Adding upstream version 16.2.upstream/16.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 186 insertions, 0 deletions

diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
new file mode 100644
index 0000000..189f6d0
--- /dev/null
+++ b/src/include/libpq/hba.h
@@ -0,0 +1,186 @@
+/*-------------------------------------------------------------------------
+ *
+ * hba.h
+ *	  Interface to hba.c
+ *
+ *
+ * src/include/libpq/hba.h
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef HBA_H
+#define HBA_H
+
+#include "libpq/pqcomm.h"	/* pgrminclude ignore */	/* needed for NetBSD */
+#include "nodes/pg_list.h"
+#include "regex/regex.h"
+
+
+/*
+ * The following enum represents the authentication methods that
+ * are supported by PostgreSQL.
+ *
+ * Note: keep this in sync with the UserAuthName array in hba.c.
+ */
+typedef enum UserAuth
+{
+	uaReject,
+	uaImplicitReject,			/* Not a user-visible option */
+	uaTrust,
+	uaIdent,
+	uaPassword,
+	uaMD5,
+	uaSCRAM,
+	uaGSS,
+	uaSSPI,
+	uaPAM,
+	uaBSD,
+	uaLDAP,
+	uaCert,
+	uaRADIUS,
+	uaPeer
+#define USER_AUTH_LAST uaPeer	/* Must be last value of this enum */
+} UserAuth;
+
+/*
+ * Data structures representing pg_hba.conf entries
+ */
+
+typedef enum IPCompareMethod
+{
+	ipCmpMask,
+	ipCmpSameHost,
+	ipCmpSameNet,
+	ipCmpAll
+} IPCompareMethod;
+
+typedef enum ConnType
+{
+	ctLocal,
+	ctHost,
+	ctHostSSL,
+	ctHostNoSSL,
+	ctHostGSS,
+	ctHostNoGSS,
+} ConnType;
+
+typedef enum ClientCertMode
+{
+	clientCertOff,
+	clientCertCA,
+	clientCertFull
+} ClientCertMode;
+
+typedef enum ClientCertName
+{
+	clientCertCN,
+	clientCertDN
+} ClientCertName;
+
+/*
+ * A single string token lexed from an authentication configuration file
+ * (pg_ident.conf or pg_hba.conf), together with whether the token has
+ * been quoted.  If "string" begins with a slash, it may optionally
+ * contain a regular expression (currently used for pg_ident.conf when
+ * building IdentLines and for pg_hba.conf when building HbaLines).
+ */
+typedef struct AuthToken
+{
+	char	   *string;
+	bool		quoted;
+	regex_t    *regex;
+} AuthToken;
+
+typedef struct HbaLine
+{
+	char	   *sourcefile;
+	int			linenumber;
+	char	   *rawline;
+	ConnType	conntype;
+	List	   *databases;
+	List	   *roles;
+	struct sockaddr_storage addr;
+	int			addrlen;		/* zero if we don't have a valid addr */
+	struct sockaddr_storage mask;
+	int			masklen;		/* zero if we don't have a valid mask */
+	IPCompareMethod ip_cmp_method;
+	char	   *hostname;
+	UserAuth	auth_method;
+	char	   *usermap;
+	char	   *pamservice;
+	bool		pam_use_hostname;
+	bool		ldaptls;
+	char	   *ldapscheme;
+	char	   *ldapserver;
+	int			ldapport;
+	char	   *ldapbinddn;
+	char	   *ldapbindpasswd;
+	char	   *ldapsearchattribute;
+	char	   *ldapsearchfilter;
+	char	   *ldapbasedn;
+	int			ldapscope;
+	char	   *ldapprefix;
+	char	   *ldapsuffix;
+	ClientCertMode clientcert;
+	ClientCertName clientcertname;
+	char	   *krb_realm;
+	bool		include_realm;
+	bool		compat_realm;
+	bool		upn_username;
+	List	   *radiusservers;
+	char	   *radiusservers_s;
+	List	   *radiussecrets;
+	char	   *radiussecrets_s;
+	List	   *radiusidentifiers;
+	char	   *radiusidentifiers_s;
+	List	   *radiusports;
+	char	   *radiusports_s;
+} HbaLine;
+
+typedef struct IdentLine
+{
+	int			linenumber;
+
+	char	   *usermap;
+	AuthToken  *system_user;
+	AuthToken  *pg_user;
+} IdentLine;
+
+/*
+ * TokenizedAuthLine represents one line lexed from an authentication
+ * configuration file.  Each item in the "fields" list is a sub-list of
+ * AuthTokens.  We don't emit a TokenizedAuthLine for empty or all-comment
+ * lines, so "fields" is never NIL (nor are any of its sub-lists).
+ *
+ * Exception: if an error occurs during tokenization, we might have
+ * fields == NIL, in which case err_msg != NULL.
+ */
+typedef struct TokenizedAuthLine
+{
+	List	   *fields;			/* List of lists of AuthTokens */
+	char	   *file_name;		/* File name of origin */
+	int			line_num;		/* Line number */
+	char	   *raw_line;		/* Raw line text */
+	char	   *err_msg;		/* Error message if any */
+} TokenizedAuthLine;
+
+/* kluge to avoid including libpq/libpq-be.h here */
+typedef struct Port hbaPort;
+
+extern bool load_hba(void);
+extern bool load_ident(void);
+extern const char *hba_authname(UserAuth auth_method);
+extern void hba_getauthmethod(hbaPort *port);
+extern int	check_usermap(const char *usermap_name,
+						  const char *pg_user, const char *system_user,
+						  bool case_insensitive);
+extern HbaLine *parse_hba_line(TokenizedAuthLine *tok_line, int elevel);
+extern IdentLine *parse_ident_line(TokenizedAuthLine *tok_line, int elevel);
+extern bool pg_isblank(const char c);
+extern FILE *open_auth_file(const char *filename, int elevel, int depth,
+							char **err_msg);
+extern void free_auth_file(FILE *file, int depth);
+extern void tokenize_auth_file(const char *filename, FILE *file,
+							   List **tok_lines, int elevel, int depth);
+
+#endif							/* HBA_H */