51 #define PQ_GSS_SEND_BUFFER_SIZE 16384
52 #define PQ_GSS_RECV_BUFFER_SIZE 16384
99 gss_buffer_desc
input,
101 size_t bytes_to_encrypt;
102 size_t bytes_encrypted;
103 gss_ctx_id_t gctx =
port->gss->ctx;
123 elog(
COMMERROR,
"GSSAPI caller failed to retransmit all data needing to be retried");
175 if (!bytes_to_encrypt)
186 input.length = bytes_to_encrypt;
188 input.value = (
char *) ptr + bytes_encrypted;
197 major = gss_wrap(&minor, gctx, 1, GSS_C_QOP_DEFAULT,
199 if (major != GSS_S_COMPLETE)
208 (
errmsg(
"outgoing GSSAPI message would not use confidentiality")));
215 (
errmsg(
"server tried to send oversize GSSAPI packet (%zu > %zu)",
222 bytes_encrypted +=
input.length;
223 bytes_to_encrypt -=
input.length;
235 gss_release_buffer(&minor, &
output);
245 return bytes_encrypted;
266 gss_buffer_desc
input,
269 size_t bytes_returned = 0;
270 gss_ctx_id_t gctx =
port->gss->ctx;
278 while (bytes_returned <
len)
286 size_t bytes_to_copy =
Min(bytes_in_buffer,
len - bytes_returned);
294 bytes_returned += bytes_to_copy;
317 Assert(bytes_returned == 0);
351 (
errmsg(
"oversize GSSAPI packet sent by the client (%zu > %zu)",
352 (
size_t)
input.length,
386 major = gss_unwrap(&minor, gctx, &
input, &
output, &conf_state, NULL);
387 if (major != GSS_S_COMPLETE)
396 (
errmsg(
"incoming GSSAPI message did not use confidentiality")));
408 gss_release_buffer(&minor, &
output);
411 return bytes_returned;
454 port->sock, 0, WAIT_EVENT_GSS_OPEN_SERVER);
497 bool complete_next =
false;
500 gss_cred_id_t delegated_creds;
505 port->gss = (pg_gssinfo *)
508 delegated_creds = GSS_C_NO_CREDENTIAL;
509 port->gss->delegated_creds =
false;
523 (
errcode(ERRCODE_OUT_OF_MEMORY),
524 errmsg(
"out of memory")));
539 (
errcode(ERRCODE_OUT_OF_MEMORY),
540 errmsg(
"could not set environment: %m")));
547 gss_buffer_desc
input,
548 output = GSS_C_EMPTY_BUFFER;
575 (
errmsg(
"oversize GSSAPI packet sent by the client (%zu > %d)",
576 (
size_t)
input.length,
592 major = gss_accept_sec_context(&minor, &
port->gss->ctx,
593 GSS_C_NO_CREDENTIAL, &
input,
594 GSS_C_NO_CHANNEL_BINDINGS,
598 if (GSS_ERROR(major))
602 gss_release_buffer(&minor, &
output);
605 else if (!(major & GSS_S_CONTINUE_NEEDED))
611 complete_next =
true;
614 if (delegated_creds != GSS_C_NO_CREDENTIAL)
617 port->gss->delegated_creds =
true;
634 (
errmsg(
"server tried to send oversize GSSAPI packet (%zu > %zu)",
637 gss_release_buffer(&minor, &
output);
661 gss_release_buffer(&minor, &
output);
670 port->sock, 0, WAIT_EVENT_GSS_OPEN_SERVER);
680 gss_release_buffer(&minor, &
output);
695 major = gss_wrap_size_limit(&minor,
port->gss->ctx, 1, GSS_C_QOP_DEFAULT,
699 if (GSS_ERROR(major))
705 port->gss->enc =
true;
719 return port->gss->auth;
731 return port->gss->enc;
744 return port->gss->princ;
757 return port->gss->delegated_creds;
char * pg_krb_server_keyfile
bool pg_gss_accept_delegation
void pg_store_delegated_credential(gss_cred_id_t cred)
void pg_GSS_error(const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
static int PqGSSRecvLength
static int PqGSSResultLength
static char * PqGSSSendBuffer
bool be_gssapi_get_auth(Port *port)
static int PqGSSSendConsumed
#define PQ_GSS_RECV_BUFFER_SIZE
ssize_t be_gssapi_read(Port *port, void *ptr, size_t len)
ssize_t be_gssapi_write(Port *port, void *ptr, size_t len)
static ssize_t read_or_wait(Port *port, ssize_t len)
ssize_t secure_open_gssapi(Port *port)
static char * PqGSSRecvBuffer
static int PqGSSResultNext
static uint32 PqGSSMaxPktSize
bool be_gssapi_get_enc(Port *port)
#define PQ_GSS_SEND_BUFFER_SIZE
const char * be_gssapi_get_princ(Port *port)
static int PqGSSSendLength
static char * PqGSSResultBuffer
bool be_gssapi_get_delegation(Port *port)
ssize_t secure_raw_read(Port *port, void *ptr, size_t len)
ssize_t secure_raw_write(Port *port, const void *ptr, size_t len)
elog(ERROR, "%s: %s", p2, msg)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
int WaitLatchOrSocket(Latch *latch, int wakeEvents, pgsocket sock, long timeout, uint32 wait_event_info)
#define WL_SOCKET_READABLE
#define WL_EXIT_ON_PM_DEATH
#define WL_SOCKET_WRITEABLE
Assert(fmt[strlen(fmt) - 1] !='\n')
MemoryContext TopMemoryContext
void * MemoryContextAllocZero(MemoryContext context, Size size)