PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
ssl_passphrase_func.c
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * ssl_passphrase_func.c
4 *
5 * Loadable PostgreSQL module fetch an ssl passphrase for the server cert.
6 * instead of calling an external program. This implementation just hands
7 * back the configured password rot13'd.
8 *
9 *-------------------------------------------------------------------------
10 */
11
12#include "postgres.h"
13
14#include <float.h>
15#include <stdio.h>
16
17#include "libpq/libpq.h"
18#include "libpq/libpq-be.h"
19#include "utils/guc.h"
20
22
23static char *ssl_passphrase = NULL;
24
25/* callback function */
26static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata);
27
28/* hook function to set the callback */
29static void set_rot13(SSL_CTX *context, bool isServerStart);
30
31/*
32 * Module load callback
33 */
34void
36{
37 /* Define custom GUC variable. */
38 DefineCustomStringVariable("ssl_passphrase.passphrase",
39 "passphrase before transformation",
40 NULL,
42 NULL,
44 0, /* no flags required */
45 NULL,
46 NULL,
47 NULL);
48
49 MarkGUCPrefixReserved("ssl_passphrase");
50
53}
54
55static void
56set_rot13(SSL_CTX *context, bool isServerStart)
57{
58 /* warn if the user has set ssl_passphrase_command */
61 (errmsg("\"ssl_passphrase_command\" setting ignored by ssl_passphrase_func module")));
62
63 SSL_CTX_set_default_passwd_cb(context, rot13_passphrase);
64}
65
66static int
67rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
68{
69
70 Assert(ssl_passphrase != NULL);
72 for (char *p = buf; *p; p++)
73 {
74 char c = *p;
75
76 if ((c >= 'a' && c <= 'm') || (c >= 'A' && c <= 'M'))
77 *p = c + 13;
78 else if ((c >= 'n' && c <= 'z') || (c >= 'N' && c <= 'Z'))
79 *p = c - 13;
80 }
81
82 return strlen(buf);
83}
openssl_tls_init_hook_typ openssl_tls_init_hook
char * ssl_passphrase_command
Definition: be-secure.c:43
#define Assert(condition)
Definition: c.h:812
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define WARNING
Definition: elog.h:36
#define ereport(elevel,...)
Definition: elog.h:149
void DefineCustomStringVariable(const char *name, const char *short_desc, const char *long_desc, char **valueAddr, const char *bootValue, GucContext context, int flags, GucStringCheckHook check_hook, GucStringAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:5218
void MarkGUCPrefixReserved(const char *className)
Definition: guc.c:5279
@ PGC_SIGHUP
Definition: guc.h:71
static char * buf
Definition: pg_test_fsync.c:72
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: strlcpy.c:45
char * c
tree context
Definition: radixtree.h:1837
static pg_noinline void Size size
Definition: slab.c:607
void _PG_init(void)
static char * ssl_passphrase
PG_MODULE_MAGIC
static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
static void set_rot13(SSL_CTX *context, bool isServerStart)