/*
* call-seq:
* PG.init_openssl(do_ssl, do_crypto) -> nil
*
* Allows applications to select which security libraries to initialize.
*
* If your application initializes libssl and/or libcrypto libraries and libpq is
* built with SSL support, you should call PG.init_openssl() to tell libpq that the
* libssl and/or libcrypto libraries have been initialized by your application,
* so that libpq will not also initialize those libraries. See
* http://h71000.www7.hp.com/doc/83final/BA554_90007/ch04.html for details on the SSL API.
*
* When do_ssl is +true+, libpq will initialize the OpenSSL library before first
* opening a database connection. When do_crypto is +true+, the libcrypto library
* will be initialized. By default (if PG.init_openssl() is not called), both libraries
* are initialized. When SSL support is not compiled in, this function is present but does nothing.
*
* If your application uses and initializes either OpenSSL or its underlying libcrypto library,
* you must call this function with +false+ for the appropriate parameter(s) before first opening
* a database connection. Also be sure that you have done that initialization before opening a
* database connection.
*
*/
static VALUE
pg_s_init_openssl(VALUE self, VALUE do_ssl, VALUE do_crypto)
{
UNUSED( self );
PQinitOpenSSL(pg_to_bool_int(do_ssl), pg_to_bool_int(do_crypto));
return Qnil;
}
/*************************************************************************
*
* Function: sql_create_socket
*
* Purpose: Establish connection to the db
*
*************************************************************************/
static int sql_init_socket(rlm_sql_handle_t *handle, rlm_sql_config_t *config) {
char *dbstring;
rlm_sql_postgres_conn_t *conn;
#ifdef HAVE_OPENSSL_CRYPTO_H
static bool ssl_init = false;
if (!ssl_init) {
PQinitOpenSSL(0, 0);
ssl_init = true;
}
#endif
MEM(conn = handle->conn = talloc_zero(handle, rlm_sql_postgres_conn_t));
talloc_set_destructor(conn, _sql_socket_destructor);
dbstring = strchr(config->sql_db, '=') ?
talloc_strdup(conn, config->sql_db) :
talloc_asprintf(conn, "dbname='%s'", config->sql_db);
if (config->sql_server[0] != '\0') {
dbstring = talloc_asprintf_append(dbstring, " host='%s'", config->sql_server);
}
if (config->sql_port[0] != '\0') {
dbstring = talloc_asprintf_append(dbstring, " port=%s", config->sql_port);
}
if (config->sql_login[0] != '\0') {
dbstring = talloc_asprintf_append(dbstring, " user='******'", config->sql_login);
}
if (config->sql_password[0] != '\0') {
dbstring = talloc_asprintf_append(dbstring, " password='******'", config->sql_password);
}
conn->dbstring = dbstring;
conn->db = PQconnectdb(dbstring);
DEBUG2("rlm_sql_postgresql: Connecting using parameters: %s", dbstring);
if (!conn->db || (PQstatus(conn->db) != CONNECTION_OK)) {
ERROR("rlm_sql_postgresql: Connection failed: %s", PQerrorMessage(conn->db));
return -1;
}
DEBUG2("Connected to database '%s' on '%s' server version %i, protocol version %i, backend PID %i ",
PQdb(conn->db), PQhost(conn->db), PQserverVersion(conn->db), PQprotocolVersion(conn->db),
PQbackendPID(conn->db));
return 0;
}
/* Make sure libcrypto thread callbacks are set up. */
static void
psyco_libcrypto_threads_init(void)
{
PyObject *m;
/* importing the ssl module sets up Python's libcrypto callbacks */
if ((m = PyImport_ImportModule("ssl"))) {
/* disable libcrypto setup in libpq, so it won't stomp on the callbacks
that have already been set up */
PQinitOpenSSL(1, 0);
Py_DECREF(m);
}
else {
/* might mean that Python has been compiled without OpenSSL support,
fall back to relying on libpq's libcrypto locking */
PyErr_Clear();
}
}
/*
* Exported function to allow application to tell us it's already
* initialized OpenSSL.
*/
void
PQinitSSL(int do_init)
{
PQinitOpenSSL(do_init, do_init);
}
