PostgreSQL Source Code git master
auth.h
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * auth.h
4 * Definitions for network authentication routines
5 *
6 *
7 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
8 * Portions Copyright (c) 1994, Regents of the University of California
9 *
10 * src/include/libpq/auth.h
11 *
12 *-------------------------------------------------------------------------
13 */
14#ifndef AUTH_H
15#define AUTH_H
16
17#include "libpq/libpq-be.h"
18
19/*
20 * Maximum accepted size of GSS and SSPI authentication tokens.
21 * We also use this as a limit on ordinary password packet lengths.
22 *
23 * Kerberos tickets are usually quite small, but the TGTs issued by Windows
24 * domain controllers include an authorization field known as the Privilege
25 * Attribute Certificate (PAC), which contains the user's Windows permissions
26 * (group memberships etc.). The PAC is copied into all tickets obtained on
27 * the basis of this TGT (even those issued by Unix realms which the Windows
28 * realm trusts), and can be several kB in size. The maximum token size
29 * accepted by Windows systems is determined by the MaxAuthToken Windows
30 * registry setting. Microsoft recommends that it is not set higher than
31 * 65535 bytes, so that seems like a reasonable limit for us as well.
32 */
33#define PG_MAX_AUTH_TOKEN_LENGTH 65535
34
38
39extern void ClientAuthentication(Port *port);
40extern void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata,
41 int extralen);
42extern void set_authn_id(Port *port, const char *id);
43
44/* Hook for plugins to get control in ClientAuthentication() */
45typedef void (*ClientAuthentication_hook_type) (Port *, int);
47
48/* hook type for password manglers */
49typedef char *(*auth_password_hook_typ) (char *input);
50
51/* Default LDAP password mutator hook, can be overridden by a shared library */
53
54#endif /* AUTH_H */
void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, int extralen)
Definition: auth.c:669
PGDLLIMPORT ClientAuthentication_hook_type ClientAuthentication_hook
Definition: auth.c:215
PGDLLIMPORT char * pg_krb_server_keyfile
Definition: auth.c:165
PGDLLIMPORT auth_password_hook_typ ldap_password_hook
void(* ClientAuthentication_hook_type)(Port *, int)
Definition: auth.h:45
char *(* auth_password_hook_typ)(char *input)
Definition: auth.h:49
void ClientAuthentication(Port *port)
Definition: auth.c:371
PGDLLIMPORT bool pg_krb_caseins_users
Definition: auth.c:166
void set_authn_id(Port *port, const char *id)
Definition: auth.c:333
PGDLLIMPORT bool pg_gss_accept_delegation
Definition: auth.c:167
#define PGDLLIMPORT
Definition: c.h:1291
FILE * input
static int port
Definition: pg_regress.c:115
uint32 AuthRequest
Definition: pqcomm.h:122
Definition: libpq-be.h:135