PostgreSQL Source Code git master
be-secure-gssapi.c
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * be-secure-gssapi.c
4 * GSSAPI encryption support
5 *
6 * Portions Copyright (c) 2018-2025, PostgreSQL Global Development Group
7 *
8 * IDENTIFICATION
9 * src/backend/libpq/be-secure-gssapi.c
10 *
11 *-------------------------------------------------------------------------
12 */
13
14#include "postgres.h"
15
16#include <unistd.h>
17
18#include "libpq/auth.h"
20#include "libpq/libpq.h"
21#include "miscadmin.h"
22#include "pgstat.h"
23#include "port/pg_bswap.h"
25#include "utils/memutils.h"
26
27
28/*
29 * Handle the encryption/decryption of data using GSSAPI.
30 *
31 * In the encrypted data stream on the wire, we break up the data
32 * into packets where each packet starts with a uint32-size length
33 * word (in network byte order), then encrypted data of that length
34 * immediately following. Decryption yields the same data stream
35 * that would appear when not using encryption.
36 *
37 * Encrypted data typically ends up being larger than the same data
38 * unencrypted, so we use fixed-size buffers for handling the
39 * encryption/decryption which are larger than PQComm's buffer will
40 * typically be to minimize the times where we have to make multiple
41 * packets (and therefore multiple recv/send calls for a single
42 * read/write call to us).
43 *
44 * NOTE: The client and server have to agree on the max packet size,
45 * because we have to pass an entire packet to GSSAPI at a time and we
46 * don't want the other side to send arbitrarily huge packets as we
47 * would have to allocate memory for them to then pass them to GSSAPI.
48 *
49 * Therefore, these two #define's are effectively part of the protocol
50 * spec and can't ever be changed.
51 */
52#define PQ_GSS_SEND_BUFFER_SIZE 16384
53#define PQ_GSS_RECV_BUFFER_SIZE 16384
54
55/*
56 * Since we manage at most one GSS-encrypted connection per backend,
57 * we can just keep all this state in static variables. The char *
58 * variables point to buffers that are allocated once and re-used.
59 */
60static char *PqGSSSendBuffer; /* Encrypted data waiting to be sent */
61static int PqGSSSendLength; /* End of data available in PqGSSSendBuffer */
62static int PqGSSSendNext; /* Next index to send a byte from
63 * PqGSSSendBuffer */
64static int PqGSSSendConsumed; /* Number of source bytes encrypted but not
65 * yet reported as sent */
66
67static char *PqGSSRecvBuffer; /* Received, encrypted data */
68static int PqGSSRecvLength; /* End of data available in PqGSSRecvBuffer */
69
70static char *PqGSSResultBuffer; /* Decryption of data in gss_RecvBuffer */
71static int PqGSSResultLength; /* End of data available in PqGSSResultBuffer */
72static int PqGSSResultNext; /* Next index to read a byte from
73 * PqGSSResultBuffer */
74
75static uint32 PqGSSMaxPktSize; /* Maximum size we can encrypt and fit the
76 * results into our output buffer */
77
78
79/*
80 * Attempt to write len bytes of data from ptr to a GSSAPI-encrypted connection.
81 *
82 * The connection must be already set up for GSSAPI encryption (i.e., GSSAPI
83 * transport negotiation is complete).
84 *
85 * On success, returns the number of data bytes consumed (possibly less than
86 * len). On failure, returns -1 with errno set appropriately. For retryable
87 * errors, caller should call again (passing the same or more data) once the
88 * socket is ready.
89 *
90 * Dealing with fatal errors here is a bit tricky: we can't invoke elog(FATAL)
91 * since it would try to write to the client, probably resulting in infinite
92 * recursion. Instead, use elog(COMMERROR) to log extra info about the
93 * failure if necessary, and then return an errno indicating connection loss.
94 */
95ssize_t
96be_gssapi_write(Port *port, void *ptr, size_t len)
97{
98 OM_uint32 major,
99 minor;
100 gss_buffer_desc input,
101 output;
102 size_t bytes_to_encrypt;
103 size_t bytes_encrypted;
104 gss_ctx_id_t gctx = port->gss->ctx;
105
106 /*
107 * When we get a retryable failure, we must not tell the caller we have
108 * successfully transmitted everything, else it won't retry. For
109 * simplicity, we claim we haven't transmitted anything until we have
110 * successfully transmitted all "len" bytes. Between calls, the amount of
111 * the current input data that's already been encrypted and placed into
112 * PqGSSSendBuffer (and perhaps transmitted) is remembered in
113 * PqGSSSendConsumed. On a retry, the caller *must* be sending that data
114 * again, so if it offers a len less than that, something is wrong.
115 *
116 * Note: it may seem attractive to report partial write completion once
117 * we've successfully sent any encrypted packets. However, that can cause
118 * problems for callers; notably, pqPutMsgEnd's heuristic to send only
119 * full 8K blocks interacts badly with such a hack. We won't save much,
120 * typically, by letting callers discard data early, so don't risk it.
121 */
123 {
124 elog(COMMERROR, "GSSAPI caller failed to retransmit all data needing to be retried");
125 errno = ECONNRESET;
126 return -1;
127 }
128
129 /* Discount whatever source data we already encrypted. */
130 bytes_to_encrypt = len - PqGSSSendConsumed;
131 bytes_encrypted = PqGSSSendConsumed;
132
133 /*
134 * Loop through encrypting data and sending it out until it's all done or
135 * secure_raw_write() complains (which would likely mean that the socket
136 * is non-blocking and the requested send() would block, or there was some
137 * kind of actual error).
138 */
139 while (bytes_to_encrypt || PqGSSSendLength)
140 {
141 int conf_state = 0;
142 uint32 netlen;
143
144 /*
145 * Check if we have data in the encrypted output buffer that needs to
146 * be sent (possibly left over from a previous call), and if so, try
147 * to send it. If we aren't able to, return that fact back up to the
148 * caller.
149 */
150 if (PqGSSSendLength)
151 {
152 ssize_t ret;
153 ssize_t amount = PqGSSSendLength - PqGSSSendNext;
154
156 if (ret <= 0)
157 return ret;
158
159 /*
160 * Check if this was a partial write, and if so, move forward that
161 * far in our buffer and try again.
162 */
163 if (ret < amount)
164 {
165 PqGSSSendNext += ret;
166 continue;
167 }
168
169 /* We've successfully sent whatever data was in the buffer. */
171 }
172
173 /*
174 * Check if there are any bytes left to encrypt. If not, we're done.
175 */
176 if (!bytes_to_encrypt)
177 break;
178
179 /*
180 * Check how much we are being asked to send, if it's too much, then
181 * we will have to loop and possibly be called multiple times to get
182 * through all the data.
183 */
184 if (bytes_to_encrypt > PqGSSMaxPktSize)
185 input.length = PqGSSMaxPktSize;
186 else
187 input.length = bytes_to_encrypt;
188
189 input.value = (char *) ptr + bytes_encrypted;
190
191 output.value = NULL;
192 output.length = 0;
193
194 /*
195 * Create the next encrypted packet. Any failure here is considered a
196 * hard failure, so we return -1 even if some data has been sent.
197 */
198 major = gss_wrap(&minor, gctx, 1, GSS_C_QOP_DEFAULT,
199 &input, &conf_state, &output);
200 if (major != GSS_S_COMPLETE)
201 {
202 pg_GSS_error(_("GSSAPI wrap error"), major, minor);
203 errno = ECONNRESET;
204 return -1;
205 }
206 if (conf_state == 0)
207 {
209 (errmsg("outgoing GSSAPI message would not use confidentiality")));
210 errno = ECONNRESET;
211 return -1;
212 }
213 if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
214 {
216 (errmsg("server tried to send oversize GSSAPI packet (%zu > %zu)",
217 (size_t) output.length,
218 PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))));
219 errno = ECONNRESET;
220 return -1;
221 }
222
223 bytes_encrypted += input.length;
224 bytes_to_encrypt -= input.length;
225 PqGSSSendConsumed += input.length;
226
227 /* 4 network-order bytes of length, then payload */
228 netlen = pg_hton32(output.length);
229 memcpy(PqGSSSendBuffer + PqGSSSendLength, &netlen, sizeof(uint32));
230 PqGSSSendLength += sizeof(uint32);
231
232 memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
233 PqGSSSendLength += output.length;
234
235 /* Release buffer storage allocated by GSSAPI */
236 gss_release_buffer(&minor, &output);
237 }
238
239 /* If we get here, our counters should all match up. */
241 Assert(len == bytes_encrypted);
242
243 /* We're reporting all the data as sent, so reset PqGSSSendConsumed. */
245
246 return bytes_encrypted;
247}
248
249/*
250 * Read up to len bytes of data into ptr from a GSSAPI-encrypted connection.
251 *
252 * The connection must be already set up for GSSAPI encryption (i.e., GSSAPI
253 * transport negotiation is complete).
254 *
255 * Returns the number of data bytes read, or on failure, returns -1
256 * with errno set appropriately. For retryable errors, caller should call
257 * again once the socket is ready.
258 *
259 * We treat fatal errors the same as in be_gssapi_write(), even though the
260 * argument about infinite recursion doesn't apply here.
261 */
262ssize_t
263be_gssapi_read(Port *port, void *ptr, size_t len)
264{
265 OM_uint32 major,
266 minor;
267 gss_buffer_desc input,
268 output;
269 ssize_t ret;
270 size_t bytes_returned = 0;
271 gss_ctx_id_t gctx = port->gss->ctx;
272
273 /*
274 * The plan here is to read one incoming encrypted packet into
275 * PqGSSRecvBuffer, decrypt it into PqGSSResultBuffer, and then dole out
276 * data from there to the caller. When we exhaust the current input
277 * packet, read another.
278 */
279 while (bytes_returned < len)
280 {
281 int conf_state = 0;
282
283 /* Check if we have data in our buffer that we can return immediately */
285 {
286 size_t bytes_in_buffer = PqGSSResultLength - PqGSSResultNext;
287 size_t bytes_to_copy = Min(bytes_in_buffer, len - bytes_returned);
288
289 /*
290 * Copy the data from our result buffer into the caller's buffer,
291 * at the point where we last left off filling their buffer.
292 */
293 memcpy((char *) ptr + bytes_returned, PqGSSResultBuffer + PqGSSResultNext, bytes_to_copy);
294 PqGSSResultNext += bytes_to_copy;
295 bytes_returned += bytes_to_copy;
296
297 /*
298 * At this point, we've either filled the caller's buffer or
299 * emptied our result buffer. Either way, return to caller. In
300 * the second case, we could try to read another encrypted packet,
301 * but the odds are good that there isn't one available. (If this
302 * isn't true, we chose too small a max packet size.) In any
303 * case, there's no harm letting the caller process the data we've
304 * already returned.
305 */
306 break;
307 }
308
309 /* Result buffer is empty, so reset buffer pointers */
311
312 /*
313 * Because we chose above to return immediately as soon as we emit
314 * some data, bytes_returned must be zero at this point. Therefore
315 * the failure exits below can just return -1 without worrying about
316 * whether we already emitted some data.
317 */
318 Assert(bytes_returned == 0);
319
320 /*
321 * At this point, our result buffer is empty with more bytes being
322 * requested to be read. We are now ready to load the next packet and
323 * decrypt it (entirely) into our result buffer.
324 */
325
326 /* Collect the length if we haven't already */
327 if (PqGSSRecvLength < sizeof(uint32))
328 {
330 sizeof(uint32) - PqGSSRecvLength);
331
332 /* If ret <= 0, secure_raw_read already set the correct errno */
333 if (ret <= 0)
334 return ret;
335
336 PqGSSRecvLength += ret;
337
338 /* If we still haven't got the length, return to the caller */
339 if (PqGSSRecvLength < sizeof(uint32))
340 {
341 errno = EWOULDBLOCK;
342 return -1;
343 }
344 }
345
346 /* Decode the packet length and check for overlength packet */
347 input.length = pg_ntoh32(*(uint32 *) PqGSSRecvBuffer);
348
349 if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
350 {
352 (errmsg("oversize GSSAPI packet sent by the client (%zu > %zu)",
353 (size_t) input.length,
354 PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))));
355 errno = ECONNRESET;
356 return -1;
357 }
358
359 /*
360 * Read as much of the packet as we are able to on this call into
361 * wherever we left off from the last time we were called.
362 */
364 input.length - (PqGSSRecvLength - sizeof(uint32)));
365 /* If ret <= 0, secure_raw_read already set the correct errno */
366 if (ret <= 0)
367 return ret;
368
369 PqGSSRecvLength += ret;
370
371 /* If we don't yet have the whole packet, return to the caller */
372 if (PqGSSRecvLength - sizeof(uint32) < input.length)
373 {
374 errno = EWOULDBLOCK;
375 return -1;
376 }
377
378 /*
379 * We now have the full packet and we can perform the decryption and
380 * refill our result buffer, then loop back up to pass data back to
381 * the caller.
382 */
383 output.value = NULL;
384 output.length = 0;
385 input.value = PqGSSRecvBuffer + sizeof(uint32);
386
387 major = gss_unwrap(&minor, gctx, &input, &output, &conf_state, NULL);
388 if (major != GSS_S_COMPLETE)
389 {
390 pg_GSS_error(_("GSSAPI unwrap error"), major, minor);
391 errno = ECONNRESET;
392 return -1;
393 }
394 if (conf_state == 0)
395 {
397 (errmsg("incoming GSSAPI message did not use confidentiality")));
398 errno = ECONNRESET;
399 return -1;
400 }
401
402 memcpy(PqGSSResultBuffer, output.value, output.length);
403 PqGSSResultLength = output.length;
404
405 /* Our receive buffer is now empty, reset it */
406 PqGSSRecvLength = 0;
407
408 /* Release buffer storage allocated by GSSAPI */
409 gss_release_buffer(&minor, &output);
410 }
411
412 return bytes_returned;
413}
414
415/*
416 * Read the specified number of bytes off the wire, waiting using
417 * WaitLatchOrSocket if we would block.
418 *
419 * Results are read into PqGSSRecvBuffer.
420 *
421 * Will always return either -1, to indicate a permanent error, or len.
422 */
423static ssize_t
425{
426 ssize_t ret;
427
428 /*
429 * Keep going until we either read in everything we were asked to, or we
430 * error out.
431 */
432 while (PqGSSRecvLength < len)
433 {
435
436 /*
437 * If we got back an error and it wasn't just
438 * EWOULDBLOCK/EAGAIN/EINTR, then give up.
439 */
440 if (ret < 0 &&
441 !(errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR))
442 return -1;
443
444 /*
445 * Ok, we got back either a positive value, zero, or a negative result
446 * indicating we should retry.
447 *
448 * If it was zero or negative, then we wait on the socket to be
449 * readable again.
450 */
451 if (ret <= 0)
452 {
455 port->sock, 0, WAIT_EVENT_GSS_OPEN_SERVER);
456
457 /*
458 * If we got back zero bytes, and then waited on the socket to be
459 * readable and got back zero bytes on a second read, then this is
460 * EOF and the client hung up on us.
461 *
462 * If we did get data here, then we can just fall through and
463 * handle it just as if we got data the first time.
464 *
465 * Otherwise loop back to the top and try again.
466 */
467 if (ret == 0)
468 {
470 if (ret == 0)
471 return -1;
472 }
473 if (ret < 0)
474 continue;
475 }
476
477 PqGSSRecvLength += ret;
478 }
479
480 return len;
481}
482
483/*
484 * Start up a GSSAPI-encrypted connection. This performs GSSAPI
485 * authentication; after this function completes, it is safe to call
486 * be_gssapi_read and be_gssapi_write. Returns -1 and logs on failure;
487 * otherwise, returns 0 and marks the connection as ready for GSSAPI
488 * encryption.
489 *
490 * Note that unlike the be_gssapi_read/be_gssapi_write functions, this
491 * function WILL block on the socket to be ready for read/write (using
492 * WaitLatchOrSocket) as appropriate while establishing the GSSAPI
493 * session.
494 */
495ssize_t
497{
498 bool complete_next = false;
499 OM_uint32 major,
500 minor;
501 gss_cred_id_t delegated_creds;
502
503 INJECTION_POINT("backend-gssapi-startup");
504
505 /*
506 * Allocate subsidiary Port data for GSSAPI operations.
507 */
508 port->gss = (pg_gssinfo *)
509 MemoryContextAllocZero(TopMemoryContext, sizeof(pg_gssinfo));
510
511 delegated_creds = GSS_C_NO_CREDENTIAL;
512 port->gss->delegated_creds = false;
513
514 /*
515 * Allocate buffers and initialize state variables. By malloc'ing the
516 * buffers at this point, we avoid wasting static data space in processes
517 * that will never use them, and we ensure that the buffers are
518 * sufficiently aligned for the length-word accesses that we do in some
519 * places in this file.
520 */
526 (errcode(ERRCODE_OUT_OF_MEMORY),
527 errmsg("out of memory")));
530
531 /*
532 * Use the configured keytab, if there is one. As we now require MIT
533 * Kerberos, we might consider using the credential store extensions in
534 * the future instead of the environment variable.
535 */
536 if (pg_krb_server_keyfile != NULL && pg_krb_server_keyfile[0] != '\0')
537 {
538 if (setenv("KRB5_KTNAME", pg_krb_server_keyfile, 1) != 0)
539 {
540 /* The only likely failure cause is OOM, so use that errcode */
542 (errcode(ERRCODE_OUT_OF_MEMORY),
543 errmsg("could not set environment: %m")));
544 }
545 }
546
547 while (true)
548 {
549 ssize_t ret;
550 gss_buffer_desc input,
551 output = GSS_C_EMPTY_BUFFER;
552
553 /*
554 * The client always sends first, so try to go ahead and read the
555 * length and wait on the socket to be readable again if that fails.
556 */
557 ret = read_or_wait(port, sizeof(uint32));
558 if (ret < 0)
559 return ret;
560
561 /*
562 * Get the length for this packet from the length header.
563 */
564 input.length = pg_ntoh32(*(uint32 *) PqGSSRecvBuffer);
565
566 /* Done with the length, reset our buffer */
567 PqGSSRecvLength = 0;
568
569 /*
570 * During initialization, packets are always fully consumed and
571 * shouldn't ever be over PQ_GSS_RECV_BUFFER_SIZE in length.
572 *
573 * Verify on our side that the client doesn't do something funny.
574 */
575 if (input.length > PQ_GSS_RECV_BUFFER_SIZE)
576 {
578 (errmsg("oversize GSSAPI packet sent by the client (%zu > %d)",
579 (size_t) input.length,
581 return -1;
582 }
583
584 /*
585 * Get the rest of the packet so we can pass it to GSSAPI to accept
586 * the context.
587 */
588 ret = read_or_wait(port, input.length);
589 if (ret < 0)
590 return ret;
591
592 input.value = PqGSSRecvBuffer;
593
594 /* Process incoming data. (The client sends first.) */
595 major = gss_accept_sec_context(&minor, &port->gss->ctx,
596 GSS_C_NO_CREDENTIAL, &input,
597 GSS_C_NO_CHANNEL_BINDINGS,
598 &port->gss->name, NULL, &output, NULL,
599 NULL, pg_gss_accept_delegation ? &delegated_creds : NULL);
600
601 if (GSS_ERROR(major))
602 {
603 pg_GSS_error(_("could not accept GSSAPI security context"),
604 major, minor);
605 gss_release_buffer(&minor, &output);
606 return -1;
607 }
608 else if (!(major & GSS_S_CONTINUE_NEEDED))
609 {
610 /*
611 * rfc2744 technically permits context negotiation to be complete
612 * both with and without a packet to be sent.
613 */
614 complete_next = true;
615 }
616
617 if (delegated_creds != GSS_C_NO_CREDENTIAL)
618 {
619 pg_store_delegated_credential(delegated_creds);
620 port->gss->delegated_creds = true;
621 }
622
623 /* Done handling the incoming packet, reset our buffer */
624 PqGSSRecvLength = 0;
625
626 /*
627 * Check if we have data to send and, if we do, make sure to send it
628 * all
629 */
630 if (output.length > 0)
631 {
632 uint32 netlen = pg_hton32(output.length);
633
634 if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
635 {
637 (errmsg("server tried to send oversize GSSAPI packet (%zu > %zu)",
638 (size_t) output.length,
639 PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))));
640 gss_release_buffer(&minor, &output);
641 return -1;
642 }
643
644 memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32));
645 PqGSSSendLength += sizeof(uint32);
646
647 memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
648 PqGSSSendLength += output.length;
649
650 /* we don't bother with PqGSSSendConsumed here */
651
653 {
656
657 /*
658 * If we got back an error and it wasn't just
659 * EWOULDBLOCK/EAGAIN/EINTR, then give up.
660 */
661 if (ret < 0 &&
662 !(errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR))
663 {
664 gss_release_buffer(&minor, &output);
665 return -1;
666 }
667
668 /* Wait and retry if we couldn't write yet */
669 if (ret <= 0)
670 {
673 port->sock, 0, WAIT_EVENT_GSS_OPEN_SERVER);
674 continue;
675 }
676
677 PqGSSSendNext += ret;
678 }
679
680 /* Done sending the packet, reset our buffer */
682
683 gss_release_buffer(&minor, &output);
684 }
685
686 /*
687 * If we got back that the connection is finished being set up, now
688 * that we've sent the last packet, exit our loop.
689 */
690 if (complete_next)
691 break;
692 }
693
694 /*
695 * Determine the max packet size which will fit in our buffer, after
696 * accounting for the length. be_gssapi_write will need this.
697 */
698 major = gss_wrap_size_limit(&minor, port->gss->ctx, 1, GSS_C_QOP_DEFAULT,
701
702 if (GSS_ERROR(major))
703 {
704 pg_GSS_error(_("GSSAPI size check error"), major, minor);
705 return -1;
706 }
707
708 port->gss->enc = true;
709
710 return 0;
711}
712
713/*
714 * Return if GSSAPI authentication was used on this connection.
715 */
716bool
718{
719 if (!port || !port->gss)
720 return false;
721
722 return port->gss->auth;
723}
724
725/*
726 * Return if GSSAPI encryption is enabled and being used on this connection.
727 */
728bool
730{
731 if (!port || !port->gss)
732 return false;
733
734 return port->gss->enc;
735}
736
737/*
738 * Return the GSSAPI principal used for authentication on this connection
739 * (NULL if we did not perform GSSAPI authentication).
740 */
741const char *
743{
744 if (!port || !port->gss)
745 return NULL;
746
747 return port->gss->princ;
748}
749
750/*
751 * Return if GSSAPI delegated credentials were included on this
752 * connection.
753 */
754bool
756{
757 if (!port || !port->gss)
758 return false;
759
760 return port->gss->delegated_creds;
761}
char * pg_krb_server_keyfile
Definition: auth.c:164
bool pg_gss_accept_delegation
Definition: auth.c:166
void pg_store_delegated_credential(gss_cred_id_t cred)
void pg_GSS_error(const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
static int PqGSSRecvLength
static int PqGSSResultLength
static char * PqGSSSendBuffer
bool be_gssapi_get_auth(Port *port)
static int PqGSSSendConsumed
#define PQ_GSS_RECV_BUFFER_SIZE
ssize_t be_gssapi_read(Port *port, void *ptr, size_t len)
ssize_t be_gssapi_write(Port *port, void *ptr, size_t len)
static ssize_t read_or_wait(Port *port, ssize_t len)
ssize_t secure_open_gssapi(Port *port)
static char * PqGSSRecvBuffer
static int PqGSSResultNext
static uint32 PqGSSMaxPktSize
bool be_gssapi_get_enc(Port *port)
#define PQ_GSS_SEND_BUFFER_SIZE
static int PqGSSSendLength
static int PqGSSSendNext
static char * PqGSSResultBuffer
const char * be_gssapi_get_princ(Port *port)
bool be_gssapi_get_delegation(Port *port)
ssize_t secure_raw_read(Port *port, void *ptr, size_t len)
Definition: be-secure.c:268
ssize_t secure_raw_write(Port *port, const void *ptr, size_t len)
Definition: be-secure.c:377
#define Min(x, y)
Definition: c.h:961
#define Assert(condition)
Definition: c.h:815
uint32_t uint32
Definition: c.h:488
int errcode(int sqlerrcode)
Definition: elog.c:853
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define _(x)
Definition: elog.c:90
#define COMMERROR
Definition: elog.h:33
#define FATAL
Definition: elog.h:41
#define elog(elevel,...)
Definition: elog.h:225
#define ereport(elevel,...)
Definition: elog.h:149
#define malloc(a)
Definition: header.h:50
FILE * input
FILE * output
#define INJECTION_POINT(name)
int WaitLatchOrSocket(Latch *latch, int wakeEvents, pgsocket sock, long timeout, uint32 wait_event_info)
Definition: latch.c:565
#define WL_SOCKET_READABLE
Definition: latch.h:128
#define WL_EXIT_ON_PM_DEATH
Definition: latch.h:132
#define WL_SOCKET_WRITEABLE
Definition: latch.h:129
void * MemoryContextAllocZero(MemoryContext context, Size size)
Definition: mcxt.c:1215
MemoryContext TopMemoryContext
Definition: mcxt.c:149
#define pg_ntoh32(x)
Definition: pg_bswap.h:125
#define pg_hton32(x)
Definition: pg_bswap.h:121
const void size_t len
static int port
Definition: pg_regress.c:115
Definition: libpq-be.h:135
#define EINTR
Definition: win32_port.h:364
#define EWOULDBLOCK
Definition: win32_port.h:370
#define setenv(x, y, z)
Definition: win32_port.h:545
#define ECONNRESET
Definition: win32_port.h:374
#define EAGAIN
Definition: win32_port.h:362