26 #define GSS_REQUIRED_FLAGS GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
27 GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG
53 #define PQ_GSS_SEND_BUFFER_SIZE 16384
54 #define PQ_GSS_RECV_BUFFER_SIZE 16384
61 #define PqGSSSendBuffer (conn->gss_SendBuffer)
62 #define PqGSSSendLength (conn->gss_SendLength)
63 #define PqGSSSendNext (conn->gss_SendNext)
64 #define PqGSSSendConsumed (conn->gss_SendConsumed)
65 #define PqGSSRecvBuffer (conn->gss_RecvBuffer)
66 #define PqGSSRecvLength (conn->gss_RecvLength)
67 #define PqGSSResultBuffer (conn->gss_ResultBuffer)
68 #define PqGSSResultLength (conn->gss_ResultLength)
69 #define PqGSSResultNext (conn->gss_ResultNext)
70 #define PqGSSMaxPktSize (conn->gss_MaxPktSize)
90 gss_buffer_desc
input,
91 output = GSS_C_EMPTY_BUFFER;
93 size_t bytes_to_encrypt;
94 size_t bytes_encrypted;
95 gss_ctx_id_t gctx =
conn->gctx;
116 "GSSAPI caller failed to retransmit all data needing to be retried\n");
168 if (!bytes_to_encrypt)
179 input.length = bytes_to_encrypt;
181 input.value = (
char *) ptr + bytes_encrypted;
190 major = gss_wrap(&minor, gctx, 1, GSS_C_QOP_DEFAULT,
192 if (major != GSS_S_COMPLETE)
215 bytes_encrypted +=
input.length;
216 bytes_to_encrypt -=
input.length;
228 gss_release_buffer(&minor, &
output);
238 ret = bytes_encrypted;
243 gss_release_buffer(&minor, &
output);
263 gss_buffer_desc
input = GSS_C_EMPTY_BUFFER,
264 output = GSS_C_EMPTY_BUFFER;
266 size_t bytes_returned = 0;
267 gss_ctx_id_t gctx =
conn->gctx;
275 while (bytes_returned <
len)
283 size_t bytes_to_copy =
Min(bytes_in_buffer,
len - bytes_returned);
291 bytes_returned += bytes_to_copy;
314 Assert(bytes_returned == 0);
348 (
size_t)
input.length,
383 major = gss_unwrap(&minor, gctx, &
input, &
output, &conf_state, NULL);
384 if (major != GSS_S_COMPLETE)
408 gss_release_buffer(&minor, &
output);
411 ret = bytes_returned;
416 gss_release_buffer(&minor, &
output);
480 gss_buffer_desc
input = GSS_C_EMPTY_BUFFER,
481 output = GSS_C_EMPTY_BUFFER;
590 (
size_t)
input.length,
624 if (
conn->gcred == GSS_C_NO_CREDENTIAL)
634 if (
conn->gcred != GSS_C_NO_CREDENTIAL)
635 gss_flags |= GSS_C_DELEG_FLAG;
642 major = gss_init_sec_context(&minor,
conn->gcred, &
conn->gctx,
643 conn->gtarg_nam, GSS_C_NO_OID,
644 gss_flags, 0, 0, &
input, NULL,
650 if (GSS_ERROR(major))
667 gss_release_cred(&minor, &
conn->gcred);
668 conn->gcred = GSS_C_NO_CREDENTIAL;
669 gss_release_buffer(&minor, &
output);
675 major = gss_wrap_size_limit(&minor,
conn->gctx, 1, GSS_C_QOP_DEFAULT,
679 if (GSS_ERROR(major))
694 gss_release_buffer(&minor, &
output);
710 gss_release_buffer(&minor, &
output);
void pg_GSS_error(const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
static void cleanup(void)
#define Assert(condition)
int pg_GSS_load_servicename(PGconn *conn)
bool pg_GSS_have_cred_cache(gss_cred_id_t *cred_out)
int pqReadReady(PGconn *conn)
void libpq_append_conn_error(PGconn *conn, const char *fmt,...)
#define PqGSSResultLength
ssize_t pg_GSS_read(PGconn *conn, void *ptr, size_t len)
#define PQ_GSS_RECV_BUFFER_SIZE
ssize_t pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
#define PqGSSSendConsumed
int PQgssEncInUse(PGconn *conn)
#define GSS_REQUIRED_FLAGS
PostgresPollingStatusType pqsecure_open_gss(PGconn *conn)
#define PQ_GSS_SEND_BUFFER_SIZE
static PostgresPollingStatusType gss_read(PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret)
void * PQgetgssctx(PGconn *conn)
#define PqGSSResultBuffer
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
PostgresPollingStatusType
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
PQExpBufferData errorMessage