1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
/*-------------------------------------------------------------------------
*
* be-secure-common.c
*
* common implementation-independent SSL support code
*
* While be-secure.c contains the interfaces that the rest of the
* communications code calls, this file contains support routines that are
* used by the library-specific implementations such as be-secure-openssl.c.
*
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
* src/backend/libpq/be-secure-common.c
*
*-------------------------------------------------------------------------
*/
#include "postgres.h"
#include "libpq/libpq.h"
#include "storage/fd.h"
/*
* Run ssl_passphrase_command
*
* prompt will be substituted for %p. is_server_start determines the loglevel
* of error messages.
*
* The result will be put in buffer buf, which is of size size. The return
* value is the length of the actual result.
*/
int
run_ssl_passphrase_command(const char *prompt, bool is_server_start, char *buf, int size)
{
int loglevel = is_server_start ? ERROR : LOG;
StringInfoData command;
char *p;
FILE *fh;
int pclose_rc;
size_t len = 0;
Assert(prompt);
Assert(size > 0);
buf[0] = '\0';
initStringInfo(&command);
for (p = ssl_passphrase_command; *p; p++)
{
if (p[0] == '%')
{
switch (p[1])
{
case 'p':
appendStringInfoString(&command, prompt);
p++;
break;
case '%':
appendStringInfoChar(&command, '%');
p++;
break;
default:
appendStringInfoChar(&command, p[0]);
}
}
else
appendStringInfoChar(&command, p[0]);
}
fh = OpenPipeStream(command.data, "r");
if (fh == NULL)
{
ereport(loglevel,
(errcode_for_file_access(),
errmsg("could not execute command \"%s\": %m",
command.data)));
goto error;
}
if (!fgets(buf, size, fh))
{
if (ferror(fh))
{
ereport(loglevel,
(errcode_for_file_access(),
errmsg("could not read from command \"%s\": %m",
command.data)));
goto error;
}
}
pclose_rc = ClosePipeStream(fh);
if (pclose_rc == -1)
{
ereport(loglevel,
(errcode_for_file_access(),
errmsg("could not close pipe to external command: %m")));
goto error;
}
else if (pclose_rc != 0)
{
ereport(loglevel,
(errcode_for_file_access(),
errmsg("command \"%s\" failed",
command.data),
errdetail_internal("%s", wait_result_to_str(pclose_rc))));
goto error;
}
/* strip trailing newline */
len = strlen(buf);
if (buf[len - 1] == '\n')
buf[len-- -1] = '\0';
error:
pfree(command.data);
return len;
}
|
