database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-06 19:59:18 +03:00
Code

Add new message for explicit rejection by pg_hba.conf. Implicit

Browse Source 
rejection retains same message as before.
This commit is contained in:
Simon Riggs 2010-04-19 19:02:18 +00:00
parent 7bc76d51fb
commit cfac702223
3 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/backend/libpq/auth.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.198 2010/03/30 16:08:22 petere Exp $ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.199 2010/04/19 19:02:18 sriggs Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -363,11 +363,42 @@ ClientAuthentication(Port *port)
case uaReject: case uaReject:
/* /*
* This could have come from an explicit "reject" entry in * An explicit "reject" entry in pg_hba.conf. Take pity on the poor
* pg_hba.conf, but more likely it means there was no matching * user and issue a helpful error message.
* entry. Take pity on the poor user and issue a helpful error * NOTE: this is not a security breach, because all the info
* message. NOTE: this is not a security breach, because all the * reported here is known at the frontend and must be assumed
* info reported here is known at the frontend and must be assumed * known to bad guys. We're merely helping out the less clueful
* good guys.
*/
{
char hostinfo[NI_MAXHOST];
pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
hostinfo, sizeof(hostinfo),
NULL, 0,
NI_NUMERICHOST);
#ifdef USE_SSL
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("pg_hba.conf rejects host \"%s\", user \"%s\", database \"%s\", %s",
hostinfo, port->user_name, port->database_name,
port->ssl ? _("SSL on") : _("SSL off"))));
#else
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("pg_hba.conf rejects host \"%s\", user \"%s\", database \"%s\"",
hostinfo, port->user_name, port->database_name)));
#endif
break;
}
case uaImplicitReject:
/*
* No matching entry so tell the user we fell through.
* NOTE: this is not a security breach, because all the info
* reported here is known at the frontend and must be assumed
* known to bad guys. We're merely helping out the less clueful * known to bad guys. We're merely helping out the less clueful
* good guys. * good guys.
*/ */

6
src/backend/libpq/hba.c
View File

@ -10,7 +10,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.204 2010/03/24 17:05:45 tgl Exp $ * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.205 2010/04/19 19:02:18 sriggs Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -1389,9 +1389,9 @@ check_hba(hbaPort *port)
return true; return true;
} }
/* If no matching entry was found, synthesize 'reject' entry. */ /* If no matching entry was found, then implicitly reject. */
hba = palloc0(sizeof(HbaLine)); hba = palloc0(sizeof(HbaLine));
hba->auth_method = uaReject; hba->auth_method = uaImplicitReject;
port->hba = hba; port->hba = hba;
return true; return true;

3
src/include/libpq/hba.h
View File

@ -4,7 +4,7 @@
* Interface to hba.c * Interface to hba.c
* *
* *
* $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.61 2010/01/27 12:12:00 mha Exp $ * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.62 2010/04/19 19:02:18 sriggs Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -18,6 +18,7 @@
typedef enum UserAuth typedef enum UserAuth
{ {
uaReject, uaReject,
uaImplicitReject,
uaKrb5, uaKrb5,
uaTrust, uaTrust,
uaIdent, uaIdent,