diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/be-secure.c | 68 | ||||
| -rw-r--r-- | src/backend/port/win32/socket.c | 4 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 12 | ||||
| -rw-r--r-- | src/include/pg_config.h.in | 6 | ||||
| -rw-r--r-- | src/include/port/win32.h | 3 |
5 files changed, 85 insertions, 8 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index eee9ad28367..efe7d7c1180 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.51 2004/09/26 22:51:49 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.52 2004/10/06 09:35:20 momjian Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -268,6 +268,11 @@ rloop: break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: +#ifdef WIN32 + pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), + (err==SSL_ERROR_WANT_READ) ? + FD_READ|FD_CLOSE : FD_WRITE|FD_CLOSE); +#endif goto rloop; case SSL_ERROR_SYSCALL: if (n == -1) @@ -356,6 +361,11 @@ wloop: break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: +#ifdef WIN32 + pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), + (err==SSL_ERROR_WANT_READ) ? + FD_READ|FD_CLOSE : FD_WRITE|FD_CLOSE); +#endif goto wloop; case SSL_ERROR_SYSCALL: if (n == -1) @@ -717,6 +727,38 @@ initialize_SSL(void) return 0; } +#ifdef WIN32 +/* + * Win32 socket code uses nonblocking sockets. We ned to deal with that + * by waiting on the socket if the SSL accept operation didn't complete + * right away. + */ +static int pgwin32_SSL_accept(SSL *ssl) +{ + int r; + + while (1) + { + int rc; + int waitfor; + + printf("uhh\n");fflush(stdout); + r = SSL_accept(ssl); + if (r == 1) + return 1; + + rc = SSL_get_error(ssl, r); + if (rc != SSL_ERROR_WANT_READ && rc != SSL_ERROR_WANT_WRITE) + return r; + + waitfor = (rc == SSL_ERROR_WANT_READ)?FD_READ|FD_CLOSE|FD_ACCEPT:FD_WRITE|FD_CLOSE; + if (pgwin32_waitforsinglesocket(SSL_get_fd(ssl), waitfor) == 0) + return -1; + } +} +#define SSL_accept(ssl) pgwin32_SSL_accept(ssl) +#endif + /* * Destroy global SSL context. */ @@ -736,12 +778,11 @@ destroy_SSL(void) static int open_server_SSL(Port *port) { + int r; Assert(!port->ssl); Assert(!port->peer); - if (!(port->ssl = SSL_new(SSL_context)) || - !SSL_set_fd(port->ssl, port->sock) || - SSL_accept(port->ssl) <= 0) + if (!(port->ssl = SSL_new(SSL_context))) { ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), @@ -750,6 +791,25 @@ open_server_SSL(Port *port) close_SSL(port); return -1; } + if (!SSL_set_fd(port->ssl, port->sock)) + { + ereport(COMMERROR, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("could not set SSL socket: %s", + SSLerrmessage()))); + close_SSL(port); + return -1; + } + if ((r=SSL_accept(port->ssl)) <= 0) + { + ereport(COMMERROR, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("could not accept SSL connection: %i", + SSL_get_error(port->ssl,r)))); + close_SSL(port); + return -1; + } + port->count = 0; /* get client certificate, if available. */ diff --git a/src/backend/port/win32/socket.c b/src/backend/port/win32/socket.c index 9be5a7ae134..de8376201fa 100644 --- a/src/backend/port/win32/socket.c +++ b/src/backend/port/win32/socket.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2004, PostgreSQL Global Development Group * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/port/win32/socket.c,v 1.6 2004/09/07 14:31:42 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/port/win32/socket.c,v 1.7 2004/10/06 09:35:20 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -102,7 +102,7 @@ pgwin32_poll_signals(void) return 0; } -static int +int pgwin32_waitforsinglesocket(SOCKET s, int what) { static HANDLE waitevent = INVALID_HANDLE_VALUE; diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index c329c12d25d..34d71483ef5 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -37,7 +37,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.425 2004/09/09 00:59:33 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.426 2004/10/06 09:35:21 momjian Exp $ * * NOTES * @@ -2981,6 +2981,16 @@ SubPostmasterMain(int argc, char *argv[]) /* Attach process to shared segments */ CreateSharedMemoryAndSemaphores(false, MaxBackends, 0); +#ifdef USE_SSL + /* + * Need to reinitialize the SSL library in the backend, + * since the context structures contain function pointers + * and cannot be passed through the parameter file. + */ + if (EnableSSL) + secure_initialize(); +#endif + Assert(argc == 3); /* shouldn't be any more args */ proc_exit(BackendRun(&port)); } diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 2fb4adf8fb2..600f4229f0a 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -227,6 +227,9 @@ /* Define to 1 if you have the `dld' library (-ldld). */ #undef HAVE_LIBDLD +/* Define to 1 if you have the `eay32' library (-leay32). */ +#undef HAVE_LIBEAY32 + /* Define to 1 if you have the `gen' library (-lgen). */ #undef HAVE_LIBGEN @@ -266,6 +269,9 @@ /* Define to 1 if you have the `ssl' library (-lssl). */ #undef HAVE_LIBSSL +/* Define to 1 if you have the `ssleay32' library (-lssleay32). */ +#undef HAVE_LIBSSLEAY32 + /* Define to 1 if you have the `unix' library (-lunix). */ #undef HAVE_LIBUNIX diff --git a/src/include/port/win32.h b/src/include/port/win32.h index 1b79271719a..d3ca1f20d8b 100644 --- a/src/include/port/win32.h +++ b/src/include/port/win32.h @@ -1,4 +1,4 @@ -/* $PostgreSQL: pgsql/src/include/port/win32.h,v 1.36 2004/10/05 14:27:07 momjian Exp $ */ +/* $PostgreSQL: pgsql/src/include/port/win32.h,v 1.37 2004/10/06 09:35:23 momjian Exp $ */ /* undefine and redefine after #include */ #undef mkdir @@ -141,6 +141,7 @@ int pgwin32_recv(SOCKET s, char *buf, int len, int flags); int pgwin32_send(SOCKET s, char *buf, int len, int flags); const char *pgwin32_socket_strerror(int err); +int pgwin32_waitforsinglesocket(SOCKET s, int what); /* in backend/port/win32/security.c */ extern int pgwin32_is_admin(void); |