commit 6d75f67bee0ecae46ccb382c70eddbc2eb8c1d03 Author: Jose Arthur Benetasso Villanova Date: Wed Jan 27 14:29:18 2016 -0200 Using system_user variable diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 57c2f48..b3cd647 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -55,7 +55,7 @@ static int recv_and_check_password_packet(Port *port, char **logdetail); static int ident_inet(hbaPort *port); #ifdef HAVE_UNIX_SOCKETS -static int auth_peer(hbaPort *port); +static int auth_peer(hbaPort *port, char **system_user); #endif @@ -142,7 +142,7 @@ bool pg_krb_caseins_users; #include #endif -static int pg_GSS_recvauth(Port *port); +static int pg_GSS_recvauth(Port *port, char **system_user); #endif /* ENABLE_GSS */ @@ -154,7 +154,7 @@ static int pg_GSS_recvauth(Port *port); typedef SECURITY_STATUS (WINAPI * QUERY_SECURITY_CONTEXT_TOKEN_FN) ( PCtxtHandle, void **); -static int pg_SSPI_recvauth(Port *port); +static int pg_SSPI_recvauth(Port *port, char **system_user); #endif /*---------------------------------------------------------------- @@ -293,7 +293,7 @@ auth_failed(Port *port, int status, char *logdetail) * function does not return and the backend process is terminated. */ void -ClientAuthentication(Port *port) +ClientAuthentication(Port *port, char **system_user) { int status = STATUS_ERROR; char *logdetail = NULL; @@ -480,7 +480,7 @@ ClientAuthentication(Port *port) case uaGSS: #ifdef ENABLE_GSS sendAuthRequest(port, AUTH_REQ_GSS); - status = pg_GSS_recvauth(port); + status = pg_GSS_recvauth(port, system_user); #else Assert(false); #endif @@ -489,7 +489,7 @@ ClientAuthentication(Port *port) case uaSSPI: #ifdef ENABLE_SSPI sendAuthRequest(port, AUTH_REQ_SSPI); - status = pg_SSPI_recvauth(port); + status = pg_SSPI_recvauth(port, system_user); #else Assert(false); #endif @@ -497,7 +497,7 @@ ClientAuthentication(Port *port) case uaPeer: #ifdef HAVE_UNIX_SOCKETS - status = auth_peer(port); + status = auth_peer(port, system_user); #else Assert(false); #endif @@ -773,7 +773,7 @@ pg_GSS_error(int severity, char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat) } static int -pg_GSS_recvauth(Port *port) +pg_GSS_recvauth(Port *port, char **system_user) { OM_uint32 maj_stat, min_stat, @@ -990,7 +990,7 @@ pg_GSS_recvauth(Port *port) gss_release_buffer(&lmin_s, &gbuf); return STATUS_ERROR; } - + *system_user = psprintf(_("GSS user \"%s\""), gbuf.value); ret = check_usermap(port->hba->usermap, port->user_name, gbuf.value, pg_krb_caseins_users); @@ -1023,7 +1023,7 @@ pg_SSPI_error(int severity, const char *errmsg, SECURITY_STATUS r) } static int -pg_SSPI_recvauth(Port *port) +pg_SSPI_recvauth(Port *port, char **system_user) { int mtype; StringInfoData buf; @@ -1291,12 +1291,16 @@ pg_SSPI_recvauth(Port *port) int retval; namebuf = psprintf("%s@%s", accountname, domainname); + *system_user = psprintf(_("SSPI user \"%s\""), namebuf); retval = check_usermap(port->hba->usermap, port->user_name, namebuf, true); pfree(namebuf); return retval; } else + { + *system_user = psprintf(_("SSPI user \"%s\""), accountname); return check_usermap(port->hba->usermap, port->user_name, accountname, true); + } } #endif /* ENABLE_SSPI */ @@ -1576,7 +1580,7 @@ ident_inet_done: #ifdef HAVE_UNIX_SOCKETS static int -auth_peer(hbaPort *port) +auth_peer(hbaPort *port, char **system_user) { char ident_user[IDENT_USERNAME_MAX + 1]; uid_t uid; @@ -1609,6 +1613,7 @@ auth_peer(hbaPort *port) } strlcpy(ident_user, pw->pw_name, IDENT_USERNAME_MAX + 1); + *system_user = psprintf(_("System user \"%s\""), ident_user); return check_usermap(port->hba->usermap, port->user_name, ident_user, false); } diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index e22d4db..9bc2754 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -181,6 +181,7 @@ GetDatabaseTupleByOid(Oid dboid) static void PerformAuthentication(Port *port) { + char *system_user = NULL; /* Get system user details if available */ /* This should be set already, but let's make sure */ ClientAuthInProgress = true; /* limit visibility of log messages */ @@ -234,7 +235,7 @@ PerformAuthentication(Port *port) /* * Now perform authentication exchange. */ - ClientAuthentication(port); /* might not return, if failure */ + ClientAuthentication(port, &system_user); /* might not return, if failure */ /* * Done with authentication. Disable the timeout, and log if needed. @@ -250,7 +251,8 @@ PerformAuthentication(Port *port) ereport(LOG, (errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)", port->user_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl), - SSL_get_current_compression(port->ssl) ? _("on") : _("off")))); + SSL_get_current_compression(port->ssl) ? _("on") : _("off")), + system_user ? errdetail_log("%s", system_user): 0)); else #endif ereport(LOG, @@ -269,10 +271,16 @@ PerformAuthentication(Port *port) #endif ereport(LOG, (errmsg("connection authorized: user=%s database=%s", - port->user_name, port->database_name))); + port->user_name, port->database_name), + system_user ? errdetail_log("%s", system_user): 0)); } } + if (system_user) + { + pfree(system_user); + } + set_ps_display("startup", false); ClientAuthInProgress = false; /* client_min_messages is active now */ diff --git a/src/include/libpq/auth.h b/src/include/libpq/auth.h index 3cd06b7..ec5e308 100644 --- a/src/include/libpq/auth.h +++ b/src/include/libpq/auth.h @@ -20,7 +20,7 @@ extern char *pg_krb_server_keyfile; extern bool pg_krb_caseins_users; extern char *pg_krb_realm; -extern void ClientAuthentication(Port *port); +extern void ClientAuthentication(Port *port, char **system_user); /* Hook for plugins to get control in ClientAuthentication() */ typedef void (*ClientAuthentication_hook_type) (Port *, int);