Allow ssl_passphrase_command to prompt the terminal
Previously the command could not access the terminal for a passphrase. Backpatch-through: master
This commit is contained in:
parent
62afb42a7f
commit
300e430c76
|
@ -1452,18 +1452,18 @@ include_dir 'conf.d'
|
||||||
mechanism is used.
|
mechanism is used.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
The command must print the passphrase to the standard output and exit
|
The command must print the passphrase to the standard output
|
||||||
with code 0. In the parameter value, <literal>%p</literal> is
|
and exit with code 0. It can prompt from the terminal if
|
||||||
replaced by a prompt string. (Write <literal>%%</literal> for a
|
<option>--authprompt</option> is used. In the parameter value,
|
||||||
literal <literal>%</literal>.) Note that the prompt string will
|
<literal>%R</literal> represents the file descriptor number opened
|
||||||
probably contain whitespace, so be sure to quote adequately. A single
|
to the terminal that started the server. A file descriptor is only
|
||||||
newline is stripped from the end of the output if present.
|
available if enabled at server start. If <literal>%R</literal>
|
||||||
</para>
|
is used and no file descriptor is available, the server will not
|
||||||
<para>
|
start. Value <literal>%p</literal> is replaced by a pre-defined
|
||||||
The command does not actually have to prompt the user for a
|
prompt string. (Write <literal>%%</literal> for a literal
|
||||||
passphrase. It can read it from a file, obtain it from a keychain
|
<literal>%</literal>.) Note that the prompt string will probably
|
||||||
facility, or similar. It is up to the user to make sure the chosen
|
contain whitespace, so be sure to quote its use adequately.
|
||||||
mechanism is adequately secure.
|
Newlines are stripped from the end of the output if present.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
This parameter can only be set in the <filename>postgresql.conf</filename>
|
This parameter can only be set in the <filename>postgresql.conf</filename>
|
||||||
|
@ -1486,10 +1486,12 @@ include_dir 'conf.d'
|
||||||
parameter is off (the default), then
|
parameter is off (the default), then
|
||||||
<varname>ssl_passphrase_command</varname> will be ignored during a
|
<varname>ssl_passphrase_command</varname> will be ignored during a
|
||||||
reload and the SSL configuration will not be reloaded if a passphrase
|
reload and the SSL configuration will not be reloaded if a passphrase
|
||||||
is needed. That setting is appropriate for a command that requires a
|
is needed. This setting is appropriate for a command that requires a
|
||||||
TTY for prompting, which might not be available when the server is
|
terminal for prompting, which will likely not be available when the server is
|
||||||
running. Setting this parameter to on might be appropriate if the
|
running. (<option>--authprompt</option> closes the terminal file
|
||||||
passphrase is obtained from a file, for example.
|
descriptor soon after server start.) Setting this parameter on
|
||||||
|
might be appropriate, for example, if the passphrase is obtained
|
||||||
|
from a file.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
This parameter can only be set in the <filename>postgresql.conf</filename>
|
This parameter can only be set in the <filename>postgresql.conf</filename>
|
||||||
|
|
|
@ -380,8 +380,9 @@ PostgreSQL documentation
|
||||||
<term><option>--authprompt</option></term>
|
<term><option>--authprompt</option></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Allows the <option>--cluster-key-command</option> command
|
Allows <option>ssl_passphrase_command</option> or
|
||||||
to prompt for a passphrase or PIN.
|
<option>cluster_key_command</option> to prompt for a passphrase
|
||||||
|
or PIN.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -170,7 +170,9 @@ PostgreSQL documentation
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>-R</option></term>
|
<term><option>-R</option></term>
|
||||||
<term><option>--authprompt</option></term>
|
<term><option>--authprompt</option></term>
|
||||||
<listitem><para>allows prompting for a passphrase or PIN
|
<listitem><para>allows <option>ssl_passphrase_command</option> or
|
||||||
|
<option>cluster_key_command</option> to prompt for a passphrase
|
||||||
|
or PIN.
|
||||||
</para></listitem>
|
</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include "postmaster/postmaster.h"
|
||||||
#include "common/string.h"
|
#include "common/string.h"
|
||||||
#include "libpq/libpq.h"
|
#include "libpq/libpq.h"
|
||||||
#include "storage/fd.h"
|
#include "storage/fd.h"
|
||||||
|
@ -61,6 +62,19 @@ run_ssl_passphrase_command(const char *prompt, bool is_server_start, char *buf,
|
||||||
appendStringInfoString(&command, prompt);
|
appendStringInfoString(&command, prompt);
|
||||||
p++;
|
p++;
|
||||||
break;
|
break;
|
||||||
|
case 'R':
|
||||||
|
{
|
||||||
|
char fd_str[20];
|
||||||
|
|
||||||
|
if (terminal_fd == -1)
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INTERNAL_ERROR),
|
||||||
|
errmsg("ssl_passphrase_command referenced %%R, but -R not specified")));
|
||||||
|
p++;
|
||||||
|
snprintf(fd_str, sizeof(fd_str), "%d", terminal_fd);
|
||||||
|
appendStringInfoString(&command, fd_str);
|
||||||
|
break;
|
||||||
|
}
|
||||||
case '%':
|
case '%':
|
||||||
appendStringInfoChar(&command, '%');
|
appendStringInfoChar(&command, '%');
|
||||||
p++;
|
p++;
|
||||||
|
|
Loading…
Reference in New Issue