Skip to content

Commit 3995c42

Browse files
tglsfdctglsfdc
committed
Improve log messages related to pg_hba.conf not matching a connection.
Include details on whether GSS encryption has been activated; since we added "hostgssenc" type HBA entries, that's relevant info. Kyotaro Horiguchi and Tom Lane. Back-patch to v12 where GSS encryption was introduced. Discussion: https://postgr.es/m/e5b0b6ed05764324a2f3fe7acfc766d5@smhi.se
1 parent 622ae46 commit 3995c42

File tree

1 file changed

+28
-44
lines changed

1 file changed

+28
-44
lines changed

src/backend/libpq/auth.c

Lines changed: 28 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -401,44 +401,37 @@ ClientAuthentication(Port *port)
401401
*/
402402
{
403403
char hostinfo[NI_MAXHOST];
404+
const char *encryption_state;
404405

405406
pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
406407
hostinfo, sizeof(hostinfo),
407408
NULL, 0,
408409
NI_NUMERICHOST);
409410

410-
if (am_walsender)
411-
{
411+
encryption_state =
412+
#ifdef ENABLE_GSS
413+
(port->gss && port->gss->enc) ? _("GSS encryption") :
414+
#endif
412415
#ifdef USE_SSL
416+
port->ssl_in_use ? _("SSL encryption") :
417+
#endif
418+
_("no encryption");
419+
420+
if (am_walsender)
413421
ereport(FATAL,
414422
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
423+
/* translator: last %s describes encryption state */
415424
errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
416425
hostinfo, port->user_name,
417-
port->ssl_in_use ? _("SSL on") : _("SSL off"))));
418-
#else
419-
ereport(FATAL,
420-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
421-
errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\"",
422-
hostinfo, port->user_name)));
423-
#endif
424-
}
426+
encryption_state)));
425427
else
426-
{
427-
#ifdef USE_SSL
428428
ereport(FATAL,
429429
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
430+
/* translator: last %s describes encryption state */
430431
errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
431432
hostinfo, port->user_name,
432433
port->database_name,
433-
port->ssl_in_use ? _("SSL on") : _("SSL off"))));
434-
#else
435-
ereport(FATAL,
436-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
437-
errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\"",
438-
hostinfo, port->user_name,
439-
port->database_name)));
440-
#endif
441-
}
434+
encryption_state)));
442435
break;
443436
}
444437

@@ -454,12 +447,22 @@ ClientAuthentication(Port *port)
454447
*/
455448
{
456449
char hostinfo[NI_MAXHOST];
450+
const char *encryption_state;
457451

458452
pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
459453
hostinfo, sizeof(hostinfo),
460454
NULL, 0,
461455
NI_NUMERICHOST);
462456

457+
encryption_state =
458+
#ifdef ENABLE_GSS
459+
(port->gss && port->gss->enc) ? _("GSS encryption") :
460+
#endif
461+
#ifdef USE_SSL
462+
port->ssl_in_use ? _("SSL encryption") :
463+
#endif
464+
_("no encryption");
465+
463466
#define HOSTNAME_LOOKUP_DETAIL(port) \
464467
(port->remote_hostname ? \
465468
(port->remote_hostname_resolv == +1 ? \
@@ -482,41 +485,22 @@ ClientAuthentication(Port *port)
482485
0))
483486

484487
if (am_walsender)
485-
{
486-
#ifdef USE_SSL
487488
ereport(FATAL,
488489
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
490+
/* translator: last %s describes encryption state */
489491
errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
490492
hostinfo, port->user_name,
491-
port->ssl_in_use ? _("SSL on") : _("SSL off")),
493+
encryption_state),
492494
HOSTNAME_LOOKUP_DETAIL(port)));
493-
#else
494-
ereport(FATAL,
495-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
496-
errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\"",
497-
hostinfo, port->user_name),
498-
HOSTNAME_LOOKUP_DETAIL(port)));
499-
#endif
500-
}
501495
else
502-
{
503-
#ifdef USE_SSL
504496
ereport(FATAL,
505497
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
498+
/* translator: last %s describes encryption state */
506499
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
507500
hostinfo, port->user_name,
508501
port->database_name,
509-
port->ssl_in_use ? _("SSL on") : _("SSL off")),
510-
HOSTNAME_LOOKUP_DETAIL(port)));
511-
#else
512-
ereport(FATAL,
513-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
514-
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"",
515-
hostinfo, port->user_name,
516-
port->database_name),
502+
encryption_state),
517503
HOSTNAME_LOOKUP_DETAIL(port)));
518-
#endif
519-
}
520504
break;
521505
}
522506

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy