PostgreSQL Source Code  git master
fe-secure-gssapi.c File Reference
#include "postgres_fe.h"
#include "fe-gssapi-common.h"
#include "libpq-fe.h"
#include "libpq-int.h"
#include "port/pg_bswap.h"
Include dependency graph for fe-secure-gssapi.c:

Go to the source code of this file.

Macros

#define GSS_REQUIRED_FLAGS
 
#define PQ_GSS_SEND_BUFFER_SIZE   16384
 
#define PQ_GSS_RECV_BUFFER_SIZE   16384
 
#define PqGSSSendBuffer   (conn->gss_SendBuffer)
 
#define PqGSSSendLength   (conn->gss_SendLength)
 
#define PqGSSSendNext   (conn->gss_SendNext)
 
#define PqGSSSendConsumed   (conn->gss_SendConsumed)
 
#define PqGSSRecvBuffer   (conn->gss_RecvBuffer)
 
#define PqGSSRecvLength   (conn->gss_RecvLength)
 
#define PqGSSResultBuffer   (conn->gss_ResultBuffer)
 
#define PqGSSResultLength   (conn->gss_ResultLength)
 
#define PqGSSResultNext   (conn->gss_ResultNext)
 
#define PqGSSMaxPktSize   (conn->gss_MaxPktSize)
 

Functions

ssize_t pg_GSS_write (PGconn *conn, const void *ptr, size_t len)
 
ssize_t pg_GSS_read (PGconn *conn, void *ptr, size_t len)
 
static PostgresPollingStatusType gss_read (PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret)
 
PostgresPollingStatusType pqsecure_open_gss (PGconn *conn)
 
void * PQgetgssctx (PGconn *conn)
 
int PQgssEncInUse (PGconn *conn)
 

Macro Definition Documentation

◆ GSS_REQUIRED_FLAGS

#define GSS_REQUIRED_FLAGS
Value:
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG

Definition at line 26 of file fe-secure-gssapi.c.

◆ PQ_GSS_RECV_BUFFER_SIZE

#define PQ_GSS_RECV_BUFFER_SIZE   16384

Definition at line 54 of file fe-secure-gssapi.c.

◆ PQ_GSS_SEND_BUFFER_SIZE

#define PQ_GSS_SEND_BUFFER_SIZE   16384

Definition at line 53 of file fe-secure-gssapi.c.

◆ PqGSSMaxPktSize

#define PqGSSMaxPktSize   (conn->gss_MaxPktSize)

Definition at line 70 of file fe-secure-gssapi.c.

◆ PqGSSRecvBuffer

#define PqGSSRecvBuffer   (conn->gss_RecvBuffer)

Definition at line 65 of file fe-secure-gssapi.c.

◆ PqGSSRecvLength

#define PqGSSRecvLength   (conn->gss_RecvLength)

Definition at line 66 of file fe-secure-gssapi.c.

◆ PqGSSResultBuffer

#define PqGSSResultBuffer   (conn->gss_ResultBuffer)

Definition at line 67 of file fe-secure-gssapi.c.

◆ PqGSSResultLength

#define PqGSSResultLength   (conn->gss_ResultLength)

Definition at line 68 of file fe-secure-gssapi.c.

◆ PqGSSResultNext

#define PqGSSResultNext   (conn->gss_ResultNext)

Definition at line 69 of file fe-secure-gssapi.c.

◆ PqGSSSendBuffer

#define PqGSSSendBuffer   (conn->gss_SendBuffer)

Definition at line 61 of file fe-secure-gssapi.c.

◆ PqGSSSendConsumed

#define PqGSSSendConsumed   (conn->gss_SendConsumed)

Definition at line 64 of file fe-secure-gssapi.c.

◆ PqGSSSendLength

#define PqGSSSendLength   (conn->gss_SendLength)

Definition at line 62 of file fe-secure-gssapi.c.

◆ PqGSSSendNext

#define PqGSSSendNext   (conn->gss_SendNext)

Definition at line 63 of file fe-secure-gssapi.c.

Function Documentation

◆ gss_read()

static PostgresPollingStatusType gss_read ( PGconn conn,
void *  recv_buffer,
size_t  length,
ssize_t *  ret 
)
static

Definition at line 428 of file fe-secure-gssapi.c.

429 {
430  *ret = pqsecure_raw_read(conn, recv_buffer, length);
431  if (*ret < 0)
432  {
433  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
434  return PGRES_POLLING_READING;
435  else
436  return PGRES_POLLING_FAILED;
437  }
438 
439  /* Check for EOF */
440  if (*ret == 0)
441  {
442  int result = pqReadReady(conn);
443 
444  if (result < 0)
445  return PGRES_POLLING_FAILED;
446 
447  if (!result)
448  return PGRES_POLLING_READING;
449 
450  *ret = pqsecure_raw_read(conn, recv_buffer, length);
451  if (*ret < 0)
452  {
453  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
454  return PGRES_POLLING_READING;
455  else
456  return PGRES_POLLING_FAILED;
457  }
458  if (*ret == 0)
459  return PGRES_POLLING_FAILED;
460  }
461 
462  return PGRES_POLLING_OK;
463 }
int pqReadReady(PGconn *conn)
Definition: fe-misc.c:1017
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
Definition: fe-secure.c:208
@ PGRES_POLLING_OK
Definition: libpq-fe.h:92
@ PGRES_POLLING_READING
Definition: libpq-fe.h:90
@ PGRES_POLLING_FAILED
Definition: libpq-fe.h:89
PGconn * conn
Definition: streamutil.c:55
#define EINTR
Definition: win32_port.h:374
#define EWOULDBLOCK
Definition: win32_port.h:380
#define EAGAIN
Definition: win32_port.h:372

References conn, EAGAIN, EINTR, EWOULDBLOCK, PGRES_POLLING_FAILED, PGRES_POLLING_OK, PGRES_POLLING_READING, pqReadReady(), and pqsecure_raw_read().

Referenced by pqsecure_open_gss().

◆ pg_GSS_read()

ssize_t pg_GSS_read ( PGconn conn,
void *  ptr,
size_t  len 
)

Definition at line 259 of file fe-secure-gssapi.c.

260 {
261  OM_uint32 major,
262  minor;
263  gss_buffer_desc input = GSS_C_EMPTY_BUFFER,
264  output = GSS_C_EMPTY_BUFFER;
265  ssize_t ret;
266  size_t bytes_returned = 0;
267  gss_ctx_id_t gctx = conn->gctx;
268 
269  /*
270  * The plan here is to read one incoming encrypted packet into
271  * PqGSSRecvBuffer, decrypt it into PqGSSResultBuffer, and then dole out
272  * data from there to the caller. When we exhaust the current input
273  * packet, read another.
274  */
275  while (bytes_returned < len)
276  {
277  int conf_state = 0;
278 
279  /* Check if we have data in our buffer that we can return immediately */
281  {
282  size_t bytes_in_buffer = PqGSSResultLength - PqGSSResultNext;
283  size_t bytes_to_copy = Min(bytes_in_buffer, len - bytes_returned);
284 
285  /*
286  * Copy the data from our result buffer into the caller's buffer,
287  * at the point where we last left off filling their buffer.
288  */
289  memcpy((char *) ptr + bytes_returned, PqGSSResultBuffer + PqGSSResultNext, bytes_to_copy);
290  PqGSSResultNext += bytes_to_copy;
291  bytes_returned += bytes_to_copy;
292 
293  /*
294  * At this point, we've either filled the caller's buffer or
295  * emptied our result buffer. Either way, return to caller. In
296  * the second case, we could try to read another encrypted packet,
297  * but the odds are good that there isn't one available. (If this
298  * isn't true, we chose too small a max packet size.) In any
299  * case, there's no harm letting the caller process the data we've
300  * already returned.
301  */
302  break;
303  }
304 
305  /* Result buffer is empty, so reset buffer pointers */
307 
308  /*
309  * Because we chose above to return immediately as soon as we emit
310  * some data, bytes_returned must be zero at this point. Therefore
311  * the failure exits below can just return -1 without worrying about
312  * whether we already emitted some data.
313  */
314  Assert(bytes_returned == 0);
315 
316  /*
317  * At this point, our result buffer is empty with more bytes being
318  * requested to be read. We are now ready to load the next packet and
319  * decrypt it (entirely) into our result buffer.
320  */
321 
322  /* Collect the length if we haven't already */
323  if (PqGSSRecvLength < sizeof(uint32))
324  {
326  sizeof(uint32) - PqGSSRecvLength);
327 
328  /* If ret <= 0, pqsecure_raw_read already set the correct errno */
329  if (ret <= 0)
330  return ret;
331 
332  PqGSSRecvLength += ret;
333 
334  /* If we still haven't got the length, return to the caller */
335  if (PqGSSRecvLength < sizeof(uint32))
336  {
337  errno = EWOULDBLOCK;
338  return -1;
339  }
340  }
341 
342  /* Decode the packet length and check for overlength packet */
343  input.length = pg_ntoh32(*(uint32 *) PqGSSRecvBuffer);
344 
345  if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
346  {
347  libpq_append_conn_error(conn, "oversize GSSAPI packet sent by the server (%zu > %zu)",
348  (size_t) input.length,
349  PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32));
350  errno = EIO; /* for lack of a better idea */
351  return -1;
352  }
353 
354  /*
355  * Read as much of the packet as we are able to on this call into
356  * wherever we left off from the last time we were called.
357  */
359  input.length - (PqGSSRecvLength - sizeof(uint32)));
360  /* If ret <= 0, pqsecure_raw_read already set the correct errno */
361  if (ret <= 0)
362  return ret;
363 
364  PqGSSRecvLength += ret;
365 
366  /* If we don't yet have the whole packet, return to the caller */
367  if (PqGSSRecvLength - sizeof(uint32) < input.length)
368  {
369  errno = EWOULDBLOCK;
370  return -1;
371  }
372 
373  /*
374  * We now have the full packet and we can perform the decryption and
375  * refill our result buffer, then loop back up to pass data back to
376  * the caller. Note that error exits below here must take care of
377  * releasing the gss output buffer.
378  */
379  output.value = NULL;
380  output.length = 0;
381  input.value = PqGSSRecvBuffer + sizeof(uint32);
382 
383  major = gss_unwrap(&minor, gctx, &input, &output, &conf_state, NULL);
384  if (major != GSS_S_COMPLETE)
385  {
386  pg_GSS_error(libpq_gettext("GSSAPI unwrap error"), conn,
387  major, minor);
388  ret = -1;
389  errno = EIO; /* for lack of a better idea */
390  goto cleanup;
391  }
392 
393  if (conf_state == 0)
394  {
395  libpq_append_conn_error(conn, "incoming GSSAPI message did not use confidentiality");
396  ret = -1;
397  errno = EIO; /* for lack of a better idea */
398  goto cleanup;
399  }
400 
401  memcpy(PqGSSResultBuffer, output.value, output.length);
402  PqGSSResultLength = output.length;
403 
404  /* Our receive buffer is now empty, reset it */
405  PqGSSRecvLength = 0;
406 
407  /* Release buffer storage allocated by GSSAPI */
408  gss_release_buffer(&minor, &output);
409  }
410 
411  ret = bytes_returned;
412 
413 cleanup:
414  /* Release GSSAPI buffer storage, if we didn't already */
415  if (output.value != NULL)
416  gss_release_buffer(&minor, &output);
417  return ret;
418 }
void pg_GSS_error(const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
static void cleanup(void)
Definition: bootstrap.c:682
unsigned int uint32
Definition: c.h:506
#define Min(x, y)
Definition: c.h:1004
#define Assert(condition)
Definition: c.h:858
void libpq_append_conn_error(PGconn *conn, const char *fmt,...)
Definition: fe-misc.c:1357
#define PqGSSResultNext
#define PqGSSResultLength
#define PqGSSRecvBuffer
#define PQ_GSS_RECV_BUFFER_SIZE
#define PqGSSRecvLength
#define PqGSSResultBuffer
FILE * input
FILE * output
#define libpq_gettext(x)
Definition: libpq-int.h:911
#define pg_ntoh32(x)
Definition: pg_bswap.h:125
const void size_t len

References Assert, cleanup(), conn, EWOULDBLOCK, input, len, libpq_append_conn_error(), libpq_gettext, Min, output, pg_GSS_error(), pg_ntoh32, PQ_GSS_RECV_BUFFER_SIZE, PqGSSRecvBuffer, PqGSSRecvLength, PqGSSResultBuffer, PqGSSResultLength, PqGSSResultNext, and pqsecure_raw_read().

Referenced by pqsecure_read().

◆ pg_GSS_write()

ssize_t pg_GSS_write ( PGconn conn,
const void *  ptr,
size_t  len 
)

Definition at line 86 of file fe-secure-gssapi.c.

87 {
88  OM_uint32 major,
89  minor;
90  gss_buffer_desc input,
91  output = GSS_C_EMPTY_BUFFER;
92  ssize_t ret = -1;
93  size_t bytes_to_encrypt;
94  size_t bytes_encrypted;
95  gss_ctx_id_t gctx = conn->gctx;
96 
97  /*
98  * When we get a retryable failure, we must not tell the caller we have
99  * successfully transmitted everything, else it won't retry. For
100  * simplicity, we claim we haven't transmitted anything until we have
101  * successfully transmitted all "len" bytes. Between calls, the amount of
102  * the current input data that's already been encrypted and placed into
103  * PqGSSSendBuffer (and perhaps transmitted) is remembered in
104  * PqGSSSendConsumed. On a retry, the caller *must* be sending that data
105  * again, so if it offers a len less than that, something is wrong.
106  *
107  * Note: it may seem attractive to report partial write completion once
108  * we've successfully sent any encrypted packets. However, that can cause
109  * problems for callers; notably, pqPutMsgEnd's heuristic to send only
110  * full 8K blocks interacts badly with such a hack. We won't save much,
111  * typically, by letting callers discard data early, so don't risk it.
112  */
113  if (len < PqGSSSendConsumed)
114  {
116  "GSSAPI caller failed to retransmit all data needing to be retried\n");
117  errno = EINVAL;
118  return -1;
119  }
120 
121  /* Discount whatever source data we already encrypted. */
122  bytes_to_encrypt = len - PqGSSSendConsumed;
123  bytes_encrypted = PqGSSSendConsumed;
124 
125  /*
126  * Loop through encrypting data and sending it out until it's all done or
127  * pqsecure_raw_write() complains (which would likely mean that the socket
128  * is non-blocking and the requested send() would block, or there was some
129  * kind of actual error).
130  */
131  while (bytes_to_encrypt || PqGSSSendLength)
132  {
133  int conf_state = 0;
134  uint32 netlen;
135 
136  /*
137  * Check if we have data in the encrypted output buffer that needs to
138  * be sent (possibly left over from a previous call), and if so, try
139  * to send it. If we aren't able to, return that fact back up to the
140  * caller.
141  */
142  if (PqGSSSendLength)
143  {
144  ssize_t retval;
145  ssize_t amount = PqGSSSendLength - PqGSSSendNext;
146 
148  if (retval <= 0)
149  return retval;
150 
151  /*
152  * Check if this was a partial write, and if so, move forward that
153  * far in our buffer and try again.
154  */
155  if (retval < amount)
156  {
157  PqGSSSendNext += retval;
158  continue;
159  }
160 
161  /* We've successfully sent whatever data was in the buffer. */
163  }
164 
165  /*
166  * Check if there are any bytes left to encrypt. If not, we're done.
167  */
168  if (!bytes_to_encrypt)
169  break;
170 
171  /*
172  * Check how much we are being asked to send, if it's too much, then
173  * we will have to loop and possibly be called multiple times to get
174  * through all the data.
175  */
176  if (bytes_to_encrypt > PqGSSMaxPktSize)
177  input.length = PqGSSMaxPktSize;
178  else
179  input.length = bytes_to_encrypt;
180 
181  input.value = (char *) ptr + bytes_encrypted;
182 
183  output.value = NULL;
184  output.length = 0;
185 
186  /*
187  * Create the next encrypted packet. Any failure here is considered a
188  * hard failure, so we return -1 even if some data has been sent.
189  */
190  major = gss_wrap(&minor, gctx, 1, GSS_C_QOP_DEFAULT,
191  &input, &conf_state, &output);
192  if (major != GSS_S_COMPLETE)
193  {
194  pg_GSS_error(libpq_gettext("GSSAPI wrap error"), conn, major, minor);
195  errno = EIO; /* for lack of a better idea */
196  goto cleanup;
197  }
198 
199  if (conf_state == 0)
200  {
201  libpq_append_conn_error(conn, "outgoing GSSAPI message would not use confidentiality");
202  errno = EIO; /* for lack of a better idea */
203  goto cleanup;
204  }
205 
206  if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
207  {
208  libpq_append_conn_error(conn, "client tried to send oversize GSSAPI packet (%zu > %zu)",
209  (size_t) output.length,
210  PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32));
211  errno = EIO; /* for lack of a better idea */
212  goto cleanup;
213  }
214 
215  bytes_encrypted += input.length;
216  bytes_to_encrypt -= input.length;
217  PqGSSSendConsumed += input.length;
218 
219  /* 4 network-order bytes of length, then payload */
220  netlen = pg_hton32(output.length);
221  memcpy(PqGSSSendBuffer + PqGSSSendLength, &netlen, sizeof(uint32));
222  PqGSSSendLength += sizeof(uint32);
223 
224  memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
225  PqGSSSendLength += output.length;
226 
227  /* Release buffer storage allocated by GSSAPI */
228  gss_release_buffer(&minor, &output);
229  }
230 
231  /* If we get here, our counters should all match up. */
233  Assert(len == bytes_encrypted);
234 
235  /* We're reporting all the data as sent, so reset PqGSSSendConsumed. */
236  PqGSSSendConsumed = 0;
237 
238  ret = bytes_encrypted;
239 
240 cleanup:
241  /* Release GSSAPI buffer storage, if we didn't already */
242  if (output.value != NULL)
243  gss_release_buffer(&minor, &output);
244  return ret;
245 }
#define PqGSSSendLength
#define PqGSSSendConsumed
#define PqGSSSendBuffer
#define PQ_GSS_SEND_BUFFER_SIZE
#define PqGSSMaxPktSize
#define PqGSSSendNext
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
Definition: fe-secure.c:331
#define pg_hton32(x)
Definition: pg_bswap.h:121
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
Definition: pqexpbuffer.c:367
PQExpBufferData errorMessage
Definition: libpq-int.h:633

References appendPQExpBufferStr(), Assert, cleanup(), conn, pg_conn::errorMessage, input, len, libpq_append_conn_error(), libpq_gettext, output, pg_GSS_error(), pg_hton32, PQ_GSS_SEND_BUFFER_SIZE, PqGSSMaxPktSize, PqGSSSendBuffer, PqGSSSendConsumed, PqGSSSendLength, PqGSSSendNext, and pqsecure_raw_write().

Referenced by pqsecure_write().

◆ PQgetgssctx()

void* PQgetgssctx ( PGconn conn)

Definition at line 724 of file fe-secure-gssapi.c.

725 {
726  if (!conn)
727  return NULL;
728 
729  return conn->gctx;
730 }

References conn.

◆ PQgssEncInUse()

int PQgssEncInUse ( PGconn conn)

Definition at line 736 of file fe-secure-gssapi.c.

737 {
738  if (!conn || !conn->gctx)
739  return 0;
740 
741  return conn->gssenc;
742 }

References conn.

Referenced by printGSSInfo().

◆ pqsecure_open_gss()

PostgresPollingStatusType pqsecure_open_gss ( PGconn conn)

Definition at line 472 of file fe-secure-gssapi.c.

473 {
474  ssize_t ret;
475  OM_uint32 major,
476  minor,
477  gss_flags = GSS_REQUIRED_FLAGS;
478  uint32 netlen;
480  gss_buffer_desc input = GSS_C_EMPTY_BUFFER,
481  output = GSS_C_EMPTY_BUFFER;
482 
483  /*
484  * If first time through for this connection, allocate buffers and
485  * initialize state variables. By malloc'ing the buffers separately, we
486  * ensure that they are sufficiently aligned for the length-word accesses
487  * that we do in some places in this file.
488  */
489  if (PqGSSSendBuffer == NULL)
490  {
495  {
496  libpq_append_conn_error(conn, "out of memory");
497  return PGRES_POLLING_FAILED;
498  }
501  }
502 
503  /*
504  * Check if we have anything to send from a prior call and if so, send it.
505  */
506  if (PqGSSSendLength)
507  {
508  ssize_t amount = PqGSSSendLength - PqGSSSendNext;
509 
511  if (ret < 0)
512  {
513  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
514  return PGRES_POLLING_WRITING;
515  else
516  return PGRES_POLLING_FAILED;
517  }
518 
519  if (ret < amount)
520  {
521  PqGSSSendNext += ret;
522  return PGRES_POLLING_WRITING;
523  }
524 
526  }
527 
528  /*
529  * Client sends first, and sending creates a context, therefore this will
530  * be false the first time through, and then when we get called again we
531  * will check for incoming data.
532  */
533  if (conn->gctx)
534  {
535  /* Process any incoming data we might have */
536 
537  /* See if we are still trying to get the length */
538  if (PqGSSRecvLength < sizeof(uint32))
539  {
540  /* Attempt to get the length first */
541  result = gss_read(conn, PqGSSRecvBuffer + PqGSSRecvLength, sizeof(uint32) - PqGSSRecvLength, &ret);
542  if (result != PGRES_POLLING_OK)
543  return result;
544 
545  PqGSSRecvLength += ret;
546 
547  if (PqGSSRecvLength < sizeof(uint32))
548  return PGRES_POLLING_READING;
549  }
550 
551  /*
552  * Check if we got an error packet
553  *
554  * This is safe to do because we shouldn't ever get a packet over 8192
555  * and therefore the actual length bytes, being that they are in
556  * network byte order, for any real packet will start with two zero
557  * bytes.
558  */
559  if (PqGSSRecvBuffer[0] == 'E')
560  {
561  /*
562  * For an error packet during startup, we don't get a length, so
563  * simply read as much as we can fit into our buffer (as a string,
564  * so leave a spot at the end for a NULL byte too) and report that
565  * back to the caller.
566  */
568  if (result != PGRES_POLLING_OK)
569  return result;
570 
571  PqGSSRecvLength += ret;
572 
576 
577  return PGRES_POLLING_FAILED;
578  }
579 
580  /*
581  * We should have the whole length at this point, so pull it out and
582  * then read whatever we have left of the packet
583  */
584 
585  /* Get the length and check for over-length packet */
586  input.length = pg_ntoh32(*(uint32 *) PqGSSRecvBuffer);
587  if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
588  {
589  libpq_append_conn_error(conn, "oversize GSSAPI packet sent by the server (%zu > %zu)",
590  (size_t) input.length,
591  PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32));
592  return PGRES_POLLING_FAILED;
593  }
594 
595  /*
596  * Read as much of the packet as we are able to on this call into
597  * wherever we left off from the last time we were called.
598  */
600  input.length - (PqGSSRecvLength - sizeof(uint32)), &ret);
601  if (result != PGRES_POLLING_OK)
602  return result;
603 
604  PqGSSRecvLength += ret;
605 
606  /*
607  * If we got less than the rest of the packet then we need to return
608  * and be called again.
609  */
610  if (PqGSSRecvLength - sizeof(uint32) < input.length)
611  return PGRES_POLLING_READING;
612 
613  input.value = PqGSSRecvBuffer + sizeof(uint32);
614  }
615 
616  /* Load the service name (no-op if already done */
618  if (ret != STATUS_OK)
619  return PGRES_POLLING_FAILED;
620 
621  if (conn->gssdelegation && conn->gssdelegation[0] == '1')
622  {
623  /* Acquire credentials if possible */
624  if (conn->gcred == GSS_C_NO_CREDENTIAL)
625  (void) pg_GSS_have_cred_cache(&conn->gcred);
626 
627  /*
628  * We have credentials and gssdelegation is enabled, so request
629  * credential delegation. This may or may not actually result in
630  * credentials being delegated- it depends on if the forwardable flag
631  * has been set in the credential and if the server is configured to
632  * accept delegated credentials.
633  */
634  if (conn->gcred != GSS_C_NO_CREDENTIAL)
635  gss_flags |= GSS_C_DELEG_FLAG;
636  }
637 
638  /*
639  * Call GSS init context, either with an empty input, or with a complete
640  * packet from the server.
641  */
642  major = gss_init_sec_context(&minor, conn->gcred, &conn->gctx,
643  conn->gtarg_nam, GSS_C_NO_OID,
644  gss_flags, 0, 0, &input, NULL,
645  &output, NULL, NULL);
646 
647  /* GSS Init Sec Context uses the whole packet, so clear it */
648  PqGSSRecvLength = 0;
649 
650  if (GSS_ERROR(major))
651  {
652  pg_GSS_error(libpq_gettext("could not initiate GSSAPI security context"),
653  conn, major, minor);
654  return PGRES_POLLING_FAILED;
655  }
656 
657  if (output.length == 0)
658  {
659  /*
660  * We're done - hooray! Set flag to tell the low-level I/O routines
661  * to do GSS wrapping/unwrapping.
662  */
663  conn->gssenc = true;
664  conn->gssapi_used = true;
665 
666  /* Clean up */
667  gss_release_cred(&minor, &conn->gcred);
668  conn->gcred = GSS_C_NO_CREDENTIAL;
669  gss_release_buffer(&minor, &output);
670 
671  /*
672  * Determine the max packet size which will fit in our buffer, after
673  * accounting for the length. pg_GSS_write will need this.
674  */
675  major = gss_wrap_size_limit(&minor, conn->gctx, 1, GSS_C_QOP_DEFAULT,
677  &PqGSSMaxPktSize);
678 
679  if (GSS_ERROR(major))
680  {
681  pg_GSS_error(libpq_gettext("GSSAPI size check error"), conn,
682  major, minor);
683  return PGRES_POLLING_FAILED;
684  }
685 
686  return PGRES_POLLING_OK;
687  }
688 
689  /* Must have output.length > 0 */
690  if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
691  {
692  pg_GSS_error(libpq_gettext("GSSAPI context establishment error"),
693  conn, major, minor);
694  gss_release_buffer(&minor, &output);
695  return PGRES_POLLING_FAILED;
696  }
697 
698  /* Queue the token for writing */
699  netlen = pg_hton32(output.length);
700 
701  memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32));
702  PqGSSSendLength += sizeof(uint32);
703 
704  memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
705  PqGSSSendLength += output.length;
706 
707  /* We don't bother with PqGSSSendConsumed here */
708 
709  /* Release buffer storage allocated by GSSAPI */
710  gss_release_buffer(&minor, &output);
711 
712  /* Ask to be called again to write data */
713  return PGRES_POLLING_WRITING;
714 }
#define STATUS_OK
Definition: c.h:1169
int pg_GSS_load_servicename(PGconn *conn)
bool pg_GSS_have_cred_cache(gss_cred_id_t *cred_out)
#define GSS_REQUIRED_FLAGS
static PostgresPollingStatusType gss_read(PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret)
#define malloc(a)
Definition: header.h:50
PostgresPollingStatusType
Definition: libpq-fe.h:88
@ PGRES_POLLING_WRITING
Definition: libpq-fe.h:91
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:265
char * gssdelegation
Definition: libpq-int.h:412
bool gssapi_used
Definition: libpq-int.h:481

References appendPQExpBuffer(), Assert, conn, EAGAIN, EINTR, pg_conn::errorMessage, EWOULDBLOCK, gss_read(), GSS_REQUIRED_FLAGS, pg_conn::gssapi_used, pg_conn::gssdelegation, input, libpq_append_conn_error(), libpq_gettext, malloc, output, pg_GSS_error(), pg_GSS_have_cred_cache(), pg_GSS_load_servicename(), pg_hton32, pg_ntoh32, PGRES_POLLING_FAILED, PGRES_POLLING_OK, PGRES_POLLING_READING, PGRES_POLLING_WRITING, PQ_GSS_RECV_BUFFER_SIZE, PQ_GSS_SEND_BUFFER_SIZE, PqGSSMaxPktSize, PqGSSRecvBuffer, PqGSSRecvLength, PqGSSResultBuffer, PqGSSResultLength, PqGSSResultNext, PqGSSSendBuffer, PqGSSSendConsumed, PqGSSSendLength, PqGSSSendNext, pqsecure_raw_write(), and STATUS_OK.

Referenced by PQconnectPoll().