PostgreSQL Source Code  git master
fe-secure-gssapi.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * fe-secure-gssapi.c
4  * The front-end (client) encryption support for GSSAPI
5  *
6  * Portions Copyright (c) 2016-2020, PostgreSQL Global Development Group
7  *
8  * IDENTIFICATION
9  * src/interfaces/libpq/fe-secure-gssapi.c
10  *
11  *-------------------------------------------------------------------------
12  */
13 
14 #include "postgres_fe.h"
15 
16 #include "fe-gssapi-common.h"
17 #include "libpq-fe.h"
18 #include "libpq-int.h"
19 #include "port/pg_bswap.h"
20 
21 
22 /*
23  * Require encryption support, as well as mutual authentication and
24  * tamperproofing measures.
25  */
26 #define GSS_REQUIRED_FLAGS GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
27  GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG
28 
29 /*
30  * Handle the encryption/decryption of data using GSSAPI.
31  *
32  * In the encrypted data stream on the wire, we break up the data
33  * into packets where each packet starts with a uint32-size length
34  * word (in network byte order), then encrypted data of that length
35  * immediately following. Decryption yields the same data stream
36  * that would appear when not using encryption.
37  *
38  * Encrypted data typically ends up being larger than the same data
39  * unencrypted, so we use fixed-size buffers for handling the
40  * encryption/decryption which are larger than PQComm's buffer will
41  * typically be to minimize the times where we have to make multiple
42  * packets (and therefore multiple recv/send calls for a single
43  * read/write call to us).
44  *
45  * NOTE: The client and server have to agree on the max packet size,
46  * because we have to pass an entire packet to GSSAPI at a time and we
47  * don't want the other side to send arbitrarily huge packets as we
48  * would have to allocate memory for them to then pass them to GSSAPI.
49  *
50  * Therefore, these two #define's are effectively part of the protocol
51  * spec and can't ever be changed.
52  */
53 #define PQ_GSS_SEND_BUFFER_SIZE 16384
54 #define PQ_GSS_RECV_BUFFER_SIZE 16384
55 
56 /*
57  * We need these state variables per-connection. To allow the functions
58  * in this file to look mostly like those in be-secure-gssapi.c, set up
59  * these macros.
60  */
61 #define PqGSSSendBuffer (conn->gss_SendBuffer)
62 #define PqGSSSendLength (conn->gss_SendLength)
63 #define PqGSSSendNext (conn->gss_SendNext)
64 #define PqGSSSendConsumed (conn->gss_SendConsumed)
65 #define PqGSSRecvBuffer (conn->gss_RecvBuffer)
66 #define PqGSSRecvLength (conn->gss_RecvLength)
67 #define PqGSSResultBuffer (conn->gss_ResultBuffer)
68 #define PqGSSResultLength (conn->gss_ResultLength)
69 #define PqGSSResultNext (conn->gss_ResultNext)
70 #define PqGSSMaxPktSize (conn->gss_MaxPktSize)
71 
72 
73 /*
74  * Attempt to write len bytes of data from ptr to a GSSAPI-encrypted connection.
75  *
76  * The connection must be already set up for GSSAPI encryption (i.e., GSSAPI
77  * transport negotiation is complete).
78  *
79  * On success, returns the number of data bytes consumed (possibly less than
80  * len). On failure, returns -1 with errno set appropriately. If the errno
81  * indicates a non-retryable error, a message is put into conn->errorMessage.
82  * For retryable errors, caller should call again (passing the same data)
83  * once the socket is ready.
84  */
85 ssize_t
86 pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
87 {
88  OM_uint32 major,
89  minor;
90  gss_buffer_desc input,
91  output = GSS_C_EMPTY_BUFFER;
92  ssize_t ret = -1;
93  size_t bytes_sent = 0;
94  size_t bytes_to_encrypt;
95  size_t bytes_encrypted;
96  gss_ctx_id_t gctx = conn->gctx;
97 
98  /*
99  * When we get a failure, we must not tell the caller we have successfully
100  * transmitted everything, else it won't retry. Hence a "success"
101  * (positive) return value must only count source bytes corresponding to
102  * fully-transmitted encrypted packets. The amount of source data
103  * corresponding to the current partly-transmitted packet is remembered in
104  * PqGSSSendConsumed. On a retry, the caller *must* be sending that data
105  * again, so if it offers a len less than that, something is wrong.
106  */
107  if (len < PqGSSSendConsumed)
108  {
109  printfPQExpBuffer(&conn->errorMessage,
110  "GSSAPI caller failed to retransmit all data needing to be retried\n");
111  errno = EINVAL;
112  return -1;
113  }
114 
115  /* Discount whatever source data we already encrypted. */
116  bytes_to_encrypt = len - PqGSSSendConsumed;
117  bytes_encrypted = PqGSSSendConsumed;
118 
119  /*
120  * Loop through encrypting data and sending it out until it's all done or
121  * pqsecure_raw_write() complains (which would likely mean that the socket
122  * is non-blocking and the requested send() would block, or there was some
123  * kind of actual error).
124  */
125  while (bytes_to_encrypt || PqGSSSendLength)
126  {
127  int conf_state = 0;
128  uint32 netlen;
129 
130  /*
131  * Check if we have data in the encrypted output buffer that needs to
132  * be sent (possibly left over from a previous call), and if so, try
133  * to send it. If we aren't able to, return that fact back up to the
134  * caller.
135  */
136  if (PqGSSSendLength)
137  {
138  ssize_t ret;
139  ssize_t amount = PqGSSSendLength - PqGSSSendNext;
140 
141  ret = pqsecure_raw_write(conn, PqGSSSendBuffer + PqGSSSendNext, amount);
142  if (ret <= 0)
143  {
144  /*
145  * Report any previously-sent data; if there was none, reflect
146  * the pqsecure_raw_write result up to our caller. When there
147  * was some, we're effectively assuming that any interesting
148  * failure condition will recur on the next try.
149  */
150  if (bytes_sent)
151  return bytes_sent;
152  return ret;
153  }
154 
155  /*
156  * Check if this was a partial write, and if so, move forward that
157  * far in our buffer and try again.
158  */
159  if (ret != amount)
160  {
161  PqGSSSendNext += ret;
162  continue;
163  }
164 
165  /* We've successfully sent whatever data was in that packet. */
166  bytes_sent += PqGSSSendConsumed;
167 
168  /* All encrypted data was sent, our buffer is empty now. */
169  PqGSSSendLength = PqGSSSendNext = PqGSSSendConsumed = 0;
170  }
171 
172  /*
173  * Check if there are any bytes left to encrypt. If not, we're done.
174  */
175  if (!bytes_to_encrypt)
176  break;
177 
178  /*
179  * Check how much we are being asked to send, if it's too much, then
180  * we will have to loop and possibly be called multiple times to get
181  * through all the data.
182  */
183  if (bytes_to_encrypt > PqGSSMaxPktSize)
184  input.length = PqGSSMaxPktSize;
185  else
186  input.length = bytes_to_encrypt;
187 
188  input.value = (char *) ptr + bytes_encrypted;
189 
190  output.value = NULL;
191  output.length = 0;
192 
193  /*
194  * Create the next encrypted packet. Any failure here is considered a
195  * hard failure, so we return -1 even if bytes_sent > 0.
196  */
197  major = gss_wrap(&minor, gctx, 1, GSS_C_QOP_DEFAULT,
198  &input, &conf_state, &output);
199  if (major != GSS_S_COMPLETE)
200  {
201  pg_GSS_error(libpq_gettext("GSSAPI wrap error"), conn, major, minor);
202  errno = EIO; /* for lack of a better idea */
203  goto cleanup;
204  }
205 
206  if (conf_state == 0)
207  {
208  printfPQExpBuffer(&conn->errorMessage,
209  libpq_gettext("outgoing GSSAPI message would not use confidentiality\n"));
210  errno = EIO; /* for lack of a better idea */
211  goto cleanup;
212  }
213 
214  if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
215  {
216  printfPQExpBuffer(&conn->errorMessage,
217  libpq_gettext("client tried to send oversize GSSAPI packet (%zu > %zu)\n"),
218  (size_t) output.length,
219  PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32));
220  errno = EIO; /* for lack of a better idea */
221  goto cleanup;
222  }
223 
224  bytes_encrypted += input.length;
225  bytes_to_encrypt -= input.length;
226  PqGSSSendConsumed += input.length;
227 
228  /* 4 network-order bytes of length, then payload */
229  netlen = htonl(output.length);
230  memcpy(PqGSSSendBuffer + PqGSSSendLength, &netlen, sizeof(uint32));
231  PqGSSSendLength += sizeof(uint32);
232 
233  memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
234  PqGSSSendLength += output.length;
235  }
236 
237  /* If we get here, our counters should all match up. */
238  Assert(bytes_sent == len);
239  Assert(bytes_sent == bytes_encrypted);
240 
241  ret = bytes_sent;
242 
243 cleanup:
244  if (output.value != NULL)
245  gss_release_buffer(&minor, &output);
246  return ret;
247 }
248 
249 /*
250  * Read up to len bytes of data into ptr from a GSSAPI-encrypted connection.
251  *
252  * The connection must be already set up for GSSAPI encryption (i.e., GSSAPI
253  * transport negotiation is complete).
254  *
255  * Returns the number of data bytes read, or on failure, returns -1
256  * with errno set appropriately. If the errno indicates a non-retryable
257  * error, a message is put into conn->errorMessage. For retryable errors,
258  * caller should call again once the socket is ready.
259  */
260 ssize_t
261 pg_GSS_read(PGconn *conn, void *ptr, size_t len)
262 {
263  OM_uint32 major,
264  minor;
265  gss_buffer_desc input = GSS_C_EMPTY_BUFFER,
266  output = GSS_C_EMPTY_BUFFER;
267  ssize_t ret;
268  size_t bytes_returned = 0;
269  gss_ctx_id_t gctx = conn->gctx;
270 
271  /*
272  * The plan here is to read one incoming encrypted packet into
273  * PqGSSRecvBuffer, decrypt it into PqGSSResultBuffer, and then dole out
274  * data from there to the caller. When we exhaust the current input
275  * packet, read another.
276  */
277  while (bytes_returned < len)
278  {
279  int conf_state = 0;
280 
281  /* Check if we have data in our buffer that we can return immediately */
282  if (PqGSSResultNext < PqGSSResultLength)
283  {
284  size_t bytes_in_buffer = PqGSSResultLength - PqGSSResultNext;
285  size_t bytes_to_copy = Min(bytes_in_buffer, len - bytes_returned);
286 
287  /*
288  * Copy the data from our result buffer into the caller's buffer,
289  * at the point where we last left off filling their buffer.
290  */
291  memcpy((char *) ptr + bytes_returned, PqGSSResultBuffer + PqGSSResultNext, bytes_to_copy);
292  PqGSSResultNext += bytes_to_copy;
293  bytes_returned += bytes_to_copy;
294 
295  /*
296  * At this point, we've either filled the caller's buffer or
297  * emptied our result buffer. Either way, return to caller. In
298  * the second case, we could try to read another encrypted packet,
299  * but the odds are good that there isn't one available. (If this
300  * isn't true, we chose too small a max packet size.) In any
301  * case, there's no harm letting the caller process the data we've
302  * already returned.
303  */
304  break;
305  }
306 
307  /* Result buffer is empty, so reset buffer pointers */
308  PqGSSResultLength = PqGSSResultNext = 0;
309 
310  /*
311  * Because we chose above to return immediately as soon as we emit
312  * some data, bytes_returned must be zero at this point. Therefore
313  * the failure exits below can just return -1 without worrying about
314  * whether we already emitted some data.
315  */
316  Assert(bytes_returned == 0);
317 
318  /*
319  * At this point, our result buffer is empty with more bytes being
320  * requested to be read. We are now ready to load the next packet and
321  * decrypt it (entirely) into our result buffer.
322  */
323 
324  /* Collect the length if we haven't already */
325  if (PqGSSRecvLength < sizeof(uint32))
326  {
327  ret = pqsecure_raw_read(conn, PqGSSRecvBuffer + PqGSSRecvLength,
328  sizeof(uint32) - PqGSSRecvLength);
329 
330  /* If ret <= 0, pqsecure_raw_read already set the correct errno */
331  if (ret <= 0)
332  return ret;
333 
334  PqGSSRecvLength += ret;
335 
336  /* If we still haven't got the length, return to the caller */
337  if (PqGSSRecvLength < sizeof(uint32))
338  {
339  errno = EWOULDBLOCK;
340  return -1;
341  }
342  }
343 
344  /* Decode the packet length and check for overlength packet */
345  input.length = ntohl(*(uint32 *) PqGSSRecvBuffer);
346 
347  if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
348  {
349  printfPQExpBuffer(&conn->errorMessage,
350  libpq_gettext("oversize GSSAPI packet sent by the server (%zu > %zu)\n"),
351  (size_t) input.length,
352  PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32));
353  errno = EIO; /* for lack of a better idea */
354  return -1;
355  }
356 
357  /*
358  * Read as much of the packet as we are able to on this call into
359  * wherever we left off from the last time we were called.
360  */
361  ret = pqsecure_raw_read(conn, PqGSSRecvBuffer + PqGSSRecvLength,
362  input.length - (PqGSSRecvLength - sizeof(uint32)));
363  /* If ret <= 0, pqsecure_raw_read already set the correct errno */
364  if (ret <= 0)
365  return ret;
366 
367  PqGSSRecvLength += ret;
368 
369  /* If we don't yet have the whole packet, return to the caller */
370  if (PqGSSRecvLength - sizeof(uint32) < input.length)
371  {
372  errno = EWOULDBLOCK;
373  return -1;
374  }
375 
376  /*
377  * We now have the full packet and we can perform the decryption and
378  * refill our result buffer, then loop back up to pass data back to
379  * the caller. Note that error exits below here must take care of
380  * releasing the gss output buffer.
381  */
382  output.value = NULL;
383  output.length = 0;
384  input.value = PqGSSRecvBuffer + sizeof(uint32);
385 
386  major = gss_unwrap(&minor, gctx, &input, &output, &conf_state, NULL);
387  if (major != GSS_S_COMPLETE)
388  {
389  pg_GSS_error(libpq_gettext("GSSAPI unwrap error"), conn,
390  major, minor);
391  ret = -1;
392  errno = EIO; /* for lack of a better idea */
393  goto cleanup;
394  }
395 
396  if (conf_state == 0)
397  {
398  printfPQExpBuffer(&conn->errorMessage,
399  libpq_gettext("incoming GSSAPI message did not use confidentiality\n"));
400  ret = -1;
401  errno = EIO; /* for lack of a better idea */
402  goto cleanup;
403  }
404 
405  memcpy(PqGSSResultBuffer, output.value, output.length);
406  PqGSSResultLength = output.length;
407 
408  /* Our receive buffer is now empty, reset it */
409  PqGSSRecvLength = 0;
410 
411  gss_release_buffer(&minor, &output);
412  }
413 
414  ret = bytes_returned;
415 
416 cleanup:
417  if (output.value != NULL)
418  gss_release_buffer(&minor, &output);
419  return ret;
420 }
421 
422 /*
423  * Simple wrapper for reading from pqsecure_raw_read.
424  *
425  * This takes the same arguments as pqsecure_raw_read, plus an output parameter
426  * to return the number of bytes read. This handles if blocking would occur and
427  * if we detect EOF on the connection.
428  */
429 static PostgresPollingStatusType
430 gss_read(PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret)
431 {
432  *ret = pqsecure_raw_read(conn, recv_buffer, length);
433  if (*ret < 0)
434  {
435  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
436  return PGRES_POLLING_READING;
437  else
438  return PGRES_POLLING_FAILED;
439  }
440 
441  /* Check for EOF */
442  if (*ret == 0)
443  {
444  int result = pqReadReady(conn);
445 
446  if (result < 0)
447  return PGRES_POLLING_FAILED;
448 
449  if (!result)
450  return PGRES_POLLING_READING;
451 
452  *ret = pqsecure_raw_read(conn, recv_buffer, length);
453  if (*ret < 0)
454  {
455  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
456  return PGRES_POLLING_READING;
457  else
458  return PGRES_POLLING_FAILED;
459  }
460  if (*ret == 0)
461  return PGRES_POLLING_FAILED;
462  }
463 
464  return PGRES_POLLING_OK;
465 }
466 
467 /*
468  * Negotiate GSSAPI transport for a connection. When complete, returns
469  * PGRES_POLLING_OK. Will return PGRES_POLLING_READING or
470  * PGRES_POLLING_WRITING as appropriate whenever it would block, and
471  * PGRES_POLLING_FAILED if transport could not be negotiated.
472  */
473 PostgresPollingStatusType
474 pqsecure_open_gss(PGconn *conn)
475 {
476  ssize_t ret;
477  OM_uint32 major,
478  minor;
479  uint32 netlen;
480  PostgresPollingStatusType result;
481  gss_buffer_desc input = GSS_C_EMPTY_BUFFER,
482  output = GSS_C_EMPTY_BUFFER;
483 
484  /*
485  * If first time through for this connection, allocate buffers and
486  * initialize state variables. By malloc'ing the buffers separately, we
487  * ensure that they are sufficiently aligned for the length-word accesses
488  * that we do in some places in this file.
489  */
490  if (PqGSSSendBuffer == NULL)
491  {
492  PqGSSSendBuffer = malloc(PQ_GSS_SEND_BUFFER_SIZE);
493  PqGSSRecvBuffer = malloc(PQ_GSS_RECV_BUFFER_SIZE);
494  PqGSSResultBuffer = malloc(PQ_GSS_RECV_BUFFER_SIZE);
495  if (!PqGSSSendBuffer || !PqGSSRecvBuffer || !PqGSSResultBuffer)
496  {
497  printfPQExpBuffer(&conn->errorMessage,
498  libpq_gettext("out of memory\n"));
499  return PGRES_POLLING_FAILED;
500  }
501  PqGSSSendLength = PqGSSSendNext = PqGSSSendConsumed = 0;
502  PqGSSRecvLength = PqGSSResultLength = PqGSSResultNext = 0;
503  }
504 
505  /*
506  * Check if we have anything to send from a prior call and if so, send it.
507  */
508  if (PqGSSSendLength)
509  {
510  ssize_t amount = PqGSSSendLength - PqGSSSendNext;
511 
512  ret = pqsecure_raw_write(conn, PqGSSSendBuffer + PqGSSSendNext, amount);
513  if (ret < 0)
514  {
515  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
516  return PGRES_POLLING_WRITING;
517  else
518  return PGRES_POLLING_FAILED;
519  }
520 
521  if (ret < amount)
522  {
523  PqGSSSendNext += ret;
524  return PGRES_POLLING_WRITING;
525  }
526 
527  PqGSSSendLength = PqGSSSendNext = 0;
528  }
529 
530  /*
531  * Client sends first, and sending creates a context, therefore this will
532  * be false the first time through, and then when we get called again we
533  * will check for incoming data.
534  */
535  if (conn->gctx)
536  {
537  /* Process any incoming data we might have */
538 
539  /* See if we are still trying to get the length */
540  if (PqGSSRecvLength < sizeof(uint32))
541  {
542  /* Attempt to get the length first */
543  result = gss_read(conn, PqGSSRecvBuffer + PqGSSRecvLength, sizeof(uint32) - PqGSSRecvLength, &ret);
544  if (result != PGRES_POLLING_OK)
545  return result;
546 
547  PqGSSRecvLength += ret;
548 
549  if (PqGSSRecvLength < sizeof(uint32))
550  return PGRES_POLLING_READING;
551  }
552 
553  /*
554  * Check if we got an error packet
555  *
556  * This is safe to do because we shouldn't ever get a packet over 8192
557  * and therefore the actual length bytes, being that they are in
558  * network byte order, for any real packet will start with two zero
559  * bytes.
560  */
561  if (PqGSSRecvBuffer[0] == 'E')
562  {
563  /*
564  * For an error packet during startup, we don't get a length, so
565  * simply read as much as we can fit into our buffer (as a string,
566  * so leave a spot at the end for a NULL byte too) and report that
567  * back to the caller.
568  */
569  result = gss_read(conn, PqGSSRecvBuffer + PqGSSRecvLength, PQ_GSS_RECV_BUFFER_SIZE - PqGSSRecvLength - 1, &ret);
570  if (result != PGRES_POLLING_OK)
571  return result;
572 
573  PqGSSRecvLength += ret;
574 
575  printfPQExpBuffer(&conn->errorMessage, "%s\n", PqGSSRecvBuffer + 1);
576 
577  return PGRES_POLLING_FAILED;
578  }
579 
580  /*
581  * We should have the whole length at this point, so pull it out and
582  * then read whatever we have left of the packet
583  */
584 
585  /* Get the length and check for over-length packet */
586  input.length = ntohl(*(uint32 *) PqGSSRecvBuffer);
587  if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
588  {
589  printfPQExpBuffer(&conn->errorMessage,
590  libpq_gettext("oversize GSSAPI packet sent by the server (%zu > %zu)\n"),
591  (size_t) input.length,
592  PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32));
593  return PGRES_POLLING_FAILED;
594  }
595 
596  /*
597  * Read as much of the packet as we are able to on this call into
598  * wherever we left off from the last time we were called.
599  */
600  result = gss_read(conn, PqGSSRecvBuffer + PqGSSRecvLength,
601  input.length - (PqGSSRecvLength - sizeof(uint32)), &ret);
602  if (result != PGRES_POLLING_OK)
603  return result;
604 
605  PqGSSRecvLength += ret;
606 
607  /*
608  * If we got less than the rest of the packet then we need to return
609  * and be called again.
610  */
611  if (PqGSSRecvLength - sizeof(uint32) < input.length)
612  return PGRES_POLLING_READING;
613 
614  input.value = PqGSSRecvBuffer + sizeof(uint32);
615  }
616 
617  /* Load the service name (no-op if already done */
618  ret = pg_GSS_load_servicename(conn);
619  if (ret != STATUS_OK)
620  return PGRES_POLLING_FAILED;
621 
622  /*
623  * Call GSS init context, either with an empty input, or with a complete
624  * packet from the server.
625  */
626  major = gss_init_sec_context(&minor, conn->gcred, &conn->gctx,
627  conn->gtarg_nam, GSS_C_NO_OID,
628  GSS_REQUIRED_FLAGS, 0, 0, &input, NULL,
629  &output, NULL, NULL);
630 
631  /* GSS Init Sec Context uses the whole packet, so clear it */
632  PqGSSRecvLength = 0;
633 
634  if (GSS_ERROR(major))
635  {
636  pg_GSS_error(libpq_gettext("could not initiate GSSAPI security context"),
637  conn, major, minor);
638  return PGRES_POLLING_FAILED;
639  }
640 
641  if (output.length == 0)
642  {
643  /*
644  * We're done - hooray! Kind of gross, but we need to disable SSL
645  * here so that we don't accidentally tunnel one over the other.
646  */
647 #ifdef USE_SSL
648  conn->allow_ssl_try = false;
649 #endif
650 
651  /* Clean up */
652  gss_release_cred(&minor, &conn->gcred);
653  conn->gcred = GSS_C_NO_CREDENTIAL;
654  conn->gssenc = true;
655 
656  /*
657  * Determine the max packet size which will fit in our buffer, after
658  * accounting for the length. pg_GSS_write will need this.
659  */
660  major = gss_wrap_size_limit(&minor, conn->gctx, 1, GSS_C_QOP_DEFAULT,
661  PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32),
662  &PqGSSMaxPktSize);
663 
664  if (GSS_ERROR(major))
665  {
666  pg_GSS_error(libpq_gettext("GSSAPI size check error"), conn,
667  major, minor);
668  return PGRES_POLLING_FAILED;
669  }
670 
671  return PGRES_POLLING_OK;
672  }
673 
674  /* Must have output.length > 0 */
675  if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
676  {
677  pg_GSS_error(libpq_gettext("GSSAPI context establishment error"),
678  conn, major, minor);
679  return PGRES_POLLING_FAILED;
680  }
681 
682  /* Queue the token for writing */
683  netlen = htonl(output.length);
684 
685  memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32));
686  PqGSSSendLength += sizeof(uint32);
687 
688  memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
689  PqGSSSendLength += output.length;
690 
691  /* We don't bother with PqGSSSendConsumed here */
692 
693  gss_release_buffer(&minor, &output);
694 
695  /* Ask to be called again to write data */
696  return PGRES_POLLING_WRITING;
697 }
698 
699 /*
700  * GSSAPI Information functions.
701  */
702 
703 /*
704  * Return the GSSAPI Context itself.
705  */
706 void *
707 PQgetgssctx(PGconn *conn)
708 {
709  if (!conn)
710  return NULL;
711 
712  return conn->gctx;
713 }
714 
715 /*
716  * Return true if GSSAPI encryption is in use.
717  */
718 int
719 PQgssEncInUse(PGconn *conn)
720 {
721  if (!conn || !conn->gctx)
722  return 0;
723 
724  return conn->gssenc;
725 }
printfPQExpBuffer
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:237
postgres_fe.h
pqReadReady
int pqReadReady(PGconn *conn)
Definition: fe-misc.c:1057
PQ_GSS_SEND_BUFFER_SIZE
#define PQ_GSS_SEND_BUFFER_SIZE
Definition: fe-secure-gssapi.c:53
EAGAIN
#define EAGAIN
Definition: win32_port.h:321
output
static void output(uint64 loop_count)
Definition: pg_test_timing.c:171
PqGSSSendConsumed
#define PqGSSSendConsumed
Definition: fe-secure-gssapi.c:64
Min
#define Min(x, y)
Definition: c.h:911
pg_conn
Definition: libpq-int.h:324
PqGSSResultLength
#define PqGSSResultLength
Definition: fe-secure-gssapi.c:68
pqsecure_raw_read
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
Definition: fe-secure.c:239
malloc
#define malloc(a)
Definition: header.h:50
PqGSSSendLength
#define PqGSSSendLength
Definition: fe-secure-gssapi.c:62
conn
PGconn * conn
Definition: streamutil.c:54
pg_GSS_write
ssize_t pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
Definition: fe-secure-gssapi.c:86
PqGSSRecvBuffer
#define PqGSSRecvBuffer
Definition: fe-secure-gssapi.c:65
PQgetgssctx
void * PQgetgssctx(PGconn *conn)
Definition: fe-secure-gssapi.c:707
uint32
unsigned int uint32
Definition: c.h:359
PqGSSRecvLength
#define PqGSSRecvLength
Definition: fe-secure-gssapi.c:66
PqGSSMaxPktSize
#define PqGSSMaxPktSize
Definition: fe-secure-gssapi.c:70
STATUS_OK
#define STATUS_OK
Definition: c.h:1120
PqGSSResultNext
#define PqGSSResultNext
Definition: fe-secure-gssapi.c:69
cleanup
static void cleanup(void)
Definition: bootstrap.c:901
pg_conn::errorMessage
PQExpBufferData errorMessage
Definition: libpq-int.h:524
pg_bswap.h
Assert
#define Assert(condition)
Definition: c.h:739
PQ_GSS_RECV_BUFFER_SIZE
#define PQ_GSS_RECV_BUFFER_SIZE
Definition: fe-secure-gssapi.c:54
pqsecure_raw_write
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
Definition: fe-secure.c:323
pg_GSS_load_servicename
int pg_GSS_load_servicename(PGconn *conn)
Definition: fe-gssapi-common.c:82
PqGSSSendNext
#define PqGSSSendNext
Definition: fe-secure-gssapi.c:63
PqGSSResultBuffer
#define PqGSSResultBuffer
Definition: fe-secure-gssapi.c:67
PostgresPollingStatusType
PostgresPollingStatusType
Definition: libpq-fe.h:74
pg_GSS_read
ssize_t pg_GSS_read(PGconn *conn, void *ptr, size_t len)
Definition: fe-secure-gssapi.c:261
PqGSSSendBuffer
#define PqGSSSendBuffer
Definition: fe-secure-gssapi.c:61
EWOULDBLOCK
#define EWOULDBLOCK
Definition: win32_port.h:329
pqsecure_open_gss
PostgresPollingStatusType pqsecure_open_gss(PGconn *conn)
Definition: fe-secure-gssapi.c:474
GSS_REQUIRED_FLAGS
#define GSS_REQUIRED_FLAGS
Definition: fe-secure-gssapi.c:26
gss_read
static PostgresPollingStatusType gss_read(PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret)
Definition: fe-secure-gssapi.c:430
EINTR
#define EINTR
Definition: win32_port.h:323
pg_GSS_error
void pg_GSS_error(int severity, const char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition: be-gssapi-common.c:55
libpq_gettext
#define libpq_gettext(x)
Definition: libpq-int.h:803
PQgssEncInUse
int PQgssEncInUse(PGconn *conn)
Definition: fe-secure-gssapi.c:719