PostgreSQL Source Code
git master
|
#include "postgres_fe.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include "libpq-fe.h"
#include "fe-auth.h"
#include "fe-secure-common.h"
#include "libpq-int.h"
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include <pthread.h>
#include "common/openssl.h"
#include <openssl/conf.h>
#include <openssl/x509v3.h>
Go to the source code of this file.
Macros | |
#define | SSL_ERR_LEN 128 |
#define | BIO_get_data(bio) (bio->ptr) |
#define | BIO_set_data(bio, data) (bio->ptr = data) |
Functions | |
static int | verify_cb (int ok, X509_STORE_CTX *ctx) |
static int | openssl_verify_peer_name_matches_certificate_name (PGconn *conn, ASN1_STRING *name_entry, char **store_name) |
static int | openssl_verify_peer_name_matches_certificate_ip (PGconn *conn, ASN1_OCTET_STRING *addr_entry, char **store_name) |
static void | destroy_ssl_system (void) |
static int | initialize_SSL (PGconn *conn) |
static PostgresPollingStatusType | open_client_SSL (PGconn *conn) |
static char * | SSLerrmessage (unsigned long ecode) |
static void | SSLerrfree (char *buf) |
static int | PQssl_passwd_cb (char *buf, int size, int rwflag, void *userdata) |
static int | my_sock_read (BIO *h, char *buf, int size) |
static int | my_sock_write (BIO *h, const char *buf, int size) |
static BIO_METHOD * | my_BIO_s_socket (void) |
static int | my_SSL_set_fd (PGconn *conn, int fd) |
static int | ssl_protocol_version_to_openssl (const char *protocol) |
void | pgtls_init_library (bool do_ssl, int do_crypto) |
PostgresPollingStatusType | pgtls_open_client (PGconn *conn) |
ssize_t | pgtls_read (PGconn *conn, void *ptr, size_t len) |
bool | pgtls_read_pending (PGconn *conn) |
ssize_t | pgtls_write (PGconn *conn, const void *ptr, size_t len) |
char * | pgtls_get_peer_certificate_hash (PGconn *conn, size_t *len) |
static bool | is_ip_address (const char *host) |
int | pgtls_verify_peer_name_matches_certificate_guts (PGconn *conn, int *names_examined, char **first_name) |
int | pgtls_init (PGconn *conn, bool do_ssl, bool do_crypto) |
void | pgtls_close (PGconn *conn) |
void * | PQgetssl (PGconn *conn) |
void * | PQsslStruct (PGconn *conn, const char *struct_name) |
const char *const * | PQsslAttributeNames (PGconn *conn) |
const char * | PQsslAttribute (PGconn *conn, const char *attribute_name) |
int | PQdefaultSSLKeyPassHook_OpenSSL (char *buf, int size, PGconn *conn) |
PQsslKeyPassHook_OpenSSL_type | PQgetSSLKeyPassHook_OpenSSL (void) |
void | PQsetSSLKeyPassHook_OpenSSL (PQsslKeyPassHook_OpenSSL_type hook) |
Variables | |
static bool | pq_init_ssl_lib = true |
static bool | pq_init_crypto_lib = true |
static bool | ssl_lib_initialized = false |
static long | crypto_open_connections = 0 |
static pthread_mutex_t | ssl_config_mutex = PTHREAD_MUTEX_INITIALIZER |
static PQsslKeyPassHook_OpenSSL_type | PQsslKeyPassHook = NULL |
static char | ssl_nomem [] = "out of memory allocating error description" |
static BIO_METHOD * | my_bio_methods |
#define BIO_get_data | ( | bio | ) | (bio->ptr) |
Definition at line 1819 of file fe-secure-openssl.c.
Definition at line 1820 of file fe-secure-openssl.c.
#define SSL_ERR_LEN 128 |
Definition at line 1685 of file fe-secure-openssl.c.
|
static |
Definition at line 868 of file fe-secure-openssl.c.
References crypto_open_connections, pq_init_crypto_lib, pthread_mutex_lock(), pthread_mutex_unlock(), and ssl_config_mutex.
Referenced by pgtls_close().
|
static |
Definition at line 909 of file fe-secure-openssl.c.
References buf, conn, pg_conn::connhost, err(), free, pg_conn_host::host, libpq_append_conn_error(), MAXPGPATH, my_SSL_set_fd(), PG_STRERROR_R_BUFLEN, pqGetHomeDirectory(), PQssl_passwd_cb(), PQsslKeyPassHook, S_IRWXG, S_IRWXO, S_ISREG, S_IWGRP, S_IXGRP, snprintf, pg_conn::sock, SSL_context, SSL_CTX_set_max_proto_version(), SSL_CTX_set_min_proto_version(), pg_conn::ssl_in_use, pg_conn::ssl_max_protocol_version, pg_conn::ssl_min_protocol_version, ssl_protocol_version_to_openssl(), pg_conn::sslcert, pg_conn::sslcertmode, pg_conn::sslcompression, pg_conn::sslcrl, pg_conn::sslcrldir, SSLerrfree(), SSLerrmessage(), pg_conn::sslkey, pg_conn::sslmode, pg_conn::sslpassword, pg_conn::sslrootcert, pg_conn::sslsni, stat, strerror_r, strlcpy(), verify_cb(), and pg_conn::whichhost.
Referenced by pgtls_open_client().
|
static |
Definition at line 553 of file fe-secure-openssl.c.
References inet_aton().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
|
static |
Definition at line 1886 of file fe-secure-openssl.c.
References malloc, my_bio_methods, my_sock_read(), and my_sock_write().
Referenced by my_SSL_set_fd().
|
static |
Definition at line 1826 of file fe-secure-openssl.c.
References BIO_get_data, buf, EAGAIN, EINTR, EWOULDBLOCK, pqsecure_raw_read(), res, and SOCK_ERRNO.
Referenced by my_BIO_s_socket().
|
static |
Definition at line 1856 of file fe-secure-openssl.c.
References BIO_get_data, buf, EAGAIN, EINTR, EWOULDBLOCK, pqsecure_raw_write(), res, and SOCK_ERRNO.
Referenced by my_BIO_s_socket().
|
static |
Definition at line 1933 of file fe-secure-openssl.c.
References BIO_set_data, conn, err(), fd(), and my_BIO_s_socket().
Referenced by initialize_SSL().
|
static |
Definition at line 1475 of file fe-secure-openssl.c.
References conn, err(), libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, PGRES_POLLING_FAILED, PGRES_POLLING_OK, PGRES_POLLING_READING, PGRES_POLLING_WRITING, pgtls_close(), pq_verify_peer_name_matches_certificate(), SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, pg_conn::ssl_max_protocol_version, pg_conn::ssl_min_protocol_version, SSLerrfree(), SSLerrmessage(), and pg_conn::sslrootcert.
Referenced by pgtls_open_client().
|
static |
Definition at line 524 of file fe-secure-openssl.c.
References conn, len, libpq_append_conn_error(), and pq_verify_peer_name_matches_certificate_ip().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
|
static |
Definition at line 491 of file fe-secure-openssl.c.
References conn, len, libpq_append_conn_error(), and pq_verify_peer_name_matches_certificate_name().
Referenced by pgtls_verify_peer_name_matches_certificate_guts().
void pgtls_close | ( | PGconn * | conn | ) |
Definition at line 1610 of file fe-secure-openssl.c.
References conn, destroy_ssl_system(), and pg_conn::ssl_in_use.
Referenced by open_client_SSL(), pgtls_open_client(), and pqsecure_close().
char* pgtls_get_peer_certificate_hash | ( | PGconn * | conn, |
size_t * | len | ||
) |
Definition at line 361 of file fe-secure-openssl.c.
References conn, hash(), len, libpq_append_conn_error(), and malloc.
Referenced by build_client_final_message().
Definition at line 768 of file fe-secure-openssl.c.
References conn, crypto_open_connections, free, i, malloc, pq_init_crypto_lib, pq_init_ssl_lib, pthread_mutex_init(), pthread_mutex_lock(), pthread_mutex_unlock(), ssl_config_mutex, and ssl_lib_initialized.
Referenced by pqsecure_initialize().
void pgtls_init_library | ( | bool | do_ssl, |
int | do_crypto | ||
) |
Definition at line 109 of file fe-secure-openssl.c.
References crypto_open_connections, pq_init_crypto_lib, and pq_init_ssl_lib.
Referenced by PQinitOpenSSL(), and PQinitSSL().
PostgresPollingStatusType pgtls_open_client | ( | PGconn * | conn | ) |
Definition at line 123 of file fe-secure-openssl.c.
References conn, initialize_SSL(), open_client_SSL(), PGRES_POLLING_FAILED, and pgtls_close().
Referenced by pqsecure_open_client().
ssize_t pgtls_read | ( | PGconn * | conn, |
void * | ptr, | ||
size_t | len | ||
) |
Definition at line 145 of file fe-secure-openssl.c.
References appendPQExpBufferStr(), conn, ECONNRESET, err(), pg_conn::errorMessage, len, libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, SSLerrfree(), and SSLerrmessage().
Referenced by pqsecure_read().
int pgtls_verify_peer_name_matches_certificate_guts | ( | PGconn * | conn, |
int * | names_examined, | ||
char ** | first_name | ||
) |
Definition at line 573 of file fe-secure-openssl.c.
References Assert(), conn, pg_conn::connhost, free, pg_conn_host::host, i, is_ip_address(), name, openssl_verify_peer_name_matches_certificate_ip(), openssl_verify_peer_name_matches_certificate_name(), and pg_conn::whichhost.
Referenced by pq_verify_peer_name_matches_certificate().
ssize_t pgtls_write | ( | PGconn * | conn, |
const void * | ptr, | ||
size_t | len | ||
) |
Definition at line 267 of file fe-secure-openssl.c.
References appendPQExpBufferStr(), conn, ECONNRESET, err(), pg_conn::errorMessage, len, libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, SSLerrfree(), and SSLerrmessage().
Referenced by pqsecure_write().
int PQdefaultSSLKeyPassHook_OpenSSL | ( | char * | buf, |
int | size, | ||
PGconn * | conn | ||
) |
Definition at line 1966 of file fe-secure-openssl.c.
References buf, conn, fprintf, libpq_gettext, and pg_conn::sslpassword.
Referenced by PQssl_passwd_cb().
void* PQgetssl | ( | PGconn * | conn | ) |
Definition at line 1726 of file fe-secure-openssl.c.
References conn.
PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL | ( | void | ) |
Definition at line 1984 of file fe-secure-openssl.c.
References PQsslKeyPassHook.
void PQsetSSLKeyPassHook_OpenSSL | ( | PQsslKeyPassHook_OpenSSL_type | hook | ) |
Definition at line 1990 of file fe-secure-openssl.c.
References PQsslKeyPassHook.
|
static |
Definition at line 2001 of file fe-secure-openssl.c.
References buf, conn, PQdefaultSSLKeyPassHook_OpenSSL(), and PQsslKeyPassHook.
Referenced by initialize_SSL().
const char* PQsslAttribute | ( | PGconn * | conn, |
const char * | attribute_name | ||
) |
Definition at line 1770 of file fe-secure-openssl.c.
References conn, and snprintf.
Referenced by print_ssl_library(), and printSSLInfo().
const char* const* PQsslAttributeNames | ( | PGconn * | conn | ) |
void* PQsslStruct | ( | PGconn * | conn, |
const char * | struct_name | ||
) |
|
static |
Definition at line 2022 of file fe-secure-openssl.c.
References pg_strcasecmp().
Referenced by initialize_SSL().
|
static |
Definition at line 1712 of file fe-secure-openssl.c.
References buf, free, and ssl_nomem.
Referenced by initialize_SSL(), open_client_SSL(), pgtls_read(), and pgtls_write().
|
static |
Definition at line 1688 of file fe-secure-openssl.c.
References libpq_gettext, malloc, snprintf, SSL_ERR_LEN, ssl_nomem, and strlcpy().
Referenced by initialize_SSL(), open_client_SSL(), pgtls_read(), and pgtls_write().
|
static |
Definition at line 451 of file fe-secure-openssl.c.
Referenced by initialize_SSL().
|
static |
Definition at line 92 of file fe-secure-openssl.c.
Referenced by destroy_ssl_system(), pgtls_init(), and pgtls_init_library().
|
static |
Definition at line 1823 of file fe-secure-openssl.c.
Referenced by my_BIO_s_socket().
Definition at line 88 of file fe-secure-openssl.c.
Referenced by destroy_ssl_system(), pgtls_init(), and pgtls_init_library().
Definition at line 87 of file fe-secure-openssl.c.
Referenced by pgtls_init(), and pgtls_init_library().
|
static |
Definition at line 101 of file fe-secure-openssl.c.
Referenced by initialize_SSL(), PQgetSSLKeyPassHook_OpenSSL(), PQsetSSLKeyPassHook_OpenSSL(), and PQssl_passwd_cb().
|
static |
Definition at line 95 of file fe-secure-openssl.c.
Referenced by destroy_ssl_system(), and pgtls_init().
Definition at line 90 of file fe-secure-openssl.c.
Referenced by pgtls_init().
|
static |
Definition at line 1683 of file fe-secure-openssl.c.
Referenced by SSLerrfree(), and SSLerrmessage().