#include "postgres_fe.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include <pthread.h>
#include "fe-auth.h"
#include "libpq-fe.h"
#include "libpq-int.h"

Include dependency graph for fe-secure.c:

Data Structures
struct	sigpipe_info

Macros
#define	SIGPIPE_MASKED(conn) ((conn)->sigpipe_so \|\| (conn)->sigpipe_flag)

#define	DECLARE_SIGPIPE_INFO(spinfo) struct sigpipe_info spinfo

#define	DISABLE_SIGPIPE(conn, spinfo, failaction)

#define	REMEMBER_EPIPE(spinfo, cond)

#define	RESTORE_SIGPIPE(conn, spinfo)

Functions
int	PQsslInUse (PGconn *conn)

void	PQinitSSL (int do_init)

void	PQinitOpenSSL (int do_ssl, int do_crypto)

int	pqsecure_initialize (PGconn *conn, bool do_ssl, bool do_crypto)

PostgresPollingStatusType	pqsecure_open_client (PGconn *conn)

void	pqsecure_close (PGconn *conn)

ssize_t	pqsecure_read (PGconn conn, void ptr, size_t len)

ssize_t	pqsecure_raw_read (PGconn conn, void ptr, size_t len)

ssize_t	pqsecure_write (PGconn conn, const void ptr, size_t len)

ssize_t	pqsecure_raw_write (PGconn conn, const void ptr, size_t len)

void *	PQgetssl (PGconn *conn)

void *	PQsslStruct (PGconn conn, const char struct_name)

const char *	PQsslAttribute (PGconn conn, const char attribute_name)

const char const	PQsslAttributeNames (PGconn *conn)

PQsslKeyPassHook_OpenSSL_type	PQgetSSLKeyPassHook_OpenSSL (void)

void	PQsetSSLKeyPassHook_OpenSSL (PQsslKeyPassHook_OpenSSL_type hook)

int	PQdefaultSSLKeyPassHook_OpenSSL (char buf, int size, PGconn conn)

void *	PQgetgssctx (PGconn *conn)

int	PQgssEncInUse (PGconn *conn)

int	pq_block_sigpipe (sigset_t osigset, bool sigpipe_pending)

void	pq_reset_sigpipe (sigset_t *osigset, bool sigpipe_pending, bool got_epipe)

Macro Definition Documentation

◆ DECLARE_SIGPIPE_INFO

#define DECLARE_SIGPIPE_INFO ( spinfo ) struct sigpipe_info spinfo

Definition at line 64 of file fe-secure.c.

◆ DISABLE_SIGPIPE

#define DISABLE_SIGPIPE	(	conn,
		spinfo,
		failaction
	)

Value:

    do { \
        (spinfo).got_epipe = false; \
        if (!SIGPIPE_MASKED(conn)) \
        { \
            if (pq_block_sigpipe(&(spinfo).oldsigmask, \
                                 &(spinfo).sigpipe_pending) < 0) \
                failaction; \
        } \
    } while (0)

Definition at line 66 of file fe-secure.c.

◆ REMEMBER_EPIPE

#define REMEMBER_EPIPE	(	spinfo,
		cond
	)

Value:

    do { \
        if (cond) \
            (spinfo).got_epipe = true; \
    } while (0)

Definition at line 77 of file fe-secure.c.

◆ RESTORE_SIGPIPE

#define RESTORE_SIGPIPE	(	conn,
		spinfo
	)

Value:

    do { \
        if (!SIGPIPE_MASKED(conn)) \
            pq_reset_sigpipe(&(spinfo).oldsigmask, (spinfo).sigpipe_pending, \
                             (spinfo).got_epipe); \
    } while (0)

Definition at line 83 of file fe-secure.c.

◆ SIGPIPE_MASKED

#define SIGPIPE_MASKED ( conn ) ((conn)->sigpipe_so || (conn)->sigpipe_flag)

Definition at line 55 of file fe-secure.c.

Function Documentation

◆ pq_block_sigpipe()

int pq_block_sigpipe	(	sigset_t *	osigset,
		bool *	sigpipe_pending
	)

Definition at line 512 of file fe-secure.c.

 {
     sigset_t    sigpipe_sigset;
     sigset_t    sigset;
  
     sigemptyset(&sigpipe_sigset);
     sigaddset(&sigpipe_sigset, SIGPIPE);
  
     /* Block SIGPIPE and save previous mask for later reset */
     SOCK_ERRNO_SET(pthread_sigmask(SIG_BLOCK, &sigpipe_sigset, osigset));
     if (SOCK_ERRNO)
         return -1;
  
     /* We can have a pending SIGPIPE only if it was blocked before */
     if (sigismember(osigset, SIGPIPE))
     {
         /* Is there a pending SIGPIPE? */
         if (sigpending(&sigset) != 0)
             return -1;
  
         if (sigismember(&sigset, SIGPIPE))
             *sigpipe_pending = true;
         else
             *sigpipe_pending = false;
     }
     else
         *sigpipe_pending = false;
  
     return 0;
 }

References SIGPIPE, SOCK_ERRNO, and SOCK_ERRNO_SET.

Referenced by PQprint().

◆ pq_reset_sigpipe()

void pq_reset_sigpipe	(	sigset_t *	osigset,
		bool	sigpipe_pending,
		bool	got_epipe
	)

Definition at line 562 of file fe-secure.c.

 {
     int         save_errno = SOCK_ERRNO;
     int         signo;
     sigset_t    sigset;
  
     /* Clear SIGPIPE only if none was pending */
     if (got_epipe && !sigpipe_pending)
     {
         if (sigpending(&sigset) == 0 &&
             sigismember(&sigset, SIGPIPE))
         {
             sigset_t    sigpipe_sigset;
  
             sigemptyset(&sigpipe_sigset);
             sigaddset(&sigpipe_sigset, SIGPIPE);
  
             sigwait(&sigpipe_sigset, &signo);
         }
     }
  
     /* Restore saved block mask */
     pthread_sigmask(SIG_SETMASK, osigset, NULL);
  
     SOCK_ERRNO_SET(save_errno);
 }

References SIGPIPE, SOCK_ERRNO, and SOCK_ERRNO_SET.

Referenced by PQprint().

◆ PQdefaultSSLKeyPassHook_OpenSSL()

int PQdefaultSSLKeyPassHook_OpenSSL	(	char *	buf,
		int	size,
		PGconn *	conn
	)

Definition at line 481 of file fe-secure.c.

 {
     return 0;
 }

◆ PQgetgssctx()

void* PQgetgssctx ( PGconn * conn )

Definition at line 491 of file fe-secure.c.

 {
     return NULL;
 }

◆ PQgetssl()

void* PQgetssl ( PGconn * conn )

Definition at line 436 of file fe-secure.c.

 {
     return NULL;
 }

◆ PQgetSSLKeyPassHook_OpenSSL()

PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL ( void )

Definition at line 469 of file fe-secure.c.

 {
     return NULL;
 }

◆ PQgssEncInUse()

int PQgssEncInUse ( PGconn * conn )

Definition at line 497 of file fe-secure.c.

 {
     return 0;
 }

◆ PQinitOpenSSL()

void PQinitOpenSSL	(	int	do_ssl,
		int	do_crypto
	)

Definition at line 127 of file fe-secure.c.

 {
 #ifdef USE_SSL
     pgtls_init_library(do_ssl, do_crypto);
 #endif
 }

References pgtls_init_library().

◆ PQinitSSL()

void PQinitSSL ( int do_init )

Definition at line 115 of file fe-secure.c.

 {
 #ifdef USE_SSL
     pgtls_init_library(do_init, do_init);
 #endif
 }

References do_init(), and pgtls_init_library().

◆ pqsecure_close()

void pqsecure_close ( PGconn * conn )

Definition at line 167 of file fe-secure.c.

 {
 #ifdef USE_SSL
     pgtls_close(conn);
 #endif
 }

References conn, and pgtls_close().

Referenced by pqDropConnection().

◆ pqsecure_initialize()

int pqsecure_initialize	(	PGconn *	conn,
		bool	do_ssl,
		bool	do_crypto
	)

Definition at line 138 of file fe-secure.c.

 {
     int         r = 0;
  
 #ifdef USE_SSL
     r = pgtls_init(conn, do_ssl, do_crypto);
 #endif
  
     return r;
 }

References conn, and pgtls_init().

Referenced by PQconnectPoll().

◆ pqsecure_open_client()

PostgresPollingStatusType pqsecure_open_client ( PGconn * conn )

Definition at line 153 of file fe-secure.c.

 {
 #ifdef USE_SSL
     return pgtls_open_client(conn);
 #else
     /* shouldn't get here */
     return PGRES_POLLING_FAILED;
 #endif
 }

References conn, PGRES_POLLING_FAILED, and pgtls_open_client().

Referenced by PQconnectPoll().

◆ pqsecure_raw_read()

ssize_t pqsecure_raw_read	(	PGconn *	conn,
		void *	ptr,
		size_t	len
	)

Definition at line 208 of file fe-secure.c.

 {
     ssize_t     n;
     int         result_errno = 0;
     char        sebuf[PG_STRERROR_R_BUFLEN];
  
     n = recv(conn->sock, ptr, len, 0);
  
     if (n < 0)
     {
         result_errno = SOCK_ERRNO;
  
         /* Set error message if appropriate */
         switch (result_errno)
         {
 #ifdef EAGAIN
             case EAGAIN:
 #endif
 #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
             case EWOULDBLOCK:
 #endif
             case EINTR:
                 /* no error message, caller is expected to retry */
                 break;
  
             case EPIPE:
             case ECONNRESET:
                 libpq_append_conn_error(conn, "server closed the connection unexpectedly\n"
                                         "\tThis probably means the server terminated abnormally\n"
                                         "\tbefore or while processing the request.");
                 break;
  
             default:
                 libpq_append_conn_error(conn, "could not receive data from server: %s",
                                         SOCK_STRERROR(result_errno,
                                                       sebuf, sizeof(sebuf)));
                 break;
         }
     }
  
     /* ensure we return the intended errno to caller */
     SOCK_ERRNO_SET(result_errno);
  
     return n;
 }

References conn, EAGAIN, ECONNRESET, EINTR, EWOULDBLOCK, len, libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, recv, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, and SOCK_STRERROR.

Referenced by gss_read(), my_sock_read(), pg_GSS_read(), and pqsecure_read().

◆ pqsecure_raw_write()

ssize_t pqsecure_raw_write	(	PGconn *	conn,
		const void *	ptr,
		size_t	len
	)

Definition at line 324 of file fe-secure.c.

 {
     ssize_t     n;
     int         flags = 0;
     int         result_errno = 0;
     char        msgbuf[1024];
     char        sebuf[PG_STRERROR_R_BUFLEN];
  
     DECLARE_SIGPIPE_INFO(spinfo);
  
     /*
      * If we already had a write failure, we will never again try to send data
      * on that connection.  Even if the kernel would let us, we've probably
      * lost message boundary sync with the server.  conn->write_failed
      * therefore persists until the connection is reset, and we just discard
      * all data presented to be written.
      */
     if (conn->write_failed)
         return len;
  
 #ifdef MSG_NOSIGNAL
     if (conn->sigpipe_flag)
         flags |= MSG_NOSIGNAL;
  
 retry_masked:
 #endif                          /* MSG_NOSIGNAL */
  
     DISABLE_SIGPIPE(conn, spinfo, return -1);
  
     n = send(conn->sock, ptr, len, flags);
  
     if (n < 0)
     {
         result_errno = SOCK_ERRNO;
  
         /*
          * If we see an EINVAL, it may be because MSG_NOSIGNAL isn't available
          * on this machine.  So, clear sigpipe_flag so we don't try the flag
          * again, and retry the send().
          */
 #ifdef MSG_NOSIGNAL
         if (flags != 0 && result_errno == EINVAL)
         {
             conn->sigpipe_flag = false;
             flags = 0;
             goto retry_masked;
         }
 #endif                          /* MSG_NOSIGNAL */
  
         /* Set error message if appropriate */
         switch (result_errno)
         {
 #ifdef EAGAIN
             case EAGAIN:
 #endif
 #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
             case EWOULDBLOCK:
 #endif
             case EINTR:
                 /* no error message, caller is expected to retry */
                 break;
  
             case EPIPE:
                 /* Set flag for EPIPE */
                 REMEMBER_EPIPE(spinfo, true);
  
                 /* FALL THRU */
  
             case ECONNRESET:
                 conn->write_failed = true;
                 /* Store error message in conn->write_err_msg, if possible */
                 /* (strdup failure is OK, we'll cope later) */
                 snprintf(msgbuf, sizeof(msgbuf),
                          libpq_gettext("server closed the connection unexpectedly\n"
                                        "\tThis probably means the server terminated abnormally\n"
                                        "\tbefore or while processing the request."));
                 /* keep newline out of translated string */
                 strlcat(msgbuf, "\n", sizeof(msgbuf));
                 conn->write_err_msg = strdup(msgbuf);
                 /* Now claim the write succeeded */
                 n = len;
                 break;
  
             default:
                 conn->write_failed = true;
                 /* Store error message in conn->write_err_msg, if possible */
                 /* (strdup failure is OK, we'll cope later) */
                 snprintf(msgbuf, sizeof(msgbuf),
                          libpq_gettext("could not send data to server: %s"),
                          SOCK_STRERROR(result_errno,
                                        sebuf, sizeof(sebuf)));
                 /* keep newline out of translated string */
                 strlcat(msgbuf, "\n", sizeof(msgbuf));
                 conn->write_err_msg = strdup(msgbuf);
                 /* Now claim the write succeeded */
                 n = len;
                 break;
         }
     }
  
     RESTORE_SIGPIPE(conn, spinfo);
  
     /* ensure we return the intended errno to caller */
     SOCK_ERRNO_SET(result_errno);
  
     return n;
 }

References conn, DECLARE_SIGPIPE_INFO, DISABLE_SIGPIPE, EAGAIN, ECONNRESET, EINTR, EWOULDBLOCK, len, libpq_gettext, PG_STRERROR_R_BUFLEN, REMEMBER_EPIPE, RESTORE_SIGPIPE, send, pg_conn::sigpipe_flag, snprintf, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, strlcat(), pg_conn::write_err_msg, and pg_conn::write_failed.

Referenced by my_sock_write(), pg_GSS_write(), pqsecure_open_gss(), and pqsecure_write().

◆ pqsecure_read()

ssize_t pqsecure_read	(	PGconn *	conn,
		void *	ptr,
		size_t	len
	)

Definition at line 182 of file fe-secure.c.

 {
     ssize_t     n;
  
 #ifdef USE_SSL
     if (conn->ssl_in_use)
     {
         n = pgtls_read(conn, ptr, len);
     }
     else
 #endif
 #ifdef ENABLE_GSS
     if (conn->gssenc)
     {
         n = pg_GSS_read(conn, ptr, len);
     }
     else
 #endif
     {
         n = pqsecure_raw_read(conn, ptr, len);
     }
  
     return n;
 }

References conn, len, pg_GSS_read(), pgtls_read(), pqsecure_raw_read(), and pg_conn::ssl_in_use.

Referenced by pqReadData().

◆ pqsecure_write()

ssize_t pqsecure_write	(	PGconn *	conn,
		const void *	ptr,
		size_t	len
	)

Definition at line 275 of file fe-secure.c.

 {
     ssize_t     n;
  
 #ifdef USE_SSL
     if (conn->ssl_in_use)
     {
         n = pgtls_write(conn, ptr, len);
     }
     else
 #endif
 #ifdef ENABLE_GSS
     if (conn->gssenc)
     {
         n = pg_GSS_write(conn, ptr, len);
     }
     else
 #endif
     {
         n = pqsecure_raw_write(conn, ptr, len);
     }
  
     return n;
 }

References conn, len, pg_GSS_write(), pgtls_write(), pqsecure_raw_write(), and pg_conn::ssl_in_use.

Referenced by pqSendSome().

◆ PQsetSSLKeyPassHook_OpenSSL()

void PQsetSSLKeyPassHook_OpenSSL ( PQsslKeyPassHook_OpenSSL_type hook )

Definition at line 475 of file fe-secure.c.

 {
     return;
 }

◆ PQsslAttribute()

const char* PQsslAttribute	(	PGconn *	conn,
		const char *	attribute_name
	)

Definition at line 448 of file fe-secure.c.

 {
     return NULL;
 }

◆ PQsslAttributeNames()

const char* const* PQsslAttributeNames ( PGconn * conn )

Definition at line 454 of file fe-secure.c.

 {
     static const char *const result[] = {NULL};
  
     return result;
 }

◆ PQsslInUse()

int PQsslInUse ( PGconn * conn )

Definition at line 103 of file fe-secure.c.

 {
     if (!conn)
         return 0;
     return conn->ssl_in_use;
 }

References conn, and pg_conn::ssl_in_use.

Referenced by printSSLInfo().

◆ PQsslStruct()

void* PQsslStruct	(	PGconn *	conn,
		const char *	struct_name
	)

Definition at line 442 of file fe-secure.c.

 {
     return NULL;
 }

Data Structures

Macros

Functions

Macro Definition Documentation

◆ DECLARE_SIGPIPE_INFO

◆ DISABLE_SIGPIPE

◆ REMEMBER_EPIPE

◆ RESTORE_SIGPIPE

◆ SIGPIPE_MASKED

Function Documentation

◆ pq_block_sigpipe()

◆ pq_reset_sigpipe()

◆ PQdefaultSSLKeyPassHook_OpenSSL()

◆ PQgetgssctx()

◆ PQgetssl()

◆ PQgetSSLKeyPassHook_OpenSSL()

◆ PQgssEncInUse()

◆ PQinitOpenSSL()

◆ PQinitSSL()

◆ pqsecure_close()

◆ pqsecure_initialize()

◆ pqsecure_open_client()

◆ pqsecure_raw_read()

◆ pqsecure_raw_write()

◆ pqsecure_read()

◆ pqsecure_write()

◆ PQsetSSLKeyPassHook_OpenSSL()

◆ PQsslAttribute()

◆ PQsslAttributeNames()

◆ PQsslInUse()

◆ PQsslStruct()