1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
/*-------------------------------------------------------------------------
*
* ssl_passphrase_func.c
*
* Loadable PostgreSQL module fetch an ssl passphrase for the server cert.
* instead of calling an external program. This implementation just hands
* back the configured password rot13'd.
*
*-------------------------------------------------------------------------
*/
#include "postgres.h"
#include <float.h>
#include <stdio.h>
#include "libpq/libpq.h"
#include "libpq/libpq-be.h"
#include "utils/guc.h"
PG_MODULE_MAGIC;
static char *ssl_passphrase = NULL;
/* callback function */
static int rot13_passphrase(char *buf, int size, int rwflag, void *userdata);
/* hook function to set the callback */
static void set_rot13(SSL_CTX *context, bool isServerStart);
/*
* Module load callback
*/
void
_PG_init(void)
{
/* Define custom GUC variable. */
DefineCustomStringVariable("ssl_passphrase.passphrase",
"passphrase before transformation",
NULL,
&ssl_passphrase,
NULL,
PGC_SIGHUP,
0, /* no flags required */
NULL,
NULL,
NULL);
MarkGUCPrefixReserved("ssl_passphrase");
if (ssl_passphrase)
openssl_tls_init_hook = set_rot13;
}
static void
set_rot13(SSL_CTX *context, bool isServerStart)
{
/* warn if the user has set ssl_passphrase_command */
if (ssl_passphrase_command[0])
ereport(WARNING,
(errmsg("ssl_passphrase_command setting ignored by ssl_passphrase_func module")));
SSL_CTX_set_default_passwd_cb(context, rot13_passphrase);
}
static int
rot13_passphrase(char *buf, int size, int rwflag, void *userdata)
{
Assert(ssl_passphrase != NULL);
strlcpy(buf, ssl_passphrase, size);
for (char *p = buf; *p; p++)
{
char c = *p;
if ((c >= 'a' && c <= 'm') || (c >= 'A' && c <= 'M'))
*p = c + 13;
else if ((c >= 'n' && c <= 'z') || (c >= 'N' && c <= 'Z'))
*p = c - 13;
}
return strlen(buf);
}
|
