PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
hbafuncs.c
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * hbafuncs.c
4 * Support functions for SQL views of authentication files.
5 *
6 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
7 * Portions Copyright (c) 1994, Regents of the University of California
8 *
9 *
10 * IDENTIFICATION
11 * src/backend/utils/adt/hbafuncs.c
12 *
13 *-------------------------------------------------------------------------
14 */
15#include "postgres.h"
16
17#include "catalog/objectaddress.h"
18#include "common/ip.h"
19#include "funcapi.h"
20#include "libpq/hba.h"
21#include "utils/array.h"
22#include "utils/builtins.h"
23#include "utils/guc.h"
24
25
26static ArrayType *get_hba_options(HbaLine *hba);
27static void fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
28 int rule_number, char *filename, int lineno,
29 HbaLine *hba, const char *err_msg);
30static void fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc);
31static void fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
32 int map_number, char *filename, int lineno,
33 IdentLine *ident, const char *err_msg);
34static void fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc);
35
36
37/*
38 * This macro specifies the maximum number of authentication options
39 * that are possible with any given authentication method that is supported.
40 * Currently LDAP supports 12, and there are 3 that are not dependent on
41 * the auth method here. It may not actually be possible to set all of them
42 * at the same time, but we'll set the macro value high enough to be
43 * conservative and avoid warnings from static analysis tools.
44 */
45#define MAX_HBA_OPTIONS 15
46
47/*
48 * Create a text array listing the options specified in the HBA line.
49 * Return NULL if no options are specified.
50 */
51static ArrayType *
52get_hba_options(HbaLine *hba)
53{
54 int noptions;
55 Datum options[MAX_HBA_OPTIONS];
56
57 noptions = 0;
58
59 if (hba->auth_method == uaGSS || hba->auth_method == uaSSPI)
60 {
61 if (hba->include_realm)
62 options[noptions++] =
63 CStringGetTextDatum("include_realm=true");
64
65 if (hba->krb_realm)
66 options[noptions++] =
67 CStringGetTextDatum(psprintf("krb_realm=%s", hba->krb_realm));
68 }
69
70 if (hba->usermap)
71 options[noptions++] =
72 CStringGetTextDatum(psprintf("map=%s", hba->usermap));
73
74 if (hba->clientcert != clientCertOff)
75 options[noptions++] =
76 CStringGetTextDatum(psprintf("clientcert=%s", (hba->clientcert == clientCertCA) ? "verify-ca" : "verify-full"));
77
78 if (hba->pamservice)
79 options[noptions++] =
80 CStringGetTextDatum(psprintf("pamservice=%s", hba->pamservice));
81
82 if (hba->auth_method == uaLDAP)
83 {
84 if (hba->ldapserver)
85 options[noptions++] =
86 CStringGetTextDatum(psprintf("ldapserver=%s", hba->ldapserver));
87
88 if (hba->ldapport)
89 options[noptions++] =
90 CStringGetTextDatum(psprintf("ldapport=%d", hba->ldapport));
91
92 if (hba->ldapscheme)
93 options[noptions++] =
94 CStringGetTextDatum(psprintf("ldapscheme=%s", hba->ldapscheme));
95
96 if (hba->ldaptls)
97 options[noptions++] =
98 CStringGetTextDatum("ldaptls=true");
99
100 if (hba->ldapprefix)
101 options[noptions++] =
102 CStringGetTextDatum(psprintf("ldapprefix=%s", hba->ldapprefix));
103
104 if (hba->ldapsuffix)
105 options[noptions++] =
106 CStringGetTextDatum(psprintf("ldapsuffix=%s", hba->ldapsuffix));
107
108 if (hba->ldapbasedn)
109 options[noptions++] =
110 CStringGetTextDatum(psprintf("ldapbasedn=%s", hba->ldapbasedn));
111
112 if (hba->ldapbinddn)
113 options[noptions++] =
114 CStringGetTextDatum(psprintf("ldapbinddn=%s", hba->ldapbinddn));
115
116 if (hba->ldapbindpasswd)
117 options[noptions++] =
118 CStringGetTextDatum(psprintf("ldapbindpasswd=%s",
119 hba->ldapbindpasswd));
120
121 if (hba->ldapsearchattribute)
122 options[noptions++] =
123 CStringGetTextDatum(psprintf("ldapsearchattribute=%s",
124 hba->ldapsearchattribute));
125
126 if (hba->ldapsearchfilter)
127 options[noptions++] =
128 CStringGetTextDatum(psprintf("ldapsearchfilter=%s",
129 hba->ldapsearchfilter));
130
131 if (hba->ldapscope)
132 options[noptions++] =
133 CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
134 }
135
136 if (hba->auth_method == uaRADIUS)
137 {
138 if (hba->radiusservers_s)
139 options[noptions++] =
140 CStringGetTextDatum(psprintf("radiusservers=%s", hba->radiusservers_s));
141
142 if (hba->radiussecrets_s)
143 options[noptions++] =
144 CStringGetTextDatum(psprintf("radiussecrets=%s", hba->radiussecrets_s));
145
146 if (hba->radiusidentifiers_s)
147 options[noptions++] =
148 CStringGetTextDatum(psprintf("radiusidentifiers=%s", hba->radiusidentifiers_s));
149
150 if (hba->radiusports_s)
151 options[noptions++] =
152 CStringGetTextDatum(psprintf("radiusports=%s", hba->radiusports_s));
153 }
154
155 if (hba->auth_method == uaOAuth)
156 {
157 if (hba->oauth_issuer)
158 options[noptions++] =
159 CStringGetTextDatum(psprintf("issuer=%s", hba->oauth_issuer));
160
161 if (hba->oauth_scope)
162 options[noptions++] =
163 CStringGetTextDatum(psprintf("scope=%s", hba->oauth_scope));
164
165 if (hba->oauth_validator)
166 options[noptions++] =
167 CStringGetTextDatum(psprintf("validator=%s", hba->oauth_validator));
168
169 if (hba->oauth_skip_usermap)
170 options[noptions++] =
171 CStringGetTextDatum(psprintf("delegate_ident_mapping=true"));
172 }
173
174 /* If you add more options, consider increasing MAX_HBA_OPTIONS. */
175 Assert(noptions <= MAX_HBA_OPTIONS);
176
177 if (noptions > 0)
178 return construct_array_builtin(options, noptions, TEXTOID);
179 else
180 return NULL;
181}
182
183/* Number of columns in pg_hba_file_rules view */
184#define NUM_PG_HBA_FILE_RULES_ATTS 11
185
186/*
187 * fill_hba_line
188 * Build one row of pg_hba_file_rules view, add it to tuplestore.
189 *
190 * tuple_store: where to store data
191 * tupdesc: tuple descriptor for the view
192 * rule_number: unique identifier among all valid rules
193 * filename: configuration file name (must always be valid)
194 * lineno: line number of configuration file (must always be valid)
195 * hba: parsed line data (can be NULL, in which case err_msg should be set)
196 * err_msg: error message (NULL if none)
197 *
198 * Note: leaks memory, but we don't care since this is run in a short-lived
199 * memory context.
200 */
201static void
202fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
203 int rule_number, char *filename, int lineno, HbaLine *hba,
204 const char *err_msg)
205{
206 Datum values[NUM_PG_HBA_FILE_RULES_ATTS];
207 bool nulls[NUM_PG_HBA_FILE_RULES_ATTS];
208 char buffer[NI_MAXHOST];
209 HeapTuple tuple;
210 int index;
211 ListCell *lc;
212 const char *typestr;
213 const char *addrstr;
214 const char *maskstr;
215 ArrayType *options;
216
217 Assert(tupdesc->natts == NUM_PG_HBA_FILE_RULES_ATTS);
218
219 memset(values, 0, sizeof(values));
220 memset(nulls, 0, sizeof(nulls));
221 index = 0;
222
223 /* rule_number, nothing on error */
224 if (err_msg)
225 nulls[index++] = true;
226 else
227 values[index++] = Int32GetDatum(rule_number);
228
229 /* file_name */
230 values[index++] = CStringGetTextDatum(filename);
231
232 /* line_number */
233 values[index++] = Int32GetDatum(lineno);
234
235 if (hba != NULL)
236 {
237 /* type */
238 /* Avoid a default: case so compiler will warn about missing cases */
239 typestr = NULL;
240 switch (hba->conntype)
241 {
242 case ctLocal:
243 typestr = "local";
244 break;
245 case ctHost:
246 typestr = "host";
247 break;
248 case ctHostSSL:
249 typestr = "hostssl";
250 break;
251 case ctHostNoSSL:
252 typestr = "hostnossl";
253 break;
254 case ctHostGSS:
255 typestr = "hostgssenc";
256 break;
257 case ctHostNoGSS:
258 typestr = "hostnogssenc";
259 break;
260 }
261 if (typestr)
262 values[index++] = CStringGetTextDatum(typestr);
263 else
264 nulls[index++] = true;
265
266 /* database */
267 if (hba->databases)
268 {
269 /*
270 * Flatten AuthToken list to string list. It might seem that we
271 * should re-quote any quoted tokens, but that has been rejected
272 * on the grounds that it makes it harder to compare the array
273 * elements to other system catalogs. That makes entries like
274 * "all" or "samerole" formally ambiguous ... but users who name
275 * databases/roles that way are inflicting their own pain.
276 */
277 List *names = NIL;
278
279 foreach(lc, hba->databases)
280 {
281 AuthToken *tok = lfirst(lc);
282
283 names = lappend(names, tok->string);
284 }
285 values[index++] = PointerGetDatum(strlist_to_textarray(names));
286 }
287 else
288 nulls[index++] = true;
289
290 /* user */
291 if (hba->roles)
292 {
293 /* Flatten AuthToken list to string list; see comment above */
294 List *roles = NIL;
295
296 foreach(lc, hba->roles)
297 {
298 AuthToken *tok = lfirst(lc);
299
300 roles = lappend(roles, tok->string);
301 }
302 values[index++] = PointerGetDatum(strlist_to_textarray(roles));
303 }
304 else
305 nulls[index++] = true;
306
307 /* address and netmask */
308 /* Avoid a default: case so compiler will warn about missing cases */
309 addrstr = maskstr = NULL;
310 switch (hba->ip_cmp_method)
311 {
312 case ipCmpMask:
313 if (hba->hostname)
314 {
315 addrstr = hba->hostname;
316 }
317 else
318 {
319 /*
320 * Note: if pg_getnameinfo_all fails, it'll set buffer to
321 * "???", which we want to return.
322 */
323 if (hba->addrlen > 0)
324 {
325 if (pg_getnameinfo_all(&hba->addr, hba->addrlen,
326 buffer, sizeof(buffer),
327 NULL, 0,
328 NI_NUMERICHOST) == 0)
329 clean_ipv6_addr(hba->addr.ss_family, buffer);
330 addrstr = pstrdup(buffer);
331 }
332 if (hba->masklen > 0)
333 {
334 if (pg_getnameinfo_all(&hba->mask, hba->masklen,
335 buffer, sizeof(buffer),
336 NULL, 0,
337 NI_NUMERICHOST) == 0)
338 clean_ipv6_addr(hba->mask.ss_family, buffer);
339 maskstr = pstrdup(buffer);
340 }
341 }
342 break;
343 case ipCmpAll:
344 addrstr = "all";
345 break;
346 case ipCmpSameHost:
347 addrstr = "samehost";
348 break;
349 case ipCmpSameNet:
350 addrstr = "samenet";
351 break;
352 }
353 if (addrstr)
354 values[index++] = CStringGetTextDatum(addrstr);
355 else
356 nulls[index++] = true;
357 if (maskstr)
358 values[index++] = CStringGetTextDatum(maskstr);
359 else
360 nulls[index++] = true;
361
362 /* auth_method */
363 values[index++] = CStringGetTextDatum(hba_authname(hba->auth_method));
364
365 /* options */
366 options = get_hba_options(hba);
367 if (options)
368 values[index++] = PointerGetDatum(options);
369 else
370 nulls[index++] = true;
371 }
372 else
373 {
374 /* no parsing result, so set relevant fields to nulls */
375 memset(&nulls[3], true, (NUM_PG_HBA_FILE_RULES_ATTS - 4) * sizeof(bool));
376 }
377
378 /* error */
379 if (err_msg)
380 values[NUM_PG_HBA_FILE_RULES_ATTS - 1] = CStringGetTextDatum(err_msg);
381 else
382 nulls[NUM_PG_HBA_FILE_RULES_ATTS - 1] = true;
383
384 tuple = heap_form_tuple(tupdesc, values, nulls);
385 tuplestore_puttuple(tuple_store, tuple);
386}
387
388/*
389 * fill_hba_view
390 * Read the pg_hba.conf file and fill the tuplestore with view records.
391 */
392static void
393fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
394{
395 FILE *file;
396 List *hba_lines = NIL;
397 ListCell *line;
398 int rule_number = 0;
399 MemoryContext hbacxt;
400 MemoryContext oldcxt;
401
402 /*
403 * In the unlikely event that we can't open pg_hba.conf, we throw an
404 * error, rather than trying to report it via some sort of view entry.
405 * (Most other error conditions should result in a message in a view
406 * entry.)
407 */
408 file = open_auth_file(HbaFileName, ERROR, 0, NULL);
409
410 tokenize_auth_file(HbaFileName, file, &hba_lines, DEBUG3, 0);
411
412 /* Now parse all the lines */
413 hbacxt = AllocSetContextCreate(CurrentMemoryContext,
414 "hba parser context",
415 ALLOCSET_SMALL_SIZES);
416 oldcxt = MemoryContextSwitchTo(hbacxt);
417 foreach(line, hba_lines)
418 {
419 TokenizedAuthLine *tok_line = (TokenizedAuthLine *) lfirst(line);
420 HbaLine *hbaline = NULL;
421
422 /* don't parse lines that already have errors */
423 if (tok_line->err_msg == NULL)
424 hbaline = parse_hba_line(tok_line, DEBUG3);
425
426 /* No error, set a new rule number */
427 if (tok_line->err_msg == NULL)
428 rule_number++;
429
430 fill_hba_line(tuple_store, tupdesc, rule_number,
431 tok_line->file_name, tok_line->line_num, hbaline,
432 tok_line->err_msg);
433 }
434
435 /* Free tokenizer memory */
436 free_auth_file(file, 0);
437 /* Free parse_hba_line memory */
438 MemoryContextSwitchTo(oldcxt);
439 MemoryContextDelete(hbacxt);
440}
441
442/*
443 * pg_hba_file_rules
444 *
445 * SQL-accessible set-returning function to return all the entries in the
446 * pg_hba.conf file.
447 */
448Datum
449pg_hba_file_rules(PG_FUNCTION_ARGS)
450{
451 ReturnSetInfo *rsi;
452
453 /*
454 * Build tuplestore to hold the result rows. We must use the Materialize
455 * mode to be safe against HBA file changes while the cursor is open. It's
456 * also more efficient than having to look up our current position in the
457 * parsed list every time.
458 */
459 InitMaterializedSRF(fcinfo, 0);
460
461 /* Fill the tuplestore */
462 rsi = (ReturnSetInfo *) fcinfo->resultinfo;
463 fill_hba_view(rsi->setResult, rsi->setDesc);
464
465 PG_RETURN_NULL();
466}
467
468/* Number of columns in pg_ident_file_mappings view */
469#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS 7
470
471/*
472 * fill_ident_line: build one row of pg_ident_file_mappings view, add it to
473 * tuplestore
474 *
475 * tuple_store: where to store data
476 * tupdesc: tuple descriptor for the view
477 * map_number: unique identifier among all valid maps
478 * filename: configuration file name (must always be valid)
479 * lineno: line number of configuration file (must always be valid)
480 * ident: parsed line data (can be NULL, in which case err_msg should be set)
481 * err_msg: error message (NULL if none)
482 *
483 * Note: leaks memory, but we don't care since this is run in a short-lived
484 * memory context.
485 */
486static void
487fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
488 int map_number, char *filename, int lineno, IdentLine *ident,
489 const char *err_msg)
490{
491 Datum values[NUM_PG_IDENT_FILE_MAPPINGS_ATTS];
492 bool nulls[NUM_PG_IDENT_FILE_MAPPINGS_ATTS];
493 HeapTuple tuple;
494 int index;
495
496 Assert(tupdesc->natts == NUM_PG_IDENT_FILE_MAPPINGS_ATTS);
497
498 memset(values, 0, sizeof(values));
499 memset(nulls, 0, sizeof(nulls));
500 index = 0;
501
502 /* map_number, nothing on error */
503 if (err_msg)
504 nulls[index++] = true;
505 else
506 values[index++] = Int32GetDatum(map_number);
507
508 /* file_name */
509 values[index++] = CStringGetTextDatum(filename);
510
511 /* line_number */
512 values[index++] = Int32GetDatum(lineno);
513
514 if (ident != NULL)
515 {
516 values[index++] = CStringGetTextDatum(ident->usermap);
517 values[index++] = CStringGetTextDatum(ident->system_user->string);
518 values[index++] = CStringGetTextDatum(ident->pg_user->string);
519 }
520 else
521 {
522 /* no parsing result, so set relevant fields to nulls */
523 memset(&nulls[3], true, (NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 4) * sizeof(bool));
524 }
525
526 /* error */
527 if (err_msg)
528 values[NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 1] = CStringGetTextDatum(err_msg);
529 else
530 nulls[NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 1] = true;
531
532 tuple = heap_form_tuple(tupdesc, values, nulls);
533 tuplestore_puttuple(tuple_store, tuple);
534}
535
536/*
537 * Read the pg_ident.conf file and fill the tuplestore with view records.
538 */
539static void
540fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
541{
542 FILE *file;
543 List *ident_lines = NIL;
544 ListCell *line;
545 int map_number = 0;
546 MemoryContext identcxt;
547 MemoryContext oldcxt;
548
549 /*
550 * In the unlikely event that we can't open pg_ident.conf, we throw an
551 * error, rather than trying to report it via some sort of view entry.
552 * (Most other error conditions should result in a message in a view
553 * entry.)
554 */
555 file = open_auth_file(IdentFileName, ERROR, 0, NULL);
556
557 tokenize_auth_file(IdentFileName, file, &ident_lines, DEBUG3, 0);
558
559 /* Now parse all the lines */
560 identcxt = AllocSetContextCreate(CurrentMemoryContext,
561 "ident parser context",
562 ALLOCSET_SMALL_SIZES);
563 oldcxt = MemoryContextSwitchTo(identcxt);
564 foreach(line, ident_lines)
565 {
566 TokenizedAuthLine *tok_line = (TokenizedAuthLine *) lfirst(line);
567 IdentLine *identline = NULL;
568
569 /* don't parse lines that already have errors */
570 if (tok_line->err_msg == NULL)
571 identline = parse_ident_line(tok_line, DEBUG3);
572
573 /* no error, set a new mapping number */
574 if (tok_line->err_msg == NULL)
575 map_number++;
576
577 fill_ident_line(tuple_store, tupdesc, map_number,
578 tok_line->file_name, tok_line->line_num,
579 identline, tok_line->err_msg);
580 }
581
582 /* Free tokenizer memory */
583 free_auth_file(file, 0);
584 /* Free parse_ident_line memory */
585 MemoryContextSwitchTo(oldcxt);
586 MemoryContextDelete(identcxt);
587}
588
589/*
590 * SQL-accessible SRF to return all the entries in the pg_ident.conf file.
591 */
592Datum
593pg_ident_file_mappings(PG_FUNCTION_ARGS)
594{
595 ReturnSetInfo *rsi;
596
597 /*
598 * Build tuplestore to hold the result rows. We must use the Materialize
599 * mode to be safe against HBA file changes while the cursor is open. It's
600 * also more efficient than having to look up our current position in the
601 * parsed list every time.
602 */
603 InitMaterializedSRF(fcinfo, 0);
604
605 /* Fill the tuplestore */
606 rsi = (ReturnSetInfo *) fcinfo->resultinfo;
607 fill_ident_view(rsi->setResult, rsi->setDesc);
608
609 PG_RETURN_NULL();
610}
construct_array_builtin
ArrayType * construct_array_builtin(Datum *elems, int nelems, Oid elmtype)
Definition: arrayfuncs.c:3381
values
static Datum values[MAXATTR]
Definition: bootstrap.c:151
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition: builtins.h:97
DEBUG3
#define DEBUG3
Definition: elog.h:28
ERROR
#define ERROR
Definition: elog.h:39
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition: fmgr.h:345
PG_FUNCTION_ARGS
#define PG_FUNCTION_ARGS
Definition: fmgr.h:193
InitMaterializedSRF
void InitMaterializedSRF(FunctionCallInfo fcinfo, bits32 flags)
Definition: funcapi.c:76
HbaFileName
char * HbaFileName
Definition: guc_tables.c:556
IdentFileName
char * IdentFileName
Definition: guc_tables.c:557
Assert
Assert(PointerIsAligned(start, uint64))
parse_hba_line
HbaLine * parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:1328
parse_ident_line
IdentLine * parse_ident_line(TokenizedAuthLine *tok_line, int elevel)
Definition: hba.c:2751
free_auth_file
void free_auth_file(FILE *file, int depth)
Definition: hba.c:572
tokenize_auth_file
void tokenize_auth_file(const char *filename, FILE *file, List **tok_lines, int elevel, int depth)
Definition: hba.c:691
hba_authname
const char * hba_authname(UserAuth auth_method)
Definition: hba.c:3123
open_auth_file
FILE * open_auth_file(const char *filename, int elevel, int depth, char **err_msg)
Definition: hba.c:597
ipCmpAll
@ ipCmpAll
Definition: hba.h:55
ipCmpSameNet
@ ipCmpSameNet
Definition: hba.h:54
ipCmpMask
@ ipCmpMask
Definition: hba.h:52
ipCmpSameHost
@ ipCmpSameHost
Definition: hba.h:53
ctHostNoGSS
@ ctHostNoGSS
Definition: hba.h:65
ctHostSSL
@ ctHostSSL
Definition: hba.h:62
ctHostNoSSL
@ ctHostNoSSL
Definition: hba.h:63
ctHost
@ ctHost
Definition: hba.h:61
ctHostGSS
@ ctHostGSS
Definition: hba.h:64
ctLocal
@ ctLocal
Definition: hba.h:60
uaLDAP
@ uaLDAP
Definition: hba.h:38
uaGSS
@ uaGSS
Definition: hba.h:34
uaRADIUS
@ uaRADIUS
Definition: hba.h:40
uaOAuth
@ uaOAuth
Definition: hba.h:42
uaSSPI
@ uaSSPI
Definition: hba.h:35
clientCertOff
@ clientCertOff
Definition: hba.h:70
clientCertCA
@ clientCertCA
Definition: hba.h:71
fill_ident_line
static void fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, int map_number, char *filename, int lineno, IdentLine *ident, const char *err_msg)
Definition: hbafuncs.c:487
fill_hba_view
static void fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
Definition: hbafuncs.c:393
fill_ident_view
static void fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
Definition: hbafuncs.c:540
fill_hba_line
static void fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, int rule_number, char *filename, int lineno, HbaLine *hba, const char *err_msg)
Definition: hbafuncs.c:202
NUM_PG_HBA_FILE_RULES_ATTS
#define NUM_PG_HBA_FILE_RULES_ATTS
Definition: hbafuncs.c:184
get_hba_options
static ArrayType * get_hba_options(HbaLine *hba)
Definition: hbafuncs.c:52
pg_ident_file_mappings
Datum pg_ident_file_mappings(PG_FUNCTION_ARGS)
Definition: hbafuncs.c:593
MAX_HBA_OPTIONS
#define MAX_HBA_OPTIONS
Definition: hbafuncs.c:45
NUM_PG_IDENT_FILE_MAPPINGS_ATTS
#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS
Definition: hbafuncs.c:469
pg_hba_file_rules
Datum pg_hba_file_rules(PG_FUNCTION_ARGS)
Definition: hbafuncs.c:449
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1117
ident
#define ident
Definition: indent_codes.h:47
pg_getnameinfo_all
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
Definition: ip.c:114
lappend
List * lappend(List *list, void *datum)
Definition: list.c:339
pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1703
CurrentMemoryContext
MemoryContext CurrentMemoryContext
Definition: mcxt.c:143
MemoryContextDelete
void MemoryContextDelete(MemoryContext context)
Definition: mcxt.c:454
AllocSetContextCreate
#define AllocSetContextCreate
Definition: memutils.h:129
ALLOCSET_SMALL_SIZES
#define ALLOCSET_SMALL_SIZES
Definition: memutils.h:170
clean_ipv6_addr
void clean_ipv6_addr(int addr_family, char *addr)
Definition: network.c:2060
strlist_to_textarray
ArrayType * strlist_to_textarray(List *list)
Definition: objectaddress.c:6131
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:124
filename
static char * filename
Definition: pg_dumpall.c:124
lfirst
#define lfirst(lc)
Definition: pg_list.h:172
NIL
#define NIL
Definition: pg_list.h:68
noptions
static size_t noptions
Definition: pg_recvlogical.c:59
options
static char ** options
Definition: pg_recvlogical.c:58
PointerGetDatum
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:327
Datum
uintptr_t Datum
Definition: postgres.h:69
Int32GetDatum
static Datum Int32GetDatum(int32 X)
Definition: postgres.h:217
psprintf
char * psprintf(const char *fmt,...)
Definition: psprintf.c:43
AuthToken
Definition: hba.h:89
AuthToken::string
char * string
Definition: hba.h:90
HbaLine
Definition: hba.h:96
HbaLine::auth_method
UserAuth auth_method
Definition: hba.h:109
HbaLine::mask
struct sockaddr_storage mask
Definition: hba.h:105
HbaLine::addrlen
int addrlen
Definition: hba.h:104
HbaLine::oauth_skip_usermap
bool oauth_skip_usermap
Definition: hba.h:142
HbaLine::ldapserver
char * ldapserver
Definition: hba.h:115
HbaLine::include_realm
bool include_realm
Definition: hba.h:128
HbaLine::masklen
int masklen
Definition: hba.h:106
HbaLine::clientcert
ClientCertMode clientcert
Definition: hba.h:125
HbaLine::ldapsearchfilter
char * ldapsearchfilter
Definition: hba.h:120
HbaLine::ldapscheme
char * ldapscheme
Definition: hba.h:114
HbaLine::oauth_issuer
char * oauth_issuer
Definition: hba.h:139
HbaLine::ldapprefix
char * ldapprefix
Definition: hba.h:123
HbaLine::ldapsearchattribute
char * ldapsearchattribute
Definition: hba.h:119
HbaLine::krb_realm
char * krb_realm
Definition: hba.h:127
HbaLine::ldapbasedn
char * ldapbasedn
Definition: hba.h:121
HbaLine::radiussecrets_s
char * radiussecrets_s
Definition: hba.h:134
HbaLine::oauth_scope
char * oauth_scope
Definition: hba.h:140
HbaLine::oauth_validator
char * oauth_validator
Definition: hba.h:141
HbaLine::hostname
char * hostname
Definition: hba.h:108
HbaLine::pamservice
char * pamservice
Definition: hba.h:111
HbaLine::databases
List * databases
Definition: hba.h:101
HbaLine::conntype
ConnType conntype
Definition: hba.h:100
HbaLine::usermap
char * usermap
Definition: hba.h:110
HbaLine::ldapsuffix
char * ldapsuffix
Definition: hba.h:124
HbaLine::ldapport
int ldapport
Definition: hba.h:116
HbaLine::addr
struct sockaddr_storage addr
Definition: hba.h:103
HbaLine::ldapbindpasswd
char * ldapbindpasswd
Definition: hba.h:118
HbaLine::roles
List * roles
Definition: hba.h:102
HbaLine::radiusports_s
char * radiusports_s
Definition: hba.h:138
HbaLine::ldapbinddn
char * ldapbinddn
Definition: hba.h:117
HbaLine::ldapscope
int ldapscope
Definition: hba.h:122
HbaLine::ip_cmp_method
IPCompareMethod ip_cmp_method
Definition: hba.h:107
HbaLine::ldaptls
bool ldaptls
Definition: hba.h:113
HbaLine::radiusservers_s
char * radiusservers_s
Definition: hba.h:132
HbaLine::radiusidentifiers_s
char * radiusidentifiers_s
Definition: hba.h:136
IdentLine
Definition: hba.h:146
List
Definition: pg_list.h:54
ReturnSetInfo::setDesc
TupleDesc setDesc
Definition: execnodes.h:358
ReturnSetInfo::setResult
Tuplestorestate * setResult
Definition: execnodes.h:357
TokenizedAuthLine::line_num
int line_num
Definition: hba.h:167
TokenizedAuthLine::file_name
char * file_name
Definition: hba.h:166
TokenizedAuthLine::err_msg
char * err_msg
Definition: hba.h:169
index
Definition: type.h:96
tuplestore_puttuple
void tuplestore_puttuple(Tuplestorestate *state, HeapTuple tuple)
Definition: tuplestore.c:764