bool set_pool(PgSocket *client, const char *dbname, const char *username, const char *password, bool takeover)
{
/* find database */
client->db = find_database(dbname);
if (!client->db) {
client->db = register_auto_database(dbname);
if (!client->db) {
disconnect_client(client, true, "No such database: %s", dbname);
if (cf_log_connections)
slog_info(client, "login failed: db=%s user=%s", dbname, username);
return false;
}
else {
slog_info(client, "registered new auto-database: db = %s", dbname );
}
}
/* are new connections allowed? */
if (client->db->db_disabled) {
disconnect_client(client, true, "database does not allow connections: %s", dbname);
return false;
}
if (client->db->admin) {
if (admin_pre_login(client, username))
return finish_set_pool(client, takeover);
}
/* find user */
if (cf_auth_type == AUTH_ANY) {
/* ignore requested user */
if (client->db->forced_user == NULL) {
slog_error(client, "auth_type=any requires forced user");
disconnect_client(client, true, "bouncer config error");
return false;
}
client->auth_user = client->db->forced_user;
} else {
/* the user clients wants to log in as */
client->auth_user = find_user(username);
if (!client->auth_user && client->db->auth_user) {
if (takeover) {
client->auth_user = add_db_user(client->db, username, password);
return finish_set_pool(client, takeover);
}
start_auth_request(client, username);
return false;
}
if (!client->auth_user) {
disconnect_client(client, true, "No such user: %s", username);
if (cf_log_connections)
slog_info(client, "login failed: db=%s user=%s", dbname, username);
return false;
}
}
return finish_set_pool(client, takeover);
}
bool handle_auth_response(PgSocket *client, PktHdr *pkt) {
uint16_t columns;
uint32_t length;
const char *username, *password;
PgUser user;
PgSocket *server = client->link;
switch(pkt->type) {
case 'T': /* RowDescription */
if (!mbuf_get_uint16be(&pkt->data, &columns)) {
disconnect_server(server, false, "bad packet");
return false;
}
if (columns != 2u) {
disconnect_server(server, false, "expected 1 column from login query, not %hu", columns);
return false;
}
break;
case 'D': /* DataRow */
memset(&user, 0, sizeof(user));
if (!mbuf_get_uint16be(&pkt->data, &columns)) {
disconnect_server(server, false, "bad packet");
return false;
}
if (columns != 2u) {
disconnect_server(server, false, "expected 1 column from login query, not %hu", columns);
return false;
}
if (!mbuf_get_uint32be(&pkt->data, &length)) {
disconnect_server(server, false, "bad packet");
return false;
}
if (!mbuf_get_chars(&pkt->data, length, &username)) {
disconnect_server(server, false, "bad packet");
return false;
}
if (sizeof(user.name) - 1 < length)
length = sizeof(user.name) - 1;
memcpy(user.name, username, length);
if (!mbuf_get_uint32be(&pkt->data, &length)) {
disconnect_server(server, false, "bad packet");
return false;
}
if (length == (uint32_t)-1) {
// NULL - set an md5 password with an impossible value,
// so that nothing will ever match
password = "******";
length = 3;
} else {
if (!mbuf_get_chars(&pkt->data, length, &password)) {
disconnect_server(server, false, "bad packet");
return false;
}
}
if (sizeof(user.passwd) - 1 < length)
length = sizeof(user.passwd) - 1;
memcpy(user.passwd, password, length);
client->auth_user = add_db_user(client->db, user.name, user.passwd);
if (!client->auth_user) {
disconnect_server(server, false, "unable to allocate new user for auth");
return false;
}
break;
case 'C': /* CommandComplete */
break;
case 'Z': /* ReadyForQuery */
sbuf_prepare_skip(&client->link->sbuf, pkt->len);
if (!client->auth_user) {
if (cf_log_connections)
slog_info(client, "login failed: db=%s", client->db->name);
disconnect_client(client, true, "No such user");
} else {
slog_noise(client, "auth query complete");
client->link->resetting = true;
sbuf_continue(&client->sbuf);
}
// either sbuf_continue or disconnect_client could disconnect the server
// way down in their bowels of other callbacks. so check that, and
// return appropriately (similar to reuse_on_release)
if (server->state == SV_FREE || server->state == SV_JUSTFREE)
return false;
return true;
default:
disconnect_server(server, false, "unexpected response from login query");
return false;
}
sbuf_prepare_skip(&server->sbuf, pkt->len);
return true;
}
bool set_pool(PgSocket *client, const char *dbname, const char *username, const char *password, bool takeover)
{
/* find database */
client->db = find_database(dbname);
if (!client->db) {
client->db = register_auto_database(dbname);
if (!client->db) {
disconnect_client(client, true, "no such database: %s", dbname);
if (cf_log_connections)
slog_info(client, "login failed: db=%s user=%s", dbname, username);
return false;
} else {
slog_info(client, "registered new auto-database: db=%s", dbname);
}
}
/* are new connections allowed? */
if (client->db->db_disabled) {
disconnect_client(client, true, "database does not allow connections: %s", dbname);
return false;
}
if (client->db->admin) {
if (admin_pre_login(client, username))
return finish_set_pool(client, takeover);
}
/* find user */
if (cf_auth_type == AUTH_ANY) {
/* ignore requested user */
if (client->db->forced_user == NULL) {
slog_error(client, "auth_type=any requires forced user");
disconnect_client(client, true, "bouncer config error");
return false;
}
client->auth_user = client->db->forced_user;
} else if (cf_auth_type == AUTH_PAM) {
if (client->db->auth_user) {
slog_error(client, "PAM can't be used together with database authorization");
disconnect_client(client, true, "bouncer config error");
return false;
}
/* Password will be set after successful authorization when not in takeover mode */
client->auth_user = add_pam_user(username, password);
if (!client->auth_user) {
slog_error(client, "set_pool(): failed to allocate new PAM user");
disconnect_client(client, true, "bouncer resources exhaustion");
return false;
}
} else {
/* the user clients wants to log in as */
client->auth_user = find_user(username);
if (!client->auth_user && client->db->auth_user) {
if (takeover) {
client->auth_user = add_db_user(client->db, username, password);
return finish_set_pool(client, takeover);
}
start_auth_request(client, username);
return false;
}
if (!client->auth_user) {
disconnect_client(client, true, "no such user: %s", username);
if (cf_log_connections)
slog_info(client, "login failed: db=%s user=%s", dbname, username);
return false;
}
}
return finish_set_pool(client, takeover);
}
