PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Macros | Functions
hbafuncs.c File Reference
#include "postgres.h"
#include "catalog/objectaddress.h"
#include "common/ip.h"
#include "funcapi.h"
#include "libpq/hba.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/guc.h"
Include dependency graph for hbafuncs.c:

Go to the source code of this file.

Macros

#define MAX_HBA_OPTIONS   15
 
#define NUM_PG_HBA_FILE_RULES_ATTS   11
 
#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS   7
 

Functions

static ArrayTypeget_hba_options (HbaLine *hba)
 
static void fill_hba_line (Tuplestorestate *tuple_store, TupleDesc tupdesc, int rule_number, char *filename, int lineno, HbaLine *hba, const char *err_msg)
 
static void fill_hba_view (Tuplestorestate *tuple_store, TupleDesc tupdesc)
 
static void fill_ident_line (Tuplestorestate *tuple_store, TupleDesc tupdesc, int map_number, char *filename, int lineno, IdentLine *ident, const char *err_msg)
 
static void fill_ident_view (Tuplestorestate *tuple_store, TupleDesc tupdesc)
 
Datum pg_hba_file_rules (PG_FUNCTION_ARGS)
 
Datum pg_ident_file_mappings (PG_FUNCTION_ARGS)
 

Macro Definition Documentation

◆ MAX_HBA_OPTIONS

#define MAX_HBA_OPTIONS   15

Definition at line 45 of file hbafuncs.c.

◆ NUM_PG_HBA_FILE_RULES_ATTS

#define NUM_PG_HBA_FILE_RULES_ATTS   11

Definition at line 184 of file hbafuncs.c.

◆ NUM_PG_IDENT_FILE_MAPPINGS_ATTS

#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS   7

Definition at line 469 of file hbafuncs.c.

Function Documentation

◆ fill_hba_line()

static void fill_hba_line ( Tuplestorestate tuple_store,
TupleDesc  tupdesc,
int  rule_number,
char *  filename,
int  lineno,
HbaLine hba,
const char *  err_msg 
)
static

Definition at line 202 of file hbafuncs.c.

205{
206 Datum values[NUM_PG_HBA_FILE_RULES_ATTS];
207 bool nulls[NUM_PG_HBA_FILE_RULES_ATTS];
208 char buffer[NI_MAXHOST];
209 HeapTuple tuple;
210 int index;
211 ListCell *lc;
212 const char *typestr;
213 const char *addrstr;
214 const char *maskstr;
215 ArrayType *options;
216
217 Assert(tupdesc->natts == NUM_PG_HBA_FILE_RULES_ATTS);
218
219 memset(values, 0, sizeof(values));
220 memset(nulls, 0, sizeof(nulls));
221 index = 0;
222
223 /* rule_number, nothing on error */
224 if (err_msg)
225 nulls[index++] = true;
226 else
227 values[index++] = Int32GetDatum(rule_number);
228
229 /* file_name */
230 values[index++] = CStringGetTextDatum(filename);
231
232 /* line_number */
233 values[index++] = Int32GetDatum(lineno);
234
235 if (hba != NULL)
236 {
237 /* type */
238 /* Avoid a default: case so compiler will warn about missing cases */
239 typestr = NULL;
240 switch (hba->conntype)
241 {
242 case ctLocal:
243 typestr = "local";
244 break;
245 case ctHost:
246 typestr = "host";
247 break;
248 case ctHostSSL:
249 typestr = "hostssl";
250 break;
251 case ctHostNoSSL:
252 typestr = "hostnossl";
253 break;
254 case ctHostGSS:
255 typestr = "hostgssenc";
256 break;
257 case ctHostNoGSS:
258 typestr = "hostnogssenc";
259 break;
260 }
261 if (typestr)
262 values[index++] = CStringGetTextDatum(typestr);
263 else
264 nulls[index++] = true;
265
266 /* database */
267 if (hba->databases)
268 {
269 /*
270 * Flatten AuthToken list to string list. It might seem that we
271 * should re-quote any quoted tokens, but that has been rejected
272 * on the grounds that it makes it harder to compare the array
273 * elements to other system catalogs. That makes entries like
274 * "all" or "samerole" formally ambiguous ... but users who name
275 * databases/roles that way are inflicting their own pain.
276 */
277 List *names = NIL;
278
279 foreach(lc, hba->databases)
280 {
281 AuthToken *tok = lfirst(lc);
282
283 names = lappend(names, tok->string);
284 }
285 values[index++] = PointerGetDatum(strlist_to_textarray(names));
286 }
287 else
288 nulls[index++] = true;
289
290 /* user */
291 if (hba->roles)
292 {
293 /* Flatten AuthToken list to string list; see comment above */
294 List *roles = NIL;
295
296 foreach(lc, hba->roles)
297 {
298 AuthToken *tok = lfirst(lc);
299
300 roles = lappend(roles, tok->string);
301 }
302 values[index++] = PointerGetDatum(strlist_to_textarray(roles));
303 }
304 else
305 nulls[index++] = true;
306
307 /* address and netmask */
308 /* Avoid a default: case so compiler will warn about missing cases */
309 addrstr = maskstr = NULL;
310 switch (hba->ip_cmp_method)
311 {
312 case ipCmpMask:
313 if (hba->hostname)
314 {
315 addrstr = hba->hostname;
316 }
317 else
318 {
319 /*
320 * Note: if pg_getnameinfo_all fails, it'll set buffer to
321 * "???", which we want to return.
322 */
323 if (hba->addrlen > 0)
324 {
325 if (pg_getnameinfo_all(&hba->addr, hba->addrlen,
326 buffer, sizeof(buffer),
327 NULL, 0,
328 NI_NUMERICHOST) == 0)
329 clean_ipv6_addr(hba->addr.ss_family, buffer);
330 addrstr = pstrdup(buffer);
331 }
332 if (hba->masklen > 0)
333 {
334 if (pg_getnameinfo_all(&hba->mask, hba->masklen,
335 buffer, sizeof(buffer),
336 NULL, 0,
337 NI_NUMERICHOST) == 0)
338 clean_ipv6_addr(hba->mask.ss_family, buffer);
339 maskstr = pstrdup(buffer);
340 }
341 }
342 break;
343 case ipCmpAll:
344 addrstr = "all";
345 break;
346 case ipCmpSameHost:
347 addrstr = "samehost";
348 break;
349 case ipCmpSameNet:
350 addrstr = "samenet";
351 break;
352 }
353 if (addrstr)
354 values[index++] = CStringGetTextDatum(addrstr);
355 else
356 nulls[index++] = true;
357 if (maskstr)
358 values[index++] = CStringGetTextDatum(maskstr);
359 else
360 nulls[index++] = true;
361
362 /* auth_method */
363 values[index++] = CStringGetTextDatum(hba_authname(hba->auth_method));
364
365 /* options */
366 options = get_hba_options(hba);
367 if (options)
368 values[index++] = PointerGetDatum(options);
369 else
370 nulls[index++] = true;
371 }
372 else
373 {
374 /* no parsing result, so set relevant fields to nulls */
375 memset(&nulls[3], true, (NUM_PG_HBA_FILE_RULES_ATTS - 4) * sizeof(bool));
376 }
377
378 /* error */
379 if (err_msg)
380 values[NUM_PG_HBA_FILE_RULES_ATTS - 1] = CStringGetTextDatum(err_msg);
381 else
382 nulls[NUM_PG_HBA_FILE_RULES_ATTS - 1] = true;
383
384 tuple = heap_form_tuple(tupdesc, values, nulls);
385 tuplestore_puttuple(tuple_store, tuple);
386}
values
static Datum values[MAXATTR]
Definition: bootstrap.c:151
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition: builtins.h:97
Assert
Assert(PointerIsAligned(start, uint64))
hba_authname
const char * hba_authname(UserAuth auth_method)
Definition: hba.c:3123
ipCmpAll
@ ipCmpAll
Definition: hba.h:55
ipCmpSameNet
@ ipCmpSameNet
Definition: hba.h:54
ipCmpMask
@ ipCmpMask
Definition: hba.h:52
ipCmpSameHost
@ ipCmpSameHost
Definition: hba.h:53
ctHostNoGSS
@ ctHostNoGSS
Definition: hba.h:65
ctHostSSL
@ ctHostSSL
Definition: hba.h:62
ctHostNoSSL
@ ctHostNoSSL
Definition: hba.h:63
ctHost
@ ctHost
Definition: hba.h:61
ctHostGSS
@ ctHostGSS
Definition: hba.h:64
ctLocal
@ ctLocal
Definition: hba.h:60
NUM_PG_HBA_FILE_RULES_ATTS
#define NUM_PG_HBA_FILE_RULES_ATTS
Definition: hbafuncs.c:184
get_hba_options
static ArrayType * get_hba_options(HbaLine *hba)
Definition: hbafuncs.c:52
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1117
pg_getnameinfo_all
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
Definition: ip.c:114
lappend
List * lappend(List *list, void *datum)
Definition: list.c:339
pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1699
clean_ipv6_addr
void clean_ipv6_addr(int addr_family, char *addr)
Definition: network.c:2062
strlist_to_textarray
ArrayType * strlist_to_textarray(List *list)
Definition: objectaddress.c:6117
filename
static char * filename
Definition: pg_dumpall.c:127
lfirst
#define lfirst(lc)
Definition: pg_list.h:172
NIL
#define NIL
Definition: pg_list.h:68
options
static char ** options
Definition: pg_recvlogical.c:57
PointerGetDatum
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:327
Datum
uintptr_t Datum
Definition: postgres.h:69
Int32GetDatum
static Datum Int32GetDatum(int32 X)
Definition: postgres.h:217
AuthToken
Definition: hba.h:89
AuthToken::string
char * string
Definition: hba.h:90
HbaLine::auth_method
UserAuth auth_method
Definition: hba.h:109
HbaLine::mask
struct sockaddr_storage mask
Definition: hba.h:105
HbaLine::addrlen
int addrlen
Definition: hba.h:104
HbaLine::masklen
int masklen
Definition: hba.h:106
HbaLine::hostname
char * hostname
Definition: hba.h:108
HbaLine::databases
List * databases
Definition: hba.h:101
HbaLine::conntype
ConnType conntype
Definition: hba.h:100
HbaLine::addr
struct sockaddr_storage addr
Definition: hba.h:103
HbaLine::roles
List * roles
Definition: hba.h:102
HbaLine::ip_cmp_method
IPCompareMethod ip_cmp_method
Definition: hba.h:107
List
Definition: pg_list.h:54
index
Definition: type.h:96
tuplestore_puttuple
void tuplestore_puttuple(Tuplestorestate *state, HeapTuple tuple)
Definition: tuplestore.c:764

References HbaLine::addr, HbaLine::addrlen, Assert(), HbaLine::auth_method, clean_ipv6_addr(), HbaLine::conntype, CStringGetTextDatum, ctHost, ctHostGSS, ctHostNoGSS, ctHostNoSSL, ctHostSSL, ctLocal, HbaLine::databases, filename, get_hba_options(), hba_authname(), heap_form_tuple(), HbaLine::hostname, Int32GetDatum(), HbaLine::ip_cmp_method, ipCmpAll, ipCmpMask, ipCmpSameHost, ipCmpSameNet, lappend(), lfirst, HbaLine::mask, HbaLine::masklen, TupleDescData::natts, NIL, NUM_PG_HBA_FILE_RULES_ATTS, options, pg_getnameinfo_all(), PointerGetDatum(), pstrdup(), HbaLine::roles, AuthToken::string, strlist_to_textarray(), tuplestore_puttuple(), and values.

Referenced by fill_hba_view().

◆ fill_hba_view()

static void fill_hba_view ( Tuplestorestate tuple_store,
TupleDesc  tupdesc 
)
static

Definition at line 393 of file hbafuncs.c.

394{
395 FILE *file;
396 List *hba_lines = NIL;
397 ListCell *line;
398 int rule_number = 0;
399 MemoryContext hbacxt;
400 MemoryContext oldcxt;
401
402 /*
403 * In the unlikely event that we can't open pg_hba.conf, we throw an
404 * error, rather than trying to report it via some sort of view entry.
405 * (Most other error conditions should result in a message in a view
406 * entry.)
407 */
408 file = open_auth_file(HbaFileName, ERROR, 0, NULL);
409
410 tokenize_auth_file(HbaFileName, file, &hba_lines, DEBUG3, 0);
411
412 /* Now parse all the lines */
413 hbacxt = AllocSetContextCreate(CurrentMemoryContext,
414 "hba parser context",
415 ALLOCSET_SMALL_SIZES);
416 oldcxt = MemoryContextSwitchTo(hbacxt);
417 foreach(line, hba_lines)
418 {
419 TokenizedAuthLine *tok_line = (TokenizedAuthLine *) lfirst(line);
420 HbaLine *hbaline = NULL;
421
422 /* don't parse lines that already have errors */
423 if (tok_line->err_msg == NULL)
424 hbaline = parse_hba_line(tok_line, DEBUG3);
425
426 /* No error, set a new rule number */
427 if (tok_line->err_msg == NULL)
428 rule_number++;
429
430 fill_hba_line(tuple_store, tupdesc, rule_number,
431 tok_line->file_name, tok_line->line_num, hbaline,
432 tok_line->err_msg);
433 }
434
435 /* Free tokenizer memory */
436 free_auth_file(file, 0);
437 /* Free parse_hba_line memory */
438 MemoryContextSwitchTo(oldcxt);
439 MemoryContextDelete(hbacxt);
440}
DEBUG3
#define DEBUG3
Definition: elog.h:28
ERROR
#define ERROR
Definition: elog.h:39
HbaFileName
char * HbaFileName
Definition: guc_tables.c:544
parse_hba_line
HbaLine * parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:1328
free_auth_file
void free_auth_file(FILE *file, int depth)
Definition: hba.c:572
tokenize_auth_file
void tokenize_auth_file(const char *filename, FILE *file, List **tok_lines, int elevel, int depth)
Definition: hba.c:691
open_auth_file
FILE * open_auth_file(const char *filename, int elevel, int depth, char **err_msg)
Definition: hba.c:597
fill_hba_line
static void fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, int rule_number, char *filename, int lineno, HbaLine *hba, const char *err_msg)
Definition: hbafuncs.c:202
CurrentMemoryContext
MemoryContext CurrentMemoryContext
Definition: mcxt.c:143
MemoryContextDelete
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:454
AllocSetContextCreate
#define AllocSetContextCreate
Definition: memutils.h:129
ALLOCSET_SMALL_SIZES
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:170
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:124
HbaLine
Definition: hba.h:96
TokenizedAuthLine::line_num
int line_num
Definition: hba.h:167
TokenizedAuthLine::file_name
char * file_name
Definition: hba.h:166
TokenizedAuthLine::err_msg
char * err_msg
Definition: hba.h:169

References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, CurrentMemoryContext, DEBUG3, TokenizedAuthLine::err_msg, ERROR, TokenizedAuthLine::file_name, fill_hba_line(), free_auth_file(), HbaFileName, lfirst, TokenizedAuthLine::line_num, MemoryContextDelete(), MemoryContextSwitchTo(), NIL, open_auth_file(), parse_hba_line(), and tokenize_auth_file().

Referenced by pg_hba_file_rules().

◆ fill_ident_line()

static void fill_ident_line ( Tuplestorestate tuple_store,
TupleDesc  tupdesc,
int  map_number,
char *  filename,
int  lineno,
IdentLine ident,
const char *  err_msg 
)
static

Definition at line 487 of file hbafuncs.c.

490{
491 Datum values[NUM_PG_IDENT_FILE_MAPPINGS_ATTS];
492 bool nulls[NUM_PG_IDENT_FILE_MAPPINGS_ATTS];
493 HeapTuple tuple;
494 int index;
495
496 Assert(tupdesc->natts == NUM_PG_IDENT_FILE_MAPPINGS_ATTS);
497
498 memset(values, 0, sizeof(values));
499 memset(nulls, 0, sizeof(nulls));
500 index = 0;
501
502 /* map_number, nothing on error */
503 if (err_msg)
504 nulls[index++] = true;
505 else
506 values[index++] = Int32GetDatum(map_number);
507
508 /* file_name */
509 values[index++] = CStringGetTextDatum(filename);
510
511 /* line_number */
512 values[index++] = Int32GetDatum(lineno);
513
514 if (ident != NULL)
515 {
516 values[index++] = CStringGetTextDatum(ident->usermap);
517 values[index++] = CStringGetTextDatum(ident->system_user->string);
518 values[index++] = CStringGetTextDatum(ident->pg_user->string);
519 }
520 else
521 {
522 /* no parsing result, so set relevant fields to nulls */
523 memset(&nulls[3], true, (NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 4) * sizeof(bool));
524 }
525
526 /* error */
527 if (err_msg)
528 values[NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 1] = CStringGetTextDatum(err_msg);
529 else
530 nulls[NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 1] = true;
531
532 tuple = heap_form_tuple(tupdesc, values, nulls);
533 tuplestore_puttuple(tuple_store, tuple);
534}
NUM_PG_IDENT_FILE_MAPPINGS_ATTS
#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS
Definition: hbafuncs.c:469
ident
#define ident
Definition: indent_codes.h:47

References Assert(), CStringGetTextDatum, filename, heap_form_tuple(), ident, Int32GetDatum(), TupleDescData::natts, NUM_PG_IDENT_FILE_MAPPINGS_ATTS, tuplestore_puttuple(), and values.

Referenced by fill_ident_view().

◆ fill_ident_view()

static void fill_ident_view ( Tuplestorestate tuple_store,
TupleDesc  tupdesc 
)
static

Definition at line 540 of file hbafuncs.c.

541{
542 FILE *file;
543 List *ident_lines = NIL;
544 ListCell *line;
545 int map_number = 0;
546 MemoryContext identcxt;
547 MemoryContext oldcxt;
548
549 /*
550 * In the unlikely event that we can't open pg_ident.conf, we throw an
551 * error, rather than trying to report it via some sort of view entry.
552 * (Most other error conditions should result in a message in a view
553 * entry.)
554 */
555 file = open_auth_file(IdentFileName, ERROR, 0, NULL);
556
557 tokenize_auth_file(IdentFileName, file, &ident_lines, DEBUG3, 0);
558
559 /* Now parse all the lines */
560 identcxt = AllocSetContextCreate(CurrentMemoryContext,
561 "ident parser context",
562 ALLOCSET_SMALL_SIZES);
563 oldcxt = MemoryContextSwitchTo(identcxt);
564 foreach(line, ident_lines)
565 {
566 TokenizedAuthLine *tok_line = (TokenizedAuthLine *) lfirst(line);
567 IdentLine *identline = NULL;
568
569 /* don't parse lines that already have errors */
570 if (tok_line->err_msg == NULL)
571 identline = parse_ident_line(tok_line, DEBUG3);
572
573 /* no error, set a new mapping number */
574 if (tok_line->err_msg == NULL)
575 map_number++;
576
577 fill_ident_line(tuple_store, tupdesc, map_number,
578 tok_line->file_name, tok_line->line_num,
579 identline, tok_line->err_msg);
580 }
581
582 /* Free tokenizer memory */
583 free_auth_file(file, 0);
584 /* Free parse_ident_line memory */
585 MemoryContextSwitchTo(oldcxt);
586 MemoryContextDelete(identcxt);
587}
IdentFileName
char * IdentFileName
Definition: guc_tables.c:545
parse_ident_line
IdentLine * parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:2751
fill_ident_line
static void fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, int map_number, char *filename, int lineno, IdentLine *ident, const char *err_msg)
Definition: hbafuncs.c:487
IdentLine
Definition: hba.h:146

References ALLOCSET_SMALL_SIZES, AllocSetContextCreate, CurrentMemoryContext, DEBUG3, TokenizedAuthLine::err_msg, ERROR, TokenizedAuthLine::file_name, fill_ident_line(), free_auth_file(), IdentFileName, lfirst, TokenizedAuthLine::line_num, MemoryContextDelete(), MemoryContextSwitchTo(), NIL, open_auth_file(), parse_ident_line(), and tokenize_auth_file().

Referenced by pg_ident_file_mappings().

◆ get_hba_options()

static ArrayType * get_hba_options ( HbaLine hba)
static

Definition at line 52 of file hbafuncs.c.

53{
54 int noptions;
55 Datum options[MAX_HBA_OPTIONS];
56
57 noptions = 0;
58
59 if (hba->auth_method == uaGSS || hba->auth_method == uaSSPI)
60 {
61 if (hba->include_realm)
62 options[noptions++] =
63 CStringGetTextDatum("include_realm=true");
64
65 if (hba->krb_realm)
66 options[noptions++] =
67 CStringGetTextDatum(psprintf("krb_realm=%s", hba->krb_realm));
68 }
69
70 if (hba->usermap)
71 options[noptions++] =
72 CStringGetTextDatum(psprintf("map=%s", hba->usermap));
73
74 if (hba->clientcert != clientCertOff)
75 options[noptions++] =
76 CStringGetTextDatum(psprintf("clientcert=%s", (hba->clientcert == clientCertCA) ? "verify-ca" : "verify-full"));
77
78 if (hba->pamservice)
79 options[noptions++] =
80 CStringGetTextDatum(psprintf("pamservice=%s", hba->pamservice));
81
82 if (hba->auth_method == uaLDAP)
83 {
84 if (hba->ldapserver)
85 options[noptions++] =
86 CStringGetTextDatum(psprintf("ldapserver=%s", hba->ldapserver));
87
88 if (hba->ldapport)
89 options[noptions++] =
90 CStringGetTextDatum(psprintf("ldapport=%d", hba->ldapport));
91
92 if (hba->ldapscheme)
93 options[noptions++] =
94 CStringGetTextDatum(psprintf("ldapscheme=%s", hba->ldapscheme));
95
96 if (hba->ldaptls)
97 options[noptions++] =
98 CStringGetTextDatum("ldaptls=true");
99
100 if (hba->ldapprefix)
101 options[noptions++] =
102 CStringGetTextDatum(psprintf("ldapprefix=%s", hba->ldapprefix));
103
104 if (hba->ldapsuffix)
105 options[noptions++] =
106 CStringGetTextDatum(psprintf("ldapsuffix=%s", hba->ldapsuffix));
107
108 if (hba->ldapbasedn)
109 options[noptions++] =
110 CStringGetTextDatum(psprintf("ldapbasedn=%s", hba->ldapbasedn));
111
112 if (hba->ldapbinddn)
113 options[noptions++] =
114 CStringGetTextDatum(psprintf("ldapbinddn=%s", hba->ldapbinddn));
115
116 if (hba->ldapbindpasswd)
117 options[noptions++] =
118 CStringGetTextDatum(psprintf("ldapbindpasswd=%s",
119 hba->ldapbindpasswd));
120
121 if (hba->ldapsearchattribute)
122 options[noptions++] =
123 CStringGetTextDatum(psprintf("ldapsearchattribute=%s",
124 hba->ldapsearchattribute));
125
126 if (hba->ldapsearchfilter)
127 options[noptions++] =
128 CStringGetTextDatum(psprintf("ldapsearchfilter=%s",
129 hba->ldapsearchfilter));
130
131 if (hba->ldapscope)
132 options[noptions++] =
133 CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
134 }
135
136 if (hba->auth_method == uaRADIUS)
137 {
138 if (hba->radiusservers_s)
139 options[noptions++] =
140 CStringGetTextDatum(psprintf("radiusservers=%s", hba->radiusservers_s));
141
142 if (hba->radiussecrets_s)
143 options[noptions++] =
144 CStringGetTextDatum(psprintf("radiussecrets=%s", hba->radiussecrets_s));
145
146 if (hba->radiusidentifiers_s)
147 options[noptions++] =
148 CStringGetTextDatum(psprintf("radiusidentifiers=%s", hba->radiusidentifiers_s));
149
150 if (hba->radiusports_s)
151 options[noptions++] =
152 CStringGetTextDatum(psprintf("radiusports=%s", hba->radiusports_s));
153 }
154
155 if (hba->auth_method == uaOAuth)
156 {
157 if (hba->oauth_issuer)
158 options[noptions++] =
159 CStringGetTextDatum(psprintf("issuer=%s", hba->oauth_issuer));
160
161 if (hba->oauth_scope)
162 options[noptions++] =
163 CStringGetTextDatum(psprintf("scope=%s", hba->oauth_scope));
164
165 if (hba->oauth_validator)
166 options[noptions++] =
167 CStringGetTextDatum(psprintf("validator=%s", hba->oauth_validator));
168
169 if (hba->oauth_skip_usermap)
170 options[noptions++] =
171 CStringGetTextDatum(psprintf("delegate_ident_mapping=true"));
172 }
173
174 /* If you add more options, consider increasing MAX_HBA_OPTIONS. */
175 Assert(noptions <= MAX_HBA_OPTIONS);
176
177 if (noptions > 0)
178 return construct_array_builtin(options, noptions, TEXTOID);
179 else
180 return NULL;
181}
construct_array_builtin
ArrayType * construct_array_builtin(Datum *elems, int nelems, Oid elmtype)
Definition: arrayfuncs.c:3381
uaLDAP
@ uaLDAP
Definition: hba.h:38
uaGSS
@ uaGSS
Definition: hba.h:34
uaRADIUS
@ uaRADIUS
Definition: hba.h:40
uaOAuth
@ uaOAuth
Definition: hba.h:42
uaSSPI
@ uaSSPI
Definition: hba.h:35
clientCertOff
@ clientCertOff
Definition: hba.h:70
clientCertCA
@ clientCertCA
Definition: hba.h:71
MAX_HBA_OPTIONS
#define MAX_HBA_OPTIONS
Definition: hbafuncs.c:45
noptions
static size_t noptions
Definition: pg_recvlogical.c:58
psprintf
char * psprintf(const char *fmt,...)
Definition: psprintf.c:43
HbaLine::oauth_skip_usermap
bool oauth_skip_usermap
Definition: hba.h:142
HbaLine::ldapserver
char * ldapserver
Definition: hba.h:115
HbaLine::include_realm
bool include_realm
Definition: hba.h:128
HbaLine::clientcert
ClientCertMode clientcert
Definition: hba.h:125
HbaLine::ldapsearchfilter
char * ldapsearchfilter
Definition: hba.h:120
HbaLine::ldapscheme
char * ldapscheme
Definition: hba.h:114
HbaLine::oauth_issuer
char * oauth_issuer
Definition: hba.h:139
HbaLine::ldapprefix
char * ldapprefix
Definition: hba.h:123
HbaLine::ldapsearchattribute
char * ldapsearchattribute
Definition: hba.h:119
HbaLine::krb_realm
char * krb_realm
Definition: hba.h:127
HbaLine::ldapbasedn
char * ldapbasedn
Definition: hba.h:121
HbaLine::radiussecrets_s
char * radiussecrets_s
Definition: hba.h:134
HbaLine::oauth_scope
char * oauth_scope
Definition: hba.h:140
HbaLine::oauth_validator
char * oauth_validator
Definition: hba.h:141
HbaLine::pamservice
char * pamservice
Definition: hba.h:111
HbaLine::usermap
char * usermap
Definition: hba.h:110
HbaLine::ldapsuffix
char * ldapsuffix
Definition: hba.h:124
HbaLine::ldapport
int ldapport
Definition: hba.h:116
HbaLine::ldapbindpasswd
char * ldapbindpasswd
Definition: hba.h:118
HbaLine::radiusports_s
char * radiusports_s
Definition: hba.h:138
HbaLine::ldapbinddn
char * ldapbinddn
Definition: hba.h:117
HbaLine::ldapscope
int ldapscope
Definition: hba.h:122
HbaLine::ldaptls
bool ldaptls
Definition: hba.h:113
HbaLine::radiusservers_s
char * radiusservers_s
Definition: hba.h:132
HbaLine::radiusidentifiers_s
char * radiusidentifiers_s
Definition: hba.h:136

References Assert(), HbaLine::auth_method, HbaLine::clientcert, clientCertCA, clientCertOff, construct_array_builtin(), CStringGetTextDatum, HbaLine::include_realm, HbaLine::krb_realm, HbaLine::ldapbasedn, HbaLine::ldapbinddn, HbaLine::ldapbindpasswd, HbaLine::ldapport, HbaLine::ldapprefix, HbaLine::ldapscheme, HbaLine::ldapscope, HbaLine::ldapsearchattribute, HbaLine::ldapsearchfilter, HbaLine::ldapserver, HbaLine::ldapsuffix, HbaLine::ldaptls, MAX_HBA_OPTIONS, noptions, HbaLine::oauth_issuer, HbaLine::oauth_scope, HbaLine::oauth_skip_usermap, HbaLine::oauth_validator, HbaLine::pamservice, psprintf(), HbaLine::radiusidentifiers_s, HbaLine::radiusports_s, HbaLine::radiussecrets_s, HbaLine::radiusservers_s, uaGSS, uaLDAP, uaOAuth, uaRADIUS, uaSSPI, and HbaLine::usermap.

Referenced by fill_hba_line().

◆ pg_hba_file_rules()

Datum pg_hba_file_rules ( PG_FUNCTION_ARGS  )

Definition at line 449 of file hbafuncs.c.

450{
451 ReturnSetInfo *rsi;
452
453 /*
454 * Build tuplestore to hold the result rows. We must use the Materialize
455 * mode to be safe against HBA file changes while the cursor is open. It's
456 * also more efficient than having to look up our current position in the
457 * parsed list every time.
458 */
459 InitMaterializedSRF(fcinfo, 0);
460
461 /* Fill the tuplestore */
462 rsi = (ReturnSetInfo *) fcinfo->resultinfo;
463 fill_hba_view(rsi->setResult, rsi->setDesc);
464
465 PG_RETURN_NULL();
466}
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition: fmgr.h:345
InitMaterializedSRF
void InitMaterializedSRF(FunctionCallInfo fcinfo, bits32 flags)
Definition: funcapi.c:76
fill_hba_view
static void fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
Definition: hbafuncs.c:393
ReturnSetInfo::setDesc
TupleDesc setDesc
Definition: execnodes.h:359
ReturnSetInfo::setResult
Tuplestorestate * setResult
Definition: execnodes.h:358

References fill_hba_view(), InitMaterializedSRF(), PG_RETURN_NULL, ReturnSetInfo::setDesc, and ReturnSetInfo::setResult.

◆ pg_ident_file_mappings()

Datum pg_ident_file_mappings ( PG_FUNCTION_ARGS  )

Definition at line 593 of file hbafuncs.c.

594{
595 ReturnSetInfo *rsi;
596
597 /*
598 * Build tuplestore to hold the result rows. We must use the Materialize
599 * mode to be safe against HBA file changes while the cursor is open. It's
600 * also more efficient than having to look up our current position in the
601 * parsed list every time.
602 */
603 InitMaterializedSRF(fcinfo, 0);
604
605 /* Fill the tuplestore */
606 rsi = (ReturnSetInfo *) fcinfo->resultinfo;
607 fill_ident_view(rsi->setResult, rsi->setDesc);
608
609 PG_RETURN_NULL();
610}
fill_ident_view
static void fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
Definition: hbafuncs.c:540

References fill_ident_view(), InitMaterializedSRF(), PG_RETURN_NULL, ReturnSetInfo::setDesc, and ReturnSetInfo::setResult.