#include "postgres.h"
#include <sys/stat.h>
#include <unistd.h>
#include "common/percentrepl.h"
#include "common/string.h"
#include "libpq/libpq.h"
#include "storage/fd.h"
Go to the source code of this file.
◆ check_ssl_key_file_permissions()
bool check_ssl_key_file_permissions |
( |
const char * |
ssl_key_file, |
|
|
bool |
isServerStart |
|
) |
| |
Definition at line 110 of file be-secure-common.c.
112 int loglevel = isServerStart ?
FATAL :
LOG;
119 errmsg(
"could not access private key file \"%s\": %m",
128 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
129 errmsg(
"private key file \"%s\" is not a regular file",
150 #if !defined(WIN32) && !defined(__CYGWIN__)
151 if (
buf.st_uid != geteuid() &&
buf.st_uid != 0)
154 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
155 errmsg(
"private key file \"%s\" must be owned by the database user or root",
164 (
errcode(ERRCODE_CONFIG_FILE_ERROR),
165 errmsg(
"private key file \"%s\" has group or world access",
167 errdetail(
"File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.")));
int errcode_for_file_access(void)
int errdetail(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
References buf, ereport, errcode(), errcode_for_file_access(), errdetail(), errmsg(), FATAL, LOG, S_IRWXG, S_IRWXO, S_ISREG, S_IWGRP, S_IXGRP, ssl_key_file, and stat.
Referenced by be_tls_init().
◆ run_ssl_passphrase_command()
int run_ssl_passphrase_command |
( |
const char * |
prompt, |
|
|
bool |
is_server_start, |
|
|
char * |
buf, |
|
|
int |
size |
|
) |
| |
Definition at line 40 of file be-secure-common.c.
42 int loglevel = is_server_start ?
ERROR :
LOG;
59 errmsg(
"could not execute command \"%s\": %m",
64 if (!fgets(
buf, size, fh))
71 errmsg(
"could not read from command \"%s\": %m",
83 errmsg(
"could not close pipe to external command: %m")));
86 else if (pclose_rc != 0)
91 errmsg(
"command \"%s\" failed",
char * ssl_passphrase_command
int errdetail_internal(const char *fmt,...)
int ClosePipeStream(FILE *file)
FILE * OpenPipeStream(const char *command, const char *mode)
Assert(fmt[strlen(fmt) - 1] !='\n')
void pfree(void *pointer)
char * replace_percent_placeholders(const char *instr, const char *param_name, const char *letters,...)
void explicit_bzero(void *buf, size_t len)
int pg_strip_crlf(char *str)
char * wait_result_to_str(int exitstatus)
References Assert(), buf, ClosePipeStream(), ereport, errcode_for_file_access(), errdetail_internal(), errmsg(), ERROR, error(), explicit_bzero(), len, LOG, OpenPipeStream(), pfree(), pg_strip_crlf(), replace_percent_placeholders(), ssl_passphrase_command, and wait_result_to_str().
Referenced by ssl_external_passwd_cb().