| blob | 6d452ec6d9564e35aab4f88aeb706dd2b9c0f9ad |
1 /*-------------------------------------------------------------------------
2 *
3 * libpq-be.h
4 * This file contains definitions for structures and externs used
5 * by the postmaster during client authentication.
6 *
7 * Note that this is backend-internal and is NOT exported to clients.
8 * Structs that need to be client-visible are in pqcomm.h.
9 *
10 *
11 * Portions Copyright (c) 1996-2022, PostgreSQL Global Development Group
12 * Portions Copyright (c) 1994, Regents of the University of California
13 *
14 * src/include/libpq/libpq-be.h
15 *
16 *-------------------------------------------------------------------------
17 */
18 #ifndef LIBPQ_BE_H
19 #define LIBPQ_BE_H
21 #include <sys/time.h>
22 #ifdef USE_OPENSSL
23 #include <openssl/ssl.h>
24 #include <openssl/err.h>
25 #endif
26 #include <netinet/tcp.h>
28 #ifdef ENABLE_GSS
29 #if defined(HAVE_GSSAPI_H)
30 #include <gssapi.h>
31 #else
32 #include <gssapi/gssapi.h>
36 #ifdef ENABLE_SSPI
37 #define SECURITY_WIN32
38 #if defined(WIN32) && !defined(_MSC_VER)
39 #include <ntsecapi.h>
40 #endif
41 #include <security.h>
42 #undef SECURITY_WIN32
44 #ifndef ENABLE_GSS
45 /*
46 * Define a fake structure compatible with GSSAPI on Unix.
47 */
49 {
53 #endif
62 {
63 CAC_OK,
64 CAC_STARTUP,
65 CAC_SHUTDOWN,
66 CAC_RECOVERY,
67 CAC_NOTCONSISTENT,
68 CAC_TOOMANY
72 /*
73 * GSSAPI specific state information
74 */
75 #if defined(ENABLE_GSS) | defined(ENABLE_SSPI)
77 {
79 #ifdef ENABLE_GSS
84 * GSSAPI auth was not used */
87 #endif
89 #endif
91 /*
92 * ClientConnectionInfo includes the fields describing the client connection
93 * that are copied over to parallel workers as nothing from Port does that.
94 * The same rules apply for allocations here as for Port (everything must be
95 * malloc'd or palloc'd in TopMemoryContext).
96 *
97 * If you add a struct member here, remember to also handle serialization in
98 * SerializeClientConnectionInfo() and co.
99 */
101 {
102 /*
103 * Authenticated identity. The meaning of this identifier is dependent on
104 * auth_method; it is the identity (if any) that the user presented during
105 * the authentication cycle, before they were assigned a database role.
106 * (It is effectively the "SYSTEM-USERNAME" of a pg_ident usermap --
107 * though the exact string in use may be different, depending on pg_hba
108 * options.)
109 *
110 * authn_id is NULL if the user has not actually been authenticated, for
111 * example if the "trust" auth method is in use.
112 */
115 /*
116 * The HBA method that determined the above authn_id. This only has
117 * meaning if authn_id is not NULL; otherwise it's undefined.
118 */
119 UserAuth auth_method;
122 /*
123 * This is used by the postmaster in its communication with frontends. It
124 * contains all state information needed during this communication before the
125 * backend is run. The Port structure is kept in malloc'd memory and is
126 * still available when a backend is running (see MyProcPort). The data
127 * it points to must also be malloc'd, or else palloc'd in TopMemoryContext,
128 * so that it survives into PostgresMain execution!
129 *
130 * remote_hostname is set if we did a successful reverse lookup of the
131 * client's IP address during connection setup.
132 * remote_hostname_resolv tracks the state of hostname verification:
133 * +1 = remote_hostname is known to resolve to client's IP address
134 * -1 = remote_hostname is known NOT to resolve to client's IP address
135 * 0 = we have not done the forward DNS lookup yet
136 * -2 = there was an error in name resolution
137 * If reverse lookup of the client IP address fails, remote_hostname will be
138 * left NULL while remote_hostname_resolv is set to -2. If reverse lookup
139 * succeeds but forward lookup fails, remote_hostname_resolv is also set to -2
140 * (the case is distinguishable because remote_hostname isn't NULL). In
141 * either of the -2 cases, remote_hostname_errcode saves the lookup return
142 * code for possible later use with gai_strerror.
143 */
146 {
154 * available */
160 /*
161 * Information that needs to be saved from the startup packet and passed
162 * into backend execution. "char *" fields are NULL if not set.
163 * guc_options points to a List of alternating option names and values.
164 */
170 /*
171 * The startup packet application name, only used here for the "connection
172 * authorized" log message. We shouldn't use this post-startup, instead
173 * the GUC should be used as application can change it afterward.
174 */
177 /*
178 * Information that needs to be held during the authentication cycle.
179 */
182 /*
183 * TCP keepalive and user timeout settings.
184 *
185 * default values are 0 if AF_UNIX or not yet known; current values are 0
186 * if AF_UNIX or using the default. Also, -1 in a default value means we
187 * were unable to find out the default (getsockopt failed).
188 */
198 /*
199 * GSSAPI structures.
200 */
201 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
203 /*
204 * If GSSAPI is supported and used on this connection, store GSSAPI
205 * information. Even when GSSAPI is not compiled in, store a NULL pointer
206 * to keep struct offsets the same (for extension ABI compatibility).
207 */
209 #else
211 #endif
213 /*
214 * SSL structures.
215 */
221 /*
222 * OpenSSL structures. (Keep these last so that the locations of other
223 * fields are the same whether or not you build with SSL enabled.)
224 */
225 #ifdef USE_OPENSSL
228 #endif
231 #ifdef USE_SSL
232 /*
233 * Hardcoded DH parameters, used in ephemeral DH keying. (See also
234 * README.SSL for more details on EDH.)
235 *
236 * This is the 2048-bit DH parameter from RFC 3526. The generation of the
237 * prime is specified in RFC 2412 Appendix E, which also discusses the
238 * design choice of the generator. Note that when loaded with OpenSSL
239 * this causes DH_check() to fail on DH_NOT_SUITABLE_GENERATOR, where
240 * leaking a bit is preferred.
241 */
242 #define FILE_DH2048 \
252 /*
253 * These functions are implemented by the glue code specific to each
254 * SSL implementation (e.g. be-secure-openssl.c)
255 */
257 /*
258 * Initialize global SSL context.
259 *
260 * If isServerStart is true, report any errors as FATAL (so we don't return).
261 * Otherwise, log errors at LOG level and return -1 to indicate trouble,
262 * preserving the old SSL state if any. Returns 0 if OK.
263 */
266 /*
267 * Destroy global SSL context, if any.
268 */
271 /*
272 * Attempt to negotiate SSL connection.
273 */
276 /*
277 * Close SSL connection.
278 */
281 /*
282 * Read data from a secure connection.
283 */
286 /*
287 * Write data to a secure connection.
288 */
291 /*
292 * Return information about the SSL connection.
293 */
301 /*
302 * Get the server certificate hash for SCRAM channel binding type
303 * tls-server-end-point.
304 *
305 * The result is a palloc'd hash of the server certificate with its
306 * size, and NULL if there is no certificate available.
307 *
308 * This is not supported with old versions of OpenSSL that don't have
309 * the X509_get_signature_nid() function.
310 */
311 #if defined(USE_OPENSSL) && defined(HAVE_X509_GET_SIGNATURE_NID)
312 #define HAVE_BE_TLS_GET_CERTIFICATE_HASH
314 #endif
316 /* init hook for SSL, the default sets the password callback if appropriate */
317 #ifdef USE_OPENSSL
320 #endif
324 #ifdef ENABLE_GSS
325 /*
326 * Return information about the GSSAPI authenticated connection
327 */
332 /* Read and write to a GSSAPI-encrypted connection. */
340 /* TCP keepalives configuration. These are no-ops on an AF_UNIX socket. */