Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3405f2b

Browse files
committed
Use error message wordings for permissions checks on .pgpass and SSL private
key files that are similar to the one for the postmaster's data directorypermissions check. (I chose to standardize on that one since it's the mostheavily used and presumably best-wordsmithed by now.) Also eliminate explicittests on file ownership in these places, since the ensuing read attempt mustfail anyway if it's wrong, and there seems no value in issuing the same errormessage for distinct problems. (But I left in the explicit ownership test inpostmaster.c, since it had its own error message anyway.) Also be morespecific in the documentation's descriptions of these checks. Per a gripefrom Kevin Hunter.
1 parentc5f11f9 commit3405f2b

File tree

6 files changed

+39
-24
lines changed

6 files changed

+39
-24
lines changed

‎doc/src/sgml/libpq.sgml

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.256 2008/03/06 15:37:56 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.257 2008/03/31 02:43:14 tgl Exp $ -->
22

33
<chapter id="libpq">
44
<title><application>libpq</application> - C Library</title>
@@ -5223,11 +5223,13 @@ defaultNoticeProcessor(void *arg, const char *message)
52235223
authorities (<acronym>CA</acronym>) trusted by the server. A matching
52245224
private key file <filename>~/.postgresql/postgresql.key</> must also
52255225
be present, unless the secret key for the certificate is stored in a
5226-
hardware token, as specified by <envar>PGSSLKEY</envar>. (On Microsoft
5227-
Windows these files are named
5226+
hardware token, as specified by <envar>PGSSLKEY</envar>. The private
5227+
key file must not allow any access to world or group; achieve this by the
5228+
command <command>chmod 0600 ~/.postgresql/postgresql.key</command>.
5229+
On Microsoft Windows these files are named
52285230
<filename>%APPDATA%\postgresql\postgresql.crt</filename> and
5229-
<filename>%APPDATA%\postgresql\postgresql.key</filename>.) The private
5230-
key file must not be world-readable.
5231+
<filename>%APPDATA%\postgresql\postgresql.key</filename>, and there
5232+
is no special permissions check since the directory is presumed secure.
52315233
</para>
52325234

52335235
<para>

‎doc/src/sgml/runtime.sgml

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.410 2008/03/21 14:23:37 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.411 2008/03/31 02:43:14 tgl Exp $ -->
22

33
<chapter Id="runtime">
44
<title>Operating System Environment</title>
@@ -1632,7 +1632,11 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
16321632
To start in <acronym>SSL</> mode, the files <filename>server.crt</>
16331633
and <filename>server.key</> must exist in the server's data directory.
16341634
These files should contain the server certificate and private key,
1635-
respectively. If the private key is protected with a passphrase, the
1635+
respectively.
1636+
On Unix systems, the permissions on <filename>server.key</filename> must
1637+
disallow any access to world or group; achieve this by the command
1638+
<command>chmod 0600 server.key</command>.
1639+
If the private key is protected with a passphrase, the
16361640
server will prompt for the passphrase and will not start until it has
16371641
been entered.
16381642
</para>
@@ -1731,10 +1735,15 @@ rm privkey.pem
17311735
Enter the old passphrase to unlock the existing key. Now do:
17321736
<programlisting>
17331737
openssl req -x509 -in server.req -text -key server.key -out server.crt
1734-
chmod og-rwx server.key
17351738
</programlisting>
17361739
to turn the certificate into a self-signed certificate and to copy
17371740
the key and certificate to where the server will look for them.
1741+
Finally do
1742+
<programlisting>
1743+
chmod og-rwx server.key
1744+
</programlisting>
1745+
because the server will reject the file if its permissions are more
1746+
liberal than this.
17381747
For more details on how to create your server private key and
17391748
certificate, refer to the <productname>OpenSSL</> documentation.
17401749
</para>

‎src/backend/libpq/be-secure.c

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.83 2008/01/01 19:45:49 momjian Exp $
14+
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.84 2008/03/31 02:43:14 tgl Exp $
1515
*
1616
* Since the server static private key ($DataDir/server.key)
1717
* will normally be stored unencrypted so that the database
@@ -735,7 +735,7 @@ initialize_SSL(void)
735735
errmsg("could not load server certificate file \"%s\": %s",
736736
SERVER_CERT_FILE,SSLerrmessage())));
737737

738-
if (stat(SERVER_PRIVATE_KEY_FILE,&buf)==-1)
738+
if (stat(SERVER_PRIVATE_KEY_FILE,&buf)!=0)
739739
ereport(FATAL,
740740
(errcode_for_file_access(),
741741
errmsg("could not access private key file \"%s\": %m",
@@ -750,13 +750,12 @@ initialize_SSL(void)
750750
* directory permission check in postmaster.c)
751751
*/
752752
#if !defined(WIN32)&& !defined(__CYGWIN__)
753-
if (!S_ISREG(buf.st_mode)|| (buf.st_mode& (S_IRWXG |S_IRWXO))||
754-
buf.st_uid!=geteuid())
753+
if (!S_ISREG(buf.st_mode)||buf.st_mode& (S_IRWXG |S_IRWXO))
755754
ereport(FATAL,
756755
(errcode(ERRCODE_CONFIG_FILE_ERROR),
757-
errmsg("unsafe permissions onprivate key file \"%s\"",
756+
errmsg("private key file \"%s\" has group or world access",
758757
SERVER_PRIVATE_KEY_FILE),
759-
errdetail("File must beowned by the database user and must have no permissions for \"group\"or\"other\".")));
758+
errdetail("Permissions should beu=rw (0600)orless.")));
760759
#endif
761760

762761
if (!SSL_CTX_use_PrivateKey_file(SSL_context,

‎src/backend/postmaster/postmaster.c

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@
3737
*
3838
*
3939
* IDENTIFICATION
40-
* $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.553 2008/03/09 04:56:28 tgl Exp $
40+
* $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.554 2008/03/31 02:43:14 tgl Exp $
4141
*
4242
* NOTES
4343
*
@@ -1053,6 +1053,13 @@ checkDataDir(void)
10531053
DataDir)));
10541054
}
10551055

1056+
/* eventual chdir would fail anyway, but let's test ... */
1057+
if (!S_ISDIR(stat_buf.st_mode))
1058+
ereport(FATAL,
1059+
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1060+
errmsg("specified data directory \"%s\" is not a directory",
1061+
DataDir)));
1062+
10561063
/*
10571064
* Check that the directory belongs to my userid; if not, reject.
10581065
*

‎src/interfaces/libpq/fe-connect.c

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.356 2008/01/29 02:06:30 tgl Exp $
11+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.357 2008/03/31 02:43:14 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -3718,11 +3718,10 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
37183718
}
37193719

37203720
/* If password file cannot be opened, ignore it. */
3721-
if (stat(pgpassfile,&stat_buf)==-1)
3721+
if (stat(pgpassfile,&stat_buf)!=0)
37223722
returnNULL;
37233723

37243724
#ifndefWIN32
3725-
37263725
if (!S_ISREG(stat_buf.st_mode))
37273726
{
37283727
fprintf(stderr,
@@ -3735,7 +3734,7 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
37353734
if (stat_buf.st_mode& (S_IRWXG |S_IRWXO))
37363735
{
37373736
fprintf(stderr,
3738-
libpq_gettext("WARNING: password file \"%s\" hasworld orgroup readaccess;permission should be u=rw (0600)\n"),
3737+
libpq_gettext("WARNING: password file \"%s\" hasgroup orworldaccess;permissions should be u=rw (0600) or less\n"),
37393738
pgpassfile);
37403739
returnNULL;
37413740
}

‎src/interfaces/libpq/fe-secure.c

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.103 2008/02/16 21:03:30 momjian Exp $
14+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.104 2008/03/31 02:43:14 tgl Exp $
1515
*
1616
* NOTES
1717
* [ Most of these notes are wrong/obsolete, but perhaps not all ]
@@ -703,7 +703,7 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
703703
{
704704
/* read the user key from file */
705705
snprintf(fnbuf,sizeof(fnbuf),"%s/%s",homedir,USER_KEY_FILE);
706-
if (stat(fnbuf,&buf)==-1)
706+
if (stat(fnbuf,&buf)!=0)
707707
{
708708
printfPQExpBuffer(&conn->errorMessage,
709709
libpq_gettext("certificate present, but not private key file \"%s\"\n"),
@@ -712,11 +712,10 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
712712
return0;
713713
}
714714
#ifndefWIN32
715-
if (!S_ISREG(buf.st_mode)|| (buf.st_mode&0077)||
716-
buf.st_uid!=geteuid())
715+
if (!S_ISREG(buf.st_mode)||buf.st_mode& (S_IRWXG |S_IRWXO))
717716
{
718717
printfPQExpBuffer(&conn->errorMessage,
719-
libpq_gettext("private key file \"%s\" haswrongpermissions\n"),
718+
libpq_gettext("private key file \"%s\" hasgroup or world access;permissions should be u=rw (0600) or less\n"),
720719
fnbuf);
721720
ERR_pop_to_mark();
722721
return0;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp