improve-pg_hba-rejection-messages-2.patch
text/x-diff
Filename: improve-pg_hba-rejection-messages-2.patch
Type: text/x-diff
Part: 0
Patch
Format: unified
| File | + | − |
|---|---|---|
| src/backend/libpq/auth.c | 28 | 44 |
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 3d80930968..45572161cb 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -412,44 +412,37 @@ ClientAuthentication(Port *port)
*/
{
char hostinfo[NI_MAXHOST];
+ const char *encryption_state;
pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
hostinfo, sizeof(hostinfo),
NULL, 0,
NI_NUMERICHOST);
- if (am_walsender)
- {
+ encryption_state =
+#ifdef ENABLE_GSS
+ port->gss->enc ? _("GSS encryption") :
+#endif
#ifdef USE_SSL
+ port->ssl_in_use ? _("SSL encryption") :
+#endif
+ _("no encryption");
+
+ if (am_walsender)
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
+ /* translator: last %s describes encryption state */
errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",
hostinfo, port->user_name,
- port->ssl_in_use ? _("SSL on") : _("SSL off"))));
-#else
- ereport(FATAL,
- (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
- errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\"",
- hostinfo, port->user_name)));
-#endif
- }
+ encryption_state)));
else
- {
-#ifdef USE_SSL
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
+ /* translator: last %s describes encryption state */
errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s",
hostinfo, port->user_name,
port->database_name,
- port->ssl_in_use ? _("SSL on") : _("SSL off"))));
-#else
- ereport(FATAL,
- (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
- errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\"",
- hostinfo, port->user_name,
- port->database_name)));
-#endif
- }
+ encryption_state)));
break;
}
@@ -465,12 +458,22 @@ ClientAuthentication(Port *port)
*/
{
char hostinfo[NI_MAXHOST];
+ const char *encryption_state;
pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
hostinfo, sizeof(hostinfo),
NULL, 0,
NI_NUMERICHOST);
+ encryption_state =
+#ifdef ENABLE_GSS
+ port->gss->enc ? _("GSS encryption") :
+#endif
+#ifdef USE_SSL
+ port->ssl_in_use ? _("SSL encryption") :
+#endif
+ _("no encryption");
+
#define HOSTNAME_LOOKUP_DETAIL(port) \
(port->remote_hostname ? \
(port->remote_hostname_resolv == +1 ? \
@@ -493,41 +496,22 @@ ClientAuthentication(Port *port)
0))
if (am_walsender)
- {
-#ifdef USE_SSL
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
+ /* translator: last %s describes encryption state */
errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",
hostinfo, port->user_name,
- port->ssl_in_use ? _("SSL on") : _("SSL off")),
+ encryption_state),
HOSTNAME_LOOKUP_DETAIL(port)));
-#else
- ereport(FATAL,
- (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
- errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\"",
- hostinfo, port->user_name),
- HOSTNAME_LOOKUP_DETAIL(port)));
-#endif
- }
else
- {
-#ifdef USE_SSL
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
+ /* translator: last %s describes encryption state */
errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
hostinfo, port->user_name,
port->database_name,
- port->ssl_in_use ? _("SSL on") : _("SSL off")),
- HOSTNAME_LOOKUP_DETAIL(port)));
-#else
- ereport(FATAL,
- (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
- errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"",
- hostinfo, port->user_name,
- port->database_name),
+ encryption_state),
HOSTNAME_LOOKUP_DETAIL(port)));
-#endif
- }
break;
}