52 #define PQ_GSS_SEND_BUFFER_SIZE 16384
53 #define PQ_GSS_RECV_BUFFER_SIZE 16384
100 gss_buffer_desc
input,
102 size_t bytes_to_encrypt;
103 size_t bytes_encrypted;
104 gss_ctx_id_t gctx =
port->gss->ctx;
124 elog(
COMMERROR,
"GSSAPI caller failed to retransmit all data needing to be retried");
176 if (!bytes_to_encrypt)
187 input.length = bytes_to_encrypt;
189 input.value = (
char *) ptr + bytes_encrypted;
198 major = gss_wrap(&minor, gctx, 1, GSS_C_QOP_DEFAULT,
200 if (major != GSS_S_COMPLETE)
209 (
errmsg(
"outgoing GSSAPI message would not use confidentiality")));
216 (
errmsg(
"server tried to send oversize GSSAPI packet (%zu > %zu)",
223 bytes_encrypted +=
input.length;
224 bytes_to_encrypt -=
input.length;
236 gss_release_buffer(&minor, &
output);
246 return bytes_encrypted;
267 gss_buffer_desc
input,
270 size_t bytes_returned = 0;
271 gss_ctx_id_t gctx =
port->gss->ctx;
279 while (bytes_returned <
len)
287 size_t bytes_to_copy =
Min(bytes_in_buffer,
len - bytes_returned);
295 bytes_returned += bytes_to_copy;
318 Assert(bytes_returned == 0);
352 (
errmsg(
"oversize GSSAPI packet sent by the client (%zu > %zu)",
353 (
size_t)
input.length,
387 major = gss_unwrap(&minor, gctx, &
input, &
output, &conf_state, NULL);
388 if (major != GSS_S_COMPLETE)
397 (
errmsg(
"incoming GSSAPI message did not use confidentiality")));
409 gss_release_buffer(&minor, &
output);
412 return bytes_returned;
455 port->sock, 0, WAIT_EVENT_GSS_OPEN_SERVER);
498 bool complete_next =
false;
501 gss_cred_id_t delegated_creds;
508 port->gss = (pg_gssinfo *)
511 delegated_creds = GSS_C_NO_CREDENTIAL;
512 port->gss->delegated_creds =
false;
526 (
errcode(ERRCODE_OUT_OF_MEMORY),
527 errmsg(
"out of memory")));
542 (
errcode(ERRCODE_OUT_OF_MEMORY),
543 errmsg(
"could not set environment: %m")));
550 gss_buffer_desc
input,
551 output = GSS_C_EMPTY_BUFFER;
578 (
errmsg(
"oversize GSSAPI packet sent by the client (%zu > %d)",
579 (
size_t)
input.length,
595 major = gss_accept_sec_context(&minor, &
port->gss->ctx,
596 GSS_C_NO_CREDENTIAL, &
input,
597 GSS_C_NO_CHANNEL_BINDINGS,
601 if (GSS_ERROR(major))
605 gss_release_buffer(&minor, &
output);
608 else if (!(major & GSS_S_CONTINUE_NEEDED))
614 complete_next =
true;
617 if (delegated_creds != GSS_C_NO_CREDENTIAL)
620 port->gss->delegated_creds =
true;
637 (
errmsg(
"server tried to send oversize GSSAPI packet (%zu > %zu)",
640 gss_release_buffer(&minor, &
output);
664 gss_release_buffer(&minor, &
output);
673 port->sock, 0, WAIT_EVENT_GSS_OPEN_SERVER);
683 gss_release_buffer(&minor, &
output);
698 major = gss_wrap_size_limit(&minor,
port->gss->ctx, 1, GSS_C_QOP_DEFAULT,
702 if (GSS_ERROR(major))
708 port->gss->enc =
true;
722 return port->gss->auth;
734 return port->gss->enc;
747 return port->gss->princ;
760 return port->gss->delegated_creds;
char * pg_krb_server_keyfile
bool pg_gss_accept_delegation
void pg_store_delegated_credential(gss_cred_id_t cred)
void pg_GSS_error(const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
static int PqGSSRecvLength
static int PqGSSResultLength
static char * PqGSSSendBuffer
bool be_gssapi_get_auth(Port *port)
static int PqGSSSendConsumed
#define PQ_GSS_RECV_BUFFER_SIZE
ssize_t be_gssapi_read(Port *port, void *ptr, size_t len)
ssize_t be_gssapi_write(Port *port, void *ptr, size_t len)
static ssize_t read_or_wait(Port *port, ssize_t len)
ssize_t secure_open_gssapi(Port *port)
static char * PqGSSRecvBuffer
static int PqGSSResultNext
static uint32 PqGSSMaxPktSize
bool be_gssapi_get_enc(Port *port)
#define PQ_GSS_SEND_BUFFER_SIZE
const char * be_gssapi_get_princ(Port *port)
static int PqGSSSendLength
static char * PqGSSResultBuffer
bool be_gssapi_get_delegation(Port *port)
ssize_t secure_raw_read(Port *port, void *ptr, size_t len)
ssize_t secure_raw_write(Port *port, const void *ptr, size_t len)
#define Assert(condition)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
#define INJECTION_POINT(name)
int WaitLatchOrSocket(Latch *latch, int wakeEvents, pgsocket sock, long timeout, uint32 wait_event_info)
#define WL_SOCKET_READABLE
#define WL_EXIT_ON_PM_DEATH
#define WL_SOCKET_WRITEABLE
MemoryContext TopMemoryContext
void * MemoryContextAllocZero(MemoryContext context, Size size)