4 files changed, 389 insertions, 109 deletions
diff --git a/src/backend/libpq/Makefile b/src/backend/libpq/Makefile
index 87f00e68ce6..cc4f750a7d6 100644
--- a/src/backend/libpq/Makefile
+++ b/src/backend/libpq/Makefile
@@ -4,7 +4,7 @@
 #    Makefile for libpq subsystem (backend half of libpq interface)
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.32 2002/06/14 04:09:36 momjian Exp $
+#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.33 2002/06/14 04:23:17 momjian Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -14,7 +14,8 @@ include $(top_builddir)/src/Makefile.global
 
 # be-fsstubs is here for historical reasons, probably belongs elsewhere
 
-OBJS = be-fsstubs.o auth.o crypt.o hba.o md5.o pqcomm.o pqformat.o pqsignal.o
+OBJS = be-fsstubs.o be-secure.o auth.o crypt.o hba.o md5.o pqcomm.o \
+	pqformat.o pqsignal.o
 
 
 all: SUBSYS.o
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
new file mode 100644
index 00000000000..6501882e4a5
--- /dev/null
+++ b/src/backend/libpq/be-secure.c
@@ -0,0 +1,365 @@
+/*-------------------------------------------------------------------------
+ *
+ * be-connect.c
+ *	  functions related to setting up a secure connection to the frontend.
+ *	  Secure connections are expected to provide confidentiality,
+ *	  message integrity and endpoint authentication.
+ *
+ *
+ * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ *
+ * IDENTIFICATION
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.1 2002/06/14 04:23:17 momjian Exp $
+ *	  
+ * PATCH LEVEL
+ *	  milestone 1: fix basic coding errors
+ *	  [*] existing SSL code pulled out of existing files.
+ *	  [*] SSL_get_error() after SSL_read() and SSL_write(),
+ *	      SSL_shutdown(), default to TLSv1.
+ *	
+ *	  milestone 2: provide endpoint authentication (server)
+ *	  [*] client verifies server cert
+ *	  [*] client verifies server hostname
+ *
+ *	  milestone 3: improve confidentially, support perfect forward secrecy
+ *	  [ ] use 'random' file, read from '/dev/urandom?'
+ *	  [ ] emphermal DH keys, default values
+ *	  [ ] periodic renegotiation
+ *
+ *	  milestone 4: provide endpoint authentication (client)
+ *	  [ ] server verifies client certificates
+ *
+ *	  milestone 5: provide informational callbacks
+ *	  [ ] provide informational callbacks
+ *
+ *	  other changes
+ *	  [ ] tcp-wrappers
+ *	  [ ] more informative psql
+ *
+ *-------------------------------------------------------------------------
+ */
+
+#include "postgres.h"
+
+#include <sys/types.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <ctype.h>
+
+#include "libpq/libpq.h"
+#include "libpq/pqsignal.h"
+#include "miscadmin.h"
+
+#ifdef WIN32
+#include "win32.h"
+#else
+#include <sys/socket.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#include <arpa/inet.h>
+#endif
+
+
+#ifndef HAVE_STRDUP
+#include "strdup.h"
+#endif
+
+#ifdef USE_SSL
+#include <openssl/ssl.h>
+#include <openssl/e_os.h>
+#endif
+
+extern void ExitPostmaster(int);
+extern void postmaster_error(const char *fmt,...);
+
+int secure_initialize(void);
+void secure_destroy(void);
+int secure_open_server(Port *);
+void secure_close(Port *);
+ssize_t secure_read(Port *, void *ptr, size_t len);
+ssize_t secure_write(Port *, const void *ptr, size_t len);
+
+#ifdef USE_SSL
+static int initialize_SSL(void);
+static void destroy_SSL(void);
+static int open_server_SSL(Port *);
+static void close_SSL(Port *);
+static const char *SSLerrmessage(void);
+#endif
+
+#ifdef USE_SSL
+static SSL_CTX *SSL_context = NULL;
+#endif
+
+/* ------------------------------------------------------------ */
+/*           Procedures common to all secure sessions           */
+/* ------------------------------------------------------------ */
+
+/*
+ *	Initialize global context
+ */
+int
+secure_initialize (void)
+{
+	int r = 0;
+
+#ifdef USE_SSL
+	r = initialize_SSL();
+#endif
+
+	return r;
+}
+
+/*
+ *	Destroy global context
+ */
+void
+secure_destroy (void)
+{
+#ifdef USE_SSL
+	destroy_SSL();
+#endif
+}
+
+/*
+ *	Attempt to negotiate secure session.
+ */
+int 
+secure_open_server (Port *port)
+{
+	int r = 0;
+
+#ifdef USE_SSL
+	r = open_server_SSL(port);
+#endif
+
+	return r;
+}
+
+/*
+ *	Close secure session.
+ */
+void
+secure_close (Port *port)
+{
+#ifdef USE_SSL
+	if (port->ssl)
+		close_SSL(port);
+#endif
+}
+
+/*
+ *	Read data from a secure connection.
+ */
+ssize_t
+secure_read (Port *port, void *ptr, size_t len)
+{
+	ssize_t n;
+
+#ifdef USE_SSL
+	if (port->ssl)
+	{
+		n = SSL_read(port->ssl, ptr, len);
+		switch (SSL_get_error(port->ssl, n))
+		{
+		case SSL_ERROR_NONE:
+			break;
+		case SSL_ERROR_WANT_READ:
+			break;
+		case SSL_ERROR_SYSCALL:
+			errno = get_last_socket_error();
+			elog(ERROR, "SSL SYSCALL error: %s", strerror(errno));
+			break;
+		case SSL_ERROR_SSL:
+			elog(ERROR, "SSL error: %s", SSLerrmessage());
+			/* fall through */
+		case SSL_ERROR_ZERO_RETURN:
+			secure_close(port);
+			errno = ECONNRESET;
+			n = -1;
+			break;
+		}
+	}
+	else
+#endif
+	n = recv(port->sock, ptr, len, 0);
+
+	return n;
+}
+
+/*
+ *	Write data to a secure connection.
+ */
+ssize_t
+secure_write (Port *port, const void *ptr, size_t len)
+{
+	ssize_t n;
+
+#ifndef WIN32
+	pqsigfunc oldsighandler = pqsignal(SIGPIPE, SIG_IGN);
+#endif
+
+#ifdef USE_SSL
+	if (port->ssl)
+	{
+		n = SSL_write(port->ssl, ptr, len);
+		switch (SSL_get_error(port->ssl, n))
+		{
+		case SSL_ERROR_NONE:
+			break;
+		case SSL_ERROR_WANT_WRITE:
+			break;
+		case SSL_ERROR_SYSCALL:
+			errno = get_last_socket_error();
+			elog(ERROR, "SSL SYSCALL error: %s", strerror(errno));
+			break;
+		case SSL_ERROR_SSL:
+			elog(ERROR, "SSL error: %s", SSLerrmessage());
+			/* fall through */
+		case SSL_ERROR_ZERO_RETURN:
+			secure_close(port);
+			errno = ECONNRESET;
+			n = -1;
+			break;
+		}
+	}
+	else
+#endif
+	n = send(port->sock, ptr, len, 0);
+
+#ifndef WIN32
+	pqsignal(SIGPIPE, oldsighandler);
+#endif
+
+	return n;
+}
+
+/* ------------------------------------------------------------ */
+/*                        SSL specific code                     */
+/* ------------------------------------------------------------ */
+#ifdef USE_SSL
+/*
+ *	Initialize global SSL context.
+ */
+static int
+initialize_SSL (void)
+{
+	char fnbuf[2048];
+
+	if (!SSL_context)
+	{
+		SSL_library_init();
+		SSL_load_error_strings();
+		SSL_context = SSL_CTX_new(TLSv1_method());
+		if (!SSL_context)
+		{
+			postmaster_error("failed to create SSL context: %s",
+							 SSLerrmessage());
+			ExitPostmaster(1);
+		}
+
+		/*
+		 *	Load and verify certificate and private key
+		 */
+		snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir);
+		if (!SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
+		{
+			postmaster_error("failed to load server certificate (%s): %s",
+							 fnbuf, SSLerrmessage());
+			ExitPostmaster(1);
+		}
+		snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);
+		if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
+		{
+			postmaster_error("failed to load private key file (%s): %s",
+							 fnbuf, SSLerrmessage());
+			ExitPostmaster(1);
+		}
+		if (!SSL_CTX_check_private_key(SSL_context))
+		{
+			postmaster_error("check of private key failed: %s",
+							 SSLerrmessage());
+			ExitPostmaster(1);
+		}
+	}
+
+	return 0;
+}
+
+/*
+ *	Destroy global SSL context.
+ */
+static void
+destroy_SSL (void)
+{
+	if (SSL_context)
+	{
+		SSL_CTX_free(SSL_context);
+		SSL_context = NULL;
+	}
+}
+
+/*
+ *	Attempt to negotiate SSL connection.
+ */
+static int
+open_server_SSL (Port *port)
+{
+	if (!(port->ssl = SSL_new(SSL_context)) ||
+		!SSL_set_fd(port->ssl, port->sock) ||
+		SSL_accept(port->ssl) <= 0)
+	{
+		elog(ERROR, "failed to initialize SSL connection: %s", SSLerrmessage());
+		close_SSL(port);
+		return -1;
+	}
+
+	return 0;
+}
+
+/*
+ *	Close SSL connection.
+ */
+static void
+close_SSL (Port *port)
+{
+	if (port->ssl)
+	{
+		SSL_shutdown(port->ssl);
+		SSL_free(port->ssl);
+		port->ssl = NULL;
+	}
+}
+
+/*
+ * Obtain reason string for last SSL error
+ *
+ * Some caution is needed here since ERR_reason_error_string will
+ * return NULL if it doesn't recognize the error code.  We don't
+ * want to return NULL ever.
+ */
+static const char *
+SSLerrmessage(void)
+{
+	unsigned long	errcode;
+	const char	   *errreason;
+	static char		errbuf[32];
+
+	errcode = ERR_get_error();
+	if (errcode == 0)
+		return "No SSL error reported";
+	errreason = ERR_reason_error_string(errcode);
+	if (errreason != NULL)
+		return errreason;
+	snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);
+	return errbuf;
+}
+
+#endif /* USE_SSL */
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
index 4a71eb16155..ace32190c3f 100644
--- a/src/backend/libpq/pqcomm.c
+++ b/src/backend/libpq/pqcomm.c
@@ -29,7 +29,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- *	$Id: pqcomm.c,v 1.135 2002/06/14 04:09:36 momjian Exp $
+ *	$Id: pqcomm.c,v 1.136 2002/06/14 04:23:17 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -81,6 +81,9 @@
 #include "miscadmin.h"
 #include "storage/ipc.h"
 
+extern void secure_close(Port *);
+extern ssize_t secure_read(Port *, void *, size_t);
+extern ssize_t secure_write(Port *, const void *, size_t);
 
 static void pq_close(void);
 
@@ -138,6 +141,7 @@ pq_close(void)
 {
 	if (MyProcPort != NULL)
 	{
+		secure_close(MyProcPort);
 		close(MyProcPort->sock);
 		/* make sure any subsequent attempts to do I/O fail cleanly */
 		MyProcPort->sock = -1;
@@ -457,14 +461,8 @@ pq_recvbuf(void)
 	{
 		int			r;
 
-#ifdef USE_SSL
-		if (MyProcPort->ssl)
-			r = SSL_read(MyProcPort->ssl, PqRecvBuffer + PqRecvLength,
-						 PQ_BUFFER_SIZE - PqRecvLength);
-		else
-#endif
-			r = recv(MyProcPort->sock, PqRecvBuffer + PqRecvLength,
-					 PQ_BUFFER_SIZE - PqRecvLength, 0);
+		r = secure_read(MyProcPort, PqRecvBuffer + PqRecvLength,
+						PQ_BUFFER_SIZE - PqRecvLength);
 
 		if (r < 0)
 		{
@@ -651,12 +649,7 @@ pq_flush(void)
 	{
 		int			r;
 
-#ifdef USE_SSL
-		if (MyProcPort->ssl)
-			r = SSL_write(MyProcPort->ssl, bufptr, bufend - bufptr);
-		else
-#endif
-			r = send(MyProcPort->sock, bufptr, bufend - bufptr, 0);
+		r = secure_write(MyProcPort, bufptr, bufend - bufptr);
 
 		if (r <= 0)
 		{
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 12b09411812..8a3b45022f4 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.278 2002/06/14 04:09:36 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.279 2002/06/14 04:23:17 momjian Exp $
  *
  * NOTES
  *
@@ -165,10 +165,6 @@ static int	ServerSock_INET = INVALID_SOCK;		/* stream socket server */
 static int	ServerSock_UNIX = INVALID_SOCK;		/* stream socket server */
 #endif
 
-#ifdef USE_SSL
-static SSL_CTX *SSL_context = NULL;		/* Global SSL context */
-#endif
-
 /*
  * Set by the -o option
  */
@@ -245,7 +241,7 @@ static void CleanupProc(int pid, int exitstatus);
 static void LogChildExit(int lev, const char *procname,
 						 int pid, int exitstatus);
 static int	DoBackend(Port *port);
-static void ExitPostmaster(int status);
+       void ExitPostmaster(int status);
 static void usage(const char *);
 static int	ServerLoop(void);
 static int	BackendStartup(Port *port);
@@ -264,7 +260,7 @@ static void SignalChildren(int signal);
 static int	CountChildren(void);
 static bool CreateOptsFile(int argc, char *argv[]);
 static pid_t SSDataBase(int xlop);
-static void
+       void
 postmaster_error(const char *fmt,...)
 /* This lets gcc check the format string for consistency. */
 __attribute__((format(printf, 1, 2)));
@@ -274,9 +270,11 @@ __attribute__((format(printf, 1, 2)));
 #define ShutdownDataBase()		SSDataBase(BS_XLOG_SHUTDOWN)
 
 #ifdef USE_SSL
-static void InitSSL(void);
-static const char *SSLerrmessage(void);
-#endif
+extern int secure_initialize(void);
+extern void secure_destroy(void);
+extern int secure_open_server(Port *);
+extern void secure_close(Port *);
+#endif /* USE_SSL */
 
 
 static void
@@ -609,7 +607,7 @@ PostmasterMain(int argc, char *argv[])
 		ExitPostmaster(1);
 	}
 	if (EnableSSL)
-		InitSSL();
+		secure_initialize();
 #endif
 
 	/*
@@ -1113,17 +1111,8 @@ ProcessStartupPacket(Port *port, bool SSLdone)
 		}
 
 #ifdef USE_SSL
-		if (SSLok == 'S')
-		{
-			if (!(port->ssl = SSL_new(SSL_context)) ||
-				!SSL_set_fd(port->ssl, port->sock) ||
-				SSL_accept(port->ssl) <= 0)
-			{
-				elog(LOG, "failed to initialize SSL connection: %s (%m)",
-					 SSLerrmessage());
+		if (SSLok == 'S' && secure_open_server(port) == -1)
 				return STATUS_ERROR;
-			}
-		}
 #endif
 		/* regular startup packet, cancel, etc packet should follow... */
 		/* but not another SSL negotiation request */
@@ -1322,8 +1311,7 @@ static void
 ConnFree(Port *conn)
 {
 #ifdef USE_SSL
-	if (conn->ssl)
-		SSL_free(conn->ssl);
+	secure_close(conn);
 #endif
 	free(conn);
 }
@@ -2246,7 +2234,7 @@ DoBackend(Port *port)
  *
  * Do NOT call exit() directly --- always go through here!
  */
-static void
+void
 ExitPostmaster(int status)
 {
 	/* should cleanup shared memory and kill all backends */
@@ -2424,73 +2412,6 @@ CountChildren(void)
 	return cnt;
 }
 
-#ifdef USE_SSL
-
-/*
- * Initialize SSL library and structures
- */
-static void
-InitSSL(void)
-{
-	char		fnbuf[2048];
-
-	SSL_load_error_strings();
-	SSL_library_init();
-	SSL_context = SSL_CTX_new(SSLv23_method());
-	if (!SSL_context)
-	{
-		postmaster_error("failed to create SSL context: %s",
-						 SSLerrmessage());
-		ExitPostmaster(1);
-	}
-	snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir);
-	if (!SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
-	{
-		postmaster_error("failed to load server certificate (%s): %s",
-						 fnbuf, SSLerrmessage());
-		ExitPostmaster(1);
-	}
-	snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);
-	if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
-	{
-		postmaster_error("failed to load private key file (%s): %s",
-						 fnbuf, SSLerrmessage());
-		ExitPostmaster(1);
-	}
-	if (!SSL_CTX_check_private_key(SSL_context))
-	{
-		postmaster_error("check of private key failed: %s",
-						 SSLerrmessage());
-		ExitPostmaster(1);
-	}
-}
-
-/*
- * Obtain reason string for last SSL error
- *
- * Some caution is needed here since ERR_reason_error_string will
- * return NULL if it doesn't recognize the error code.  We don't
- * want to return NULL ever.
- */
-static const char *
-SSLerrmessage(void)
-{
-	unsigned long	errcode;
-	const char	   *errreason;
-	static char		errbuf[32];
-
-	errcode = ERR_get_error();
-	if (errcode == 0)
-		return "No SSL error reported";
-	errreason = ERR_reason_error_string(errcode);
-	if (errreason != NULL)
-		return errreason;
-	snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);
-	return errbuf;
-}
-
-#endif /* USE_SSL */
-
 /*
  * Fire off a subprocess for startup/shutdown/checkpoint.
  *
@@ -2693,7 +2614,7 @@ CreateOptsFile(int argc, char *argv[])
  * This should be used only for reporting "interactive" errors (ie, errors
  * during startup.  Once the postmaster is launched, use elog.
  */
-static void
+void
 postmaster_error(const char *fmt,...)
 {
 	va_list		ap;