Clean up gcc warnings. Avoid the bad habit of putting externs in .c
files rather than a header file where they belong. Pay some modicum of attention to picking global routine names that aren't likely to conflict with surrounding applications.
This commit is contained in:
parent
c63bc32c2c
commit
32fecad80a
|
@ -8,7 +8,7 @@
|
|||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.186 2002/06/14 04:23:17 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.187 2002/06/15 22:06:09 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
|
@ -61,13 +61,6 @@ inet_aton(const char *cp, struct in_addr * inp)
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef USE_SSL
|
||||
extern int secure_initialize(PGconn *);
|
||||
extern void secure_destroy(void);
|
||||
extern int secure_open_client(PGconn *);
|
||||
extern void secure_close(PGconn *);
|
||||
extern SSL * PQgetssl(PGconn *);
|
||||
#endif
|
||||
|
||||
#define NOTIFYLIST_INITIAL_SIZE 10
|
||||
#define NOTIFYLIST_GROWBY 10
|
||||
|
@ -968,7 +961,8 @@ retry2:
|
|||
}
|
||||
if (SSLok == 'S')
|
||||
{
|
||||
if (secure_initialize(conn) == -1 || secure_open_client(conn) == -1)
|
||||
if (pqsecure_initialize(conn) == -1 ||
|
||||
pqsecure_open_client(conn) == -1)
|
||||
{
|
||||
goto connect_errReturn;
|
||||
}
|
||||
|
@ -979,7 +973,7 @@ retry2:
|
|||
/* Received error - probably protocol mismatch */
|
||||
if (conn->Pfdebug)
|
||||
fprintf(conn->Pfdebug, "Postmaster reports error, attempting fallback to pre-7.0.\n");
|
||||
secure_close(conn);
|
||||
pqsecure_close(conn);
|
||||
#ifdef WIN32
|
||||
closesocket(conn->sock);
|
||||
#else
|
||||
|
@ -1021,7 +1015,7 @@ retry2:
|
|||
connect_errReturn:
|
||||
if (conn->sock >= 0)
|
||||
{
|
||||
secure_close(conn);
|
||||
pqsecure_close(conn);
|
||||
#ifdef WIN32
|
||||
closesocket(conn->sock);
|
||||
#else
|
||||
|
@ -1896,11 +1890,9 @@ freePGconn(PGconn *conn)
|
|||
if (!conn)
|
||||
return;
|
||||
pqClearAsyncResult(conn); /* deallocate result and curTuple */
|
||||
#ifdef USE_SSL
|
||||
secure_close(conn);
|
||||
#endif
|
||||
if (conn->sock >= 0)
|
||||
{
|
||||
pqsecure_close(conn);
|
||||
#ifdef WIN32
|
||||
closesocket(conn->sock);
|
||||
#else
|
||||
|
@ -1974,7 +1966,7 @@ closePGconn(PGconn *conn)
|
|||
*/
|
||||
if (conn->sock >= 0)
|
||||
{
|
||||
secure_close(conn);
|
||||
pqsecure_close(conn);
|
||||
#ifdef WIN32
|
||||
closesocket(conn->sock);
|
||||
#else
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.74 2002/06/15 20:01:31 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.75 2002/06/15 22:06:09 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
|
@ -55,10 +55,6 @@
|
|||
#include "mb/pg_wchar.h"
|
||||
#endif
|
||||
|
||||
extern void secure_close(PGconn *);
|
||||
extern ssize_t secure_read(PGconn *, void *, size_t);
|
||||
extern ssize_t secure_write(PGconn *, const void *, size_t);
|
||||
|
||||
#define DONOTICE(conn,message) \
|
||||
((*(conn)->noticeHook) ((conn)->noticeArg, (message)))
|
||||
|
||||
|
@ -490,8 +486,8 @@ pqReadData(PGconn *conn)
|
|||
|
||||
/* OK, try to read some data */
|
||||
retry3:
|
||||
nread = secure_read(conn, conn->inBuffer + conn->inEnd,
|
||||
conn->inBufSize - conn->inEnd);
|
||||
nread = pqsecure_read(conn, conn->inBuffer + conn->inEnd,
|
||||
conn->inBufSize - conn->inEnd);
|
||||
if (nread < 0)
|
||||
{
|
||||
if (SOCK_ERRNO == EINTR)
|
||||
|
@ -570,8 +566,8 @@ retry3:
|
|||
* arrived.
|
||||
*/
|
||||
retry4:
|
||||
nread = secure_read(conn, conn->inBuffer + conn->inEnd,
|
||||
conn->inBufSize - conn->inEnd);
|
||||
nread = pqsecure_read(conn, conn->inBuffer + conn->inEnd,
|
||||
conn->inBufSize - conn->inEnd);
|
||||
if (nread < 0)
|
||||
{
|
||||
if (SOCK_ERRNO == EINTR)
|
||||
|
@ -612,7 +608,7 @@ definitelyFailed:
|
|||
"\tThis probably means the server terminated abnormally\n"
|
||||
"\tbefore or while processing the request.\n"));
|
||||
conn->status = CONNECTION_BAD; /* No more connection to backend */
|
||||
secure_close(conn);
|
||||
pqsecure_close(conn);
|
||||
#ifdef WIN32
|
||||
closesocket(conn->sock);
|
||||
#else
|
||||
|
@ -654,7 +650,7 @@ pqSendSome(PGconn *conn)
|
|||
{
|
||||
int sent;
|
||||
|
||||
sent = secure_write(conn, ptr, len);
|
||||
sent = pqsecure_write(conn, ptr, len);
|
||||
|
||||
if (sent < 0)
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-------------------------------------------------------------------------
|
||||
*
|
||||
* fe-connect.c
|
||||
* fe-secure.c
|
||||
* functions related to setting up a secure connection to the backend.
|
||||
* Secure connections are expected to provide confidentiality,
|
||||
* message integrity and endpoint authentication.
|
||||
|
@ -11,7 +11,7 @@
|
|||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.4 2002/06/14 04:38:04 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.5 2002/06/15 22:06:09 tgl Exp $
|
||||
*
|
||||
* NOTES
|
||||
* The client *requires* a valid server certificate. Since
|
||||
|
@ -26,7 +26,7 @@
|
|||
* to sign the server certificate, should be present in the
|
||||
* "$HOME/.postgresql/root.crt" file. If this file isn't
|
||||
* readable, or the server certificate can't be validated,
|
||||
* secure_open_client() will return an error code.
|
||||
* pqsecure_open_client() will return an error code.
|
||||
*
|
||||
* Additionally, the server certificate's "common name" must
|
||||
* resolve to the other end of the socket. This makes it
|
||||
|
@ -38,7 +38,7 @@
|
|||
* Unfortunately neither the current front- or back-end handle
|
||||
* failure gracefully, resulting in the backend hiccupping.
|
||||
* This points out problems in each (the frontend shouldn't even
|
||||
* try to do SSL if secure_initialize() fails, and the backend
|
||||
* try to do SSL if pqsecure_initialize() fails, and the backend
|
||||
* shouldn't crash/recover if an SSH negotiation fails. The
|
||||
* backend definitely needs to be fixed, to prevent a "denial
|
||||
* of service" attack, but I don't know enough about how the
|
||||
|
@ -76,30 +76,6 @@
|
|||
* The code currently assumes a POSIX password entry. How should
|
||||
* Windows and Mac users be handled?
|
||||
*
|
||||
* PATCH LEVEL
|
||||
* milestone 1: fix basic coding errors
|
||||
* [*] existing SSL code pulled out of existing files.
|
||||
* [*] SSL_get_error() after SSL_read() and SSL_write(),
|
||||
* SSL_shutdown(), default to TLSv1.
|
||||
*
|
||||
* milestone 2: provide endpoint authentication (server)
|
||||
* [*] client verifies server cert
|
||||
* [*] client verifies server hostname
|
||||
*
|
||||
* milestone 3: improve confidentially, support perfect forward secrecy
|
||||
* [ ] use 'random' file, read from '/dev/urandom?'
|
||||
* [*] emphermal DH keys, default values
|
||||
*
|
||||
* milestone 4: provide endpoint authentication (client)
|
||||
* [*] server verifies client certificates
|
||||
*
|
||||
* milestone 5: provide informational callbacks
|
||||
* [*] provide informational callbacks
|
||||
*
|
||||
* other changes
|
||||
* [ ] tcp-wrappers
|
||||
* [ ] more informative psql
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
|
@ -142,12 +118,6 @@
|
|||
#include <openssl/e_os.h>
|
||||
#endif /* USE_SSL */
|
||||
|
||||
int secure_initialize(PGconn *);
|
||||
void secure_destroy(void);
|
||||
int secure_open_client(PGconn *);
|
||||
void secure_close(PGconn *);
|
||||
ssize_t secure_read(PGconn *, void *ptr, size_t len);
|
||||
ssize_t secure_write(PGconn *, const void *ptr, size_t len);
|
||||
|
||||
#ifdef USE_SSL
|
||||
static int verify_cb(int ok, X509_STORE_CTX *ctx);
|
||||
|
@ -228,7 +198,7 @@ KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=\n\
|
|||
* Initialize global context
|
||||
*/
|
||||
int
|
||||
secure_initialize (PGconn *conn)
|
||||
pqsecure_initialize (PGconn *conn)
|
||||
{
|
||||
int r = 0;
|
||||
|
||||
|
@ -243,7 +213,7 @@ secure_initialize (PGconn *conn)
|
|||
* Destroy global context
|
||||
*/
|
||||
void
|
||||
secure_destroy (void)
|
||||
pqsecure_destroy (void)
|
||||
{
|
||||
#ifdef USE_SSL
|
||||
destroy_SSL();
|
||||
|
@ -254,7 +224,7 @@ secure_destroy (void)
|
|||
* Attempt to negotiate secure session.
|
||||
*/
|
||||
int
|
||||
secure_open_client (PGconn *conn)
|
||||
pqsecure_open_client (PGconn *conn)
|
||||
{
|
||||
int r = 0;
|
||||
|
||||
|
@ -269,7 +239,7 @@ secure_open_client (PGconn *conn)
|
|||
* Close secure session.
|
||||
*/
|
||||
void
|
||||
secure_close (PGconn *conn)
|
||||
pqsecure_close (PGconn *conn)
|
||||
{
|
||||
#ifdef USE_SSL
|
||||
if (conn->ssl)
|
||||
|
@ -281,7 +251,7 @@ secure_close (PGconn *conn)
|
|||
* Read data from a secure connection.
|
||||
*/
|
||||
ssize_t
|
||||
secure_read (PGconn *conn, void *ptr, size_t len)
|
||||
pqsecure_read (PGconn *conn, void *ptr, size_t len)
|
||||
{
|
||||
ssize_t n;
|
||||
|
||||
|
@ -306,7 +276,7 @@ secure_read (PGconn *conn, void *ptr, size_t len)
|
|||
libpq_gettext("SSL error: %s\n"), SSLerrmessage());
|
||||
/* fall through */
|
||||
case SSL_ERROR_ZERO_RETURN:
|
||||
secure_close(conn);
|
||||
pqsecure_close(conn);
|
||||
SOCK_ERRNO = ECONNRESET;
|
||||
n = -1;
|
||||
break;
|
||||
|
@ -323,7 +293,7 @@ secure_read (PGconn *conn, void *ptr, size_t len)
|
|||
* Write data to a secure connection.
|
||||
*/
|
||||
ssize_t
|
||||
secure_write (PGconn *conn, const void *ptr, size_t len)
|
||||
pqsecure_write (PGconn *conn, const void *ptr, size_t len)
|
||||
{
|
||||
ssize_t n;
|
||||
|
||||
|
@ -352,7 +322,7 @@ secure_write (PGconn *conn, const void *ptr, size_t len)
|
|||
libpq_gettext("SSL error: %s\n"), SSLerrmessage());
|
||||
/* fall through */
|
||||
case SSL_ERROR_ZERO_RETURN:
|
||||
secure_close(conn);
|
||||
pqsecure_close(conn);
|
||||
SOCK_ERRNO = ECONNRESET;
|
||||
n = -1;
|
||||
break;
|
||||
|
@ -925,4 +895,5 @@ PQgetssl(PGconn *conn)
|
|||
return NULL;
|
||||
return conn->ssl;
|
||||
}
|
||||
|
||||
#endif /* USE_SSL */
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
|
||||
* Portions Copyright (c) 1994, Regents of the University of California
|
||||
*
|
||||
* $Id: libpq-int.h,v 1.49 2002/06/14 04:23:17 momjian Exp $
|
||||
* $Id: libpq-int.h,v 1.50 2002/06/15 22:06:09 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
|
@ -331,6 +331,15 @@ extern int pqWait(int forRead, int forWrite, PGconn *conn);
|
|||
extern int pqReadReady(PGconn *conn);
|
||||
extern int pqWriteReady(PGconn *conn);
|
||||
|
||||
/* === in fe-secure.c === */
|
||||
|
||||
extern int pqsecure_initialize(PGconn *);
|
||||
extern void pqsecure_destroy(void);
|
||||
extern int pqsecure_open_client(PGconn *);
|
||||
extern void pqsecure_close(PGconn *);
|
||||
extern ssize_t pqsecure_read(PGconn *, void *ptr, size_t len);
|
||||
extern ssize_t pqsecure_write(PGconn *, const void *ptr, size_t len);
|
||||
|
||||
/* bits in a byte */
|
||||
#define BYTELEN 8
|
||||
|
||||
|
|
Loading…
Reference in New Issue