PostgreSQL Source Code  git master
Data Structures | Functions | Variables
sslinfo.c File Reference
#include "postgres.h"
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/asn1.h>
#include "access/htup_details.h"
#include "funcapi.h"
#include "libpq/libpq-be.h"
#include "miscadmin.h"
#include "utils/builtins.h"
Include dependency graph for sslinfo.c:

Go to the source code of this file.

Data Structures

struct  SSLExtensionInfoContext
 

Functions

static Datum X509_NAME_field_to_text (X509_NAME *name, text *fieldName)
 
static Datum ASN1_STRING_to_text (ASN1_STRING *str)
 
 PG_FUNCTION_INFO_V1 (ssl_is_used)
 
Datum ssl_is_used (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_version)
 
Datum ssl_version (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_cipher)
 
Datum ssl_cipher (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_client_cert_present)
 
Datum ssl_client_cert_present (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_client_serial)
 
Datum ssl_client_serial (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_client_dn_field)
 
Datum ssl_client_dn_field (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_issuer_field)
 
Datum ssl_issuer_field (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_client_dn)
 
Datum ssl_client_dn (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_issuer_dn)
 
Datum ssl_issuer_dn (PG_FUNCTION_ARGS)
 
 PG_FUNCTION_INFO_V1 (ssl_extension_info)
 
Datum ssl_extension_info (PG_FUNCTION_ARGS)
 

Variables

 PG_MODULE_MAGIC
 

Function Documentation

◆ ASN1_STRING_to_text()

static Datum ASN1_STRING_to_text ( ASN1_STRING *  str)
static

Definition at line 159 of file sslinfo.c.

160 {
161  BIO *membuf;
162  size_t size;
163  char nullterm;
164  char *sp;
165  char *dp;
166  text *result;
167 
168  membuf = BIO_new(BIO_s_mem());
169  if (membuf == NULL)
170  ereport(ERROR,
171  (errcode(ERRCODE_OUT_OF_MEMORY),
172  errmsg("could not create OpenSSL BIO structure")));
173  (void) BIO_set_close(membuf, BIO_CLOSE);
174  ASN1_STRING_print_ex(membuf, str,
175  ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
176  | ASN1_STRFLGS_UTF8_CONVERT));
177  /* ensure null termination of the BIO's content */
178  nullterm = '\0';
179  BIO_write(membuf, &nullterm, 1);
180  size = BIO_get_mem_data(membuf, &sp);
181  dp = pg_any_to_server(sp, size - 1, PG_UTF8);
182  result = cstring_to_text(dp);
183  if (dp != sp)
184  pfree(dp);
185  if (BIO_free(membuf) != 1)
186  elog(ERROR, "could not free OpenSSL BIO structure");
187 
188  PG_RETURN_TEXT_P(result);
189 }
errcode
int errcode(int sqlerrcode)
Definition: elog.c:693
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:904
ERROR
#define ERROR
Definition: elog.h:33
elog
#define elog(elevel,...)
Definition: elog.h:218
ereport
#define ereport(elevel,...)
Definition: elog.h:143
PG_RETURN_TEXT_P
#define PG_RETURN_TEXT_P(x)
Definition: fmgr.h:372
pg_any_to_server
char * pg_any_to_server(const char *s, int len, int encoding)
Definition: mbutils.c:676
pfree
void pfree(void *pointer)
Definition: mcxt.c:1175
generate_unaccent_rules.str
str
Definition: generate_unaccent_rules.py:277
PG_UTF8
@ PG_UTF8
Definition: pg_wchar.h:230
varlena
Definition: c.h:622
cstring_to_text
text * cstring_to_text(const char *s)
Definition: varlena.c:188

References cstring_to_text(), elog, ereport, errcode(), errmsg(), ERROR, pfree(), pg_any_to_server(), PG_RETURN_TEXT_P, PG_UTF8, and generate_unaccent_rules::str.

Referenced by X509_NAME_field_to_text().

◆ PG_FUNCTION_INFO_V1() [1/10]

PG_FUNCTION_INFO_V1 ( ssl_cipher  )

◆ PG_FUNCTION_INFO_V1() [2/10]

PG_FUNCTION_INFO_V1 ( ssl_client_cert_present  )

◆ PG_FUNCTION_INFO_V1() [3/10]

PG_FUNCTION_INFO_V1 ( ssl_client_dn  )

◆ PG_FUNCTION_INFO_V1() [4/10]

PG_FUNCTION_INFO_V1 ( ssl_client_dn_field  )

◆ PG_FUNCTION_INFO_V1() [5/10]

PG_FUNCTION_INFO_V1 ( ssl_client_serial  )

◆ PG_FUNCTION_INFO_V1() [6/10]

PG_FUNCTION_INFO_V1 ( ssl_extension_info  )

◆ PG_FUNCTION_INFO_V1() [7/10]

PG_FUNCTION_INFO_V1 ( ssl_is_used  )

◆ PG_FUNCTION_INFO_V1() [8/10]

PG_FUNCTION_INFO_V1 ( ssl_issuer_dn  )

◆ PG_FUNCTION_INFO_V1() [9/10]

PG_FUNCTION_INFO_V1 ( ssl_issuer_field  )

◆ PG_FUNCTION_INFO_V1() [10/10]

PG_FUNCTION_INFO_V1 ( ssl_version  )

◆ ssl_cipher()

Datum ssl_cipher ( PG_FUNCTION_ARGS  )

Definition at line 85 of file sslinfo.c.

86 {
87  const char *cipher;
88 
89  if (!MyProcPort->ssl_in_use)
90  PG_RETURN_NULL();
91 
92  cipher = be_tls_get_cipher(MyProcPort);
93  if (cipher == NULL)
94  PG_RETURN_NULL();
95 
96  PG_RETURN_TEXT_P(cstring_to_text(cipher));
97 }
be_tls_get_cipher
const char * be_tls_get_cipher(Port *port)
Definition: be-secure-openssl.c:1276
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition: fmgr.h:345
MyProcPort
struct Port * MyProcPort
Definition: globals.c:47
Port::ssl_in_use
bool ssl_in_use
Definition: libpq-be.h:208

References be_tls_get_cipher(), cstring_to_text(), MyProcPort, PG_RETURN_NULL, PG_RETURN_TEXT_P, and Port::ssl_in_use.

◆ ssl_client_cert_present()

Datum ssl_client_cert_present ( PG_FUNCTION_ARGS  )

Definition at line 108 of file sslinfo.c.

109 {
110  PG_RETURN_BOOL(MyProcPort->peer_cert_valid);
111 }
PG_RETURN_BOOL
#define PG_RETURN_BOOL(x)
Definition: fmgr.h:359
Port::peer_cert_valid
bool peer_cert_valid
Definition: libpq-be.h:211

References MyProcPort, Port::peer_cert_valid, and PG_RETURN_BOOL.

◆ ssl_client_dn()

Datum ssl_client_dn ( PG_FUNCTION_ARGS  )

Definition at line 309 of file sslinfo.c.

310 {
311  char subject[NAMEDATALEN];
312 
313  if (!MyProcPort->ssl_in_use || !MyProcPort->peer_cert_valid)
314  PG_RETURN_NULL();
315 
316  be_tls_get_peer_subject_name(MyProcPort, subject, NAMEDATALEN);
317 
318  if (!*subject)
319  PG_RETURN_NULL();
320 
321  PG_RETURN_TEXT_P(cstring_to_text(subject));
322 }
be_tls_get_peer_subject_name
void be_tls_get_peer_subject_name(Port *port, char *ptr, size_t len)
Definition: be-secure-openssl.c:1285
NAMEDATALEN
#define NAMEDATALEN
Definition: pg_config_manual.h:29

References be_tls_get_peer_subject_name(), cstring_to_text(), MyProcPort, NAMEDATALEN, Port::peer_cert_valid, PG_RETURN_NULL, PG_RETURN_TEXT_P, and Port::ssl_in_use.

◆ ssl_client_dn_field()

Datum ssl_client_dn_field ( PG_FUNCTION_ARGS  )

Definition at line 246 of file sslinfo.c.

247 {
248  text *fieldname = PG_GETARG_TEXT_PP(0);
249  Datum result;
250 
251  if (!MyProcPort->ssl_in_use || !MyProcPort->peer_cert_valid)
252  PG_RETURN_NULL();
253 
254  result = X509_NAME_field_to_text(X509_get_subject_name(MyProcPort->peer), fieldname);
255 
256  if (!result)
257  PG_RETURN_NULL();
258  else
259  return result;
260 }
PG_GETARG_TEXT_PP
#define PG_GETARG_TEXT_PP(n)
Definition: fmgr.h:309
Datum
uintptr_t Datum
Definition: postgres.h:411
X509_NAME_field_to_text
static Datum X509_NAME_field_to_text(X509_NAME *name, text *fieldName)
Definition: sslinfo.c:205

References MyProcPort, Port::peer_cert_valid, PG_GETARG_TEXT_PP, PG_RETURN_NULL, Port::ssl_in_use, and X509_NAME_field_to_text().

◆ ssl_client_serial()

Datum ssl_client_serial ( PG_FUNCTION_ARGS  )

Definition at line 124 of file sslinfo.c.

125 {
126  char decimal[NAMEDATALEN];
127  Datum result;
128 
129  if (!MyProcPort->ssl_in_use || !MyProcPort->peer_cert_valid)
130  PG_RETURN_NULL();
131 
132  be_tls_get_peer_serial(MyProcPort, decimal, NAMEDATALEN);
133 
134  if (!*decimal)
135  PG_RETURN_NULL();
136 
137  result = DirectFunctionCall3(numeric_in,
138  CStringGetDatum(decimal),
139  ObjectIdGetDatum(0),
140  Int32GetDatum(-1));
141  return result;
142 }
numeric_in
Datum numeric_in(PG_FUNCTION_ARGS)
Definition: numeric.c:617
be_tls_get_peer_serial
void be_tls_get_peer_serial(Port *port, char *ptr, size_t len)
Definition: be-secure-openssl.c:1303
DirectFunctionCall3
#define DirectFunctionCall3(func, arg1, arg2, arg3)
Definition: fmgr.h:635
CStringGetDatum
#define CStringGetDatum(X)
Definition: postgres.h:622
ObjectIdGetDatum
#define ObjectIdGetDatum(X)
Definition: postgres.h:551
Int32GetDatum
#define Int32GetDatum(X)
Definition: postgres.h:523

References be_tls_get_peer_serial(), CStringGetDatum, DirectFunctionCall3, Int32GetDatum, MyProcPort, NAMEDATALEN, numeric_in(), ObjectIdGetDatum, Port::peer_cert_valid, PG_RETURN_NULL, and Port::ssl_in_use.

◆ ssl_extension_info()

Datum ssl_extension_info ( PG_FUNCTION_ARGS  )

Definition at line 362 of file sslinfo.c.

363 {
364  X509 *cert = MyProcPort->peer;
365  FuncCallContext *funcctx;
366  int call_cntr;
367  int max_calls;
368  MemoryContext oldcontext;
369  SSLExtensionInfoContext *fctx;
370 
371  if (SRF_IS_FIRSTCALL())
372  {
373 
374  TupleDesc tupdesc;
375 
376  /* create a function context for cross-call persistence */
377  funcctx = SRF_FIRSTCALL_INIT();
378 
379  /*
380  * Switch to memory context appropriate for multiple function calls
381  */
382  oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
383 
384  /* Create a user function context for cross-call persistence */
385  fctx = (SSLExtensionInfoContext *) palloc(sizeof(SSLExtensionInfoContext));
386 
387  /* Construct tuple descriptor */
388  if (get_call_result_type(fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE)
389  ereport(ERROR,
390  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
391  errmsg("function returning record called in context that cannot accept type record")));
392  fctx->tupdesc = BlessTupleDesc(tupdesc);
393 
394  /* Set max_calls as a count of extensions in certificate */
395  max_calls = cert != NULL ? X509_get_ext_count(cert) : 0;
396 
397  if (max_calls > 0)
398  {
399  /* got results, keep track of them */
400  funcctx->max_calls = max_calls;
401  funcctx->user_fctx = fctx;
402  }
403  else
404  {
405  /* fast track when no results */
406  MemoryContextSwitchTo(oldcontext);
407  SRF_RETURN_DONE(funcctx);
408  }
409 
410  MemoryContextSwitchTo(oldcontext);
411  }
412 
413  /* stuff done on every call of the function */
414  funcctx = SRF_PERCALL_SETUP();
415 
416  /*
417  * Initialize per-call variables.
418  */
419  call_cntr = funcctx->call_cntr;
420  max_calls = funcctx->max_calls;
421  fctx = funcctx->user_fctx;
422 
423  /* do while there are more left to send */
424  if (call_cntr < max_calls)
425  {
426  Datum values[3];
427  bool nulls[3];
428  char *buf;
429  HeapTuple tuple;
430  Datum result;
431  BIO *membuf;
432  X509_EXTENSION *ext;
433  ASN1_OBJECT *obj;
434  int nid;
435  int len;
436 
437  /* need a BIO for this */
438  membuf = BIO_new(BIO_s_mem());
439  if (membuf == NULL)
440  ereport(ERROR,
441  (errcode(ERRCODE_OUT_OF_MEMORY),
442  errmsg("could not create OpenSSL BIO structure")));
443 
444  /* Get the extension from the certificate */
445  ext = X509_get_ext(cert, call_cntr);
446  obj = X509_EXTENSION_get_object(ext);
447 
448  /* Get the extension name */
449  nid = OBJ_obj2nid(obj);
450  if (nid == NID_undef)
451  ereport(ERROR,
452  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
453  errmsg("unknown OpenSSL extension in certificate at position %d",
454  call_cntr)));
455  values[0] = CStringGetTextDatum(OBJ_nid2sn(nid));
456  nulls[0] = false;
457 
458  /* Get the extension value */
459  if (X509V3_EXT_print(membuf, ext, 0, 0) <= 0)
460  ereport(ERROR,
461  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
462  errmsg("could not print extension value in certificate at position %d",
463  call_cntr)));
464  len = BIO_get_mem_data(membuf, &buf);
465  values[1] = PointerGetDatum(cstring_to_text_with_len(buf, len));
466  nulls[1] = false;
467 
468  /* Get critical status */
469  values[2] = BoolGetDatum(X509_EXTENSION_get_critical(ext));
470  nulls[2] = false;
471 
472  /* Build tuple */
473  tuple = heap_form_tuple(fctx->tupdesc, values, nulls);
474  result = HeapTupleGetDatum(tuple);
475 
476  if (BIO_free(membuf) != 1)
477  elog(ERROR, "could not free OpenSSL BIO structure");
478 
479  SRF_RETURN_NEXT(funcctx, result);
480  }
481 
482  /* All done */
483  SRF_RETURN_DONE(funcctx);
484 }
values
static Datum values[MAXATTR]
Definition: bootstrap.c:156
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition: builtins.h:85
BlessTupleDesc
TupleDesc BlessTupleDesc(TupleDesc tupdesc)
Definition: execTuples.c:2071
get_call_result_type
TypeFuncClass get_call_result_type(FunctionCallInfo fcinfo, Oid *resultTypeId, TupleDesc *resultTupleDesc)
Definition: funcapi.c:276
SRF_IS_FIRSTCALL
#define SRF_IS_FIRSTCALL()
Definition: funcapi.h:299
SRF_PERCALL_SETUP
#define SRF_PERCALL_SETUP()
Definition: funcapi.h:303
TYPEFUNC_COMPOSITE
@ TYPEFUNC_COMPOSITE
Definition: funcapi.h:149
HeapTupleGetDatum
#define HeapTupleGetDatum(tuple)
Definition: funcapi.h:220
SRF_RETURN_NEXT
#define SRF_RETURN_NEXT(_funcctx, _result)
Definition: funcapi.h:305
SRF_FIRSTCALL_INIT
#define SRF_FIRSTCALL_INIT()
Definition: funcapi.h:301
SRF_RETURN_DONE
#define SRF_RETURN_DONE(_funcctx)
Definition: funcapi.h:323
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
Definition: heaptuple.c:1020
palloc
void * palloc(Size size)
Definition: mcxt.c:1068
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
len
const void size_t len
Definition: pg_crc32c_sse42.c:24
buf
static char * buf
Definition: pg_test_fsync.c:67
BoolGetDatum
#define BoolGetDatum(X)
Definition: postgres.h:446
PointerGetDatum
#define PointerGetDatum(X)
Definition: postgres.h:600
FuncCallContext::user_fctx
void * user_fctx
Definition: funcapi.h:82
FuncCallContext::max_calls
uint64 max_calls
Definition: funcapi.h:74
FuncCallContext::call_cntr
uint64 call_cntr
Definition: funcapi.h:65
FuncCallContext::multi_call_memory_ctx
MemoryContext multi_call_memory_ctx
Definition: funcapi.h:101
cstring_to_text_with_len
text * cstring_to_text_with_len(const char *s, int len)
Definition: varlena.c:200

References BlessTupleDesc(), BoolGetDatum, buf, FuncCallContext::call_cntr, cstring_to_text_with_len(), CStringGetTextDatum, elog, ereport, errcode(), errmsg(), ERROR, get_call_result_type(), heap_form_tuple(), HeapTupleGetDatum, len, FuncCallContext::max_calls, MemoryContextSwitchTo(), FuncCallContext::multi_call_memory_ctx, MyProcPort, palloc(), PointerGetDatum, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, SSLExtensionInfoContext::tupdesc, TYPEFUNC_COMPOSITE, FuncCallContext::user_fctx, and values.

◆ ssl_is_used()

Datum ssl_is_used ( PG_FUNCTION_ARGS  )

Definition at line 54 of file sslinfo.c.

55 {
56  PG_RETURN_BOOL(MyProcPort->ssl_in_use);
57 }

References MyProcPort, PG_RETURN_BOOL, and Port::ssl_in_use.

◆ ssl_issuer_dn()

Datum ssl_issuer_dn ( PG_FUNCTION_ARGS  )

Definition at line 336 of file sslinfo.c.

337 {
338  char issuer[NAMEDATALEN];
339 
340  if (!MyProcPort->ssl_in_use || !MyProcPort->peer_cert_valid)
341  PG_RETURN_NULL();
342 
343  be_tls_get_peer_issuer_name(MyProcPort, issuer, NAMEDATALEN);
344 
345  if (!*issuer)
346  PG_RETURN_NULL();
347 
348  PG_RETURN_TEXT_P(cstring_to_text(issuer));
349 }
be_tls_get_peer_issuer_name
void be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len)
Definition: be-secure-openssl.c:1294

References be_tls_get_peer_issuer_name(), cstring_to_text(), MyProcPort, NAMEDATALEN, Port::peer_cert_valid, PG_RETURN_NULL, PG_RETURN_TEXT_P, and Port::ssl_in_use.

◆ ssl_issuer_field()

Datum ssl_issuer_field ( PG_FUNCTION_ARGS  )

Definition at line 281 of file sslinfo.c.

282 {
283  text *fieldname = PG_GETARG_TEXT_PP(0);
284  Datum result;
285 
286  if (!(MyProcPort->peer))
287  PG_RETURN_NULL();
288 
289  result = X509_NAME_field_to_text(X509_get_issuer_name(MyProcPort->peer), fieldname);
290 
291  if (!result)
292  PG_RETURN_NULL();
293  else
294  return result;
295 }

References MyProcPort, PG_GETARG_TEXT_PP, PG_RETURN_NULL, and X509_NAME_field_to_text().

◆ ssl_version()

Datum ssl_version ( PG_FUNCTION_ARGS  )

Definition at line 65 of file sslinfo.c.

66 {
67  const char *version;
68 
69  if (!MyProcPort->ssl_in_use)
70  PG_RETURN_NULL();
71 
72  version = be_tls_get_version(MyProcPort);
73  if (version == NULL)
74  PG_RETURN_NULL();
75 
76  PG_RETURN_TEXT_P(cstring_to_text(version));
77 }
be_tls_get_version
const char * be_tls_get_version(Port *port)
Definition: be-secure-openssl.c:1267

References be_tls_get_version(), cstring_to_text(), MyProcPort, PG_RETURN_NULL, PG_RETURN_TEXT_P, and Port::ssl_in_use.

◆ X509_NAME_field_to_text()

static Datum X509_NAME_field_to_text ( X509_NAME *  name,
text fieldName 
)
static

Definition at line 205 of file sslinfo.c.

206 {
207  char *string_fieldname;
208  int nid,
209  index;
210  ASN1_STRING *data;
211 
212  string_fieldname = text_to_cstring(fieldName);
213  nid = OBJ_txt2nid(string_fieldname);
214  if (nid == NID_undef)
215  ereport(ERROR,
216  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
217  errmsg("invalid X.509 field name: \"%s\"",
218  string_fieldname)));
219  pfree(string_fieldname);
220  index = X509_NAME_get_index_by_NID(name, nid, -1);
221  if (index < 0)
222  return (Datum) 0;
223  data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, index));
224  return ASN1_STRING_to_text(data);
225 }
name
const char * name
Definition: encode.c:561
data
const void * data
Definition: pg_crc32c_sse42.c:23
ASN1_STRING_to_text
static Datum ASN1_STRING_to_text(ASN1_STRING *str)
Definition: sslinfo.c:159
index
Definition: type.h:90
text_to_cstring
char * text_to_cstring(const text *t)
Definition: varlena.c:221

References ASN1_STRING_to_text(), data, ereport, errcode(), errmsg(), ERROR, name, pfree(), and text_to_cstring().

Referenced by ssl_client_dn_field(), and ssl_issuer_field().

Variable Documentation

◆ PG_MODULE_MAGIC

PG_MODULE_MAGIC

Definition at line 33 of file sslinfo.c.