/* * PerformAuthentication -- authenticate a remote client * * returns: nothing. Will not return at all if there's any failure. */ static void PerformAuthentication(Port *port) { /* This should be set already, but let's make sure */ ClientAuthInProgress = true; /* limit visibility of log messages */ /* * In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.conf * etcetera from the postmaster, and have to load them ourselves. Note we * are loading them into the startup transaction's memory context, not * PostmasterContext, but that shouldn't matter. * * FIXME: [fork/exec] Ugh. Is there a way around this overhead? */ #ifdef EXEC_BACKEND if (!load_hba()) { /* * It makes no sense to continue if we fail to load the HBA file, * since there is no way to connect to the database in this case. */ ereport(FATAL, (errmsg("could not load pg_hba.conf"))); } load_ident(); #endif /* * Set up a timeout in case a buggy or malicious client fails to respond * during authentication. Since we're inside a transaction and might do * database access, we have to use the statement_timeout infrastructure. */ enable_timeout_after(STATEMENT_TIMEOUT, AuthenticationTimeout * 1000); /* * Now perform authentication exchange. */ ClientAuthentication(port); /* might not return, if failure */ /* * Done with authentication. Disable the timeout, and log if needed. */ disable_timeout(STATEMENT_TIMEOUT, false); if (Log_connections) { if (am_walsender) ereport(LOG, (errmsg("replication connection authorized: user=%s", port->user_name))); else ereport(LOG, (errmsg("connection authorized: user=%s database=%s", port->user_name, port->database_name))); } set_ps_display("startup", false); ClientAuthInProgress = false; /* client_min_messages is active now */ }
/* * PerformAuthentication -- authenticate a remote client * * returns: nothing. Will not return at all if there's any failure. */ static void PerformAuthentication(Port *port) { /* This should be set already, but let's make sure */ ClientAuthInProgress = true; /* limit visibility of log messages */ /* * In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.conf * etcetera from the postmaster, and have to load them ourselves. * * FIXME: [fork/exec] Ugh. Is there a way around this overhead? */ #ifdef EXEC_BACKEND if (!load_hba()) { /* * It makes no sense to continue if we fail to load the HBA file, * since there is no way to connect to the database in this case. */ ereport(FATAL, (errmsg("could not load pg_hba.conf"))); } if (!load_ident()) { /* * It is ok to continue if we fail to load the IDENT file, although it * means that you cannot log in using any of the authentication * methods that need a user name mapping. load_ident() already logged * the details of error to the log. */ } #endif /* * Set up a timeout in case a buggy or malicious client fails to respond * during authentication. Since we're inside a transaction and might do * database access, we have to use the statement_timeout infrastructure. */ enable_timeout_after(STATEMENT_TIMEOUT, AuthenticationTimeout * 1000); /* * Now perform authentication exchange. */ ClientAuthentication(port); /* might not return, if failure */ /* * Done with authentication. Disable the timeout, and log if needed. */ disable_timeout(STATEMENT_TIMEOUT, false); if (Log_connections) { if (am_walsender) { #ifdef USE_SSL if (port->ssl) ereport(LOG, (errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)", port->user_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl), SSL_get_current_compression(port->ssl) ? _("on") : _("off")))); else #endif ereport(LOG, (errmsg("replication connection authorized: user=%s", port->user_name))); } else { #ifdef USE_SSL if (port->ssl) ereport(LOG, (errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)", port->user_name, port->database_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl), SSL_get_current_compression(port->ssl) ? _("on") : _("off")))); else #endif ereport(LOG, (errmsg("connection authorized: user=%s database=%s", port->user_name, port->database_name))); } } set_ps_display("startup", false); ClientAuthInProgress = false; /* client_min_messages is active now */ }