Code review for SSLKEY patch.

tglsfdc · tglsfdc · commit b6c9165ea0be · 2007-02-16T17:07:00.000Z
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.78 2007/02/16 02:59:40 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.79 2007/02/16 17:06:59 tgl Exp $
  *
  *	  Since the server static private key ($DataDir/server.key)
  *	  will normally be stored unencrypted so that the database
@@ -95,8 +95,7 @@
 #if SSLEAY_VERSION_NUMBER >= 0x0907000L
 #include <openssl/conf.h>
 #endif
-
-#endif
+#endif /* USE_SSL */
 
 #include "libpq/libpq.h"
 #include "tcop/tcopprot.h"
@@ -130,8 +129,8 @@ static const char *SSLerrmessage(void);
 
 static SSL_CTX *SSL_context = NULL;
 
-/* GUC variable controlling SSL cipher list*/
-extern char *SSLCipherSuites;
+/* GUC variable controlling SSL cipher list */
+char *SSLCipherSuites = NULL;
 
 #endif
 
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.524 2007/02/16 02:59:41 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.525 2007/02/16 17:06:59 tgl Exp $
  *
  * NOTES
  *
@@ -187,7 +187,6 @@ static int	SendStop = false;
 
 /* still more option variables */
 bool		EnableSSL = false;
-char	   *SSLCipherSuites;
 bool		SilentMode = false; /* silent mode (-S) */
 
 int			PreAuthDelay = 0;
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
@@ -10,7 +10,7 @@
  * Written by Peter Eisentraut <peter_e@gmx.net>.
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.375 2007/02/16 02:59:41 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.376 2007/02/16 17:07:00 tgl Exp $
  *
  *--------------------------------------------------------------------
  */
@@ -106,6 +106,11 @@ extern bool fullPageWrites;
 extern bool trace_sort;
 #endif
 
+#ifdef USE_SSL
+extern char *SSLCipherSuites;
+#endif
+
+
 static const char *assign_log_destination(const char *value,
 					   bool doit, GucSource source);
 
@@ -2314,6 +2319,7 @@ static struct config_string ConfigureNamesString[] =
 		NULL, assign_temp_tablespaces, NULL
 	},
 
+#ifdef USE_SSL
 	{
 		{"ssl_ciphers", PGC_POSTMASTER, CONN_AUTH_SECURITY,
 			gettext_noop("Sets the list of allowed SSL ciphers."),
@@ -2323,7 +2329,8 @@ static struct config_string ConfigureNamesString[] =
 		&SSLCipherSuites,
 		"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH", NULL, NULL
 	},
-			
+#endif /* USE_SSL */
+
 	/* End-of-list marker */
 	{
 		{NULL, 0, 0, NULL, NULL}, NULL, NULL, NULL, NULL
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
@@ -74,7 +74,8 @@
 
 #authentication_timeout = 1min		# 1s-600s
 #ssl = off				# (change requires restart)
-#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # List of ciphers to use
+#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# Allowed SSL ciphers
+					# (change requires restart)
 #password_encryption = on
 #db_user_namespace = off
 
diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.h
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2007, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/postmaster/postmaster.h,v 1.16 2007/02/16 02:59:41 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/postmaster/postmaster.h,v 1.17 2007/02/16 17:07:00 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -15,7 +15,6 @@
 
 /* GUC options */
 extern bool EnableSSL;
-extern char *SSLCipherSuites;
 extern bool SilentMode;
 extern int	ReservedBackends;
 extern int	PostPortNumber;
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.93 2007/02/16 02:59:41 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.94 2007/02/16 17:07:00 tgl Exp $
  *
  * NOTES
  *	  [ Most of these notes are wrong/obsolete, but perhaps not all ]
@@ -619,7 +619,7 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 		char	*engine_env = getenv("PGSSLKEY");
 		char	*engine_colon = strchr(engine_env, ':');
 		char	*engine_str;
-		ENGINE	*engine_ptr = NULL;
+		ENGINE	*engine_ptr;
 
 		if (!engine_colon)
 		{
@@ -630,34 +630,38 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 
 		engine_str = malloc(engine_colon - engine_env + 1);
 		strlcpy(engine_str, engine_env, engine_colon - engine_env + 1);
-		if ((engine_ptr = ENGINE_by_id(engine_str)) == NULL)
+		engine_ptr = ENGINE_by_id(engine_str);
+		if (engine_ptr == NULL)
 		{
 			char	  *err = SSLerrmessage();
 
 			printfPQExpBuffer(&conn->errorMessage,
-				libpq_gettext("could not load SSL engine \"%s\":%s\n"), engine_str, err);
-			free(engine_str);
+				libpq_gettext("could not load SSL engine \"%s\": %s\n"),
+							  engine_str, err);
 			SSLerrfree(err);
+			free(engine_str);
 			return 0;
 		}	
-		if ((*pkey = ENGINE_load_private_key(engine_ptr,
-						engine_colon + 1, NULL, NULL)) == NULL)
+
+		*pkey = ENGINE_load_private_key(engine_ptr, engine_colon + 1,
+										NULL, NULL);
+		if (*pkey == NULL)
 		{
 			char	  *err = SSLerrmessage();
 
 			printfPQExpBuffer(&conn->errorMessage,
-				libpq_gettext("could not read private SSL key %s from engine \"%s\": %s\n"),
-							engine_colon + 1, engine_str, err);
+				libpq_gettext("could not read private SSL key \"%s\" from engine \"%s\": %s\n"),
+							  engine_colon + 1, engine_str, err);
 			SSLerrfree(err);
 			free(engine_str);
 			return 0;
 		}		
 		free(engine_str);
 	}
 	else
-#endif
+#endif /* use PGSSLKEY */
 	{
-		/* read the user key from file*/
+		/* read the user key from file */
 		snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);
 		if (stat(fnbuf, &buf) == -1)
 		{
@@ -666,7 +670,7 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 							fnbuf);
 			return 0;
 		}
-	#ifndef WIN32
+#ifndef WIN32
 		if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
 			buf.st_uid != geteuid())
 		{
@@ -675,23 +679,23 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 							fnbuf);
 			return 0;
 		}
-	#endif
+#endif
 		if ((fp = fopen(fnbuf, "r")) == NULL)
 		{
 			printfPQExpBuffer(&conn->errorMessage,
 				libpq_gettext("could not open private key file \"%s\": %s\n"),
 							fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));
 			return 0;
 		}
-	#ifndef WIN32
+#ifndef WIN32
 		if (fstat(fileno(fp), &buf2) == -1 ||
 			buf.st_dev != buf2.st_dev || buf.st_ino != buf2.st_ino)
 		{
 			printfPQExpBuffer(&conn->errorMessage,
 							libpq_gettext("private key file \"%s\" changed during execution\n"), fnbuf);
 			return 0;
 		}
-	#endif
+#endif
 		if (PEM_read_PrivateKey(fp, pkey, NULL, NULL) == NULL)
 		{
 			char	   *err = SSLerrmessage();
@@ -705,6 +709,7 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 		}
 		fclose(fp);
 	}
+
 	/* verify that the cert and key go together */
 	if (!X509_check_private_key(*x509, *pkey))
 	{
@@ -788,7 +793,7 @@ init_ssl_system(PGconn *conn)
 	{
 		if (pq_initssllib)
 		{
-#if (SSLEAY_VERSION_NUMBER >= 0x00907000L) 
+#if SSLEAY_VERSION_NUMBER >= 0x00907000L
 			OPENSSL_config(NULL);
 #endif			
 			SSL_library_init();

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@`
`37`	`37`	`*`
`38`	`38`	`*`
`39`	`39`	`* IDENTIFICATION`
`40`		`- * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.524 2007/02/16 02:59:41 momjian Exp $`
	`40`	`+ * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.525 2007/02/16 17:06:59 tgl Exp $`
`41`	`41`	`*`
`42`	`42`	`* NOTES`
`43`	`43`	`*`
`@@ -187,7 +187,6 @@ static int SendStop = false;`
`187`	`187`
`188`	`188`	`/* still more option variables */`
`189`	`189`	`bool EnableSSL = false;`
`190`		`-char *SSLCipherSuites;`
`191`	`190`	`bool SilentMode = false; /* silent mode (-S) */`
`192`	`191`
`193`	`192`	`int PreAuthDelay = 0;`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`*`
`12`	`12`	`*`
`13`	`13`	`* IDENTIFICATION`
`14`		`- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.93 2007/02/16 02:59:41 momjian Exp $`
	`14`	`+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.94 2007/02/16 17:07:00 tgl Exp $`
`15`	`15`	`*`
`16`	`16`	`* NOTES`
`17`	`17`	`* [ Most of these notes are wrong/obsolete, but perhaps not all ]`
`@@ -619,7 +619,7 @@ client_cert_cb(SSL ssl, X509 x509, EVP_PKEY *pkey)`
`619`	`619`	`char *engine_env = getenv("PGSSLKEY");`
`620`	`620`	`char *engine_colon = strchr(engine_env, ':');`
`621`	`621`	`char *engine_str;`
`622`		`- ENGINE *engine_ptr = NULL;`
	`622`	`+ ENGINE *engine_ptr;`
`623`	`623`
`624`	`624`	`if (!engine_colon)`
`625`	`625`	`{`
`@@ -630,34 +630,38 @@ client_cert_cb(SSL ssl, X509 x509, EVP_PKEY *pkey)`
`630`	`630`
`631`	`631`	`engine_str = malloc(engine_colon - engine_env + 1);`
`632`	`632`	`strlcpy(engine_str, engine_env, engine_colon - engine_env + 1);`
`633`		`- if ((engine_ptr = ENGINE_by_id(engine_str)) == NULL)`
	`633`	`+ engine_ptr = ENGINE_by_id(engine_str);`
	`634`	`+ if (engine_ptr == NULL)`
`634`	`635`	`{`
`635`	`636`	`char *err = SSLerrmessage();`
`636`	`637`
`637`	`638`	`printfPQExpBuffer(&conn->errorMessage,`
`638`		`- libpq_gettext("could not load SSL engine \"%s\":%s\n"), engine_str, err);`
`639`		`- free(engine_str);`
	`639`	`+ libpq_gettext("could not load SSL engine \"%s\": %s\n"),`
	`640`	`+ engine_str, err);`
`640`	`641`	`SSLerrfree(err);`
	`642`	`+ free(engine_str);`
`641`	`643`	`return 0;`
`642`	`644`	`}`
`643`		`- if ((*pkey = ENGINE_load_private_key(engine_ptr,`
`644`		`- engine_colon + 1, NULL, NULL)) == NULL)`
	`645`	`+`
	`646`	`+ *pkey = ENGINE_load_private_key(engine_ptr, engine_colon + 1,`
	`647`	`+ NULL, NULL);`
	`648`	`+ if (*pkey == NULL)`
`645`	`649`	`{`
`646`	`650`	`char *err = SSLerrmessage();`
`647`	`651`
`648`	`652`	`printfPQExpBuffer(&conn->errorMessage,`
`649`		`- libpq_gettext("could not read private SSL key %s from engine \"%s\": %s\n"),`
`650`		`- engine_colon + 1, engine_str, err);`
	`653`	`+ libpq_gettext("could not read private SSL key \"%s\" from engine \"%s\": %s\n"),`
	`654`	`+ engine_colon + 1, engine_str, err);`
`651`	`655`	`SSLerrfree(err);`
`652`	`656`	`free(engine_str);`
`653`	`657`	`return 0;`
`654`	`658`	`}`
`655`	`659`	`free(engine_str);`
`656`	`660`	`}`
`657`	`661`	`else`
`658`		`-#endif`
	`662`	`+#endif /* use PGSSLKEY */`
`659`	`663`	`{`
`660`		`- /* read the user key from file*/`
	`664`	`+ /* read the user key from file */`
`661`	`665`	`snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);`
`662`	`666`	`if (stat(fnbuf, &buf) == -1)`
`663`	`667`	`{`
`@@ -666,7 +670,7 @@ client_cert_cb(SSL ssl, X509 x509, EVP_PKEY *pkey)`
`666`	`670`	`fnbuf);`
`667`	`671`	`return 0;`
`668`	`672`	`}`
`669`		`- #ifndef WIN32`
	`673`	`+#ifndef WIN32`
`670`	`674`	`if (!S_ISREG(buf.st_mode) \|\| (buf.st_mode & 0077) \|\|`
`671`	`675`	`buf.st_uid != geteuid())`
`672`	`676`	`{`
`@@ -675,23 +679,23 @@ client_cert_cb(SSL ssl, X509 x509, EVP_PKEY *pkey)`
`675`	`679`	`fnbuf);`
`676`	`680`	`return 0;`
`677`	`681`	`}`
`678`		`- #endif`
	`682`	`+#endif`
`679`	`683`	`if ((fp = fopen(fnbuf, "r")) == NULL)`
`680`	`684`	`{`
`681`	`685`	`printfPQExpBuffer(&conn->errorMessage,`
`682`	`686`	`libpq_gettext("could not open private key file \"%s\": %s\n"),`
`683`	`687`	`fnbuf, pqStrerror(errno, sebuf, sizeof(sebuf)));`
`684`	`688`	`return 0;`
`685`	`689`	`}`
`686`		`- #ifndef WIN32`
	`690`	`+#ifndef WIN32`
`687`	`691`	`if (fstat(fileno(fp), &buf2) == -1 \|\|`
`688`	`692`	`buf.st_dev != buf2.st_dev \|\| buf.st_ino != buf2.st_ino)`
`689`	`693`	`{`
`690`	`694`	`printfPQExpBuffer(&conn->errorMessage,`
`691`	`695`	`libpq_gettext("private key file \"%s\" changed during execution\n"), fnbuf);`
`692`	`696`	`return 0;`
`693`	`697`	`}`
`694`		`- #endif`
	`698`	`+#endif`
`695`	`699`	`if (PEM_read_PrivateKey(fp, pkey, NULL, NULL) == NULL)`
`696`	`700`	`{`
`697`	`701`	`char *err = SSLerrmessage();`
`@@ -705,6 +709,7 @@ client_cert_cb(SSL ssl, X509 x509, EVP_PKEY *pkey)`
`705`	`709`	`}`
`706`	`710`	`fclose(fp);`
`707`	`711`	`}`
	`712`	`+`
`708`	`713`	`/* verify that the cert and key go together */`
`709`	`714`	`if (!X509_check_private_key(x509, pkey))`
`710`	`715`	`{`
`@@ -788,7 +793,7 @@ init_ssl_system(PGconn *conn)`
`788`	`793`	`{`
`789`	`794`	`if (pq_initssllib)`
`790`	`795`	`{`
`791`		`-#if (SSLEAY_VERSION_NUMBER >= 0x00907000L)`
	`796`	`+#if SSLEAY_VERSION_NUMBER >= 0x00907000L`
`792`	`797`	`OPENSSL_config(NULL);`
`793`	`798`	`#endif`
`794`	`799`	`SSL_library_init();`