Skip to content

Commit 3995c42

Browse files
tglsfdctglsfdc
committed
Improve log messages related to pg_hba.conf not matching a connection.
Include details on whether GSS encryption has been activated; since we added "hostgssenc" type HBA entries, that's relevant info. Kyotaro Horiguchi and Tom Lane. Back-patch to v12 where GSS encryption was introduced. Discussion: https://postgr.es/m/e5b0b6ed05764324a2f3fe7acfc766d5@smhi.se
1 parent 622ae46 commit 3995c42

File tree

1 file changed

+28
-44
lines changed

1 file changed

+28
-44
lines changed

src/backend/libpq/auth.c

Lines changed: 28 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -401,44 +401,37 @@ ClientAuthentication(Port *port)
401401
*/
402402
{
403403
char hostinfo[NI_MAXHOST];
404+
const char *encryption_state;
404405

405406
pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
406407
hostinfo, sizeof(hostinfo),
407408
NULL, 0,
408409
NI_NUMERICHOST);
409410

410-
if (am_walsender)
411-
{
411+
encryption_state =
412+
#ifdef ENABLE_GSS
413+
(port->gss && port->gss->enc) ? _("GSS encryption") :
414+
#endif
412415
#ifdef USE_SSL
416+
port->ssl_in_use ? _("SSL encryption") :
417+
#endif
418+
_("no encryption");
419+
420+
if (am_walsender)
413421
ereport(FATAL,
414422
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
423+
/* translator: last %s describes encryption state */
415424
errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
416425
hostinfo, port->user_name,
417-
port->ssl_in_use ? _("SSL on") : _("SSL off"))));
418-
#else
419-
ereport(FATAL,
420-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
421-
errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\"",
422-
hostinfo, port->user_name)));
423-
#endif
424-
}
426+
encryption_state)));
425427
else
426-
{
427-
#ifdef USE_SSL
428428
ereport(FATAL,
429429
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
430+
/* translator: last %s describes encryption state */
430431
errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
431432
hostinfo, port->user_name,
432433
port->database_name,
433-
port->ssl_in_use ? _("SSL on") : _("SSL off"))));
434-
#else
435-
ereport(FATAL,
436-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
437-
errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\"",
438-
hostinfo, port->user_name,
439-
port->database_name)));
440-
#endif
441-
}
434+
encryption_state)));
442435
break;
443436
}
444437

@@ -454,12 +447,22 @@ ClientAuthentication(Port *port)
454447
*/
455448
{
456449
char hostinfo[NI_MAXHOST];
450+
const char *encryption_state;
457451

458452
pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
459453
hostinfo, sizeof(hostinfo),
460454
NULL, 0,
461455
NI_NUMERICHOST);
462456

457+
encryption_state =
458+
#ifdef ENABLE_GSS
459+
(port->gss && port->gss->enc) ? _("GSS encryption") :
460+
#endif
461+
#ifdef USE_SSL
462+
port->ssl_in_use ? _("SSL encryption") :
463+
#endif
464+
_("no encryption");
465+
463466
#define HOSTNAME_LOOKUP_DETAIL(port) \
464467
(port->remote_hostname ? \
465468
(port->remote_hostname_resolv == +1 ? \
@@ -482,41 +485,22 @@ ClientAuthentication(Port *port)
482485
0))
483486

484487
if (am_walsender)
485-
{
486-
#ifdef USE_SSL
487488
ereport(FATAL,
488489
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
490+
/* translator: last %s describes encryption state */
489491
errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
490492
hostinfo, port->user_name,
491-
port->ssl_in_use ? _("SSL on") : _("SSL off")),
493+
encryption_state),
492494
HOSTNAME_LOOKUP_DETAIL(port)));
493-
#else
494-
ereport(FATAL,
495-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
496-
errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\"",
497-
hostinfo, port->user_name),
498-
HOSTNAME_LOOKUP_DETAIL(port)));
499-
#endif
500-
}
501495
else
502-
{
503-
#ifdef USE_SSL
504496
ereport(FATAL,
505497
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
498+
/* translator: last %s describes encryption state */
506499
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
507500
hostinfo, port->user_name,
508501
port->database_name,
509-
port->ssl_in_use ? _("SSL on") : _("SSL off")),
510-
HOSTNAME_LOOKUP_DETAIL(port)));
511-
#else
512-
ereport(FATAL,
513-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
514-
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"",
515-
hostinfo, port->user_name,
516-
port->database_name),
502+
encryption_state),
517503
HOSTNAME_LOOKUP_DETAIL(port)));
518-
#endif
519-
}
520504
break;
521505
}
522506

0 commit comments

Comments
 (0)