PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
libpq-be.h
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * libpq-be.h
4  * This file contains definitions for structures and externs used
5  * by the postmaster during client authentication.
6  *
7  * Note that this is backend-internal and is NOT exported to clients.
8  * Structs that need to be client-visible are in pqcomm.h.
9  *
10  *
11  * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
12  * Portions Copyright (c) 1994, Regents of the University of California
13  *
14  * src/include/libpq/libpq-be.h
15  *
16  *-------------------------------------------------------------------------
17  */
18 #ifndef LIBPQ_BE_H
19 #define LIBPQ_BE_H
20 
21 #ifdef HAVE_SYS_TIME_H
22 #include <sys/time.h>
23 #endif
24 #ifdef USE_OPENSSL
25 #include <openssl/ssl.h>
26 #include <openssl/err.h>
27 #endif
28 #ifdef HAVE_NETINET_TCP_H
29 #include <netinet/tcp.h>
30 #endif
31 
32 #ifdef ENABLE_GSS
33 #if defined(HAVE_GSSAPI_H)
34 #include <gssapi.h>
35 #else
36 #include <gssapi/gssapi.h>
37 #endif /* HAVE_GSSAPI_H */
38 /*
39  * GSSAPI brings in headers that set a lot of things in the global namespace on win32,
40  * that doesn't match the msvc build. It gives a bunch of compiler warnings that we ignore,
41  * but also defines a symbol that simply does not exist. Undefine it again.
42  */
43 #ifdef WIN32_ONLY_COMPILER
44 #undef HAVE_GETADDRINFO
45 #endif
46 #endif /* ENABLE_GSS */
47 
48 #ifdef ENABLE_SSPI
49 #define SECURITY_WIN32
50 #if defined(WIN32) && !defined(WIN32_ONLY_COMPILER)
51 #include <ntsecapi.h>
52 #endif
53 #include <security.h>
54 #undef SECURITY_WIN32
55 
56 #ifndef ENABLE_GSS
57 /*
58  * Define a fake structure compatible with GSSAPI on Unix.
59  */
60 typedef struct
61 {
62  void *value;
63  int length;
64 } gss_buffer_desc;
65 #endif
66 #endif /* ENABLE_SSPI */
67 
68 #include "datatype/timestamp.h"
69 #include "libpq/hba.h"
70 #include "libpq/pqcomm.h"
71 
72 
73 typedef enum CAC_state
74 {
77 } CAC_state;
78 
79 
80 /*
81  * GSSAPI specific state information
82  */
83 #if defined(ENABLE_GSS) | defined(ENABLE_SSPI)
84 typedef struct
85 {
86  gss_buffer_desc outbuf; /* GSSAPI output token buffer */
87 #ifdef ENABLE_GSS
88  gss_cred_id_t cred; /* GSSAPI connection cred's */
89  gss_ctx_id_t ctx; /* GSSAPI connection context */
90  gss_name_t name; /* GSSAPI client name */
91 #endif
92 } pg_gssinfo;
93 #endif
94 
95 /*
96  * This is used by the postmaster in its communication with frontends. It
97  * contains all state information needed during this communication before the
98  * backend is run. The Port structure is kept in malloc'd memory and is
99  * still available when a backend is running (see MyProcPort). The data
100  * it points to must also be malloc'd, or else palloc'd in TopMemoryContext,
101  * so that it survives into PostgresMain execution!
102  *
103  * remote_hostname is set if we did a successful reverse lookup of the
104  * client's IP address during connection setup.
105  * remote_hostname_resolv tracks the state of hostname verification:
106  * +1 = remote_hostname is known to resolve to client's IP address
107  * -1 = remote_hostname is known NOT to resolve to client's IP address
108  * 0 = we have not done the forward DNS lookup yet
109  * -2 = there was an error in name resolution
110  * If reverse lookup of the client IP address fails, remote_hostname will be
111  * left NULL while remote_hostname_resolv is set to -2. If reverse lookup
112  * succeeds but forward lookup fails, remote_hostname_resolv is also set to -2
113  * (the case is distinguishable because remote_hostname isn't NULL). In
114  * either of the -2 cases, remote_hostname_errcode saves the lookup return
115  * code for possible later use with gai_strerror.
116  */
117 
118 typedef struct Port
119 {
120  pgsocket sock; /* File descriptor */
121  bool noblock; /* is the socket in non-blocking mode? */
122  ProtocolVersion proto; /* FE/BE protocol version */
123  SockAddr laddr; /* local addr (postmaster) */
124  SockAddr raddr; /* remote addr (client) */
125  char *remote_host; /* name (or ip addr) of remote host */
126  char *remote_hostname;/* name (not ip addr) of remote host, if
127  * available */
128  int remote_hostname_resolv; /* see above */
129  int remote_hostname_errcode; /* see above */
130  char *remote_port; /* text rep of remote port */
131  CAC_state canAcceptConnections; /* postmaster connection status */
132 
133  /*
134  * Information that needs to be saved from the startup packet and passed
135  * into backend execution. "char *" fields are NULL if not set.
136  * guc_options points to a List of alternating option names and values.
137  */
139  char *user_name;
142 
143  /*
144  * Information that needs to be held during the authentication cycle.
145  */
147 
148  /*
149  * Information that really has no business at all being in struct Port,
150  * but since it gets used by elog.c in the same way as database_name and
151  * other members of this struct, we may as well keep it here.
152  */
153  TimestampTz SessionStartTime; /* backend start time */
154 
155  /*
156  * TCP keepalive settings.
157  *
158  * default values are 0 if AF_UNIX or not yet known; current values are 0
159  * if AF_UNIX or using the default. Also, -1 in a default value means we
160  * were unable to find out the default (getsockopt failed).
161  */
168 
169 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
170 
171  /*
172  * If GSSAPI is supported, store GSSAPI information. Otherwise, store a
173  * NULL pointer to make sure offsets in the struct remain the same.
174  */
175  pg_gssinfo *gss;
176 #else
177  void *gss;
178 #endif
179 
180  /*
181  * SSL structures.
182  */
184  char *peer_cn;
186 
187  /*
188  * OpenSSL structures. (Keep these last so that the locations of other
189  * fields are the same whether or not you build with OpenSSL.)
190  */
191 #ifdef USE_OPENSSL
192  SSL *ssl;
193  X509 *peer;
194 #endif
195 } Port;
196 
197 #ifdef USE_SSL
198 /*
199  * These functions are implemented by the glue code specific to each
200  * SSL implementation (e.g. be-secure-openssl.c)
201  */
202 extern int be_tls_init(bool isServerStart);
203 extern void be_tls_destroy(void);
204 extern int be_tls_open_server(Port *port);
205 extern void be_tls_close(Port *port);
206 extern ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor);
207 extern ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor);
208 
209 extern int be_tls_get_cipher_bits(Port *port);
210 extern bool be_tls_get_compression(Port *port);
211 extern void be_tls_get_version(Port *port, char *ptr, size_t len);
212 extern void be_tls_get_cipher(Port *port, char *ptr, size_t len);
213 extern void be_tls_get_peerdn_name(Port *port, char *ptr, size_t len);
214 #endif
215 
217 
218 /* TCP keepalives configuration. These are no-ops on an AF_UNIX socket. */
219 
220 extern int pq_getkeepalivesidle(Port *port);
221 extern int pq_getkeepalivesinterval(Port *port);
222 extern int pq_getkeepalivescount(Port *port);
223 
224 extern int pq_setkeepalivesidle(int idle, Port *port);
225 extern int pq_setkeepalivesinterval(int interval, Port *port);
226 extern int pq_setkeepalivescount(int count, Port *port);
227 
228 #endif /* LIBPQ_BE_H */
int pq_getkeepalivescount(Port *port)
Definition: pqcomm.c:1823
Definition: hba.h:60
int length(const List *list)
Definition: list.c:1271
ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
static struct @76 value
CAC_state canAcceptConnections
Definition: libpq-be.h:131
int keepalives_idle
Definition: libpq-be.h:165
int pq_getkeepalivesinterval(Port *port)
Definition: pqcomm.c:1742
char * peer_cn
Definition: libpq-be.h:184
bool peer_cert_valid
Definition: libpq-be.h:185
Definition: libpq-be.h:118
bool ssl_in_use
Definition: libpq-be.h:183
char * remote_port
Definition: libpq-be.h:130
List * guc_options
Definition: libpq-be.h:141
int default_keepalives_interval
Definition: libpq-be.h:163
int default_keepalives_count
Definition: libpq-be.h:164
pgsocket sock
Definition: libpq-be.h:120
int be_tls_init(bool isServerStart)
int pq_setkeepalivesinterval(int interval, Port *port)
Definition: pqcomm.c:1776
char * remote_hostname
Definition: libpq-be.h:126
SockAddr raddr
Definition: libpq-be.h:124
int keepalives_count
Definition: libpq-be.h:167
double TimestampTz
Definition: timestamp.h:51
bool be_tls_get_compression(Port *port)
TimestampTz SessionStartTime
Definition: libpq-be.h:153
ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
int remote_hostname_errcode
Definition: libpq-be.h:129
char * user_name
Definition: libpq-be.h:139
int pgsocket
Definition: port.h:22
void be_tls_destroy(void)
ProtocolVersion FrontendProtocol
Definition: globals.c:27
SockAddr laddr
Definition: libpq-be.h:123
static int port
Definition: pg_regress.c:87
int default_keepalives_idle
Definition: libpq-be.h:162
HbaLine * hba
Definition: libpq-be.h:146
uint32 ProtocolVersion
Definition: pqcomm.h:113
int be_tls_get_cipher_bits(Port *port)
void be_tls_get_version(Port *port, char *ptr, size_t len)
int be_tls_open_server(Port *port)
void be_tls_get_peerdn_name(Port *port, char *ptr, size_t len)
int remote_hostname_resolv
Definition: libpq-be.h:128
bool noblock
Definition: libpq-be.h:121
const char * name
Definition: encode.c:521
int pq_getkeepalivesidle(Port *port)
Definition: pqcomm.c:1643
void * gss
Definition: libpq-be.h:177
char * remote_host
Definition: libpq-be.h:125
CAC_state
Definition: libpq-be.h:73
void be_tls_get_cipher(Port *port, char *ptr, size_t len)
void be_tls_close(Port *port)
char * cmdline_options
Definition: libpq-be.h:140
ProtocolVersion proto
Definition: libpq-be.h:122
char * database_name
Definition: libpq-be.h:138
int pq_setkeepalivescount(int count, Port *port)
Definition: pqcomm.c:1852
Definition: pg_list.h:45
int keepalives_interval
Definition: libpq-be.h:166
struct Port Port
int pq_setkeepalivesidle(int idle, Port *port)
Definition: pqcomm.c:1687