PostgreSQL Source Code git master
libpq-be.h
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * libpq-be.h
4 * This file contains definitions for structures and externs used
5 * by the postmaster during client authentication.
6 *
7 * Note that this is backend-internal and is NOT exported to clients.
8 * Structs that need to be client-visible are in pqcomm.h.
9 *
10 *
11 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
12 * Portions Copyright (c) 1994, Regents of the University of California
13 *
14 * src/include/libpq/libpq-be.h
15 *
16 *-------------------------------------------------------------------------
17 */
18#ifndef LIBPQ_BE_H
19#define LIBPQ_BE_H
20
21#include "common/scram-common.h"
22
23#include <sys/time.h>
24#ifdef USE_OPENSSL
25#include <openssl/ssl.h>
26#include <openssl/err.h>
27#endif
28#include <netinet/tcp.h>
29
30#ifdef ENABLE_GSS
31#if defined(HAVE_GSSAPI_H)
32#include <gssapi.h>
33#else
34#include <gssapi/gssapi.h>
35#endif /* HAVE_GSSAPI_H */
36#endif /* ENABLE_GSS */
37
38#ifdef ENABLE_SSPI
39#define SECURITY_WIN32
40#if defined(WIN32) && !defined(_MSC_VER)
41#include <ntsecapi.h>
42#endif
43#include <security.h>
44#undef SECURITY_WIN32
45
46#ifndef ENABLE_GSS
47/*
48 * Define a fake structure compatible with GSSAPI on Unix.
49 */
50typedef struct
51{
52 void *value;
53 int length;
54} gss_buffer_desc;
55#endif
56#endif /* ENABLE_SSPI */
57
58#include "datatype/timestamp.h"
59#include "libpq/hba.h"
60#include "libpq/pqcomm.h"
61
62
63/*
64 * GSSAPI specific state information
65 */
66#if defined(ENABLE_GSS) | defined(ENABLE_SSPI)
67typedef struct
68{
69 gss_buffer_desc outbuf; /* GSSAPI output token buffer */
70#ifdef ENABLE_GSS
71 gss_cred_id_t cred; /* GSSAPI connection cred's */
72 gss_ctx_id_t ctx; /* GSSAPI connection context */
73 gss_name_t name; /* GSSAPI client name */
74 char *princ; /* GSSAPI Principal used for auth, NULL if
75 * GSSAPI auth was not used */
76 bool auth; /* GSSAPI Authentication used */
77 bool enc; /* GSSAPI encryption in use */
78 bool delegated_creds; /* GSSAPI Delegated credentials */
79#endif
80} pg_gssinfo;
81#endif
82
83/*
84 * ClientConnectionInfo includes the fields describing the client connection
85 * that are copied over to parallel workers as nothing from Port does that.
86 * The same rules apply for allocations here as for Port (everything must be
87 * malloc'd or palloc'd in TopMemoryContext).
88 *
89 * If you add a struct member here, remember to also handle serialization in
90 * SerializeClientConnectionInfo() and co.
91 */
93{
94 /*
95 * Authenticated identity. The meaning of this identifier is dependent on
96 * auth_method; it is the identity (if any) that the user presented during
97 * the authentication cycle, before they were assigned a database role.
98 * (It is effectively the "SYSTEM-USERNAME" of a pg_ident usermap --
99 * though the exact string in use may be different, depending on pg_hba
100 * options.)
101 *
102 * authn_id is NULL if the user has not actually been authenticated, for
103 * example if the "trust" auth method is in use.
104 */
105 const char *authn_id;
106
107 /*
108 * The HBA method that determined the above authn_id. This only has
109 * meaning if authn_id is not NULL; otherwise it's undefined.
110 */
113
114/*
115 * The Port structure holds state information about a client connection in a
116 * backend process. It is available in the global variable MyProcPort. The
117 * struct and all the data it points are kept in TopMemoryContext.
118 *
119 * remote_hostname is set if we did a successful reverse lookup of the
120 * client's IP address during connection setup.
121 * remote_hostname_resolv tracks the state of hostname verification:
122 * +1 = remote_hostname is known to resolve to client's IP address
123 * -1 = remote_hostname is known NOT to resolve to client's IP address
124 * 0 = we have not done the forward DNS lookup yet
125 * -2 = there was an error in name resolution
126 * If reverse lookup of the client IP address fails, remote_hostname will be
127 * left NULL while remote_hostname_resolv is set to -2. If reverse lookup
128 * succeeds but forward lookup fails, remote_hostname_resolv is also set to -2
129 * (the case is distinguishable because remote_hostname isn't NULL). In
130 * either of the -2 cases, remote_hostname_errcode saves the lookup return
131 * code for possible later use with gai_strerror.
132 */
133
134typedef struct Port
135{
136 pgsocket sock; /* File descriptor */
137 bool noblock; /* is the socket in non-blocking mode? */
138 ProtocolVersion proto; /* FE/BE protocol version */
139 SockAddr laddr; /* local addr (postmaster) */
140 SockAddr raddr; /* remote addr (client) */
141 char *remote_host; /* name (or ip addr) of remote host */
142 char *remote_hostname; /* name (not ip addr) of remote host, if
143 * available */
144 int remote_hostname_resolv; /* see above */
145 int remote_hostname_errcode; /* see above */
146 char *remote_port; /* text rep of remote port */
147
148 /*
149 * Information that needs to be saved from the startup packet and passed
150 * into backend execution. "char *" fields are NULL if not set.
151 * guc_options points to a List of alternating option names and values.
152 */
157
158 /*
159 * The startup packet application name, only used here for the "connection
160 * authorized" log message. We shouldn't use this post-startup, instead
161 * the GUC should be used as application can change it afterward.
162 */
164
165 /*
166 * Information that needs to be held during the authentication cycle.
167 */
169
170 /*
171 * TCP keepalive and user timeout settings.
172 *
173 * default values are 0 if AF_UNIX or not yet known; current values are 0
174 * if AF_UNIX or using the default. Also, -1 in a default value means we
175 * were unable to find out the default (getsockopt failed).
176 */
185
186 /*
187 * SCRAM structures.
188 */
191 bool has_scram_keys; /* true if the above two are valid */
192
193 /*
194 * GSSAPI structures.
195 */
196#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
197
198 /*
199 * If GSSAPI is supported and used on this connection, store GSSAPI
200 * information. Even when GSSAPI is not compiled in, store a NULL pointer
201 * to keep struct offsets the same (for extension ABI compatibility).
202 */
203 pg_gssinfo *gss;
204#else
205 void *gss;
206#endif
207
208 /*
209 * SSL structures.
210 */
212 char *peer_cn;
213 char *peer_dn;
217
218 /*
219 * OpenSSL structures. As with GSSAPI above, to keep struct offsets
220 * constant, NULL pointers are stored when SSL support is not enabled.
221 * (Although extensions should have no business accessing the raw_buf
222 * fields anyway.)
223 */
224#ifdef USE_OPENSSL
225 SSL *ssl;
226 X509 *peer;
227#else
228 void *ssl;
229 void *peer;
230#endif
231
232 /*
233 * This is a bit of a hack. raw_buf is data that was previously read and
234 * buffered in a higher layer but then "unread" and needs to be read again
235 * while establishing an SSL connection via the SSL library layer.
236 *
237 * There's no API to "unread", the upper layer just places the data in the
238 * Port structure in raw_buf and sets raw_buf_remaining to the amount of
239 * bytes unread and raw_buf_consumed to 0.
240 */
241 char *raw_buf;
245
246/*
247 * ClientSocket holds a socket for an accepted connection, along with the
248 * information about the remote endpoint. This is passed from postmaster to
249 * the backend process.
250 */
251typedef struct ClientSocket
252{
253 pgsocket sock; /* File descriptor */
254 SockAddr raddr; /* remote addr (client) */
256
257#ifdef USE_SSL
258/*
259 * Hardcoded DH parameters, used in ephemeral DH keying. (See also
260 * README.SSL for more details on EDH.)
261 *
262 * This is the 2048-bit DH parameter from RFC 3526. The generation of the
263 * prime is specified in RFC 2412 Appendix E, which also discusses the
264 * design choice of the generator. Note that when loaded with OpenSSL
265 * this causes DH_check() to fail on DH_NOT_SUITABLE_GENERATOR, where
266 * leaking a bit is preferred.
267 */
268#define FILE_DH2048 \
269"-----BEGIN DH PARAMETERS-----\n\
270MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n\
271IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n\
272awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n\
273mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n\
274fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n\
2755RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n\
276-----END DH PARAMETERS-----\n"
277
278/*
279 * These functions are implemented by the glue code specific to each
280 * SSL implementation (e.g. be-secure-openssl.c)
281 */
282
283/*
284 * Initialize global SSL context.
285 *
286 * If isServerStart is true, report any errors as FATAL (so we don't return).
287 * Otherwise, log errors at LOG level and return -1 to indicate trouble,
288 * preserving the old SSL state if any. Returns 0 if OK.
289 */
290extern int be_tls_init(bool isServerStart);
291
292/*
293 * Destroy global SSL context, if any.
294 */
295extern void be_tls_destroy(void);
296
297/*
298 * Attempt to negotiate SSL connection.
299 */
300extern int be_tls_open_server(Port *port);
301
302/*
303 * Close SSL connection.
304 */
305extern void be_tls_close(Port *port);
306
307/*
308 * Read data from a secure connection.
309 */
310extern ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor);
311
312/*
313 * Write data to a secure connection.
314 */
315extern ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor);
316
317/*
318 * Return information about the SSL connection.
319 */
320extern int be_tls_get_cipher_bits(Port *port);
321extern const char *be_tls_get_version(Port *port);
322extern const char *be_tls_get_cipher(Port *port);
323extern void be_tls_get_peer_subject_name(Port *port, char *ptr, size_t len);
324extern void be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len);
325extern void be_tls_get_peer_serial(Port *port, char *ptr, size_t len);
326
327/*
328 * Get the server certificate hash for SCRAM channel binding type
329 * tls-server-end-point.
330 *
331 * The result is a palloc'd hash of the server certificate with its
332 * size, and NULL if there is no certificate available.
333 */
334extern char *be_tls_get_certificate_hash(Port *port, size_t *len);
335
336/* init hook for SSL, the default sets the password callback if appropriate */
337#ifdef USE_OPENSSL
338typedef void (*openssl_tls_init_hook_typ) (SSL_CTX *context, bool isServerStart);
339extern PGDLLIMPORT openssl_tls_init_hook_typ openssl_tls_init_hook;
340#endif
341
342#endif /* USE_SSL */
343
344#ifdef ENABLE_GSS
345/*
346 * Return information about the GSSAPI authenticated connection
347 */
348extern bool be_gssapi_get_auth(Port *port);
349extern bool be_gssapi_get_enc(Port *port);
350extern const char *be_gssapi_get_princ(Port *port);
352
353/* Read and write to a GSSAPI-encrypted connection. */
354extern ssize_t be_gssapi_read(Port *port, void *ptr, size_t len);
355extern ssize_t be_gssapi_write(Port *port, void *ptr, size_t len);
356#endif /* ENABLE_GSS */
357
360
361/* TCP keepalives configuration. These are no-ops on an AF_UNIX socket. */
362
363extern int pq_getkeepalivesidle(Port *port);
365extern int pq_getkeepalivescount(Port *port);
366extern int pq_gettcpusertimeout(Port *port);
367
368extern int pq_setkeepalivesidle(int idle, Port *port);
370extern int pq_setkeepalivescount(int count, Port *port);
371extern int pq_settcpusertimeout(int timeout, Port *port);
372
373#endif /* LIBPQ_BE_H */
bool be_gssapi_get_auth(Port *port)
ssize_t be_gssapi_read(Port *port, void *ptr, size_t len)
ssize_t be_gssapi_write(Port *port, void *ptr, size_t len)
bool be_gssapi_get_enc(Port *port)
const char * be_gssapi_get_princ(Port *port)
bool be_gssapi_get_delegation(Port *port)
const char * be_tls_get_version(Port *port)
void be_tls_destroy(void)
int be_tls_init(bool isServerStart)
openssl_tls_init_hook_typ openssl_tls_init_hook
int be_tls_get_cipher_bits(Port *port)
int be_tls_open_server(Port *port)
char * be_tls_get_certificate_hash(Port *port, size_t *len)
const char * be_tls_get_cipher(Port *port)
void be_tls_get_peer_serial(Port *port, char *ptr, size_t len)
void be_tls_close(Port *port)
void be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len)
ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
void be_tls_get_peer_subject_name(Port *port, char *ptr, size_t len)
#define PGDLLIMPORT
Definition: c.h:1277
uint8_t uint8
Definition: c.h:486
enc
UserAuth
Definition: hba.h:26
static struct @162 value
int pq_setkeepalivesinterval(int interval, Port *port)
Definition: pqcomm.c:1750
PGDLLIMPORT ProtocolVersion FrontendProtocol
Definition: globals.c:29
int pq_getkeepalivescount(Port *port)
Definition: pqcomm.c:1799
int pq_getkeepalivesinterval(Port *port)
Definition: pqcomm.c:1715
int pq_settcpusertimeout(int timeout, Port *port)
Definition: pqcomm.c:1904
int pq_setkeepalivesidle(int idle, Port *port)
Definition: pqcomm.c:1665
int pq_getkeepalivesidle(Port *port)
Definition: pqcomm.c:1630
struct Port Port
struct ClientSocket ClientSocket
PGDLLIMPORT ClientConnectionInfo MyClientConnectionInfo
Definition: miscinit.c:1066
struct ClientConnectionInfo ClientConnectionInfo
int pq_gettcpusertimeout(Port *port)
Definition: pqcomm.c:1874
int pq_setkeepalivescount(int count, Port *port)
Definition: pqcomm.c:1829
const void size_t len
static int port
Definition: pg_regress.c:115
int pgsocket
Definition: port.h:29
uint32 ProtocolVersion
Definition: pqcomm.h:100
#define SCRAM_MAX_KEY_LEN
Definition: scram-common.h:30
const char * authn_id
Definition: libpq-be.h:105
UserAuth auth_method
Definition: libpq-be.h:111
SockAddr raddr
Definition: libpq-be.h:254
pgsocket sock
Definition: libpq-be.h:253
Definition: hba.h:95
Definition: pg_list.h:54
Definition: libpq-be.h:135
bool ssl_in_use
Definition: libpq-be.h:211
char * user_name
Definition: libpq-be.h:154
ProtocolVersion proto
Definition: libpq-be.h:138
bool last_read_was_eof
Definition: libpq-be.h:216
char * raw_buf
Definition: libpq-be.h:241
char * remote_port
Definition: libpq-be.h:146
SockAddr laddr
Definition: libpq-be.h:139
char * remote_hostname
Definition: libpq-be.h:142
int remote_hostname_errcode
Definition: libpq-be.h:145
int default_keepalives_idle
Definition: libpq-be.h:177
int keepalives_idle
Definition: libpq-be.h:181
uint8 scram_ServerKey[SCRAM_MAX_KEY_LEN]
Definition: libpq-be.h:190
int keepalives_count
Definition: libpq-be.h:183
void * gss
Definition: libpq-be.h:205
int default_keepalives_interval
Definition: libpq-be.h:178
bool peer_cert_valid
Definition: libpq-be.h:214
char * database_name
Definition: libpq-be.h:153
void * peer
Definition: libpq-be.h:229
char * remote_host
Definition: libpq-be.h:141
bool alpn_used
Definition: libpq-be.h:215
pgsocket sock
Definition: libpq-be.h:136
void * ssl
Definition: libpq-be.h:228
HbaLine * hba
Definition: libpq-be.h:168
ssize_t raw_buf_remaining
Definition: libpq-be.h:243
char * peer_cn
Definition: libpq-be.h:212
int default_keepalives_count
Definition: libpq-be.h:179
char * cmdline_options
Definition: libpq-be.h:155
int keepalives_interval
Definition: libpq-be.h:182
SockAddr raddr
Definition: libpq-be.h:140
int remote_hostname_resolv
Definition: libpq-be.h:144
List * guc_options
Definition: libpq-be.h:156
char * peer_dn
Definition: libpq-be.h:213
bool noblock
Definition: libpq-be.h:137
char * application_name
Definition: libpq-be.h:163
int default_tcp_user_timeout
Definition: libpq-be.h:180
bool has_scram_keys
Definition: libpq-be.h:191
uint8 scram_ClientKey[SCRAM_MAX_KEY_LEN]
Definition: libpq-be.h:189
int tcp_user_timeout
Definition: libpq-be.h:184
ssize_t raw_buf_consumed
Definition: libpq-be.h:242
const char * name