PostgreSQL Source Code git master
Loading...
Searching...
No Matches
Macros | Functions
hbafuncs.c File Reference
#include "postgres.h"
#include "access/htup_details.h"
#include "catalog/objectaddress.h"
#include "common/ip.h"
#include "funcapi.h"
#include "libpq/hba.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/guc.h"
#include "utils/tuplestore.h"
Include dependency graph for hbafuncs.c:

Go to the source code of this file.

Macros

#define MAX_HBA_OPTIONS   15
 
#define NUM_PG_HBA_FILE_RULES_ATTS   11
 
#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS   7
 

Functions

static ArrayTypeget_hba_options (HbaLine *hba)
 
static void fill_hba_line (Tuplestorestate *tuple_store, TupleDesc tupdesc, int rule_number, char *filename, int lineno, HbaLine *hba, const char *err_msg)
 
static void fill_hba_view (Tuplestorestate *tuple_store, TupleDesc tupdesc)
 
static void fill_ident_line (Tuplestorestate *tuple_store, TupleDesc tupdesc, int map_number, char *filename, int lineno, IdentLine *ident, const char *err_msg)
 
static void fill_ident_view (Tuplestorestate *tuple_store, TupleDesc tupdesc)
 
Datum pg_hba_file_rules (PG_FUNCTION_ARGS)
 
Datum pg_ident_file_mappings (PG_FUNCTION_ARGS)
 

Macro Definition Documentation

◆ MAX_HBA_OPTIONS

#define MAX_HBA_OPTIONS   15

Definition at line 47 of file hbafuncs.c.

◆ NUM_PG_HBA_FILE_RULES_ATTS

#define NUM_PG_HBA_FILE_RULES_ATTS   11

Definition at line 186 of file hbafuncs.c.

◆ NUM_PG_IDENT_FILE_MAPPINGS_ATTS

#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS   7

Definition at line 471 of file hbafuncs.c.

Function Documentation

◆ fill_hba_line()

static void fill_hba_line ( Tuplestorestate tuple_store,
TupleDesc  tupdesc,
int  rule_number,
char filename,
int  lineno,
HbaLine hba,
const char err_msg 
)
static

Definition at line 204 of file hbafuncs.c.

207{
208 Datum values[NUM_PG_HBA_FILE_RULES_ATTS];
209 bool nulls[NUM_PG_HBA_FILE_RULES_ATTS];
210 char buffer[NI_MAXHOST];
211 HeapTuple tuple;
212 int index;
213 ListCell *lc;
214 const char *typestr;
215 const char *addrstr;
216 const char *maskstr;
217 ArrayType *options;
218
219 Assert(tupdesc->natts == NUM_PG_HBA_FILE_RULES_ATTS);
220
221 memset(values, 0, sizeof(values));
222 memset(nulls, 0, sizeof(nulls));
223 index = 0;
224
225 /* rule_number, nothing on error */
226 if (err_msg)
227 nulls[index++] = true;
228 else
229 values[index++] = Int32GetDatum(rule_number);
230
231 /* file_name */
232 values[index++] = CStringGetTextDatum(filename);
233
234 /* line_number */
235 values[index++] = Int32GetDatum(lineno);
236
237 if (hba != NULL)
238 {
239 /* type */
240 /* Avoid a default: case so compiler will warn about missing cases */
241 typestr = NULL;
242 switch (hba->conntype)
243 {
244 case ctLocal:
245 typestr = "local";
246 break;
247 case ctHost:
248 typestr = "host";
249 break;
250 case ctHostSSL:
251 typestr = "hostssl";
252 break;
253 case ctHostNoSSL:
254 typestr = "hostnossl";
255 break;
256 case ctHostGSS:
257 typestr = "hostgssenc";
258 break;
259 case ctHostNoGSS:
260 typestr = "hostnogssenc";
261 break;
262 }
263 if (typestr)
264 values[index++] = CStringGetTextDatum(typestr);
265 else
266 nulls[index++] = true;
267
268 /* database */
269 if (hba->databases)
270 {
271 /*
272 * Flatten AuthToken list to string list. It might seem that we
273 * should re-quote any quoted tokens, but that has been rejected
274 * on the grounds that it makes it harder to compare the array
275 * elements to other system catalogs. That makes entries like
276 * "all" or "samerole" formally ambiguous ... but users who name
277 * databases/roles that way are inflicting their own pain.
278 */
279 List *names = NIL;
280
281 foreach(lc, hba->databases)
282 {
283 AuthToken *tok = lfirst(lc);
284
285 names = lappend(names, tok->string);
286 }
287 values[index++] = PointerGetDatum(strlist_to_textarray(names));
288 }
289 else
290 nulls[index++] = true;
291
292 /* user */
293 if (hba->roles)
294 {
295 /* Flatten AuthToken list to string list; see comment above */
296 List *roles = NIL;
297
298 foreach(lc, hba->roles)
299 {
300 AuthToken *tok = lfirst(lc);
301
302 roles = lappend(roles, tok->string);
303 }
304 values[index++] = PointerGetDatum(strlist_to_textarray(roles));
305 }
306 else
307 nulls[index++] = true;
308
309 /* address and netmask */
310 /* Avoid a default: case so compiler will warn about missing cases */
311 addrstr = maskstr = NULL;
312 switch (hba->ip_cmp_method)
313 {
314 case ipCmpMask:
315 if (hba->hostname)
316 {
317 addrstr = hba->hostname;
318 }
319 else
320 {
321 /*
322 * Note: if pg_getnameinfo_all fails, it'll set buffer to
323 * "???", which we want to return.
324 */
325 if (hba->addrlen > 0)
326 {
327 if (pg_getnameinfo_all(&hba->addr, hba->addrlen,
328 buffer, sizeof(buffer),
329 NULL, 0,
330 NI_NUMERICHOST) == 0)
331 clean_ipv6_addr(hba->addr.ss_family, buffer);
332 addrstr = pstrdup(buffer);
333 }
334 if (hba->masklen > 0)
335 {
336 if (pg_getnameinfo_all(&hba->mask, hba->masklen,
337 buffer, sizeof(buffer),
338 NULL, 0,
339 NI_NUMERICHOST) == 0)
340 clean_ipv6_addr(hba->mask.ss_family, buffer);
341 maskstr = pstrdup(buffer);
342 }
343 }
344 break;
345 case ipCmpAll:
346 addrstr = "all";
347 break;
348 case ipCmpSameHost:
349 addrstr = "samehost";
350 break;
351 case ipCmpSameNet:
352 addrstr = "samenet";
353 break;
354 }
355 if (addrstr)
356 values[index++] = CStringGetTextDatum(addrstr);
357 else
358 nulls[index++] = true;
359 if (maskstr)
360 values[index++] = CStringGetTextDatum(maskstr);
361 else
362 nulls[index++] = true;
363
364 /* auth_method */
365 values[index++] = CStringGetTextDatum(hba_authname(hba->auth_method));
366
367 /* options */
368 options = get_hba_options(hba);
369 if (options)
370 values[index++] = PointerGetDatum(options);
371 else
372 nulls[index++] = true;
373 }
374 else
375 {
376 /* no parsing result, so set relevant fields to nulls */
377 memset(&nulls[3], true, (NUM_PG_HBA_FILE_RULES_ATTS - 4) * sizeof(bool));
378 }
379
380 /* error */
381 if (err_msg)
382 values[NUM_PG_HBA_FILE_RULES_ATTS - 1] = CStringGetTextDatum(err_msg);
383 else
384 nulls[NUM_PG_HBA_FILE_RULES_ATTS - 1] = true;
385
386 tuple = heap_form_tuple(tupdesc, values, nulls);
387 tuplestore_puttuple(tuple_store, tuple);
388}
values
static Datum values[MAXATTR]
Definition bootstrap.c:188
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition builtins.h:98
Assert
#define Assert(condition)
Definition c.h:943
hba_authname
const char * hba_authname(UserAuth auth_method)
Definition hba.c:3138
ipCmpAll
@ ipCmpAll
Definition hba.h:55
ipCmpSameNet
@ ipCmpSameNet
Definition hba.h:54
ipCmpMask
@ ipCmpMask
Definition hba.h:52
ipCmpSameHost
@ ipCmpSameHost
Definition hba.h:53
ctHostNoGSS
@ ctHostNoGSS
Definition hba.h:65
ctHostSSL
@ ctHostSSL
Definition hba.h:62
ctHostNoSSL
@ ctHostNoSSL
Definition hba.h:63
ctHost
@ ctHost
Definition hba.h:61
ctHostGSS
@ ctHostGSS
Definition hba.h:64
ctLocal
@ ctLocal
Definition hba.h:60
NUM_PG_HBA_FILE_RULES_ATTS
#define NUM_PG_HBA_FILE_RULES_ATTS
Definition hbafuncs.c:186
get_hba_options
static ArrayType * get_hba_options(HbaLine *hba)
Definition hbafuncs.c:54
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition heaptuple.c:1025
pg_getnameinfo_all
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
Definition ip.c:117
lappend
List * lappend(List *list, void *datum)
Definition list.c:339
pstrdup
char * pstrdup(const char *in)
Definition mcxt.c:1781
clean_ipv6_addr
void clean_ipv6_addr(int addr_family, char *addr)
Definition network.c:2028
strlist_to_textarray
ArrayType * strlist_to_textarray(List *list)
Definition objectaddress.c:6464
filename
static char * filename
Definition pg_dumpall.c:133
lfirst
#define lfirst(lc)
Definition pg_list.h:172
NIL
#define NIL
Definition pg_list.h:68
PointerGetDatum
static Datum PointerGetDatum(const void *X)
Definition postgres.h:342
Datum
uint64_t Datum
Definition postgres.h:70
Int32GetDatum
static Datum Int32GetDatum(int32 X)
Definition postgres.h:212
fb
static int fb(int x)
Definition preproc-init.c:92
HbaLine::auth_method
UserAuth auth_method
Definition hba.h:109
HbaLine::mask
struct sockaddr_storage mask
Definition hba.h:105
HbaLine::addrlen
int addrlen
Definition hba.h:104
HbaLine::masklen
int masklen
Definition hba.h:106
HbaLine::hostname
char * hostname
Definition hba.h:108
HbaLine::databases
List * databases
Definition hba.h:101
HbaLine::conntype
ConnType conntype
Definition hba.h:100
HbaLine::addr
struct sockaddr_storage addr
Definition hba.h:103
HbaLine::roles
List * roles
Definition hba.h:102
HbaLine::ip_cmp_method
IPCompareMethod ip_cmp_method
Definition hba.h:107
List
Definition pg_list.h:54
index
Definition type.h:96
tuplestore_puttuple
void tuplestore_puttuple(Tuplestorestate *state, HeapTuple tuple)
Definition tuplestore.c:765

References HbaLine::addr, HbaLine::addrlen, Assert, HbaLine::auth_method, clean_ipv6_addr(), HbaLine::conntype, CStringGetTextDatum, ctHost, ctHostGSS, ctHostNoGSS, ctHostNoSSL, ctHostSSL, ctLocal, HbaLine::databases, fb(), filename, get_hba_options(), hba_authname(), heap_form_tuple(), HbaLine::hostname, Int32GetDatum(), HbaLine::ip_cmp_method, ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, lappend(), lfirst, HbaLine::mask, HbaLine::masklen, TupleDescData::natts, NIL, NUM_PG_HBA_FILE_RULES_ATTS, pg_getnameinfo_all(), PointerGetDatum(), pstrdup(), HbaLine::roles, strlist_to_textarray(), tuplestore_puttuple(), and values.

Referenced by fill_hba_view().

◆ fill_hba_view()

static void fill_hba_view ( Tuplestorestate tuple_store,
TupleDesc  tupdesc 
)
static

Definition at line 395 of file hbafuncs.c.

396{
397 FILE *file;
398 List *hba_lines = NIL;
399 ListCell *line;
400 int rule_number = 0;
401 MemoryContext hbacxt;
402 MemoryContext oldcxt;
403
404 /*
405 * In the unlikely event that we can't open pg_hba.conf, we throw an
406 * error, rather than trying to report it via some sort of view entry.
407 * (Most other error conditions should result in a message in a view
408 * entry.)
409 */
410 file = open_auth_file(HbaFileName, ERROR, 0, NULL);
411
412 tokenize_auth_file(HbaFileName, file, &hba_lines, DEBUG3, 0);
413
414 /* Now parse all the lines */
415 hbacxt = AllocSetContextCreate(CurrentMemoryContext,
416 "hba parser context",
417 ALLOCSET_SMALL_SIZES);
418 oldcxt = MemoryContextSwitchTo(hbacxt);
419 foreach(line, hba_lines)
420 {
421 TokenizedAuthLine *tok_line = (TokenizedAuthLine *) lfirst(line);
422 HbaLine *hbaline = NULL;
423
424 /* don't parse lines that already have errors */
425 if (tok_line->err_msg == NULL)
426 hbaline = parse_hba_line(tok_line, DEBUG3);
427
428 /* No error, set a new rule number */
429 if (tok_line->err_msg == NULL)
430 rule_number++;
431
432 fill_hba_line(tuple_store, tupdesc, rule_number,
433 tok_line->file_name, tok_line->line_num, hbaline,
434 tok_line->err_msg);
435 }
436
437 /* Free tokenizer memory */
438 free_auth_file(file, 0);
439 /* Free parse_hba_line memory */
440 MemoryContextSwitchTo(oldcxt);
441 MemoryContextDelete(hbacxt);
442}
DEBUG3
#define DEBUG3
Definition elog.h:28
ERROR
#define ERROR
Definition elog.h:39
HbaFileName
char * HbaFileName
Definition guc_tables.c:566
parse_hba_line
HbaLine * parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
Definition hba.c:1325
free_auth_file
void free_auth_file(FILE *file, int depth)
Definition hba.c:569
tokenize_auth_file
void tokenize_auth_file(const char *filename, FILE *file, List **tok_lines, int elevel, int depth)
Definition hba.c:688
open_auth_file
FILE * open_auth_file(const char *filename, int elevel, int depth, char **err_msg)
Definition hba.c:594
fill_hba_line
static void fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, int rule_number, char *filename, int lineno, HbaLine *hba, const char *err_msg)
Definition hbafuncs.c:204
CurrentMemoryContext
MemoryContext CurrentMemoryContext
Definition mcxt.c:160
MemoryContextDelete
void MemoryContextDelete(MemoryContext context)
Definition mcxt.c:472
AllocSetContextCreate
#define AllocSetContextCreate
Definition memutils.h:129
ALLOCSET_SMALL_SIZES
#define ALLOCSET_SMALL_SIZES
Definition memutils.h:170
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition palloc.h:124
HbaLine
Definition hba.h:96

References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, CurrentMemoryContext, DEBUG3, ERROR, fb(), fill_hba_line(), free_auth_file(), HbaFileName, lfirst, MemoryContextDelete(), MemoryContextSwitchTo(), NIL, open_auth_file(), parse_hba_line(), and tokenize_auth_file().

Referenced by pg_hba_file_rules().

◆ fill_ident_line()

static void fill_ident_line ( Tuplestorestate tuple_store,
TupleDesc  tupdesc,
int  map_number,
char filename,
int  lineno,
IdentLine ident,
const char err_msg 
)
static

Definition at line 489 of file hbafuncs.c.

492{
493 Datum values[NUM_PG_IDENT_FILE_MAPPINGS_ATTS];
494 bool nulls[NUM_PG_IDENT_FILE_MAPPINGS_ATTS];
495 HeapTuple tuple;
496 int index;
497
498 Assert(tupdesc->natts == NUM_PG_IDENT_FILE_MAPPINGS_ATTS);
499
500 memset(values, 0, sizeof(values));
501 memset(nulls, 0, sizeof(nulls));
502 index = 0;
503
504 /* map_number, nothing on error */
505 if (err_msg)
506 nulls[index++] = true;
507 else
508 values[index++] = Int32GetDatum(map_number);
509
510 /* file_name */
511 values[index++] = CStringGetTextDatum(filename);
512
513 /* line_number */
514 values[index++] = Int32GetDatum(lineno);
515
516 if (ident != NULL)
517 {
518 values[index++] = CStringGetTextDatum(ident->usermap);
519 values[index++] = CStringGetTextDatum(ident->system_user->string);
520 values[index++] = CStringGetTextDatum(ident->pg_user->string);
521 }
522 else
523 {
524 /* no parsing result, so set relevant fields to nulls */
525 memset(&nulls[3], true, (NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 4) * sizeof(bool));
526 }
527
528 /* error */
529 if (err_msg)
530 values[NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 1] = CStringGetTextDatum(err_msg);
531 else
532 nulls[NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 1] = true;
533
534 tuple = heap_form_tuple(tupdesc, values, nulls);
535 tuplestore_puttuple(tuple_store, tuple);
536}
NUM_PG_IDENT_FILE_MAPPINGS_ATTS
#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS
Definition hbafuncs.c:471
ident
#define ident
Definition indent_codes.h:47

References Assert, CStringGetTextDatum, fb(), filename, heap_form_tuple(), ident, Int32GetDatum(), TupleDescData::natts, NUM_PG_IDENT_FILE_MAPPINGS_ATTS, tuplestore_puttuple(), and values.

Referenced by fill_ident_view().

◆ fill_ident_view()

static void fill_ident_view ( Tuplestorestate tuple_store,
TupleDesc  tupdesc 
)
static

Definition at line 542 of file hbafuncs.c.

543{
544 FILE *file;
545 List *ident_lines = NIL;
546 ListCell *line;
547 int map_number = 0;
548 MemoryContext identcxt;
549 MemoryContext oldcxt;
550
551 /*
552 * In the unlikely event that we can't open pg_ident.conf, we throw an
553 * error, rather than trying to report it via some sort of view entry.
554 * (Most other error conditions should result in a message in a view
555 * entry.)
556 */
557 file = open_auth_file(IdentFileName, ERROR, 0, NULL);
558
559 tokenize_auth_file(IdentFileName, file, &ident_lines, DEBUG3, 0);
560
561 /* Now parse all the lines */
562 identcxt = AllocSetContextCreate(CurrentMemoryContext,
563 "ident parser context",
564 ALLOCSET_SMALL_SIZES);
565 oldcxt = MemoryContextSwitchTo(identcxt);
566 foreach(line, ident_lines)
567 {
568 TokenizedAuthLine *tok_line = (TokenizedAuthLine *) lfirst(line);
569 IdentLine *identline = NULL;
570
571 /* don't parse lines that already have errors */
572 if (tok_line->err_msg == NULL)
573 identline = parse_ident_line(tok_line, DEBUG3);
574
575 /* no error, set a new mapping number */
576 if (tok_line->err_msg == NULL)
577 map_number++;
578
579 fill_ident_line(tuple_store, tupdesc, map_number,
580 tok_line->file_name, tok_line->line_num,
581 identline, tok_line->err_msg);
582 }
583
584 /* Free tokenizer memory */
585 free_auth_file(file, 0);
586 /* Free parse_ident_line memory */
587 MemoryContextSwitchTo(oldcxt);
588 MemoryContextDelete(identcxt);
589}
IdentFileName
char * IdentFileName
Definition guc_tables.c:567
parse_ident_line
IdentLine * parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
Definition hba.c:2748
fill_ident_line
static void fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, int map_number, char *filename, int lineno, IdentLine *ident, const char *err_msg)
Definition hbafuncs.c:489

References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, CurrentMemoryContext, DEBUG3, ERROR, fb(), fill_ident_line(), free_auth_file(), IdentFileName, lfirst, MemoryContextDelete(), MemoryContextSwitchTo(), NIL, open_auth_file(), parse_ident_line(), and tokenize_auth_file().

Referenced by pg_ident_file_mappings().

◆ get_hba_options()

static ArrayType * get_hba_options ( HbaLine hba)
static

Definition at line 54 of file hbafuncs.c.

55{
56 int noptions;
57 Datum options[MAX_HBA_OPTIONS];
58
59 noptions = 0;
60
61 if (hba->auth_method == uaGSS || hba->auth_method == uaSSPI)
62 {
63 if (hba->include_realm)
64 options[noptions++] =
65 CStringGetTextDatum("include_realm=true");
66
67 if (hba->krb_realm)
68 options[noptions++] =
69 CStringGetTextDatum(psprintf("krb_realm=%s", hba->krb_realm));
70 }
71
72 if (hba->usermap)
73 options[noptions++] =
74 CStringGetTextDatum(psprintf("map=%s", hba->usermap));
75
76 if (hba->clientcert != clientCertOff)
77 options[noptions++] =
78 CStringGetTextDatum(psprintf("clientcert=%s", (hba->clientcert == clientCertCA) ? "verify-ca" : "verify-full"));
79
80 if (hba->pamservice)
81 options[noptions++] =
82 CStringGetTextDatum(psprintf("pamservice=%s", hba->pamservice));
83
84 if (hba->auth_method == uaLDAP)
85 {
86 if (hba->ldapserver)
87 options[noptions++] =
88 CStringGetTextDatum(psprintf("ldapserver=%s", hba->ldapserver));
89
90 if (hba->ldapport)
91 options[noptions++] =
92 CStringGetTextDatum(psprintf("ldapport=%d", hba->ldapport));
93
94 if (hba->ldapscheme)
95 options[noptions++] =
96 CStringGetTextDatum(psprintf("ldapscheme=%s", hba->ldapscheme));
97
98 if (hba->ldaptls)
99 options[noptions++] =
100 CStringGetTextDatum("ldaptls=true");
101
102 if (hba->ldapprefix)
103 options[noptions++] =
104 CStringGetTextDatum(psprintf("ldapprefix=%s", hba->ldapprefix));
105
106 if (hba->ldapsuffix)
107 options[noptions++] =
108 CStringGetTextDatum(psprintf("ldapsuffix=%s", hba->ldapsuffix));
109
110 if (hba->ldapbasedn)
111 options[noptions++] =
112 CStringGetTextDatum(psprintf("ldapbasedn=%s", hba->ldapbasedn));
113
114 if (hba->ldapbinddn)
115 options[noptions++] =
116 CStringGetTextDatum(psprintf("ldapbinddn=%s", hba->ldapbinddn));
117
118 if (hba->ldapbindpasswd)
119 options[noptions++] =
120 CStringGetTextDatum(psprintf("ldapbindpasswd=%s",
121 hba->ldapbindpasswd));
122
123 if (hba->ldapsearchattribute)
124 options[noptions++] =
125 CStringGetTextDatum(psprintf("ldapsearchattribute=%s",
126 hba->ldapsearchattribute));
127
128 if (hba->ldapsearchfilter)
129 options[noptions++] =
130 CStringGetTextDatum(psprintf("ldapsearchfilter=%s",
131 hba->ldapsearchfilter));
132
133 if (hba->ldapscope)
134 options[noptions++] =
135 CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
136 }
137
138 if (hba->auth_method == uaRADIUS)
139 {
140 if (hba->radiusservers_s)
141 options[noptions++] =
142 CStringGetTextDatum(psprintf("radiusservers=%s", hba->radiusservers_s));
143
144 if (hba->radiussecrets_s)
145 options[noptions++] =
146 CStringGetTextDatum(psprintf("radiussecrets=%s", hba->radiussecrets_s));
147
148 if (hba->radiusidentifiers_s)
149 options[noptions++] =
150 CStringGetTextDatum(psprintf("radiusidentifiers=%s", hba->radiusidentifiers_s));
151
152 if (hba->radiusports_s)
153 options[noptions++] =
154 CStringGetTextDatum(psprintf("radiusports=%s", hba->radiusports_s));
155 }
156
157 if (hba->auth_method == uaOAuth)
158 {
159 if (hba->oauth_issuer)
160 options[noptions++] =
161 CStringGetTextDatum(psprintf("issuer=%s", hba->oauth_issuer));
162
163 if (hba->oauth_scope)
164 options[noptions++] =
165 CStringGetTextDatum(psprintf("scope=%s", hba->oauth_scope));
166
167 if (hba->oauth_validator)
168 options[noptions++] =
169 CStringGetTextDatum(psprintf("validator=%s", hba->oauth_validator));
170
171 if (hba->oauth_skip_usermap)
172 options[noptions++] =
173 CStringGetTextDatum(psprintf("delegate_ident_mapping=true"));
174 }
175
176 /* If you add more options, consider increasing MAX_HBA_OPTIONS. */
177 Assert(noptions <= MAX_HBA_OPTIONS);
178
179 if (noptions > 0)
180 return construct_array_builtin(options, noptions, TEXTOID);
181 else
182 return NULL;
183}
construct_array_builtin
ArrayType * construct_array_builtin(Datum *elems, int nelems, Oid elmtype)
Definition arrayfuncs.c:3387
uaLDAP
@ uaLDAP
Definition hba.h:38
uaGSS
@ uaGSS
Definition hba.h:34
uaRADIUS
@ uaRADIUS
Definition hba.h:40
uaOAuth
@ uaOAuth
Definition hba.h:42
uaSSPI
@ uaSSPI
Definition hba.h:35
clientCertOff
@ clientCertOff
Definition hba.h:70
clientCertCA
@ clientCertCA
Definition hba.h:71
MAX_HBA_OPTIONS
#define MAX_HBA_OPTIONS
Definition hbafuncs.c:47
noptions
static size_t noptions
Definition pg_recvlogical.c:60
psprintf
char * psprintf(const char *fmt,...)
Definition psprintf.c:43
HbaLine::oauth_skip_usermap
bool oauth_skip_usermap
Definition hba.h:142
HbaLine::ldapserver
char * ldapserver
Definition hba.h:115
HbaLine::include_realm
bool include_realm
Definition hba.h:128
HbaLine::clientcert
ClientCertMode clientcert
Definition hba.h:125
HbaLine::ldapsearchfilter
char * ldapsearchfilter
Definition hba.h:120
HbaLine::ldapscheme
char * ldapscheme
Definition hba.h:114
HbaLine::oauth_issuer
char * oauth_issuer
Definition hba.h:139
HbaLine::ldapprefix
char * ldapprefix
Definition hba.h:123
HbaLine::ldapsearchattribute
char * ldapsearchattribute
Definition hba.h:119
HbaLine::krb_realm
char * krb_realm
Definition hba.h:127
HbaLine::ldapbasedn
char * ldapbasedn
Definition hba.h:121
HbaLine::radiussecrets_s
char * radiussecrets_s
Definition hba.h:134
HbaLine::oauth_scope
char * oauth_scope
Definition hba.h:140
HbaLine::oauth_validator
char * oauth_validator
Definition hba.h:141
HbaLine::pamservice
char * pamservice
Definition hba.h:111
HbaLine::usermap
char * usermap
Definition hba.h:110
HbaLine::ldapsuffix
char * ldapsuffix
Definition hba.h:124
HbaLine::ldapport
int ldapport
Definition hba.h:116
HbaLine::ldapbindpasswd
char * ldapbindpasswd
Definition hba.h:118
HbaLine::radiusports_s
char * radiusports_s
Definition hba.h:138
HbaLine::ldapbinddn
char * ldapbinddn
Definition hba.h:117
HbaLine::ldapscope
int ldapscope
Definition hba.h:122
HbaLine::ldaptls
bool ldaptls
Definition hba.h:113
HbaLine::radiusservers_s
char * radiusservers_s
Definition hba.h:132
HbaLine::radiusidentifiers_s
char * radiusidentifiers_s
Definition hba.h:136

References Assert, HbaLine::auth_method, HbaLine::clientcert, clientCertCA, clientCertOff, construct_array_builtin(), CStringGetTextDatum, fb(), HbaLine::include_realm, HbaLine::krb_realm, HbaLine::ldapbasedn, HbaLine::ldapbinddn, HbaLine::ldapbindpasswd, HbaLine::ldapport, HbaLine::ldapprefix, HbaLine::ldapscheme, HbaLine::ldapscope, HbaLine::ldapsearchattribute, HbaLine::ldapsearchfilter, HbaLine::ldapserver, HbaLine::ldapsuffix, HbaLine::ldaptls, MAX_HBA_OPTIONS, noptions, HbaLine::oauth_issuer, HbaLine::oauth_scope, HbaLine::oauth_skip_usermap, HbaLine::oauth_validator, HbaLine::pamservice, psprintf(), HbaLine::radiusidentifiers_s, HbaLine::radiusports_s, HbaLine::radiussecrets_s, HbaLine::radiusservers_s, uaGSS, uaLDAP, uaOAuth, uaRADIUS, uaSSPI, and HbaLine::usermap.

Referenced by fill_hba_line().

◆ pg_hba_file_rules()

Datum pg_hba_file_rules ( PG_FUNCTION_ARGS  )

Definition at line 451 of file hbafuncs.c.

452{
453 ReturnSetInfo *rsi;
454
455 /*
456 * Build tuplestore to hold the result rows. We must use the Materialize
457 * mode to be safe against HBA file changes while the cursor is open. It's
458 * also more efficient than having to look up our current position in the
459 * parsed list every time.
460 */
461 InitMaterializedSRF(fcinfo, 0);
462
463 /* Fill the tuplestore */
464 rsi = (ReturnSetInfo *) fcinfo->resultinfo;
465 fill_hba_view(rsi->setResult, rsi->setDesc);
466
467 PG_RETURN_NULL();
468}
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition fmgr.h:346
InitMaterializedSRF
void InitMaterializedSRF(FunctionCallInfo fcinfo, uint32 flags)
Definition funcapi.c:76
fill_hba_view
static void fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
Definition hbafuncs.c:395

References fill_hba_view(), InitMaterializedSRF(), PG_RETURN_NULL, ReturnSetInfo::setDesc, and ReturnSetInfo::setResult.

◆ pg_ident_file_mappings()

Datum pg_ident_file_mappings ( PG_FUNCTION_ARGS  )

Definition at line 595 of file hbafuncs.c.

596{
597 ReturnSetInfo *rsi;
598
599 /*
600 * Build tuplestore to hold the result rows. We must use the Materialize
601 * mode to be safe against HBA file changes while the cursor is open. It's
602 * also more efficient than having to look up our current position in the
603 * parsed list every time.
604 */
605 InitMaterializedSRF(fcinfo, 0);
606
607 /* Fill the tuplestore */
608 rsi = (ReturnSetInfo *) fcinfo->resultinfo;
609 fill_ident_view(rsi->setResult, rsi->setDesc);
610
611 PG_RETURN_NULL();
612}
fill_ident_view
static void fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
Definition hbafuncs.c:542

References fill_ident_view(), InitMaterializedSRF(), PG_RETURN_NULL, ReturnSetInfo::setDesc, and ReturnSetInfo::setResult.