GSSAPI encryption support
On both the frontend and backend, prepare for GSSAPI encryption
support by moving common code for error handling into a separate file.
Fix a TODO for handling multiple status messages in the process.
Eliminate the OIDs, which have not been needed for some time.
Add frontend and backend encryption support functions. Keep the
context initiation for authentication-only separate on both the
frontend and backend in order to avoid concerns about changing the
requested flags to include encryption support.
In postmaster, pull GSSAPI authorization checking into a shared
function. Also share the initiator name between the encryption and
non-encryption codepaths.
For HBA, add "hostgssenc" and "hostnogssenc" entries that behave
similarly to their SSL counterparts. "hostgssenc" requires either
"gss", "trust", or "reject" for its authentication.
Similarly, add a "gssencmode" parameter to libpq. Supported values are
"disable", "require", and "prefer". Notably, negotiation will only be
attempted if credentials can be acquired. Move credential acquisition
into its own function to support this behavior.
Add a simple pg_stat_gssapi view similar to pg_stat_ssl, for monitoring
if GSSAPI authentication was used, what principal was used, and if
encryption is being used on the connection.
Finally, add documentation for everything new, and update existing
documentation on connection security.
Thanks to Michael Paquier for the Windows fixes.
Author: Robbie Harwood, with changes to the read/write functions by me.
Reviewed in various forms and at different times by: Michael Paquier,
Andres Freund, David Steele.
Discussion: https://www.postgresql.org/message-id/flat/jlg1tgq1ktm.fsf@thriss.redhat.com
2019-04-03 21:02:33 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
|
|
|
|
* be-gssapi-common.c
|
|
|
|
|
* Common code for GSSAPI authentication and encryption
|
|
|
|
|
*
|
2019-05-23 03:23:59 +02:00
|
|
|
* Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
|
GSSAPI encryption support
On both the frontend and backend, prepare for GSSAPI encryption
support by moving common code for error handling into a separate file.
Fix a TODO for handling multiple status messages in the process.
Eliminate the OIDs, which have not been needed for some time.
Add frontend and backend encryption support functions. Keep the
context initiation for authentication-only separate on both the
frontend and backend in order to avoid concerns about changing the
requested flags to include encryption support.
In postmaster, pull GSSAPI authorization checking into a shared
function. Also share the initiator name between the encryption and
non-encryption codepaths.
For HBA, add "hostgssenc" and "hostnogssenc" entries that behave
similarly to their SSL counterparts. "hostgssenc" requires either
"gss", "trust", or "reject" for its authentication.
Similarly, add a "gssencmode" parameter to libpq. Supported values are
"disable", "require", and "prefer". Notably, negotiation will only be
attempted if credentials can be acquired. Move credential acquisition
into its own function to support this behavior.
Add a simple pg_stat_gssapi view similar to pg_stat_ssl, for monitoring
if GSSAPI authentication was used, what principal was used, and if
encryption is being used on the connection.
Finally, add documentation for everything new, and update existing
documentation on connection security.
Thanks to Michael Paquier for the Windows fixes.
Author: Robbie Harwood, with changes to the read/write functions by me.
Reviewed in various forms and at different times by: Michael Paquier,
Andres Freund, David Steele.
Discussion: https://www.postgresql.org/message-id/flat/jlg1tgq1ktm.fsf@thriss.redhat.com
2019-04-03 21:02:33 +02:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
|
|
|
|
* src/backend/libpq/be-gssapi-common.c
|
|
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "postgres.h"
|
|
|
|
|
|
2019-06-08 02:59:02 +02:00
|
|
|
#include "libpq/be-gssapi-common.h"
|
GSSAPI encryption support
On both the frontend and backend, prepare for GSSAPI encryption
support by moving common code for error handling into a separate file.
Fix a TODO for handling multiple status messages in the process.
Eliminate the OIDs, which have not been needed for some time.
Add frontend and backend encryption support functions. Keep the
context initiation for authentication-only separate on both the
frontend and backend in order to avoid concerns about changing the
requested flags to include encryption support.
In postmaster, pull GSSAPI authorization checking into a shared
function. Also share the initiator name between the encryption and
non-encryption codepaths.
For HBA, add "hostgssenc" and "hostnogssenc" entries that behave
similarly to their SSL counterparts. "hostgssenc" requires either
"gss", "trust", or "reject" for its authentication.
Similarly, add a "gssencmode" parameter to libpq. Supported values are
"disable", "require", and "prefer". Notably, negotiation will only be
attempted if credentials can be acquired. Move credential acquisition
into its own function to support this behavior.
Add a simple pg_stat_gssapi view similar to pg_stat_ssl, for monitoring
if GSSAPI authentication was used, what principal was used, and if
encryption is being used on the connection.
Finally, add documentation for everything new, and update existing
documentation on connection security.
Thanks to Michael Paquier for the Windows fixes.
Author: Robbie Harwood, with changes to the read/write functions by me.
Reviewed in various forms and at different times by: Michael Paquier,
Andres Freund, David Steele.
Discussion: https://www.postgresql.org/message-id/flat/jlg1tgq1ktm.fsf@thriss.redhat.com
2019-04-03 21:02:33 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Helper function for getting all strings of a GSSAPI error (of specified
|
|
|
|
|
* stat). Call once for GSS_CODE and once for MECH_CODE.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
pg_GSS_error_int(char *s, size_t len, OM_uint32 stat, int type)
|
|
|
|
|
{
|
|
|
|
|
gss_buffer_desc gmsg;
|
|
|
|
|
size_t i = 0;
|
|
|
|
|
OM_uint32 lmin_s,
|
|
|
|
|
msg_ctx = 0;
|
|
|
|
|
|
|
|
|
|
gmsg.value = NULL;
|
|
|
|
|
gmsg.length = 0;
|
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
gss_display_status(&lmin_s, stat, type,
|
|
|
|
|
GSS_C_NO_OID, &msg_ctx, &gmsg);
|
|
|
|
|
strlcpy(s + i, gmsg.value, len - i);
|
|
|
|
|
i += gmsg.length;
|
|
|
|
|
gss_release_buffer(&lmin_s, &gmsg);
|
|
|
|
|
}
|
|
|
|
|
while (msg_ctx && i < len);
|
|
|
|
|
|
|
|
|
|
if (msg_ctx || i == len)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errmsg_internal("incomplete GSS error report")));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Fetch and report all error messages from GSSAPI. To avoid allocation,
|
|
|
|
|
* total error size is capped (at 128 bytes for each of major and minor). No
|
|
|
|
|
* known mechanisms will produce error messages beyond this cap.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
pg_GSS_error(int severity, const char *errmsg,
|
|
|
|
|
OM_uint32 maj_stat, OM_uint32 min_stat)
|
|
|
|
|
{
|
|
|
|
|
char msg_major[128],
|
|
|
|
|
msg_minor[128];
|
|
|
|
|
|
|
|
|
|
/* Fetch major status message */
|
|
|
|
|
pg_GSS_error_int(msg_major, sizeof(msg_major), maj_stat, GSS_C_GSS_CODE);
|
|
|
|
|
|
|
|
|
|
/* Fetch mechanism minor status message */
|
|
|
|
|
pg_GSS_error_int(msg_minor, sizeof(msg_minor), min_stat, GSS_C_MECH_CODE);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* errmsg_internal, since translation of the first part must be done
|
|
|
|
|
* before calling this function anyway.
|
|
|
|
|
*/
|
|
|
|
|
ereport(severity,
|
|
|
|
|
(errmsg_internal("%s", errmsg),
|
|
|
|
|
errdetail_internal("%s: %s", msg_major, msg_minor)));
|
|
|
|
|
}
|
