#include "postgres.h"
#include <sys/stat.h>
#include <unistd.h>
#include "common/percentrepl.h"
#include "common/string.h"
#include "libpq/libpq.h"
#include "storage/fd.h"
Go to the source code of this file.
◆ check_ssl_key_file_permissions()
bool check_ssl_key_file_permissions |
( |
const char * |
ssl_key_file, |
|
|
bool |
isServerStart |
|
) |
| |
Definition at line 114 of file be-secure-common.c.
115{
116 int loglevel = isServerStart ?
FATAL :
LOG;
118
120 {
123 errmsg(
"could not access private key file \"%s\": %m",
125 return false;
126 }
127
128
130 {
132 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
133 errmsg(
"private key file \"%s\" is not a regular file",
135 return false;
136 }
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154#if !defined(WIN32) && !defined(__CYGWIN__)
155 if (
buf.st_uid != geteuid() &&
buf.st_uid != 0)
156 {
158 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
159 errmsg(
"private key file \"%s\" must be owned by the database user or root",
161 return false;
162 }
163
166 {
168 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
169 errmsg(
"private key file \"%s\" has group or world access",
171 errdetail(
"File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.")));
172 return false;
173 }
174#endif
175
176 return true;
177}
int errcode_for_file_access(void)
int errdetail(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
References buf, ereport, errcode(), errcode_for_file_access(), errdetail(), errmsg(), FATAL, LOG, S_IRWXG, S_IRWXO, S_ISREG, S_IWGRP, S_IXGRP, ssl_key_file, and stat.
Referenced by be_tls_init().
◆ run_ssl_passphrase_command()
int run_ssl_passphrase_command |
( |
const char * |
prompt, |
|
|
bool |
is_server_start, |
|
|
char * |
buf, |
|
|
int |
size |
|
) |
| |
Definition at line 40 of file be-secure-common.c.
41{
42 int loglevel = is_server_start ?
ERROR :
LOG;
43 char *command;
44 FILE *fh;
45 int pclose_rc;
47
51
53
55 if (fh == NULL)
56 {
59 errmsg(
"could not execute command \"%s\": %m",
60 command)));
62 }
63
65 {
66 if (ferror(fh))
67 {
71 errmsg(
"could not read from command \"%s\": %m",
72 command)));
74 }
75 }
76
78 if (pclose_rc == -1)
79 {
83 errmsg(
"could not close pipe to external command: %m")));
85 }
86 else if (pclose_rc != 0)
87 {
88 char *reason;
89
94 errmsg(
"command \"%s\" failed",
95 command),
99 }
100
101
103
107}
char * ssl_passphrase_command
#define Assert(condition)
int errdetail_internal(const char *fmt,...)
FILE * OpenPipeStream(const char *command, const char *mode)
int ClosePipeStream(FILE *file)
void pfree(void *pointer)
char * replace_percent_placeholders(const char *instr, const char *param_name, const char *letters,...)
void explicit_bzero(void *buf, size_t len)
static pg_noinline void Size size
int pg_strip_crlf(char *str)
char * wait_result_to_str(int exitstatus)
References Assert, buf, ClosePipeStream(), ereport, errcode_for_file_access(), errdetail_internal(), errmsg(), ERROR, error(), explicit_bzero(), len, LOG, OpenPipeStream(), pfree(), pg_strip_crlf(), replace_percent_placeholders(), size, ssl_passphrase_command, and wait_result_to_str().
Referenced by ssl_external_passwd_cb().