PostgreSQL Source Code  git master
ssl_passphrase_func.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * ssl_passphrase_func.c
4  *
5  * Loadable PostgreSQL module fetch an ssl passphrase for the server cert.
6  * instead of calling an external program. This implementation just hands
7  * back the configured password rot13'd.
8  *
9  *-------------------------------------------------------------------------
10  */
11 
12 #include "postgres.h"
13 
14 #include <float.h>
15 #include <stdio.h>
16 
17 #include "libpq/libpq.h"
18 #include "libpq/libpq-be.h"
19 #include "utils/guc.h"
20 
22 
23 void _PG_init(void);
24 
25 static char *ssl_passphrase = NULL;
26 
27 /* callback function */
28 static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata);
29 
30 /* hook function to set the callback */
31 static void set_rot13(SSL_CTX *context, bool isServerStart);
32 
33 /*
34  * Module load callback
35  */
36 void
37 _PG_init(void)
38 {
39  /* Define custom GUC variable. */
40  DefineCustomStringVariable("ssl_passphrase.passphrase",
41  "passphrase before transformation",
42  NULL,
44  NULL,
45  PGC_SIGHUP,
46  0, /* no flags required */
47  NULL,
48  NULL,
49  NULL);
50 
51  MarkGUCPrefixReserved("ssl_passphrase");
52 
53  if (ssl_passphrase)
55 }
56 
57 static void
58 set_rot13(SSL_CTX *context, bool isServerStart)
59 {
60  /* warn if the user has set ssl_passphrase_command */
63  (errmsg("ssl_passphrase_command setting ignored by ssl_passphrase_func module")));
64 
65  SSL_CTX_set_default_passwd_cb(context, rot13_passphrase);
66 }
67 
68 static int
69 rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
70 {
71 
72  Assert(ssl_passphrase != NULL);
73  strlcpy(buf, ssl_passphrase, size);
74  for (char *p = buf; *p; p++)
75  {
76  char c = *p;
77 
78  if ((c >= 'a' && c <= 'm') || (c >= 'A' && c <= 'M'))
79  *p = c + 13;
80  else if ((c >= 'n' && c <= 'z') || (c >= 'N' && c <= 'Z'))
81  *p = c - 13;
82  }
83 
84  return strlen(buf);
85 }
openssl_tls_init_hook_typ openssl_tls_init_hook
char * ssl_passphrase_command
Definition: be-secure.c:47
int errmsg(const char *fmt,...)
Definition: elog.c:904
#define WARNING
Definition: elog.h:30
#define ereport(elevel,...)
Definition: elog.h:143
void DefineCustomStringVariable(const char *name, const char *short_desc, const char *long_desc, char **valueAddr, const char *bootValue, GucContext context, int flags, GucStringCheckHook check_hook, GucStringAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:9568
void MarkGUCPrefixReserved(const char *className)
Definition: guc.c:9629
@ PGC_SIGHUP
Definition: guc.h:72
Assert(fmt[strlen(fmt) - 1] !='\n')
static char * buf
Definition: pg_test_fsync.c:67
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: strlcpy.c:45
char * c
void _PG_init(void)
static char * ssl_passphrase
PG_MODULE_MAGIC
static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
static void set_rot13(SSL_CTX *context, bool isServerStart)