be-secure-common.c File Reference
#include "postgres.h"#include <sys/stat.h>#include <unistd.h>#include "common/percentrepl.h"#include "common/string.h"#include "libpq/libpq.h"#include "storage/fd.h"
Include dependency graph for be-secure-common.c:
Go to the source code of this file.
Functions | |
| int | run_ssl_passphrase_command (const char *prompt, bool is_server_start, char *buf, int size) |
| bool | check_ssl_key_file_permissions (const char *ssl_key_file, bool isServerStart) |
Function Documentation
◆ check_ssl_key_file_permissions()
| bool check_ssl_key_file_permissions | ( | const char * | ssl_key_file, |
| bool | isServerStart | ||
| ) |
Definition at line 114 of file be-secure-common.c.
115{
118
120 {
121 ereport(loglevel,
122 (errcode_for_file_access(),
124 ssl_key_file)));
125 return false;
126 }
127
128 /* Key file must be a regular file */
130 {
131 ereport(loglevel,
132 (errcode(ERRCODE_CONFIG_FILE_ERROR),
134 ssl_key_file)));
135 return false;
136 }
137
138 /*
139 * Refuse to load key files owned by users other than us or root, and
140 * require no public access to the key file. If the file is owned by us,
141 * require mode 0600 or less. If owned by root, require 0640 or less to
142 * allow read access through either our gid or a supplementary gid that
143 * allows us to read system-wide certificates.
144 *
145 * Note that roughly similar checks are performed in
146 * src/interfaces/libpq/fe-secure-openssl.c so any changes here may need
147 * to be made there as well. The environment is different though; this
148 * code can assume that we're not running as root.
149 *
150 * Ideally we would do similar permissions checks on Windows, but it is
151 * not clear how that would work since Unix-style permissions may not be
152 * available.
153 */
154#if !defined(WIN32) && !defined(__CYGWIN__)
156 {
157 ereport(loglevel,
158 (errcode(ERRCODE_CONFIG_FILE_ERROR),
160 ssl_key_file)));
161 return false;
162 }
163
166 {
167 ereport(loglevel,
168 (errcode(ERRCODE_CONFIG_FILE_ERROR),
170 ssl_key_file),
171 errdetail("File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.")));
172 return false;
173 }
174#endif
175
176 return true;
177}
Definition: win32_port.h:255
References buf, ereport, errcode(), errcode_for_file_access(), errdetail(), errmsg(), FATAL, LOG, S_IRWXG, S_IRWXO, S_ISREG, S_IWGRP, S_IXGRP, ssl_key_file, and stat.
Referenced by be_tls_init().
◆ run_ssl_passphrase_command()
| int run_ssl_passphrase_command | ( | const char * | prompt, |
| bool | is_server_start, | ||
| char * | buf, | ||
| int | size | ||
| ) |
Definition at line 40 of file be-secure-common.c.
41{
43 char *command;
44 FILE *fh;
45 int pclose_rc;
47
48 Assert(prompt);
49 Assert(size > 0);
51
52 command = replace_percent_placeholders(ssl_passphrase_command, "ssl_passphrase_command", "p", prompt);
53
55 if (fh == NULL)
56 {
57 ereport(loglevel,
58 (errcode_for_file_access(),
60 command)));
62 }
63
65 {
66 if (ferror(fh))
67 {
69 ereport(loglevel,
70 (errcode_for_file_access(),
72 command)));
74 }
75 }
76
77 pclose_rc = ClosePipeStream(fh);
78 if (pclose_rc == -1)
79 {
81 ereport(loglevel,
82 (errcode_for_file_access(),
85 }
86 else if (pclose_rc != 0)
87 {
88 char *reason;
89
91 reason = wait_result_to_str(pclose_rc);
92 ereport(loglevel,
93 (errcode_for_file_access(),
95 command),
97 pfree(reason);
99 }
100
101 /* strip trailing newline and carriage return */
103
104error:
105 pfree(command);
107}
Assert(PointerIsAligned(start, uint64))
char * replace_percent_placeholders(const char *instr, const char *param_name, const char *letters,...)
Definition: percentrepl.c:59
References Assert(), buf, ClosePipeStream(), ereport, errcode_for_file_access(), errdetail_internal(), errmsg(), ERROR, error(), explicit_bzero(), len, LOG, OpenPipeStream(), pfree(), pg_strip_crlf(), replace_percent_placeholders(), ssl_passphrase_command, and wait_result_to_str().
Referenced by ssl_external_passwd_cb().
