PostgreSQL Source Code  git master
fe-secure.c File Reference
#include "postgres_fe.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include "fe-auth.h"
#include "libpq-fe.h"
#include "libpq-int.h"
Include dependency graph for fe-secure.c:

Go to the source code of this file.

Macros

#define SIGPIPE_MASKED(conn)   ((conn)->sigpipe_so || (conn)->sigpipe_flag)
 
#define DECLARE_SIGPIPE_INFO(spinfo)   pqsigfunc spinfo = NULL
 
#define DISABLE_SIGPIPE(conn, spinfo, failaction)
 
#define REMEMBER_EPIPE(spinfo, cond)
 
#define RESTORE_SIGPIPE(conn, spinfo)
 

Functions

int PQsslInUse (PGconn *conn)
 
void PQinitSSL (int do_init)
 
void PQinitOpenSSL (int do_ssl, int do_crypto)
 
int pqsecure_initialize (PGconn *conn, bool do_ssl, bool do_crypto)
 
PostgresPollingStatusType pqsecure_open_client (PGconn *conn)
 
void pqsecure_close (PGconn *conn)
 
ssize_t pqsecure_read (PGconn *conn, void *ptr, size_t len)
 
ssize_t pqsecure_raw_read (PGconn *conn, void *ptr, size_t len)
 
ssize_t pqsecure_write (PGconn *conn, const void *ptr, size_t len)
 
ssize_t pqsecure_raw_write (PGconn *conn, const void *ptr, size_t len)
 
void * PQgetssl (PGconn *conn)
 
void * PQsslStruct (PGconn *conn, const char *struct_name)
 
const char * PQsslAttribute (PGconn *conn, const char *attribute_name)
 
const char *const * PQsslAttributeNames (PGconn *conn)
 
PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL (void)
 
void PQsetSSLKeyPassHook_OpenSSL (PQsslKeyPassHook_OpenSSL_type hook)
 
int PQdefaultSSLKeyPassHook_OpenSSL (char *buf, int size, PGconn *conn)
 
void * PQgetgssctx (PGconn *conn)
 
int PQgssEncInUse (PGconn *conn)
 

Macro Definition Documentation

◆ DECLARE_SIGPIPE_INFO

#define DECLARE_SIGPIPE_INFO (   spinfo)    pqsigfunc spinfo = NULL

Definition at line 97 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ DISABLE_SIGPIPE

#define DISABLE_SIGPIPE (   conn,
  spinfo,
  failaction 
)
Value:
do { \
spinfo = pqsignal(SIGPIPE, SIG_IGN); \
} while (0)
#define SIGPIPE
Definition: win32_port.h:164
#define SIGPIPE_MASKED(conn)
Definition: fe-secure.c:59
PGconn * conn
Definition: streamutil.c:54
#define SIG_IGN
Definition: win32_port.h:156
pqsigfunc pqsignal(int signum, pqsigfunc handler)
Definition: signal.c:170

Definition at line 99 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ REMEMBER_EPIPE

#define REMEMBER_EPIPE (   spinfo,
  cond 
)

Definition at line 105 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ RESTORE_SIGPIPE

#define RESTORE_SIGPIPE (   conn,
  spinfo 
)
Value:
do { \
pqsignal(SIGPIPE, spinfo); \
} while (0)
#define SIGPIPE
Definition: win32_port.h:164
#define SIGPIPE_MASKED(conn)
Definition: fe-secure.c:59
PGconn * conn
Definition: streamutil.c:54

Definition at line 107 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ SIGPIPE_MASKED

#define SIGPIPE_MASKED (   conn)    ((conn)->sigpipe_so || (conn)->sigpipe_flag)

Definition at line 59 of file fe-secure.c.

Function Documentation

◆ PQdefaultSSLKeyPassHook_OpenSSL()

int PQdefaultSSLKeyPassHook_OpenSSL ( char *  buf,
int  size,
PGconn conn 
)

Definition at line 444 of file fe-secure.c.

References fprintf, libpq_gettext, and pg_conn::sslpassword.

445 {
446  return 0;
447 }

◆ PQgetgssctx()

void* PQgetgssctx ( PGconn conn)

Definition at line 454 of file fe-secure.c.

455 {
456  return NULL;
457 }

◆ PQgetssl()

void* PQgetssl ( PGconn conn)

Definition at line 399 of file fe-secure.c.

400 {
401  return NULL;
402 }

◆ PQgetSSLKeyPassHook_OpenSSL()

PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL ( void  )

Definition at line 432 of file fe-secure.c.

References PQsslKeyPassHook.

433 {
434  return NULL;
435 }

◆ PQgssEncInUse()

int PQgssEncInUse ( PGconn conn)

Definition at line 460 of file fe-secure.c.

References SIGPIPE, sigwait(), SOCK_ERRNO, and SOCK_ERRNO_SET.

461 {
462  return 0;
463 }

◆ PQinitOpenSSL()

void PQinitOpenSSL ( int  do_ssl,
int  do_crypto 
)

Definition at line 151 of file fe-secure.c.

References pgtls_init_library().

152 {
153 #ifdef USE_SSL
154  pgtls_init_library(do_ssl, do_crypto);
155 #endif
156 }
void pgtls_init_library(bool do_ssl, int do_crypto)

◆ PQinitSSL()

void PQinitSSL ( int  do_init)

Definition at line 139 of file fe-secure.c.

References pgtls_init_library().

140 {
141 #ifdef USE_SSL
143 #endif
144 }
static void do_init(void)
Definition: pg_ctl.c:829
void pgtls_init_library(bool do_ssl, int do_crypto)

◆ pqsecure_close()

void pqsecure_close ( PGconn conn)

Definition at line 191 of file fe-secure.c.

References pgtls_close().

Referenced by pqDropConnection().

192 {
193 #ifdef USE_SSL
194  pgtls_close(conn);
195 #endif
196 }
void pgtls_close(PGconn *conn)

◆ pqsecure_initialize()

int pqsecure_initialize ( PGconn conn,
bool  do_ssl,
bool  do_crypto 
)

Definition at line 162 of file fe-secure.c.

References pgtls_init().

Referenced by PQconnectPoll().

163 {
164  int r = 0;
165 
166 #ifdef USE_SSL
167  r = pgtls_init(conn, do_ssl, do_crypto);
168 #endif
169 
170  return r;
171 }
int pgtls_init(PGconn *conn, bool do_ssl, bool do_crypto)

◆ pqsecure_open_client()

PostgresPollingStatusType pqsecure_open_client ( PGconn conn)

Definition at line 177 of file fe-secure.c.

References PGRES_POLLING_FAILED, and pgtls_open_client().

Referenced by PQconnectPoll().

178 {
179 #ifdef USE_SSL
180  return pgtls_open_client(conn);
181 #else
182  /* shouldn't get here */
183  return PGRES_POLLING_FAILED;
184 #endif
185 }
PostgresPollingStatusType pgtls_open_client(PGconn *conn)

◆ pqsecure_raw_read()

ssize_t pqsecure_raw_read ( PGconn conn,
void *  ptr,
size_t  len 
)

Definition at line 232 of file fe-secure.c.

References appendPQExpBuffer(), appendPQExpBufferStr(), EAGAIN, ECONNRESET, EINTR, pg_conn::errorMessage, EWOULDBLOCK, libpq_gettext, PG_STRERROR_R_BUFLEN, recv, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, and SOCK_STRERROR.

Referenced by gss_read(), my_sock_read(), pg_GSS_read(), and pqsecure_read().

233 {
234  ssize_t n;
235  int result_errno = 0;
236  char sebuf[PG_STRERROR_R_BUFLEN];
237 
238  n = recv(conn->sock, ptr, len, 0);
239 
240  if (n < 0)
241  {
242  result_errno = SOCK_ERRNO;
243 
244  /* Set error message if appropriate */
245  switch (result_errno)
246  {
247 #ifdef EAGAIN
248  case EAGAIN:
249 #endif
250 #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
251  case EWOULDBLOCK:
252 #endif
253  case EINTR:
254  /* no error message, caller is expected to retry */
255  break;
256 
257  case EPIPE:
258  case ECONNRESET:
260  libpq_gettext("server closed the connection unexpectedly\n"
261  "\tThis probably means the server terminated abnormally\n"
262  "\tbefore or while processing the request.\n"));
263  break;
264 
265  default:
267  libpq_gettext("could not receive data from server: %s\n"),
268  SOCK_STRERROR(result_errno,
269  sebuf, sizeof(sebuf)));
270  break;
271  }
272  }
273 
274  /* ensure we return the intended errno to caller */
275  SOCK_ERRNO_SET(result_errno);
276 
277  return n;
278 }
#define EAGAIN
Definition: win32_port.h:341
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
Definition: pqexpbuffer.c:369
#define PG_STRERROR_R_BUFLEN
Definition: port.h:234
#define recv(s, buf, len, flags)
Definition: win32_port.h:465
#define SOCK_STRERROR
Definition: libpq-int.h:860
#define SOCK_ERRNO
Definition: libpq-int.h:859
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:267
#define SOCK_ERRNO_SET(e)
Definition: libpq-int.h:861
pgsocket sock
Definition: libpq-int.h:443
PQExpBufferData errorMessage
Definition: libpq-int.h:569
#define ECONNRESET
Definition: win32_port.h:353
#define EWOULDBLOCK
Definition: win32_port.h:349
#define EINTR
Definition: win32_port.h:343
#define libpq_gettext(x)
Definition: libpq-int.h:846

◆ pqsecure_raw_write()

ssize_t pqsecure_raw_write ( PGconn conn,
const void *  ptr,
size_t  len 
)

Definition at line 314 of file fe-secure.c.

References appendPQExpBuffer(), appendPQExpBufferStr(), DECLARE_SIGPIPE_INFO, DISABLE_SIGPIPE, EAGAIN, ECONNRESET, EINTR, pg_conn::errorMessage, EWOULDBLOCK, libpq_gettext, PG_STRERROR_R_BUFLEN, REMEMBER_EPIPE, RESTORE_SIGPIPE, send, pg_conn::sigpipe_flag, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, and SOCK_STRERROR.

Referenced by my_sock_write(), pg_GSS_write(), pqsecure_open_gss(), and pqsecure_write().

315 {
316  ssize_t n;
317  int flags = 0;
318  int result_errno = 0;
319  char sebuf[PG_STRERROR_R_BUFLEN];
320 
321  DECLARE_SIGPIPE_INFO(spinfo);
322 
323 #ifdef MSG_NOSIGNAL
324  if (conn->sigpipe_flag)
325  flags |= MSG_NOSIGNAL;
326 
327 retry_masked:
328 #endif /* MSG_NOSIGNAL */
329 
330  DISABLE_SIGPIPE(conn, spinfo, return -1);
331 
332  n = send(conn->sock, ptr, len, flags);
333 
334  if (n < 0)
335  {
336  result_errno = SOCK_ERRNO;
337 
338  /*
339  * If we see an EINVAL, it may be because MSG_NOSIGNAL isn't available
340  * on this machine. So, clear sigpipe_flag so we don't try the flag
341  * again, and retry the send().
342  */
343 #ifdef MSG_NOSIGNAL
344  if (flags != 0 && result_errno == EINVAL)
345  {
346  conn->sigpipe_flag = false;
347  flags = 0;
348  goto retry_masked;
349  }
350 #endif /* MSG_NOSIGNAL */
351 
352  /* Set error message if appropriate */
353  switch (result_errno)
354  {
355 #ifdef EAGAIN
356  case EAGAIN:
357 #endif
358 #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
359  case EWOULDBLOCK:
360 #endif
361  case EINTR:
362  /* no error message, caller is expected to retry */
363  break;
364 
365  case EPIPE:
366  /* Set flag for EPIPE */
367  REMEMBER_EPIPE(spinfo, true);
368 
369  /* FALL THRU */
370 
371  case ECONNRESET:
373  libpq_gettext("server closed the connection unexpectedly\n"
374  "\tThis probably means the server terminated abnormally\n"
375  "\tbefore or while processing the request.\n"));
376  break;
377 
378  default:
380  libpq_gettext("could not send data to server: %s\n"),
381  SOCK_STRERROR(result_errno,
382  sebuf, sizeof(sebuf)));
383  break;
384  }
385  }
386 
387  RESTORE_SIGPIPE(conn, spinfo);
388 
389  /* ensure we return the intended errno to caller */
390  SOCK_ERRNO_SET(result_errno);
391 
392  return n;
393 }
bool sigpipe_flag
Definition: libpq-int.h:452
#define EAGAIN
Definition: win32_port.h:341
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
Definition: pqexpbuffer.c:369
#define DECLARE_SIGPIPE_INFO(spinfo)
Definition: fe-secure.c:97
#define PG_STRERROR_R_BUFLEN
Definition: port.h:234
#define SOCK_STRERROR
Definition: libpq-int.h:860
#define SOCK_ERRNO
Definition: libpq-int.h:859
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:267
#define RESTORE_SIGPIPE(conn, spinfo)
Definition: fe-secure.c:107
#define SOCK_ERRNO_SET(e)
Definition: libpq-int.h:861
pgsocket sock
Definition: libpq-int.h:443
#define REMEMBER_EPIPE(spinfo, cond)
Definition: fe-secure.c:105
PQExpBufferData errorMessage
Definition: libpq-int.h:569
#define ECONNRESET
Definition: win32_port.h:353
#define EWOULDBLOCK
Definition: win32_port.h:349
#define DISABLE_SIGPIPE(conn, spinfo, failaction)
Definition: fe-secure.c:99
#define EINTR
Definition: win32_port.h:343
#define libpq_gettext(x)
Definition: libpq-int.h:846
#define send(s, buf, len, flags)
Definition: win32_port.h:466

◆ pqsecure_read()

ssize_t pqsecure_read ( PGconn conn,
void *  ptr,
size_t  len 
)

Definition at line 206 of file fe-secure.c.

References pg_GSS_read(), pgtls_read(), pqsecure_raw_read(), and pg_conn::ssl_in_use.

Referenced by pqReadData().

207 {
208  ssize_t n;
209 
210 #ifdef USE_SSL
211  if (conn->ssl_in_use)
212  {
213  n = pgtls_read(conn, ptr, len);
214  }
215  else
216 #endif
217 #ifdef ENABLE_GSS
218  if (conn->gssenc)
219  {
220  n = pg_GSS_read(conn, ptr, len);
221  }
222  else
223 #endif
224  {
225  n = pqsecure_raw_read(conn, ptr, len);
226  }
227 
228  return n;
229 }
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
Definition: fe-secure.c:232
bool ssl_in_use
Definition: libpq-int.h:506
ssize_t pgtls_read(PGconn *conn, void *ptr, size_t len)
ssize_t pg_GSS_read(PGconn *conn, void *ptr, size_t len)

◆ pqsecure_write()

ssize_t pqsecure_write ( PGconn conn,
const void *  ptr,
size_t  len 
)

Definition at line 288 of file fe-secure.c.

References pg_GSS_write(), pgtls_write(), pqsecure_raw_write(), and pg_conn::ssl_in_use.

Referenced by pqSendSome().

289 {
290  ssize_t n;
291 
292 #ifdef USE_SSL
293  if (conn->ssl_in_use)
294  {
295  n = pgtls_write(conn, ptr, len);
296  }
297  else
298 #endif
299 #ifdef ENABLE_GSS
300  if (conn->gssenc)
301  {
302  n = pg_GSS_write(conn, ptr, len);
303  }
304  else
305 #endif
306  {
307  n = pqsecure_raw_write(conn, ptr, len);
308  }
309 
310  return n;
311 }
ssize_t pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
bool ssl_in_use
Definition: libpq-int.h:506
ssize_t pgtls_write(PGconn *conn, const void *ptr, size_t len)
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
Definition: fe-secure.c:314

◆ PQsetSSLKeyPassHook_OpenSSL()

void PQsetSSLKeyPassHook_OpenSSL ( PQsslKeyPassHook_OpenSSL_type  hook)

Definition at line 438 of file fe-secure.c.

References PQsslKeyPassHook.

439 {
440  return;
441 }

◆ PQsslAttribute()

const char* PQsslAttribute ( PGconn conn,
const char *  attribute_name 
)

Definition at line 411 of file fe-secure.c.

References snprintf.

412 {
413  return NULL;
414 }

◆ PQsslAttributeNames()

const char* const* PQsslAttributeNames ( PGconn conn)

Definition at line 417 of file fe-secure.c.

418 {
419  static const char *const result[] = {NULL};
420 
421  return result;
422 }

◆ PQsslInUse()

int PQsslInUse ( PGconn conn)

Definition at line 127 of file fe-secure.c.

References pg_conn::ssl_in_use.

Referenced by printSSLInfo().

128 {
129  if (!conn)
130  return 0;
131  return conn->ssl_in_use;
132 }
bool ssl_in_use
Definition: libpq-int.h:506

◆ PQsslStruct()

void* PQsslStruct ( PGconn conn,
const char *  struct_name 
)

Definition at line 405 of file fe-secure.c.

406 {
407  return NULL;
408 }