|
Lines 404-410
static void BackendRun(Port *port) pg_attribute_noreturn();
Link Here
|
| 404 |
static void ExitPostmaster(int status) pg_attribute_noreturn(); |
404 |
static void ExitPostmaster(int status) pg_attribute_noreturn(); |
| 405 |
static int ServerLoop(void); |
405 |
static int ServerLoop(void); |
| 406 |
static int BackendStartup(Port *port); |
406 |
static int BackendStartup(Port *port); |
| 407 |
static int ProcessStartupPacket(Port *port, bool secure_done); |
407 |
static int ProcessStartupPacket(Port *port, bool secure_done, bool allow_ssl, bool allow_gss); |
| 408 |
static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options); |
408 |
static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options); |
| 409 |
static void processCancelRequest(Port *port, void *pkt); |
409 |
static void processCancelRequest(Port *port, void *pkt); |
| 410 |
static int initMasks(fd_set *rmask); |
410 |
static int initMasks(fd_set *rmask); |
|
Lines 1918-1924
initMasks(fd_set *rmask)
Link Here
|
| 1918 |
* GSSAPI) is already completed. |
1918 |
* GSSAPI) is already completed. |
| 1919 |
*/ |
1919 |
*/ |
| 1920 |
static int |
1920 |
static int |
| 1921 |
ProcessStartupPacket(Port *port, bool secure_done) |
1921 |
ProcessStartupPacket(Port *port, bool secure_done, bool allow_ssl, bool allow_gss) |
| 1922 |
{ |
1922 |
{ |
| 1923 |
int32 len; |
1923 |
int32 len; |
| 1924 |
void *buf; |
1924 |
void *buf; |
|
Lines 2009-2015
ProcessStartupPacket(Port *port, bool secure_done)
Link Here
|
| 2009 |
|
2009 |
|
| 2010 |
#ifdef USE_SSL |
2010 |
#ifdef USE_SSL |
| 2011 |
/* No SSL when disabled or on Unix sockets */ |
2011 |
/* No SSL when disabled or on Unix sockets */ |
| 2012 |
if (!LoadedSSL || IS_AF_UNIX(port->laddr.addr.ss_family)) |
2012 |
if (!LoadedSSL || IS_AF_UNIX(port->laddr.addr.ss_family) || !allow_ssl) |
| 2013 |
SSLok = 'N'; |
2013 |
SSLok = 'N'; |
| 2014 |
else |
2014 |
else |
| 2015 |
SSLok = 'S'; /* Support for SSL */ |
2015 |
SSLok = 'S'; /* Support for SSL */ |
|
Lines 2029-2047
retry1:
Link Here
|
| 2029 |
} |
2029 |
} |
| 2030 |
|
2030 |
|
| 2031 |
#ifdef USE_SSL |
2031 |
#ifdef USE_SSL |
| 2032 |
if (SSLok == 'S' && secure_open_server(port) == -1) |
2032 |
if (SSLok == 'S') { |
| 2033 |
return STATUS_ERROR; |
2033 |
if (secure_open_server(port) == -1) { |
|
|
2034 |
return STATUS_ERROR; |
| 2035 |
} |
| 2036 |
else |
| 2037 |
{ |
| 2038 |
secure_done = true; |
| 2039 |
} |
| 2040 |
} |
| 2034 |
#endif |
2041 |
#endif |
| 2035 |
/* regular startup packet, cancel, etc packet should follow... */ |
2042 |
/* regular startup packet, cancel, etc packet should follow... */ |
| 2036 |
/* but not another SSL negotiation request */ |
2043 |
/* but not another SSL negotiation request */ |
| 2037 |
return ProcessStartupPacket(port, true); |
2044 |
return ProcessStartupPacket(port, secure_done, false, allow_gss); |
| 2038 |
} |
2045 |
} |
| 2039 |
else if (proto == NEGOTIATE_GSS_CODE && !secure_done) |
2046 |
else if (proto == NEGOTIATE_GSS_CODE && !secure_done) |
| 2040 |
{ |
2047 |
{ |
| 2041 |
char GSSok = 'N'; |
2048 |
char GSSok = 'N'; |
| 2042 |
#ifdef ENABLE_GSS |
2049 |
#ifdef ENABLE_GSS |
| 2043 |
/* No GSSAPI encryption when on Unix socket */ |
2050 |
/* No GSSAPI encryption when on Unix socket */ |
| 2044 |
if (!IS_AF_UNIX(port->laddr.addr.ss_family)) |
2051 |
if (!IS_AF_UNIX(port->laddr.addr.ss_family) && allow_gss) |
| 2045 |
GSSok = 'G'; |
2052 |
GSSok = 'G'; |
| 2046 |
#endif |
2053 |
#endif |
| 2047 |
|
2054 |
|
|
Lines 2056-2066
retry1:
Link Here
|
| 2056 |
} |
2063 |
} |
| 2057 |
|
2064 |
|
| 2058 |
#ifdef ENABLE_GSS |
2065 |
#ifdef ENABLE_GSS |
| 2059 |
if (GSSok == 'G' && secure_open_gssapi(port) == -1) |
2066 |
if (GSSok == 'G') { |
| 2060 |
return STATUS_ERROR; |
2067 |
if (secure_open_gssapi(port) == -1) { |
|
|
2068 |
return STATUS_ERROR; |
| 2069 |
} |
| 2070 |
else |
| 2071 |
{ |
| 2072 |
secure_done = true; |
| 2073 |
} |
| 2074 |
} |
| 2061 |
#endif |
2075 |
#endif |
| 2062 |
/* Won't ever see more than one negotiation request */ |
2076 |
/* Won't ever see more than one negotiation request */ |
| 2063 |
return ProcessStartupPacket(port, true); |
2077 |
return ProcessStartupPacket(port, secure_done, allow_ssl, false); |
| 2064 |
} |
2078 |
} |
| 2065 |
|
2079 |
|
| 2066 |
/* Could add additional special packet types here */ |
2080 |
/* Could add additional special packet types here */ |
|
Lines 4400-4406
BackendInitialize(Port *port)
Link Here
|
| 4400 |
* Receive the startup packet (which might turn out to be a cancel request |
4414 |
* Receive the startup packet (which might turn out to be a cancel request |
| 4401 |
* packet). |
4415 |
* packet). |
| 4402 |
*/ |
4416 |
*/ |
| 4403 |
status = ProcessStartupPacket(port, false); |
4417 |
status = ProcessStartupPacket(port, false, true, true); |
| 4404 |
|
4418 |
|
| 4405 |
/* |
4419 |
/* |
| 4406 |
* Stop here if it was bad or a cancel packet. ProcessStartupPacket |
4420 |
* Stop here if it was bad or a cancel packet. ProcessStartupPacket |
| 4407 |
- |
|
|
