database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-10 17:42:29 +03:00
Code Activity

Error message editing in backend/libpq, backend/postmaster, backend/tcop.

Browse Source 
Along the way, fix some logic problems in pgstat_initstats, notably the
bogus assumption that malloc returns zeroed memory.
This commit is contained in:
Tom Lane
2003-07-22 19:00:12 +00:00
parent 277dbb0c34
commit b05d3ae1ed
21 changed files with 1254 additions and 815 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
src/backend/libpq/auth.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.103 2003/06/25 01:19:47 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.104 2003/07/22 19:00:10 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -109,20 +109,22 @@ pg_krb4_recvauth(Port *port)
version);
if (status != KSUCCESS)
{
elog(LOG, "pg_krb4_recvauth: kerberos error: %s",
krb_err_txt[status]);
ereport(LOG,
(errmsg("kerberos error: %s", krb_err_txt[status])));
return STATUS_ERROR;
}
if (strncmp(version, PG_KRB4_VERSION, KRB_SENDAUTH_VLEN) != 0)
{
elog(LOG, "pg_krb4_recvauth: protocol version \"%s\" != \"%s\"",
version, PG_KRB4_VERSION);
ereport(LOG,
(errmsg("kerberos protocol version \"%s\" != \"%s\"",
version, PG_KRB4_VERSION)));
return STATUS_ERROR;
}
if (strncmp(port->user_name, auth_data.pname, SM_DATABASE_USER) != 0)
{
elog(LOG, "pg_krb4_recvauth: name \"%s\" != \"%s\"",
port->user_name, auth_data.pname);
ereport(LOG,
(errmsg("kerberos user name \"%s\" != \"%s\"",
port->user_name, auth_data.pname)));
return STATUS_ERROR;
}
return STATUS_OK;
@@ -133,7 +135,9 @@ pg_krb4_recvauth(Port *port)
static int
pg_krb4_recvauth(Port *port)
{
elog(LOG, "pg_krb4_recvauth: Kerberos not implemented on this server");
ereport(LOG,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("kerberos v4 not implemented on this server")));
return STATUS_ERROR;
}
#endif /* KRB4 */
@@ -193,8 +197,9 @@ pg_krb5_init(void)
retval = krb5_init_context(&pg_krb5_context);
if (retval)
{
elog(LOG, "pg_krb5_init: krb5_init_context returned Kerberos error %d",
retval);
ereport(LOG,
(errmsg("kerberos init returned error %d",
retval)));
com_err("postgres", retval, "while initializing krb5");
return STATUS_ERROR;
}
@@ -202,9 +207,10 @@ pg_krb5_init(void)
retval = krb5_kt_resolve(pg_krb5_context, pg_krb_server_keyfile, &pg_krb5_keytab);
if (retval)
{
elog(LOG, "pg_krb5_init: krb5_kt_resolve returned Kerberos error %d",
retval);
com_err("postgres", retval, "while resolving keytab file %s",
ereport(LOG,
(errmsg("kerberos keytab resolve returned error %d",
retval)));
com_err("postgres", retval, "while resolving keytab file \"%s\"",
pg_krb_server_keyfile);
krb5_free_context(pg_krb5_context);
return STATUS_ERROR;
@@ -214,10 +220,11 @@ pg_krb5_init(void)
KRB5_NT_SRV_HST, &pg_krb5_server);
if (retval)
{
elog(LOG, "pg_krb5_init: krb5_sname_to_principal returned Kerberos error %d",
retval);
ereport(LOG,
(errmsg("kerberos sname_to_principal(\"%s\") returned error %d",
PG_KRB_SRVNAM, retval)));
com_err("postgres", retval,
"while getting server principal for service %s",
"while getting server principal for service \"%s\"",
PG_KRB_SRVNAM);
krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
krb5_free_context(pg_krb5_context);
@@ -258,8 +265,9 @@ pg_krb5_recvauth(Port *port)
pg_krb5_server, 0, pg_krb5_keytab, &ticket);
if (retval)
{
elog(LOG, "pg_krb5_recvauth: krb5_recvauth returned Kerberos error %d",
retval);
ereport(LOG,
(errmsg("kerberos recvauth returned error %d",
retval)));
com_err("postgres", retval, "from krb5_recvauth");
return STATUS_ERROR;
}
@@ -282,8 +290,9 @@ pg_krb5_recvauth(Port *port)
#endif
if (retval)
{
elog(LOG, "pg_krb5_recvauth: krb5_unparse_name returned Kerberos error %d",
retval);
ereport(LOG,
(errmsg("kerberos unparse_name returned error %d",
retval)));
com_err("postgres", retval, "while unparsing client name");
krb5_free_ticket(pg_krb5_context, ticket);
krb5_auth_con_free(pg_krb5_context, auth_context);
@@ -293,8 +302,9 @@ pg_krb5_recvauth(Port *port)
kusername = pg_an_to_ln(kusername);
if (strncmp(port->user_name, kusername, SM_DATABASE_USER))
{
elog(LOG, "pg_krb5_recvauth: user name \"%s\" != krb5 name \"%s\"",
port->user_name, kusername);
ereport(LOG,
(errmsg("kerberos user name \"%s\" != \"%s\"",
port->user_name, kusername)));
ret = STATUS_ERROR;
}
else
@@ -312,7 +322,9 @@ pg_krb5_recvauth(Port *port)
static int
pg_krb5_recvauth(Port *port)
{
elog(LOG, "pg_krb5_recvauth: Kerberos not implemented on this server");
ereport(LOG,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("kerberos v5 not implemented on this server")));
return STATUS_ERROR;
}
#endif /* KRB5 */
@@ -377,8 +389,10 @@ auth_failed(Port *port, int status)
#endif /* USE_PAM */
}
elog(FATAL, "%s authentication failed for user \"%s\"",
authmethod, port->user_name);
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("%s authentication failed for user \"%s\"",
authmethod, port->user_name)));
/* doesn't return */
}
@@ -399,7 +413,10 @@ ClientAuthentication(Port *port)
* an error message into the postmaster logfile if it failed.
*/
if (hba_getauthmethod(port) != STATUS_OK)
elog(FATAL, "Missing or erroneous pg_hba.conf file, see postmaster log for details");
ereport(FATAL,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("missing or erroneous pg_hba.conf file"),
errhint("See postmaster log for details.")));
switch (port->auth_method)
{
@@ -417,15 +434,16 @@ ClientAuthentication(Port *port)
{
char hostinfo[NI_MAXHOST];
getnameinfo(
(struct sockaddr *)&port->raddr.addr,
port->raddr.salen,
hostinfo, sizeof(hostinfo),
NULL, 0, NI_NUMERICHOST);
getnameinfo((struct sockaddr *) &port->raddr.addr,
port->raddr.salen,
hostinfo, sizeof(hostinfo),
NULL, 0,
NI_NUMERICHOST);
elog(FATAL,
"No pg_hba.conf entry for host %s, user %s, database %s",
hostinfo, port->user_name, port->database_name);
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"",
hostinfo, port->user_name, port->database_name)));
break;
}
@@ -433,10 +451,9 @@ ClientAuthentication(Port *port)
/* Kerberos 4 only seems to work with AF_INET. */
if (port->raddr.addr.ss_family != AF_INET
|| port->laddr.addr.ss_family != AF_INET)
{
elog(FATAL,
"Unsupported protocol for Kerberos 4");
}
ereport(FATAL,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("kerberos 4 only supports IPv4 connections")));
sendAuthRequest(port, AUTH_REQ_KRB4);
status = pg_krb4_recvauth(port);
break;
@@ -466,7 +483,9 @@ ClientAuthentication(Port *port)
int on = 1;
if (setsockopt(port->sock, 0, LOCAL_CREDS, &on, sizeof(on)) < 0)
elog(FATAL, "pg_local_sendauth: can't do setsockopt: %m");
ereport(FATAL,
(errcode_for_socket_access(),
errmsg("failed to enable credential receipt: %m")));
}
#endif
if (port->raddr.addr.ss_family == AF_UNIX)
@@ -552,12 +571,14 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
switch (msg[0]->msg_style)
{
case PAM_ERROR_MSG:
elog(LOG, "pam_passwd_conv_proc: Error from underlying PAM layer: '%s'",
msg[0]->msg);
ereport(LOG,
(errmsg("error from underlying PAM layer: %s",
msg[0]->msg)));
return PAM_CONV_ERR;
default:
elog(LOG, "pam_passwd_conv_proc: Unexpected PAM conversation %d/'%s'",
msg[0]->msg_style, msg[0]->msg);
ereport(LOG,
(errmsg("unsupported PAM conversation %d/%s",
msg[0]->msg_style, msg[0]->msg)));
return PAM_CONV_ERR;
}
}
@@ -587,7 +608,8 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
if (strlen(passwd) == 0)
{
elog(LOG, "pam_passwd_conv_proc: no password");
ereport(LOG,
(errmsg("empty password returned by client")));
return PAM_CONV_ERR;
}
appdata_ptr = passwd;
@@ -600,7 +622,9 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
*resp = calloc(num_msg, sizeof(struct pam_response));
if (!*resp)
{
elog(LOG, "pam_passwd_conv_proc: Out of memory!");
ereport(LOG,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("out of memory")));
return PAM_CONV_ERR;
}
@@ -644,8 +668,9 @@ CheckPAMAuth(Port *port, char *user, char *password)
if (retval != PAM_SUCCESS)
{
elog(LOG, "CheckPAMAuth: Failed to create PAM authenticator: '%s'",
pam_strerror(pamh, retval));
ereport(LOG,
(errmsg("Failed to create PAM authenticator: %s",
pam_strerror(pamh, retval))));
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
@@ -654,8 +679,9 @@ CheckPAMAuth(Port *port, char *user, char *password)
if (retval != PAM_SUCCESS)
{
elog(LOG, "CheckPAMAuth: pam_set_item(PAM_USER) failed: '%s'",
pam_strerror(pamh, retval));
ereport(LOG,
(errmsg("pam_set_item(PAM_USER) failed: %s",
pam_strerror(pamh, retval))));
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
@@ -664,8 +690,9 @@ CheckPAMAuth(Port *port, char *user, char *password)
if (retval != PAM_SUCCESS)
{
elog(LOG, "CheckPAMAuth: pam_set_item(PAM_CONV) failed: '%s'",
pam_strerror(pamh, retval));
ereport(LOG,
(errmsg("pam_set_item(PAM_CONV) failed: %s",
pam_strerror(pamh, retval))));
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
@@ -674,8 +701,9 @@ CheckPAMAuth(Port *port, char *user, char *password)
if (retval != PAM_SUCCESS)
{
elog(LOG, "CheckPAMAuth: pam_authenticate failed: '%s'",
pam_strerror(pamh, retval));
ereport(LOG,
(errmsg("pam_authenticate failed: %s",
pam_strerror(pamh, retval))));
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
@@ -684,8 +712,9 @@ CheckPAMAuth(Port *port, char *user, char *password)
if (retval != PAM_SUCCESS)
{
elog(LOG, "CheckPAMAuth: pam_acct_mgmt failed: '%s'",
pam_strerror(pamh, retval));
ereport(LOG,
(errmsg("pam_acct_mgmt failed: %s",
pam_strerror(pamh, retval))));
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
@@ -694,8 +723,9 @@ CheckPAMAuth(Port *port, char *user, char *password)
if (retval != PAM_SUCCESS)
{
elog(LOG, "CheckPAMAuth: Failed to release PAM authenticator: '%s'",
pam_strerror(pamh, retval));
ereport(LOG,
(errmsg("failed to release PAM authenticator: %s",
pam_strerror(pamh, retval))));
}
pam_passwd = NULL; /* Unset pam_passwd */
@@ -730,7 +760,10 @@ recv_password_packet(Port *port)
* the log.
*/
if (mtype != EOF)
elog(COMMERROR, "Expected password response, got %c", mtype);
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("expected password response, got msg type %d",
mtype)));
return NULL; /* EOF or bad message type */
}
}
@@ -755,10 +788,13 @@ recv_password_packet(Port *port)
* StringInfo is guaranteed to have an appended '\0'.
*/
if (strlen(buf.data) + 1 != buf.len)
elog(COMMERROR, "bogus password packet size");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("invalid password packet size")));
/* Do not echo password to logs, for security. */
elog(DEBUG5, "received password packet");
ereport(DEBUG5,
(errmsg("received password packet")));
/*
* Return the received string. Note we do not attempt to do any

75
src/backend/libpq/be-fsstubs.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/be-fsstubs.c,v 1.64 2003/05/27 17:49:46 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/be-fsstubs.c,v 1.65 2003/07/22 19:00:10 tgl Exp $
*
* NOTES
* This should be moved to a more appropriate place. It is here
@@ -119,7 +119,9 @@ lo_close(PG_FUNCTION_ARGS)
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
{
elog(ERROR, "lo_close: invalid large obj descriptor (%d)", fd);
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd)));
PG_RETURN_INT32(-1);
}
#if FSDB
@@ -155,7 +157,9 @@ lo_read(int fd, char *buf, int len)
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
{
elog(ERROR, "lo_read: invalid large obj descriptor (%d)", fd);
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd)));
return -1;
}
@@ -177,7 +181,9 @@ lo_write(int fd, char *buf, int len)
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
{
elog(ERROR, "lo_write: invalid large obj descriptor (%d)", fd);
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd)));
return -1;
}
@@ -203,7 +209,9 @@ lo_lseek(PG_FUNCTION_ARGS)
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
{
elog(ERROR, "lo_lseek: invalid large obj descriptor (%d)", fd);
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd)));
PG_RETURN_INT32(-1);
}
@@ -258,7 +266,9 @@ lo_tell(PG_FUNCTION_ARGS)
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
{
elog(ERROR, "lo_tell: invalid large object descriptor (%d)", fd);
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd)));
PG_RETURN_INT32(-1);
}
@@ -360,9 +370,10 @@ lo_import(PG_FUNCTION_ARGS)
#ifndef ALLOW_DANGEROUS_LO_FUNCTIONS
if (!superuser())
elog(ERROR, "You must have Postgres superuser privilege to use "
"server-side lo_import().\n\tAnyone can use the "
"client-side lo_import() provided by libpq.");
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser to use server-side lo_import()"),
errhint("Anyone can use the client-side lo_import() provided by libpq.")));
#endif
/*
@@ -375,16 +386,15 @@ lo_import(PG_FUNCTION_ARGS)
fnamebuf[nbytes] = '\0';
fd = PathNameOpenFile(fnamebuf, O_RDONLY | PG_BINARY, 0666);
if (fd < 0)
elog(ERROR, "lo_import: can't open unix file \"%s\": %m",
fnamebuf);
ereport(ERROR,
(errcode_for_file_access(),
errmsg("could not open server file \"%s\": %m",
fnamebuf)));
/*
* create an inversion "object"
* create an inversion object
*/
lobj = inv_create(INV_READ | INV_WRITE);
if (lobj == NULL)
elog(ERROR, "lo_import: can't create inv object for \"%s\"",
fnamebuf);
lobjOid = lobj->id;
/*
@@ -393,11 +403,15 @@ lo_import(PG_FUNCTION_ARGS)
while ((nbytes = FileRead(fd, buf, BUFSIZE)) > 0)
{
tmp = inv_write(lobj, buf, nbytes);
if (tmp != nbytes)
elog(ERROR, "lo_import: error while reading \"%s\"",
fnamebuf);
Assert(tmp == nbytes);
}
if (nbytes < 0)
ereport(ERROR,
(errcode_for_file_access(),
errmsg("could not read server file \"%s\": %m",
fnamebuf)));
FileClose(fd);
inv_close(lobj);
@@ -423,17 +437,16 @@ lo_export(PG_FUNCTION_ARGS)
#ifndef ALLOW_DANGEROUS_LO_FUNCTIONS
if (!superuser())
elog(ERROR, "You must have Postgres superuser privilege to use "
"server-side lo_export().\n\tAnyone can use the "
"client-side lo_export() provided by libpq.");
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser to use server-side lo_export()"),
errhint("Anyone can use the client-side lo_export() provided by libpq.")));
#endif
/*
* open the inversion "object"
* open the inversion object (no need to test for failure)
*/
lobj = inv_open(lobjId, INV_READ);
if (lobj == NULL)
elog(ERROR, "lo_export: can't open inv object %u", lobjId);
/*
* open the file to be written to
@@ -451,8 +464,10 @@ lo_export(PG_FUNCTION_ARGS)
fd = PathNameOpenFile(fnamebuf, O_CREAT | O_WRONLY | O_TRUNC | PG_BINARY, 0666);
umask(oumask);
if (fd < 0)
elog(ERROR, "lo_export: can't open unix file \"%s\": %m",
fnamebuf);
ereport(ERROR,
(errcode_for_file_access(),
errmsg("could not create server file \"%s\": %m",
fnamebuf)));
/*
* read in from the inversion file and write to the Unix file
@@ -461,12 +476,14 @@ lo_export(PG_FUNCTION_ARGS)
{
tmp = FileWrite(fd, buf, nbytes);
if (tmp != nbytes)
elog(ERROR, "lo_export: error while writing \"%s\"",
fnamebuf);
ereport(ERROR,
(errcode_for_file_access(),
errmsg("could not write server file \"%s\": %m",
fnamebuf)));
}
inv_close(lobj);
FileClose(fd);
inv_close(lobj);
PG_RETURN_INT32(1);
}

59
src/backend/libpq/be-secure.c
View File

@@ -11,7 +11,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.35 2003/07/01 13:49:47 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.36 2003/07/22 19:00:10 tgl Exp $
*
* Since the server static private key ($DataDir/server.key)
* will normally be stored unencrypted so that the database
@@ -277,12 +277,18 @@ secure_read(Port *port, void *ptr, size_t len)
goto rloop;
case SSL_ERROR_SYSCALL:
if (n == -1)
elog(COMMERROR, "SSL SYSCALL error: %m");
ereport(COMMERROR,
(errcode_for_socket_access(),
errmsg("SSL SYSCALL error: %m")));
else
elog(COMMERROR, "SSL SYSCALL error: EOF detected");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL SYSCALL error: EOF detected")));
break;
case SSL_ERROR_SSL:
elog(COMMERROR, "SSL error: %s", SSLerrmessage());
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
secure_close(port);
@@ -290,7 +296,9 @@ secure_read(Port *port, void *ptr, size_t len)
n = -1;
break;
default:
elog(COMMERROR, "Unknown SSL error code");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code")));
break;
}
}
@@ -317,15 +325,23 @@ secure_write(Port *port, void *ptr, size_t len)
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
sizeof(SSL_context));
if (SSL_renegotiate(port->ssl) <= 0)
elog(COMMERROR, "SSL renegotiation failure");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
if (SSL_do_handshake(port->ssl) <= 0)
elog(COMMERROR, "SSL renegotiation failure");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
if (port->ssl->state != SSL_ST_OK)
elog(COMMERROR, "SSL failed to send renegotiation request");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL failed to send renegotiation request")));
port->ssl->state |= SSL_ST_ACCEPT;
SSL_do_handshake(port->ssl);
if (port->ssl->state != SSL_ST_OK)
elog(COMMERROR, "SSL renegotiation failure");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
port->count = 0;
}
@@ -341,12 +357,18 @@ secure_write(Port *port, void *ptr, size_t len)
goto wloop;
case SSL_ERROR_SYSCALL:
if (n == -1)
elog(COMMERROR, "SSL SYSCALL error: %m");
ereport(COMMERROR,
(errcode_for_socket_access(),
errmsg("SSL SYSCALL error: %m")));
else
elog(COMMERROR, "SSL SYSCALL error: EOF detected");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL SYSCALL error: EOF detected")));
break;
case SSL_ERROR_SSL:
elog(COMMERROR, "SSL error: %s", SSLerrmessage());
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
secure_close(port);
@@ -354,7 +376,9 @@ secure_write(Port *port, void *ptr, size_t len)
n = -1;
break;
default:
elog(COMMERROR, "Unknown SSL error code");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code")));
break;
}
}
@@ -419,7 +443,7 @@ load_dh_file(int keylength)
(codes & DH_CHECK_P_NOT_SAFE_PRIME))
{
elog(LOG,
"DH error (%s): neither suitable generator or safe prime",
"DH error (%s): neither suitable generator or safe prime",
fnbuf);
return NULL;
}
@@ -690,7 +714,10 @@ open_server_SSL(Port *port)
!SSL_set_fd(port->ssl, port->sock) ||
SSL_accept(port->ssl) <= 0)
{
elog(COMMERROR, "failed to initialize SSL connection: %s", SSLerrmessage());
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("failed to initialize SSL connection: %s",
SSLerrmessage())));
close_SSL(port);
return -1;
}
@@ -712,7 +739,7 @@ open_server_SSL(Port *port)
NID_commonName, port->peer_cn, sizeof(port->peer_cn));
port->peer_cn[sizeof(port->peer_cn) - 1] = '\0';
}
elog(DEBUG2, "secure connection from '%s'", port->peer_cn);
elog(DEBUG2, "secure connection from \"%s\"", port->peer_cn);
/* set up debugging/info callback */
SSL_CTX_set_info_callback(SSL_context, info_cb);

6
src/backend/libpq/crypt.c
View File

@@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.53 2003/05/12 23:08:50 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.54 2003/07/22 19:00:10 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -58,8 +58,8 @@ md5_crypt_verify(const Port *port, const char *user, char *client_pass)
/* We can't do crypt with pg_shadow MD5 passwords */
if (isMD5(shadow_pass) && port->auth_method == uaCrypt)
{
elog(LOG, "Password is stored MD5 encrypted. "
"'crypt' auth method cannot be used.");
ereport(LOG,
(errmsg("cannot use CRYPT auth method because password is MD5-encrypted")));
return STATUS_ERROR;
}

329
src/backend/libpq/hba.c
View File

@@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.104 2003/06/15 16:21:39 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.105 2003/07/22 19:00:10 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -124,7 +124,10 @@ next_token(FILE *fp, char *buf, const int bufsz)
if (buf >= end_buf)
{
elog(LOG, "Token too long in authentication file, skipping, %s", buf);
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("authentication file token too long, skipping: \"%s\"",
buf)));
/* Discard remainder of line */
while ((c = getc(fp)) != EOF && c != '\n')
;
@@ -257,8 +260,10 @@ tokenize_inc_file(const char *inc_filename)
inc_file = AllocateFile(inc_fullname, "r");
if (!inc_file)
{
elog(LOG, "tokenize_inc_file: Unable to open secondary authentication file \"@%s\" as \"%s\": %m",
inc_filename, inc_fullname);
ereport(LOG,
(errcode_for_file_access(),
errmsg("could not open secondary authentication file \"@%s\" as \"%s\": %m",
inc_filename, inc_fullname)));
pfree(inc_fullname);
/* return empty string, it matches nothing */
@@ -631,9 +636,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
/* Check if it has a CIDR suffix and if so isolate it */
cidr_slash = strchr(token,'/');
if (cidr_slash)
{
*cidr_slash = '\0';
}
hints.ai_flags = AI_NUMERICHOST;
hints.ai_family = PF_UNSPEC;
@@ -646,13 +649,14 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
/* Get the IP address either way */
ret = getaddrinfo2(token, NULL, &hints, &file_ip_addr);
if (ret)
if (ret || !file_ip_addr)
{
elog(LOG, "getaddrinfo2() returned %d", ret);
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("failed to interpret IP address \"%s\" in config file: %s",
token, gai_strerror(ret))));
if (cidr_slash)
{
*cidr_slash = '/';
}
goto hba_syntax;
}
@@ -669,9 +673,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
*cidr_slash = '/';
if (SockAddr_cidr_mask(&mask, cidr_slash + 1,
file_ip_addr->ai_family) < 0)
{
goto hba_syntax;
}
goto hba_syntax;
}
else
{
@@ -682,16 +684,13 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
token = lfirst(line);
ret = getaddrinfo2(token, NULL, &hints, &file_ip_mask);
if (ret)
{
if (ret || !file_ip_mask)
goto hba_syntax;
}
mask = (struct sockaddr_storage *)file_ip_mask->ai_addr;
if(file_ip_addr->ai_family != mask->ss_family)
{
goto hba_syntax;
}
}
/* Read the rest of the line. */
@@ -705,14 +704,11 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
/* Must meet network restrictions */
if (!rangeSockAddr(&port->raddr.addr,
(struct sockaddr_storage *)file_ip_addr->ai_addr, mask))
{
goto hba_freeaddr;
}
freeaddrinfo2(hints.ai_family, file_ip_addr);
if (file_ip_mask)
{
freeaddrinfo2(hints.ai_family, file_ip_mask);
}
}
else
goto hba_syntax;
@@ -727,22 +723,24 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
return;
hba_syntax:
elog(LOG, "parse_hba: invalid syntax in pg_hba.conf file at line %d, token \"%s\"",
line_number,
line ? (const char *) lfirst(line) : "(end of line)");
if (line)
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("invalid entry in pg_hba.conf file at line %d, token \"%s\"",
line_number, (const char *) lfirst(line))));
else
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("missing entry in pg_hba.conf file at end of line %d",
line_number)));
*error_p = true;
hba_freeaddr:
if (file_ip_addr)
{
freeaddrinfo2(hints.ai_family, file_ip_addr);
}
if (file_ip_mask)
{
freeaddrinfo2(hints.ai_family, file_ip_mask);
}
return;
}
@@ -790,7 +788,9 @@ group_openfile(void)
groupfile = AllocateFile(filename, "r");
if (groupfile == NULL && errno != ENOENT)
elog(LOG, "could not open %s: %m", filename);
ereport(LOG,
(errcode_for_file_access(),
errmsg("could not open \"%s\": %m", filename)));
pfree(filename);
@@ -812,7 +812,9 @@ user_openfile(void)
pwdfile = AllocateFile(filename, "r");
if (pwdfile == NULL && errno != ENOENT)
elog(LOG, "could not open %s: %m", filename);
ereport(LOG,
(errcode_for_file_access(),
errmsg("could not open \"%s\": %m", filename)));
pfree(filename);
@@ -929,9 +931,10 @@ load_hba(void)
file = AllocateFile(conf_file, "r");
if (file == NULL)
elog(FATAL,
"load_hba: Unable to open authentication config file \"%s\": %m",
conf_file);
ereport(FATAL,
(errcode_for_file_access(),
errmsg("could not open config file \"%s\": %m",
conf_file)));
hba_lines = tokenize_file(file);
FreeFile(file);
@@ -989,12 +992,18 @@ parse_ident_usermap(List *line, const char *usermap_name, const char *pg_user,
return;
ident_syntax:
elog(LOG, "parse_ident_usermap: invalid syntax in pg_ident.conf file at line %d, token \"%s\"",
line_number,
line ? (const char *) lfirst(line) : "(end of line)");
if (line)
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("invalid entry in pg_ident.conf file at line %d, token \"%s\"",
line_number, (const char *) lfirst(line))));
else
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("missing entry in pg_ident.conf file at end of line %d",
line_number)));
*error_p = true;
return;
}
@@ -1021,10 +1030,9 @@ check_ident_usermap(const char *usermap_name,
if (usermap_name == NULL || usermap_name[0] == '\0')
{
elog(LOG, "check_ident_usermap: hba configuration file does not "
"have the usermap field filled in in the entry that pertains "
"to this connection. That field is essential for Ident-based "
"authentication.");
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("cannot use IDENT authentication without usermap field")));
found_entry = false;
}
else if (strcmp(usermap_name, "sameuser") == 0)
@@ -1070,9 +1078,10 @@ load_ident(void)
file = AllocateFile(map_file, "r");
if (file == NULL)
{
/* The open of the map file failed. */
elog(LOG, "load_ident: Unable to open usermap file \"%s\": %m",
map_file);
ereport(LOG,
(errcode_for_file_access(),
errmsg("could not open usermap file \"%s\": %m",
map_file)));
}
else
{
@@ -1192,18 +1201,22 @@ ident_inet(const SockAddr remote_addr,
char local_addr_s[NI_MAXHOST];
char local_port[NI_MAXSERV];
char ident_port[NI_MAXSERV];
char ident_query[80];
char ident_response[80 + IDENT_USERNAME_MAX];
struct addrinfo *ident_serv = NULL, *la = NULL, hints;
/* Might look a little weird to first convert it to text and
* then back to sockaddr, but it's protocol indepedant. */
getnameinfo((struct sockaddr *)&remote_addr.addr,
remote_addr.salen, remote_addr_s, sizeof(remote_addr_s),
remote_port, sizeof(remote_port),
NI_NUMERICHOST|NI_NUMERICSERV);
getnameinfo((struct sockaddr *)&local_addr.addr,
local_addr.salen, local_addr_s, sizeof(local_addr_s),
local_port, sizeof(local_port),
NI_NUMERICHOST|NI_NUMERICSERV);
/*
* Might look a little weird to first convert it to text and
* then back to sockaddr, but it's protocol independent.
*/
getnameinfo((struct sockaddr *)&remote_addr.addr, remote_addr.salen,
remote_addr_s, sizeof(remote_addr_s),
remote_port, sizeof(remote_port),
NI_NUMERICHOST | NI_NUMERICSERV);
getnameinfo((struct sockaddr *)&local_addr.addr, local_addr.salen,
local_addr_s, sizeof(local_addr_s),
local_port, sizeof(local_port),
NI_NUMERICHOST | NI_NUMERICSERV);
snprintf(ident_port, sizeof(ident_port), "%d", IDENT_PORT);
hints.ai_flags = AI_NUMERICHOST;
@@ -1214,94 +1227,104 @@ ident_inet(const SockAddr remote_addr,
hints.ai_canonname = NULL;
hints.ai_addr = NULL;
hints.ai_next = NULL;
getaddrinfo2(remote_addr_s, ident_port, &hints, &ident_serv);
getaddrinfo2(local_addr_s, NULL, &hints, &la);
rc = getaddrinfo2(remote_addr_s, ident_port, &hints, &ident_serv);
if (rc || !ident_serv)
return false; /* we don't expect this to happen */
hints.ai_flags = AI_NUMERICHOST;
hints.ai_family = local_addr.addr.ss_family;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = 0;
hints.ai_addrlen = 0;
hints.ai_canonname = NULL;
hints.ai_addr = NULL;
hints.ai_next = NULL;
rc = getaddrinfo2(local_addr_s, NULL, &hints, &la);
if (rc || !la)
return false; /* we don't expect this to happen */
sock_fd = socket(ident_serv->ai_family, ident_serv->ai_socktype,
ident_serv->ai_protocol);
if (sock_fd == -1)
ident_serv->ai_protocol);
if (sock_fd < 0)
{
elog(LOG, "Failed to create socket on which to talk to Ident server: %m");
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not create socket for IDENT connection: %m")));
ident_return = false;
goto ident_inet_done;
}
else
/*
* Bind to the address which the client originally contacted,
* otherwise the ident server won't be able to match up the right
* connection. This is necessary if the PostgreSQL server is
* running on an IP alias.
*/
rc = bind(sock_fd, la->ai_addr, la->ai_addrlen);
if (rc != 0)
{
/*
* Bind to the address which the client originally contacted,
* otherwise the ident server won't be able to match up the right
* connection. This is necessary if the PostgreSQL server is
* running on an IP alias.
*/
rc = bind(sock_fd, la->ai_addr, la->ai_addrlen);
if (rc == 0)
{
rc = connect(sock_fd, ident_serv->ai_addr,
ident_serv->ai_addrlen);
}
if (rc != 0)
{
int save_errno = errno;
elog(LOG, "Unable to connect to Ident server on the host which is "
"trying to connect to Postgres "
"(Address %s, Port %s): %s", remote_addr_s,
ident_port, strerror(save_errno));
ident_return = false;
}
else
{
char ident_query[80];
/* The query we send to the Ident server */
snprintf(ident_query, sizeof(ident_query), "%s,%s\r\n",
remote_port, local_port);
/* loop in case send is interrupted */
do
{
rc = send(sock_fd, ident_query, strlen(ident_query), 0);
} while (rc < 0 && errno == EINTR);
if (rc < 0)
{
int save_errno = errno;
elog(LOG, "Unable to send query to Ident server on the host which is "
"trying to connect to Postgres (Host %s, Port %s), "
"even though we successfully connected to it: %s",
remote_addr_s, ident_port, strerror(save_errno));
ident_return = false;
}
else
{
char ident_response[80 + IDENT_USERNAME_MAX];
rc = recv(sock_fd, ident_response,
sizeof(ident_response) - 1, 0);
if (rc < 0)
{
int save_errno = errno;
elog(LOG, "Unable to receive response from Ident server "
"on the host which is "
"trying to connect to Postgres (Host %s, Port %s), "
"even though we successfully sent our query to it: %s",
remote_addr_s, ident_port,
strerror(save_errno));
ident_return = false;
}
else
{
ident_response[rc] = '\0';
ident_return = interpret_ident_response(ident_response,
ident_user);
}
}
closesocket(sock_fd);
}
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not bind to local address \"%s\": %m",
local_addr_s)));
ident_return = false;
goto ident_inet_done;
}
freeaddrinfo2(hints.ai_family, la);
freeaddrinfo2(hints.ai_family, ident_serv);
rc = connect(sock_fd, ident_serv->ai_addr,
ident_serv->ai_addrlen);
if (rc != 0)
{
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not connect to IDENT server at address \"%s\", port %s): %m",
remote_addr_s, ident_port)));
ident_return = false;
goto ident_inet_done;
}
/* The query we send to the Ident server */
snprintf(ident_query, sizeof(ident_query), "%s,%s\r\n",
remote_port, local_port);
/* loop in case send is interrupted */
do
{
rc = send(sock_fd, ident_query, strlen(ident_query), 0);
} while (rc < 0 && errno == EINTR);
if (rc < 0)
{
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not send query to IDENT server at address \"%s\", port %s): %m",
remote_addr_s, ident_port)));
ident_return = false;
goto ident_inet_done;
}
do
{
rc = recv(sock_fd, ident_response, sizeof(ident_response) - 1, 0);
} while (rc < 0 && errno == EINTR);
if (rc < 0)
{
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not receive response from IDENT server at address \"%s\", port %s): %m",
remote_addr_s, ident_port)));
ident_return = false;
goto ident_inet_done;
}
ident_response[rc] = '\0';
ident_return = interpret_ident_response(ident_response, ident_user);
ident_inet_done:
if (sock_fd >= 0)
closesocket(sock_fd);
freeaddrinfo2(remote_addr.addr.ss_family, ident_serv);
freeaddrinfo2(local_addr.addr.ss_family, la);
return ident_return;
}
@@ -1325,7 +1348,9 @@ ident_unix(int sock, char *ident_user)
if (getpeereid(sock,&uid,&gid) != 0)
{
/* We didn't get a valid credentials struct. */
elog(LOG, "ident_unix: error receiving credentials: %m");
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not receive credentials: %m")));
return false;
}
@@ -1333,8 +1358,9 @@ ident_unix(int sock, char *ident_user)
if (pass == NULL)
{
elog(LOG, "ident_unix: unknown local user with uid %d",
(int) uid);
ereport(LOG,
(errmsg("local user with uid %d is not known to getpwuid",
(int) uid)));
return false;
}
@@ -1353,7 +1379,9 @@ ident_unix(int sock, char *ident_user)
so_len != sizeof(peercred))
{
/* We didn't get a valid credentials struct. */
elog(LOG, "ident_unix: error receiving credentials: %m");
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not receive credentials: %m")));
return false;
}
@@ -1361,8 +1389,9 @@ ident_unix(int sock, char *ident_user)
if (pass == NULL)
{
elog(LOG, "ident_unix: unknown local user with uid %d",
(int) peercred.uid);
ereport(LOG,
(errmsg("local user with uid %d is not known to getpwuid",
(int) peercred.uid);
return false;
}
@@ -1418,17 +1447,21 @@ ident_unix(int sock, char *ident_user)
cmsg->cmsg_len < sizeof(cmsgmem) ||
cmsg->cmsg_type != SCM_CREDS)
{
elog(LOG, "ident_unix: error receiving credentials: %m");
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not receive credentials: %m")));
return false;
}
cred = (Cred *) CMSG_DATA(cmsg);
pw = getpwuid(cred->cruid);
if (pw == NULL)
{
elog(LOG, "ident_unix: unknown local user with uid %d",
(int) cred->cruid);
ereport(LOG,
(errmsg("local user with uid %d is not known to getpwuid",
(int) cred->cruid);
return false;
}
@@ -1437,7 +1470,9 @@ ident_unix(int sock, char *ident_user)
return true;
#else
elog(LOG, "'ident' auth is not supported on local connections on this platform");
ereport(LOG,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("IDENT auth is not supported on local connections on this platform")));
return false;
#endif

120
src/backend/libpq/pqcomm.c
View File

@@ -10,7 +10,7 @@
* Unfortunately, COPY OUT was designed to commandeer the communication
* channel (it just transfers data without wrapping it into messages).
* No other messages can be sent while COPY OUT is in progress; and if the
* copy is aborted by an elog(ERROR), we need to close out the copy so that
* copy is aborted by an ereport(ERROR), we need to close out the copy so that
* the frontend gets back into sync. Therefore, these routines have to be
* aware of COPY OUT state. (New COPY-OUT is message-based and does *not*
* set the DoingCopyOut flag.)
@@ -20,8 +20,8 @@
* to send. Instead, use the routines in pqformat.c to construct the message
* in a buffer and then emit it in one call to pq_putmessage. This ensures
* that the channel will not be clogged by an incomplete message if execution
* is aborted by elog(ERROR) partway through the message. The only non-libpq
* code that should call pq_putbytes directly is old-style COPY OUT.
* is aborted by ereport(ERROR) partway through the message. The only
* non-libpq code that should call pq_putbytes directly is old-style COPY OUT.
*
* At one time, libpq was shared between frontend and backend, but now
* the backend's "backend/libpq" is quite separate from "interfaces/libpq".
@@ -30,7 +30,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Header: /cvsroot/pgsql/src/backend/libpq/pqcomm.c,v 1.157 2003/06/12 07:36:51 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/pqcomm.c,v 1.158 2003/07/22 19:00:10 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -237,8 +237,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
ret = getaddrinfo2(hostName, service, &hint, &addrs);
if (ret || addrs == NULL)
{
elog(LOG, "server socket failure: getaddrinfo2(): %s",
gai_strerror(ret));
ereport(LOG,
(errmsg("failed to translate hostname to address: %s",
gai_strerror(ret))));
freeaddrinfo2(hint.ai_family, addrs);
return STATUS_ERROR;
}
@@ -269,8 +270,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
if ((fd = socket(addr->ai_family, addr->ai_socktype,
addr->ai_protocol)) < 0)
{
elog(LOG, "server socket failure: socket(): %s",
strerror(errno));
ereport(LOG,
(errcode_for_socket_access(),
errmsg("failed to create socket: %m")));
continue;
}
@@ -281,9 +283,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
if ((setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
(char *) &one, sizeof(one))) == -1)
{
elog(LOG, "server socket failure: "
"setsockopt(SO_REUSEADDR): %s",
strerror(errno));
ereport(LOG,
(errcode_for_socket_access(),
errmsg("setsockopt(SO_REUSEADDR) failed: %m")));
closesocket(fd);
continue;
}
@@ -295,9 +297,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
(char *)&one, sizeof(one)) == -1)
{
elog(LOG, "server socket failure: "
"setsockopt(IPV6_V6ONLY): %s",
strerror(errno));
ereport(LOG,
(errcode_for_socket_access(),
errmsg("setsockopt(IPV6_V6ONLY) failed: %m")));
closesocket(fd);
continue;
}
@@ -313,19 +315,16 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
err = bind(fd, addr->ai_addr, addr->ai_addrlen);
if (err < 0)
{
elog(LOG, "server socket failure: bind(): %s\n"
"\tIs another postmaster already running on "
"port %d?", strerror(errno), (int) portNumber);
if (addr->ai_family == AF_UNIX)
{
elog(LOG, "\tIf not, remove socket node (%s) "
"and retry.", sock_path);
}
else
{
elog(LOG, "\tIf not, wait a few seconds and "
"retry.");
}
ereport(LOG,
(errcode_for_socket_access(),
errmsg("failed to bind server socket: %m"),
(addr->ai_family == AF_UNIX) ?
errhint("Is another postmaster already running on port %d?"
" If not, remove socket node \"%s\" and retry.",
(int) portNumber, sock_path) :
errhint("Is another postmaster already running on port %d?"
" If not, wait a few seconds and retry.",
(int) portNumber)));
closesocket(fd);
continue;
}
@@ -354,8 +353,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
err = listen(fd, maxconn);
if (err < 0)
{
elog(LOG, "server socket failure: listen(): %s",
strerror(errno));
ereport(LOG,
(errcode_for_socket_access(),
errmsg("failed to listen on server socket: %m")));
closesocket(fd);
continue;
}
@@ -417,7 +417,7 @@ Setup_AF_UNIX(void)
if (Unix_socket_group[0] != '\0')
{
#ifdef WIN32
elog(FATAL, "Config value 'unix_socket_group' not supported on this platform");
elog(WARNING, "configuration item unix_socket_group is not supported on this platform");
#else
char *endptr;
unsigned long int val;
@@ -435,16 +435,19 @@ Setup_AF_UNIX(void)
gr = getgrnam(Unix_socket_group);
if (!gr)
{
elog(LOG, "server socket failure: no such group '%s'",
Unix_socket_group);
ereport(LOG,
(errmsg("group \"%s\" does not exist",
Unix_socket_group)));
return STATUS_ERROR;
}
gid = gr->gr_gid;
}
if (chown(sock_path, -1, gid) == -1)
{
elog(LOG, "server socket failure: could not set group of %s: %s",
sock_path, strerror(errno));
ereport(LOG,
(errcode_for_file_access(),
errmsg("could not set group of \"%s\": %m",
sock_path)));
return STATUS_ERROR;
}
#endif
@@ -452,8 +455,10 @@ Setup_AF_UNIX(void)
if (chmod(sock_path, Unix_socket_permissions) == -1)
{
elog(LOG, "server socket failure: could not set permissions on %s: %s",
sock_path, strerror(errno));
ereport(LOG,
(errcode_for_file_access(),
errmsg("could not set permissions of \"%s\": %m",
sock_path)));
return STATUS_ERROR;
}
return STATUS_OK;
@@ -475,13 +480,15 @@ Setup_AF_UNIX(void)
int
StreamConnection(int server_fd, Port *port)
{
/* accept connection (and fill in the client (remote) address) */
/* accept connection and fill in the client (remote) address */
port->raddr.salen = sizeof(port->raddr.addr);
if ((port->sock = accept(server_fd,
(struct sockaddr *) &port->raddr.addr,
&port->raddr.salen)) < 0)
{
elog(LOG, "StreamConnection: accept() failed: %m");
ereport(LOG,
(errcode_for_socket_access(),
errmsg("could not accept new connection: %m")));
return STATUS_ERROR;
}
@@ -496,30 +503,33 @@ StreamConnection(int server_fd, Port *port)
/* fill in the server (local) address */
port->laddr.salen = sizeof(port->laddr.addr);
if (getsockname(port->sock, (struct sockaddr *) & port->laddr.addr,
if (getsockname(port->sock,
(struct sockaddr *) & port->laddr.addr,
&port->laddr.salen) < 0)
{
elog(LOG, "StreamConnection: getsockname() failed: %m");
elog(LOG, "getsockname() failed: %m");
return STATUS_ERROR;
}
/* select NODELAY and KEEPALIVE options if it's a TCP connection */
if (!IS_AF_UNIX(port->laddr.addr.ss_family))
{
int on = 1;
int on;
#ifdef TCP_NODELAY
on = 1;
if (setsockopt(port->sock, IPPROTO_TCP, TCP_NODELAY,
(char *) &on, sizeof(on)) < 0)
{
elog(LOG, "StreamConnection: setsockopt(TCP_NODELAY) failed: %m");
elog(LOG, "setsockopt(TCP_NODELAY) failed: %m");
return STATUS_ERROR;
}
#endif
on = 1;
if (setsockopt(port->sock, SOL_SOCKET, SO_KEEPALIVE,
(char *) &on, sizeof(on)) < 0)
{
elog(LOG, "StreamConnection: setsockopt(SO_KEEPALIVE) failed: %m");
elog(LOG, "setsockopt(SO_KEEPALIVE) failed: %m");
return STATUS_ERROR;
}
}
@@ -622,11 +632,13 @@ pq_recvbuf(void)
continue; /* Ok if interrupted */
/*
* Careful: an elog() that tries to write to the client would
* Careful: an ereport() that tries to write to the client would
* cause recursion to here, leading to stack overflow and core
* dump! This message must go *only* to the postmaster log.
*/
elog(COMMERROR, "pq_recvbuf: recv() failed: %m");
ereport(COMMERROR,
(errcode_for_socket_access(),
errmsg("could not receive data from client: %m")));
return EOF;
}
if (r == 0)
@@ -787,7 +799,9 @@ pq_getmessage(StringInfo s, int maxlen)
/* Read message length word */
if (pq_getbytes((char *) &len, 4) == EOF)
{
elog(COMMERROR, "unexpected EOF within message length word");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unexpected EOF within message length word")));
return EOF;
}
@@ -797,7 +811,9 @@ pq_getmessage(StringInfo s, int maxlen)
if (len < 0 ||
(maxlen > 0 && len > maxlen))
{
elog(COMMERROR, "invalid message length");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("invalid message length")));
return EOF;
}
@@ -809,7 +825,9 @@ pq_getmessage(StringInfo s, int maxlen)
/* And grab the message */
if (pq_getbytes(s->data, len) == EOF)
{
elog(COMMERROR, "incomplete client message");
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("incomplete message from client")));
return EOF;
}
s->len = len;
@@ -874,7 +892,7 @@ pq_flush(void)
continue; /* Ok if we were interrupted */
/*
* Careful: an elog() that tries to write to the client would
* Careful: an ereport() that tries to write to the client would
* cause recursion to here, leading to stack overflow and core
* dump! This message must go *only* to the postmaster log.
*
@@ -885,7 +903,9 @@ pq_flush(void)
if (errno != last_reported_send_errno)
{
last_reported_send_errno = errno;
elog(COMMERROR, "pq_flush: send() failed: %m");
ereport(COMMERROR,
(errcode_for_socket_access(),
errmsg("could not send data to client: %m")));
}
/*

30
src/backend/libpq/pqformat.c
View File

@@ -24,7 +24,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Header: /cvsroot/pgsql/src/backend/libpq/pqformat.c,v 1.31 2003/05/09 21:19:49 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/pqformat.c,v 1.32 2003/07/22 19:00:10 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -231,7 +231,7 @@ pq_sendint(StringInfo buf, int i, int b)
appendBinaryStringInfo(buf, (char *) &n32, 4);
break;
default:
elog(ERROR, "pq_sendint: unsupported size %d", b);
elog(ERROR, "unsupported integer size %d", b);
break;
}
}
@@ -440,7 +440,9 @@ int
pq_getmsgbyte(StringInfo msg)
{
if (msg->cursor >= msg->len)
elog(ERROR, "pq_getmsgbyte: no data left in message");
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("no data left in message")));
return (unsigned char) msg->data[msg->cursor++];
}
@@ -473,7 +475,7 @@ pq_getmsgint(StringInfo msg, int b)
result = ntohl(n32);
break;
default:
elog(ERROR, "pq_getmsgint: unsupported size %d", b);
elog(ERROR, "unsupported integer size %d", b);
result = 0; /* keep compiler quiet */
break;
}
@@ -586,7 +588,9 @@ pq_getmsgbytes(StringInfo msg, int datalen)
const char *result;
if (datalen < 0 || datalen > (msg->len - msg->cursor))
elog(ERROR, "pq_getmsgbytes: insufficient data left in message");
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("insufficient data left in message")));
result = &msg->data[msg->cursor];
msg->cursor += datalen;
return result;
@@ -602,7 +606,9 @@ void
pq_copymsgbytes(StringInfo msg, char *buf, int datalen)
{
if (datalen < 0 || datalen > (msg->len - msg->cursor))
elog(ERROR, "pq_copymsgbytes: insufficient data left in message");
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("insufficient data left in message")));
memcpy(buf, &msg->data[msg->cursor], datalen);
msg->cursor += datalen;
}
@@ -621,7 +627,9 @@ pq_getmsgtext(StringInfo msg, int rawbytes, int *nbytes)
char *p;
if (rawbytes < 0 || rawbytes > (msg->len - msg->cursor))
elog(ERROR, "pq_getmsgtext: insufficient data left in message");
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("insufficient data left in message")));
str = &msg->data[msg->cursor];
msg->cursor += rawbytes;
@@ -661,7 +669,9 @@ pq_getmsgstring(StringInfo msg)
*/
slen = strlen(str);
if (msg->cursor + slen >= msg->len)
elog(ERROR, "pq_getmsgstring: invalid string in message");
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("invalid string in message")));
msg->cursor += slen + 1;
return (const char *) pg_client_to_server((unsigned char *) str, slen);
@@ -675,5 +685,7 @@ void
pq_getmsgend(StringInfo msg)
{
if (msg->cursor != msg->len)
elog(ERROR, "pq_getmsgend: invalid message format");
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("invalid message format")));
}