fe-secure.c File Reference

#include "postgres_fe.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include "fe-auth.h"
#include "libpq-fe.h"
#include "libpq-int.h"

Include dependency graph for fe-secure.c:

Go to the source code of this file.

Macros
#define	SIGPIPE_MASKED(conn)   ((conn)->sigpipe_so || (conn)->sigpipe_flag)
#define	DECLARE_SIGPIPE_INFO(spinfo)   pqsigfunc spinfo = NULL
#define	DISABLE_SIGPIPE(conn, spinfo, failaction)
#define	REMEMBER_EPIPE(spinfo, cond)
#define	RESTORE_SIGPIPE(conn, spinfo)

Functions
int	PQsslInUse (PGconn *conn)
void	PQinitSSL (int do_init)
void	PQinitOpenSSL (int do_ssl, int do_crypto)
int	pqsecure_initialize (PGconn *conn, bool do_ssl, bool do_crypto)
PostgresPollingStatusType	pqsecure_open_client (PGconn *conn)
void	pqsecure_close (PGconn *conn)
ssize_t	pqsecure_read (PGconn *conn, void *ptr, size_t len)
ssize_t	pqsecure_raw_read (PGconn *conn, void *ptr, size_t len)
ssize_t	pqsecure_write (PGconn *conn, const void *ptr, size_t len)
ssize_t	pqsecure_raw_write (PGconn *conn, const void *ptr, size_t len)
void *	PQgetssl (PGconn *conn)
void *	PQsslStruct (PGconn *conn, const char *struct_name)
const char *	PQsslAttribute (PGconn *conn, const char *attribute_name)
const char *const *	PQsslAttributeNames (PGconn *conn)
PQsslKeyPassHook_OpenSSL_type	PQgetSSLKeyPassHook_OpenSSL (void)
void	PQsetSSLKeyPassHook_OpenSSL (PQsslKeyPassHook_OpenSSL_type hook)
int	PQdefaultSSLKeyPassHook_OpenSSL (char *buf, int size, PGconn *conn)
void *	PQgetgssctx (PGconn *conn)
int	PQgssEncInUse (PGconn *conn)

Macro Definition Documentation

DECLARE_SIGPIPE_INFO

#define DECLARE_SIGPIPE_INFO

(

spinfo

)

pqsigfunc spinfo = NULL

Definition at line 95 of file fe-secure.c.

DISABLE_SIGPIPE

#define DISABLE_SIGPIPE	(		conn,
			spinfo,
			failaction
	)

Value:

    do { \
        if (!SIGPIPE_MASKED(conn)) \
            spinfo = pqsignal(SIGPIPE, SIG_IGN); \
    } while (0)

Definition at line 97 of file fe-secure.c.

REMEMBER_EPIPE

#define REMEMBER_EPIPE	(		spinfo,
			cond
	)

Definition at line 103 of file fe-secure.c.

RESTORE_SIGPIPE

#define RESTORE_SIGPIPE	(		conn,
			spinfo
	)

Value:

    do { \
        if (!SIGPIPE_MASKED(conn)) \
            pqsignal(SIGPIPE, spinfo); \
    } while (0)

Definition at line 105 of file fe-secure.c.

SIGPIPE_MASKED

#define SIGPIPE_MASKED

(

conn

)

((conn)->sigpipe_so || (conn)->sigpipe_flag)

Definition at line 57 of file fe-secure.c.

Function Documentation

PQdefaultSSLKeyPassHook_OpenSSL()

int PQdefaultSSLKeyPassHook_OpenSSL	(	char *	buf,
		int	size,
		PGconn *	conn
	)

Definition at line 503 of file fe-secure.c.

{
    return 0;
}

PQgetgssctx()

void* PQgetgssctx

(

PGconn *

conn

)

Definition at line 513 of file fe-secure.c.

{
    return NULL;
}

PQgetssl()

void* PQgetssl

(

PGconn *

conn

)

Definition at line 458 of file fe-secure.c.

{
    return NULL;
}

PQgetSSLKeyPassHook_OpenSSL()

PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL

(

void

)

Definition at line 491 of file fe-secure.c.

{
    return NULL;
}

PQgssEncInUse()

int PQgssEncInUse

(

PGconn *

conn

)

Definition at line 519 of file fe-secure.c.

{
    return 0;
}

PQinitOpenSSL()

void PQinitOpenSSL	(	int	do_ssl,
		int	do_crypto
	)

Definition at line 149 of file fe-secure.c.

{
#ifdef USE_SSL
    pgtls_init_library(do_ssl, do_crypto);
#endif
}

References pgtls_init_library().

PQinitSSL()

void PQinitSSL

(

int

do_init

)

Definition at line 137 of file fe-secure.c.

{
#ifdef USE_SSL
    pgtls_init_library(do_init, do_init);
#endif
}

References do_init(), and pgtls_init_library().

pqsecure_close()

void pqsecure_close

(

PGconn *

conn

)

Definition at line 189 of file fe-secure.c.

{
#ifdef USE_SSL
    pgtls_close(conn);
#endif
}

References conn, and pgtls_close().

Referenced by pqDropConnection().

pqsecure_initialize()

int pqsecure_initialize	(	PGconn *	conn,
		bool	do_ssl,
		bool	do_crypto
	)

Definition at line 160 of file fe-secure.c.

{
    int         r = 0;
 
#ifdef USE_SSL
    r = pgtls_init(conn, do_ssl, do_crypto);
#endif
 
    return r;
}

References conn, and pgtls_init().

Referenced by PQconnectPoll().

pqsecure_open_client()

PostgresPollingStatusType pqsecure_open_client

(

PGconn *

conn

)

Definition at line 175 of file fe-secure.c.

{
#ifdef USE_SSL
    return pgtls_open_client(conn);
#else
    /* shouldn't get here */
    return PGRES_POLLING_FAILED;
#endif
}

References conn, PGRES_POLLING_FAILED, and pgtls_open_client().

Referenced by PQconnectPoll().

pqsecure_raw_read()

ssize_t pqsecure_raw_read	(	PGconn *	conn,
		void *	ptr,
		size_t	len
	)

Definition at line 230 of file fe-secure.c.

{
    ssize_t     n;
    int         result_errno = 0;
    char        sebuf[PG_STRERROR_R_BUFLEN];
 
    n = recv(conn->sock, ptr, len, 0);
 
    if (n < 0)
    {
        result_errno = SOCK_ERRNO;
 
        /* Set error message if appropriate */
        switch (result_errno)
        {
#ifdef EAGAIN
            case EAGAIN:
#endif
#if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
            case EWOULDBLOCK:
#endif
            case EINTR:
                /* no error message, caller is expected to retry */
                break;
 
            case EPIPE:
            case ECONNRESET:
                libpq_append_conn_error(conn, "server closed the connection unexpectedly\n"
                                   "\tThis probably means the server terminated abnormally\n"
                                   "\tbefore or while processing the request.");
                break;
 
            default:
                libpq_append_conn_error(conn, "could not receive data from server: %s",
                                  SOCK_STRERROR(result_errno,
                                                sebuf, sizeof(sebuf)));
                break;
        }
    }
 
    /* ensure we return the intended errno to caller */
    SOCK_ERRNO_SET(result_errno);
 
    return n;
}

References conn, EAGAIN, ECONNRESET, EINTR, EWOULDBLOCK, len, libpq_append_conn_error(), PG_STRERROR_R_BUFLEN, recv, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, and SOCK_STRERROR.

Referenced by gss_read(), my_sock_read(), pg_GSS_read(), and pqsecure_read().

pqsecure_raw_write()

ssize_t pqsecure_raw_write	(	PGconn *	conn,
		const void *	ptr,
		size_t	len
	)

Definition at line 346 of file fe-secure.c.

{
    ssize_t     n;
    int         flags = 0;
    int         result_errno = 0;
    char        msgbuf[1024];
    char        sebuf[PG_STRERROR_R_BUFLEN];
 
    DECLARE_SIGPIPE_INFO(spinfo);
 
    /*
     * If we already had a write failure, we will never again try to send data
     * on that connection.  Even if the kernel would let us, we've probably
     * lost message boundary sync with the server.  conn->write_failed
     * therefore persists until the connection is reset, and we just discard
     * all data presented to be written.
     */
    if (conn->write_failed)
        return len;
 
#ifdef MSG_NOSIGNAL
    if (conn->sigpipe_flag)
        flags |= MSG_NOSIGNAL;
 
retry_masked:
#endif                          /* MSG_NOSIGNAL */
 
    DISABLE_SIGPIPE(conn, spinfo, return -1);
 
    n = send(conn->sock, ptr, len, flags);
 
    if (n < 0)
    {
        result_errno = SOCK_ERRNO;
 
        /*
         * If we see an EINVAL, it may be because MSG_NOSIGNAL isn't available
         * on this machine.  So, clear sigpipe_flag so we don't try the flag
         * again, and retry the send().
         */
#ifdef MSG_NOSIGNAL
        if (flags != 0 && result_errno == EINVAL)
        {
            conn->sigpipe_flag = false;
            flags = 0;
            goto retry_masked;
        }
#endif                          /* MSG_NOSIGNAL */
 
        /* Set error message if appropriate */
        switch (result_errno)
        {
#ifdef EAGAIN
            case EAGAIN:
#endif
#if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
            case EWOULDBLOCK:
#endif
            case EINTR:
                /* no error message, caller is expected to retry */
                break;
 
            case EPIPE:
                /* Set flag for EPIPE */
                REMEMBER_EPIPE(spinfo, true);
 
                /* FALL THRU */
 
            case ECONNRESET:
                conn->write_failed = true;
                /* Store error message in conn->write_err_msg, if possible */
                /* (strdup failure is OK, we'll cope later) */
                snprintf(msgbuf, sizeof(msgbuf),
                         libpq_gettext("server closed the connection unexpectedly\n"
                                       "\tThis probably means the server terminated abnormally\n"
                                       "\tbefore or while processing the request."));
                /* keep newline out of translated string */
                strlcat(msgbuf, "\n", sizeof(msgbuf));
                conn->write_err_msg = strdup(msgbuf);
                /* Now claim the write succeeded */
                n = len;
                break;
 
            default:
                conn->write_failed = true;
                /* Store error message in conn->write_err_msg, if possible */
                /* (strdup failure is OK, we'll cope later) */
                snprintf(msgbuf, sizeof(msgbuf),
                         libpq_gettext("could not send data to server: %s"),
                         SOCK_STRERROR(result_errno,
                                       sebuf, sizeof(sebuf)));
                /* keep newline out of translated string */
                strlcat(msgbuf, "\n", sizeof(msgbuf));
                conn->write_err_msg = strdup(msgbuf);
                /* Now claim the write succeeded */
                n = len;
                break;
        }
    }
 
    RESTORE_SIGPIPE(conn, spinfo);
 
    /* ensure we return the intended errno to caller */
    SOCK_ERRNO_SET(result_errno);
 
    return n;
}

References conn, DECLARE_SIGPIPE_INFO, DISABLE_SIGPIPE, EAGAIN, ECONNRESET, EINTR, EWOULDBLOCK, len, libpq_gettext, PG_STRERROR_R_BUFLEN, REMEMBER_EPIPE, RESTORE_SIGPIPE, send, pg_conn::sigpipe_flag, snprintf, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, SOCK_STRERROR, strlcat(), pg_conn::write_err_msg, and pg_conn::write_failed.

Referenced by my_sock_write(), pg_GSS_write(), pqsecure_open_gss(), and pqsecure_write().

pqsecure_read()

ssize_t pqsecure_read	(	PGconn *	conn,
		void *	ptr,
		size_t	len
	)

Definition at line 204 of file fe-secure.c.

{
    ssize_t     n;
 
#ifdef USE_SSL
    if (conn->ssl_in_use)
    {
        n = pgtls_read(conn, ptr, len);
    }
    else
#endif
#ifdef ENABLE_GSS
    if (conn->gssenc)
    {
        n = pg_GSS_read(conn, ptr, len);
    }
    else
#endif
    {
        n = pqsecure_raw_read(conn, ptr, len);
    }
 
    return n;
}

References conn, len, pg_GSS_read(), pgtls_read(), pqsecure_raw_read(), and pg_conn::ssl_in_use.

Referenced by pqReadData().

pqsecure_write()

ssize_t pqsecure_write	(	PGconn *	conn,
		const void *	ptr,
		size_t	len
	)

Definition at line 297 of file fe-secure.c.

{
    ssize_t     n;
 
#ifdef USE_SSL
    if (conn->ssl_in_use)
    {
        n = pgtls_write(conn, ptr, len);
    }
    else
#endif
#ifdef ENABLE_GSS
    if (conn->gssenc)
    {
        n = pg_GSS_write(conn, ptr, len);
    }
    else
#endif
    {
        n = pqsecure_raw_write(conn, ptr, len);
    }
 
    return n;
}

References conn, len, pg_GSS_write(), pgtls_write(), pqsecure_raw_write(), and pg_conn::ssl_in_use.

Referenced by pqSendSome().

PQsetSSLKeyPassHook_OpenSSL()

void PQsetSSLKeyPassHook_OpenSSL

(

PQsslKeyPassHook_OpenSSL_type

hook

)

Definition at line 497 of file fe-secure.c.

{
    return;
}

PQsslAttribute()

const char* PQsslAttribute	(	PGconn *	conn,
		const char *	attribute_name
	)

Definition at line 470 of file fe-secure.c.

{
    return NULL;
}

PQsslAttributeNames()

const char* const* PQsslAttributeNames

(

PGconn *

conn

)

Definition at line 476 of file fe-secure.c.

{
    static const char *const result[] = {NULL};
 
    return result;
}

PQsslInUse()

int PQsslInUse

(

PGconn *

conn

)

Definition at line 125 of file fe-secure.c.

{
    if (!conn)
        return 0;
    return conn->ssl_in_use;
}

References conn, and pg_conn::ssl_in_use.

Referenced by printSSLInfo().

PQsslStruct()

void* PQsslStruct	(	PGconn *	conn,
		const char *	struct_name
	)

Definition at line 464 of file fe-secure.c.

{
    return NULL;
}