database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-28 05:21:27 +03:00
Code
postgres/src/include/libpq/hba.h
Tom Lane a58a631b4a Fix unportable use of getnameinfo() in pg_hba_file_rules view. 
fill_hba_line() thought it could get away with passing sizeof(struct
sockaddr_storage) rather than the actual addrlen previously returned
by getaddrinfo().  While that appears to work on many platforms,
it does not work on FreeBSD 11: you get back a failure, which leads
to the view showing NULL for the address and netmask columns in all
rows.  The POSIX spec for getnameinfo() is pretty clearly on
FreeBSD's side here: you should pass the actual address length.
So it seems plausible that there are other platforms where this
coding also fails, and we just hadn't noticed.

Also, IMO the fact that getnameinfo() failure leads to a NULL output
is pretty bogus in itself.  Our pg_getnameinfo_all() wrapper is
careful to emit "???" on failure, and we should use that in such
cases.  NULL should only be emitted in rows that don't have IP
addresses.

Per bug #16695 from Peter Vandivier.  Back-patch to v10 where this
code was added.

Discussion: https://postgr.es/m/16695-a665558e2f630be7@postgresql.org
2020-11-02 21:11:50 -05:00

141 lines
2.7 KiB
C
Raw Blame History

/*-------------------------------------------------------------------------
*
* hba.h
* Interface to hba.c
*
*
* src/include/libpq/hba.h
*
*-------------------------------------------------------------------------
*/
#ifndef HBA_H
#define HBA_H
#include "libpq/pqcomm.h" /* pgrminclude ignore */ /* needed for NetBSD */
#include "nodes/pg_list.h"
#include "regex/regex.h"
/*
* The following enum represents the authentication methods that
* are supported by PostgreSQL.
*
* Note: keep this in sync with the UserAuthName array in hba.c.
*/
typedef enum UserAuth
{
uaReject,
uaImplicitReject, /* Not a user-visible option */
uaTrust,
uaIdent,
uaPassword,
uaMD5,
uaSCRAM,
uaGSS,
uaSSPI,
uaPAM,
uaBSD,
uaLDAP,
uaCert,
uaRADIUS,
uaPeer
#define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
} UserAuth;
/*
* Data structures representing pg_hba.conf entries
*/
typedef enum IPCompareMethod
{
ipCmpMask,
ipCmpSameHost,
ipCmpSameNet,
ipCmpAll
} IPCompareMethod;
typedef enum ConnType
{
ctLocal,
ctHost,
ctHostSSL,
ctHostNoSSL,
ctHostGSS,
ctHostNoGSS,
} ConnType;
typedef enum ClientCertMode
{
clientCertOff,
clientCertCA,
clientCertFull
} ClientCertMode;
typedef struct HbaLine
{
int linenumber;
char *rawline;
ConnType conntype;
List *databases;
List *roles;
struct sockaddr_storage addr;
struct sockaddr_storage mask;
IPCompareMethod ip_cmp_method;
char *hostname;
UserAuth auth_method;
char *usermap;
char *pamservice;
bool pam_use_hostname;
bool ldaptls;
char *ldapscheme;
char *ldapserver;
int ldapport;
char *ldapbinddn;
char *ldapbindpasswd;
char *ldapsearchattribute;
char *ldapsearchfilter;
char *ldapbasedn;
int ldapscope;
char *ldapprefix;
char *ldapsuffix;
ClientCertMode clientcert;
char *krb_realm;
bool include_realm;
bool compat_realm;
bool upn_username;
List *radiusservers;
char *radiusservers_s;
List *radiussecrets;
char *radiussecrets_s;
List *radiusidentifiers;
char *radiusidentifiers_s;
List *radiusports;
char *radiusports_s;
int addrlen; /* zero if we don't have a valid addr */
int masklen; /* zero if we don't have a valid mask */
} HbaLine;
typedef struct IdentLine
{
int linenumber;
char *usermap;
char *ident_user;
char *pg_role;
regex_t re;
} IdentLine;
/* kluge to avoid including libpq/libpq-be.h here */
typedef struct Port hbaPort;
extern bool load_hba(void);
extern bool load_ident(void);
extern void hba_getauthmethod(hbaPort *port);
extern int check_usermap(const char *usermap_name,
const char *pg_role, const char *auth_user,
bool case_sensitive);
extern bool pg_isblank(const char c);
#endif /* HBA_H */
View Git Blame Copy Permalink