PostgreSQL Source Code  git master
be-secure.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * be-secure.c
4  * functions related to setting up a secure connection to the frontend.
5  * Secure connections are expected to provide confidentiality,
6  * message integrity and endpoint authentication.
7  *
8  *
9  * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
10  * Portions Copyright (c) 1994, Regents of the University of California
11  *
12  *
13  * IDENTIFICATION
14  * src/backend/libpq/be-secure.c
15  *
16  *-------------------------------------------------------------------------
17  */
18 
19 #include "postgres.h"
20 
21 #include <signal.h>
22 #include <fcntl.h>
23 #include <ctype.h>
24 #include <sys/socket.h>
25 #include <netdb.h>
26 #include <netinet/in.h>
27 #ifdef HAVE_NETINET_TCP_H
28 #include <netinet/tcp.h>
29 #include <arpa/inet.h>
30 #endif
31 
32 #include "libpq/libpq.h"
33 #include "miscadmin.h"
34 #include "pgstat.h"
35 #include "tcop/tcopprot.h"
36 #include "utils/memutils.h"
37 #include "storage/ipc.h"
38 #include "storage/proc.h"
39 
40 
48 
49 #ifdef USE_SSL
50 bool ssl_loaded_verify_locations = false;
51 #endif
52 
53 /* GUC variable controlling SSL cipher list */
54 char *SSLCipherSuites = NULL;
55 
56 /* GUC variable for default ECHD curve. */
58 
59 /* GUC variable: if false, prefer client ciphers */
61 
62 /* ------------------------------------------------------------ */
63 /* Procedures common to all secure sessions */
64 /* ------------------------------------------------------------ */
65 
66 /*
67  * Initialize global context.
68  *
69  * If isServerStart is true, report any errors as FATAL (so we don't return).
70  * Otherwise, log errors at LOG level and return -1 to indicate trouble,
71  * preserving the old SSL state if any. Returns 0 if OK.
72  */
73 int
74 secure_initialize(bool isServerStart)
75 {
76 #ifdef USE_SSL
77  return be_tls_init(isServerStart);
78 #else
79  return 0;
80 #endif
81 }
82 
83 /*
84  * Destroy global context, if any.
85  */
86 void
88 {
89 #ifdef USE_SSL
91 #endif
92 }
93 
94 /*
95  * Indicate if we have loaded the root CA store to verify certificates
96  */
97 bool
99 {
100 #ifdef USE_SSL
102 #else
103  return false;
104 #endif
105 }
106 
107 /*
108  * Attempt to negotiate secure session.
109  */
110 int
112 {
113  int r = 0;
114 
115 #ifdef USE_SSL
116  r = be_tls_open_server(port);
117 
118  ereport(DEBUG2,
119  (errmsg("SSL connection from \"%s\"",
120  port->peer_cn ? port->peer_cn : "(anonymous)")));
121 #endif
122 
123  return r;
124 }
125 
126 /*
127  * Close secure session.
128  */
129 void
131 {
132 #ifdef USE_SSL
133  if (port->ssl_in_use)
134  be_tls_close(port);
135 #endif
136 }
137 
138 /*
139  * Read data from a secure connection.
140  */
141 ssize_t
142 secure_read(Port *port, void *ptr, size_t len)
143 {
144  ssize_t n;
145  int waitfor;
146 
147 retry:
148 #ifdef USE_SSL
149  waitfor = 0;
150  if (port->ssl_in_use)
151  {
152  n = be_tls_read(port, ptr, len, &waitfor);
153  }
154  else
155 #endif
156  {
157  n = secure_raw_read(port, ptr, len);
158  waitfor = WL_SOCKET_READABLE;
159  }
160 
161  /* In blocking mode, wait until the socket is ready */
162  if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
163  {
164  WaitEvent event;
165 
166  Assert(waitfor);
167 
168  ModifyWaitEvent(FeBeWaitSet, 0, waitfor, NULL);
169 
170  WaitEventSetWait(FeBeWaitSet, -1 /* no timeout */ , &event, 1,
172 
173  /*
174  * If the postmaster has died, it's not safe to continue running,
175  * because it is the postmaster's job to kill us if some other backend
176  * exists uncleanly. Moreover, we won't run very well in this state;
177  * helper processes like walwriter and the bgwriter will exit, so
178  * performance may be poor. Finally, if we don't exit, pg_ctl will be
179  * unable to restart the postmaster without manual intervention, so no
180  * new connections can be accepted. Exiting clears the deck for a
181  * postmaster restart.
182  *
183  * (Note that we only make this check when we would otherwise sleep on
184  * our latch. We might still continue running for a while if the
185  * postmaster is killed in mid-query, or even through multiple queries
186  * if we never have to wait for read. We don't want to burn too many
187  * cycles checking for this very rare condition, and this should cause
188  * us to exit quickly in most cases.)
189  */
190  if (event.events & WL_POSTMASTER_DEATH)
191  ereport(FATAL,
192  (errcode(ERRCODE_ADMIN_SHUTDOWN),
193  errmsg("terminating connection due to unexpected postmaster exit")));
194 
195  /* Handle interrupt. */
196  if (event.events & WL_LATCH_SET)
197  {
200 
201  /*
202  * We'll retry the read. Most likely it will return immediately
203  * because there's still no data available, and we'll wait for the
204  * socket to become ready again.
205  */
206  }
207  goto retry;
208  }
209 
210  /*
211  * Process interrupts that happened while (or before) receiving. Note that
212  * we signal that we're not blocking, which will prevent some types of
213  * interrupts from being processed.
214  */
216 
217  return n;
218 }
219 
220 ssize_t
221 secure_raw_read(Port *port, void *ptr, size_t len)
222 {
223  ssize_t n;
224 
225  /*
226  * Try to read from the socket without blocking. If it succeeds we're
227  * done, otherwise we'll wait for the socket using the latch mechanism.
228  */
229 #ifdef WIN32
230  pgwin32_noblock = true;
231 #endif
232  n = recv(port->sock, ptr, len, 0);
233 #ifdef WIN32
234  pgwin32_noblock = false;
235 #endif
236 
237  return n;
238 }
239 
240 
241 /*
242  * Write data to a secure connection.
243  */
244 ssize_t
245 secure_write(Port *port, void *ptr, size_t len)
246 {
247  ssize_t n;
248  int waitfor;
249 
250 retry:
251  waitfor = 0;
252 #ifdef USE_SSL
253  if (port->ssl_in_use)
254  {
255  n = be_tls_write(port, ptr, len, &waitfor);
256  }
257  else
258 #endif
259  {
260  n = secure_raw_write(port, ptr, len);
261  waitfor = WL_SOCKET_WRITEABLE;
262  }
263 
264  if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
265  {
266  WaitEvent event;
267 
268  Assert(waitfor);
269 
270  ModifyWaitEvent(FeBeWaitSet, 0, waitfor, NULL);
271 
272  WaitEventSetWait(FeBeWaitSet, -1 /* no timeout */ , &event, 1,
274 
275  /* See comments in secure_read. */
276  if (event.events & WL_POSTMASTER_DEATH)
277  ereport(FATAL,
278  (errcode(ERRCODE_ADMIN_SHUTDOWN),
279  errmsg("terminating connection due to unexpected postmaster exit")));
280 
281  /* Handle interrupt. */
282  if (event.events & WL_LATCH_SET)
283  {
286 
287  /*
288  * We'll retry the write. Most likely it will return immediately
289  * because there's still no data available, and we'll wait for the
290  * socket to become ready again.
291  */
292  }
293  goto retry;
294  }
295 
296  /*
297  * Process interrupts that happened while (or before) sending. Note that
298  * we signal that we're not blocking, which will prevent some types of
299  * interrupts from being processed.
300  */
302 
303  return n;
304 }
305 
306 ssize_t
307 secure_raw_write(Port *port, const void *ptr, size_t len)
308 {
309  ssize_t n;
310 
311 #ifdef WIN32
312  pgwin32_noblock = true;
313 #endif
314  n = send(port->sock, ptr, len, 0);
315 #ifdef WIN32
316  pgwin32_noblock = false;
317 #endif
318 
319  return n;
320 }
int secure_initialize(bool isServerStart)
Definition: be-secure.c:74
ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
#define WL_SOCKET_WRITEABLE
Definition: latch.h:126
#define EAGAIN
Definition: win32_port.h:332
char * peer_cn
Definition: libpq-be.h:182
bool ssl_loaded_verify_locations
ssize_t secure_raw_write(Port *port, const void *ptr, size_t len)
Definition: be-secure.c:307
int errcode(int sqlerrcode)
Definition: elog.c:575
Definition: libpq-be.h:116
ssize_t secure_read(Port *port, void *ptr, size_t len)
Definition: be-secure.c:142
void ModifyWaitEvent(WaitEventSet *set, int pos, uint32 events, Latch *latch)
Definition: latch.c:736
bool ssl_in_use
Definition: libpq-be.h:181
#define WL_SOCKET_READABLE
Definition: latch.h:125
char * ssl_cert_file
Definition: be-secure.c:41
int pgwin32_noblock
Definition: socket.c:28
WaitEventSet * FeBeWaitSet
Definition: pqcomm.c:186
void ResetLatch(volatile Latch *latch)
Definition: latch.c:497
char * ssl_crl_file
Definition: be-secure.c:44
#define recv(s, buf, len, flags)
Definition: win32_port.h:448
pgsocket sock
Definition: libpq-be.h:118
int be_tls_init(bool isServerStart)
#define FATAL
Definition: elog.h:52
uint32 events
Definition: latch.h:143
char * SSLECDHCurve
Definition: be-secure.c:57
#define DEBUG2
Definition: elog.h:24
ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
char * SSLCipherSuites
Definition: be-secure.c:54
void be_tls_destroy(void)
ssize_t secure_write(Port *port, void *ptr, size_t len)
Definition: be-secure.c:245
#define ereport(elevel, rest)
Definition: elog.h:122
bool ssl_passphrase_command_supports_reload
Definition: be-secure.c:47
static int port
Definition: pg_regress.c:90
#define WL_POSTMASTER_DEATH
Definition: latch.h:128
void ProcessClientReadInterrupt(bool blocked)
Definition: postgres.c:528
char * ssl_ca_file
Definition: be-secure.c:43
int be_tls_open_server(Port *port)
ssize_t secure_raw_read(Port *port, void *ptr, size_t len)
Definition: be-secure.c:221
#define Assert(condition)
Definition: c.h:699
void secure_close(Port *port)
Definition: be-secure.c:130
bool secure_loaded_verify_locations(void)
Definition: be-secure.c:98
char * ssl_dh_params_file
Definition: be-secure.c:45
int errmsg(const char *fmt,...)
Definition: elog.c:797
int secure_open_server(Port *port)
Definition: be-secure.c:111
void be_tls_close(Port *port)
struct Latch * MyLatch
Definition: globals.c:55
#define EWOULDBLOCK
Definition: win32_port.h:340
char * ssl_passphrase_command
Definition: be-secure.c:46
#define WL_LATCH_SET
Definition: latch.h:124
char * ssl_key_file
Definition: be-secure.c:42
#define send(s, buf, len, flags)
Definition: win32_port.h:449
int WaitEventSetWait(WaitEventSet *set, long timeout, WaitEvent *occurred_events, int nevents, uint32 wait_event_info)
Definition: latch.c:921
bool SSLPreferServerCiphers
Definition: be-secure.c:60
void ProcessClientWriteInterrupt(bool blocked)
Definition: postgres.c:566
void secure_destroy(void)
Definition: be-secure.c:87