26 #define GSS_REQUIRED_FLAGS GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
27 GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG
53 #define PQ_GSS_SEND_BUFFER_SIZE 16384
54 #define PQ_GSS_RECV_BUFFER_SIZE 16384
61 #define PqGSSSendBuffer (conn->gss_SendBuffer)
62 #define PqGSSSendLength (conn->gss_SendLength)
63 #define PqGSSSendNext (conn->gss_SendNext)
64 #define PqGSSSendConsumed (conn->gss_SendConsumed)
65 #define PqGSSRecvBuffer (conn->gss_RecvBuffer)
66 #define PqGSSRecvLength (conn->gss_RecvLength)
67 #define PqGSSResultBuffer (conn->gss_ResultBuffer)
68 #define PqGSSResultLength (conn->gss_ResultLength)
69 #define PqGSSResultNext (conn->gss_ResultNext)
70 #define PqGSSMaxPktSize (conn->gss_MaxPktSize)
90 gss_buffer_desc input,
91 output = GSS_C_EMPTY_BUFFER;
93 size_t bytes_sent = 0;
94 size_t bytes_to_encrypt;
95 size_t bytes_encrypted;
96 gss_ctx_id_t gctx =
conn->gctx;
110 "GSSAPI caller failed to retransmit all data needing to be retried\n");
175 if (!bytes_to_encrypt)
186 input.length = bytes_to_encrypt;
188 input.value = (
char *) ptr + bytes_encrypted;
197 major = gss_wrap(&minor, gctx, 1, GSS_C_QOP_DEFAULT,
198 &input, &conf_state, &
output);
199 if (major != GSS_S_COMPLETE)
209 libpq_gettext(
"outgoing GSSAPI message would not use confidentiality\n"));
217 libpq_gettext(
"client tried to send oversize GSSAPI packet (%zu > %zu)\n"),
224 bytes_encrypted += input.length;
225 bytes_to_encrypt -= input.length;
237 gss_release_buffer(&minor, &
output);
242 Assert(bytes_sent == bytes_encrypted);
249 gss_release_buffer(&minor, &
output);
269 gss_buffer_desc input = GSS_C_EMPTY_BUFFER,
270 output = GSS_C_EMPTY_BUFFER;
272 size_t bytes_returned = 0;
273 gss_ctx_id_t gctx =
conn->gctx;
281 while (bytes_returned <
len)
289 size_t bytes_to_copy =
Min(bytes_in_buffer,
len - bytes_returned);
297 bytes_returned += bytes_to_copy;
320 Assert(bytes_returned == 0);
354 libpq_gettext(
"oversize GSSAPI packet sent by the server (%zu > %zu)\n"),
355 (
size_t) input.length,
390 major = gss_unwrap(&minor, gctx, &input, &
output, &conf_state, NULL);
391 if (major != GSS_S_COMPLETE)
403 libpq_gettext(
"incoming GSSAPI message did not use confidentiality\n"));
416 gss_release_buffer(&minor, &
output);
419 ret = bytes_returned;
424 gss_release_buffer(&minor, &
output);
487 gss_buffer_desc input = GSS_C_EMPTY_BUFFER,
488 output = GSS_C_EMPTY_BUFFER;
596 libpq_gettext(
"oversize GSSAPI packet sent by the server (%zu > %zu)\n"),
597 (
size_t) input.length,
632 major = gss_init_sec_context(&minor,
conn->gcred, &
conn->gctx,
633 conn->gtarg_nam, GSS_C_NO_OID,
640 if (GSS_ERROR(major))
656 gss_release_cred(&minor, &
conn->gcred);
657 conn->gcred = GSS_C_NO_CREDENTIAL;
658 gss_release_buffer(&minor, &
output);
664 major = gss_wrap_size_limit(&minor,
conn->gctx, 1, GSS_C_QOP_DEFAULT,
668 if (GSS_ERROR(major))
683 gss_release_buffer(&minor, &
output);
699 gss_release_buffer(&minor, &
output);
void pg_GSS_error(const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
static void cleanup(void)
int pg_GSS_load_servicename(PGconn *conn)
int pqReadReady(PGconn *conn)
#define PqGSSResultLength
ssize_t pg_GSS_read(PGconn *conn, void *ptr, size_t len)
#define PQ_GSS_RECV_BUFFER_SIZE
ssize_t pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
#define PqGSSSendConsumed
int PQgssEncInUse(PGconn *conn)
#define GSS_REQUIRED_FLAGS
PostgresPollingStatusType pqsecure_open_gss(PGconn *conn)
#define PQ_GSS_SEND_BUFFER_SIZE
static PostgresPollingStatusType gss_read(PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret)
void * PQgetgssctx(PGconn *conn)
#define PqGSSResultBuffer
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
PostgresPollingStatusType
Assert(fmt[strlen(fmt) - 1] !='\n')
static void output(uint64 loop_count)
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
PQExpBufferData errorMessage