PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
oauth.h
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * oauth.h
4 * Interface to libpq/auth-oauth.c
5 *
6 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
7 * Portions Copyright (c) 1994, Regents of the University of California
8 *
9 * src/include/libpq/oauth.h
10 *
11 *-------------------------------------------------------------------------
12 */
13#ifndef PG_OAUTH_H
14#define PG_OAUTH_H
15
16#include "libpq/libpq-be.h"
17#include "libpq/sasl.h"
18
20
22{
23 /* Holds the server's PG_VERSION_NUM. Reserved for future extensibility. */
25
26 /*
27 * Private data pointer for use by a validator module. This can be used to
28 * store state for the module that will be passed to each of its
29 * callbacks.
30 */
33
35{
36 /*
37 * Should be set to true if the token carries sufficient permissions for
38 * the bearer to connect.
39 */
41
42 /*
43 * If the token authenticates the user, this should be set to a palloc'd
44 * string containing the SYSTEM_USER to use for HBA mapping. Consider
45 * setting this even if result->authorized is false so that DBAs may use
46 * the logs to match end users to token failures.
47 *
48 * This is required if the module is not configured for ident mapping
49 * delegation. See the validator module documentation for details.
50 */
51 char *authn_id;
53
54/*
55 * Validator module callbacks
56 *
57 * These callback functions should be defined by validator modules and returned
58 * via _PG_oauth_validator_module_init(). ValidatorValidateCB is the only
59 * required callback. For more information about the purpose of each callback,
60 * refer to the OAuth validator modules documentation.
61 */
65 const char *token, const char *role,
66 ValidatorModuleResult *result);
67
68/*
69 * Identifies the compiled ABI version of the validator module. Since the server
70 * already enforces the PG_MODULE_MAGIC number for modules across major
71 * versions, this is reserved for emergency use within a stable release line.
72 * May it never need to change.
73 */
74#define PG_OAUTH_VALIDATOR_MAGIC 0x20250220
75
77{
78 uint32 magic; /* must be set to PG_OAUTH_VALIDATOR_MAGIC */
79
84
85/*
86 * Type of the shared library symbol _PG_oauth_validator_module_init which is
87 * required for all validator modules. This function will be invoked during
88 * module loading.
89 */
90typedef const OAuthValidatorCallbacks *(*OAuthValidatorModuleInit) (void);
92
93/* Implementation */
95
96/*
97 * Ensure a validator named in the HBA is permitted by the configuration.
98 */
99extern bool check_oauth_validator(HbaLine *hba, int elevel, char **err_msg);
100
101#endif /* PG_OAUTH_H */
#define PGDLLIMPORT
Definition: c.h:1291
#define PGDLLEXPORT
Definition: c.h:1306
uint32_t uint32
Definition: c.h:502
#define token
Definition: indent_globs.h:126
PGDLLEXPORT const OAuthValidatorCallbacks * _PG_oauth_validator_module_init(void)
bool(* ValidatorValidateCB)(const ValidatorModuleState *state, const char *token, const char *role, ValidatorModuleResult *result)
Definition: oauth.h:64
void(* ValidatorShutdownCB)(ValidatorModuleState *state)
Definition: oauth.h:63
void(* ValidatorStartupCB)(ValidatorModuleState *state)
Definition: oauth.h:62
struct ValidatorModuleState ValidatorModuleState
PGDLLIMPORT char * oauth_validator_libraries_string
Definition: auth-oauth.c:34
bool check_oauth_validator(HbaLine *hba, int elevel, char **err_msg)
Definition: auth-oauth.c:820
struct ValidatorModuleResult ValidatorModuleResult
struct OAuthValidatorCallbacks OAuthValidatorCallbacks
const pg_be_sasl_mech pg_be_oauth_mech
Definition: auth-oauth.c:48
Definition: hba.h:96
ValidatorShutdownCB shutdown_cb
Definition: oauth.h:81
ValidatorValidateCB validate_cb
Definition: oauth.h:82
ValidatorStartupCB startup_cb
Definition: oauth.h:80
void * private_data
Definition: oauth.h:31
Definition: regguts.h:323