| blob | 1b750d69447780a1c8f5bf8f7f48ef0670ac77b5 |
1 /*-------------------------------------------------------------------------
2 *
3 * fe-secure-gssapi.c
4 * The front-end (client) encryption support for GSSAPI
5 *
6 * Portions Copyright (c) 2016-2019, PostgreSQL Global Development Group
7 *
8 * IDENTIFICATION
9 * src/interfaces/libpq/fe-secure-gssapi.c
10 *
11 *-------------------------------------------------------------------------
12 */
22 /*
23 * Require encryption support, as well as mutual authentication and
24 * tamperproofing measures.
25 */
26 #define GSS_REQUIRED_FLAGS GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
27 GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG
29 /*
30 * Handle the encryption/decryption of data using GSSAPI.
31 *
32 * In the encrypted data stream on the wire, we break up the data
33 * into packets where each packet starts with a uint32-size length
34 * word (in network byte order), then encrypted data of that length
35 * immediately following. Decryption yields the same data stream
36 * that would appear when not using encryption.
37 *
38 * Encrypted data typically ends up being larger than the same data
39 * unencrypted, so we use fixed-size buffers for handling the
40 * encryption/decryption which are larger than PQComm's buffer will
41 * typically be to minimize the times where we have to make multiple
42 * packets (and therefore multiple recv/send calls for a single
43 * read/write call to us).
44 *
45 * NOTE: The client and server have to agree on the max packet size,
46 * because we have to pass an entire packet to GSSAPI at a time and we
47 * don't want the other side to send arbitrarily huge packets as we
48 * would have to allocate memory for them to then pass them to GSSAPI.
49 *
50 * Therefore, these two #define's are effectively part of the protocol
51 * spec and can't ever be changed.
52 */
53 #define PQ_GSS_SEND_BUFFER_SIZE 16384
54 #define PQ_GSS_RECV_BUFFER_SIZE 16384
56 /*
57 * We need these state variables per-connection. To allow the functions
58 * in this file to look mostly like those in be-secure-gssapi.c, set up
59 * these macros.
60 */
61 #define PqGSSSendBuffer (conn->gss_SendBuffer)
62 #define PqGSSSendLength (conn->gss_SendLength)
63 #define PqGSSSendNext (conn->gss_SendNext)
64 #define PqGSSSendConsumed (conn->gss_SendConsumed)
65 #define PqGSSRecvBuffer (conn->gss_RecvBuffer)
66 #define PqGSSRecvLength (conn->gss_RecvLength)
67 #define PqGSSResultBuffer (conn->gss_ResultBuffer)
68 #define PqGSSResultLength (conn->gss_ResultLength)
69 #define PqGSSResultNext (conn->gss_ResultNext)
70 #define PqGSSMaxPktSize (conn->gss_MaxPktSize)
73 /*
74 * Attempt to write len bytes of data from ptr to a GSSAPI-encrypted connection.
75 *
76 * The connection must be already set up for GSSAPI encryption (i.e., GSSAPI
77 * transport negotiation is complete).
78 *
79 * On success, returns the number of data bytes consumed (possibly less than
80 * len). On failure, returns -1 with errno set appropriately. If the errno
81 * indicates a non-retryable error, a message is put into conn->errorMessage.
82 * For retryable errors, caller should call again (passing the same or more
83 * data) once the socket is ready.
84 */
85 ssize_t
87 {
88 OM_uint32 major,
89 minor;
90 gss_buffer_desc input,
97 /*
98 * When we get a retryable failure, we must not tell the caller we have
99 * successfully transmitted everything, else it won't retry. For
100 * simplicity, we claim we haven't transmitted anything until we have
101 * successfully transmitted all "len" bytes. Between calls, the amount of
102 * the current input data that's already been encrypted and placed into
103 * PqGSSSendBuffer (and perhaps transmitted) is remembered in
104 * PqGSSSendConsumed. On a retry, the caller *must* be sending that data
105 * again, so if it offers a len less than that, something is wrong.
106 *
107 * Note: it may seem attractive to report partial write completion once
108 * we've successfully sent any encrypted packets. However, that can cause
109 * problems for callers; notably, pqPutMsgEnd's heuristic to send only
110 * full 8K blocks interacts badly with such a hack. We won't save much,
111 * typically, by letting callers discard data early, so don't risk it.
112 */
114 {
119 }
121 /* Discount whatever source data we already encrypted. */
125 /*
126 * Loop through encrypting data and sending it out until it's all done or
127 * pqsecure_raw_write() complains (which would likely mean that the socket
128 * is non-blocking and the requested send() would block, or there was some
129 * kind of actual error).
130 */
132 {
134 uint32 netlen;
136 /*
137 * Check if we have data in the encrypted output buffer that needs to
138 * be sent (possibly left over from a previous call), and if so, try
139 * to send it. If we aren't able to, return that fact back up to the
140 * caller.
141 */
143 {
144 ssize_t retval;
151 /*
152 * Check if this was a partial write, and if so, move forward that
153 * far in our buffer and try again.
154 */
156 {
159 }
161 /* We've successfully sent whatever data was in the buffer. */
163 }
165 /*
166 * Check if there are any bytes left to encrypt. If not, we're done.
167 */
171 /*
172 * Check how much we are being asked to send, if it's too much, then
173 * we will have to loop and possibly be called multiple times to get
174 * through all the data.
175 */
178 else
186 /*
187 * Create the next encrypted packet. Any failure here is considered a
188 * hard failure, so we return -1 even if some data has been sent.
189 */
193 {
197 }
200 {
205 }
208 {
215 }
221 /* 4 network-order bytes of length, then payload */
229 /* Release buffer storage allocated by GSSAPI */
231 }
233 /* If we get here, our counters should all match up. */
237 /* We're reporting all the data as sent, so reset PqGSSSendConsumed. */
242 cleanup:
243 /* Release GSSAPI buffer storage, if we didn't already */
247 }
249 /*
250 * Read up to len bytes of data into ptr from a GSSAPI-encrypted connection.
251 *
252 * The connection must be already set up for GSSAPI encryption (i.e., GSSAPI
253 * transport negotiation is complete).
254 *
255 * Returns the number of data bytes read, or on failure, returns -1
256 * with errno set appropriately. If the errno indicates a non-retryable
257 * error, a message is put into conn->errorMessage. For retryable errors,
258 * caller should call again once the socket is ready.
259 */
260 ssize_t
262 {
263 OM_uint32 major,
264 minor;
267 ssize_t ret;
271 /*
272 * The plan here is to read one incoming encrypted packet into
273 * PqGSSRecvBuffer, decrypt it into PqGSSResultBuffer, and then dole out
274 * data from there to the caller. When we exhaust the current input
275 * packet, read another.
276 */
278 {
281 /* Check if we have data in our buffer that we can return immediately */
283 {
287 /*
288 * Copy the data from our result buffer into the caller's buffer,
289 * at the point where we last left off filling their buffer.
290 */
295 /*
296 * At this point, we've either filled the caller's buffer or
297 * emptied our result buffer. Either way, return to caller. In
298 * the second case, we could try to read another encrypted packet,
299 * but the odds are good that there isn't one available. (If this
300 * isn't true, we chose too small a max packet size.) In any
301 * case, there's no harm letting the caller process the data we've
302 * already returned.
303 */
305 }
307 /* Result buffer is empty, so reset buffer pointers */
310 /*
311 * Because we chose above to return immediately as soon as we emit
312 * some data, bytes_returned must be zero at this point. Therefore
313 * the failure exits below can just return -1 without worrying about
314 * whether we already emitted some data.
315 */
318 /*
319 * At this point, our result buffer is empty with more bytes being
320 * requested to be read. We are now ready to load the next packet and
321 * decrypt it (entirely) into our result buffer.
322 */
324 /* Collect the length if we haven't already */
326 {
330 /* If ret <= 0, pqsecure_raw_read already set the correct errno */
336 /* If we still haven't got the length, return to the caller */
338 {
341 }
342 }
344 /* Decode the packet length and check for overlength packet */
348 {
355 }
357 /*
358 * Read as much of the packet as we are able to on this call into
359 * wherever we left off from the last time we were called.
360 */
363 /* If ret <= 0, pqsecure_raw_read already set the correct errno */
369 /* If we don't yet have the whole packet, return to the caller */
371 {
374 }
376 /*
377 * We now have the full packet and we can perform the decryption and
378 * refill our result buffer, then loop back up to pass data back to
379 * the caller. Note that error exits below here must take care of
380 * releasing the gss output buffer.
381 */
388 {
394 }
397 {
403 }
408 /* Our receive buffer is now empty, reset it */
411 /* Release buffer storage allocated by GSSAPI */
413 }
417 cleanup:
418 /* Release GSSAPI buffer storage, if we didn't already */
422 }
424 /*
425 * Simple wrapper for reading from pqsecure_raw_read.
426 *
427 * This takes the same arguments as pqsecure_raw_read, plus an output parameter
428 * to return the number of bytes read. This handles if blocking would occur and
429 * if we detect EOF on the connection.
430 */
431 static PostgresPollingStatusType
433 {
436 {
439 else
441 }
443 /* Check for EOF */
445 {
456 {
459 else
461 }
464 }
467 }
469 /*
470 * Negotiate GSSAPI transport for a connection. When complete, returns
471 * PGRES_POLLING_OK. Will return PGRES_POLLING_READING or
472 * PGRES_POLLING_WRITING as appropriate whenever it would block, and
473 * PGRES_POLLING_FAILED if transport could not be negotiated.
474 */
475 PostgresPollingStatusType
477 {
478 ssize_t ret;
479 OM_uint32 major,
480 minor;
481 uint32 netlen;
482 PostgresPollingStatusType result;
486 /*
487 * If first time through for this connection, allocate buffers and
488 * initialize state variables. By malloc'ing the buffers separately, we
489 * ensure that they are sufficiently aligned for the length-word accesses
490 * that we do in some places in this file.
491 */
493 {
498 {
502 }
505 }
507 /*
508 * Check if we have anything to send from a prior call and if so, send it.
509 */
511 {
516 {
519 else
521 }
524 {
527 }
530 }
532 /*
533 * Client sends first, and sending creates a context, therefore this will
534 * be false the first time through, and then when we get called again we
535 * will check for incoming data.
536 */
538 {
539 /* Process any incoming data we might have */
541 /* See if we are still trying to get the length */
543 {
544 /* Attempt to get the length first */
545 result = gss_read(conn, PqGSSRecvBuffer + PqGSSRecvLength, sizeof(uint32) - PqGSSRecvLength, &ret);
553 }
555 /*
556 * Check if we got an error packet
557 *
558 * This is safe to do because we shouldn't ever get a packet over 8192
559 * and therefore the actual length bytes, being that they are in
560 * network byte order, for any real packet will start with two zero
561 * bytes.
562 */
564 {
565 /*
566 * For an error packet during startup, we don't get a length, so
567 * simply read as much as we can fit into our buffer (as a string,
568 * so leave a spot at the end for a NULL byte too) and report that
569 * back to the caller.
570 */
571 result = gss_read(conn, PqGSSRecvBuffer + PqGSSRecvLength, PQ_GSS_RECV_BUFFER_SIZE - PqGSSRecvLength - 1, &ret);
582 }
584 /*
585 * We should have the whole length at this point, so pull it out and
586 * then read whatever we have left of the packet
587 */
589 /* Get the length and check for over-length packet */
592 {
598 }
600 /*
601 * Read as much of the packet as we are able to on this call into
602 * wherever we left off from the last time we were called.
603 */
611 /*
612 * If we got less than the rest of the packet then we need to return
613 * and be called again.
614 */
619 }
621 /* Load the service name (no-op if already done */
626 /*
627 * Call GSS init context, either with an empty input, or with a complete
628 * packet from the server.
629 */
635 /* GSS Init Sec Context uses the whole packet, so clear it */
639 {
643 }
646 {
647 /*
648 * We're done - hooray! Set flag to tell the low-level I/O routines
649 * to do GSS wrapping/unwrapping.
650 */
653 /* Clean up */
658 /*
659 * Determine the max packet size which will fit in our buffer, after
660 * accounting for the length. pg_GSS_write will need this.
661 */
667 {
671 }
674 }
676 /* Must have output.length > 0 */
678 {
683 }
685 /* Queue the token for writing */
694 /* We don't bother with PqGSSSendConsumed here */
696 /* Release buffer storage allocated by GSSAPI */
699 /* Ask to be called again to write data */
701 }
703 /*
704 * GSSAPI Information functions.
705 */
707 /*
708 * Return the GSSAPI Context itself.
709 */
712 {
717 }
719 /*
720 * Return true if GSSAPI encryption is in use.
721 */
722 int
724 {
729 }