PostgreSQL Source Code  git master
ssl_passphrase_func.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * ssl_passphrase_func.c
4  *
5  * Loadable PostgreSQL module fetch an ssl passphrase for the server cert.
6  * instead of calling an external program. This implementation just hands
7  * back the configured password rot13'd.
8  *
9  *-------------------------------------------------------------------------
10  */
11 
12 #include "postgres.h"
13 
14 #include <float.h>
15 #include <stdio.h>
16 
17 #include "libpq/libpq.h"
18 #include "libpq/libpq-be.h"
19 #include "utils/guc.h"
20 
22 
23 void _PG_init(void);
24 void _PG_fini(void);
25 
26 static char *ssl_passphrase = NULL;
27 
28 /* callback function */
29 static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata);
30 
31 /* hook function to set the callback */
32 static void set_rot13(SSL_CTX *context, bool isServerStart);
33 
34 /*
35  * Module load callback
36  */
37 void
38 _PG_init(void)
39 {
40  /* Define custom GUC variable. */
41  DefineCustomStringVariable("ssl_passphrase.passphrase",
42  "passphrase before transformation",
43  NULL,
45  NULL,
46  PGC_SIGHUP,
47  0, /* no flags required */
48  NULL,
49  NULL,
50  NULL);
51  if (ssl_passphrase)
53 }
54 
55 void
56 _PG_fini(void)
57 {
58  /* do nothing yet */
59 }
60 
61 static void
62 set_rot13(SSL_CTX *context, bool isServerStart)
63 {
64  /* warn if the user has set ssl_passphrase_command */
67  (errmsg("ssl_passphrase_command setting ignored by ssl_passphrase_func module")));
68 
69  SSL_CTX_set_default_passwd_cb(context, rot13_passphrase);
70 }
71 
72 static int
73 rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
74 {
75 
76  Assert(ssl_passphrase != NULL);
77  strlcpy(buf, ssl_passphrase, size);
78  for (char *p = buf; *p; p++)
79  {
80  char c = *p;
81 
82  if ((c >= 'a' && c <= 'm') || (c >= 'A' && c <= 'M'))
83  *p = c + 13;
84  else if ((c >= 'n' && c <= 'z') || (c >= 'N' && c <= 'Z'))
85  *p = c - 13;
86  }
87 
88  return strlen(buf);
89 
90 }
static void set_rot13(SSL_CTX *context, bool isServerStart)
char * c
static char * buf
Definition: pg_test_fsync.c:68
Definition: guc.h:72
#define WARNING
Definition: elog.h:40
void _PG_fini(void)
void DefineCustomStringVariable(const char *name, const char *short_desc, const char *long_desc, char **valueAddr, const char *bootValue, GucContext context, int flags, GucStringCheckHook check_hook, GucStringAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:8980
#define ereport(elevel,...)
Definition: elog.h:155
PG_MODULE_MAGIC
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: strlcpy.c:45
#define Assert(condition)
Definition: c.h:800
static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
int errmsg(const char *fmt,...)
Definition: elog.c:902
void _PG_init(void)
char * ssl_passphrase_command
Definition: be-secure.c:46
openssl_tls_init_hook_typ openssl_tls_init_hook
static char * ssl_passphrase