Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
Postgres FD Implementation
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Abuhujair Javed
Postgres FD Implementation
Commits
c4213aed
Commit
c4213aed
authored
Jan 27, 1998
by
Marc G. Fournier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
From: Phil Thompson <phil@river-bank.demon.co.uk>
Cleanup patches for previous protocol changes patch
parent
7c3dc8f7
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
128 additions
and
22 deletions
+128
-22
src/Makefile.global.in
src/Makefile.global.in
+3
-3
src/backend/libpq/auth.c
src/backend/libpq/auth.c
+2
-2
src/backend/libpq/hba.c
src/backend/libpq/hba.c
+9
-2
src/backend/libpq/pg_hba.conf.sample
src/backend/libpq/pg_hba.conf.sample
+5
-0
src/backend/libpq/pqcomm.c
src/backend/libpq/pqcomm.c
+2
-2
src/backend/parser/scan.c
src/backend/parser/scan.c
+2
-2
src/man/pg_hba.conf.5
src/man/pg_hba.conf.5
+105
-11
No files found.
src/Makefile.global.in
View file @
c4213aed
...
...
@@ -7,7 +7,7 @@
#
#
# IDENTIFICATION
# $Header: /cvsroot/pgsql/src/Makefile.global.in,v 1.3
2 1998/01/15 19:41:35 pgsql
Exp $
# $Header: /cvsroot/pgsql/src/Makefile.global.in,v 1.3
3 1998/01/27 03:24:51 scrappy
Exp $
#
# NOTES
# Essentially all Postgres make files include this file and use the
...
...
@@ -157,10 +157,10 @@ USE_TCL= @USE_TCL@
#
TCL_INCDIR
=
/usr/local/include
TCL_LIBDIR
=
/usr/local/lib
TCL_LIB
=
-ltcl80
TCL_LIB
=
-ltcl8
.
0
TK_INCDIR
=
/usr/local/include
TK_LIBDIR
=
/usr/local/lib
TK_LIB
=
-ltk80
TK_LIB
=
-ltk8
.
0
USE_PERL
=
@USE_PERL@
...
...
src/backend/libpq/auth.c
View file @
c4213aed
...
...
@@ -7,7 +7,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.2
2 1998/01/27 03:11:41 momjian
Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.2
3 1998/01/27 03:24:54 scrappy
Exp $
*
*-------------------------------------------------------------------------
*/
...
...
@@ -401,7 +401,7 @@ void be_recvauth(Port *port)
if
(
hba_getauthmethod
(
&
port
->
raddr
,
port
->
database
,
port
->
auth_arg
,
&
port
->
auth_method
)
!=
STATUS_OK
)
{
PacketSendError
(
&
port
->
pktInfo
,
"
Error getting authentication method
"
);
PacketSendError
(
&
port
->
pktInfo
,
"
Missing or mis-configured pg_hba.conf file
"
);
return
;
}
...
...
src/backend/libpq/hba.c
View file @
c4213aed
...
...
@@ -7,7 +7,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.2
6 1998/01/26 01:41:08
scrappy Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.2
7 1998/01/27 03:24:56
scrappy Exp $
*
*-------------------------------------------------------------------------
*/
...
...
@@ -337,8 +337,15 @@ process_open_config_file(FILE *file, SockAddr *raddr, const char database[],
}
}
if
(
found_entry
&&
!
error
)
if
(
!
error
)
{
/* If no entry was found then force a rejection. */
if
(
!
found_entry
)
*
userauth_p
=
uaReject
;
*
host_ok_p
=
true
;
}
}
...
...
src/backend/libpq/pg_hba.conf.sample
View file @
c4213aed
...
...
@@ -122,3 +122,8 @@
# connect as Postgres user "guest1", the connection is only allowed if
# there is an entry for map "omicron" in pg_ident.conf that says "bryanh" is
# allowed to connect as "guest1".
# By default, allow anything over UNIX domain sockets and localhost.
local all trust
host all 127.0.0.1 255.255.255.255 trust
src/backend/libpq/pqcomm.c
View file @
c4213aed
...
...
@@ -7,7 +7,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/pqcomm.c,v 1.3
5 1998/01/26 01:41:1
1 scrappy Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/pqcomm.c,v 1.3
6 1998/01/27 03:25:0
1 scrappy Exp $
*
*-------------------------------------------------------------------------
*/
...
...
@@ -619,7 +619,7 @@ StreamServerPort(char *hostName, short portName, int *fdP)
errno
);
pqdebug
(
"%s"
,
PQerrormsg
);
strcat
(
PQerrormsg
,
"
\t
Is another postmaster already running on that port?
\n
"
);
if
(
family
==
AF_UNIX
)
if
(
family
==
AF_UNIX
)
strcat
(
PQerrormsg
,
"
\t
If not, remove socket node (/tmp/.s.PGSQL.<portnr>)and retry.
\n
"
);
else
strcat
(
PQerrormsg
,
"
\t
If not, wait a few seconds and retry.
\n
"
);
...
...
src/backend/parser/scan.c
View file @
c4213aed
/* A lexical scanner generated by flex */
/* Scanner skeleton version:
* $Header: /cvsroot/pgsql/src/backend/parser/Attic/scan.c,v 1.
9 1998/01/24 19:40:56
scrappy Exp $
* $Header: /cvsroot/pgsql/src/backend/parser/Attic/scan.c,v 1.
10 1998/01/27 03:25:07
scrappy Exp $
*/
#define FLEX_SCANNER
...
...
@@ -539,7 +539,7 @@ char *yytext;
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/parser/Attic/scan.c,v 1.
9 1998/01/24 19:40:56
scrappy Exp $
* $Header: /cvsroot/pgsql/src/backend/parser/Attic/scan.c,v 1.
10 1998/01/27 03:25:07
scrappy Exp $
*
*-------------------------------------------------------------------------
*/
...
...
src/man/pg_hba.conf.5
View file @
c4213aed
.\" This is -*-nroff-*-
.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_hba.conf.5,v 1.
3 1997/08/26 17:30:03 momjian
Exp $
.TH pg_hba.conf 5 1
1/04/96 Postgres Postgres
.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_hba.conf.5,v 1.
4 1998/01/27 03:25:14 scrappy
Exp $
.TH pg_hba.conf 5 1
/26/98 PostgreSQL PostgreSQL
.SH NAME
$PGDATA/pg_hba.conf
.SH DESCRIPTION
"Host-based access control" is the name for the basic controls Postgres
exercises on what clients are allowed to access a database system.
It is called that because one of the factors that can control access is
from what host the client is connecting.
"Host-based access control" is the name for the basic controls PostgreSQL
exercises on what clients are allowed to access a database and how
the users on those clients must authenticate themselves.
.PP
Each database system contains a file named "pg_hba.conf", in its PGDATA
directory, that controls who can connect to
that database system
.
Each database system contains a file named "pg_hba.conf", in its
$
PGDATA
directory, that controls who can connect to
each database
.
.PP
The exact format of the pg_hba.conf file is described in the comments at
the top of the sample file pg_hba.conf.sample, which resides in the
the PostgreSQL "lib" sub-directory of the main postgres directory.
Every client that wants to access to a database
.IR must
be covered by one of
the entries in pg_hba.conf. Otherwise all attempted connections from that
client will be rejected with a "User authentication failed" error message.
.PP
The general format of the pg_hba.conf file is of a set of records, one per
line. Blank lines and lines beginning with '#' are ignored. A record is
made up of a number of fields which are separated by spaces and/or tabs.
.PP
Connections from clients can be made using UNIX domain sockets or Internet
domain sockets (ie. TCP/IP). Connections made using UNIX domain sockets
are controlled using records of the following format.
.PP
local <database> <authentication method>
.PP
<database> specifies the database that this record applies to. The value
.IR all
specifies that it applies to all databases. <authentication method>
specifies the method a user must use to authenticate themselves when
connecting to that database using UNIX domain sockets. The different methods
are described below.
.PP
Connections made using Internet domain sockets are controlled using records
of the following format.
.PP
host <database> <TCP/IP address> <TCP/IP mask> <authentication method>
.PP
The <TCP/IP mask> is logically anded to both the specified <TCP/IP address>
and the TCP/IP address
of the connecting client. If the two values that result are equal then the
record is used for this connection. If a connection matches more than one
record then the earliest one in the file is used. Both the <TCP/IP address>
and the <TCP/IP mask> are specified in dotted decimal notation.
.PP
If a connection fails to match any record then the
.IR reject
authentication method is applied (see below).
.SH "AUTHENTICATION METHODS"
The following authentication methods are supported for both UNIX and TCP/IP
domain sockets.
.PP
.IR trust
- the connection is allowed unconditionally.
.PP
.IR reject
- the connection is rejected unconditionally.
.PP
.IR crypt
- the client is asked for a password for the user. This is sent encrypted
(using crypt(3)) and compared against the password held in the pg_user table.
If the passwords match, the connection is allowed.
.PP
.IR password
- the client is asked for a password for the user. This is sent in clear
and compared against the password held in the pg_user table.
If the passwords match, the connection is allowed. An optional password file
may be specified after the
.IR password
keyword which is used to match the supplied password rather than the pg_user
table. See pg_passwd(1).
.PP
The following authentication methods are supported for TCP/IP
domain sockets only.
.PP
.IR krb4
- Kerberos V4 is used to authenticate the user.
.PP
.IR krb5
- Kerberos V5 is used to authenticate the user.
.PP
.IR ident
- the ident server on the client is used to authenticate the user (RFC 1413).
An optional map name may be specified after the
.IR ident
keyword which allows ident user names to be mapped onto PostgreSQL user names.
Maps are held in the file $PGDATA/pg_ident.conf.
.SH EXAMPLES
# Trust any connection via UNIX domain sockets.
local trust
# Trust any connection via TCP/IP from this machine.
host all 127.0.0.1 255.255.255.255 trust
# We don't like this machine.
host all 192.168.0.10 255.255.255.0 reject
# This machine can't encrypt so we ask for passwords in clear.
host all 192.168.0.3 255.255.255.0 password
# The rest of this group of machines should provide encrypted passwords.
host all 192.168.0.0 255.255.255.0 crypt
.SH "SEE ALSO"
pgintro(1).
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment