PostgreSQL Source Code  git master
hba.h
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * hba.h
4  * Interface to hba.c
5  *
6  *
7  * src/include/libpq/hba.h
8  *
9  *-------------------------------------------------------------------------
10  */
11 #ifndef HBA_H
12 #define HBA_H
13 
14 #include "libpq/pqcomm.h" /* pgrminclude ignore */ /* needed for NetBSD */
15 #include "nodes/pg_list.h"
16 #include "regex/regex.h"
17 
18 
19 /*
20  * The following enum represents the authentication methods that
21  * are supported by PostgreSQL.
22  *
23  * Note: keep this in sync with the UserAuthName array in hba.c.
24  */
25 typedef enum UserAuth
26 {
28  uaImplicitReject, /* Not a user-visible option */
41  uaPeer
42 #define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
44 
45 /*
46  * Data structures representing pg_hba.conf entries
47  */
48 
49 typedef enum IPCompareMethod
50 {
54  ipCmpAll
56 
57 typedef enum ConnType
58 {
66 
67 typedef enum ClientCertMode
68 {
73 
74 typedef enum ClientCertName
75 {
79 
80 typedef struct HbaLine
81 {
83  char *rawline;
87  struct sockaddr_storage addr;
88  int addrlen; /* zero if we don't have a valid addr */
89  struct sockaddr_storage mask;
90  int masklen; /* zero if we don't have a valid mask */
92  char *hostname;
94  char *usermap;
95  char *pamservice;
97  bool ldaptls;
98  char *ldapscheme;
99  char *ldapserver;
100  int ldapport;
101  char *ldapbinddn;
105  char *ldapbasedn;
107  char *ldapprefix;
108  char *ldapsuffix;
111  char *krb_realm;
124 
125 typedef struct IdentLine
126 {
128 
129  char *usermap;
130  char *ident_user;
131  char *pg_role;
134 
135 /*
136  * A single string token lexed from an authentication configuration file
137  * (pg_ident.conf or pg_hba.conf), together with whether the token has
138  * been quoted.
139  */
140 typedef struct AuthToken
141 {
142  char *string;
143  bool quoted;
145 
146 /*
147  * TokenizedAuthLine represents one line lexed from an authentication
148  * configuration file. Each item in the "fields" list is a sub-list of
149  * AuthTokens. We don't emit a TokenizedAuthLine for empty or all-comment
150  * lines, so "fields" is never NIL (nor are any of its sub-lists).
151  *
152  * Exception: if an error occurs during tokenization, we might have
153  * fields == NIL, in which case err_msg != NULL.
154  */
155 typedef struct TokenizedAuthLine
156 {
157  List *fields; /* List of lists of AuthTokens */
158  int line_num; /* Line number */
159  char *raw_line; /* Raw line text */
160  char *err_msg; /* Error message if any */
162 
163 /* kluge to avoid including libpq/libpq-be.h here */
164 typedef struct Port hbaPort;
165 
166 extern bool load_hba(void);
167 extern bool load_ident(void);
168 extern const char *hba_authname(UserAuth auth_method);
169 extern void hba_getauthmethod(hbaPort *port);
170 extern int check_usermap(const char *usermap_name,
171  const char *pg_role, const char *auth_user,
172  bool case_sensitive);
173 extern HbaLine *parse_hba_line(TokenizedAuthLine *tok_line, int elevel);
174 extern IdentLine *parse_ident_line(TokenizedAuthLine *tok_line, int elevel);
175 extern bool pg_isblank(const char c);
176 extern MemoryContext tokenize_auth_file(const char *filename, FILE *file,
177  List **tok_lines, int elevel);
178 
179 #endif /* HBA_H */
IdentLine * parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:2315
bool pg_isblank(const char c)
Definition: hba.c:126
IPCompareMethod
Definition: hba.h:50
@ ipCmpAll
Definition: hba.h:54
@ ipCmpSameNet
Definition: hba.h:53
@ ipCmpMask
Definition: hba.h:51
@ ipCmpSameHost
Definition: hba.h:52
ConnType
Definition: hba.h:58
@ ctHostNoGSS
Definition: hba.h:64
@ ctHostSSL
Definition: hba.h:61
@ ctHostNoSSL
Definition: hba.h:62
@ ctHost
Definition: hba.h:60
@ ctHostGSS
Definition: hba.h:63
@ ctLocal
Definition: hba.h:59
struct IdentLine IdentLine
bool load_ident(void)
Definition: hba.c:2586
struct HbaLine HbaLine
UserAuth
Definition: hba.h:26
@ uaBSD
Definition: hba.h:37
@ uaLDAP
Definition: hba.h:38
@ uaPAM
Definition: hba.h:36
@ uaPassword
Definition: hba.h:31
@ uaCert
Definition: hba.h:39
@ uaMD5
Definition: hba.h:32
@ uaReject
Definition: hba.h:27
@ uaGSS
Definition: hba.h:34
@ uaSCRAM
Definition: hba.h:33
@ uaImplicitReject
Definition: hba.h:28
@ uaRADIUS
Definition: hba.h:40
@ uaIdent
Definition: hba.h:30
@ uaTrust
Definition: hba.h:29
@ uaSSPI
Definition: hba.h:35
const char * hba_authname(UserAuth auth_method)
Definition: hba.c:2710
void hba_getauthmethod(hbaPort *port)
Definition: hba.c:2697
bool load_hba(void)
Definition: hba.c:2207
struct TokenizedAuthLine TokenizedAuthLine
int check_usermap(const char *usermap_name, const char *pg_role, const char *auth_user, bool case_sensitive)
Definition: hba.c:2531
struct AuthToken AuthToken
ClientCertName
Definition: hba.h:75
@ clientCertDN
Definition: hba.h:77
@ clientCertCN
Definition: hba.h:76
HbaLine * parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:937
MemoryContext tokenize_auth_file(const char *filename, FILE *file, List **tok_lines, int elevel)
Definition: hba.c:446
ClientCertMode
Definition: hba.h:68
@ clientCertOff
Definition: hba.h:69
@ clientCertFull
Definition: hba.h:71
@ clientCertCA
Definition: hba.h:70
static char * filename
Definition: pg_dumpall.c:94
static int port
Definition: pg_regress.c:92
char * c
Definition: hba.h:141
char * string
Definition: hba.h:142
bool quoted
Definition: hba.h:143
Definition: hba.h:81
UserAuth auth_method
Definition: hba.h:93
bool upn_username
Definition: hba.h:114
struct sockaddr_storage mask
Definition: hba.h:89
ClientCertName clientcertname
Definition: hba.h:110
int addrlen
Definition: hba.h:88
List * radiusservers
Definition: hba.h:115
char * ldapserver
Definition: hba.h:99
bool include_realm
Definition: hba.h:112
int masklen
Definition: hba.h:90
ClientCertMode clientcert
Definition: hba.h:109
char * ldapsearchfilter
Definition: hba.h:104
char * ldapscheme
Definition: hba.h:98
char * rawline
Definition: hba.h:83
char * ldapprefix
Definition: hba.h:107
List * radiussecrets
Definition: hba.h:117
char * ldapsearchattribute
Definition: hba.h:103
char * krb_realm
Definition: hba.h:111
char * ldapbasedn
Definition: hba.h:105
bool pam_use_hostname
Definition: hba.h:96
int linenumber
Definition: hba.h:82
char * radiussecrets_s
Definition: hba.h:118
List * radiusports
Definition: hba.h:121
List * radiusidentifiers
Definition: hba.h:119
char * hostname
Definition: hba.h:92
char * pamservice
Definition: hba.h:95
List * databases
Definition: hba.h:85
ConnType conntype
Definition: hba.h:84
char * usermap
Definition: hba.h:94
char * ldapsuffix
Definition: hba.h:108
int ldapport
Definition: hba.h:100
struct sockaddr_storage addr
Definition: hba.h:87
char * ldapbindpasswd
Definition: hba.h:102
List * roles
Definition: hba.h:86
char * radiusports_s
Definition: hba.h:122
char * ldapbinddn
Definition: hba.h:101
bool compat_realm
Definition: hba.h:113
int ldapscope
Definition: hba.h:106
IPCompareMethod ip_cmp_method
Definition: hba.h:91
bool ldaptls
Definition: hba.h:97
char * radiusservers_s
Definition: hba.h:116
char * radiusidentifiers_s
Definition: hba.h:120
Definition: hba.h:126
char * ident_user
Definition: hba.h:130
char * pg_role
Definition: hba.h:131
regex_t re
Definition: hba.h:132
char * usermap
Definition: hba.h:129
int linenumber
Definition: hba.h:127
Definition: pg_list.h:51
Definition: libpq-be.h:125
char * raw_line
Definition: hba.h:159
int line_num
Definition: hba.h:158
char * err_msg
Definition: hba.h:160
List * fields
Definition: hba.h:157
Definition: regex.h:56