Пример #1
0
/*
 *	Initialize global context
 */
int
secure_initialize(void)
{
#ifdef USE_SSL
	initialize_SSL();
#endif

	return 0;
}
Пример #2
0
/*
 *	Initialize global context
 */
int
pqsecure_initialize(PGconn *conn)
{
	int			r = 0;

#ifdef USE_SSL
	r = initialize_SSL(conn);
#endif

	return r;
}
Пример #3
0
/*
 *	Initialize global context
 */
int
secure_initialize(void)
{
	int			r = 0;

#ifdef USE_SSL
	r = initialize_SSL();
#endif

	return r;
}
Пример #4
0
int statcom_main(uint16_t server_port, uint16_t max_clients, char* module_name, int (*call_command_handler_function) (SSL *, int))
{
	int 	    setupdone=0, connection_id, connectSocket;
	pid_t 	    pid;

    /*SSL specific.*/
    SSL *ssl;
	SSL_CTX *ctx;

	total_clients = 0;
	ctx = initialize_SSL(server_port, max_clients, module_name);

	while(1) /*while loop to serve many connections. When one connection arrives, a new process is forked to handle it.*/
	{         /*and the parent process comes here again to continue listening.*/
        if((connectSocket = create_socket_connect_verify(server_port, max_clients, module_name, setupdone, &connection_id)) == ERROR)
            goto error;

        switch(pid = fork()) /* here a new child process is created and the parent continues.*/
        {
            case -1:/*something went wrong..*/
                mysyslog(LOG_ERR, "Error in forking a new %s connection.\nAborting.....\n", module_name);
                break;

            case  0:/*child process*/
                signal(SIGCHLD,SIG_IGN); /* to keep track of when a child is terminated.*/
                signal(SIGCLD,SIG_IGN); /* to keep track of when a child is terminated.*/

                if((ssl = do_ssl_handshake(ctx, connectSocket)) != NULL) /* if OK call function to handle engstation comms.*/
                    call_command_handler_function(ssl, connection_id); /* this function don't return until the station ends the connection.*/

                closeconnection(connectSocket, ssl, ctx, module_name); /* we're done handling this connection, the client will exit now.*/
                exit(0);	/*when finished handling comms, we kill the child.*/
                break;

            default: /*parent process go on. The parent goes back to the begining of the while loop to continue listening.*/
                      /*the child handles the new connection.*/
                setupdone = 1;
                mysyslog(LOG_INFO, "Parent saving PID=%d of child in slot=%d\n", pid,connection_id );
                used_ports[connection_id].childpid = pid; /*save the PID of the child in the used_port table.*/
                break;
        }
error: ; /*an empty statmenent is needed by the compiler.*/
    }

	return 0; 	/*we should never reach here !*/
}
Пример #5
0
/*
 *	Begin or continue negotiating a secure session.
 */
PostgresPollingStatusType
pqsecure_open_client(PGconn *conn)
{
#ifdef USE_SSL
	/* First time through? */
	if (conn->ssl == NULL)
	{
		/* We cannot use MSG_NOSIGNAL to block SIGPIPE when using SSL */
		conn->sigpipe_flag = false;

		/* Create a connection-specific SSL object */
		if (!(conn->ssl = SSL_new(SSL_context)) ||
			!SSL_set_app_data(conn->ssl, conn) ||
			!SSL_set_fd(conn->ssl, conn->sock))
		{
			char	   *err = SSLerrmessage();

			printfPQExpBuffer(&conn->errorMessage,
				   libpq_gettext("could not establish SSL connection: %s\n"),
							  err);
			SSLerrfree(err);
			close_SSL(conn);
			return PGRES_POLLING_FAILED;
		}

		/*
		 * Load client certificate, private key, and trusted CA certs.
		 */
		if (initialize_SSL(conn) != 0)
		{
			/* initialize_SSL already put a message in conn->errorMessage */
			close_SSL(conn);
			return PGRES_POLLING_FAILED;
		}
	}

	/* Begin or continue the actual handshake */
	return open_client_SSL(conn);
#else
	/* shouldn't get here */
	return PGRES_POLLING_FAILED;
#endif
}