On Tue, Dec 22, 2020 at 10:40:17AM -0500, Bruce Momjian wrote:
> On Mon, Dec 21, 2020 at 10:07:48PM -0500, Bruce Momjian wrote:
> > Attached is the script patch. It is also at:
> >
> >
> > https://github.com/postgres/postgres/compare/master...bmomjian:cfe-sh.diff
> >
> > I think it still needs docs but those will have to be done after the
> > code doc patch is added.
>
> Here is an updated patch. Are people happy with the Makefile, its
> location in the source tree, and the install directory name? I used the
> directory name 'auth_commands' because I thought 'auth' was too easily
> misinterpreted. I put the scripts in /src/backend/utils/auth_commands.
> It also contains a script that can be used for SSL passphrase prompting,
> but I haven't written the C code for that yet.
Here is a new patch, build on previous patches, which allows for the SSL
passphrase to be prompted from the terminal.
--
Bruce Momjian <br...@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
new file mode 100644
index 639c623..850813e
*** a/doc/src/sgml/config.sgml
--- b/doc/src/sgml/config.sgml
*************** include_dir 'conf.d'
*** 1452,1469 ****
mechanism is used.
</para>
<para>
! The command must print the passphrase to the standard output and exit
! with code 0. In the parameter value, <literal>%p</literal> is
! replaced by a prompt string. (Write <literal>%%</literal> for a
! literal <literal>%</literal>.) Note that the prompt string will
! probably contain whitespace, so be sure to quote adequately. A single
! newlines is stripped from the end of the output if present.
! </para>
! <para>
! The command does not actually have to prompt the user for a
! passphrase. It can read it from a file, obtain it from a keychain
! facility, or similar. It is up to the user to make sure the chosen
! mechanism is adequately secure.
</para>
<para>
This parameter can only be set in the <filename>postgresql.conf</filename>
--- 1452,1469 ----
mechanism is used.
</para>
<para>
! The command must print the passphrase to the standard output
! and exit with code 0. It can prompt from the terminal if
! <option>--authprompt</option> is used. In the parameter value,
! <literal>%R</literal> represents the file descriptor number opened
! to the terminal that started the server. A file descriptor is only
! available if enabled at server start. If <literal>%R</literal>
! is used and no file descriptor is available, the server will not
! start. Value <literal>%p</literal> is replaced by a pre-defined
! prompt string. (Write <literal>%%</literal> for a literal
! <literal>%</literal>.) Note that the prompt string will probably
! contain whitespace, so be sure to quote its use adequately.
! Newlines are stripped from the end of the output if present.
</para>
<para>
This parameter can only be set in the <filename>postgresql.conf</filename>
*************** include_dir 'conf.d'
*** 1486,1495 ****
parameter is off (the default), then
<varname>ssl_passphrase_command</varname> will be ignored during a
reload and the SSL configuration will not be reloaded if a passphrase
! is needed. That setting is appropriate for a command that requires a
! TTY for prompting, which might not be available when the server is
! running. Setting this parameter to on might be appropriate if the
! passphrase is obtained from a file, for example.
</para>
<para>
This parameter can only be set in the <filename>postgresql.conf</filename>
--- 1486,1495 ----
parameter is off (the default), then
<varname>ssl_passphrase_command</varname> will be ignored during a
reload and the SSL configuration will not be reloaded if a passphrase
! is needed. This setting is appropriate for a command that requires a
! terminal for prompting, which might not be available when the server is
! running. Setting this parameter on might be appropriate, for
! example, if the passphrase is obtained from a file.
</para>
<para>
This parameter can only be set in the <filename>postgresql.conf</filename>
diff --git a/doc/src/sgml/ref/pg_ctl-ref.sgml b/doc/src/sgml/ref/pg_ctl-ref.sgml
new file mode 100644
index f04e417..0662ae0
*** a/doc/src/sgml/ref/pg_ctl-ref.sgml
--- b/doc/src/sgml/ref/pg_ctl-ref.sgml
*************** PostgreSQL documentation
*** 380,387 ****
<term><option>--authprompt</option></term>
<listitem>
<para>
! Allows the <option>--cluster-key-command</option> command
! to prompt for a passphrase or PIN.
</para>
</listitem>
</varlistentry>
--- 380,388 ----
<term><option>--authprompt</option></term>
<listitem>
<para>
! Allows <option>ssl_passphrase_command</option> or
! <option>cluster_key_command</option> to prompt for a passphrase
! or PIN.
</para>
</listitem>
</varlistentry>
diff --git a/doc/src/sgml/ref/pgupgrade.sgml b/doc/src/sgml/ref/pgupgrade.sgml
new file mode 100644
index 98be392..b1bcdb7
*** a/doc/src/sgml/ref/pgupgrade.sgml
--- b/doc/src/sgml/ref/pgupgrade.sgml
*************** PostgreSQL documentation
*** 170,176 ****
<varlistentry>
<term><option>-R</option></term>
<term><option>--authprompt</option></term>
! <listitem><para>allows prompting for a passphrase or PIN
</para></listitem>
</varlistentry>
--- 170,178 ----
<varlistentry>
<term><option>-R</option></term>
<term><option>--authprompt</option></term>
! <listitem><para>allows <option>ssl_passphrase_command</option> or
! <option>cluster_key_command</option> to prompt for a passphrase
! or PIN.
</para></listitem>
</varlistentry>
diff --git a/src/backend/libpq/be-secure-common.c b/src/backend/libpq/be-secure-common.c
new file mode 100644
index 94cdf4c..1b712cf
*** a/src/backend/libpq/be-secure-common.c
--- b/src/backend/libpq/be-secure-common.c
***************
*** 22,27 ****
--- 22,28 ----
#include <sys/stat.h>
#include <unistd.h>
+ #include "postmaster/postmaster.h"
#include "common/string.h"
#include "libpq/libpq.h"
#include "storage/fd.h"
*************** run_ssl_passphrase_command(const char *p
*** 61,66 ****
--- 62,80 ----
appendStringInfoString(&command, prompt);
p++;
break;
+ case 'R':
+ {
+ char fd_str[20];
+
+ if (terminal_fd == -1)
+ ereport(ERROR,
+ (errcode(ERRCODE_INTERNAL_ERROR),
+ errmsg("ssl_passphrase_command referenced %%R, but -R not specified")));
+ p++;
+ snprintf(fd_str, sizeof(fd_str), "%d", terminal_fd);
+ appendStringInfoString(&command, fd_str);
+ break;
+ }
case '%':
appendStringInfoChar(&command, '%');
p++;
