fe-auth-sasl_8h_source.html

 /*-------------------------------------------------------------------------

  *

  * fe-auth-sasl.h

  *    Defines the SASL mechanism interface for libpq.

  *

  * Each SASL mechanism defines a frontend and a backend callback structure.

  * This is not part of the public API for applications.

  *

  * See src/include/libpq/sasl.h for the backend counterpart.

  *

  * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group

  * Portions Copyright (c) 1994, Regents of the University of California

  *

  * src/interfaces/libpq/fe-auth-sasl.h

  *

  *-------------------------------------------------------------------------

  */


 #ifndef FE_AUTH_SASL_H

 #define FE_AUTH_SASL_H


 #include "libpq-fe.h"


 /*

  * Frontend SASL mechanism callbacks.

  *

  * To implement a frontend mechanism, declare a pg_be_sasl_mech struct with

  * appropriate callback implementations, then hook it into conn->sasl during

  * pg_SASL_init()'s mechanism negotiation.

  */

 typedef struct pg_fe_sasl_mech

 {

     /*-------

      * init()

      *

      * Initializes mechanism-specific state for a connection.  This

      * callback must return a pointer to its allocated state, which will

      * be passed as-is as the first argument to the other callbacks.

      * the free() callback is called to release any state resources.

      *

      * If state allocation fails, the implementation should return NULL to

      * fail the authentication exchange.

      *

      * Input parameters:

      *

      *   conn:     The connection to the server

      *

      *   password: The user's supplied password for the current connection

      *

      *   mech:     The mechanism name in use, for implementations that may

      *             advertise more than one name (such as *-PLUS variants).

      *-------

      */

     void       *(*init) (PGconn *conn, const char *password, const char *mech);


     /*--------

      * exchange()

      *

      * Produces a client response to a server challenge.  As a special case

      * for client-first SASL mechanisms, exchange() is called with a NULL

      * server response once at the start of the authentication exchange to

      * generate an initial response.

      *

      * Input parameters:

      *

      *  state:     The opaque mechanism state returned by init()

      *

      *  input:     The challenge data sent by the server, or NULL when

      *             generating a client-first initial response (that is, when

      *             the server expects the client to send a message to start

      *             the exchange).  This is guaranteed to be null-terminated

      *             for safety, but SASL allows embedded nulls in challenges,

      *             so mechanisms must be careful to check inputlen.

      *

      *  inputlen:  The length of the challenge data sent by the server, or -1

      *             during client-first initial response generation.

      *

      * Output parameters, to be set by the callback function:

      *

      *  output:    A malloc'd buffer containing the client's response to

      *             the server (can be empty), or NULL if the exchange should

      *             be aborted.  (*success should be set to false in the

      *             latter case.)

      *

      *  outputlen: The length (0 or higher) of the client response buffer,

      *             ignored if output is NULL.

      *

      *  done:      Set to true if the SASL exchange should not continue,

      *             because the exchange is either complete or failed

      *

      *  success:   Set to true if the SASL exchange completed successfully.

      *             Ignored if *done is false.

      *--------

      */

     void        (*exchange) (void *state, char *input, int inputlen,

                              char **output, int *outputlen,

                              bool *done, bool *success);


     /*--------

      * channel_bound()

      *

      * Returns true if the connection has an established channel binding.  A

      * mechanism implementation must ensure that a SASL exchange has actually

      * been completed, in addition to checking that channel binding is in use.

      *

      * Mechanisms that do not implement channel binding may simply return

      * false.

      *

      * Input parameters:

      *

      *  state:    The opaque mechanism state returned by init()

      *--------

      */

     bool        (*channel_bound) (void *state);


     /*--------

      * free()

      *

      * Frees the state allocated by init(). This is called when the connection

      * is dropped, not when the exchange is completed.

      *

      * Input parameters:

      *

      *   state:    The opaque mechanism state returned by init()

      *--------

      */

     void        (*free) (void *state);


 } pg_fe_sasl_mech;


 #endif                          /* FE_AUTH_SASL_H */

bool
unsigned char bool
Definition: c.h:440

pg_fe_sasl_mech
struct pg_fe_sasl_mech pg_fe_sasl_mech

input
FILE * input

output
FILE * output
Definition: pg_test_timing.c:182

success
static bool success
Definition: initdb.c:187

libpq-fe.h

password
static char * password
Definition: streamutil.c:53

conn
PGconn * conn
Definition: streamutil.c:54

pg_conn
Definition: libpq-int.h:361

pg_fe_sasl_mech
Definition: fe-auth-sasl.h:32

pg_fe_sasl_mech::free
void(* free)(void *state)
Definition: fe-auth-sasl.h:127

pg_fe_sasl_mech::channel_bound
bool(* channel_bound)(void *state)
Definition: fe-auth-sasl.h:114

pg_fe_sasl_mech::exchange
void(* exchange)(void *state, char *input, int inputlen, char **output, int *outputlen, bool *done, bool *success)
Definition: fe-auth-sasl.h:95

state
Definition: regguts.h:323