PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
be-secure.c File Reference
#include "postgres.h"
#include <sys/stat.h>
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include "libpq/libpq.h"
#include "miscadmin.h"
#include "pgstat.h"
#include "tcop/tcopprot.h"
#include "utils/memutils.h"
#include "storage/ipc.h"
#include "storage/proc.h"
Include dependency graph for be-secure.c:

Go to the source code of this file.

Functions

int secure_initialize (bool isServerStart)
 
void secure_destroy (void)
 
bool secure_loaded_verify_locations (void)
 
int secure_open_server (Port *port)
 
void secure_close (Port *port)
 
ssize_t secure_read (Port *port, void *ptr, size_t len)
 
ssize_t secure_raw_read (Port *port, void *ptr, size_t len)
 
ssize_t secure_write (Port *port, void *ptr, size_t len)
 
ssize_t secure_raw_write (Port *port, const void *ptr, size_t len)
 

Variables

char * ssl_cert_file
 
char * ssl_key_file
 
char * ssl_ca_file
 
char * ssl_crl_file
 
char * ssl_dh_params_file
 
char * SSLCipherSuites = NULL
 
char * SSLECDHCurve
 
bool SSLPreferServerCiphers
 

Function Documentation

void secure_close ( Port port)

Definition at line 126 of file be-secure.c.

References be_tls_close(), and Port::ssl_in_use.

Referenced by ConnFree(), and socket_close().

127 {
128 #ifdef USE_SSL
129  if (port->ssl_in_use)
130  be_tls_close(port);
131 #endif
132 }
bool ssl_in_use
Definition: libpq-be.h:181
void be_tls_close(Port *port)
void secure_destroy ( void  )

Definition at line 87 of file be-secure.c.

References be_tls_destroy().

Referenced by SIGHUP_handler().

88 {
89 #ifdef USE_SSL
91 #endif
92 }
void be_tls_destroy(void)
int secure_initialize ( bool  isServerStart)

Definition at line 74 of file be-secure.c.

References be_tls_init().

Referenced by PostmasterMain(), and SIGHUP_handler().

75 {
76 #ifdef USE_SSL
77  return be_tls_init(isServerStart);
78 #else
79  return 0;
80 #endif
81 }
int be_tls_init(bool isServerStart)
bool secure_loaded_verify_locations ( void  )

Definition at line 98 of file be-secure.c.

References ssl_loaded_verify_locations.

Referenced by ClientAuthentication().

99 {
100 #ifdef USE_SSL
102 #else
103  return false;
104 #endif
105 }
bool ssl_loaded_verify_locations
int secure_open_server ( Port port)

Definition at line 111 of file be-secure.c.

References be_tls_open_server().

Referenced by ProcessStartupPacket().

112 {
113  int r = 0;
114 
115 #ifdef USE_SSL
116  r = be_tls_open_server(port);
117 #endif
118 
119  return r;
120 }
int be_tls_open_server(Port *port)
ssize_t secure_raw_read ( Port port,
void *  ptr,
size_t  len 
)

Definition at line 217 of file be-secure.c.

References pgwin32_noblock, recv, and Port::sock.

Referenced by my_sock_read(), and secure_read().

218 {
219  ssize_t n;
220 
221  /*
222  * Try to read from the socket without blocking. If it succeeds we're
223  * done, otherwise we'll wait for the socket using the latch mechanism.
224  */
225 #ifdef WIN32
226  pgwin32_noblock = true;
227 #endif
228  n = recv(port->sock, ptr, len, 0);
229 #ifdef WIN32
230  pgwin32_noblock = false;
231 #endif
232 
233  return n;
234 }
int pgwin32_noblock
Definition: socket.c:28
#define recv(s, buf, len, flags)
Definition: win32.h:375
pgsocket sock
Definition: libpq-be.h:118
ssize_t secure_raw_write ( Port port,
const void *  ptr,
size_t  len 
)

Definition at line 303 of file be-secure.c.

References pgwin32_noblock, send, and Port::sock.

Referenced by my_sock_write(), and secure_write().

304 {
305  ssize_t n;
306 
307 #ifdef WIN32
308  pgwin32_noblock = true;
309 #endif
310  n = send(port->sock, ptr, len, 0);
311 #ifdef WIN32
312  pgwin32_noblock = false;
313 #endif
314 
315  return n;
316 }
#define send(s, buf, len, flags)
Definition: win32.h:376
int pgwin32_noblock
Definition: socket.c:28
pgsocket sock
Definition: libpq-be.h:118
ssize_t secure_read ( Port port,
void *  ptr,
size_t  len 
)

Definition at line 138 of file be-secure.c.

References Assert, be_tls_read(), EAGAIN, ereport, errcode(), errmsg(), WaitEvent::events, EWOULDBLOCK, FATAL, FeBeWaitSet, ModifyWaitEvent(), MyLatch, ProcessClientReadInterrupt(), ResetLatch(), secure_raw_read(), Port::ssl_in_use, WAIT_EVENT_CLIENT_READ, WaitEventSetWait(), WL_LATCH_SET, WL_POSTMASTER_DEATH, and WL_SOCKET_READABLE.

Referenced by pq_getbyte_if_available(), and pq_recvbuf().

139 {
140  ssize_t n;
141  int waitfor;
142 
143 retry:
144 #ifdef USE_SSL
145  waitfor = 0;
146  if (port->ssl_in_use)
147  {
148  n = be_tls_read(port, ptr, len, &waitfor);
149  }
150  else
151 #endif
152  {
153  n = secure_raw_read(port, ptr, len);
154  waitfor = WL_SOCKET_READABLE;
155  }
156 
157  /* In blocking mode, wait until the socket is ready */
158  if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
159  {
160  WaitEvent event;
161 
162  Assert(waitfor);
163 
164  ModifyWaitEvent(FeBeWaitSet, 0, waitfor, NULL);
165 
166  WaitEventSetWait(FeBeWaitSet, -1 /* no timeout */ , &event, 1,
168 
169  /*
170  * If the postmaster has died, it's not safe to continue running,
171  * because it is the postmaster's job to kill us if some other backend
172  * exists uncleanly. Moreover, we won't run very well in this state;
173  * helper processes like walwriter and the bgwriter will exit, so
174  * performance may be poor. Finally, if we don't exit, pg_ctl will be
175  * unable to restart the postmaster without manual intervention, so no
176  * new connections can be accepted. Exiting clears the deck for a
177  * postmaster restart.
178  *
179  * (Note that we only make this check when we would otherwise sleep on
180  * our latch. We might still continue running for a while if the
181  * postmaster is killed in mid-query, or even through multiple queries
182  * if we never have to wait for read. We don't want to burn too many
183  * cycles checking for this very rare condition, and this should cause
184  * us to exit quickly in most cases.)
185  */
186  if (event.events & WL_POSTMASTER_DEATH)
187  ereport(FATAL,
188  (errcode(ERRCODE_ADMIN_SHUTDOWN),
189  errmsg("terminating connection due to unexpected postmaster exit")));
190 
191  /* Handle interrupt. */
192  if (event.events & WL_LATCH_SET)
193  {
196 
197  /*
198  * We'll retry the read. Most likely it will return immediately
199  * because there's still no data available, and we'll wait for the
200  * socket to become ready again.
201  */
202  }
203  goto retry;
204  }
205 
206  /*
207  * Process interrupts that happened while (or before) receiving. Note that
208  * we signal that we're not blocking, which will prevent some types of
209  * interrupts from being processed.
210  */
212 
213  return n;
214 }
#define EWOULDBLOCK
Definition: win32.h:291
ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
int errcode(int sqlerrcode)
Definition: elog.c:575
void ModifyWaitEvent(WaitEventSet *set, int pos, uint32 events, Latch *latch)
Definition: latch.c:736
bool ssl_in_use
Definition: libpq-be.h:181
#define WL_SOCKET_READABLE
Definition: latch.h:125
WaitEventSet * FeBeWaitSet
Definition: pqcomm.c:186
void ResetLatch(volatile Latch *latch)
Definition: latch.c:497
#define EAGAIN
Definition: win32.h:283
#define FATAL
Definition: elog.h:52
uint32 events
Definition: latch.h:143
#define ereport(elevel, rest)
Definition: elog.h:122
#define WL_POSTMASTER_DEATH
Definition: latch.h:128
void ProcessClientReadInterrupt(bool blocked)
Definition: postgres.c:523
ssize_t secure_raw_read(Port *port, void *ptr, size_t len)
Definition: be-secure.c:217
#define Assert(condition)
Definition: c.h:664
int errmsg(const char *fmt,...)
Definition: elog.c:797
struct Latch * MyLatch
Definition: globals.c:52
#define WL_LATCH_SET
Definition: latch.h:124
int WaitEventSetWait(WaitEventSet *set, long timeout, WaitEvent *occurred_events, int nevents, uint32 wait_event_info)
Definition: latch.c:921
ssize_t secure_write ( Port port,
void *  ptr,
size_t  len 
)

Definition at line 241 of file be-secure.c.

References Assert, be_tls_write(), EAGAIN, ereport, errcode(), errmsg(), WaitEvent::events, EWOULDBLOCK, FATAL, FeBeWaitSet, ModifyWaitEvent(), MyLatch, ProcessClientWriteInterrupt(), ResetLatch(), secure_raw_write(), Port::ssl_in_use, WAIT_EVENT_CLIENT_WRITE, WaitEventSetWait(), WL_LATCH_SET, WL_POSTMASTER_DEATH, and WL_SOCKET_WRITEABLE.

Referenced by internal_flush().

242 {
243  ssize_t n;
244  int waitfor;
245 
246 retry:
247  waitfor = 0;
248 #ifdef USE_SSL
249  if (port->ssl_in_use)
250  {
251  n = be_tls_write(port, ptr, len, &waitfor);
252  }
253  else
254 #endif
255  {
256  n = secure_raw_write(port, ptr, len);
257  waitfor = WL_SOCKET_WRITEABLE;
258  }
259 
260  if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
261  {
262  WaitEvent event;
263 
264  Assert(waitfor);
265 
266  ModifyWaitEvent(FeBeWaitSet, 0, waitfor, NULL);
267 
268  WaitEventSetWait(FeBeWaitSet, -1 /* no timeout */ , &event, 1,
270 
271  /* See comments in secure_read. */
272  if (event.events & WL_POSTMASTER_DEATH)
273  ereport(FATAL,
274  (errcode(ERRCODE_ADMIN_SHUTDOWN),
275  errmsg("terminating connection due to unexpected postmaster exit")));
276 
277  /* Handle interrupt. */
278  if (event.events & WL_LATCH_SET)
279  {
282 
283  /*
284  * We'll retry the write. Most likely it will return immediately
285  * because there's still no data available, and we'll wait for the
286  * socket to become ready again.
287  */
288  }
289  goto retry;
290  }
291 
292  /*
293  * Process interrupts that happened while (or before) sending. Note that
294  * we signal that we're not blocking, which will prevent some types of
295  * interrupts from being processed.
296  */
298 
299  return n;
300 }
#define EWOULDBLOCK
Definition: win32.h:291
#define WL_SOCKET_WRITEABLE
Definition: latch.h:126
ssize_t secure_raw_write(Port *port, const void *ptr, size_t len)
Definition: be-secure.c:303
int errcode(int sqlerrcode)
Definition: elog.c:575
void ModifyWaitEvent(WaitEventSet *set, int pos, uint32 events, Latch *latch)
Definition: latch.c:736
bool ssl_in_use
Definition: libpq-be.h:181
WaitEventSet * FeBeWaitSet
Definition: pqcomm.c:186
void ResetLatch(volatile Latch *latch)
Definition: latch.c:497
#define EAGAIN
Definition: win32.h:283
#define FATAL
Definition: elog.h:52
uint32 events
Definition: latch.h:143
ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
#define ereport(elevel, rest)
Definition: elog.h:122
#define WL_POSTMASTER_DEATH
Definition: latch.h:128
#define Assert(condition)
Definition: c.h:664
int errmsg(const char *fmt,...)
Definition: elog.c:797
struct Latch * MyLatch
Definition: globals.c:52
#define WL_LATCH_SET
Definition: latch.h:124
int WaitEventSetWait(WaitEventSet *set, long timeout, WaitEvent *occurred_events, int nevents, uint32 wait_event_info)
Definition: latch.c:921
void ProcessClientWriteInterrupt(bool blocked)
Definition: postgres.c:561

Variable Documentation

char* ssl_ca_file

Definition at line 45 of file be-secure.c.

Referenced by be_tls_init().

char* ssl_cert_file

Definition at line 43 of file be-secure.c.

Referenced by be_tls_init().

char* ssl_crl_file

Definition at line 46 of file be-secure.c.

Referenced by be_tls_init().

char* ssl_dh_params_file

Definition at line 47 of file be-secure.c.

Referenced by initialize_dh().

char* ssl_key_file

Definition at line 44 of file be-secure.c.

Referenced by be_tls_init().

char* SSLCipherSuites = NULL

Definition at line 54 of file be-secure.c.

Referenced by be_tls_init().

char* SSLECDHCurve

Definition at line 57 of file be-secure.c.

Referenced by initialize_ecdh().

bool SSLPreferServerCiphers

Definition at line 60 of file be-secure.c.

Referenced by be_tls_init().