PostgreSQL Source Code  git master
ssl_passphrase_func.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * ssl_passphrase_func.c
4  *
5  * Loadable PostgreSQL module fetch an ssl passphrase for the server cert.
6  * instead of calling an external program. This implementation just hands
7  * back the configured password rot13'd.
8  *
9  *-------------------------------------------------------------------------
10  */
11 
12 #include "postgres.h"
13 
14 #include <float.h>
15 #include <stdio.h>
16 
17 #include "libpq/libpq.h"
18 #include "libpq/libpq-be.h"
19 #include "utils/guc.h"
20 
22 
23 static char *ssl_passphrase = NULL;
24 
25 /* callback function */
26 static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata);
27 
28 /* hook function to set the callback */
29 static void set_rot13(SSL_CTX *context, bool isServerStart);
30 
31 /*
32  * Module load callback
33  */
34 void
35 _PG_init(void)
36 {
37  /* Define custom GUC variable. */
38  DefineCustomStringVariable("ssl_passphrase.passphrase",
39  "passphrase before transformation",
40  NULL,
42  NULL,
43  PGC_SIGHUP,
44  0, /* no flags required */
45  NULL,
46  NULL,
47  NULL);
48 
49  MarkGUCPrefixReserved("ssl_passphrase");
50 
51  if (ssl_passphrase)
53 }
54 
55 static void
56 set_rot13(SSL_CTX *context, bool isServerStart)
57 {
58  /* warn if the user has set ssl_passphrase_command */
61  (errmsg("\"ssl_passphrase_command\" setting ignored by ssl_passphrase_func module")));
62 
63  SSL_CTX_set_default_passwd_cb(context, rot13_passphrase);
64 }
65 
66 static int
67 rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
68 {
69 
70  Assert(ssl_passphrase != NULL);
72  for (char *p = buf; *p; p++)
73  {
74  char c = *p;
75 
76  if ((c >= 'a' && c <= 'm') || (c >= 'A' && c <= 'M'))
77  *p = c + 13;
78  else if ((c >= 'n' && c <= 'z') || (c >= 'N' && c <= 'Z'))
79  *p = c - 13;
80  }
81 
82  return strlen(buf);
83 }
openssl_tls_init_hook_typ openssl_tls_init_hook
char * ssl_passphrase_command
Definition: be-secure.c:43
#define Assert(condition)
Definition: c.h:812
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define WARNING
Definition: elog.h:36
#define ereport(elevel,...)
Definition: elog.h:149
void DefineCustomStringVariable(const char *name, const char *short_desc, const char *long_desc, char **valueAddr, const char *bootValue, GucContext context, int flags, GucStringCheckHook check_hook, GucStringAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:5218
void MarkGUCPrefixReserved(const char *className)
Definition: guc.c:5279
@ PGC_SIGHUP
Definition: guc.h:71
static char * buf
Definition: pg_test_fsync.c:72
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: strlcpy.c:45
char * c
tree context
Definition: radixtree.h:1837
static pg_noinline void Size size
Definition: slab.c:607
void _PG_init(void)
static char * ssl_passphrase
PG_MODULE_MAGIC
static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
static void set_rot13(SSL_CTX *context, bool isServerStart)