mirror of
https://github.com/postgres/postgres.git
synced 2025-11-21 00:42:43 +03:00
Extract common bits from OpenSSL implementation
Some things in be-secure-openssl.c and fe-secure-openssl.c were not actually specific to OpenSSL but could also be used by other implementations. In order to avoid copy-and-pasting, move some of that code to common files.
This commit is contained in:
Peter Eisentraut
@@ -114,6 +114,10 @@ secure_open_server(Port *port)
|
||||
|
||||
#ifdef USE_SSL
|
||||
r = be_tls_open_server(port);
|
||||
|
||||
ereport(DEBUG2,
|
||||
(errmsg("SSL connection from \"%s\"",
|
||||
port->peer_cn ? port->peer_cn : "(anonymous)")));
|
||||
#endif
|
||||
|
||||
return r;
|
||||
@@ -314,3 +318,70 @@ secure_raw_write(Port *port, const void *ptr, size_t len)
|
||||
|
||||
return n;
|
||||
}
|
||||
|
||||
bool
|
||||
check_ssl_key_file_permissions(const char *ssl_key_file, bool isServerStart)
|
||||
{
|
||||
int loglevel = isServerStart ? FATAL : LOG;
|
||||
struct stat buf;
|
||||
|
||||
if (stat(ssl_key_file, &buf) != 0)
|
||||
{
|
||||
ereport(loglevel,
|
||||
(errcode_for_file_access(),
|
||||
errmsg("could not access private key file \"%s\": %m",
|
||||
ssl_key_file)));
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!S_ISREG(buf.st_mode))
|
||||
{
|
||||
ereport(loglevel,
|
||||
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
||||
errmsg("private key file \"%s\" is not a regular file",
|
||||
ssl_key_file)));
|
||||
return false;
|
||||
}
|
||||
|
||||
/*
|
||||
* Refuse to load key files owned by users other than us or root.
|
||||
*
|
||||
* XXX surely we can check this on Windows somehow, too.
|
||||
*/
|
||||
#if !defined(WIN32) && !defined(__CYGWIN__)
|
||||
if (buf.st_uid != geteuid() && buf.st_uid != 0)
|
||||
{
|
||||
ereport(loglevel,
|
||||
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
||||
errmsg("private key file \"%s\" must be owned by the database user or root",
|
||||
ssl_key_file)));
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Require no public access to key file. If the file is owned by us,
|
||||
* require mode 0600 or less. If owned by root, require 0640 or less to
|
||||
* allow read access through our gid, or a supplementary gid that allows
|
||||
* to read system-wide certificates.
|
||||
*
|
||||
* XXX temporarily suppress check when on Windows, because there may not
|
||||
* be proper support for Unix-y file permissions. Need to think of a
|
||||
* reasonable check to apply on Windows. (See also the data directory
|
||||
* permission check in postmaster.c)
|
||||
*/
|
||||
#if !defined(WIN32) && !defined(__CYGWIN__)
|
||||
if ((buf.st_uid == geteuid() && buf.st_mode & (S_IRWXG | S_IRWXO)) ||
|
||||
(buf.st_uid == 0 && buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)))
|
||||
{
|
||||
ereport(loglevel,
|
||||
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
||||
errmsg("private key file \"%s\" has group or world access",
|
||||
ssl_key_file),
|
||||
errdetail("File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.")));
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user