1 /*-------------------------------------------------------------------------
2  *
3  * libpq-be.h
4  *	  This file contains definitions for structures and externs used
5  *	  by the postmaster during client authentication.
6  *
7  *	  Note that this is backend-internal and is NOT exported to clients.
8  *	  Structs that need to be client-visible are in pqcomm.h.
9  *
10  *
11  * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
12  * Portions Copyright (c) 1994, Regents of the University of California
13  *
14  * src/include/libpq/libpq-be.h
15  *
16  *-------------------------------------------------------------------------
17  */
18 #ifndef LIBPQ_BE_H
19 #define LIBPQ_BE_H
20 
21 #include <sys/time.h>
22 #ifdef USE_OPENSSL
23 #include <openssl/ssl.h>
24 #include <openssl/err.h>
25 #endif
26 #ifdef HAVE_NETINET_TCP_H
27 #include <netinet/tcp.h>
28 #endif
29 
30 #ifdef ENABLE_GSS
31 #if defined(HAVE_GSSAPI_H)
32 #include <gssapi.h>
33 #else
34 #include <gssapi/gssapi.h>
35 #endif							/* HAVE_GSSAPI_H */
36 /*
37  * GSSAPI brings in headers that set a lot of things in the global namespace on win32,
38  * that doesn't match the msvc build. It gives a bunch of compiler warnings that we ignore,
39  * but also defines a symbol that simply does not exist. Undefine it again.
40  */
41 #ifdef _MSC_VER
42 #undef HAVE_GETADDRINFO
43 #endif
44 #endif							/* ENABLE_GSS */
45 
46 #ifdef ENABLE_SSPI
47 #define SECURITY_WIN32
48 #if defined(WIN32) && !defined(_MSC_VER)
49 #include <ntsecapi.h>
50 #endif
51 #include <security.h>
52 #undef SECURITY_WIN32
53 
54 #ifndef ENABLE_GSS
55 /*
56  * Define a fake structure compatible with GSSAPI on Unix.
57  */
58 typedef struct
59 {
60 	void	   *value;
61 	int			length;
62 } gss_buffer_desc;
63 #endif
64 #endif							/* ENABLE_SSPI */
65 
66 #include "datatype/timestamp.h"
67 #include "libpq/hba.h"
68 #include "libpq/pqcomm.h"
69 
70 
71 typedef enum CAC_state
72 {
73 	CAC_OK, CAC_STARTUP, CAC_SHUTDOWN, CAC_RECOVERY, CAC_TOOMANY,
74 	CAC_SUPERUSER
75 } CAC_state;
76 
77 
78 /*
79  * GSSAPI specific state information
80  */
81 #if defined(ENABLE_GSS) | defined(ENABLE_SSPI)
82 typedef struct
83 {
84 	gss_buffer_desc outbuf;		/* GSSAPI output token buffer */
85 #ifdef ENABLE_GSS
86 	gss_cred_id_t cred;			/* GSSAPI connection cred's */
87 	gss_ctx_id_t ctx;			/* GSSAPI connection context */
88 	gss_name_t	name;			/* GSSAPI client name */
89 	char	   *princ;			/* GSSAPI Principal used for auth, NULL if
90 								 * GSSAPI auth was not used */
91 	bool		auth;			/* GSSAPI Authentication used */
92 	bool		enc;			/* GSSAPI encryption in use */
93 #endif
94 } pg_gssinfo;
95 #endif
96 
97 /*
98  * This is used by the postmaster in its communication with frontends.  It
99  * contains all state information needed during this communication before the
100  * backend is run.  The Port structure is kept in malloc'd memory and is
101  * still available when a backend is running (see MyProcPort).  The data
102  * it points to must also be malloc'd, or else palloc'd in TopMemoryContext,
103  * so that it survives into PostgresMain execution!
104  *
105  * remote_hostname is set if we did a successful reverse lookup of the
106  * client's IP address during connection setup.
107  * remote_hostname_resolv tracks the state of hostname verification:
108  *	+1 = remote_hostname is known to resolve to client's IP address
109  *	-1 = remote_hostname is known NOT to resolve to client's IP address
110  *	 0 = we have not done the forward DNS lookup yet
111  *	-2 = there was an error in name resolution
112  * If reverse lookup of the client IP address fails, remote_hostname will be
113  * left NULL while remote_hostname_resolv is set to -2.  If reverse lookup
114  * succeeds but forward lookup fails, remote_hostname_resolv is also set to -2
115  * (the case is distinguishable because remote_hostname isn't NULL).  In
116  * either of the -2 cases, remote_hostname_errcode saves the lookup return
117  * code for possible later use with gai_strerror.
118  */
119 
120 typedef struct Port
121 {
122 	pgsocket	sock;			/* File descriptor */
123 	bool		noblock;		/* is the socket in non-blocking mode? */
124 	ProtocolVersion proto;		/* FE/BE protocol version */
125 	SockAddr	laddr;			/* local addr (postmaster) */
126 	SockAddr	raddr;			/* remote addr (client) */
127 	char	   *remote_host;	/* name (or ip addr) of remote host */
128 	char	   *remote_hostname;	/* name (not ip addr) of remote host, if
129 									 * available */
130 	int			remote_hostname_resolv; /* see above */
131 	int			remote_hostname_errcode;	/* see above */
132 	char	   *remote_port;	/* text rep of remote port */
133 	CAC_state	canAcceptConnections;	/* postmaster connection status */
134 
135 	/*
136 	 * Information that needs to be saved from the startup packet and passed
137 	 * into backend execution.  "char *" fields are NULL if not set.
138 	 * guc_options points to a List of alternating option names and values.
139 	 */
140 	char	   *database_name;
141 	char	   *user_name;
142 	char	   *cmdline_options;
143 	List	   *guc_options;
144 
145 	/*
146 	 * The startup packet application name, only used here for the "connection
147 	 * authorized" log message. We shouldn't use this post-startup, instead
148 	 * the GUC should be used as application can change it afterward.
149 	 */
150 	char	   *application_name;
151 
152 	/*
153 	 * Information that needs to be held during the authentication cycle.
154 	 */
155 	HbaLine    *hba;
156 
157 	/*
158 	 * TCP keepalive and user timeout settings.
159 	 *
160 	 * default values are 0 if AF_UNIX or not yet known; current values are 0
161 	 * if AF_UNIX or using the default. Also, -1 in a default value means we
162 	 * were unable to find out the default (getsockopt failed).
163 	 */
164 	int			default_keepalives_idle;
165 	int			default_keepalives_interval;
166 	int			default_keepalives_count;
167 	int			default_tcp_user_timeout;
168 	int			keepalives_idle;
169 	int			keepalives_interval;
170 	int			keepalives_count;
171 	int			tcp_user_timeout;
172 
173 	/*
174 	 * GSSAPI structures.
175 	 */
176 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
177 
178 	/*
179 	 * If GSSAPI is supported and used on this connection, store GSSAPI
180 	 * information.  Even when GSSAPI is not compiled in, store a NULL pointer
181 	 * to keep struct offsets the same (for extension ABI compatibility).
182 	 */
183 	pg_gssinfo *gss;
184 #else
185 	void	   *gss;
186 #endif
187 
188 	/*
189 	 * SSL structures.
190 	 */
191 	bool		ssl_in_use;
192 	char	   *peer_cn;
193 	bool		peer_cert_valid;
194 
195 	/*
196 	 * OpenSSL structures. (Keep these last so that the locations of other
197 	 * fields are the same whether or not you build with OpenSSL.)
198 	 */
199 #ifdef USE_OPENSSL
200 	SSL		   *ssl;
201 	X509	   *peer;
202 #endif
203 } Port;
204 
205 #ifdef USE_SSL
206 /*
207  *	Hardcoded DH parameters, used in ephemeral DH keying.  (See also
208  *	README.SSL for more details on EDH.)
209  *
210  *	This is the 2048-bit DH parameter from RFC 3526.  The generation of the
211  *	prime is specified in RFC 2412 Appendix E, which also discusses the
212  *	design choice of the generator.  Note that when loaded with OpenSSL
213  *	this causes DH_check() to fail on DH_NOT_SUITABLE_GENERATOR, where
214  *	leaking a bit is preferred.
215  */
216 #define FILE_DH2048 \
217 "-----BEGIN DH PARAMETERS-----\n\
218 MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n\
219 IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n\
220 awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n\
221 mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n\
222 fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n\
223 5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n\
224 -----END DH PARAMETERS-----\n"
225 
226 /*
227  * These functions are implemented by the glue code specific to each
228  * SSL implementation (e.g. be-secure-openssl.c)
229  */
230 
231 /*
232  * Initialize global SSL context.
233  *
234  * If isServerStart is true, report any errors as FATAL (so we don't return).
235  * Otherwise, log errors at LOG level and return -1 to indicate trouble,
236  * preserving the old SSL state if any.  Returns 0 if OK.
237  */
238 extern int	be_tls_init(bool isServerStart);
239 
240 /*
241  * Destroy global SSL context, if any.
242  */
243 extern void be_tls_destroy(void);
244 
245 /*
246  * Attempt to negotiate SSL connection.
247  */
248 extern int	be_tls_open_server(Port *port);
249 
250 /*
251  * Close SSL connection.
252  */
253 extern void be_tls_close(Port *port);
254 
255 /*
256  * Read data from a secure connection.
257  */
258 extern ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor);
259 
260 /*
261  * Write data to a secure connection.
262  */
263 extern ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor);
264 
265 /*
266  * Return information about the SSL connection.
267  */
268 extern int	be_tls_get_cipher_bits(Port *port);
269 extern bool be_tls_get_compression(Port *port);
270 extern const char *be_tls_get_version(Port *port);
271 extern const char *be_tls_get_cipher(Port *port);
272 extern void be_tls_get_peer_subject_name(Port *port, char *ptr, size_t len);
273 extern void be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len);
274 extern void be_tls_get_peer_serial(Port *port, char *ptr, size_t len);
275 
276 /*
277  * Get the server certificate hash for SCRAM channel binding type
278  * tls-server-end-point.
279  *
280  * The result is a palloc'd hash of the server certificate with its
281  * size, and NULL if there is no certificate available.
282  *
283  * This is not supported with old versions of OpenSSL that don't have
284  * the X509_get_signature_nid() function.
285  */
286 #if defined(USE_OPENSSL) && defined(HAVE_X509_GET_SIGNATURE_NID)
287 #define HAVE_BE_TLS_GET_CERTIFICATE_HASH
288 extern char *be_tls_get_certificate_hash(Port *port, size_t *len);
289 #endif
290 
291 /* init hook for SSL, the default sets the password callback if appropriate */
292 #ifdef USE_OPENSSL
293 typedef void (*openssl_tls_init_hook_typ) (SSL_CTX *context, bool isServerStart);
294 extern PGDLLIMPORT openssl_tls_init_hook_typ openssl_tls_init_hook;
295 #endif
296 
297 #endif							/* USE_SSL */
298 
299 #ifdef ENABLE_GSS
300 /*
301  * Return information about the GSSAPI authenticated connection
302  */
303 extern bool be_gssapi_get_auth(Port *port);
304 extern bool be_gssapi_get_enc(Port *port);
305 extern const char *be_gssapi_get_princ(Port *port);
306 
307 /* Read and write to a GSSAPI-encrypted connection. */
308 extern ssize_t be_gssapi_read(Port *port, void *ptr, size_t len);
309 extern ssize_t be_gssapi_write(Port *port, void *ptr, size_t len);
310 #endif							/* ENABLE_GSS */
311 
312 extern ProtocolVersion FrontendProtocol;
313 
314 /* TCP keepalives configuration. These are no-ops on an AF_UNIX socket. */
315 
316 extern int	pq_getkeepalivesidle(Port *port);
317 extern int	pq_getkeepalivesinterval(Port *port);
318 extern int	pq_getkeepalivescount(Port *port);
319 extern int	pq_gettcpusertimeout(Port *port);
320 
321 extern int	pq_setkeepalivesidle(int idle, Port *port);
322 extern int	pq_setkeepalivesinterval(int interval, Port *port);
323 extern int	pq_setkeepalivescount(int count, Port *port);
324 extern int	pq_settcpusertimeout(int timeout, Port *port);
325 
326 #endif							/* LIBPQ_BE_H */
327