Documentation ¶
Overview ¶
Package hba implements an hba.conf parser.
Index ¶
- type AnyAddr
- type Conf
- type ConnType
- type Entry
- func (h Entry) AddressMatches(addr net.IP) (bool, error)
- func (h Entry) AddressString() string
- func (h Entry) ConnMatches(clientConn ConnType, ip net.IP) (bool, error)
- func (h Entry) ConnTypeMatches(clientConn ConnType) bool
- func (h Entry) DatabaseString() string
- func (h Entry) Equivalent(other Entry) bool
- func (h Entry) GetOption(name string) string
- func (h Entry) GetOptions(name string) []string
- func (h Entry) OptionsString() string
- func (h Entry) String() string
- func (h Entry) UserMatches(userName string) bool
- func (h Entry) UserString() string
- type String
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnyAddr ¶
type AnyAddr struct{}
AnyAddr represents "any address" and is used when parsing "all" for the "Address" field.
type Conf ¶
type Conf struct {
Entries []Entry
}
Conf is a parsed configuration.
func ParseAndNormalize ¶
ParseAndNormalize parses the HBA configuration from the provided string and performs two tasks:
- it unicode-normalizes the usernames. Since usernames are initialized during pgwire session initialization, this ensures that string comparisons can be used to match usernames.
- it ensures there is one entry per username. This simplifies the code in the authentication logic.
type ConnType ¶
type ConnType int
ConnType represents the type of connection matched by a rule.
const ( // ConnLocal matches unix socket connections. ConnLocal ConnType = 1 << iota // ConnHostNoSSL matches TCP connections without SSL/TLS. ConnHostNoSSL // ConnHostSSL matches TCP connections with SSL/TLS. ConnHostSSL // ConnHostAny matches TCP connections with or without SSL/TLS. ConnHostAny = ConnHostNoSSL | ConnHostSSL // ConnAny matches any connection type. Used when registering auth // methods. ConnAny = ConnHostAny | ConnLocal )
func ParseConnType ¶
ParseConnType parses the connection type field.
type Entry ¶
type Entry struct { // ConnType is the connection type to match. ConnType ConnType // Database is the list of databases to match. An empty list means // "match any database". Database []String // User is the list of users to match. An empty list means "match // any user". User []String // Address is either AnyAddr, *net.IPNet or (unsupported) String for a hostname. Address interface{} Method String // MethodFn is populated during name resolution of Method. MethodFn interface{} Options [][2]string OptionQuotes []bool // Input is the original configuration line in the HBA configuration string. // This is used for auditing purposes. Input string // Generated is true if the entry was expanded from another. All the // generated entries share the same value for Input. Generated bool }
Entry is a single line of a configuration.
func (Entry) AddressMatches ¶
AddressMatches returns true iff the provided address matches the entry. The function assumes the entry was normalized already. See ParseAndNormalize.
func (Entry) AddressString ¶
AddressString returns a string that describes the address field.
func (Entry) ConnMatches ¶
ConnMatches returns true iff the provided client connection type and address matches the entry spec.
func (Entry) ConnTypeMatches ¶
ConnTypeMatches returns true iff the provided actual client connection type matches the connection type specified in the rule.
func (Entry) DatabaseString ¶
DatabaseString returns a string that describes the database field.
func (Entry) Equivalent ¶
Equivalent returns true iff the entry is equivalent to another, excluding the original syntax.
func (Entry) GetOption ¶
GetOption returns the value of option name if there is exactly one occurrence of name in the options list, otherwise the empty string.
func (Entry) GetOptions ¶
GetOptions returns all values of option name.
func (Entry) OptionsString ¶
OptionsString returns a string that describes the option field.
func (Entry) UserMatches ¶
UserMatches returns true iff the provided username matches the an entry in the User list or if the user list is empty (the entry matches all).
The provided username must be normalized already. The function assumes the entry was normalized to contain only one user and its username normalized. See ParseAndNormalize().
func (Entry) UserString ¶
UserString returns a string that describes the username field.