database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-11 10:01:57 +03:00
Code Activity

Report pg_hba line number and contents when users fail to log in

Browse Source 
Instead of just reporting which user failed to log in, log both the
line number in the active pg_hba.conf file (which may not match reality
in case the file has been edited and not reloaded) and the contents of
the matching line (which will always be correct), to make it easier
to debug incorrect pg_hba.conf files.

The message to the client remains unchanged and does not include this
information, to prevent leaking security sensitive information.

Reviewed by Tom Lane and Dean Rasheed
This commit is contained in:
Magnus Hagander
2013-03-10 15:54:37 +01:00
parent 96443d1420
commit 7f49a67f95
3 changed files with 81 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/backend/libpq/auth.c
View File

@ -297,9 +297,16 @@ auth_failed(Port *port, int status)
break;
}
ereport(FATAL,
(errcode(errcode_return),
errmsg(errstr, port->user_name)));
if (port->hba)
ereport(FATAL,
(errcode(errcode_return),
errmsg(errstr, port->user_name),
errdetail_log("Connection matched pg_hba.conf line %d: \"%s\"", port->hba->linenumber, port->hba->rawline)));
else
ereport(FATAL,
(errcode(errcode_return),
errmsg(errstr, port->user_name)));
/* doesn't return */
}