mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-09-10 01:19:29 +02:00
7c45e3a3c6
Similar changes were done to pg_hba.conf earlier already, this commit makes pg_ident.conf to behave the same as pg_hba.conf. This has two user-visible effects. First, if pg_ident.conf contains multiple errors, the whole file is parsed at postmaster startup time and all the errors are immediately reported. Before this patch, the file was parsed and the errors were reported only when someone tries to connect using an authentication method that uses the file, and the parsing stopped on first error. Second, if you SIGHUP to reload the config files, and the new pg_ident.conf file contains an error, the error is logged but the old file stays in effect. Also, regular expressions in pg_ident.conf are now compiled only once when the file is loaded, rather than every time the a user is authenticated. That should speed up authentication if you have a lot of regexps in the file. Amit Kapila
108 lines
1.9 KiB
C
108 lines
1.9 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* hba.h
|
|
* Interface to hba.c
|
|
*
|
|
*
|
|
* src/include/libpq/hba.h
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#ifndef HBA_H
|
|
#define HBA_H
|
|
|
|
#include "libpq/pqcomm.h" /* pgrminclude ignore */ /* needed for NetBSD */
|
|
#include "nodes/pg_list.h"
|
|
#include "regex/regex.h"
|
|
|
|
|
|
typedef enum UserAuth
|
|
{
|
|
uaReject,
|
|
uaImplicitReject,
|
|
uaKrb5,
|
|
uaTrust,
|
|
uaIdent,
|
|
uaPassword,
|
|
uaMD5,
|
|
uaGSS,
|
|
uaSSPI,
|
|
uaPAM,
|
|
uaLDAP,
|
|
uaCert,
|
|
uaRADIUS,
|
|
uaPeer
|
|
} UserAuth;
|
|
|
|
typedef enum IPCompareMethod
|
|
{
|
|
ipCmpMask,
|
|
ipCmpSameHost,
|
|
ipCmpSameNet,
|
|
ipCmpAll
|
|
} IPCompareMethod;
|
|
|
|
typedef enum ConnType
|
|
{
|
|
ctLocal,
|
|
ctHost,
|
|
ctHostSSL,
|
|
ctHostNoSSL
|
|
} ConnType;
|
|
|
|
typedef struct HbaLine
|
|
{
|
|
int linenumber;
|
|
ConnType conntype;
|
|
List *databases;
|
|
List *roles;
|
|
struct sockaddr_storage addr;
|
|
struct sockaddr_storage mask;
|
|
IPCompareMethod ip_cmp_method;
|
|
char *hostname;
|
|
UserAuth auth_method;
|
|
|
|
char *usermap;
|
|
char *pamservice;
|
|
bool ldaptls;
|
|
char *ldapserver;
|
|
int ldapport;
|
|
char *ldapbinddn;
|
|
char *ldapbindpasswd;
|
|
char *ldapsearchattribute;
|
|
char *ldapbasedn;
|
|
char *ldapprefix;
|
|
char *ldapsuffix;
|
|
bool clientcert;
|
|
char *krb_server_hostname;
|
|
char *krb_realm;
|
|
bool include_realm;
|
|
char *radiusserver;
|
|
char *radiussecret;
|
|
char *radiusidentifier;
|
|
int radiusport;
|
|
} HbaLine;
|
|
|
|
typedef struct IdentLine
|
|
{
|
|
int linenumber;
|
|
|
|
char *usermap;
|
|
char *ident_user;
|
|
char *pg_role;
|
|
regex_t re;
|
|
} IdentLine;
|
|
|
|
/* kluge to avoid including libpq/libpq-be.h here */
|
|
typedef struct Port hbaPort;
|
|
|
|
extern bool load_hba(void);
|
|
extern bool load_ident(void);
|
|
extern void hba_getauthmethod(hbaPort *port);
|
|
extern int check_usermap(const char *usermap_name,
|
|
const char *pg_role, const char *auth_user,
|
|
bool case_sensitive);
|
|
extern bool pg_isblank(const char c);
|
|
|
|
#endif /* HBA_H */
|