PostgreSQL Source Code  git master
fe-secure.c File Reference
#include "postgres_fe.h"
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include "fe-auth.h"
#include "libpq-fe.h"
#include "libpq-int.h"
Include dependency graph for fe-secure.c:

Go to the source code of this file.

Macros

#define SIGPIPE_MASKED(conn)   ((conn)->sigpipe_so || (conn)->sigpipe_flag)
 
#define DECLARE_SIGPIPE_INFO(spinfo)   pqsigfunc spinfo = NULL
 
#define DISABLE_SIGPIPE(conn, spinfo, failaction)
 
#define REMEMBER_EPIPE(spinfo, cond)
 
#define RESTORE_SIGPIPE(conn, spinfo)
 

Functions

int PQsslInUse (PGconn *conn)
 
void PQinitSSL (int do_init)
 
void PQinitOpenSSL (int do_ssl, int do_crypto)
 
int pqsecure_initialize (PGconn *conn)
 
PostgresPollingStatusType pqsecure_open_client (PGconn *conn)
 
void pqsecure_close (PGconn *conn)
 
ssize_t pqsecure_read (PGconn *conn, void *ptr, size_t len)
 
ssize_t pqsecure_raw_read (PGconn *conn, void *ptr, size_t len)
 
ssize_t pqsecure_write (PGconn *conn, const void *ptr, size_t len)
 
ssize_t pqsecure_raw_write (PGconn *conn, const void *ptr, size_t len)
 
void * PQgetssl (PGconn *conn)
 
void * PQsslStruct (PGconn *conn, const char *struct_name)
 
const char * PQsslAttribute (PGconn *conn, const char *attribute_name)
 
const char *const * PQsslAttributeNames (PGconn *conn)
 
PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL (void)
 
void PQsetSSLKeyPassHook_OpenSSL (PQsslKeyPassHook_OpenSSL_type hook)
 
int PQdefaultSSLKeyPassHook_OpenSSL (char *buf, int size, PGconn *conn)
 
void * PQgetgssctx (PGconn *conn)
 
int PQgssEncInUse (PGconn *conn)
 

Macro Definition Documentation

◆ DECLARE_SIGPIPE_INFO

#define DECLARE_SIGPIPE_INFO (   spinfo)    pqsigfunc spinfo = NULL

Definition at line 103 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ DISABLE_SIGPIPE

#define DISABLE_SIGPIPE (   conn,
  spinfo,
  failaction 
)
Value:
do { \
spinfo = pqsignal(SIGPIPE, SIG_IGN); \
} while (0)
#define SIGPIPE
Definition: win32_port.h:164
#define SIGPIPE_MASKED(conn)
Definition: fe-secure.c:65
PGconn * conn
Definition: streamutil.c:54
#define SIG_IGN
Definition: win32_port.h:156
pqsigfunc pqsignal(int signum, pqsigfunc handler)
Definition: signal.c:170

Definition at line 105 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ REMEMBER_EPIPE

#define REMEMBER_EPIPE (   spinfo,
  cond 
)

Definition at line 111 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ RESTORE_SIGPIPE

#define RESTORE_SIGPIPE (   conn,
  spinfo 
)
Value:
do { \
pqsignal(SIGPIPE, spinfo); \
} while (0)
#define SIGPIPE
Definition: win32_port.h:164
#define SIGPIPE_MASKED(conn)
Definition: fe-secure.c:65
PGconn * conn
Definition: streamutil.c:54

Definition at line 113 of file fe-secure.c.

Referenced by pqsecure_raw_write().

◆ SIGPIPE_MASKED

#define SIGPIPE_MASKED (   conn)    ((conn)->sigpipe_so || (conn)->sigpipe_flag)

Definition at line 65 of file fe-secure.c.

Function Documentation

◆ PQdefaultSSLKeyPassHook_OpenSSL()

int PQdefaultSSLKeyPassHook_OpenSSL ( char *  buf,
int  size,
PGconn conn 
)

Definition at line 444 of file fe-secure.c.

References fprintf, libpq_gettext, and pg_conn::sslpassword.

445 {
446  return 0;
447 }

◆ PQgetgssctx()

void* PQgetgssctx ( PGconn conn)

Definition at line 454 of file fe-secure.c.

455 {
456  return NULL;
457 }

◆ PQgetssl()

void* PQgetssl ( PGconn conn)

Definition at line 406 of file fe-secure.c.

407 {
408  return NULL;
409 }

◆ PQgetSSLKeyPassHook_OpenSSL()

PQsslKeyPassHook_OpenSSL_type PQgetSSLKeyPassHook_OpenSSL ( void  )

Definition at line 432 of file fe-secure.c.

References PQsslKeyPassHook.

433 {
434  return NULL;
435 }

◆ PQgssEncInUse()

int PQgssEncInUse ( PGconn conn)

Definition at line 460 of file fe-secure.c.

References SIGPIPE, sigwait(), SOCK_ERRNO, and SOCK_ERRNO_SET.

461 {
462  return 0;
463 }

◆ PQinitOpenSSL()

void PQinitOpenSSL ( int  do_ssl,
int  do_crypto 
)

Definition at line 157 of file fe-secure.c.

References pgtls_init_library().

158 {
159 #ifdef USE_SSL
160  pgtls_init_library(do_ssl, do_crypto);
161 #endif
162 }
void pgtls_init_library(bool do_ssl, int do_crypto)

◆ PQinitSSL()

void PQinitSSL ( int  do_init)

Definition at line 145 of file fe-secure.c.

References pgtls_init_library().

146 {
147 #ifdef USE_SSL
149 #endif
150 }
static void do_init(void)
Definition: pg_ctl.c:829
void pgtls_init_library(bool do_ssl, int do_crypto)

◆ pqsecure_close()

void pqsecure_close ( PGconn conn)

Definition at line 197 of file fe-secure.c.

References pgtls_close(), and pg_conn::ssl_in_use.

Referenced by pqDropConnection().

198 {
199 #ifdef USE_SSL
200  if (conn->ssl_in_use)
201  pgtls_close(conn);
202 #endif
203 }
bool ssl_in_use
Definition: libpq-int.h:472
void pgtls_close(PGconn *conn)

◆ pqsecure_initialize()

int pqsecure_initialize ( PGconn conn)

Definition at line 168 of file fe-secure.c.

References pgtls_init().

Referenced by PQconnectPoll().

169 {
170  int r = 0;
171 
172 #ifdef USE_SSL
173  r = pgtls_init(conn);
174 #endif
175 
176  return r;
177 }
int pgtls_init(PGconn *conn)

◆ pqsecure_open_client()

PostgresPollingStatusType pqsecure_open_client ( PGconn conn)

Definition at line 183 of file fe-secure.c.

References PGRES_POLLING_FAILED, and pgtls_open_client().

Referenced by PQconnectPoll().

184 {
185 #ifdef USE_SSL
186  return pgtls_open_client(conn);
187 #else
188  /* shouldn't get here */
189  return PGRES_POLLING_FAILED;
190 #endif
191 }
PostgresPollingStatusType pgtls_open_client(PGconn *conn)

◆ pqsecure_raw_read()

ssize_t pqsecure_raw_read ( PGconn conn,
void *  ptr,
size_t  len 
)

Definition at line 239 of file fe-secure.c.

References EAGAIN, ECONNRESET, EINTR, pg_conn::errorMessage, EWOULDBLOCK, libpq_gettext, PG_STRERROR_R_BUFLEN, printfPQExpBuffer(), recv, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, and SOCK_STRERROR.

Referenced by gss_read(), my_sock_read(), pg_GSS_read(), and pqsecure_read().

240 {
241  ssize_t n;
242  int result_errno = 0;
243  char sebuf[PG_STRERROR_R_BUFLEN];
244 
245  n = recv(conn->sock, ptr, len, 0);
246 
247  if (n < 0)
248  {
249  result_errno = SOCK_ERRNO;
250 
251  /* Set error message if appropriate */
252  switch (result_errno)
253  {
254 #ifdef EAGAIN
255  case EAGAIN:
256 #endif
257 #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
258  case EWOULDBLOCK:
259 #endif
260  case EINTR:
261  /* no error message, caller is expected to retry */
262  break;
263 
264  case EPIPE:
265  case ECONNRESET:
267  libpq_gettext("server closed the connection unexpectedly\n"
268  "\tThis probably means the server terminated abnormally\n"
269  "\tbefore or while processing the request.\n"));
270  break;
271 
272  default:
274  libpq_gettext("could not receive data from server: %s\n"),
275  SOCK_STRERROR(result_errno,
276  sebuf, sizeof(sebuf)));
277  break;
278  }
279  }
280 
281  /* ensure we return the intended errno to caller */
282  SOCK_ERRNO_SET(result_errno);
283 
284  return n;
285 }
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:237
#define EAGAIN
Definition: win32_port.h:341
#define PG_STRERROR_R_BUFLEN
Definition: port.h:233
#define recv(s, buf, len, flags)
Definition: win32_port.h:465
#define SOCK_STRERROR
Definition: libpq-int.h:819
#define SOCK_ERRNO
Definition: libpq-int.h:818
#define SOCK_ERRNO_SET(e)
Definition: libpq-int.h:820
pgsocket sock
Definition: libpq-int.h:410
PQExpBufferData errorMessage
Definition: libpq-int.h:526
#define ECONNRESET
Definition: win32_port.h:353
#define EWOULDBLOCK
Definition: win32_port.h:349
#define EINTR
Definition: win32_port.h:343
#define libpq_gettext(x)
Definition: libpq-int.h:805

◆ pqsecure_raw_write()

ssize_t pqsecure_raw_write ( PGconn conn,
const void *  ptr,
size_t  len 
)

Definition at line 321 of file fe-secure.c.

References DECLARE_SIGPIPE_INFO, DISABLE_SIGPIPE, EAGAIN, ECONNRESET, EINTR, pg_conn::errorMessage, EWOULDBLOCK, libpq_gettext, PG_STRERROR_R_BUFLEN, printfPQExpBuffer(), REMEMBER_EPIPE, RESTORE_SIGPIPE, send, pg_conn::sigpipe_flag, pg_conn::sock, SOCK_ERRNO, SOCK_ERRNO_SET, and SOCK_STRERROR.

Referenced by my_sock_write(), pg_GSS_write(), pqsecure_open_gss(), and pqsecure_write().

322 {
323  ssize_t n;
324  int flags = 0;
325  int result_errno = 0;
326  char sebuf[PG_STRERROR_R_BUFLEN];
327 
328  DECLARE_SIGPIPE_INFO(spinfo);
329 
330 #ifdef MSG_NOSIGNAL
331  if (conn->sigpipe_flag)
332  flags |= MSG_NOSIGNAL;
333 
334 retry_masked:
335 #endif /* MSG_NOSIGNAL */
336 
337  DISABLE_SIGPIPE(conn, spinfo, return -1);
338 
339  n = send(conn->sock, ptr, len, flags);
340 
341  if (n < 0)
342  {
343  result_errno = SOCK_ERRNO;
344 
345  /*
346  * If we see an EINVAL, it may be because MSG_NOSIGNAL isn't available
347  * on this machine. So, clear sigpipe_flag so we don't try the flag
348  * again, and retry the send().
349  */
350 #ifdef MSG_NOSIGNAL
351  if (flags != 0 && result_errno == EINVAL)
352  {
353  conn->sigpipe_flag = false;
354  flags = 0;
355  goto retry_masked;
356  }
357 #endif /* MSG_NOSIGNAL */
358 
359  /* Set error message if appropriate */
360  switch (result_errno)
361  {
362 #ifdef EAGAIN
363  case EAGAIN:
364 #endif
365 #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
366  case EWOULDBLOCK:
367 #endif
368  case EINTR:
369  /* no error message, caller is expected to retry */
370  break;
371 
372  case EPIPE:
373  /* Set flag for EPIPE */
374  REMEMBER_EPIPE(spinfo, true);
375 
376  /* FALL THRU */
377 
378  case ECONNRESET:
380  libpq_gettext("server closed the connection unexpectedly\n"
381  "\tThis probably means the server terminated abnormally\n"
382  "\tbefore or while processing the request.\n"));
383  break;
384 
385  default:
387  libpq_gettext("could not send data to server: %s\n"),
388  SOCK_STRERROR(result_errno,
389  sebuf, sizeof(sebuf)));
390  break;
391  }
392  }
393 
394  RESTORE_SIGPIPE(conn, spinfo);
395 
396  /* ensure we return the intended errno to caller */
397  SOCK_ERRNO_SET(result_errno);
398 
399  return n;
400 }
bool sigpipe_flag
Definition: libpq-int.h:419
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:237
#define EAGAIN
Definition: win32_port.h:341
#define DECLARE_SIGPIPE_INFO(spinfo)
Definition: fe-secure.c:103
#define PG_STRERROR_R_BUFLEN
Definition: port.h:233
#define SOCK_STRERROR
Definition: libpq-int.h:819
#define SOCK_ERRNO
Definition: libpq-int.h:818
#define RESTORE_SIGPIPE(conn, spinfo)
Definition: fe-secure.c:113
#define SOCK_ERRNO_SET(e)
Definition: libpq-int.h:820
pgsocket sock
Definition: libpq-int.h:410
#define REMEMBER_EPIPE(spinfo, cond)
Definition: fe-secure.c:111
PQExpBufferData errorMessage
Definition: libpq-int.h:526
#define ECONNRESET
Definition: win32_port.h:353
#define EWOULDBLOCK
Definition: win32_port.h:349
#define DISABLE_SIGPIPE(conn, spinfo, failaction)
Definition: fe-secure.c:105
#define EINTR
Definition: win32_port.h:343
#define libpq_gettext(x)
Definition: libpq-int.h:805
#define send(s, buf, len, flags)
Definition: win32_port.h:466

◆ pqsecure_read()

ssize_t pqsecure_read ( PGconn conn,
void *  ptr,
size_t  len 
)

Definition at line 213 of file fe-secure.c.

References pg_GSS_read(), pgtls_read(), pqsecure_raw_read(), and pg_conn::ssl_in_use.

Referenced by pqReadData().

214 {
215  ssize_t n;
216 
217 #ifdef USE_SSL
218  if (conn->ssl_in_use)
219  {
220  n = pgtls_read(conn, ptr, len);
221  }
222  else
223 #endif
224 #ifdef ENABLE_GSS
225  if (conn->gssenc)
226  {
227  n = pg_GSS_read(conn, ptr, len);
228  }
229  else
230 #endif
231  {
232  n = pqsecure_raw_read(conn, ptr, len);
233  }
234 
235  return n;
236 }
ssize_t pqsecure_raw_read(PGconn *conn, void *ptr, size_t len)
Definition: fe-secure.c:239
bool ssl_in_use
Definition: libpq-int.h:472
ssize_t pgtls_read(PGconn *conn, void *ptr, size_t len)
ssize_t pg_GSS_read(PGconn *conn, void *ptr, size_t len)

◆ pqsecure_write()

ssize_t pqsecure_write ( PGconn conn,
const void *  ptr,
size_t  len 
)

Definition at line 295 of file fe-secure.c.

References pg_GSS_write(), pgtls_write(), pqsecure_raw_write(), and pg_conn::ssl_in_use.

Referenced by pqSendSome().

296 {
297  ssize_t n;
298 
299 #ifdef USE_SSL
300  if (conn->ssl_in_use)
301  {
302  n = pgtls_write(conn, ptr, len);
303  }
304  else
305 #endif
306 #ifdef ENABLE_GSS
307  if (conn->gssenc)
308  {
309  n = pg_GSS_write(conn, ptr, len);
310  }
311  else
312 #endif
313  {
314  n = pqsecure_raw_write(conn, ptr, len);
315  }
316 
317  return n;
318 }
ssize_t pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
bool ssl_in_use
Definition: libpq-int.h:472
ssize_t pgtls_write(PGconn *conn, const void *ptr, size_t len)
ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len)
Definition: fe-secure.c:321

◆ PQsetSSLKeyPassHook_OpenSSL()

void PQsetSSLKeyPassHook_OpenSSL ( PQsslKeyPassHook_OpenSSL_type  hook)

Definition at line 438 of file fe-secure.c.

References PQsslKeyPassHook.

439 {
440  return;
441 }

◆ PQsslAttribute()

const char* PQsslAttribute ( PGconn conn,
const char *  attribute_name 
)

Definition at line 418 of file fe-secure.c.

References snprintf.

419 {
420  return NULL;
421 }

◆ PQsslAttributeNames()

const char* const* PQsslAttributeNames ( PGconn conn)

Definition at line 424 of file fe-secure.c.

425 {
426  static const char *const result[] = {NULL};
427 
428  return result;
429 }

◆ PQsslInUse()

int PQsslInUse ( PGconn conn)

Definition at line 133 of file fe-secure.c.

References pg_conn::ssl_in_use.

Referenced by printSSLInfo().

134 {
135  if (!conn)
136  return 0;
137  return conn->ssl_in_use;
138 }
bool ssl_in_use
Definition: libpq-int.h:472

◆ PQsslStruct()

void* PQsslStruct ( PGconn conn,
const char *  struct_name 
)

Definition at line 412 of file fe-secure.c.

413 {
414  return NULL;
415 }