PostgreSQL Source Code  git master
fe-secure.c File Reference
#include "postgres_fe.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include "fe-auth.h"
#include "libpq-fe.h"
#include "libpq-int.h"
Include dependency graph for fe-secure.c:

Go to the source code of this file.

Macros

#define SIGPIPE_MASKED(conn)   ((conn)->sigpipe_so || (conn)->sigpipe_flag)
 
#define DECLARE_SIGPIPE_INFO(spinfo)   pqsigfunc spinfo = NULL
 
#define DISABLE_SIGPIPE(conn, spinfo, failaction)
 
#define REMEMBER_EPIPE(spinfo, cond)
 
#define RESTORE_SIGPIPE(conn, spinfo)
 

Functions

int PQsslInUse (PGconn *conn)
 
void PQinitSSL (int do_init)
 
void PQinitOpenSSL (int do_ssl, int do_crypto)
 
int pqsecure_initialize (PGconn *conn)
 
PostgresPollingStatusType pqsecure_open_client (PGconn *conn)
 
void pqsecure_close (PGconn *conn)
 
ssize_t pqsecure_read (PGconn *conn, void *ptr, size_t len)
 
ssize_t pqsecure_raw_read (PGconn *conn, void *ptr, size_t len)
 
ssize_t pqsecure_write (PGconn *conn, const void *ptr, size_t len)
 
ssize_t pqsecure_raw_write (PGconn *conn, const void *ptr, size_t len)
 
void * PQgetssl (PGconn *conn)
 
void * PQsslStruct (PGconn *conn, const char *struct_name)
 
const char * PQsslAttribute (PGconn *conn, const char *attribute_name)
 
const char *const * PQsslAttributeNames (PGconn *conn)
 
PQsslKeyPassHook_type PQgetSSLKeyPassHook (void)
 
void PQsetSSLKeyPassHook (PQsslKeyPassHook_type hook)
 
int PQdefaultSSLKeyPassHook (char *buf, int size, PGconn *conn)
 
void * PQgetgssctx (PGconn *conn)
 
int PQgssEncInUse (PGconn *conn)
 

Macro Definition Documentation

◆ DECLARE_SIGPIPE_INFO

#define DECLARE_SIGPIPE_INFO (   spinfo)    pqsigfunc spinfo = NULL

Definition at line 103 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ DISABLE_SIGPIPE

#define DISABLE_SIGPIPE (   conn,
  spinfo,
  failaction 
)
Value:
do { \
spinfo = pqsignal(SIGPIPE, SIG_IGN); \
} while (0)
#define SIGPIPE
Definition: win32_port.h:159
#define SIGPIPE_MASKED(conn)
Definition: fe-secure.c:65
PGconn * conn
Definition: streamutil.c:54
#define SIG_IGN
Definition: win32_port.h:151
pqsigfunc pqsignal(int signum, pqsigfunc handler)
Definition: signal.c:170

Definition at line 105 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ REMEMBER_EPIPE

#define REMEMBER_EPIPE (   spinfo,
  cond 
)

Definition at line 111 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ RESTORE_SIGPIPE

#define RESTORE_SIGPIPE (   conn,
  spinfo 
)
Value:
do { \
pqsignal(SIGPIPE, spinfo); \
} while (0)
#define SIGPIPE
Definition: win32_port.h:159
#define SIGPIPE_MASKED(conn)
Definition: fe-secure.c:65
PGconn * conn
Definition: streamutil.c:54

Definition at line 113 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ SIGPIPE_MASKED

#define SIGPIPE_MASKED (   conn)    ((conn)->sigpipe_so || (conn)->sigpipe_flag)

Definition at line 65 of file fe-secure.c.

Function Documentation

◆ PQdefaultSSLKeyPassHook()

int PQdefaultSSLKeyPassHook ( char *  buf,
int  size,
PGconn conn 
)

Definition at line 449 of file fe-secure.c.

References fprintf, libpq_gettext, and pg_conn::sslpassword.

450 {
451  return 0;
452 }

◆ PQgetgssctx()

void* PQgetgssctx ( PGconn conn)

Definition at line 459 of file fe-secure.c.

460 {
461  return NULL;
462 }

◆ PQgetssl()

void* PQgetssl ( PGconn conn)

Definition at line 411 of file fe-secure.c.

412 {
413  return NULL;
414 }

◆ PQgetSSLKeyPassHook()

PQsslKeyPassHook_type PQgetSSLKeyPassHook ( void  )

Definition at line 437 of file fe-secure.c.

References PQsslKeyPassHook.

438 {
439  return NULL;
440 }

◆ PQgssEncInUse()

int PQgssEncInUse ( PGconn conn)

Definition at line 465 of file fe-secure.c.

References SIGPIPE, sigwait(), SOCK_ERRNO, and SOCK_ERRNO_SET.

466 {
467  return 0;
468 }

◆ PQinitOpenSSL()

void PQinitOpenSSL ( int  do_ssl,
int  do_crypto 
)

Definition at line 157 of file fe-secure.c.

References pgtls_init_library().

158 {
159 #ifdef USE_SSL
160  pgtls_init_library(do_ssl, do_crypto);
161 #endif
162 }
void pgtls_init_library(bool do_ssl, int do_crypto)

◆ PQinitSSL()

void PQinitSSL ( int  do_init)

Definition at line 145 of file fe-secure.c.

References pgtls_init_library().

146 {
147 #ifdef USE_SSL
149 #endif
150 }
static void do_init(void)
Definition: pg_ctl.c:816
void pgtls_init_library(bool do_ssl, int do_crypto)

◆ pqsecure_close()

void pqsecure_close ( PGconn conn)

Definition at line 197 of file fe-secure.c.

References pgtls_close(), and pg_conn::ssl_in_use.

Referenced by pqDropConnection().

198 {
199 #ifdef USE_SSL
200  if (conn->ssl_in_use)
201  pgtls_close(conn);
202 #endif
203 }
bool ssl_in_use
Definition: libpq-int.h:469
void pgtls_close(PGconn *conn)

◆ pqsecure_initialize()

int pqsecure_initialize ( PGconn conn)

Definition at line 168 of file fe-secure.c.

References pgtls_init().

Referenced by PQconnectPoll().

169 {
170  int r = 0;
171 
172 #ifdef USE_SSL
173  r = pgtls_init(conn);
174 #endif
175 
176  return r;
177 }
int pgtls_init(PGconn *conn)

◆ pqsecure_open_client()

PostgresPollingStatusType pqsecure_open_client ( PGconn conn)

Definition at line 183 of file fe-secure.c.

References PGRES_POLLING_FAILED, and pgtls_open_client().

Referenced by PQconnectPoll().

184 {
185 #ifdef USE_SSL
186  return pgtls_open_client(conn);
187 #else
188  /* shouldn't get here */
189  return PGRES_POLLING_FAILED;
190 #endif
191 }
PostgresPollingStatusType pgtls_open_client(PGconn *conn)

◆ pqsecure_raw_read()

ssize_t pqsecure_raw_read ( PGconn conn,
void *  ptr,
size_t  len 
)

Definition at line 239 of file fe-secure.c.

References EAGAIN, ECONNRESET, EINTR, pg_conn::errorMessage, EWOULDBLOCK, libpq_gettext, PG_STRERROR_R_BUFLEN, printfPQExpBuffer(), recv, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, and SOCK_STRERROR.

Referenced by gss_read(), my_sock_read(), pg_GSS_read(), and pqsecure_read().

240 {
241  ssize_t n;
242  int result_errno = 0;
243  char sebuf[PG_STRERROR_R_BUFLEN];
244 
245  n = recv(conn->sock, ptr, len, 0);
246 
247  if (n < 0)
248  {
249  result_errno = SOCK_ERRNO;
250 
251  /* Set error message if appropriate */
252  switch (result_errno)
253  {
254 #ifdef EAGAIN
255  case EAGAIN:
256 #endif
257 #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
258  case EWOULDBLOCK:
259 #endif
260  case EINTR:
261  /* no error message, caller is expected to retry */
262  break;
263 
264 #ifdef ECONNRESET
265  case ECONNRESET:
268  "server closed the connection unexpectedly\n"
269  "\tThis probably means the server terminated abnormally\n"
270  "\tbefore or while processing the request.\n"));
271  break;
272 #endif
273 
274  default:
276  libpq_gettext("could not receive data from server: %s\n"),
277  SOCK_STRERROR(result_errno,
278  sebuf, sizeof(sebuf)));
279  break;
280  }
281  }
282 
283  /* ensure we return the intended errno to caller */
284  SOCK_ERRNO_SET(result_errno);
285 
286  return n;
287 }
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:237
#define EAGAIN
Definition: win32_port.h:321
#define PG_STRERROR_R_BUFLEN
Definition: port.h:210
#define recv(s, buf, len, flags)
Definition: win32_port.h:437
#define SOCK_STRERROR
Definition: libpq-int.h:806
#define SOCK_ERRNO
Definition: libpq-int.h:805
#define SOCK_ERRNO_SET(e)
Definition: libpq-int.h:807
pgsocket sock
Definition: libpq-int.h:407
PQExpBufferData errorMessage
Definition: libpq-int.h:511
#define ECONNRESET
Definition: win32_port.h:333
#define EWOULDBLOCK
Definition: win32_port.h:329
#define EINTR
Definition: win32_port.h:323
#define libpq_gettext(x)
Definition: libpq-int.h:792

◆ pqsecure_raw_write()

ssize_t pqsecure_raw_write ( PGconn conn,
const void *  ptr,
size_t  len 
)

Definition at line 323 of file fe-secure.c.

References DECLARE_SIGPIPE_INFO, DISABLE_SIGPIPE, EAGAIN, ECONNRESET, EINTR, pg_conn::errorMessage, EWOULDBLOCK, libpq_gettext, PG_STRERROR_R_BUFLEN, printfPQExpBuffer(), REMEMBER_EPIPE, RESTORE_SIGPIPE, send, pg_conn::sigpipe_flag, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, and SOCK_STRERROR.

Referenced by my_sock_write(), pg_GSS_write(), pqsecure_open_gss(), and pqsecure_write().

324 {
325  ssize_t n;
326  int flags = 0;
327  int result_errno = 0;
328  char sebuf[PG_STRERROR_R_BUFLEN];
329 
330  DECLARE_SIGPIPE_INFO(spinfo);
331 
332 #ifdef MSG_NOSIGNAL
333  if (conn->sigpipe_flag)
334  flags |= MSG_NOSIGNAL;
335 
336 retry_masked:
337 #endif /* MSG_NOSIGNAL */
338 
339  DISABLE_SIGPIPE(conn, spinfo, return -1);
340 
341  n = send(conn->sock, ptr, len, flags);
342 
343  if (n < 0)
344  {
345  result_errno = SOCK_ERRNO;
346 
347  /*
348  * If we see an EINVAL, it may be because MSG_NOSIGNAL isn't available
349  * on this machine. So, clear sigpipe_flag so we don't try the flag
350  * again, and retry the send().
351  */
352 #ifdef MSG_NOSIGNAL
353  if (flags != 0 && result_errno == EINVAL)
354  {
355  conn->sigpipe_flag = false;
356  flags = 0;
357  goto retry_masked;
358  }
359 #endif /* MSG_NOSIGNAL */
360 
361  /* Set error message if appropriate */
362  switch (result_errno)
363  {
364 #ifdef EAGAIN
365  case EAGAIN:
366 #endif
367 #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
368  case EWOULDBLOCK:
369 #endif
370  case EINTR:
371  /* no error message, caller is expected to retry */
372  break;
373 
374  case EPIPE:
375  /* Set flag for EPIPE */
376  REMEMBER_EPIPE(spinfo, true);
377 
378 #ifdef ECONNRESET
379  /* FALL THRU */
380 
381  case ECONNRESET:
382 #endif
385  "server closed the connection unexpectedly\n"
386  "\tThis probably means the server terminated abnormally\n"
387  "\tbefore or while processing the request.\n"));
388  break;
389 
390  default:
392  libpq_gettext("could not send data to server: %s\n"),
393  SOCK_STRERROR(result_errno,
394  sebuf, sizeof(sebuf)));
395  break;
396  }
397  }
398 
399  RESTORE_SIGPIPE(conn, spinfo);
400 
401  /* ensure we return the intended errno to caller */
402  SOCK_ERRNO_SET(result_errno);
403 
404  return n;
405 }
bool sigpipe_flag
Definition: libpq-int.h:416
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:237
#define EAGAIN
Definition: win32_port.h:321
#define DECLARE_SIGPIPE_INFO(spinfo)
Definition: fe-secure.c:103
#define PG_STRERROR_R_BUFLEN
Definition: port.h:210
#define SOCK_STRERROR
Definition: libpq-int.h:806
#define SOCK_ERRNO
Definition: libpq-int.h:805
#define RESTORE_SIGPIPE(conn, spinfo)
Definition: fe-secure.c:113
#define SOCK_ERRNO_SET(e)
Definition: libpq-int.h:807
pgsocket sock
Definition: libpq-int.h:407
#define REMEMBER_EPIPE(spinfo, cond)
Definition: fe-secure.c:111
PQExpBufferData errorMessage
Definition: libpq-int.h:511
#define ECONNRESET
Definition: win32_port.h:333
#define EWOULDBLOCK
Definition: win32_port.h:329
#define DISABLE_SIGPIPE(conn, spinfo, failaction)
Definition: fe-secure.c:105
#define EINTR
Definition: win32_port.h:323
#define libpq_gettext(x)
Definition: libpq-int.h:792
#define send(s, buf, len, flags)
Definition: win32_port.h:438

◆ pqsecure_read()

ssize_t pqsecure_read ( PGconn conn,
void *  ptr,
size_t  len 
)

Definition at line 213 of file fe-secure.c.

References pg_GSS_read(), pgtls_read(), pqsecure_raw_read(), and pg_conn::ssl_in_use.

Referenced by pqReadData().

214 {
215  ssize_t n;
216 
217 #ifdef USE_SSL
218  if (conn->ssl_in_use)
219  {
220  n = pgtls_read(conn, ptr, len);
221  }
222  else
223 #endif
224 #ifdef ENABLE_GSS
225  if (conn->gssenc)
226  {
227  n = pg_GSS_read(conn, ptr, len);
228  }
229  else
230 #endif
231  {
232  n = pqsecure_raw_read(conn, ptr, len);
233  }
234 
235  return n;
236 }
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
Definition: fe-secure.c:239
bool ssl_in_use
Definition: libpq-int.h:469
ssize_t pgtls_read(PGconn *conn, void *ptr, size_t len)
ssize_t pg_GSS_read(PGconn *conn, void *ptr, size_t len)

◆ pqsecure_write()

ssize_t pqsecure_write ( PGconn conn,
const void *  ptr,
size_t  len 
)

Definition at line 297 of file fe-secure.c.

References pg_GSS_write(), pgtls_write(), pqsecure_raw_write(), and pg_conn::ssl_in_use.

Referenced by pqSendSome().

298 {
299  ssize_t n;
300 
301 #ifdef USE_SSL
302  if (conn->ssl_in_use)
303  {
304  n = pgtls_write(conn, ptr, len);
305  }
306  else
307 #endif
308 #ifdef ENABLE_GSS
309  if (conn->gssenc)
310  {
311  n = pg_GSS_write(conn, ptr, len);
312  }
313  else
314 #endif
315  {
316  n = pqsecure_raw_write(conn, ptr, len);
317  }
318 
319  return n;
320 }
ssize_t pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
bool ssl_in_use
Definition: libpq-int.h:469
ssize_t pgtls_write(PGconn *conn, const void *ptr, size_t len)
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
Definition: fe-secure.c:323

◆ PQsetSSLKeyPassHook()

void PQsetSSLKeyPassHook ( PQsslKeyPassHook_type  hook)

Definition at line 443 of file fe-secure.c.

References PQsslKeyPassHook.

444 {
445  return;
446 }

◆ PQsslAttribute()

const char* PQsslAttribute ( PGconn conn,
const char *  attribute_name 
)

Definition at line 423 of file fe-secure.c.

References snprintf.

424 {
425  return NULL;
426 }

◆ PQsslAttributeNames()

const char* const* PQsslAttributeNames ( PGconn conn)

Definition at line 429 of file fe-secure.c.

430 {
431  static const char *const result[] = {NULL};
432 
433  return result;
434 }

◆ PQsslInUse()

int PQsslInUse ( PGconn conn)

Definition at line 133 of file fe-secure.c.

References pg_conn::ssl_in_use.

Referenced by printSSLInfo().

134 {
135  if (!conn)
136  return 0;
137  return conn->ssl_in_use;
138 }
bool ssl_in_use
Definition: libpq-int.h:469

◆ PQsslStruct()

void* PQsslStruct ( PGconn conn,
const char *  struct_name 
)

Definition at line 417 of file fe-secure.c.

418 {
419  return NULL;
420 }