be-secure.c File Reference

#include "postgres.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include "libpq/libpq.h"
#include "miscadmin.h"
#include "storage/latch.h"
#include "tcop/tcopprot.h"
#include "utils/injection_point.h"
#include "utils/wait_event.h"

Include dependency graph for be-secure.c:

Go to the source code of this file.

Functions
int	secure_initialize (bool isServerStart)
void	secure_destroy (void)
bool	secure_loaded_verify_locations (void)
int	secure_open_server (Port *port)
void	secure_close (Port *port)
ssize_t	secure_read (Port *port, void *ptr, size_t len)
ssize_t	secure_raw_read (Port *port, void *ptr, size_t len)
ssize_t	secure_write (Port *port, const void *ptr, size_t len)
ssize_t	secure_raw_write (Port *port, const void *ptr, size_t len)

Variables
char *	ssl_library
char *	ssl_cert_file
char *	ssl_key_file
char *	ssl_ca_file
char *	ssl_crl_file
char *	ssl_crl_dir
char *	ssl_dh_params_file
char *	ssl_passphrase_command
bool	ssl_passphrase_command_supports_reload
char *	SSLCipherSuites = NULL
char *	SSLCipherList = NULL
char *	SSLECDHCurve
bool	SSLPreferServerCiphers
int	ssl_min_protocol_version = PG_TLS1_2_VERSION
int	ssl_max_protocol_version = PG_TLS_ANY
bool	ssl_sni = false

Function Documentation

secure_close()

void secure_close

(

Port *

port

)

Definition at line 171 of file be-secure.c.

{
#ifdef USE_SSL
    if (port->ssl_in_use)
        be_tls_close(port);
#endif
}

References be_tls_close(), and port.

Referenced by socket_close().

secure_destroy()

void secure_destroy

(

void

)

Definition at line 92 of file be-secure.c.

{
#ifdef USE_SSL
    be_tls_destroy();
#endif
}

References be_tls_destroy().

Referenced by process_pm_reload_request().

secure_initialize()

int secure_initialize

(

bool

isServerStart

)

Definition at line 79 of file be-secure.c.

{
#ifdef USE_SSL
    return be_tls_init(isServerStart);
#else
    return 0;
#endif
}

References be_tls_init(), and fb().

Referenced by BackendMain(), PostmasterMain(), and process_pm_reload_request().

secure_loaded_verify_locations()

bool secure_loaded_verify_locations

(

void

)

Definition at line 103 of file be-secure.c.

{
#ifdef USE_SSL
    return ssl_loaded_verify_locations;
#else
    return false;
#endif
}

References fb().

Referenced by ClientAuthentication().

secure_open_server()

int secure_open_server

(

Port *

port

)

Definition at line 116 of file be-secure.c.

{
#ifdef USE_SSL
    int         r = 0;
    ssize_t     len;
 
    /* push unencrypted buffered data back through SSL setup */
    len = pq_buffer_remaining_data();
    if (len > 0)
    {
        char       *buf = palloc(len);
 
        pq_startmsgread();
        if (pq_getbytes(buf, len) == EOF)
            return STATUS_ERROR;    /* shouldn't be possible */
        pq_endmsgread();
        port->raw_buf = buf;
        port->raw_buf_remaining = len;
        port->raw_buf_consumed = 0;
    }
    Assert(pq_buffer_remaining_data() == 0);
 
    INJECTION_POINT("backend-ssl-startup", NULL);
 
    r = be_tls_open_server(port);
 
    if (port->raw_buf_remaining > 0)
    {
        /*
         * This shouldn't be possible -- it would mean the client sent
         * encrypted data before we established a session key...
         */
        elog(LOG, "buffered unencrypted data remains after negotiating SSL connection");
        return STATUS_ERROR;
    }
    if (port->raw_buf != NULL)
    {
        pfree(port->raw_buf);
        port->raw_buf = NULL;
    }
 
    ereport(DEBUG2,
            (errmsg_internal("SSL connection from DN:\"%s\" CN:\"%s\"",
                             port->peer_dn ? port->peer_dn : "(anonymous)",
                             port->peer_cn ? port->peer_cn : "(anonymous)")));
    return r;
#else
    return 0;
#endif
}

References Assert, be_tls_open_server(), buf, DEBUG2, elog, ereport, errmsg_internal(), fb(), INJECTION_POINT, len, LOG, palloc(), pfree(), port, pq_buffer_remaining_data(), pq_endmsgread(), pq_getbytes(), pq_startmsgread(), and STATUS_ERROR.

Referenced by ProcessSSLStartup(), and ProcessStartupPacket().

secure_raw_read()

ssize_t secure_raw_read	(	Port *	port,
		void *	ptr,
		size_t	len
	)

Definition at line 272 of file be-secure.c.

{
    ssize_t     n;
 
    /* Read from the "unread" buffered data first. c.f. libpq-be.h */
    if (port->raw_buf_remaining > 0)
    {
        /* consume up to len bytes from the raw_buf */
        if (len > port->raw_buf_remaining)
            len = port->raw_buf_remaining;
        Assert(port->raw_buf);
        memcpy(ptr, port->raw_buf + port->raw_buf_consumed, len);
        port->raw_buf_consumed += len;
        port->raw_buf_remaining -= len;
        return len;
    }
 
    /*
     * Try to read from the socket without blocking. If it succeeds we're
     * done, otherwise we'll wait for the socket using the latch mechanism.
     */
#ifdef WIN32
    pgwin32_noblock = true;
#endif
    n = recv(port->sock, ptr, len, 0);
#ifdef WIN32
    pgwin32_noblock = false;
#endif
 
    return n;
}

References Assert, fb(), len, pgwin32_noblock, port, and recv.

Referenced by be_gssapi_read(), port_bio_read(), read_or_wait(), and secure_read().

secure_raw_write()

ssize_t secure_raw_write	(	Port *	port,
		const void *	ptr,
		size_t	len
	)

Definition at line 381 of file be-secure.c.

{
    ssize_t     n;
 
#ifdef WIN32
    pgwin32_noblock = true;
#endif
    n = send(port->sock, ptr, len, 0);
#ifdef WIN32
    pgwin32_noblock = false;
#endif
 
    return n;
}

References fb(), len, pgwin32_noblock, port, and send.

Referenced by be_gssapi_write(), port_bio_write(), secure_open_gssapi(), and secure_write().

secure_read()

ssize_t secure_read	(	Port *	port,
		void *	ptr,
		size_t	len
	)

Definition at line 183 of file be-secure.c.

{
    ssize_t     n;
    int         waitfor;
 
    /* Deal with any already-pending interrupt condition. */
    ProcessClientReadInterrupt(false);
 
retry:
#ifdef USE_SSL
    waitfor = 0;
    if (port->ssl_in_use)
    {
        n = be_tls_read(port, ptr, len, &waitfor);
    }
    else
#endif
#ifdef ENABLE_GSS
    if (port->gss && port->gss->enc)
    {
        n = be_gssapi_read(port, ptr, len);
        waitfor = WL_SOCKET_READABLE;
    }
    else
#endif
    {
        n = secure_raw_read(port, ptr, len);
        waitfor = WL_SOCKET_READABLE;
    }
 
    /* In blocking mode, wait until the socket is ready */
    if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
    {
        WaitEvent   event;
 
        Assert(waitfor);
 
        ModifyWaitEvent(FeBeWaitSet, FeBeWaitSetSocketPos, waitfor, NULL);
 
        WaitEventSetWait(FeBeWaitSet, -1 /* no timeout */ , &event, 1,
                         WAIT_EVENT_CLIENT_READ);
 
        /*
         * If the postmaster has died, it's not safe to continue running,
         * because it is the postmaster's job to kill us if some other backend
         * exits uncleanly.  Moreover, we won't run very well in this state;
         * helper processes like walwriter and the bgwriter will exit, so
         * performance may be poor.  Finally, if we don't exit, pg_ctl will be
         * unable to restart the postmaster without manual intervention, so no
         * new connections can be accepted.  Exiting clears the deck for a
         * postmaster restart.
         *
         * (Note that we only make this check when we would otherwise sleep on
         * our latch.  We might still continue running for a while if the
         * postmaster is killed in mid-query, or even through multiple queries
         * if we never have to wait for read.  We don't want to burn too many
         * cycles checking for this very rare condition, and this should cause
         * us to exit quickly in most cases.)
         */
        if (event.events & WL_POSTMASTER_DEATH)
            ereport(FATAL,
                    (errcode(ERRCODE_ADMIN_SHUTDOWN),
                     errmsg("terminating connection due to unexpected postmaster exit")));
 
        /* Handle interrupt. */
        if (event.events & WL_LATCH_SET)
        {
            ResetLatch(MyLatch);
            ProcessClientReadInterrupt(true);
 
            /*
             * We'll retry the read. Most likely it will return immediately
             * because there's still no data available, and we'll wait for the
             * socket to become ready again.
             */
        }
        goto retry;
    }
 
    /*
     * Process interrupts that happened during a successful (or non-blocking,
     * or hard-failed) read.
     */
    ProcessClientReadInterrupt(false);
 
    return n;
}

References Assert, be_gssapi_read(), be_tls_read(), EAGAIN, ereport, errcode(), errmsg, WaitEvent::events, EWOULDBLOCK, FATAL, fb(), FeBeWaitSet, FeBeWaitSetSocketPos, len, ModifyWaitEvent(), MyLatch, port, ProcessClientReadInterrupt(), ResetLatch(), secure_raw_read(), WaitEventSetWait(), WL_LATCH_SET, WL_POSTMASTER_DEATH, and WL_SOCKET_READABLE.

Referenced by pq_getbyte_if_available(), and pq_recvbuf().

secure_write()

ssize_t secure_write	(	Port *	port,
		const void *	ptr,
		size_t	len
	)

Definition at line 309 of file be-secure.c.

{
    ssize_t     n;
    int         waitfor;
 
    /* Deal with any already-pending interrupt condition. */
    ProcessClientWriteInterrupt(false);
 
retry:
    waitfor = 0;
#ifdef USE_SSL
    if (port->ssl_in_use)
    {
        n = be_tls_write(port, ptr, len, &waitfor);
    }
    else
#endif
#ifdef ENABLE_GSS
    if (port->gss && port->gss->enc)
    {
        n = be_gssapi_write(port, ptr, len);
        waitfor = WL_SOCKET_WRITEABLE;
    }
    else
#endif
    {
        n = secure_raw_write(port, ptr, len);
        waitfor = WL_SOCKET_WRITEABLE;
    }
 
    if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
    {
        WaitEvent   event;
 
        Assert(waitfor);
 
        ModifyWaitEvent(FeBeWaitSet, FeBeWaitSetSocketPos, waitfor, NULL);
 
        WaitEventSetWait(FeBeWaitSet, -1 /* no timeout */ , &event, 1,
                         WAIT_EVENT_CLIENT_WRITE);
 
        /* See comments in secure_read. */
        if (event.events & WL_POSTMASTER_DEATH)
            ereport(FATAL,
                    (errcode(ERRCODE_ADMIN_SHUTDOWN),
                     errmsg("terminating connection due to unexpected postmaster exit")));
 
        /* Handle interrupt. */
        if (event.events & WL_LATCH_SET)
        {
            ResetLatch(MyLatch);
            ProcessClientWriteInterrupt(true);
 
            /*
             * We'll retry the write. Most likely it will return immediately
             * because there's still no buffer space available, and we'll wait
             * for the socket to become ready again.
             */
        }
        goto retry;
    }
 
    /*
     * Process interrupts that happened during a successful (or non-blocking,
     * or hard-failed) write.
     */
    ProcessClientWriteInterrupt(false);
 
    return n;
}

References Assert, be_gssapi_write(), be_tls_write(), EAGAIN, ereport, errcode(), errmsg, WaitEvent::events, EWOULDBLOCK, FATAL, fb(), FeBeWaitSet, FeBeWaitSetSocketPos, len, ModifyWaitEvent(), MyLatch, port, ProcessClientWriteInterrupt(), ResetLatch(), secure_raw_write(), WaitEventSetWait(), WL_LATCH_SET, WL_POSTMASTER_DEATH, and WL_SOCKET_WRITEABLE.

Referenced by internal_flush_buffer(), and ProcessStartupPacket().

Variable Documentation

ssl_ca_file

char* ssl_ca_file

Definition at line 40 of file be-secure.c.

Referenced by be_tls_init().

ssl_cert_file

char* ssl_cert_file

Definition at line 38 of file be-secure.c.

Referenced by be_tls_init().

ssl_crl_dir

char* ssl_crl_dir

Definition at line 42 of file be-secure.c.

Referenced by init_host_context().

ssl_crl_file

char* ssl_crl_file

Definition at line 41 of file be-secure.c.

Referenced by init_host_context().

ssl_dh_params_file

char* ssl_dh_params_file

Definition at line 43 of file be-secure.c.

Referenced by initialize_dh().

ssl_key_file

char* ssl_key_file

Definition at line 39 of file be-secure.c.

Referenced by be_tls_init(), and check_ssl_key_file_permissions().

ssl_library

char* ssl_library

Definition at line 37 of file be-secure.c.

ssl_max_protocol_version

int ssl_max_protocol_version = PG_TLS_ANY

Definition at line 62 of file be-secure.c.

Referenced by be_tls_init(), and be_tls_open_server().

ssl_min_protocol_version

int ssl_min_protocol_version = PG_TLS1_2_VERSION

Definition at line 61 of file be-secure.c.

Referenced by be_tls_init(), and be_tls_open_server().

ssl_passphrase_command

char* ssl_passphrase_command

Definition at line 44 of file be-secure.c.

Referenced by be_tls_init(), default_openssl_tls_init(), and set_rot13().

ssl_passphrase_command_supports_reload

bool ssl_passphrase_command_supports_reload

Definition at line 45 of file be-secure.c.

Referenced by be_tls_init(), and default_openssl_tls_init().

ssl_sni

bool ssl_sni = false

Definition at line 65 of file be-secure.c.

Referenced by be_tls_init(), and init_host_context().

SSLCipherList

char* SSLCipherList = NULL

Definition at line 53 of file be-secure.c.

Referenced by be_tls_init().

SSLCipherSuites

char* SSLCipherSuites = NULL

Definition at line 52 of file be-secure.c.

Referenced by be_tls_init().

SSLECDHCurve

char* SSLECDHCurve

Definition at line 56 of file be-secure.c.

Referenced by initialize_ecdh().

SSLPreferServerCiphers

bool SSLPreferServerCiphers

Definition at line 59 of file be-secure.c.

Referenced by be_tls_init().