mirror of
https://github.com/postgres/postgres.git
synced 2025-07-11 10:01:57 +03:00
pgindent run for 8.2.
This commit is contained in:
@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.143 2006/10/03 21:21:36 momjian Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.144 2006/10/04 00:29:53 momjian Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@ -75,16 +75,17 @@ static Port *pam_port_cludge; /* Workaround for passing "Port *port" into
|
||||
#include <winldap.h>
|
||||
|
||||
/* Correct header from the Platform SDK */
|
||||
typedef ULONG (*__ldap_start_tls_sA)(
|
||||
IN PLDAP ExternalHandle,
|
||||
OUT PULONG ServerReturnValue,
|
||||
OUT LDAPMessage **result,
|
||||
IN PLDAPControlA *ServerControls,
|
||||
IN PLDAPControlA *ClientControls
|
||||
typedef
|
||||
ULONG(*__ldap_start_tls_sA) (
|
||||
IN PLDAP ExternalHandle,
|
||||
OUT PULONG ServerReturnValue,
|
||||
OUT LDAPMessage ** result,
|
||||
IN PLDAPControlA * ServerControls,
|
||||
IN PLDAPControlA * ClientControls
|
||||
);
|
||||
#endif
|
||||
|
||||
static int CheckLDAPAuth(Port *port);
|
||||
static int CheckLDAPAuth(Port *port);
|
||||
#endif
|
||||
|
||||
|
||||
@ -347,9 +348,9 @@ auth_failed(Port *port, int status)
|
||||
break;
|
||||
#endif /* USE_PAM */
|
||||
#ifdef USE_LDAP
|
||||
case uaLDAP:
|
||||
errstr = gettext_noop("LDAP authentication failed for user \"%s\"");
|
||||
break;
|
||||
case uaLDAP:
|
||||
errstr = gettext_noop("LDAP authentication failed for user \"%s\"");
|
||||
break;
|
||||
#endif /* USE_LDAP */
|
||||
default:
|
||||
errstr = gettext_noop("authentication failed for user \"%s\": invalid authentication method");
|
||||
@ -480,9 +481,9 @@ ClientAuthentication(Port *port)
|
||||
#endif /* USE_PAM */
|
||||
|
||||
#ifdef USE_LDAP
|
||||
case uaLDAP:
|
||||
status = CheckLDAPAuth(port);
|
||||
break;
|
||||
case uaLDAP:
|
||||
status = CheckLDAPAuth(port);
|
||||
break;
|
||||
#endif
|
||||
|
||||
case uaTrust:
|
||||
@ -709,100 +710,102 @@ CheckPAMAuth(Port *port, char *user, char *password)
|
||||
static int
|
||||
CheckLDAPAuth(Port *port)
|
||||
{
|
||||
char *passwd;
|
||||
char server[128];
|
||||
char basedn[128];
|
||||
char prefix[128];
|
||||
char suffix[128];
|
||||
LDAP *ldap;
|
||||
int ssl = 0;
|
||||
int r;
|
||||
int ldapversion = LDAP_VERSION3;
|
||||
int ldapport = LDAP_PORT;
|
||||
char fulluser[128];
|
||||
char *passwd;
|
||||
char server[128];
|
||||
char basedn[128];
|
||||
char prefix[128];
|
||||
char suffix[128];
|
||||
LDAP *ldap;
|
||||
int ssl = 0;
|
||||
int r;
|
||||
int ldapversion = LDAP_VERSION3;
|
||||
int ldapport = LDAP_PORT;
|
||||
char fulluser[128];
|
||||
|
||||
if (!port->auth_arg || port->auth_arg[0] == '\0')
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("LDAP configuration URL not specified")));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
if (!port->auth_arg || port->auth_arg[0] == '\0')
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("LDAP configuration URL not specified")));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* Crack the LDAP url. We do a very trivial parse..
|
||||
* ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
|
||||
*/
|
||||
/*
|
||||
* Crack the LDAP url. We do a very trivial parse..
|
||||
* ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
|
||||
*/
|
||||
|
||||
server[0] = '\0';
|
||||
basedn[0] = '\0';
|
||||
prefix[0] = '\0';
|
||||
suffix[0] = '\0';
|
||||
server[0] = '\0';
|
||||
basedn[0] = '\0';
|
||||
prefix[0] = '\0';
|
||||
suffix[0] = '\0';
|
||||
|
||||
/* ldap, including port number */
|
||||
r = sscanf(port->auth_arg,
|
||||
"ldap://%127[^:]:%i/%127[^;];%127[^;];%127s",
|
||||
server, &ldapport, basedn, prefix, suffix);
|
||||
if (r < 3)
|
||||
{
|
||||
/* ldaps, including port number */
|
||||
r = sscanf(port->auth_arg,
|
||||
"ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s",
|
||||
server, &ldapport, basedn, prefix, suffix);
|
||||
if (r >=3) ssl = 1;
|
||||
}
|
||||
if (r < 3)
|
||||
{
|
||||
/* ldap, no port number */
|
||||
r = sscanf(port->auth_arg,
|
||||
"ldap://%127[^/]/%127[^;];%127[^;];%127s",
|
||||
server, basedn, prefix, suffix);
|
||||
}
|
||||
if (r < 2)
|
||||
{
|
||||
/* ldaps, no port number */
|
||||
r = sscanf(port->auth_arg,
|
||||
"ldaps://%127[^/]/%127[^;];%127[^;];%127s",
|
||||
server, basedn, prefix, suffix);
|
||||
if (r >= 2) ssl = 1;
|
||||
}
|
||||
if (r < 2)
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("invalid LDAP URL: \"%s\"",
|
||||
/* ldap, including port number */
|
||||
r = sscanf(port->auth_arg,
|
||||
"ldap://%127[^:]:%i/%127[^;];%127[^;];%127s",
|
||||
server, &ldapport, basedn, prefix, suffix);
|
||||
if (r < 3)
|
||||
{
|
||||
/* ldaps, including port number */
|
||||
r = sscanf(port->auth_arg,
|
||||
"ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s",
|
||||
server, &ldapport, basedn, prefix, suffix);
|
||||
if (r >= 3)
|
||||
ssl = 1;
|
||||
}
|
||||
if (r < 3)
|
||||
{
|
||||
/* ldap, no port number */
|
||||
r = sscanf(port->auth_arg,
|
||||
"ldap://%127[^/]/%127[^;];%127[^;];%127s",
|
||||
server, basedn, prefix, suffix);
|
||||
}
|
||||
if (r < 2)
|
||||
{
|
||||
/* ldaps, no port number */
|
||||
r = sscanf(port->auth_arg,
|
||||
"ldaps://%127[^/]/%127[^;];%127[^;];%127s",
|
||||
server, basedn, prefix, suffix);
|
||||
if (r >= 2)
|
||||
ssl = 1;
|
||||
}
|
||||
if (r < 2)
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("invalid LDAP URL: \"%s\"",
|
||||
port->auth_arg)));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
sendAuthRequest(port, AUTH_REQ_PASSWORD);
|
||||
|
||||
passwd = recv_password_packet(port);
|
||||
if (passwd == NULL)
|
||||
return STATUS_EOF; /* client wouldn't send password */
|
||||
|
||||
ldap = ldap_init(server, ldapport);
|
||||
if (!ldap)
|
||||
{
|
||||
sendAuthRequest(port, AUTH_REQ_PASSWORD);
|
||||
|
||||
passwd = recv_password_packet(port);
|
||||
if (passwd == NULL)
|
||||
return STATUS_EOF; /* client wouldn't send password */
|
||||
|
||||
ldap = ldap_init(server, ldapport);
|
||||
if (!ldap)
|
||||
{
|
||||
#ifndef WIN32
|
||||
ereport(LOG,
|
||||
(errmsg("could not initialize LDAP: error code %d",
|
||||
errno)));
|
||||
ereport(LOG,
|
||||
(errmsg("could not initialize LDAP: error code %d",
|
||||
errno)));
|
||||
#else
|
||||
ereport(LOG,
|
||||
(errmsg("could not initialize LDAP: error code %d",
|
||||
(int) LdapGetLastError())));
|
||||
ereport(LOG,
|
||||
(errmsg("could not initialize LDAP: error code %d",
|
||||
(int) LdapGetLastError())));
|
||||
#endif
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
if ((r = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS)
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("could not set LDAP protocol version: error code %d", r)));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
if (ssl)
|
||||
{
|
||||
if ((r = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS)
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("could not set LDAP protocol version: error code %d", r)));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
if (ssl)
|
||||
{
|
||||
#ifndef WIN32
|
||||
if ((r = ldap_start_tls_s(ldap, NULL, NULL)) != LDAP_SUCCESS)
|
||||
#else
|
||||
@ -815,17 +818,20 @@ CheckLDAPAuth(Port *port)
|
||||
* exist on Windows 2000, and causes a load error for the whole
|
||||
* exe if referenced.
|
||||
*/
|
||||
HANDLE ldaphandle;
|
||||
|
||||
HANDLE ldaphandle;
|
||||
|
||||
ldaphandle = LoadLibrary("WLDAP32.DLL");
|
||||
if (ldaphandle == NULL)
|
||||
{
|
||||
/* should never happen since we import other files from wldap32, but check anyway */
|
||||
/*
|
||||
* should never happen since we import other files from
|
||||
* wldap32, but check anyway
|
||||
*/
|
||||
ereport(LOG,
|
||||
(errmsg("could not load wldap32.dll")));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
_ldap_start_tls_sA = (__ldap_start_tls_sA)GetProcAddress(ldaphandle, "ldap_start_tls_sA");
|
||||
_ldap_start_tls_sA = (__ldap_start_tls_sA) GetProcAddress(ldaphandle, "ldap_start_tls_sA");
|
||||
if (_ldap_start_tls_sA == NULL)
|
||||
{
|
||||
ereport(LOG,
|
||||
@ -839,33 +845,32 @@ CheckLDAPAuth(Port *port)
|
||||
* process and is automatically cleaned up on process exit.
|
||||
*/
|
||||
}
|
||||
if ((r = _ldap_start_tls_sA(ldap, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS)
|
||||
if ((r = _ldap_start_tls_sA(ldap, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS)
|
||||
#endif
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("could not start LDAP TLS session: error code %d", r)));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
}
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("could not start LDAP TLS session: error code %d", r)));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
snprintf(fulluser, sizeof(fulluser)-1, "%s%s%s",
|
||||
snprintf(fulluser, sizeof(fulluser) - 1, "%s%s%s",
|
||||
prefix, port->user_name, suffix);
|
||||
fulluser[sizeof(fulluser)-1] = '\0';
|
||||
fulluser[sizeof(fulluser) - 1] = '\0';
|
||||
|
||||
r = ldap_simple_bind_s(ldap, fulluser, passwd);
|
||||
ldap_unbind(ldap);
|
||||
r = ldap_simple_bind_s(ldap, fulluser, passwd);
|
||||
ldap_unbind(ldap);
|
||||
|
||||
if (r != LDAP_SUCCESS)
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("LDAP login failed for user \"%s\" on server \"%s\": error code %d",
|
||||
if (r != LDAP_SUCCESS)
|
||||
{
|
||||
ereport(LOG,
|
||||
(errmsg("LDAP login failed for user \"%s\" on server \"%s\": error code %d",
|
||||
fulluser, server, r)));
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
return STATUS_OK;
|
||||
}
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
return STATUS_OK;
|
||||
}
|
||||
#endif /* USE_LDAP */
|
||||
|
||||
/*
|
||||
|
Reference in New Issue
Block a user