PostgreSQL Source Code  git master
hba.h
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * hba.h
4  * Interface to hba.c
5  *
6  *
7  * src/include/libpq/hba.h
8  *
9  *-------------------------------------------------------------------------
10  */
11 #ifndef HBA_H
12 #define HBA_H
13 
14 #include "libpq/pqcomm.h" /* pgrminclude ignore */ /* needed for NetBSD */
15 #include "nodes/pg_list.h"
16 #include "regex/regex.h"
17 
18 
19 /*
20  * The following enum represents the authentication methods that
21  * are supported by PostgreSQL.
22  *
23  * Note: keep this in sync with the UserAuthName array in hba.c.
24  */
25 typedef enum UserAuth
26 {
28  uaImplicitReject, /* Not a user-visible option */
42 #define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
44 
45 /*
46  * Data structures representing pg_hba.conf entries
47  */
48 
49 typedef enum IPCompareMethod
50 {
56 
57 typedef enum ConnType
58 {
66 
67 typedef enum ClientCertMode
68 {
73 
74 typedef enum ClientCertName
75 {
79 
80 /*
81  * A single string token lexed from an authentication configuration file
82  * (pg_ident.conf or pg_hba.conf), together with whether the token has
83  * been quoted. If "string" begins with a slash, it may optionally
84  * contain a regular expression (currently used for pg_ident.conf when
85  * building IdentLines and for pg_hba.conf when building HbaLines).
86  */
87 typedef struct AuthToken
88 {
89  char *string;
90  bool quoted;
93 
94 typedef struct HbaLine
95 {
96  char *sourcefile;
98  char *rawline;
102  struct sockaddr_storage addr;
103  int addrlen; /* zero if we don't have a valid addr */
104  struct sockaddr_storage mask;
105  int masklen; /* zero if we don't have a valid mask */
107  char *hostname;
109  char *usermap;
110  char *pamservice;
112  bool ldaptls;
113  char *ldapscheme;
114  char *ldapserver;
115  int ldapport;
116  char *ldapbinddn;
120  char *ldapbasedn;
122  char *ldapprefix;
123  char *ldapsuffix;
126  char *krb_realm;
139 
140 typedef struct IdentLine
141 {
143 
144  char *usermap;
148 
149 /*
150  * TokenizedAuthLine represents one line lexed from an authentication
151  * configuration file. Each item in the "fields" list is a sub-list of
152  * AuthTokens. We don't emit a TokenizedAuthLine for empty or all-comment
153  * lines, so "fields" is never NIL (nor are any of its sub-lists).
154  *
155  * Exception: if an error occurs during tokenization, we might have
156  * fields == NIL, in which case err_msg != NULL.
157  */
158 typedef struct TokenizedAuthLine
159 {
160  List *fields; /* List of lists of AuthTokens */
161  char *file_name; /* File name of origin */
162  int line_num; /* Line number */
163  char *raw_line; /* Raw line text */
164  char *err_msg; /* Error message if any */
166 
167 /* kluge to avoid including libpq/libpq-be.h here */
168 typedef struct Port hbaPort;
169 
170 extern bool load_hba(void);
171 extern bool load_ident(void);
172 extern const char *hba_authname(UserAuth auth_method);
173 extern void hba_getauthmethod(hbaPort *port);
174 extern int check_usermap(const char *usermap_name,
175  const char *pg_user, const char *system_user,
176  bool case_insensitive);
177 extern HbaLine *parse_hba_line(TokenizedAuthLine *tok_line, int elevel);
178 extern IdentLine *parse_ident_line(TokenizedAuthLine *tok_line, int elevel);
179 extern bool pg_isblank(const char c);
180 extern FILE *open_auth_file(const char *filename, int elevel, int depth,
181  char **err_msg);
182 extern void free_auth_file(FILE *file, int depth);
183 extern void tokenize_auth_file(const char *filename, FILE *file,
184  List **tok_lines, int elevel, int depth);
185 
186 #endif /* HBA_H */
IdentLine * parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:2693
bool pg_isblank(const char c)
Definition: hba.c:144
IPCompareMethod
Definition: hba.h:50
@ ipCmpAll
Definition: hba.h:54
@ ipCmpSameNet
Definition: hba.h:53
@ ipCmpMask
Definition: hba.h:51
@ ipCmpSameHost
Definition: hba.h:52
FILE * open_auth_file(const char *filename, int elevel, int depth, char **err_msg)
Definition: hba.c:595
ConnType
Definition: hba.h:58
@ ctHostNoGSS
Definition: hba.h:64
@ ctHostSSL
Definition: hba.h:61
@ ctHostNoSSL
Definition: hba.h:62
@ ctHost
Definition: hba.h:60
@ ctHostGSS
Definition: hba.h:63
@ ctLocal
Definition: hba.h:59
struct IdentLine IdentLine
bool load_ident(void)
Definition: hba.c:2963
struct HbaLine HbaLine
UserAuth
Definition: hba.h:26
@ uaBSD
Definition: hba.h:37
@ uaLDAP
Definition: hba.h:38
@ uaPeer
Definition: hba.h:41
@ uaPAM
Definition: hba.h:36
@ uaPassword
Definition: hba.h:31
@ uaCert
Definition: hba.h:39
@ uaMD5
Definition: hba.h:32
@ uaReject
Definition: hba.h:27
@ uaGSS
Definition: hba.h:34
@ uaSCRAM
Definition: hba.h:33
@ uaImplicitReject
Definition: hba.h:28
@ uaRADIUS
Definition: hba.h:40
@ uaIdent
Definition: hba.h:30
@ uaTrust
Definition: hba.h:29
@ uaSSPI
Definition: hba.h:35
const char * hba_authname(UserAuth auth_method)
Definition: hba.c:3065
void hba_getauthmethod(hbaPort *port)
Definition: hba.c:3052
bool load_hba(void)
Definition: hba.c:2587
int check_usermap(const char *usermap_name, const char *pg_user, const char *system_user, bool case_insensitive)
Definition: hba.c:2908
void free_auth_file(FILE *file, int depth)
Definition: hba.c:570
struct TokenizedAuthLine TokenizedAuthLine
struct AuthToken AuthToken
ClientCertName
Definition: hba.h:75
@ clientCertDN
Definition: hba.h:77
@ clientCertCN
Definition: hba.h:76
HbaLine * parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:1326
ClientCertMode
Definition: hba.h:68
@ clientCertOff
Definition: hba.h:69
@ clientCertFull
Definition: hba.h:71
@ clientCertCA
Definition: hba.h:70
void tokenize_auth_file(const char *filename, FILE *file, List **tok_lines, int elevel, int depth)
Definition: hba.c:689
Datum system_user(PG_FUNCTION_ARGS)
Definition: miscinit.c:891
static char * filename
Definition: pg_dumpall.c:119
static int port
Definition: pg_regress.c:116
char * c
#define regex_t
Definition: regex.h:245
Definition: hba.h:88
regex_t * regex
Definition: hba.h:91
char * string
Definition: hba.h:89
bool quoted
Definition: hba.h:90
Definition: hba.h:95
UserAuth auth_method
Definition: hba.h:108
bool upn_username
Definition: hba.h:129
struct sockaddr_storage mask
Definition: hba.h:104
char * sourcefile
Definition: hba.h:96
ClientCertName clientcertname
Definition: hba.h:125
int addrlen
Definition: hba.h:103
List * radiusservers
Definition: hba.h:130
char * ldapserver
Definition: hba.h:114
bool include_realm
Definition: hba.h:127
int masklen
Definition: hba.h:105
ClientCertMode clientcert
Definition: hba.h:124
char * ldapsearchfilter
Definition: hba.h:119
char * ldapscheme
Definition: hba.h:113
char * rawline
Definition: hba.h:98
char * ldapprefix
Definition: hba.h:122
List * radiussecrets
Definition: hba.h:132
char * ldapsearchattribute
Definition: hba.h:118
char * krb_realm
Definition: hba.h:126
char * ldapbasedn
Definition: hba.h:120
bool pam_use_hostname
Definition: hba.h:111
int linenumber
Definition: hba.h:97
char * radiussecrets_s
Definition: hba.h:133
List * radiusports
Definition: hba.h:136
List * radiusidentifiers
Definition: hba.h:134
char * hostname
Definition: hba.h:107
char * pamservice
Definition: hba.h:110
List * databases
Definition: hba.h:100
ConnType conntype
Definition: hba.h:99
char * usermap
Definition: hba.h:109
char * ldapsuffix
Definition: hba.h:123
int ldapport
Definition: hba.h:115
struct sockaddr_storage addr
Definition: hba.h:102
char * ldapbindpasswd
Definition: hba.h:117
List * roles
Definition: hba.h:101
char * radiusports_s
Definition: hba.h:137
char * ldapbinddn
Definition: hba.h:116
bool compat_realm
Definition: hba.h:128
int ldapscope
Definition: hba.h:121
IPCompareMethod ip_cmp_method
Definition: hba.h:106
bool ldaptls
Definition: hba.h:112
char * radiusservers_s
Definition: hba.h:131
char * radiusidentifiers_s
Definition: hba.h:135
Definition: hba.h:141
AuthToken * pg_user
Definition: hba.h:146
AuthToken * system_user
Definition: hba.h:145
char * usermap
Definition: hba.h:144
int linenumber
Definition: hba.h:142
Definition: pg_list.h:54
Definition: libpq-be.h:133
char * raw_line
Definition: hba.h:163
int line_num
Definition: hba.h:162
char * file_name
Definition: hba.h:161
char * err_msg
Definition: hba.h:164
List * fields
Definition: hba.h:160