The zero mask means that no bits of the host IP address are
# considered, so it matches any host:
# considered so it matches any host:
#
#
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
# host all 192.168.54.1 255.255.255.255 reject
# host all 0.0.0.0 0.0.0.0 krb5
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
# host all all 192.168.54.1 255.255.255.255 reject
# host all all 0.0.0.0 0.0.0.0 krb5
#
# Allow users from 192.168.x.x hosts to connect to any database if they
# pass the ident check. For example, if ident says the user is "james" and
# he requests to connect as PostgreSQL user "guest", the connection is
# allowed if there is an entry in $PGDATA/pg_ident.conf with map name
# "phoenix" that says "james" is allowed to connect as "guest":
#
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
# host all 192.168.0.0 255.255.0.0 ident phoenix
#
# If these are the only two lines for local connections, they will allow
# local users to connect only to their own databases (databases with the
# same name as their user name) except for administrators who may connect
# to all databases. The file $PGDATA/admins lists the user names who are
# permitted to connect to all databases. Passwords are required in all
# cases. (If you prefer to use ident authorization, an ident map can
# serve a parallel purpose to the password list file used here.)
#
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
# local sameuser md5
# local all md5 admins
#
# See $PGDATA/pg_ident.conf for more information on Ident maps.
#
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
# host all all 192.168.0.0 255.255.0.0 ident phoenix
#
# If these are the only three lines for local connections, they will
# allow local users to connect only to their own databases (databases
# with the same name as their user name) except for administrators and
# members of group 'support' who may connect to all databases . The file
# $PGDATA/admins contains a list of user names. Passwords are required in
# all cases.
#
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
# local sameuser all md5
# local all @admins md5
# local all +support md5
#
# The last two lines above can be combined into a single line:
#
# local all @admins,+support md5
#
# The database column can also use lists and file names, but not groups:
#
# local db1,db2,@demodbs all md5
#
#
#
#
#
#
@@ -250,7 +253,7 @@
# configuration is probably too liberal for you. Change it to use
# something other than "trust" authentication.
#
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
local all trust
host all 127.0.0.1 255.255.255.255 trust
local all all trust
host all all 127.0.0.1 255.255.255.255 trust

16
src/backend/postmaster/postmaster.c
View File

@@ -37,7 +37,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.271 2002/03/15 19:20:35 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.272 2002/04/04 04:25:48 momjian Exp $
*
* NOTES
*
@@ -748,8 +748,10 @@ PostmasterMain(int argc, char *argv[])
/*
* Load cached files for client authentication.
*/
load_hba_and_ident();
load_password_cache();
load_hba();
load_ident();
load_user();
load_group();
/*
* We're ready to rock and roll...
@@ -1389,7 +1391,8 @@ SIGHUP_handler(SIGNAL_ARGS)
elog(LOG, "Received SIGHUP, reloading configuration files");
SignalChildren(SIGHUP);
ProcessConfigFile(PGC_SIGHUP);
load_hba_and_ident();
load_hba();
load_ident();
}
PG_SETMASK(&UnBlockSig);
@@ -2288,9 +2291,10 @@ sigusr1_handler(SIGNAL_ARGS)
if (CheckPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE))
{
/*
* Password file has changed.
* Password or group file has changed.
*/
load_password_cache();
load_user();
load_group();
}
if (CheckPostmasterSignal(PMSIGNAL_WAKEN_CHILDREN))

6
src/backend/utils/adt/quote.c
View File

@@ -7,7 +7,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/quote.c,v 1.6 2001/10/28 06:25:53 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/quote.c,v 1.7 2002/04/04 04:25:49 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -124,8 +124,6 @@ do_quote_ident(text *iptr)
{
if (*cp1 == '"')
*cp2++ = '"';
if (*cp1 == '\\')
*cp2++ = '\\';
*cp2++ = *cp1++;
}
*cp2++ = '"';
@@ -234,8 +232,6 @@ do_quote_ident(text *iptr)
if (*cp1 == '"')
*cp2++ = '"';
if (*cp1 == '\\')
*cp2++ = '\\';
*cp2++ = *cp1++;
len--;

317
src/backend/utils/init/miscinit.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.85 2002/03/04 04:45:27 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.86 2002/04/04 04:25:49 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -236,85 +236,17 @@ pg_convert2(PG_FUNCTION_ARGS)
#ifdef CYR_RECODE
#define MAX_TOKEN 80
/*
* Some standard C libraries, including GNU, have an isblank() function.
* Others, including Solaris, do not. So we have our own.
*/
static bool
isblank(const char c)
{
return c == ' ' || c == '\t';
}
/*
* Grab one token out of fp. Tokens are strings of non-blank
* characters bounded by blank characters, beginning of line, and end
* of line. Blank means space or tab. Return the token as *buf.
* Leave file positioned to character immediately after the token or
* EOF, whichever comes first. If no more tokens on line, return null
* string as *buf and position file to beginning of next line or EOF,
* whichever comes first.
*/
static void
next_token(FILE *fp, char *buf, const int bufsz)
{
int c;
char *eb = buf + (bufsz - 1);
/* Move over initial token-delimiting blanks */
while ((c = getc(fp)) != EOF && isblank(c))
;
if (c != EOF && c != '\n')
{
/*
* build a token in buf of next characters up to EOF, eol, or
* blank. If the token gets too long, we still parse it
* correctly, but the excess characters are not stored into *buf.
*/
while (c != EOF && c != '\n' && !isblank(c))
{
if (buf < eb)
*buf++ = c;
c = getc(fp);
}
/*
* Put back the char right after the token (critical in case it is
* eol, since we need to detect end-of-line at next call).
*/
if (c != EOF)
ungetc(c, fp);
}
*buf = '\0';
}
static void
read_through_eol(FILE *file)
{
int c;
while ((c = getc(file)) != EOF && c != '\n')
;
}
void
SetCharSet(void)
{
FILE *file;
char *p;
char *filename;
char *map_file;
char buf[MAX_TOKEN];
int i,
c;
unsigned char FromChar,
ToChar;
char ChTable[80];
char ChTable[MAX_TOKEN];
for (i = 0; i < 128; i++)
{
@@ -325,39 +257,40 @@ SetCharSet(void)
if (IsUnderPostmaster)
{
GetCharSetByHost(ChTable, MyProcPort->raddr.in.sin_addr.s_addr, DataDir);
p = ChTable;
filename = ChTable;
}
else
p = getenv("PG_RECODETABLE");
filename = getenv("PG_RECODETABLE");
if (p && *p != '\0')
if (filename && *filename != '\0')
{
map_file = palloc(strlen(DataDir) + strlen(p) + 2);
sprintf(map_file, "%s/%s", DataDir, p);
file = AllocateFile(map_file, PG_BINARY_R);
map_file = palloc(strlen(DataDir) + strlen(filename) + 2);
sprintf(map_file, "%s/%s", DataDir, filename);
file = AllocateFile(map_file, "r");
pfree(map_file);
if (file == NULL)
return;
while ((c = getc(file)) != EOF)
while (!feof(file))
{
if (c == '#')
read_through_eol(file);
else
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
{
/* Read the FromChar */
ungetc(c, file);
FromChar = strtoul(buf, 0, 0);
/* Read the ToChar */
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
{
FromChar = strtoul(buf, 0, 0);
/* Read the ToChar */
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
ToChar = strtoul(buf, 0, 0);
RecodeForwTable[FromChar - 128] = ToChar;
RecodeBackTable[ToChar - 128] = FromChar;
/* read to EOL */
while (!feof(file) && buf[0])
{
ToChar = strtoul(buf, 0, 0);
RecodeForwTable[FromChar - 128] = ToChar;
RecodeBackTable[ToChar - 128] = FromChar;
read_through_eol(file);
next_token(file, buf, sizeof(buf));
elog(LOG, "SetCharSet: unknown tag %s in file %s"
buf, filename);
}
}
}
@@ -366,6 +299,7 @@ SetCharSet(void)
}
}
char *
convertstr(unsigned char *buff, int len, int dest)
{
@@ -384,7 +318,206 @@ convertstr(unsigned char *buff, int len, int dest)
}
return ch;
}
#endif
#define CHARSET_FILE "charset.conf"
#define MAX_CHARSETS 10
#define KEY_HOST 1
#define KEY_BASE 2
#define KEY_TABLE 3
struct CharsetItem
{
char Orig[MAX_TOKEN];
char Dest[MAX_TOKEN];
char Table[MAX_TOKEN];
};
static bool
CharSetInRange(char *buf, int host)
{
int valid,
i,
FromAddr,
ToAddr,
tmp;
struct in_addr file_ip_addr;
char *p;
unsigned int one = 0x80000000,
NetMask = 0;
unsigned char mask;
p = strchr(buf, '/');
if (p)
{
*p++ = '\0';
valid = inet_aton(buf, &file_ip_addr);
if (valid)
{
mask = strtoul(p, 0, 0);
FromAddr = ntohl(file_ip_addr.s_addr);
ToAddr = ntohl(file_ip_addr.s_addr);
for (i = 0; i < mask; i++)
{
NetMask |= one;
one >>= 1;
}
FromAddr &= NetMask;
ToAddr = ToAddr | ~NetMask;
tmp = ntohl(host);
return ((unsigned) tmp >= (unsigned) FromAddr &&
(unsigned) tmp <= (unsigned) ToAddr);
}
}
else
{
p = strchr(buf, '-');
if (p)
{
*p++ = '\0';
valid = inet_aton(buf, &file_ip_addr);
if (valid)
{
FromAddr = ntohl(file_ip_addr.s_addr);
valid = inet_aton(p, &file_ip_addr);
if (valid)
{
ToAddr = ntohl(file_ip_addr.s_addr);
tmp = ntohl(host);
return ((unsigned) tmp >= (unsigned) FromAddr &&
(unsigned) tmp <= (unsigned) ToAddr);
}
}
}
else
{
valid = inet_aton(buf, &file_ip_addr);
if (valid)
{
FromAddr = file_ip_addr.s_addr;
return (unsigned) FromAddr == (unsigned) host;
}
}
}
return false;
}
static void
GetCharSetByHost(char *TableName, int host, const char *DataDir)
{
FILE *file;
char buf[MAX_TOKEN],
BaseCharset[MAX_TOKEN],
OrigCharset[MAX_TOKEN],
DestCharset[MAX_TOKEN],
HostCharset[MAX_TOKEN],
*map_file;
int key,
ChIndex = 0,
c,
i,
bufsize;
struct CharsetItem *ChArray[MAX_CHARSETS];
*TableName = '\0';
bufsize = (strlen(DataDir) + strlen(CHARSET_FILE) + 2) * sizeof(char);
map_file = (char *) palloc(bufsize);
snprintf(map_file, bufsize, "%s/%s", DataDir, CHARSET_FILE);
file = AllocateFile(map_file, "r");
pfree(map_file);
if (file == NULL)
{
/* XXX should we log a complaint? */
return;
}
while (!feof(file))
{
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
{
key = 0;
if (strcasecmp(buf, "HostCharset") == 0)
key = KEY_HOST;
else if (strcasecmp(buf, "BaseCharset") == 0)
key = KEY_BASE;
else if (strcasecmp(buf, "RecodeTable") == 0)
key = KEY_TABLE;
else
elog(LOG, "GetCharSetByHost: unknown tag %s in file %s"
buf, CHARSET_FILE);
switch (key)
{
case KEY_HOST:
/* Read the host */
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
{
if (CharSetInRange(buf, host))
{
/* Read the charset */
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
strcpy(HostCharset, buf);
}
}
break;
case KEY_BASE:
/* Read the base charset */
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
strcpy(BaseCharset, buf);
break;
case KEY_TABLE:
/* Read the original charset */
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
{
strcpy(OrigCharset, buf);
/* Read the destination charset */
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
{
strcpy(DestCharset, buf);
/* Read the table filename */
next_token(file, buf, sizeof(buf));
if (buf[0] != '\0')
{
ChArray[ChIndex] =
(struct CharsetItem *) palloc(sizeof(struct CharsetItem));
strcpy(ChArray[ChIndex]->Orig, OrigCharset);
strcpy(ChArray[ChIndex]->Dest, DestCharset);
strcpy(ChArray[ChIndex]->Table, buf);
ChIndex++;
}
}
}
break;
}
/* read to EOL */
while (!feof(file) && buf[0])
{
next_token(file, buf, sizeof(buf));
elog(LOG, "GetCharSetByHost: unknown tag %s in file %s"
buf, CHARSET_FILE);
}
}
}
FreeFile(file);
for (i = 0; i < ChIndex; i++)
{
if (strcasecmp(BaseCharset, ChArray[i]->Orig) == 0 &&
strcasecmp(HostCharset, ChArray[i]->Dest) == 0)
strncpy(TableName, ChArray[i]->Table, 79);
pfree(ChArray[i]);
}
}
#endif /* CYR_RECODE */