PostgreSQL Source Code: src/backend/libpq/be-secure.c Source File (original) (raw)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
20
21#include <signal.h>
22#include <fcntl.h>
23#include <ctype.h>
29
35
45
46#ifdef USE_SSL
47bool ssl_loaded_verify_locations = false;
48#endif
49
50
53
54
56
57
59
62
63
64
65
66
67
68
69
70
71
72
73
74int
76{
77#ifdef USE_SSL
79#else
80 return 0;
81#endif
82}
83
84
85
86
87void
89{
90#ifdef USE_SSL
92#endif
93}
94
95
96
97
98bool
100{
101#ifdef USE_SSL
102 return ssl_loaded_verify_locations;
103#else
104 return false;
105#endif
106}
107
108
109
110
111int
113{
114#ifdef USE_SSL
115 int r = 0;
116 ssize_t len;
117
118
120 if (len > 0)
121 {
123
126 return STATUS_ERROR;
129 port->raw_buf_remaining = len;
130 port->raw_buf_consumed = 0;
131 }
133
135
137
138 if (port->raw_buf_remaining > 0)
139 {
140
141
142
143
144 elog(LOG, "buffered unencrypted data remains after negotiating SSL connection");
146 }
147 if (port->raw_buf != NULL)
148 {
150 port->raw_buf = NULL;
151 }
152
154 (errmsg_internal("SSL connection from DN:\"%s\" CN:\"%s\"",
155 port->peer_dn ? port->peer_dn : "(anonymous)",
156 port->peer_cn ? port->peer_cn : "(anonymous)")));
157 return r;
158#else
159 return 0;
160#endif
161}
162
163
164
165
166void
168{
169#ifdef USE_SSL
170 if (port->ssl_in_use)
172#endif
173}
174
175
176
177
178ssize_t
180{
181 ssize_t n;
182 int waitfor;
183
184
186
187retry:
188#ifdef USE_SSL
189 waitfor = 0;
190 if (port->ssl_in_use)
191 {
193 }
194 else
195#endif
196#ifdef ENABLE_GSS
197 if (port->gss && port->gss->enc)
198 {
201 }
202 else
203#endif
204 {
207 }
208
209
210 if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
211 {
213
215
217
219 WAIT_EVENT_CLIENT_READ);
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
240 (errcode(ERRCODE_ADMIN_SHUTDOWN),
241 errmsg("terminating connection due to unexpected postmaster exit")));
242
243
245 {
248
249
250
251
252
253
254 }
255 goto retry;
256 }
257
258
259
260
261
263
264 return n;
265}
266
267ssize_t
269{
270 ssize_t n;
271
272
273 if (port->raw_buf_remaining > 0)
274 {
275
276 if (len > port->raw_buf_remaining)
277 len = port->raw_buf_remaining;
279 memcpy(ptr, port->raw_buf + port->raw_buf_consumed, len);
280 port->raw_buf_consumed += len;
281 port->raw_buf_remaining -= len;
282 return len;
283 }
284
285
286
287
288
289#ifdef WIN32
291#endif
293#ifdef WIN32
295#endif
296
297 return n;
298}
299
300
301
302
303
304ssize_t
306{
307 ssize_t n;
308 int waitfor;
309
310
312
313retry:
314 waitfor = 0;
315#ifdef USE_SSL
316 if (port->ssl_in_use)
317 {
319 }
320 else
321#endif
322#ifdef ENABLE_GSS
323 if (port->gss && port->gss->enc)
324 {
327 }
328 else
329#endif
330 {
333 }
334
335 if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
336 {
338
340
342
344 WAIT_EVENT_CLIENT_WRITE);
345
346
349 (errcode(ERRCODE_ADMIN_SHUTDOWN),
350 errmsg("terminating connection due to unexpected postmaster exit")));
351
352
354 {
357
358
359
360
361
362
363 }
364 goto retry;
365 }
366
367
368
369
370
372
373 return n;
374}
375
376ssize_t
378{
379 ssize_t n;
380
381#ifdef WIN32
383#endif
385#ifdef WIN32
387#endif
388
389 return n;
390}
ssize_t be_gssapi_write(Port *port, const void *ptr, size_t len)
ssize_t be_gssapi_read(Port *port, void *ptr, size_t len)
ssize_t be_tls_write(Port *port, const void *ptr, size_t len, int *waitfor)
void be_tls_destroy(void)
int be_tls_init(bool isServerStart)
int be_tls_open_server(Port *port)
void be_tls_close(Port *port)
ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
void secure_destroy(void)
char * ssl_dh_params_file
int ssl_min_protocol_version
ssize_t secure_raw_read(Port *port, void *ptr, size_t len)
int secure_initialize(bool isServerStart)
bool SSLPreferServerCiphers
ssize_t secure_write(Port *port, const void *ptr, size_t len)
int ssl_max_protocol_version
char * ssl_passphrase_command
int secure_open_server(Port *port)
bool ssl_passphrase_command_supports_reload
bool secure_loaded_verify_locations(void)
void secure_close(Port *port)
ssize_t secure_read(Port *port, void *ptr, size_t len)
ssize_t secure_raw_write(Port *port, const void *ptr, size_t len)
int errmsg_internal(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
Assert(PointerIsAligned(start, uint64))
#define INJECTION_POINT(name, arg)
void ResetLatch(Latch *latch)
#define FeBeWaitSetSocketPos
void pfree(void *pointer)
void ProcessClientReadInterrupt(bool blocked)
void ProcessClientWriteInterrupt(bool blocked)
ssize_t pq_buffer_remaining_data(void)
int pq_getbytes(void *b, size_t len)
WaitEventSet * FeBeWaitSet
void pq_startmsgread(void)
void ModifyWaitEvent(WaitEventSet *set, int pos, uint32 events, Latch *latch)
int WaitEventSetWait(WaitEventSet *set, long timeout, WaitEvent *occurred_events, int nevents, uint32 wait_event_info)
#define WL_SOCKET_READABLE
#define WL_POSTMASTER_DEATH
#define WL_SOCKET_WRITEABLE
#define recv(s, buf, len, flags)
#define send(s, buf, len, flags)