diff options
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 150 |
1 files changed, 75 insertions, 75 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index b348bce3e2e..dd7de7c3a4e 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -373,7 +373,7 @@ ClientAuthentication(Port *port) if (!port->peer_cert_valid) ereport(FATAL, (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("connection requires a valid client certificate"))); + errmsg("connection requires a valid client certificate"))); } /* @@ -405,32 +405,32 @@ ClientAuthentication(Port *port) { #ifdef USE_SSL ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s", - hostinfo, port->user_name, - port->ssl_in_use ? _("SSL on") : _("SSL off")))); + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s", + hostinfo, port->user_name, + port->ssl_in_use ? _("SSL on") : _("SSL off")))); #else ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\"", - hostinfo, port->user_name))); + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\"", + hostinfo, port->user_name))); #endif } else { #ifdef USE_SSL ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s", - hostinfo, port->user_name, - port->database_name, - port->ssl_in_use ? _("SSL on") : _("SSL off")))); + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s", + hostinfo, port->user_name, + port->database_name, + port->ssl_in_use ? _("SSL on") : _("SSL off")))); #else ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\"", - hostinfo, port->user_name, - port->database_name))); + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\"", + hostinfo, port->user_name, + port->database_name))); #endif } break; @@ -479,36 +479,36 @@ ClientAuthentication(Port *port) { #ifdef USE_SSL ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s", - hostinfo, port->user_name, - port->ssl_in_use ? _("SSL on") : _("SSL off")), - HOSTNAME_LOOKUP_DETAIL(port))); + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s", + hostinfo, port->user_name, + port->ssl_in_use ? _("SSL on") : _("SSL off")), + HOSTNAME_LOOKUP_DETAIL(port))); #else ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\"", - hostinfo, port->user_name), - HOSTNAME_LOOKUP_DETAIL(port))); + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\"", + hostinfo, port->user_name), + HOSTNAME_LOOKUP_DETAIL(port))); #endif } else { #ifdef USE_SSL ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s", - hostinfo, port->user_name, - port->database_name, - port->ssl_in_use ? _("SSL on") : _("SSL off")), - HOSTNAME_LOOKUP_DETAIL(port))); + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s", + hostinfo, port->user_name, + port->database_name, + port->ssl_in_use ? _("SSL on") : _("SSL off")), + HOSTNAME_LOOKUP_DETAIL(port))); #else ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"", - hostinfo, port->user_name, - port->database_name), - HOSTNAME_LOOKUP_DETAIL(port))); + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"", + hostinfo, port->user_name, + port->database_name), + HOSTNAME_LOOKUP_DETAIL(port))); #endif } break; @@ -658,8 +658,8 @@ recv_password_packet(Port *port) if (mtype != EOF) ereport(ERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), - errmsg("expected password response, got message type %d", - mtype))); + errmsg("expected password response, got message type %d", + mtype))); return NULL; /* EOF or bad message type */ } } @@ -1196,7 +1196,7 @@ pg_GSS_recvauth(Port *port) (unsigned int) port->gss->outbuf.length); sendAuthRequest(port, AUTH_REQ_GSS_CONT, - port->gss->outbuf.value, port->gss->outbuf.length); + port->gss->outbuf.value, port->gss->outbuf.length); gss_release_buffer(&lmin_s, &port->gss->outbuf); } @@ -1205,7 +1205,7 @@ pg_GSS_recvauth(Port *port) { gss_delete_sec_context(&lmin_s, &port->gss->ctx, GSS_C_NO_BUFFER); pg_GSS_error(ERROR, - gettext_noop("accepting GSS security context failed"), + gettext_noop("accepting GSS security context failed"), maj_stat, min_stat); } @@ -1264,7 +1264,7 @@ pg_GSS_recvauth(Port *port) { /* GSS realm does not match */ elog(DEBUG2, - "GSSAPI realm (%s) and configured realm (%s) don't match", + "GSSAPI realm (%s) and configured realm (%s) don't match", cp, port->hba->krb_realm); gss_release_buffer(&lmin_s, &gbuf); return STATUS_ERROR; @@ -1443,7 +1443,7 @@ pg_SSPI_recvauth(Port *port) port->gss->outbuf.value = outbuf.pBuffers[0].pvBuffer; sendAuthRequest(port, AUTH_REQ_GSS_CONT, - port->gss->outbuf.value, port->gss->outbuf.length); + port->gss->outbuf.value, port->gss->outbuf.length); FreeContextBuffer(outbuf.pBuffers[0].pvBuffer); } @@ -1543,16 +1543,16 @@ pg_SSPI_recvauth(Port *port) if (!GetTokenInformation(token, TokenUser, tokenuser, retlen, &retlen)) ereport(ERROR, - (errmsg_internal("could not get token information: error code %lu", - GetLastError()))); + (errmsg_internal("could not get token information: error code %lu", + GetLastError()))); CloseHandle(token); if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize, domainname, &domainnamesize, &accountnameuse)) ereport(ERROR, - (errmsg_internal("could not look up account SID: error code %lu", - GetLastError()))); + (errmsg_internal("could not look up account SID: error code %lu", + GetLastError()))); free(tokenuser); @@ -1947,8 +1947,8 @@ ident_inet(hbaPort *port) ident_return = interpret_ident_response(ident_response, ident_user); if (!ident_return) ereport(LOG, - (errmsg("invalidly formatted response from Ident server: \"%s\"", - ident_response))); + (errmsg("invalidly formatted response from Ident server: \"%s\"", + ident_response))); ident_inet_done: if (sock_fd != PGINVALID_SOCKET) @@ -1987,7 +1987,7 @@ auth_peer(hbaPort *port) if (errno == ENOSYS) ereport(LOG, (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), - errmsg("peer authentication is not supported on this platform"))); + errmsg("peer authentication is not supported on this platform"))); else ereport(LOG, (errcode_for_socket_access(), @@ -2084,7 +2084,7 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message **msg, if (strlen(passwd) == 0) { ereport(LOG, - (errmsg("empty password returned by client"))); + (errmsg("empty password returned by client"))); goto fail; } } @@ -2139,7 +2139,7 @@ CheckPAMAuth(Port *port, char *user, char *password) retval = pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen, hostinfo, sizeof(hostinfo), NULL, 0, - port->hba->pam_use_hostname ? 0 : NI_NUMERICHOST | NI_NUMERICSERV); + port->hba->pam_use_hostname ? 0 : NI_NUMERICHOST | NI_NUMERICSERV); if (retval != 0) { ereport(WARNING, @@ -2457,8 +2457,8 @@ CheckLDAPAuth(Port *port) * searching. If none is specified, this turns into an anonymous bind. */ r = ldap_simple_bind_s(ldap, - port->hba->ldapbinddn ? port->hba->ldapbinddn : "", - port->hba->ldapbindpasswd ? port->hba->ldapbindpasswd : ""); + port->hba->ldapbinddn ? port->hba->ldapbinddn : "", + port->hba->ldapbindpasswd ? port->hba->ldapbindpasswd : ""); if (r != LDAP_SUCCESS) { ereport(LOG, @@ -2487,7 +2487,7 @@ CheckLDAPAuth(Port *port) { ereport(LOG, (errmsg("could not search LDAP for filter \"%s\" on server \"%s\": %s", - filter, port->hba->ldapserver, ldap_err2string(r)))); + filter, port->hba->ldapserver, ldap_err2string(r)))); pfree(filter); return STATUS_ERROR; } @@ -2497,16 +2497,16 @@ CheckLDAPAuth(Port *port) { if (count == 0) ereport(LOG, - (errmsg("LDAP user \"%s\" does not exist", port->user_name), - errdetail("LDAP search for filter \"%s\" on server \"%s\" returned no entries.", - filter, port->hba->ldapserver))); + (errmsg("LDAP user \"%s\" does not exist", port->user_name), + errdetail("LDAP search for filter \"%s\" on server \"%s\" returned no entries.", + filter, port->hba->ldapserver))); else ereport(LOG, - (errmsg("LDAP user \"%s\" is not unique", port->user_name), - errdetail_plural("LDAP search for filter \"%s\" on server \"%s\" returned %d entry.", - "LDAP search for filter \"%s\" on server \"%s\" returned %d entries.", - count, - filter, port->hba->ldapserver, count))); + (errmsg("LDAP user \"%s\" is not unique", port->user_name), + errdetail_plural("LDAP search for filter \"%s\" on server \"%s\" returned %d entry.", + "LDAP search for filter \"%s\" on server \"%s\" returned %d entries.", + count, + filter, port->hba->ldapserver, count))); pfree(filter); ldap_msgfree(search_message); @@ -2522,7 +2522,7 @@ CheckLDAPAuth(Port *port) (void) ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &error); ereport(LOG, (errmsg("could not get dn for the first entry matching \"%s\" on server \"%s\": %s", - filter, port->hba->ldapserver, ldap_err2string(error)))); + filter, port->hba->ldapserver, ldap_err2string(error)))); pfree(filter); ldap_msgfree(search_message); return STATUS_ERROR; @@ -2542,7 +2542,7 @@ CheckLDAPAuth(Port *port) (void) ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &error); ereport(LOG, (errmsg("could not unbind after searching for user \"%s\" on server \"%s\": %s", - fulluser, port->hba->ldapserver, ldap_err2string(error)))); + fulluser, port->hba->ldapserver, ldap_err2string(error)))); pfree(fulluser); return STATUS_ERROR; } @@ -2561,9 +2561,9 @@ CheckLDAPAuth(Port *port) } else fulluser = psprintf("%s%s%s", - port->hba->ldapprefix ? port->hba->ldapprefix : "", + port->hba->ldapprefix ? port->hba->ldapprefix : "", port->user_name, - port->hba->ldapsuffix ? port->hba->ldapsuffix : ""); + port->hba->ldapsuffix ? port->hba->ldapsuffix : ""); r = ldap_simple_bind_s(ldap, fulluser, passwd); ldap_unbind(ldap); @@ -2571,8 +2571,8 @@ CheckLDAPAuth(Port *port) if (r != LDAP_SUCCESS) { ereport(LOG, - (errmsg("LDAP login failed for user \"%s\" on server \"%s\": %s", - fulluser, port->hba->ldapserver, ldap_err2string(r)))); + (errmsg("LDAP login failed for user \"%s\" on server \"%s\": %s", + fulluser, port->hba->ldapserver, ldap_err2string(r)))); pfree(fulluser); return STATUS_ERROR; } @@ -2744,8 +2744,8 @@ CheckRADIUSAuth(Port *port) { int ret = PerformRadiusTransaction(lfirst(server), lfirst(secrets), - radiusports ? lfirst(radiusports) : NULL, - identifiers ? lfirst(identifiers) : NULL, + radiusports ? lfirst(radiusports) : NULL, + identifiers ? lfirst(identifiers) : NULL, port->user_name, passwd); @@ -3049,7 +3049,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi { ereport(LOG, (errmsg("RADIUS response from %s has corrupt length: %d (actual length %d)", - server, ntohs(receivepacket->length), packetlength))); + server, ntohs(receivepacket->length), packetlength))); continue; } @@ -3081,7 +3081,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi encryptedpassword)) { ereport(LOG, - (errmsg("could not perform MD5 encryption of received packet"))); + (errmsg("could not perform MD5 encryption of received packet"))); pfree(cryptvector); continue; } @@ -3090,8 +3090,8 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi if (memcmp(receivepacket->vector, encryptedpassword, RADIUS_VECTOR_LENGTH) != 0) { ereport(LOG, - (errmsg("RADIUS response from %s has incorrect MD5 signature", - server))); + (errmsg("RADIUS response from %s has incorrect MD5 signature", + server))); continue; } |