PostgreSQL Source Code  git master
fe-secure-gssapi.c File Reference
#include "postgres_fe.h"
#include "fe-gssapi-common.h"
#include "libpq-fe.h"
#include "libpq-int.h"
#include "port/pg_bswap.h"
Include dependency graph for fe-secure-gssapi.c:

Go to the source code of this file.

Macros

#define GSS_REQUIRED_FLAGS
 
#define PQ_GSS_SEND_BUFFER_SIZE   16384
 
#define PQ_GSS_RECV_BUFFER_SIZE   16384
 
#define PqGSSSendBuffer   (conn->gss_SendBuffer)
 
#define PqGSSSendLength   (conn->gss_SendLength)
 
#define PqGSSSendNext   (conn->gss_SendNext)
 
#define PqGSSSendConsumed   (conn->gss_SendConsumed)
 
#define PqGSSRecvBuffer   (conn->gss_RecvBuffer)
 
#define PqGSSRecvLength   (conn->gss_RecvLength)
 
#define PqGSSResultBuffer   (conn->gss_ResultBuffer)
 
#define PqGSSResultLength   (conn->gss_ResultLength)
 
#define PqGSSResultNext   (conn->gss_ResultNext)
 
#define PqGSSMaxPktSize   (conn->gss_MaxPktSize)
 

Functions

ssize_t pg_GSS_write (PGconn *conn, const void *ptr, size_t len)
 
ssize_t pg_GSS_read (PGconn *conn, void *ptr, size_t len)
 
static PostgresPollingStatusType gss_read (PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret)
 
PostgresPollingStatusType pqsecure_open_gss (PGconn *conn)
 
void * PQgetgssctx (PGconn *conn)
 
int PQgssEncInUse (PGconn *conn)
 

Macro Definition Documentation

◆ GSS_REQUIRED_FLAGS

#define GSS_REQUIRED_FLAGS
Value:
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG

Definition at line 26 of file fe-secure-gssapi.c.

Referenced by pqsecure_open_gss().

◆ PQ_GSS_RECV_BUFFER_SIZE

#define PQ_GSS_RECV_BUFFER_SIZE   16384

Definition at line 54 of file fe-secure-gssapi.c.

Referenced by pg_GSS_read(), and pqsecure_open_gss().

◆ PQ_GSS_SEND_BUFFER_SIZE

#define PQ_GSS_SEND_BUFFER_SIZE   16384

Definition at line 53 of file fe-secure-gssapi.c.

Referenced by pg_GSS_write(), and pqsecure_open_gss().

◆ PqGSSMaxPktSize

#define PqGSSMaxPktSize   (conn->gss_MaxPktSize)

Definition at line 70 of file fe-secure-gssapi.c.

Referenced by pg_GSS_write(), and pqsecure_open_gss().

◆ PqGSSRecvBuffer

#define PqGSSRecvBuffer   (conn->gss_RecvBuffer)

Definition at line 65 of file fe-secure-gssapi.c.

Referenced by pg_GSS_read(), and pqsecure_open_gss().

◆ PqGSSRecvLength

#define PqGSSRecvLength   (conn->gss_RecvLength)

Definition at line 66 of file fe-secure-gssapi.c.

Referenced by pg_GSS_read(), and pqsecure_open_gss().

◆ PqGSSResultBuffer

#define PqGSSResultBuffer   (conn->gss_ResultBuffer)

Definition at line 67 of file fe-secure-gssapi.c.

Referenced by pg_GSS_read(), and pqsecure_open_gss().

◆ PqGSSResultLength

#define PqGSSResultLength   (conn->gss_ResultLength)

Definition at line 68 of file fe-secure-gssapi.c.

Referenced by pg_GSS_read(), and pqsecure_open_gss().

◆ PqGSSResultNext

#define PqGSSResultNext   (conn->gss_ResultNext)

Definition at line 69 of file fe-secure-gssapi.c.

Referenced by pg_GSS_read(), and pqsecure_open_gss().

◆ PqGSSSendBuffer

#define PqGSSSendBuffer   (conn->gss_SendBuffer)

Definition at line 61 of file fe-secure-gssapi.c.

Referenced by pg_GSS_write(), and pqsecure_open_gss().

◆ PqGSSSendConsumed

#define PqGSSSendConsumed   (conn->gss_SendConsumed)

Definition at line 64 of file fe-secure-gssapi.c.

Referenced by pg_GSS_write(), and pqsecure_open_gss().

◆ PqGSSSendLength

#define PqGSSSendLength   (conn->gss_SendLength)

Definition at line 62 of file fe-secure-gssapi.c.

Referenced by pg_GSS_write(), and pqsecure_open_gss().

◆ PqGSSSendNext

#define PqGSSSendNext   (conn->gss_SendNext)

Definition at line 63 of file fe-secure-gssapi.c.

Referenced by pg_GSS_write(), and pqsecure_open_gss().

Function Documentation

◆ gss_read()

static PostgresPollingStatusType gss_read ( PGconn conn,
void *  recv_buffer,
size_t  length,
ssize_t *  ret 
)
static

Definition at line 436 of file fe-secure-gssapi.c.

References EAGAIN, EINTR, EWOULDBLOCK, PGRES_POLLING_FAILED, PGRES_POLLING_OK, PGRES_POLLING_READING, pqReadReady(), and pqsecure_raw_read().

Referenced by pqsecure_open_gss().

437 {
438  *ret = pqsecure_raw_read(conn, recv_buffer, length);
439  if (*ret < 0)
440  {
441  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
442  return PGRES_POLLING_READING;
443  else
444  return PGRES_POLLING_FAILED;
445  }
446 
447  /* Check for EOF */
448  if (*ret == 0)
449  {
450  int result = pqReadReady(conn);
451 
452  if (result < 0)
453  return PGRES_POLLING_FAILED;
454 
455  if (!result)
456  return PGRES_POLLING_READING;
457 
458  *ret = pqsecure_raw_read(conn, recv_buffer, length);
459  if (*ret < 0)
460  {
461  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
462  return PGRES_POLLING_READING;
463  else
464  return PGRES_POLLING_FAILED;
465  }
466  if (*ret == 0)
467  return PGRES_POLLING_FAILED;
468  }
469 
470  return PGRES_POLLING_OK;
471 }
int pqReadReady(PGconn *conn)
Definition: fe-misc.c:1072
#define EAGAIN
Definition: win32_port.h:341
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
Definition: fe-secure.c:239
#define EWOULDBLOCK
Definition: win32_port.h:349
#define EINTR
Definition: win32_port.h:343

◆ pg_GSS_read()

ssize_t pg_GSS_read ( PGconn conn,
void *  ptr,
size_t  len 
)

Definition at line 265 of file fe-secure-gssapi.c.

References Assert, cleanup(), pg_conn::errorMessage, EWOULDBLOCK, libpq_gettext, Min, output(), pg_GSS_error(), pg_ntoh32, PQ_GSS_RECV_BUFFER_SIZE, PqGSSRecvBuffer, PqGSSRecvLength, PqGSSResultBuffer, PqGSSResultLength, PqGSSResultNext, pqsecure_raw_read(), and printfPQExpBuffer().

Referenced by pqsecure_read().

266 {
267  OM_uint32 major,
268  minor;
269  gss_buffer_desc input = GSS_C_EMPTY_BUFFER,
270  output = GSS_C_EMPTY_BUFFER;
271  ssize_t ret;
272  size_t bytes_returned = 0;
273  gss_ctx_id_t gctx = conn->gctx;
274 
275  /*
276  * The plan here is to read one incoming encrypted packet into
277  * PqGSSRecvBuffer, decrypt it into PqGSSResultBuffer, and then dole out
278  * data from there to the caller. When we exhaust the current input
279  * packet, read another.
280  */
281  while (bytes_returned < len)
282  {
283  int conf_state = 0;
284 
285  /* Check if we have data in our buffer that we can return immediately */
287  {
288  size_t bytes_in_buffer = PqGSSResultLength - PqGSSResultNext;
289  size_t bytes_to_copy = Min(bytes_in_buffer, len - bytes_returned);
290 
291  /*
292  * Copy the data from our result buffer into the caller's buffer,
293  * at the point where we last left off filling their buffer.
294  */
295  memcpy((char *) ptr + bytes_returned, PqGSSResultBuffer + PqGSSResultNext, bytes_to_copy);
296  PqGSSResultNext += bytes_to_copy;
297  bytes_returned += bytes_to_copy;
298 
299  /*
300  * At this point, we've either filled the caller's buffer or
301  * emptied our result buffer. Either way, return to caller. In
302  * the second case, we could try to read another encrypted packet,
303  * but the odds are good that there isn't one available. (If this
304  * isn't true, we chose too small a max packet size.) In any
305  * case, there's no harm letting the caller process the data we've
306  * already returned.
307  */
308  break;
309  }
310 
311  /* Result buffer is empty, so reset buffer pointers */
312  PqGSSResultLength = PqGSSResultNext = 0;
313 
314  /*
315  * Because we chose above to return immediately as soon as we emit
316  * some data, bytes_returned must be zero at this point. Therefore
317  * the failure exits below can just return -1 without worrying about
318  * whether we already emitted some data.
319  */
320  Assert(bytes_returned == 0);
321 
322  /*
323  * At this point, our result buffer is empty with more bytes being
324  * requested to be read. We are now ready to load the next packet and
325  * decrypt it (entirely) into our result buffer.
326  */
327 
328  /* Collect the length if we haven't already */
329  if (PqGSSRecvLength < sizeof(uint32))
330  {
332  sizeof(uint32) - PqGSSRecvLength);
333 
334  /* If ret <= 0, pqsecure_raw_read already set the correct errno */
335  if (ret <= 0)
336  return ret;
337 
338  PqGSSRecvLength += ret;
339 
340  /* If we still haven't got the length, return to the caller */
341  if (PqGSSRecvLength < sizeof(uint32))
342  {
343  errno = EWOULDBLOCK;
344  return -1;
345  }
346  }
347 
348  /* Decode the packet length and check for overlength packet */
349  input.length = pg_ntoh32(*(uint32 *) PqGSSRecvBuffer);
350 
351  if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
352  {
354  libpq_gettext("oversize GSSAPI packet sent by the server (%zu > %zu)\n"),
355  (size_t) input.length,
356  PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32));
357  errno = EIO; /* for lack of a better idea */
358  return -1;
359  }
360 
361  /*
362  * Read as much of the packet as we are able to on this call into
363  * wherever we left off from the last time we were called.
364  */
366  input.length - (PqGSSRecvLength - sizeof(uint32)));
367  /* If ret <= 0, pqsecure_raw_read already set the correct errno */
368  if (ret <= 0)
369  return ret;
370 
371  PqGSSRecvLength += ret;
372 
373  /* If we don't yet have the whole packet, return to the caller */
374  if (PqGSSRecvLength - sizeof(uint32) < input.length)
375  {
376  errno = EWOULDBLOCK;
377  return -1;
378  }
379 
380  /*
381  * We now have the full packet and we can perform the decryption and
382  * refill our result buffer, then loop back up to pass data back to
383  * the caller. Note that error exits below here must take care of
384  * releasing the gss output buffer.
385  */
386  output.value = NULL;
387  output.length = 0;
388  input.value = PqGSSRecvBuffer + sizeof(uint32);
389 
390  major = gss_unwrap(&minor, gctx, &input, &output, &conf_state, NULL);
391  if (major != GSS_S_COMPLETE)
392  {
393  pg_GSS_error(libpq_gettext("GSSAPI unwrap error"), conn,
394  major, minor);
395  ret = -1;
396  errno = EIO; /* for lack of a better idea */
397  goto cleanup;
398  }
399 
400  if (conf_state == 0)
401  {
403  libpq_gettext("incoming GSSAPI message did not use confidentiality\n"));
404  ret = -1;
405  errno = EIO; /* for lack of a better idea */
406  goto cleanup;
407  }
408 
409  memcpy(PqGSSResultBuffer, output.value, output.length);
410  PqGSSResultLength = output.length;
411 
412  /* Our receive buffer is now empty, reset it */
413  PqGSSRecvLength = 0;
414 
415  /* Release buffer storage allocated by GSSAPI */
416  gss_release_buffer(&minor, &output);
417  }
418 
419  ret = bytes_returned;
420 
421 cleanup:
422  /* Release GSSAPI buffer storage, if we didn't already */
423  if (output.value != NULL)
424  gss_release_buffer(&minor, &output);
425  return ret;
426 }
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:237
static void output(uint64 loop_count)
#define Min(x, y)
Definition: c.h:928
#define PqGSSResultLength
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
Definition: fe-secure.c:239
#define pg_ntoh32(x)
Definition: pg_bswap.h:125
#define PqGSSRecvBuffer
unsigned int uint32
Definition: c.h:375
#define PqGSSRecvLength
#define PqGSSResultNext
static void cleanup(void)
Definition: bootstrap.c:862
PQExpBufferData errorMessage
Definition: libpq-int.h:526
#define Assert(condition)
Definition: c.h:746
#define PQ_GSS_RECV_BUFFER_SIZE
#define PqGSSResultBuffer
#define EWOULDBLOCK
Definition: win32_port.h:349
void pg_GSS_error(int severity, const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
#define libpq_gettext(x)
Definition: libpq-int.h:805

◆ pg_GSS_write()

ssize_t pg_GSS_write ( PGconn conn,
const void *  ptr,
size_t  len 
)

Definition at line 86 of file fe-secure-gssapi.c.

References Assert, cleanup(), pg_conn::errorMessage, libpq_gettext, output(), pg_GSS_error(), pg_hton32, PQ_GSS_SEND_BUFFER_SIZE, PqGSSMaxPktSize, PqGSSSendBuffer, PqGSSSendConsumed, PqGSSSendLength, PqGSSSendNext, pqsecure_raw_write(), and printfPQExpBuffer().

Referenced by pqsecure_write().

87 {
88  OM_uint32 major,
89  minor;
90  gss_buffer_desc input,
91  output = GSS_C_EMPTY_BUFFER;
92  ssize_t ret = -1;
93  size_t bytes_sent = 0;
94  size_t bytes_to_encrypt;
95  size_t bytes_encrypted;
96  gss_ctx_id_t gctx = conn->gctx;
97 
98  /*
99  * When we get a failure, we must not tell the caller we have successfully
100  * transmitted everything, else it won't retry. Hence a "success"
101  * (positive) return value must only count source bytes corresponding to
102  * fully-transmitted encrypted packets. The amount of source data
103  * corresponding to the current partly-transmitted packet is remembered in
104  * PqGSSSendConsumed. On a retry, the caller *must* be sending that data
105  * again, so if it offers a len less than that, something is wrong.
106  */
107  if (len < PqGSSSendConsumed)
108  {
110  "GSSAPI caller failed to retransmit all data needing to be retried\n");
111  errno = EINVAL;
112  return -1;
113  }
114 
115  /* Discount whatever source data we already encrypted. */
116  bytes_to_encrypt = len - PqGSSSendConsumed;
117  bytes_encrypted = PqGSSSendConsumed;
118 
119  /*
120  * Loop through encrypting data and sending it out until it's all done or
121  * pqsecure_raw_write() complains (which would likely mean that the socket
122  * is non-blocking and the requested send() would block, or there was some
123  * kind of actual error).
124  */
125  while (bytes_to_encrypt || PqGSSSendLength)
126  {
127  int conf_state = 0;
128  uint32 netlen;
129 
130  /*
131  * Check if we have data in the encrypted output buffer that needs to
132  * be sent (possibly left over from a previous call), and if so, try
133  * to send it. If we aren't able to, return that fact back up to the
134  * caller.
135  */
136  if (PqGSSSendLength)
137  {
138  ssize_t ret;
139  ssize_t amount = PqGSSSendLength - PqGSSSendNext;
140 
141  ret = pqsecure_raw_write(conn, PqGSSSendBuffer + PqGSSSendNext, amount);
142  if (ret <= 0)
143  {
144  /*
145  * Report any previously-sent data; if there was none, reflect
146  * the pqsecure_raw_write result up to our caller. When there
147  * was some, we're effectively assuming that any interesting
148  * failure condition will recur on the next try.
149  */
150  if (bytes_sent)
151  return bytes_sent;
152  return ret;
153  }
154 
155  /*
156  * Check if this was a partial write, and if so, move forward that
157  * far in our buffer and try again.
158  */
159  if (ret != amount)
160  {
161  PqGSSSendNext += ret;
162  continue;
163  }
164 
165  /* We've successfully sent whatever data was in that packet. */
166  bytes_sent += PqGSSSendConsumed;
167 
168  /* All encrypted data was sent, our buffer is empty now. */
169  PqGSSSendLength = PqGSSSendNext = PqGSSSendConsumed = 0;
170  }
171 
172  /*
173  * Check if there are any bytes left to encrypt. If not, we're done.
174  */
175  if (!bytes_to_encrypt)
176  break;
177 
178  /*
179  * Check how much we are being asked to send, if it's too much, then
180  * we will have to loop and possibly be called multiple times to get
181  * through all the data.
182  */
183  if (bytes_to_encrypt > PqGSSMaxPktSize)
184  input.length = PqGSSMaxPktSize;
185  else
186  input.length = bytes_to_encrypt;
187 
188  input.value = (char *) ptr + bytes_encrypted;
189 
190  output.value = NULL;
191  output.length = 0;
192 
193  /*
194  * Create the next encrypted packet. Any failure here is considered a
195  * hard failure, so we return -1 even if bytes_sent > 0.
196  */
197  major = gss_wrap(&minor, gctx, 1, GSS_C_QOP_DEFAULT,
198  &input, &conf_state, &output);
199  if (major != GSS_S_COMPLETE)
200  {
201  pg_GSS_error(libpq_gettext("GSSAPI wrap error"), conn, major, minor);
202  errno = EIO; /* for lack of a better idea */
203  goto cleanup;
204  }
205 
206  if (conf_state == 0)
207  {
209  libpq_gettext("outgoing GSSAPI message would not use confidentiality\n"));
210  errno = EIO; /* for lack of a better idea */
211  goto cleanup;
212  }
213 
214  if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
215  {
217  libpq_gettext("client tried to send oversize GSSAPI packet (%zu > %zu)\n"),
218  (size_t) output.length,
219  PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32));
220  errno = EIO; /* for lack of a better idea */
221  goto cleanup;
222  }
223 
224  bytes_encrypted += input.length;
225  bytes_to_encrypt -= input.length;
226  PqGSSSendConsumed += input.length;
227 
228  /* 4 network-order bytes of length, then payload */
229  netlen = pg_hton32(output.length);
230  memcpy(PqGSSSendBuffer + PqGSSSendLength, &netlen, sizeof(uint32));
231  PqGSSSendLength += sizeof(uint32);
232 
233  memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
234  PqGSSSendLength += output.length;
235 
236  /* Release buffer storage allocated by GSSAPI */
237  gss_release_buffer(&minor, &output);
238  }
239 
240  /* If we get here, our counters should all match up. */
241  Assert(bytes_sent == len);
242  Assert(bytes_sent == bytes_encrypted);
243 
244  ret = bytes_sent;
245 
246 cleanup:
247  /* Release GSSAPI buffer storage, if we didn't already */
248  if (output.value != NULL)
249  gss_release_buffer(&minor, &output);
250  return ret;
251 }
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:237
#define PQ_GSS_SEND_BUFFER_SIZE
static void output(uint64 loop_count)
#define PqGSSSendConsumed
#define PqGSSSendLength
#define pg_hton32(x)
Definition: pg_bswap.h:121
unsigned int uint32
Definition: c.h:375
#define PqGSSMaxPktSize
static void cleanup(void)
Definition: bootstrap.c:862
PQExpBufferData errorMessage
Definition: libpq-int.h:526
#define Assert(condition)
Definition: c.h:746
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
Definition: fe-secure.c:321
#define PqGSSSendNext
#define PqGSSSendBuffer
void pg_GSS_error(int severity, const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
#define libpq_gettext(x)
Definition: libpq-int.h:805

◆ PQgetgssctx()

void* PQgetgssctx ( PGconn conn)

Definition at line 716 of file fe-secure-gssapi.c.

717 {
718  if (!conn)
719  return NULL;
720 
721  return conn->gctx;
722 }

◆ PQgssEncInUse()

int PQgssEncInUse ( PGconn conn)

Definition at line 728 of file fe-secure-gssapi.c.

Referenced by printGSSInfo().

729 {
730  if (!conn || !conn->gctx)
731  return 0;
732 
733  return conn->gssenc;
734 }

◆ pqsecure_open_gss()

PostgresPollingStatusType pqsecure_open_gss ( PGconn conn)

Definition at line 480 of file fe-secure-gssapi.c.

References EAGAIN, EINTR, pg_conn::errorMessage, EWOULDBLOCK, gss_read(), GSS_REQUIRED_FLAGS, libpq_gettext, malloc, output(), pg_GSS_error(), pg_GSS_load_servicename(), pg_hton32, pg_ntoh32, PGRES_POLLING_FAILED, PGRES_POLLING_OK, PGRES_POLLING_READING, PGRES_POLLING_WRITING, PQ_GSS_RECV_BUFFER_SIZE, PQ_GSS_SEND_BUFFER_SIZE, PqGSSMaxPktSize, PqGSSRecvBuffer, PqGSSRecvLength, PqGSSResultBuffer, PqGSSResultLength, PqGSSResultNext, PqGSSSendBuffer, PqGSSSendConsumed, PqGSSSendLength, PqGSSSendNext, pqsecure_raw_write(), printfPQExpBuffer(), and STATUS_OK.

Referenced by PQconnectPoll().

481 {
482  ssize_t ret;
483  OM_uint32 major,
484  minor;
485  uint32 netlen;
487  gss_buffer_desc input = GSS_C_EMPTY_BUFFER,
488  output = GSS_C_EMPTY_BUFFER;
489 
490  /*
491  * If first time through for this connection, allocate buffers and
492  * initialize state variables. By malloc'ing the buffers separately, we
493  * ensure that they are sufficiently aligned for the length-word accesses
494  * that we do in some places in this file.
495  */
496  if (PqGSSSendBuffer == NULL)
497  {
502  {
504  libpq_gettext("out of memory\n"));
505  return PGRES_POLLING_FAILED;
506  }
509  }
510 
511  /*
512  * Check if we have anything to send from a prior call and if so, send it.
513  */
514  if (PqGSSSendLength)
515  {
516  ssize_t amount = PqGSSSendLength - PqGSSSendNext;
517 
518  ret = pqsecure_raw_write(conn, PqGSSSendBuffer + PqGSSSendNext, amount);
519  if (ret < 0)
520  {
521  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
522  return PGRES_POLLING_WRITING;
523  else
524  return PGRES_POLLING_FAILED;
525  }
526 
527  if (ret < amount)
528  {
529  PqGSSSendNext += ret;
530  return PGRES_POLLING_WRITING;
531  }
532 
533  PqGSSSendLength = PqGSSSendNext = 0;
534  }
535 
536  /*
537  * Client sends first, and sending creates a context, therefore this will
538  * be false the first time through, and then when we get called again we
539  * will check for incoming data.
540  */
541  if (conn->gctx)
542  {
543  /* Process any incoming data we might have */
544 
545  /* See if we are still trying to get the length */
546  if (PqGSSRecvLength < sizeof(uint32))
547  {
548  /* Attempt to get the length first */
549  result = gss_read(conn, PqGSSRecvBuffer + PqGSSRecvLength, sizeof(uint32) - PqGSSRecvLength, &ret);
550  if (result != PGRES_POLLING_OK)
551  return result;
552 
553  PqGSSRecvLength += ret;
554 
555  if (PqGSSRecvLength < sizeof(uint32))
556  return PGRES_POLLING_READING;
557  }
558 
559  /*
560  * Check if we got an error packet
561  *
562  * This is safe to do because we shouldn't ever get a packet over 8192
563  * and therefore the actual length bytes, being that they are in
564  * network byte order, for any real packet will start with two zero
565  * bytes.
566  */
567  if (PqGSSRecvBuffer[0] == 'E')
568  {
569  /*
570  * For an error packet during startup, we don't get a length, so
571  * simply read as much as we can fit into our buffer (as a string,
572  * so leave a spot at the end for a NULL byte too) and report that
573  * back to the caller.
574  */
576  if (result != PGRES_POLLING_OK)
577  return result;
578 
579  PqGSSRecvLength += ret;
580 
581  printfPQExpBuffer(&conn->errorMessage, "%s\n", PqGSSRecvBuffer + 1);
582 
583  return PGRES_POLLING_FAILED;
584  }
585 
586  /*
587  * We should have the whole length at this point, so pull it out and
588  * then read whatever we have left of the packet
589  */
590 
591  /* Get the length and check for over-length packet */
592  input.length = pg_ntoh32(*(uint32 *) PqGSSRecvBuffer);
593  if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
594  {
596  libpq_gettext("oversize GSSAPI packet sent by the server (%zu > %zu)\n"),
597  (size_t) input.length,
598  PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32));
599  return PGRES_POLLING_FAILED;
600  }
601 
602  /*
603  * Read as much of the packet as we are able to on this call into
604  * wherever we left off from the last time we were called.
605  */
606  result = gss_read(conn, PqGSSRecvBuffer + PqGSSRecvLength,
607  input.length - (PqGSSRecvLength - sizeof(uint32)), &ret);
608  if (result != PGRES_POLLING_OK)
609  return result;
610 
611  PqGSSRecvLength += ret;
612 
613  /*
614  * If we got less than the rest of the packet then we need to return
615  * and be called again.
616  */
617  if (PqGSSRecvLength - sizeof(uint32) < input.length)
618  return PGRES_POLLING_READING;
619 
620  input.value = PqGSSRecvBuffer + sizeof(uint32);
621  }
622 
623  /* Load the service name (no-op if already done */
624  ret = pg_GSS_load_servicename(conn);
625  if (ret != STATUS_OK)
626  return PGRES_POLLING_FAILED;
627 
628  /*
629  * Call GSS init context, either with an empty input, or with a complete
630  * packet from the server.
631  */
632  major = gss_init_sec_context(&minor, conn->gcred, &conn->gctx,
633  conn->gtarg_nam, GSS_C_NO_OID,
634  GSS_REQUIRED_FLAGS, 0, 0, &input, NULL,
635  &output, NULL, NULL);
636 
637  /* GSS Init Sec Context uses the whole packet, so clear it */
638  PqGSSRecvLength = 0;
639 
640  if (GSS_ERROR(major))
641  {
642  pg_GSS_error(libpq_gettext("could not initiate GSSAPI security context"),
643  conn, major, minor);
644  return PGRES_POLLING_FAILED;
645  }
646 
647  if (output.length == 0)
648  {
649  /*
650  * We're done - hooray! Kind of gross, but we need to disable SSL
651  * here so that we don't accidentally tunnel one over the other.
652  */
653 #ifdef USE_SSL
654  conn->allow_ssl_try = false;
655 #endif
656 
657  /* Clean up */
658  gss_release_cred(&minor, &conn->gcred);
659  conn->gcred = GSS_C_NO_CREDENTIAL;
660  conn->gssenc = true;
661  gss_release_buffer(&minor, &output);
662 
663  /*
664  * Determine the max packet size which will fit in our buffer, after
665  * accounting for the length. pg_GSS_write will need this.
666  */
667  major = gss_wrap_size_limit(&minor, conn->gctx, 1, GSS_C_QOP_DEFAULT,
669  &PqGSSMaxPktSize);
670 
671  if (GSS_ERROR(major))
672  {
673  pg_GSS_error(libpq_gettext("GSSAPI size check error"), conn,
674  major, minor);
675  return PGRES_POLLING_FAILED;
676  }
677 
678  return PGRES_POLLING_OK;
679  }
680 
681  /* Must have output.length > 0 */
682  if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
683  {
684  pg_GSS_error(libpq_gettext("GSSAPI context establishment error"),
685  conn, major, minor);
686  gss_release_buffer(&minor, &output);
687  return PGRES_POLLING_FAILED;
688  }
689 
690  /* Queue the token for writing */
691  netlen = pg_hton32(output.length);
692 
693  memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32));
694  PqGSSSendLength += sizeof(uint32);
695 
696  memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
697  PqGSSSendLength += output.length;
698 
699  /* We don't bother with PqGSSSendConsumed here */
700 
701  /* Release buffer storage allocated by GSSAPI */
702  gss_release_buffer(&minor, &output);
703 
704  /* Ask to be called again to write data */
705  return PGRES_POLLING_WRITING;
706 }
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:237
#define PQ_GSS_SEND_BUFFER_SIZE
#define EAGAIN
Definition: win32_port.h:341
static void output(uint64 loop_count)
#define PqGSSSendConsumed
#define PqGSSResultLength
#define malloc(a)
Definition: header.h:50
#define PqGSSSendLength
#define pg_ntoh32(x)
Definition: pg_bswap.h:125
#define pg_hton32(x)
Definition: pg_bswap.h:121
#define PqGSSRecvBuffer
unsigned int uint32
Definition: c.h:375
#define PqGSSRecvLength
#define PqGSSMaxPktSize
#define STATUS_OK
Definition: c.h:1112
#define PqGSSResultNext
PQExpBufferData errorMessage
Definition: libpq-int.h:526
#define PQ_GSS_RECV_BUFFER_SIZE
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
Definition: fe-secure.c:321
int pg_GSS_load_servicename(PGconn *conn)
#define PqGSSSendNext
#define PqGSSResultBuffer
PostgresPollingStatusType
Definition: libpq-fe.h:74
#define PqGSSSendBuffer
#define EWOULDBLOCK
Definition: win32_port.h:349
#define GSS_REQUIRED_FLAGS
static PostgresPollingStatusType gss_read(PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret)
#define EINTR
Definition: win32_port.h:343
void pg_GSS_error(int severity, const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
#define libpq_gettext(x)
Definition: libpq-int.h:805