int pgwin32_send(SOCKET s, const void *buf, int len, int flags) { WSABUF wbuf; int r; DWORD b; if (pgwin32_poll_signals()) return -1; wbuf.len = len; wbuf.buf = (char *) buf; /* * Readiness of socket to send data to UDP socket may be not true: socket * can become busy again! So loop until send or error occurs. */ for (;;) { r = WSASend(s, &wbuf, 1, &b, flags, NULL, NULL); if (r != SOCKET_ERROR && b > 0) /* Write succeeded right away */ return b; if (r == SOCKET_ERROR && WSAGetLastError() != WSAEWOULDBLOCK) { TranslateSocketError(); return -1; } if (pgwin32_noblock) { /* * No data sent, and we are in "emulated non-blocking mode", so * return indicating that we'd block if we were to continue. */ errno = EWOULDBLOCK; return -1; } /* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */ if (pgwin32_waitforsinglesocket(s, FD_WRITE | FD_CLOSE, INFINITE) == 0) return -1; } return -1; }
int pgwin32_recv(SOCKET s, char *buf, int len, int f) { WSABUF wbuf; int r; DWORD b; DWORD flags = f; if (pgwin32_poll_signals()) return -1; wbuf.len = len; wbuf.buf = buf; r = WSARecv(s, &wbuf, 1, &b, &flags, NULL, NULL); if (r != SOCKET_ERROR && b > 0) /* Read succeeded right away */ return b; if (r == SOCKET_ERROR && WSAGetLastError() != WSAEWOULDBLOCK) { TranslateSocketError(); return -1; } /* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */ if (pgwin32_waitforsinglesocket(s, FD_READ | FD_CLOSE | FD_ACCEPT, INFINITE) == 0) return -1; r = WSARecv(s, &wbuf, 1, &b, &flags, NULL, NULL); if (r == SOCKET_ERROR) { TranslateSocketError(); return -1; } return b; }
/* No signal delivery during connect. */ int pgwin32_connect(SOCKET s, const struct sockaddr * addr, int addrlen) { int r; r = WSAConnect(s, addr, addrlen, NULL, NULL, NULL, NULL); if (r == 0) return 0; if (WSAGetLastError() != WSAEWOULDBLOCK) { TranslateSocketError(); return -1; } while (pgwin32_waitforsinglesocket(s, FD_CONNECT, INFINITE) == 0) { /* Loop endlessly as long as we are just delivering signals */ } return 0; }
int pgwin32_send(SOCKET s, char *buf, int len, int flags) { WSABUF wbuf; int r; DWORD b; if (pgwin32_poll_signals()) return -1; wbuf.len = len; wbuf.buf = buf; /* * Readiness of socket to send data to UDP socket may be not true: socket * can become busy again! So loop until send or error occurs. */ for (;;) { r = WSASend(s, &wbuf, 1, &b, flags, NULL, NULL); if (r != SOCKET_ERROR && b > 0) /* Write succeeded right away */ return b; if (r == SOCKET_ERROR && WSAGetLastError() != WSAEWOULDBLOCK) { TranslateSocketError(); return -1; } /* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */ if (pgwin32_waitforsinglesocket(s, FD_WRITE | FD_CLOSE, INFINITE) == 0) return -1; } return -1; }
int pgwin32_send(SOCKET s, char *buf, int len, int flags) { WSABUF wbuf; int r; DWORD b; if (pgwin32_poll_signals()) return -1; wbuf.len = len; wbuf.buf = buf; r = WSASend(s, &wbuf, 1, &b, flags, NULL, NULL); if (r != SOCKET_ERROR && b > 0) /* Write succeeded right away */ return b; if (r == SOCKET_ERROR && WSAGetLastError() != WSAEWOULDBLOCK) { TranslateSocketError(); return -1; } /* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */ if (pgwin32_waitforsinglesocket(s, FD_WRITE | FD_CLOSE) == 0) return -1; r = WSASend(s, &wbuf, 1, &b, flags, NULL, NULL); if (r == SOCKET_ERROR) { TranslateSocketError(); return -1; } return b; }
/* * Attempt to negotiate SSL connection. */ static int open_server_SSL(Port *port) { int r; int err; Assert(!port->ssl); Assert(!port->peer); if (!(port->ssl = SSL_new(SSL_context))) { ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not initialize SSL connection: %s", SSLerrmessage()))); close_SSL(port); return -1; } if (!my_SSL_set_fd(port->ssl, port->sock)) { ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not set SSL socket: %s", SSLerrmessage()))); close_SSL(port); return -1; } aloop: r = SSL_accept(port->ssl); if (r <= 0) { err = SSL_get_error(port->ssl, r); switch (err) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), (err == SSL_ERROR_WANT_READ) ? FD_READ | FD_CLOSE | FD_ACCEPT : FD_WRITE | FD_CLOSE, INFINITE); #endif goto aloop; case SSL_ERROR_SYSCALL: if (r < 0) ereport(COMMERROR, (errcode_for_socket_access(), errmsg("could not accept SSL connection: %m"))); else ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not accept SSL connection: EOF detected"))); break; case SSL_ERROR_SSL: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not accept SSL connection: %s", SSLerrmessage()))); break; case SSL_ERROR_ZERO_RETURN: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not accept SSL connection: EOF detected"))); break; default: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("unrecognized SSL error code: %d", err))); break; } close_SSL(port); return -1; } port->count = 0; /* get client certificate, if available. */ port->peer = SSL_get_peer_certificate(port->ssl); if (port->peer == NULL) { strlcpy(port->peer_dn, "(anonymous)", sizeof(port->peer_dn)); strlcpy(port->peer_cn, "(anonymous)", sizeof(port->peer_cn)); } else { X509_NAME_oneline(X509_get_subject_name(port->peer), port->peer_dn, sizeof(port->peer_dn)); port->peer_dn[sizeof(port->peer_dn) - 1] = '\0'; r = X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer), NID_commonName, port->peer_cn, sizeof(port->peer_cn)); port->peer_cn[sizeof(port->peer_cn) - 1] = '\0'; if (r == -1) { /* Unable to get the CN, set it to blank so it can't be used */ port->peer_cn[0] = '\0'; } else { /* * Reject embedded NULLs in certificate common name to prevent * attacks like CVE-2009-4034. */ if (r != strlen(port->peer_cn)) { ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL certificate's common name contains embedded null"))); close_SSL(port); return -1; } } } ereport(DEBUG2, (errmsg("SSL connection from \"%s\"", port->peer_cn))); /* set up debugging/info callback */ SSL_CTX_set_info_callback(SSL_context, info_cb); return 0; }
/* * Write data to a secure connection. */ ssize_t secure_write(Port *port, void *ptr, size_t len) { ssize_t n; #ifdef USE_SSL if (port->ssl) { int err; if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L) { SSL_set_session_id_context(port->ssl, (void *) &SSL_context, sizeof(SSL_context)); if (SSL_renegotiate(port->ssl) <= 0) ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL renegotiation failure"))); if (SSL_do_handshake(port->ssl) <= 0) ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL renegotiation failure"))); if (port->ssl->state != SSL_ST_OK) ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL failed to send renegotiation request"))); port->ssl->state |= SSL_ST_ACCEPT; SSL_do_handshake(port->ssl); if (port->ssl->state != SSL_ST_OK) ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL renegotiation failure"))); port->count = 0; } wloop: errno = 0; n = SSL_write(port->ssl, ptr, len); err = SSL_get_error(port->ssl, n); switch (err) { case SSL_ERROR_NONE: port->count += n; break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), (err == SSL_ERROR_WANT_READ) ? FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE, INFINITE); #endif goto wloop; case SSL_ERROR_SYSCALL: /* leave it to caller to ereport the value of errno */ if (n != -1) { errno = ECONNRESET; n = -1; } break; case SSL_ERROR_SSL: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL error: %s", SSLerrmessage()))); /* fall through */ case SSL_ERROR_ZERO_RETURN: errno = ECONNRESET; n = -1; break; default: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("unrecognized SSL error code: %d", err))); n = -1; break; } } else #endif n = send(port->sock, ptr, len, 0); return n; }
/* * Read data from a secure connection. */ ssize_t secure_read(Port *port, void *ptr, size_t len) { ssize_t n; #ifdef USE_SSL if (port->ssl) { int err; rloop: errno = 0; n = SSL_read(port->ssl, ptr, len); err = SSL_get_error(port->ssl, n); switch (err) { case SSL_ERROR_NONE: port->count += n; break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: if (port->noblock) { errno = EWOULDBLOCK; n = -1; break; } #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), (err == SSL_ERROR_WANT_READ) ? FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE, INFINITE); #endif goto rloop; case SSL_ERROR_SYSCALL: /* leave it to caller to ereport the value of errno */ if (n != -1) { errno = ECONNRESET; n = -1; } break; case SSL_ERROR_SSL: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL error: %s", SSLerrmessage()))); /* fall through */ case SSL_ERROR_ZERO_RETURN: errno = ECONNRESET; n = -1; break; default: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("unrecognized SSL error code: %d", err))); n = -1; break; } } else #endif { prepare_for_client_read(); n = recv(port->sock, ptr, len, 0); client_read_ended(); } return n; }
int pgwin32_recv(SOCKET s, char *buf, int len, int f) { WSABUF wbuf; int r; DWORD b; DWORD flags = f; int n; if (pgwin32_poll_signals()) return -1; wbuf.len = len; wbuf.buf = buf; r = WSARecv(s, &wbuf, 1, &b, &flags, NULL, NULL); if (r != SOCKET_ERROR && b > 0) /* Read succeeded right away */ return b; if (r == SOCKET_ERROR && WSAGetLastError() != WSAEWOULDBLOCK) { TranslateSocketError(); return -1; } if (pgwin32_noblock) { /* * No data received, and we are in "emulated non-blocking mode", so * return indicating that we'd block if we were to continue. */ errno = EWOULDBLOCK; return -1; } /* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */ for (n = 0; n < 5; n++) { if (pgwin32_waitforsinglesocket(s, FD_READ | FD_CLOSE | FD_ACCEPT, INFINITE) == 0) return -1; /* errno already set */ r = WSARecv(s, &wbuf, 1, &b, &flags, NULL, NULL); if (r == SOCKET_ERROR) { if (WSAGetLastError() == WSAEWOULDBLOCK) { /* * There seem to be cases on win2k (at least) where WSARecv * can return WSAEWOULDBLOCK even when * pgwin32_waitforsinglesocket claims the socket is readable. * In this case, just sleep for a moment and try again. We try * up to 5 times - if it fails more than that it's not likely * to ever come back. */ pg_usleep(10000); continue; } TranslateSocketError(); return -1; } return b; } ereport(NOTICE, (errmsg_internal("could not read from ready socket (after retries)"))); errno = EWOULDBLOCK; return -1; }
/* * Attempt to negotiate SSL connection. */ static int open_server_SSL(Port *port) { int r; int err; Assert(!port->ssl); Assert(!port->peer); if (!(port->ssl = SSL_new(SSL_context))) { ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not initialize SSL connection: %s", SSLerrmessage()))); close_SSL(port); return -1; } if (!my_SSL_set_fd(port->ssl, port->sock)) { ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not set SSL socket: %s", SSLerrmessage()))); close_SSL(port); return -1; } aloop: r = SSL_accept(port->ssl); if (r <= 0) { err = SSL_get_error(port->ssl, r); switch (err) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), (err == SSL_ERROR_WANT_READ) ? FD_READ | FD_CLOSE | FD_ACCEPT : FD_WRITE | FD_CLOSE, INFINITE); #endif goto aloop; case SSL_ERROR_SYSCALL: if (r < 0) ereport(COMMERROR, (errcode_for_socket_access(), errmsg("could not accept SSL connection: %m"))); else ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not accept SSL connection: EOF detected"))); break; case SSL_ERROR_SSL: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not accept SSL connection: %s", SSLerrmessage()))); break; case SSL_ERROR_ZERO_RETURN: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("could not accept SSL connection: EOF detected"))); break; default: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("unrecognized SSL error code: %d", err))); break; } close_SSL(port); return -1; } port->count = 0; /* Get client certificate, if available. */ port->peer = SSL_get_peer_certificate(port->ssl); /* and extract the Common Name from it. */ port->peer_cn = NULL; if (port->peer != NULL) { int len; len = X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer), NID_commonName, NULL, 0); if (len != -1) { char *peer_cn; peer_cn = MemoryContextAlloc(TopMemoryContext, len + 1); r = X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer), NID_commonName, peer_cn, len+1); peer_cn[len] = '\0'; if (r != len) { /* shouldn't happen */ pfree(peer_cn); close_SSL(port); return -1; } /* * Reject embedded NULLs in certificate common name to prevent * attacks like CVE-2009-4034. */ if (len != strlen(peer_cn)) { ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL certificate's common name contains embedded null"))); pfree(peer_cn); close_SSL(port); return -1; } port->peer_cn = peer_cn; } } ereport(DEBUG2, (errmsg("SSL connection from \"%s\"", port->peer_cn ? port->peer_cn : "(anonymous)"))); /* set up debugging/info callback */ SSL_CTX_set_info_callback(SSL_context, info_cb); return 0; }
/* * Write data to a secure connection. */ ssize_t secure_write(Port *port, void *ptr, size_t len) { ssize_t n; #ifdef USE_SSL if (port->ssl) { int err; if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L) { SSL_set_session_id_context(port->ssl, (void *) &SSL_context, sizeof(SSL_context)); if (SSL_renegotiate(port->ssl) <= 0) { report_commerror("SSL renegotiation failure"); } if (SSL_do_handshake(port->ssl) <= 0) { report_commerror("SSL renegotiation failure"); } if (port->ssl->state != SSL_ST_OK) { report_commerror("SSL failed to send renegotiation request"); } port->ssl->state |= SSL_ST_ACCEPT; SSL_do_handshake(port->ssl); if (port->ssl->state != SSL_ST_OK) { report_commerror("SSL renegotiation failure"); } port->count = 0; } wloop: errno = 0; n = SSL_write(port->ssl, ptr, len); err = SSL_get_error(port->ssl, n); const int ERR_MSG_LEN = ERROR_BUF_SIZE + 20; char err_msg[ERR_MSG_LEN]; switch (err) { case SSL_ERROR_NONE: port->count += n; break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), (err == SSL_ERROR_WANT_READ) ? FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE, INFINITE); #endif goto wloop; case SSL_ERROR_SYSCALL: /* leave it to caller to ereport the value of errno */ if (n != -1) { errno = ECONNRESET; n = -1; } break; case SSL_ERROR_SSL: snprintf((char *)&err_msg, ERR_MSG_LEN, "SSL error: %s", SSLerrmessage()); report_commerror(err_msg); /* fall through */ case SSL_ERROR_ZERO_RETURN: errno = ECONNRESET; n = -1; break; default: snprintf((char *)&err_msg, ERR_MSG_LEN, "unrecognized SSL error code: %d", err); report_commerror(err_msg); n = -1; break; } } else #endif { prepare_for_client_write(); n = send(port->sock, ptr, len, 0); client_write_ended(); } return n; }
/* * Write data to a secure connection. */ ssize_t secure_write(Port *port, void *ptr, size_t len) { ssize_t n; #ifdef USE_SSL if (port->ssl) { int err; /* * If SSL renegotiations are enabled and we're getting close to the * limit, start one now; but avoid it if there's one already in * progress. Request the renegotiation 1kB before the limit has * actually expired. */ if (ssl_renegotiation_limit && !in_ssl_renegotiation && port->count > (ssl_renegotiation_limit - 1) * 1024L) { in_ssl_renegotiation = true; /* * The way we determine that a renegotiation has completed is by * observing OpenSSL's internal renegotiation counter. Make sure * we start out at zero, and assume that the renegotiation is * complete when the counter advances. * * OpenSSL provides SSL_renegotiation_pending(), but this doesn't * seem to work in testing. */ SSL_clear_num_renegotiations(port->ssl); SSL_set_session_id_context(port->ssl, (void *) &SSL_context, sizeof(SSL_context)); if (SSL_renegotiate(port->ssl) <= 0) ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL failure during renegotiation start"))); else { int retries; /* * A handshake can fail, so be prepared to retry it, but only * a few times. */ for (retries = 0; retries++;) { if (SSL_do_handshake(port->ssl) > 0) break; /* done */ ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL handshake failure on renegotiation, retrying"))); if (retries >= 20) ereport(FATAL, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("unable to complete SSL handshake"))); } } } wloop: errno = 0; n = SSL_write(port->ssl, ptr, len); err = SSL_get_error(port->ssl, n); switch (err) { case SSL_ERROR_NONE: port->count += n; break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: #ifdef WIN32 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl), (err == SSL_ERROR_WANT_READ) ? FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE, INFINITE); #endif goto wloop; case SSL_ERROR_SYSCALL: /* leave it to caller to ereport the value of errno */ if (n != -1) { errno = ECONNRESET; n = -1; } break; case SSL_ERROR_SSL: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL error: %s", SSLerrmessage()))); /* fall through */ case SSL_ERROR_ZERO_RETURN: errno = ECONNRESET; n = -1; break; default: ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("unrecognized SSL error code: %d", err))); errno = ECONNRESET; n = -1; break; } if (n >= 0) { /* is renegotiation complete? */ if (in_ssl_renegotiation && SSL_num_renegotiations(port->ssl) >= 1) { in_ssl_renegotiation = false; port->count = 0; } /* * if renegotiation is still ongoing, and we've gone beyond the * limit, kill the connection now -- continuing to use it can be * considered a security problem. */ if (in_ssl_renegotiation && port->count > ssl_renegotiation_limit * 1024L) ereport(FATAL, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("SSL failed to renegotiate connection before limit expired"))); } } else #endif n = send(port->sock, ptr, len, 0); return n; }