1996-07-09 08:22:35 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1997-09-07 07:04:48 +02:00
|
|
|
* FILE
|
|
|
|
|
* fe-misc.c
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
1997-09-07 07:04:48 +02:00
|
|
|
* DESCRIPTION
|
|
|
|
|
* miscellaneous useful functions
|
1998-05-07 01:51:16 +02:00
|
|
|
*
|
|
|
|
|
* The communication routines here are analogous to the ones in
|
|
|
|
|
* backend/libpq/pqcomm.c and backend/libpq/pqcomprim.c, but operate
|
|
|
|
|
* in the considerably different environment of the frontend libpq.
|
|
|
|
|
* In particular, we work with a bare nonblock-mode socket, rather than
|
|
|
|
|
* a stdio stream, so that we can avoid unwanted blocking of the application.
|
|
|
|
|
*
|
|
|
|
|
* XXX: MOVE DEBUG PRINTOUT TO HIGHER LEVEL. As is, block and restart
|
|
|
|
|
* will cause repeat printouts.
|
|
|
|
|
*
|
|
|
|
|
* We must speak the same transmitted data representations as the backend
|
|
|
|
|
* routines. Note that this module supports *only* network byte order
|
|
|
|
|
* for transmitted ints, whereas the backend modules (as of this writing)
|
|
|
|
|
* still handle either network or little-endian byte order.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
2001-01-24 20:43:33 +01:00
|
|
|
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.73 2002/06/14 04:23:17 momjian Exp $
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
|
|
|
|
|
2001-02-10 03:31:31 +01:00
|
|
|
#include "postgres_fe.h"
|
1998-08-17 05:50:43 +02:00
|
|
|
|
2001-07-20 19:45:06 +02:00
|
|
|
#include <errno.h>
|
|
|
|
|
#include <signal.h>
|
|
|
|
|
#include <time.h>
|
|
|
|
|
|
1998-07-03 06:24:16 +02:00
|
|
|
#ifdef WIN32
|
|
|
|
|
#include "win32.h"
|
1999-07-19 08:25:40 +02:00
|
|
|
#else
|
|
|
|
|
#include <unistd.h>
|
2000-01-18 20:05:31 +01:00
|
|
|
#include <sys/time.h>
|
1998-05-07 01:51:16 +02:00
|
|
|
#endif
|
1998-08-17 05:50:43 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
#ifdef HAVE_SYS_SELECT_H
|
|
|
|
|
#include <sys/select.h>
|
|
|
|
|
#endif
|
1996-11-03 08:14:32 +01:00
|
|
|
|
2000-01-20 05:11:52 +01:00
|
|
|
#include "libpq-fe.h"
|
|
|
|
|
#include "libpq-int.h"
|
|
|
|
|
#include "pqsignal.h"
|
|
|
|
|
|
2000-01-29 17:58:54 +01:00
|
|
|
#ifdef MULTIBYTE
|
|
|
|
|
#include "mb/pg_wchar.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
extern void secure_close(PGconn *);
|
|
|
|
|
extern ssize_t secure_read(PGconn *, void *, size_t);
|
|
|
|
|
extern ssize_t secure_write(PGconn *, const void *, size_t);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1998-08-09 04:59:33 +02:00
|
|
|
#define DONOTICE(conn,message) \
|
|
|
|
|
((*(conn)->noticeHook) ((conn)->noticeArg, (message)))
|
|
|
|
|
|
2001-10-25 07:50:21 +02:00
|
|
|
static int pqPutBytes(const char *s, size_t nbytes, PGconn *conn);
|
2001-07-06 19:58:53 +02:00
|
|
|
|
1998-08-09 04:59:33 +02:00
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pqGetc:
|
2001-10-25 07:50:21 +02:00
|
|
|
* get a character from the connection
|
2001-08-17 17:11:15 +02:00
|
|
|
*
|
2001-10-25 07:50:21 +02:00
|
|
|
* All these routines return 0 on success, EOF on error.
|
|
|
|
|
* Note that for the Get routines, EOF only means there is not enough
|
|
|
|
|
* data in the buffer, not that there is necessarily a hard error.
|
2001-08-17 17:11:15 +02:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
int
|
1998-05-07 01:51:16 +02:00
|
|
|
pqGetc(char *result, PGconn *conn)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-05-07 01:51:16 +02:00
|
|
|
if (conn->inCursor >= conn->inEnd)
|
|
|
|
|
return EOF;
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
*result = conn->inBuffer[conn->inCursor++];
|
1997-03-16 19:51:29 +01:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (conn->Pfdebug)
|
|
|
|
|
fprintf(conn->Pfdebug, "From backend> %c\n", *result);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
return 0;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
|
2001-07-06 19:58:53 +02:00
|
|
|
/*
|
|
|
|
|
* write 1 char to the connection
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
pqPutc(char c, PGconn *conn)
|
|
|
|
|
{
|
|
|
|
|
if (pqPutBytes(&c, 1, conn) == EOF)
|
|
|
|
|
return EOF;
|
|
|
|
|
|
|
|
|
|
if (conn->Pfdebug)
|
|
|
|
|
fprintf(conn->Pfdebug, "To backend> %c\n", c);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pqPutBytes: local routine to write N bytes to the connection,
|
|
|
|
|
* with buffering
|
1998-05-07 01:51:16 +02:00
|
|
|
*/
|
|
|
|
|
static int
|
In the spirit of TODO item
* Add use of 'const' for varibles in source tree
(which is misspelled, btw.)
I went through the front-end libpq code and did so. This affects in
particular the various accessor functions (such as PQdb() and
PQgetvalue()) as well as, by necessity, the internal helpers they use.
I have been really thorough in that regard, perhaps some people will find
it annoying that things like
char * foo = PQgetvalue(res, 0, 0)
will generate a warning. On the other hand it _should_ generate one. This
is no real compatibility break, although a few clients will have to be
fixed to suppress warnings. (Which again would be in the spirit of the
above TODO.)
In addition I replaced some int's by size_t's and removed some warnings
(and generated some new ones -- grmpf!). Also I rewrote PQoidStatus (so it
actually honors the const!) and supplied a new function PQoidValue that
returns a proper Oid type. This is only front-end stuff, none of the
communicaton stuff was touched.
The psql patch also adds some new consts to honor the new libpq situation,
as well as fixes a fatal condition that resulted when using the -V
(--version) option and there is no database listening.
So, to summarize, the psql you should definitely put in (with or without
the libpq). If you think I went too far with the const-mania in libpq, let
me know and I'll make adjustments. If you approve it, I will also update
the docs.
-Peter
--
Peter Eisentraut Sernanders vaeg 10:115
1999-11-11 01:10:14 +01:00
|
|
|
pqPutBytes(const char *s, size_t nbytes, PGconn *conn)
|
1998-05-07 01:51:16 +02:00
|
|
|
{
|
2002-03-05 07:07:27 +01:00
|
|
|
/* Strategy to handle blocking and non-blocking connections: Fill
|
|
|
|
|
* the output buffer and flush it repeatedly until either all data
|
|
|
|
|
* has been sent or is at least queued in the buffer.
|
2002-03-05 06:20:12 +01:00
|
|
|
*
|
2002-03-05 07:07:27 +01:00
|
|
|
* For non-blocking connections, grow the buffer if not all data
|
|
|
|
|
* fits into it and the buffer can't be sent because the socket
|
|
|
|
|
* would block.
|
2000-01-18 07:09:24 +01:00
|
|
|
*/
|
2002-03-05 06:20:12 +01:00
|
|
|
|
|
|
|
|
while (nbytes)
|
2000-01-18 07:09:24 +01:00
|
|
|
{
|
2002-03-05 07:07:27 +01:00
|
|
|
size_t avail, remaining;
|
2002-03-06 07:10:59 +01:00
|
|
|
|
2002-03-05 06:20:12 +01:00
|
|
|
/* fill the output buffer */
|
|
|
|
|
avail = Max(conn->outBufSize - conn->outCount, 0);
|
|
|
|
|
remaining = Min(avail, nbytes);
|
|
|
|
|
memcpy(conn->outBuffer + conn->outCount, s, remaining);
|
|
|
|
|
conn->outCount += remaining;
|
|
|
|
|
s += remaining;
|
|
|
|
|
nbytes -= remaining;
|
|
|
|
|
|
2002-03-05 07:07:27 +01:00
|
|
|
/* if the data didn't fit completely into the buffer, try to
|
|
|
|
|
* flush the buffer */
|
2002-03-05 06:20:12 +01:00
|
|
|
if (nbytes)
|
2000-01-18 07:09:24 +01:00
|
|
|
{
|
2002-03-05 07:07:27 +01:00
|
|
|
int send_result = pqSendSome(conn);
|
2000-01-18 07:09:24 +01:00
|
|
|
|
2002-03-05 06:20:12 +01:00
|
|
|
/* if there were errors, report them */
|
|
|
|
|
if (send_result < 0)
|
|
|
|
|
return EOF;
|
|
|
|
|
|
2002-03-05 07:07:27 +01:00
|
|
|
/* if not all data could be sent, increase the output
|
|
|
|
|
* buffer, put the rest of s into it and return
|
|
|
|
|
* successfully. This case will only happen in a
|
|
|
|
|
* non-blocking connection
|
2002-03-05 06:20:12 +01:00
|
|
|
*/
|
|
|
|
|
if (send_result > 0)
|
|
|
|
|
{
|
2002-03-05 07:07:27 +01:00
|
|
|
/* try to grow the buffer.
|
|
|
|
|
* FIXME: The new size could be chosen more
|
|
|
|
|
* intelligently.
|
2002-03-05 06:20:12 +01:00
|
|
|
*/
|
2002-03-05 07:07:27 +01:00
|
|
|
size_t buflen = conn->outCount + nbytes;
|
2002-03-05 06:20:12 +01:00
|
|
|
if (buflen > conn->outBufSize)
|
|
|
|
|
{
|
2002-03-05 07:07:27 +01:00
|
|
|
char * newbuf = realloc(conn->outBuffer, buflen);
|
2002-03-05 06:20:12 +01:00
|
|
|
if (!newbuf)
|
|
|
|
|
{
|
|
|
|
|
/* realloc failed. Probably out of memory */
|
|
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2002-03-05 07:07:27 +01:00
|
|
|
"cannot allocate memory for output buffer\n");
|
2002-03-05 06:20:12 +01:00
|
|
|
return EOF;
|
|
|
|
|
}
|
|
|
|
|
conn->outBuffer = newbuf;
|
|
|
|
|
conn->outBufSize = buflen;
|
|
|
|
|
}
|
|
|
|
|
/* put the data into it */
|
|
|
|
|
memcpy(conn->outBuffer + conn->outCount, s, nbytes);
|
|
|
|
|
conn->outCount += nbytes;
|
|
|
|
|
|
|
|
|
|
/* report success. */
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2002-03-05 07:07:27 +01:00
|
|
|
/* pqSendSome was able to send all data. Continue with the next
|
|
|
|
|
* chunk of s. */
|
|
|
|
|
} /* while */
|
1998-05-07 01:51:16 +02:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pqGets:
|
|
|
|
|
* get a null-terminated string from the connection,
|
|
|
|
|
* and store it in an expansible PQExpBuffer.
|
|
|
|
|
* If we run out of memory, all of the string is still read,
|
|
|
|
|
* but the excess characters are silently discarded.
|
|
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
int
|
1999-08-31 03:37:37 +02:00
|
|
|
pqGets(PQExpBuffer buf, PGconn *conn)
|
1998-05-07 01:51:16 +02:00
|
|
|
{
|
|
|
|
|
/* Copy conn data to locals for faster search loop */
|
1998-09-01 06:40:42 +02:00
|
|
|
char *inBuffer = conn->inBuffer;
|
|
|
|
|
int inCursor = conn->inCursor;
|
|
|
|
|
int inEnd = conn->inEnd;
|
|
|
|
|
int slen;
|
1998-05-07 01:51:16 +02:00
|
|
|
|
|
|
|
|
while (inCursor < inEnd && inBuffer[inCursor])
|
|
|
|
|
inCursor++;
|
|
|
|
|
|
|
|
|
|
if (inCursor >= inEnd)
|
|
|
|
|
return EOF;
|
|
|
|
|
|
|
|
|
|
slen = inCursor - conn->inCursor;
|
1999-08-31 03:37:37 +02:00
|
|
|
|
|
|
|
|
resetPQExpBuffer(buf);
|
|
|
|
|
appendBinaryPQExpBuffer(buf, inBuffer + conn->inCursor, slen);
|
1998-05-07 01:51:16 +02:00
|
|
|
|
|
|
|
|
conn->inCursor = ++inCursor;
|
|
|
|
|
|
|
|
|
|
if (conn->Pfdebug)
|
1999-08-31 03:37:37 +02:00
|
|
|
fprintf(conn->Pfdebug, "From backend> \"%s\"\n",
|
|
|
|
|
buf->data);
|
1998-05-07 01:51:16 +02:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
int
|
|
|
|
|
pqPuts(const char *s, PGconn *conn)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
if (pqPutBytes(s, strlen(s) + 1, conn))
|
1998-05-07 01:51:16 +02:00
|
|
|
return EOF;
|
|
|
|
|
|
|
|
|
|
if (conn->Pfdebug)
|
|
|
|
|
fprintf(conn->Pfdebug, "To backend> %s\n", s);
|
1997-03-16 19:51:29 +01:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
return 0;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pqGetnchar:
|
2001-10-25 07:50:21 +02:00
|
|
|
* get a string of exactly len bytes in buffer s, no null termination
|
2001-08-17 17:11:15 +02:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
int
|
In the spirit of TODO item
* Add use of 'const' for varibles in source tree
(which is misspelled, btw.)
I went through the front-end libpq code and did so. This affects in
particular the various accessor functions (such as PQdb() and
PQgetvalue()) as well as, by necessity, the internal helpers they use.
I have been really thorough in that regard, perhaps some people will find
it annoying that things like
char * foo = PQgetvalue(res, 0, 0)
will generate a warning. On the other hand it _should_ generate one. This
is no real compatibility break, although a few clients will have to be
fixed to suppress warnings. (Which again would be in the spirit of the
above TODO.)
In addition I replaced some int's by size_t's and removed some warnings
(and generated some new ones -- grmpf!). Also I rewrote PQoidStatus (so it
actually honors the const!) and supplied a new function PQoidValue that
returns a proper Oid type. This is only front-end stuff, none of the
communicaton stuff was touched.
The psql patch also adds some new consts to honor the new libpq situation,
as well as fixes a fatal condition that resulted when using the -V
(--version) option and there is no database listening.
So, to summarize, the psql you should definitely put in (with or without
the libpq). If you think I went too far with the const-mania in libpq, let
me know and I'll make adjustments. If you approve it, I will also update
the docs.
-Peter
--
Peter Eisentraut Sernanders vaeg 10:115
1999-11-11 01:10:14 +01:00
|
|
|
pqGetnchar(char *s, size_t len, PGconn *conn)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-05-07 01:51:16 +02:00
|
|
|
if (len < 0 || len > conn->inEnd - conn->inCursor)
|
|
|
|
|
return EOF;
|
|
|
|
|
|
|
|
|
|
memcpy(s, conn->inBuffer + conn->inCursor, len);
|
1998-08-29 04:09:27 +02:00
|
|
|
/* no terminating null */
|
1998-09-01 06:40:42 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
conn->inCursor += len;
|
1997-03-16 19:51:29 +01:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (conn->Pfdebug)
|
2001-03-22 05:01:46 +01:00
|
|
|
fprintf(conn->Pfdebug, "From backend (%lu)> %.*s\n", (unsigned long) len, (int) len, s);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
return 0;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pqPutnchar:
|
2001-10-25 07:50:21 +02:00
|
|
|
* send a string of exactly len bytes, no null termination needed
|
2001-08-17 17:11:15 +02:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
int
|
In the spirit of TODO item
* Add use of 'const' for varibles in source tree
(which is misspelled, btw.)
I went through the front-end libpq code and did so. This affects in
particular the various accessor functions (such as PQdb() and
PQgetvalue()) as well as, by necessity, the internal helpers they use.
I have been really thorough in that regard, perhaps some people will find
it annoying that things like
char * foo = PQgetvalue(res, 0, 0)
will generate a warning. On the other hand it _should_ generate one. This
is no real compatibility break, although a few clients will have to be
fixed to suppress warnings. (Which again would be in the spirit of the
above TODO.)
In addition I replaced some int's by size_t's and removed some warnings
(and generated some new ones -- grmpf!). Also I rewrote PQoidStatus (so it
actually honors the const!) and supplied a new function PQoidValue that
returns a proper Oid type. This is only front-end stuff, none of the
communicaton stuff was touched.
The psql patch also adds some new consts to honor the new libpq situation,
as well as fixes a fatal condition that resulted when using the -V
(--version) option and there is no database listening.
So, to summarize, the psql you should definitely put in (with or without
the libpq). If you think I went too far with the const-mania in libpq, let
me know and I'll make adjustments. If you approve it, I will also update
the docs.
-Peter
--
Peter Eisentraut Sernanders vaeg 10:115
1999-11-11 01:10:14 +01:00
|
|
|
pqPutnchar(const char *s, size_t len, PGconn *conn)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-05-07 01:51:16 +02:00
|
|
|
if (pqPutBytes(s, len, conn))
|
|
|
|
|
return EOF;
|
1997-03-16 19:51:29 +01:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (conn->Pfdebug)
|
2000-04-12 19:17:23 +02:00
|
|
|
fprintf(conn->Pfdebug, "To backend> %.*s\n", (int) len, s);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
return 0;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pgGetInt
|
2001-10-25 07:50:21 +02:00
|
|
|
* read a 2 or 4 byte integer and convert from network byte order
|
|
|
|
|
* to local byte order
|
2001-08-17 17:11:15 +02:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
int
|
In the spirit of TODO item
* Add use of 'const' for varibles in source tree
(which is misspelled, btw.)
I went through the front-end libpq code and did so. This affects in
particular the various accessor functions (such as PQdb() and
PQgetvalue()) as well as, by necessity, the internal helpers they use.
I have been really thorough in that regard, perhaps some people will find
it annoying that things like
char * foo = PQgetvalue(res, 0, 0)
will generate a warning. On the other hand it _should_ generate one. This
is no real compatibility break, although a few clients will have to be
fixed to suppress warnings. (Which again would be in the spirit of the
above TODO.)
In addition I replaced some int's by size_t's and removed some warnings
(and generated some new ones -- grmpf!). Also I rewrote PQoidStatus (so it
actually honors the const!) and supplied a new function PQoidValue that
returns a proper Oid type. This is only front-end stuff, none of the
communicaton stuff was touched.
The psql patch also adds some new consts to honor the new libpq situation,
as well as fixes a fatal condition that resulted when using the -V
(--version) option and there is no database listening.
So, to summarize, the psql you should definitely put in (with or without
the libpq). If you think I went too far with the const-mania in libpq, let
me know and I'll make adjustments. If you approve it, I will also update
the docs.
-Peter
--
Peter Eisentraut Sernanders vaeg 10:115
1999-11-11 01:10:14 +01:00
|
|
|
pqGetInt(int *result, size_t bytes, PGconn *conn)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
uint16 tmp2;
|
|
|
|
|
uint32 tmp4;
|
1999-08-31 03:37:37 +02:00
|
|
|
char noticeBuf[64];
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
switch (bytes)
|
|
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
case 2:
|
1998-05-07 01:51:16 +02:00
|
|
|
if (conn->inCursor + 2 > conn->inEnd)
|
|
|
|
|
return EOF;
|
|
|
|
|
memcpy(&tmp2, conn->inBuffer + conn->inCursor, 2);
|
|
|
|
|
conn->inCursor += 2;
|
|
|
|
|
*result = (int) ntohs(tmp2);
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 4:
|
1998-05-07 01:51:16 +02:00
|
|
|
if (conn->inCursor + 4 > conn->inEnd)
|
|
|
|
|
return EOF;
|
|
|
|
|
memcpy(&tmp4, conn->inBuffer + conn->inCursor, 4);
|
|
|
|
|
conn->inCursor += 4;
|
|
|
|
|
*result = (int) ntohl(tmp4);
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
default:
|
2001-07-15 15:45:04 +02:00
|
|
|
snprintf(noticeBuf, sizeof(noticeBuf),
|
|
|
|
|
libpq_gettext("integer of size %lu not supported by pqGetInt\n"),
|
|
|
|
|
(unsigned long) bytes);
|
1999-08-31 03:37:37 +02:00
|
|
|
DONOTICE(conn, noticeBuf);
|
1998-05-07 01:51:16 +02:00
|
|
|
return EOF;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (conn->Pfdebug)
|
2001-03-22 05:01:46 +01:00
|
|
|
fprintf(conn->Pfdebug, "From backend (#%lu)> %d\n", (unsigned long) bytes, *result);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
return 0;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pgPutInt
|
|
|
|
|
* send an integer of 2 or 4 bytes, converting from host byte order
|
|
|
|
|
* to network byte order.
|
|
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
int
|
In the spirit of TODO item
* Add use of 'const' for varibles in source tree
(which is misspelled, btw.)
I went through the front-end libpq code and did so. This affects in
particular the various accessor functions (such as PQdb() and
PQgetvalue()) as well as, by necessity, the internal helpers they use.
I have been really thorough in that regard, perhaps some people will find
it annoying that things like
char * foo = PQgetvalue(res, 0, 0)
will generate a warning. On the other hand it _should_ generate one. This
is no real compatibility break, although a few clients will have to be
fixed to suppress warnings. (Which again would be in the spirit of the
above TODO.)
In addition I replaced some int's by size_t's and removed some warnings
(and generated some new ones -- grmpf!). Also I rewrote PQoidStatus (so it
actually honors the const!) and supplied a new function PQoidValue that
returns a proper Oid type. This is only front-end stuff, none of the
communicaton stuff was touched.
The psql patch also adds some new consts to honor the new libpq situation,
as well as fixes a fatal condition that resulted when using the -V
(--version) option and there is no database listening.
So, to summarize, the psql you should definitely put in (with or without
the libpq). If you think I went too far with the const-mania in libpq, let
me know and I'll make adjustments. If you approve it, I will also update
the docs.
-Peter
--
Peter Eisentraut Sernanders vaeg 10:115
1999-11-11 01:10:14 +01:00
|
|
|
pqPutInt(int value, size_t bytes, PGconn *conn)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
uint16 tmp2;
|
|
|
|
|
uint32 tmp4;
|
1999-08-31 03:37:37 +02:00
|
|
|
char noticeBuf[64];
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
switch (bytes)
|
|
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
case 2:
|
1998-05-07 01:51:16 +02:00
|
|
|
tmp2 = htons((uint16) value);
|
1998-09-01 06:40:42 +02:00
|
|
|
if (pqPutBytes((const char *) &tmp2, 2, conn))
|
1998-05-07 01:51:16 +02:00
|
|
|
return EOF;
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 4:
|
1998-05-07 01:51:16 +02:00
|
|
|
tmp4 = htonl((uint32) value);
|
1998-09-01 06:40:42 +02:00
|
|
|
if (pqPutBytes((const char *) &tmp4, 4, conn))
|
1998-05-07 01:51:16 +02:00
|
|
|
return EOF;
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
default:
|
2001-07-15 15:45:04 +02:00
|
|
|
snprintf(noticeBuf, sizeof(noticeBuf),
|
|
|
|
|
libpq_gettext("integer of size %lu not supported by pqPutInt\n"),
|
|
|
|
|
(unsigned long) bytes);
|
1999-08-31 03:37:37 +02:00
|
|
|
DONOTICE(conn, noticeBuf);
|
1998-05-07 01:51:16 +02:00
|
|
|
return EOF;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (conn->Pfdebug)
|
2001-03-22 05:01:46 +01:00
|
|
|
fprintf(conn->Pfdebug, "To backend (%lu#)> %d\n", (unsigned long) bytes, value);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
return 0;
|
1997-03-16 19:51:29 +01:00
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pqReadReady: is select() saying the file is ready to read?
|
1999-11-30 04:08:19 +01:00
|
|
|
* Returns -1 on failure, 0 if not ready, 1 if ready.
|
1998-05-07 01:51:16 +02:00
|
|
|
*/
|
1999-11-30 04:08:19 +01:00
|
|
|
int
|
1998-05-07 01:51:16 +02:00
|
|
|
pqReadReady(PGconn *conn)
|
|
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
fd_set input_mask;
|
|
|
|
|
struct timeval timeout;
|
1998-05-07 01:51:16 +02:00
|
|
|
|
1999-11-30 04:08:19 +01:00
|
|
|
if (!conn || conn->sock < 0)
|
|
|
|
|
return -1;
|
1998-05-07 01:51:16 +02:00
|
|
|
|
2002-04-16 01:34:17 +02:00
|
|
|
retry1:
|
1998-05-07 01:51:16 +02:00
|
|
|
FD_ZERO(&input_mask);
|
|
|
|
|
FD_SET(conn->sock, &input_mask);
|
|
|
|
|
timeout.tv_sec = 0;
|
|
|
|
|
timeout.tv_usec = 0;
|
1998-09-01 06:40:42 +02:00
|
|
|
if (select(conn->sock + 1, &input_mask, (fd_set *) NULL, (fd_set *) NULL,
|
1998-05-07 01:51:16 +02:00
|
|
|
&timeout) < 0)
|
|
|
|
|
{
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EINTR)
|
1999-11-30 04:08:19 +01:00
|
|
|
/* Interrupted system call - we'll just try again */
|
2002-04-16 01:34:17 +02:00
|
|
|
goto retry1;
|
1999-11-30 04:08:19 +01:00
|
|
|
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-07-15 15:45:04 +02:00
|
|
|
libpq_gettext("select() failed: %s\n"),
|
2001-08-21 22:39:54 +02:00
|
|
|
SOCK_STRERROR(SOCK_ERRNO));
|
1999-11-30 04:08:19 +01:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return FD_ISSET(conn->sock, &input_mask) ? 1 : 0;
|
|
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pqWriteReady: is select() saying the file is ready to write?
|
1999-11-30 04:08:19 +01:00
|
|
|
* Returns -1 on failure, 0 if not ready, 1 if ready.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
pqWriteReady(PGconn *conn)
|
|
|
|
|
{
|
|
|
|
|
fd_set input_mask;
|
|
|
|
|
struct timeval timeout;
|
|
|
|
|
|
|
|
|
|
if (!conn || conn->sock < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2002-04-16 01:34:17 +02:00
|
|
|
retry2:
|
1999-11-30 04:08:19 +01:00
|
|
|
FD_ZERO(&input_mask);
|
|
|
|
|
FD_SET(conn->sock, &input_mask);
|
|
|
|
|
timeout.tv_sec = 0;
|
|
|
|
|
timeout.tv_usec = 0;
|
|
|
|
|
if (select(conn->sock + 1, (fd_set *) NULL, &input_mask, (fd_set *) NULL,
|
|
|
|
|
&timeout) < 0)
|
|
|
|
|
{
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EINTR)
|
1999-11-30 04:08:19 +01:00
|
|
|
/* Interrupted system call - we'll just try again */
|
2002-04-16 01:34:17 +02:00
|
|
|
goto retry2;
|
1999-11-30 04:08:19 +01:00
|
|
|
|
|
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-07-15 15:45:04 +02:00
|
|
|
libpq_gettext("select() failed: %s\n"),
|
2001-08-21 22:39:54 +02:00
|
|
|
SOCK_STRERROR(SOCK_ERRNO));
|
1999-11-30 04:08:19 +01:00
|
|
|
return -1;
|
1998-05-07 01:51:16 +02:00
|
|
|
}
|
1999-11-30 04:08:19 +01:00
|
|
|
return FD_ISSET(conn->sock, &input_mask) ? 1 : 0;
|
1998-05-07 01:51:16 +02:00
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/* ----------
|
|
|
|
|
* pqReadData: read more data, if any is available
|
1998-05-07 01:51:16 +02:00
|
|
|
* Possible return values:
|
1998-09-01 06:40:42 +02:00
|
|
|
* 1: successfully loaded at least one more byte
|
|
|
|
|
* 0: no data is presently available, but no error detected
|
|
|
|
|
* -1: error detected (including EOF = connection closure);
|
|
|
|
|
* conn->errorMessage set
|
1998-05-07 01:51:16 +02:00
|
|
|
* NOTE: callers must not assume that pointers or indexes into conn->inBuffer
|
|
|
|
|
* remain valid across this call!
|
2001-08-17 17:11:15 +02:00
|
|
|
* ----------
|
1998-05-07 01:51:16 +02:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
int
|
1998-05-07 01:51:16 +02:00
|
|
|
pqReadData(PGconn *conn)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1999-09-13 05:00:19 +02:00
|
|
|
int someread = 0;
|
1998-09-01 06:40:42 +02:00
|
|
|
int nread;
|
1998-05-07 01:51:16 +02:00
|
|
|
|
|
|
|
|
if (conn->sock < 0)
|
|
|
|
|
{
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-07-15 15:45:04 +02:00
|
|
|
libpq_gettext("connection not open\n"));
|
1998-05-07 01:51:16 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
/* Left-justify any data in the buffer to make room */
|
|
|
|
|
if (conn->inStart < conn->inEnd)
|
|
|
|
|
{
|
2001-05-28 17:29:51 +02:00
|
|
|
if (conn->inStart > 0)
|
|
|
|
|
{
|
|
|
|
|
memmove(conn->inBuffer, conn->inBuffer + conn->inStart,
|
|
|
|
|
conn->inEnd - conn->inStart);
|
|
|
|
|
conn->inEnd -= conn->inStart;
|
|
|
|
|
conn->inCursor -= conn->inStart;
|
|
|
|
|
conn->inStart = 0;
|
|
|
|
|
}
|
1998-05-07 01:51:16 +02:00
|
|
|
}
|
|
|
|
|
else
|
2001-05-28 17:29:51 +02:00
|
|
|
{
|
|
|
|
|
/* buffer is logically empty, reset it */
|
1998-05-07 01:51:16 +02:00
|
|
|
conn->inStart = conn->inCursor = conn->inEnd = 0;
|
2001-05-28 17:29:51 +02:00
|
|
|
}
|
1998-09-01 06:40:42 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the buffer is fairly full, enlarge it. We need to be able to
|
|
|
|
|
* enlarge the buffer in case a single message exceeds the initial
|
|
|
|
|
* buffer size. We enlarge before filling the buffer entirely so as
|
|
|
|
|
* to avoid asking the kernel for a partial packet. The magic constant
|
1999-08-31 03:37:37 +02:00
|
|
|
* here should be large enough for a TCP packet or Unix pipe
|
2000-04-12 19:17:23 +02:00
|
|
|
* bufferload. 8K is the usual pipe buffer size, so...
|
1998-05-07 01:51:16 +02:00
|
|
|
*/
|
1999-08-31 03:37:37 +02:00
|
|
|
if (conn->inBufSize - conn->inEnd < 8192)
|
1998-05-07 01:51:16 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
int newSize = conn->inBufSize * 2;
|
|
|
|
|
char *newBuf = (char *) realloc(conn->inBuffer, newSize);
|
|
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (newBuf)
|
|
|
|
|
{
|
|
|
|
|
conn->inBuffer = newBuf;
|
|
|
|
|
conn->inBufSize = newSize;
|
|
|
|
|
}
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
/* OK, try to read some data */
|
2002-04-16 01:34:17 +02:00
|
|
|
retry3:
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
nread = secure_read(conn, conn->inBuffer + conn->inEnd,
|
|
|
|
|
conn->inBufSize - conn->inEnd);
|
1998-05-07 01:51:16 +02:00
|
|
|
if (nread < 0)
|
|
|
|
|
{
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EINTR)
|
2002-04-16 01:34:17 +02:00
|
|
|
goto retry3;
|
1998-05-07 01:53:48 +02:00
|
|
|
/* Some systems return EAGAIN/EWOULDBLOCK for no data */
|
|
|
|
|
#ifdef EAGAIN
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EAGAIN)
|
1999-09-13 05:00:19 +02:00
|
|
|
return someread;
|
1998-05-07 01:53:48 +02:00
|
|
|
#endif
|
|
|
|
|
#if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EWOULDBLOCK)
|
1999-09-13 05:00:19 +02:00
|
|
|
return someread;
|
1998-09-20 06:51:12 +02:00
|
|
|
#endif
|
|
|
|
|
/* We might get ECONNRESET here if using TCP and backend died */
|
|
|
|
|
#ifdef ECONNRESET
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == ECONNRESET)
|
1998-09-20 06:51:12 +02:00
|
|
|
goto definitelyFailed;
|
1998-05-07 01:53:48 +02:00
|
|
|
#endif
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-10-25 07:50:21 +02:00
|
|
|
libpq_gettext("could not receive data from server: %s\n"),
|
2001-08-21 22:39:54 +02:00
|
|
|
SOCK_STRERROR(SOCK_ERRNO));
|
1998-05-07 01:51:16 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (nread > 0)
|
|
|
|
|
{
|
|
|
|
|
conn->inEnd += nread;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
1999-09-13 05:00:19 +02:00
|
|
|
/*
|
|
|
|
|
* Hack to deal with the fact that some kernels will only give us
|
2000-04-12 19:17:23 +02:00
|
|
|
* back 1 packet per recv() call, even if we asked for more and
|
|
|
|
|
* there is more available. If it looks like we are reading a
|
|
|
|
|
* long message, loop back to recv() again immediately, until we
|
|
|
|
|
* run out of data or buffer space. Without this, the
|
|
|
|
|
* block-and-restart behavior of libpq's higher levels leads to
|
|
|
|
|
* O(N^2) performance on long messages.
|
1999-09-13 05:00:19 +02:00
|
|
|
*
|
|
|
|
|
* Since we left-justified the data above, conn->inEnd gives the
|
2000-04-12 19:17:23 +02:00
|
|
|
* amount of data already read in the current message. We
|
|
|
|
|
* consider the message "long" once we have acquired 32k ...
|
1999-09-13 05:00:19 +02:00
|
|
|
*/
|
|
|
|
|
if (conn->inEnd > 32768 &&
|
|
|
|
|
(conn->inBufSize - conn->inEnd) >= 8192)
|
|
|
|
|
{
|
|
|
|
|
someread = 1;
|
2002-04-16 01:34:17 +02:00
|
|
|
goto retry3;
|
1999-09-13 05:00:19 +02:00
|
|
|
}
|
1998-05-07 01:51:16 +02:00
|
|
|
return 1;
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1999-09-13 05:00:19 +02:00
|
|
|
if (someread)
|
|
|
|
|
return 1; /* got a zero read after successful tries */
|
|
|
|
|
|
1998-09-01 06:40:42 +02:00
|
|
|
/*
|
|
|
|
|
* A return value of 0 could mean just that no data is now available,
|
|
|
|
|
* or it could mean EOF --- that is, the server has closed the
|
|
|
|
|
* connection. Since we have the socket in nonblock mode, the only way
|
|
|
|
|
* to tell the difference is to see if select() is saying that the
|
|
|
|
|
* file is ready. Grumble. Fortunately, we don't expect this path to
|
|
|
|
|
* be taken much, since in normal practice we should not be trying to
|
|
|
|
|
* read data unless the file selected for reading already.
|
1998-05-07 01:51:16 +02:00
|
|
|
*/
|
1999-11-30 04:08:19 +01:00
|
|
|
switch (pqReadReady(conn))
|
|
|
|
|
{
|
|
|
|
|
case 0:
|
|
|
|
|
/* definitely no data available */
|
|
|
|
|
return 0;
|
|
|
|
|
case 1:
|
|
|
|
|
/* ready for read */
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
goto definitelyFailed;
|
|
|
|
|
}
|
1998-05-07 01:51:16 +02:00
|
|
|
|
1998-09-01 06:40:42 +02:00
|
|
|
/*
|
|
|
|
|
* Still not sure that it's EOF, because some data could have just
|
|
|
|
|
* arrived.
|
1998-05-07 01:51:16 +02:00
|
|
|
*/
|
2002-04-16 01:34:17 +02:00
|
|
|
retry4:
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
nread = secure_read(conn, conn->inBuffer + conn->inEnd,
|
|
|
|
|
conn->inBufSize - conn->inEnd);
|
1998-05-07 01:51:16 +02:00
|
|
|
if (nread < 0)
|
|
|
|
|
{
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EINTR)
|
2002-04-16 01:34:17 +02:00
|
|
|
goto retry4;
|
1998-05-07 01:53:48 +02:00
|
|
|
/* Some systems return EAGAIN/EWOULDBLOCK for no data */
|
|
|
|
|
#ifdef EAGAIN
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EAGAIN)
|
1998-05-07 01:53:48 +02:00
|
|
|
return 0;
|
|
|
|
|
#endif
|
|
|
|
|
#if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EWOULDBLOCK)
|
1998-05-07 01:53:48 +02:00
|
|
|
return 0;
|
1998-09-20 06:51:12 +02:00
|
|
|
#endif
|
|
|
|
|
/* We might get ECONNRESET here if using TCP and backend died */
|
|
|
|
|
#ifdef ECONNRESET
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == ECONNRESET)
|
1998-09-20 06:51:12 +02:00
|
|
|
goto definitelyFailed;
|
1998-05-07 01:53:48 +02:00
|
|
|
#endif
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-10-25 07:50:21 +02:00
|
|
|
libpq_gettext("could not receive data from server: %s\n"),
|
2001-08-21 22:39:54 +02:00
|
|
|
SOCK_STRERROR(SOCK_ERRNO));
|
1998-05-07 01:51:16 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (nread > 0)
|
|
|
|
|
{
|
|
|
|
|
conn->inEnd += nread;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
1998-09-01 06:40:42 +02:00
|
|
|
/*
|
|
|
|
|
* OK, we are getting a zero read even though select() says ready.
|
1998-05-07 01:51:16 +02:00
|
|
|
* This means the connection has been closed. Cope.
|
|
|
|
|
*/
|
1998-09-20 06:51:12 +02:00
|
|
|
definitelyFailed:
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-07-15 15:45:04 +02:00
|
|
|
libpq_gettext(
|
2001-10-25 07:50:21 +02:00
|
|
|
"server closed the connection unexpectedly\n"
|
|
|
|
|
"\tThis probably means the server terminated abnormally\n"
|
|
|
|
|
"\tbefore or while processing the request.\n"));
|
1998-09-01 06:40:42 +02:00
|
|
|
conn->status = CONNECTION_BAD; /* No more connection to backend */
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
secure_close(conn);
|
1998-07-03 06:24:16 +02:00
|
|
|
#ifdef WIN32
|
|
|
|
|
closesocket(conn->sock);
|
|
|
|
|
#else
|
1998-05-07 01:51:16 +02:00
|
|
|
close(conn->sock);
|
1998-07-03 06:24:16 +02:00
|
|
|
#endif
|
1998-05-07 01:51:16 +02:00
|
|
|
conn->sock = -1;
|
1998-09-01 06:40:42 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
return -1;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-03-05 07:07:27 +01:00
|
|
|
/*
|
|
|
|
|
* pqSendSome: send any data waiting in the output buffer.
|
2002-03-05 06:20:12 +01:00
|
|
|
*
|
2002-03-05 07:07:27 +01:00
|
|
|
* Return 0 on sucess, -1 on failure and 1 when data remains because the
|
|
|
|
|
* socket would block and the connection is non-blocking.
|
1998-05-07 01:51:16 +02:00
|
|
|
*/
|
|
|
|
|
int
|
2002-03-05 06:20:12 +01:00
|
|
|
pqSendSome(PGconn *conn)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
char *ptr = conn->outBuffer;
|
|
|
|
|
int len = conn->outCount;
|
1998-05-07 01:51:16 +02:00
|
|
|
|
|
|
|
|
if (conn->sock < 0)
|
|
|
|
|
{
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-07-15 15:45:04 +02:00
|
|
|
libpq_gettext("connection not open\n"));
|
2002-03-05 07:07:27 +01:00
|
|
|
return -1;
|
1998-05-07 01:51:16 +02:00
|
|
|
}
|
1997-03-16 19:51:29 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* don't try to send zero data, allows us to use this function without
|
|
|
|
|
* too much worry about overhead
|
2000-01-18 07:09:24 +01:00
|
|
|
*/
|
|
|
|
|
if (len == 0)
|
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
|
|
/* while there's still data to send */
|
1998-05-07 01:51:16 +02:00
|
|
|
while (len > 0)
|
|
|
|
|
{
|
2000-04-12 19:17:23 +02:00
|
|
|
int sent;
|
2000-01-18 07:09:24 +01:00
|
|
|
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
sent = secure_write(conn, ptr, len);
|
1998-08-17 05:50:43 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (sent < 0)
|
|
|
|
|
{
|
1998-09-20 06:51:12 +02:00
|
|
|
/*
|
1999-05-25 18:15:34 +02:00
|
|
|
* Anything except EAGAIN or EWOULDBLOCK is trouble. If it's
|
|
|
|
|
* EPIPE or ECONNRESET, assume we've lost the backend
|
|
|
|
|
* connection permanently.
|
1998-09-20 06:51:12 +02:00
|
|
|
*/
|
2001-08-21 22:39:54 +02:00
|
|
|
switch (SOCK_ERRNO)
|
1998-05-07 01:51:16 +02:00
|
|
|
{
|
|
|
|
|
#ifdef EAGAIN
|
|
|
|
|
case EAGAIN:
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
|
|
|
|
|
case EWOULDBLOCK:
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
2000-01-18 07:09:24 +01:00
|
|
|
case EINTR:
|
|
|
|
|
continue;
|
1999-05-28 03:54:53 +02:00
|
|
|
|
1998-09-20 06:51:12 +02:00
|
|
|
case EPIPE:
|
|
|
|
|
#ifdef ECONNRESET
|
|
|
|
|
case ECONNRESET:
|
|
|
|
|
#endif
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-07-15 15:45:04 +02:00
|
|
|
libpq_gettext(
|
2001-10-25 07:50:21 +02:00
|
|
|
"server closed the connection unexpectedly\n"
|
2002-03-05 07:07:27 +01:00
|
|
|
"\tThis probably means the server terminated abnormally\n"
|
2001-10-25 07:50:21 +02:00
|
|
|
"\tbefore or while processing the request.\n"));
|
2000-04-12 19:17:23 +02:00
|
|
|
|
1999-05-28 03:54:53 +02:00
|
|
|
/*
|
|
|
|
|
* We used to close the socket here, but that's a bad
|
|
|
|
|
* idea since there might be unread data waiting
|
2002-03-06 07:10:59 +01:00
|
|
|
* (typically, a WARNING message from the backend
|
2000-04-12 19:17:23 +02:00
|
|
|
* telling us it's committing hara-kiri...). Leave
|
|
|
|
|
* the socket open until pqReadData finds no more data
|
|
|
|
|
* can be read.
|
1999-05-28 03:54:53 +02:00
|
|
|
*/
|
2002-03-05 06:20:12 +01:00
|
|
|
return -1;
|
1999-05-28 03:54:53 +02:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
default:
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-10-25 07:50:21 +02:00
|
|
|
libpq_gettext("could not send data to server: %s\n"),
|
2001-08-21 22:39:54 +02:00
|
|
|
SOCK_STRERROR(SOCK_ERRNO));
|
1998-09-20 06:51:12 +02:00
|
|
|
/* We don't assume it's a fatal error... */
|
2002-03-05 06:20:12 +01:00
|
|
|
return -1;
|
1998-05-07 01:51:16 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
ptr += sent;
|
|
|
|
|
len -= sent;
|
|
|
|
|
}
|
2000-01-18 07:09:24 +01:00
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (len > 0)
|
|
|
|
|
{
|
|
|
|
|
/* We didn't send it all, wait till we can send more */
|
1999-11-30 04:08:19 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* if the socket is in non-blocking mode we may need to abort
|
2002-03-05 06:20:12 +01:00
|
|
|
* here and return 1 to indicate that data is still pending.
|
2000-01-18 07:09:24 +01:00
|
|
|
*/
|
|
|
|
|
#ifdef USE_SSL
|
|
|
|
|
/* can't do anything for our SSL users yet */
|
2002-06-14 06:09:37 +02:00
|
|
|
if (conn->ssl == NULL)
|
2000-01-18 07:09:24 +01:00
|
|
|
{
|
|
|
|
|
#endif
|
|
|
|
|
if (pqIsnonblocking(conn))
|
|
|
|
|
{
|
|
|
|
|
/* shift the contents of the buffer */
|
|
|
|
|
memmove(conn->outBuffer, ptr, len);
|
|
|
|
|
conn->outCount = len;
|
2002-03-05 06:20:12 +01:00
|
|
|
return 1;
|
2000-01-18 07:09:24 +01:00
|
|
|
}
|
|
|
|
|
#ifdef USE_SSL
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
1998-05-07 01:51:16 +02:00
|
|
|
if (pqWait(FALSE, TRUE, conn))
|
2002-03-05 06:20:12 +01:00
|
|
|
return -1;
|
1998-05-07 01:51:16 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
conn->outCount = 0;
|
|
|
|
|
|
|
|
|
|
if (conn->Pfdebug)
|
|
|
|
|
fflush(conn->Pfdebug);
|
|
|
|
|
|
|
|
|
|
return 0;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
1996-12-31 08:29:17 +01:00
|
|
|
|
2002-03-05 06:20:12 +01:00
|
|
|
|
2002-03-05 07:07:27 +01:00
|
|
|
|
2002-03-05 06:20:12 +01:00
|
|
|
/*
|
|
|
|
|
* pqFlush: send any data waiting in the output buffer
|
|
|
|
|
*
|
|
|
|
|
* Implemented in terms of pqSendSome to recreate the old behavior which
|
|
|
|
|
* returned 0 if all data was sent or EOF. EOF was sent regardless of
|
|
|
|
|
* whether an error occurred or not all data was sent on a non-blocking
|
|
|
|
|
* socket.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
pqFlush(PGconn *conn)
|
|
|
|
|
{
|
|
|
|
|
if (pqSendSome(conn))
|
2002-03-05 07:07:27 +01:00
|
|
|
{
|
2002-03-05 06:20:12 +01:00
|
|
|
return EOF;
|
2002-03-05 07:07:27 +01:00
|
|
|
}
|
2002-03-05 06:20:12 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2001-08-17 17:11:15 +02:00
|
|
|
/*
|
|
|
|
|
* pqWait: wait until we can read or write the connection socket
|
2001-04-01 01:13:30 +02:00
|
|
|
*
|
|
|
|
|
* We also stop waiting and return if the kernel flags an exception condition
|
|
|
|
|
* on the socket. The actual error condition will be detected and reported
|
|
|
|
|
* when the caller tries to read or write the socket.
|
1998-05-07 01:51:16 +02:00
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
pqWait(int forRead, int forWrite, PGconn *conn)
|
|
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
fd_set input_mask;
|
|
|
|
|
fd_set output_mask;
|
2001-04-01 01:13:30 +02:00
|
|
|
fd_set except_mask;
|
1998-05-07 01:51:16 +02:00
|
|
|
|
|
|
|
|
if (conn->sock < 0)
|
|
|
|
|
{
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-07-15 15:45:04 +02:00
|
|
|
libpq_gettext("connection not open\n"));
|
2002-03-05 07:07:27 +01:00
|
|
|
return EOF;
|
1998-05-07 01:51:16 +02:00
|
|
|
}
|
|
|
|
|
|
1999-11-30 04:08:19 +01:00
|
|
|
if (forRead || forWrite)
|
1998-09-01 06:40:42 +02:00
|
|
|
{
|
2002-04-16 01:34:17 +02:00
|
|
|
retry5:
|
1998-05-07 01:51:16 +02:00
|
|
|
FD_ZERO(&input_mask);
|
|
|
|
|
FD_ZERO(&output_mask);
|
2001-04-01 01:13:30 +02:00
|
|
|
FD_ZERO(&except_mask);
|
1998-05-07 01:51:16 +02:00
|
|
|
if (forRead)
|
|
|
|
|
FD_SET(conn->sock, &input_mask);
|
|
|
|
|
if (forWrite)
|
|
|
|
|
FD_SET(conn->sock, &output_mask);
|
2001-04-01 01:13:30 +02:00
|
|
|
FD_SET(conn->sock, &except_mask);
|
|
|
|
|
if (select(conn->sock + 1, &input_mask, &output_mask, &except_mask,
|
1998-05-07 01:51:16 +02:00
|
|
|
(struct timeval *) NULL) < 0)
|
|
|
|
|
{
|
2001-08-21 22:39:54 +02:00
|
|
|
if (SOCK_ERRNO == EINTR)
|
2002-04-16 01:34:17 +02:00
|
|
|
goto retry5;
|
1999-08-31 03:37:37 +02:00
|
|
|
printfPQExpBuffer(&conn->errorMessage,
|
2001-07-15 15:45:04 +02:00
|
|
|
libpq_gettext("select() failed: %s\n"),
|
2001-08-21 22:39:54 +02:00
|
|
|
SOCK_STRERROR(SOCK_ERRNO));
|
1998-05-07 01:51:16 +02:00
|
|
|
return EOF;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2000-01-29 17:58:54 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* A couple of "miscellaneous" multibyte related functions. They used
|
|
|
|
|
* to be in fe-print.c but that file is doomed.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifdef MULTIBYTE
|
|
|
|
|
/*
|
|
|
|
|
* returns the byte length of the word beginning s, using the
|
|
|
|
|
* specified encoding.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
PQmblen(const unsigned char *s, int encoding)
|
|
|
|
|
{
|
|
|
|
|
return (pg_encoding_mblen(encoding, s));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get encoding id from environment variable PGCLIENTENCODING.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
PQenv2encoding(void)
|
|
|
|
|
{
|
|
|
|
|
char *str;
|
Commit Karel's patch.
-------------------------------------------------------------------
Subject: Re: [PATCHES] encoding names
From: Karel Zak <zakkr@zf.jcu.cz>
To: Peter Eisentraut <peter_e@gmx.net>
Cc: pgsql-patches <pgsql-patches@postgresql.org>
Date: Fri, 31 Aug 2001 17:24:38 +0200
On Thu, Aug 30, 2001 at 01:30:40AM +0200, Peter Eisentraut wrote:
> > - convert encoding 'name' to 'id'
>
> I thought we decided not to add functions returning "new" names until we
> know exactly what the new names should be, and pending schema
Ok, the patch not to add functions.
> better
>
> ...(): encoding name too long
Fixed.
I found new bug in command/variable.c in parse_client_encoding(), nobody
probably never see this error:
if (pg_set_client_encoding(encoding))
{
elog(ERROR, "Conversion between %s and %s is not supported",
value, GetDatabaseEncodingName());
}
because pg_set_client_encoding() returns -1 for error and 0 as true.
It's fixed too.
IMHO it can be apply.
Karel
PS:
* following files are renamed:
src/utils/mb/Unicode/KOI8_to_utf8.map -->
src/utils/mb/Unicode/koi8r_to_utf8.map
src/utils/mb/Unicode/WIN_to_utf8.map -->
src/utils/mb/Unicode/win1251_to_utf8.map
src/utils/mb/Unicode/utf8_to_KOI8.map -->
src/utils/mb/Unicode/utf8_to_koi8r.map
src/utils/mb/Unicode/utf8_to_WIN.map -->
src/utils/mb/Unicode/utf8_to_win1251.map
* new file:
src/utils/mb/encname.c
* removed file:
src/utils/mb/common.c
--
Karel Zak <zakkr@zf.jcu.cz>
http://home.zf.jcu.cz/~zakkr/
C, PostgreSQL, PHP, WWW, http://docs.linux.cz, http://mape.jcu.cz
2001-09-06 06:57:30 +02:00
|
|
|
int encoding = PG_SQL_ASCII;
|
2000-01-29 17:58:54 +01:00
|
|
|
|
|
|
|
|
str = getenv("PGCLIENTENCODING");
|
|
|
|
|
if (str && *str != '\0')
|
|
|
|
|
encoding = pg_char_to_encoding(str);
|
2000-04-12 19:17:23 +02:00
|
|
|
return (encoding);
|
2000-01-29 17:58:54 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
/* Provide a default definition in case someone calls it anyway */
|
|
|
|
|
int
|
|
|
|
|
PQmblen(const unsigned char *s, int encoding)
|
|
|
|
|
{
|
2000-04-12 19:17:23 +02:00
|
|
|
(void) s;
|
|
|
|
|
(void) encoding;
|
2000-01-29 17:58:54 +01:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
int
|
|
|
|
|
PQenv2encoding(void)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2001-11-05 18:46:40 +01:00
|
|
|
#endif /* MULTIBYTE */
|
2001-07-15 15:45:04 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef ENABLE_NLS
|
|
|
|
|
char *
|
|
|
|
|
libpq_gettext(const char *msgid)
|
|
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
static int already_bound = 0;
|
2001-07-15 15:45:04 +02:00
|
|
|
|
|
|
|
|
if (!already_bound)
|
|
|
|
|
{
|
|
|
|
|
already_bound = 1;
|
|
|
|
|
bindtextdomain("libpq", LOCALEDIR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return dgettext("libpq", msgid);
|
|
|
|
|
}
|
2001-11-05 18:46:40 +01:00
|
|
|
#endif /* ENABLE_NLS */
|
