/*
* Initialize global context
*/
int
secure_initialize(void)
{
#ifdef USE_SSL
initialize_SSL();
#endif
return 0;
}
/*
* Initialize global context
*/
int
pqsecure_initialize(PGconn *conn)
{
int r = 0;
#ifdef USE_SSL
r = initialize_SSL(conn);
#endif
return r;
}
/*
* Initialize global context
*/
int
secure_initialize(void)
{
int r = 0;
#ifdef USE_SSL
r = initialize_SSL();
#endif
return r;
}
int statcom_main(uint16_t server_port, uint16_t max_clients, char* module_name, int (*call_command_handler_function) (SSL *, int))
{
int setupdone=0, connection_id, connectSocket;
pid_t pid;
/*SSL specific.*/
SSL *ssl;
SSL_CTX *ctx;
total_clients = 0;
ctx = initialize_SSL(server_port, max_clients, module_name);
while(1) /*while loop to serve many connections. When one connection arrives, a new process is forked to handle it.*/
{ /*and the parent process comes here again to continue listening.*/
if((connectSocket = create_socket_connect_verify(server_port, max_clients, module_name, setupdone, &connection_id)) == ERROR)
goto error;
switch(pid = fork()) /* here a new child process is created and the parent continues.*/
{
case -1:/*something went wrong..*/
mysyslog(LOG_ERR, "Error in forking a new %s connection.\nAborting.....\n", module_name);
break;
case 0:/*child process*/
signal(SIGCHLD,SIG_IGN); /* to keep track of when a child is terminated.*/
signal(SIGCLD,SIG_IGN); /* to keep track of when a child is terminated.*/
if((ssl = do_ssl_handshake(ctx, connectSocket)) != NULL) /* if OK call function to handle engstation comms.*/
call_command_handler_function(ssl, connection_id); /* this function don't return until the station ends the connection.*/
closeconnection(connectSocket, ssl, ctx, module_name); /* we're done handling this connection, the client will exit now.*/
exit(0); /*when finished handling comms, we kill the child.*/
break;
default: /*parent process go on. The parent goes back to the begining of the while loop to continue listening.*/
/*the child handles the new connection.*/
setupdone = 1;
mysyslog(LOG_INFO, "Parent saving PID=%d of child in slot=%d\n", pid,connection_id );
used_ports[connection_id].childpid = pid; /*save the PID of the child in the used_port table.*/
break;
}
error: ; /*an empty statmenent is needed by the compiler.*/
}
return 0; /*we should never reach here !*/
}
/*
* Begin or continue negotiating a secure session.
*/
PostgresPollingStatusType
pqsecure_open_client(PGconn *conn)
{
#ifdef USE_SSL
/* First time through? */
if (conn->ssl == NULL)
{
/* We cannot use MSG_NOSIGNAL to block SIGPIPE when using SSL */
conn->sigpipe_flag = false;
/* Create a connection-specific SSL object */
if (!(conn->ssl = SSL_new(SSL_context)) ||
!SSL_set_app_data(conn->ssl, conn) ||
!SSL_set_fd(conn->ssl, conn->sock))
{
char *err = SSLerrmessage();
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("could not establish SSL connection: %s\n"),
err);
SSLerrfree(err);
close_SSL(conn);
return PGRES_POLLING_FAILED;
}
/*
* Load client certificate, private key, and trusted CA certs.
*/
if (initialize_SSL(conn) != 0)
{
/* initialize_SSL already put a message in conn->errorMessage */
close_SSL(conn);
return PGRES_POLLING_FAILED;
}
}
/* Begin or continue the actual handshake */
return open_client_SSL(conn);
#else
/* shouldn't get here */
return PGRES_POLLING_FAILED;
#endif
}