PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
hba.h
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * hba.h
4 * Interface to hba.c
5 *
6 *
7 * src/include/libpq/hba.h
8 *
9 *-------------------------------------------------------------------------
10 */
11#ifndef HBA_H
12#define HBA_H
13
14#include "libpq/pqcomm.h" /* needed for NetBSD */
15#include "nodes/pg_list.h"
16#include "regex/regex.h"
17
18
19/*
20 * The following enum represents the authentication methods that
21 * are supported by PostgreSQL.
22 *
23 * Note: keep this in sync with the UserAuthName array in hba.c.
24 */
25typedef enum UserAuth
26{
28 uaImplicitReject, /* Not a user-visible option */
42#define USER_AUTH_LAST uaPeer /* Must be last value of this enum */
44
45/*
46 * Data structures representing pg_hba.conf entries
47 */
48
49typedef enum IPCompareMethod
50{
56
57typedef enum ConnType
58{
66
67typedef enum ClientCertMode
68{
73
74typedef enum ClientCertName
75{
79
80/*
81 * A single string token lexed from an authentication configuration file
82 * (pg_ident.conf or pg_hba.conf), together with whether the token has
83 * been quoted. If "string" begins with a slash, it may optionally
84 * contain a regular expression (currently used for pg_ident.conf when
85 * building IdentLines and for pg_hba.conf when building HbaLines).
86 */
87typedef struct AuthToken
88{
89 char *string;
90 bool quoted;
93
94typedef struct HbaLine
95{
98 char *rawline;
102 struct sockaddr_storage addr;
103 int addrlen; /* zero if we don't have a valid addr */
104 struct sockaddr_storage mask;
105 int masklen; /* zero if we don't have a valid mask */
107 char *hostname;
109 char *usermap;
139
140typedef struct IdentLine
141{
143
144 char *usermap;
148
149/*
150 * TokenizedAuthLine represents one line lexed from an authentication
151 * configuration file. Each item in the "fields" list is a sub-list of
152 * AuthTokens. We don't emit a TokenizedAuthLine for empty or all-comment
153 * lines, so "fields" is never NIL (nor are any of its sub-lists).
154 *
155 * Exception: if an error occurs during tokenization, we might have
156 * fields == NIL, in which case err_msg != NULL.
157 */
158typedef struct TokenizedAuthLine
159{
160 List *fields; /* List of lists of AuthTokens */
161 char *file_name; /* File name of origin */
162 int line_num; /* Line number */
163 char *raw_line; /* Raw line text */
164 char *err_msg; /* Error message if any */
166
167/* kluge to avoid including libpq/libpq-be.h here */
168typedef struct Port hbaPort;
169
170extern bool load_hba(void);
171extern bool load_ident(void);
172extern const char *hba_authname(UserAuth auth_method);
173extern void hba_getauthmethod(hbaPort *port);
174extern int check_usermap(const char *usermap_name,
175 const char *pg_user, const char *system_user,
176 bool case_insensitive);
177extern HbaLine *parse_hba_line(TokenizedAuthLine *tok_line, int elevel);
178extern IdentLine *parse_ident_line(TokenizedAuthLine *tok_line, int elevel);
179extern bool pg_isblank(const char c);
180extern FILE *open_auth_file(const char *filename, int elevel, int depth,
181 char **err_msg);
182extern void free_auth_file(FILE *file, int depth);
183extern void tokenize_auth_file(const char *filename, FILE *file,
184 List **tok_lines, int elevel, int depth);
185
186#endif /* HBA_H */
bool pg_isblank(const char c)
Definition: hba.c:144
IPCompareMethod
Definition: hba.h:50
@ ipCmpAll
Definition: hba.h:54
@ ipCmpSameNet
Definition: hba.h:53
@ ipCmpMask
Definition: hba.h:51
@ ipCmpSameHost
Definition: hba.h:52
HbaLine * parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:1326
ConnType
Definition: hba.h:58
@ ctHostNoGSS
Definition: hba.h:64
@ ctHostSSL
Definition: hba.h:61
@ ctHostNoSSL
Definition: hba.h:62
@ ctHost
Definition: hba.h:60
@ ctHostGSS
Definition: hba.h:63
@ ctLocal
Definition: hba.h:59
struct IdentLine IdentLine
bool load_ident(void)
Definition: hba.c:2963
struct HbaLine HbaLine
UserAuth
Definition: hba.h:26
@ uaBSD
Definition: hba.h:37
@ uaLDAP
Definition: hba.h:38
@ uaPeer
Definition: hba.h:41
@ uaPAM
Definition: hba.h:36
@ uaPassword
Definition: hba.h:31
@ uaCert
Definition: hba.h:39
@ uaMD5
Definition: hba.h:32
@ uaReject
Definition: hba.h:27
@ uaGSS
Definition: hba.h:34
@ uaSCRAM
Definition: hba.h:33
@ uaImplicitReject
Definition: hba.h:28
@ uaRADIUS
Definition: hba.h:40
@ uaIdent
Definition: hba.h:30
@ uaTrust
Definition: hba.h:29
@ uaSSPI
Definition: hba.h:35
void hba_getauthmethod(hbaPort *port)
Definition: hba.c:3052
bool load_hba(void)
Definition: hba.c:2587
IdentLine * parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:2693
int check_usermap(const char *usermap_name, const char *pg_user, const char *system_user, bool case_insensitive)
Definition: hba.c:2908
void free_auth_file(FILE *file, int depth)
Definition: hba.c:570
struct TokenizedAuthLine TokenizedAuthLine
struct AuthToken AuthToken
ClientCertName
Definition: hba.h:75
@ clientCertDN
Definition: hba.h:77
@ clientCertCN
Definition: hba.h:76
ClientCertMode
Definition: hba.h:68
@ clientCertOff
Definition: hba.h:69
@ clientCertFull
Definition: hba.h:71
@ clientCertCA
Definition: hba.h:70
void tokenize_auth_file(const char *filename, FILE *file, List **tok_lines, int elevel, int depth)
Definition: hba.c:689
const char * hba_authname(UserAuth auth_method)
Definition: hba.c:3065
FILE * open_auth_file(const char *filename, int elevel, int depth, char **err_msg)
Definition: hba.c:595
Datum system_user(PG_FUNCTION_ARGS)
Definition: miscinit.c:946
static char * filename
Definition: pg_dumpall.c:119
static int port
Definition: pg_regress.c:115
char * c
#define regex_t
Definition: regex.h:245
Definition: hba.h:88
regex_t * regex
Definition: hba.h:91
char * string
Definition: hba.h:89
bool quoted
Definition: hba.h:90
Definition: hba.h:95
UserAuth auth_method
Definition: hba.h:108
bool upn_username
Definition: hba.h:129
struct sockaddr_storage mask
Definition: hba.h:104
char * sourcefile
Definition: hba.h:96
ClientCertName clientcertname
Definition: hba.h:125
int addrlen
Definition: hba.h:103
List * radiusservers
Definition: hba.h:130
char * ldapserver
Definition: hba.h:114
bool include_realm
Definition: hba.h:127
int masklen
Definition: hba.h:105
ClientCertMode clientcert
Definition: hba.h:124
char * ldapsearchfilter
Definition: hba.h:119
char * ldapscheme
Definition: hba.h:113
char * rawline
Definition: hba.h:98
char * ldapprefix
Definition: hba.h:122
List * radiussecrets
Definition: hba.h:132
char * ldapsearchattribute
Definition: hba.h:118
char * krb_realm
Definition: hba.h:126
char * ldapbasedn
Definition: hba.h:120
bool pam_use_hostname
Definition: hba.h:111
int linenumber
Definition: hba.h:97
char * radiussecrets_s
Definition: hba.h:133
List * radiusports
Definition: hba.h:136
List * radiusidentifiers
Definition: hba.h:134
char * hostname
Definition: hba.h:107
char * pamservice
Definition: hba.h:110
List * databases
Definition: hba.h:100
ConnType conntype
Definition: hba.h:99
char * usermap
Definition: hba.h:109
char * ldapsuffix
Definition: hba.h:123
int ldapport
Definition: hba.h:115
struct sockaddr_storage addr
Definition: hba.h:102
char * ldapbindpasswd
Definition: hba.h:117
List * roles
Definition: hba.h:101
char * radiusports_s
Definition: hba.h:137
char * ldapbinddn
Definition: hba.h:116
bool compat_realm
Definition: hba.h:128
int ldapscope
Definition: hba.h:121
IPCompareMethod ip_cmp_method
Definition: hba.h:106
bool ldaptls
Definition: hba.h:112
char * radiusservers_s
Definition: hba.h:131
char * radiusidentifiers_s
Definition: hba.h:135
Definition: hba.h:141
AuthToken * pg_user
Definition: hba.h:146
AuthToken * system_user
Definition: hba.h:145
char * usermap
Definition: hba.h:144
int linenumber
Definition: hba.h:142
Definition: pg_list.h:54
Definition: libpq-be.h:135
char * raw_line
Definition: hba.h:163
int line_num
Definition: hba.h:162
char * file_name
Definition: hba.h:161
char * err_msg
Definition: hba.h:164
List * fields
Definition: hba.h:160