rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-09-27 22:32:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
2d1f3bce97
postgresql/src/backend/libpq
History
Michael Paquier a54b658ce7 Add support for file inclusions in HBA and ident configuration files 
pg_hba.conf and pg_ident.conf gain support for three record keywords:
- "include", to include a file.
- "include_if_exists", to include a file, ignoring it if missing.
- "include_dir", to include a directory of files.  These are classified
by name (C locale, mostly) and need to be prefixed by ".conf", hence
following the same rules as GUCs.

This commit relies on the refactoring pieces done in efc9816, ad6c528,
783e8c6 and 1b73d0b, adding a small wrapper to build a list of
TokenizedAuthLines (tokenize_include_file), and the code is shaped to
offer some symmetry with what is done for GUCs with the same options.

pg_hba_file_rules and pg_ident_file_mappings gain a new field called
file_name, to track from which file a record is located, taking
advantage of the addition of rule_number in c591300 to offer an
organized view of the HBA or ident records loaded.

Bump catalog version.

Author: Julien Rouhaud
Reviewed-by: Michael Paquier
Discussion: https://postgr.es/m/20220223045959.35ipdsvbxcstrhya@jrouhaud
2022-11-24 13:51:34 +09:00
..
auth-sasl.c
auth-scram.c Improve error handling of HMAC computations 2022-01-13 16:17:21 +09:00
auth.c Refactor code handling the names of files loaded in hba.c 2022-10-26 11:42:13 +09:00
be-fsstubs.c Refactor ownercheck functions 2022-11-13 08:12:37 +01:00
be-gssapi-common.c
be-secure-common.c Remove misguided SSL key file ownership check in libpq. 2022-05-26 14:14:05 -04:00
be-secure-gssapi.c
be-secure-openssl.c Harmonize more parameter names in bulk. 2022-09-20 13:09:30 -07:00
be-secure.c Clean up some inconsistencies with GUC declarations 2022-10-31 12:44:48 +09:00
crypt.c
hba.c Add support for file inclusions in HBA and ident configuration files 2022-11-24 13:51:34 +09:00
ifaddr.c Remove configure probe for sockaddr_in6 and require AF_INET6. 2022-08-26 10:18:30 +12:00
Makefile
meson.build meson: Add initial version of meson based build system 2022-09-21 22:37:17 -07:00
pg_hba.conf.sample Add support for file inclusions in HBA and ident configuration files 2022-11-24 13:51:34 +09:00
pg_ident.conf.sample Add support for file inclusions in HBA and ident configuration files 2022-11-24 13:51:34 +09:00
pqcomm.c Split up guc.c for better build speed and ease of maintenance. 2022-09-13 11:11:45 -04:00
pqformat.c
pqmq.c
pqsignal.c Provide sigaction() for Windows. 2022-11-09 13:06:31 +13:00
README.SSL

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------

Ephemeral DH
============

Since the server static private key ($DataDir/server.key) will
normally be stored unencrypted so that the database backend can
restart automatically, it is important that we select an algorithm
that continues to provide confidentiality even if the attacker has the
server's private key.  Ephemeral DH (EDH) keys provide this and more
(Perfect Forward Secrecy aka PFS).

N.B., the static private key should still be protected to the largest
extent possible, to minimize the risk of impersonations.

Another benefit of EDH is that it allows the backend and clients to
use DSA keys.  DSA keys can only provide digital signatures, not
encryption, and are often acceptable in jurisdictions where RSA keys
are unacceptable.

The downside to EDH is that it makes it impossible to use ssldump(1)
if there's a problem establishing an SSL session.  In this case you'll
need to temporarily disable EDH (see initialize_dh()).