diff options
| author | unknown <tonu@x3.internalnet> | 2001-05-20 14:04:46 +0200 |
|---|---|---|
| committer | unknown <tonu@x3.internalnet> | 2001-05-20 14:04:46 +0200 |
| commit | f70e8a23fa9cfef27c9b963e648bcfd87e930bf3 (patch) | |
| tree | 92971e504b06dfed3df5e0fc382215c66b0053a2 /vio | |
| parent | 0fc76938a128a78e2186f84b967c23cc0769e6fe (diff) | |
| download | mariadb-git-f70e8a23fa9cfef27c9b963e648bcfd87e930bf3.tar.gz | |
viotcpip.c BitKeeper file /home/tonu/bk/mysql-4.0/vio/viotcpip.c
viosslfactories.c BitKeeper file /home/tonu/bk/mysql-4.0/vio/viosslfactories.c
viossl.c BitKeeper file /home/tonu/bk/mysql-4.0/vio/viossl.c
vio.c BitKeeper file /home/tonu/bk/mysql-4.0/vio/vio.c
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/vio.c | 151 | ||||
| -rw-r--r-- | vio/viossl.c | 358 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 276 | ||||
| -rw-r--r-- | vio/viotcpip.c | 351 |
4 files changed, 1136 insertions, 0 deletions
diff --git a/vio/vio.c b/vio/vio.c new file mode 100644 index 00000000000..9775c002737 --- /dev/null +++ b/vio/vio.c @@ -0,0 +1,151 @@ +/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + +/* + Note that we can't have assertion on file descriptors; The reason for + this is that during mysql shutdown, another thread can close a file + we are working on. In this case we should just return read errors from + the file descriptior. +*/ + +#define DONT_MAP_VIO +#include <global.h> + +#include <errno.h> +#include <assert.h> +#include <vio.h> +#include <my_sys.h> +#include <my_net.h> +#include <m_string.h> +#ifdef HAVE_POLL +#include <sys/poll.h> +#endif +#ifdef HAVE_SYS_IOCTL_H +#include <sys/ioctl.h> +#endif + +#if defined(__EMX__) +#define ioctlsocket ioctl +#endif /* defined(__EMX__) */ + +#if defined(MSDOS) || defined(__WIN__) +#ifdef __WIN__ +#undef errno +#undef EINTR +#undef EAGAIN +#define errno WSAGetLastError() +#define EINTR WSAEINTR +#define EAGAIN WSAEINPROGRESS +#endif /* __WIN__ */ +#define O_NONBLOCK 1 /* For emulation of fcntl() */ +#endif +#ifndef EWOULDBLOCK +#define EWOULDBLOCK EAGAIN +#endif + + +/* + * Helper to fill most of the st_vio* with defaults. + */ + +void vio_reset(st_vio* vio, enum enum_vio_type type, + my_socket sd, HANDLE hPipe, + my_bool localhost) +{ + bzero((char*) vio, sizeof(st_vio)); + vio->type = type; + vio->sd = sd; + vio->hPipe = hPipe; + vio->localhost= localhost; +#ifdef HAVE_VIO +if(type == VIO_TYPE_SSL){ + vio->viodelete =vio_ssl_delete; + vio->vioerrno =vio_ssl_errno; + vio->read =vio_ssl_read; + vio->write =vio_ssl_write; + vio->fastsend =vio_ssl_fastsend; + vio->viokeepalive=vio_ssl_keepalive; + vio->should_retry=vio_ssl_should_retry; + vio->vioclose =vio_ssl_close; + vio->peer_addr =vio_ssl_peer_addr; + vio->in_addr =vio_ssl_in_addr; + vio->poll_read =vio_ssl_poll_read; +} else { /* default is VIO_TYPE_TCPIP */ + vio->viodelete =vio_delete; + vio->vioerrno =vio_errno; + vio->read =vio_read; + vio->write =vio_write; + vio->fastsend =vio_fastsend; + vio->viokeepalive=vio_keepalive; + vio->should_retry=vio_should_retry; + vio->vioclose =vio_close; + vio->peer_addr =vio_peer_addr; + vio->in_addr =vio_in_addr; + vio->poll_read =vio_poll_read; +} + +#endif /* HAVE_VIO */ +} + +/* Open the socket or TCP/IP connection and read the fnctl() status */ + +st_vio *vio_new(my_socket sd, enum enum_vio_type type, my_bool localhost) +{ + st_vio *vio; + DBUG_ENTER("vio_new"); + DBUG_PRINT("enter", ("sd=%d", sd)); + if ((vio = (st_vio*) my_malloc(sizeof(*vio),MYF(MY_WME)))) + { + vio_reset(vio, type, sd, 0, localhost); + sprintf(vio->desc, + (vio->type == VIO_TYPE_SOCKET ? "socket (%d)" : "TCP/IP (%d)"), + vio->sd); +#if !defined(___WIN__) && !defined(__EMX__) +#if !defined(NO_FCNTL_NONBLOCK) + vio->fcntl_mode = fcntl(sd, F_GETFL); +#elif defined(HAVE_SYS_IOCTL_H) /* hpux */ + /* Non blocking sockets doesn't work good on HPUX 11.0 */ + (void) ioctl(sd,FIOSNBIO,0); +#endif +#else /* !defined(__WIN__) && !defined(__EMX__) */ + { + /* set to blocking mode by default */ + ulong arg=0, r; + r = ioctlsocket(sd,FIONBIO,(void*) &arg, sizeof(arg)); + } +#endif + } + DBUG_RETURN(vio); +} + + +#ifdef __WIN__ + +st_vio *vio_new_win32pipe(HANDLE hPipe) +{ + st_vio *vio; + DBUG_ENTER("vio_new_handle"); + if ((vio = (st_vio*) my_malloc(sizeof(st_vio),MYF(MY_WME)))) + { + vio_reset(vio, VIO_TYPE_NAMEDPIPE, 0, hPipe, TRUE); + strmov(vio->desc, "named pipe"); + } + DBUG_RETURN(vio); +} + +#endif + + diff --git a/vio/viossl.c b/vio/viossl.c new file mode 100644 index 00000000000..5600bc1a800 --- /dev/null +++ b/vio/viossl.c @@ -0,0 +1,358 @@ +/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + MA 02111-1307, USA */ + +/* + Note that we can't have assertion on file descriptors; The reason for + this is that during mysql shutdown, another thread can close a file + we are working on. In this case we should just return read errors from + the file descriptior. +*/ + +#include <global.h> + +#include <errno.h> +#include <assert.h> +#include <vio.h> +#include <my_sys.h> +#include <my_net.h> +#include <m_string.h> +#ifdef HAVE_POLL +#include <sys/poll.h> +#endif +#ifdef HAVE_SYS_IOCTL_H +#include <sys/ioctl.h> +#endif + +#if defined(__EMX__) +#define ioctlsocket ioctl +#endif /* defined(__EMX__) */ + +#if defined(MSDOS) || defined(__WIN__) +#ifdef __WIN__ +#undef errno +#undef EINTR +#undef EAGAIN +#define errno WSAGetLastError() +#define EINTR WSAEINTR +#define EAGAIN WSAEINPROGRESS +#endif /* __WIN__ */ +#define O_NONBLOCK 1 /* For emulation of fcntl() */ +#endif +#ifndef EWOULDBLOCK +#define EWOULDBLOCK EAGAIN +#endif + +#ifndef __WIN__ +#define HANDLE void * +#endif + + +#ifdef HAVE_OPENSSL +void vio_ssl_delete(st_vio * vio) +{ + /* It must be safe to delete null pointers. */ + /* This matches the semantics of C++'s delete operator. */ + if (vio) + { + if (vio->type != VIO_CLOSED) + vio_close(vio); + my_free((gptr) vio,MYF(0)); + } +} + +int vio_ssl_errno(st_vio *vio __attribute__((unused))) +{ + return errno; /* On Win32 this mapped to WSAGetLastError() */ +} + + +int vio_ssl_read(st_vio * vio, gptr buf, int size) +{ + int r; + DBUG_ENTER("vio_ssl_read"); + DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); + assert(vio->ssl_!= 0); + r = SSL_read(vio->ssl_, buf, size); +#ifndef DBUG_OFF + if ( r< 0) + report_errors(); +#endif /* DBUG_OFF */ + DBUG_PRINT("exit", ("%d", r)); + DBUG_RETURN(r); +} + + +int vio_ssl_write(st_vio * vio, const gptr buf, int size) +{ + int r; + DBUG_ENTER("vio_ssl_write"); + DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); + assert(vio->ssl_!=0); + r = SSL_write(vio->ssl_, buf, size); +#ifndef DBUG_OFF + if (r<0) + report_errors(); +#endif /* DBUG_OFF */ + DBUG_PRINT("exit", ("%d", r)); + DBUG_RETURN(r); +} + + +int vio_ssl_fastsend(st_vio * vio __attribute__((unused))) +{ + int r=0; + DBUG_ENTER("vio_ssl_fastsend"); + +#ifdef IPTOS_THROUGHPUT + { +#ifndef __EMX__ + int tos = IPTOS_THROUGHPUT; + if (!setsockopt(vio->sd, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(tos))) +#endif /* !__EMX__ */ + { + int nodelay = 1; + if (setsockopt(vio->sd, IPPROTO_TCP, TCP_NODELAY, (void *) &nodelay, + sizeof(nodelay))) { + DBUG_PRINT("warning", + ("Couldn't set socket option for fast send")); + r= -1; + } + } + } +#endif /* IPTOS_THROUGHPUT */ + DBUG_PRINT("exit", ("%d", r)); + DBUG_RETURN(r); +} + +int vio_ssl_keepalive(st_vio* vio, my_bool set_keep_alive) +{ + int r=0; + uint opt = 0; + DBUG_ENTER("vio_ssl_keepalive"); + DBUG_PRINT("enter", ("sd=%d, set_keep_alive=%d", vio->sd, (int) + set_keep_alive)); + if (vio->type != VIO_TYPE_NAMEDPIPE) + { + if (set_keep_alive) + opt = 1; + r = setsockopt(vio->sd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt, + sizeof(opt)); + } + DBUG_RETURN(r); +} + + +my_bool +vio_ssl_should_retry(st_vio * vio __attribute__((unused))) +{ + int en = errno; + return en == EAGAIN || en == EINTR || en == EWOULDBLOCK; +} + + +int vio_ssl_close(st_vio * vio) +{ + int r; + DBUG_ENTER("vio_ssl_close"); + r=0; + if (vio->ssl_) + { + r = SSL_shutdown(vio->ssl_); + SSL_free(vio->ssl_); + vio->ssl_= 0; + vio->bio_ = 0; + } + if (shutdown(vio->sd,2)) + r= -1; + if (closesocket(vio->sd)) + r= -1; + if (r) + { + DBUG_PRINT("error", ("close() failed, error: %d",errno)); + /* FIXME: error handling (not critical for MySQL) */ + } + vio->type= VIO_CLOSED; + vio->sd= -1; + DBUG_RETURN(r); +} + + +const char *vio_ssl_description(st_vio * vio) +{ + return vio->desc; +} + +enum enum_vio_type vio_ssl_type(st_vio* vio) +{ + return vio->type; +} + +my_socket vio_ssl_fd(st_vio* vio) +{ + return vio->sd; +} + + +my_bool vio_ssl_peer_addr(st_vio * vio, char *buf) +{ + DBUG_ENTER("vio_ssl_peer_addr"); + DBUG_PRINT("enter", ("sd=%d", vio->sd)); + if (vio->localhost) + { + strmov(buf,"127.0.0.1"); + } + else + { + size_socket addrLen = sizeof(struct sockaddr); + if (getpeername(vio->sd, (struct sockaddr *) (& (vio->remote)), + &addrLen) != 0) + { + DBUG_PRINT("exit", ("getpeername, error: %d", errno)); + DBUG_RETURN(1); + } + /* FIXME */ +/* my_inet_ntoa(vio->remote.sin_addr,buf); */ + } + DBUG_PRINT("exit", ("addr=%s", buf)); + DBUG_RETURN(0); +} + + +void vio_ssl_in_addr(st_vio *vio, struct in_addr *in) +{ + DBUG_ENTER("vio_ssl_in_addr"); + if (vio->localhost) + bzero((char*) in, sizeof(*in)); /* This should never be executed */ + else + *in=vio->remote.sin_addr; + DBUG_VOID_RETURN; +} + + +/* Return 0 if there is data to be read */ + +my_bool vio_ssl_poll_read(st_vio *vio,uint timeout) +{ +#ifndef HAVE_POLL + return 0; +#else + struct pollfd fds; + int res; + DBUG_ENTER("vio_ssl_poll"); + fds.fd=vio->sd; + fds.events=POLLIN; + fds.revents=0; + if ((res=poll(&fds,1,(int) timeout*1000)) <= 0) + { + DBUG_RETURN(res < 0 ? 0 : 1); /* Don't return 1 on errors */ + } + DBUG_RETURN(fds.revents & POLLIN ? 0 : 1); +#endif +} + + +static void +report_errors() +{ + unsigned long l; + const char* file; + const char* data; + int line,flags; + DBUG_ENTER("report_errors"); + + while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) + { + char buf[200]; + DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf), + file,line,(flags&ERR_TXT_STRING)?data:"")) ; + } + DBUG_VOID_RETURN; +} + +/* FIXME: There are some duplicate code in + * sslaccept()/sslconnect() which maybe can be eliminated + */ +struct st_vio *sslaccept(struct st_VioSSLAcceptorFd* ptr, struct st_vio* sd) +{ + DBUG_ENTER("sslaccept"); + DBUG_PRINT("enter", ("sd=%s ptr=%p", sd->desc,ptr)); + vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE); + ptr->bio_=0; + sd->ssl_=0; + sd->open_=FALSE; + assert(sd != 0); + assert(ptr != 0); + assert(ptr->ssl_context_ != 0); + if (!(sd->ssl_ = SSL_new(ptr->ssl_context_))) + { + DBUG_PRINT("error", ("SSL_new failure")); + report_errors(); + DBUG_RETURN(sd); + } + if (!(ptr->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE))) + { + DBUG_PRINT("error", ("BIO_new_socket failure")); + report_errors(); + SSL_free(sd->ssl_); + sd->ssl_=0; + DBUG_RETURN(sd); + } + SSL_set_bio(sd->ssl_, ptr->bio_, ptr->bio_); + SSL_set_accept_state(sd->ssl_); + sprintf(ptr->desc_, "VioSSL(%d)", sd->sd); +/* sd->ssl_cip_ = SSL_get_cipher(sd->ssl_); */ + sd->open_ = TRUE; + DBUG_RETURN(sd); +} + +struct st_vio *sslconnect(struct st_VioSSLConnectorFd* ptr, struct st_vio* sd) +{ + DBUG_ENTER("sslconnect"); + DBUG_PRINT("enter", ("sd=%s ptr=%p ctx: %p", sd->desc,ptr,ptr->ssl_context_)); + vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE); + + ptr->bio_=0; + sd->ssl_=0; + sd->open_=FALSE; + assert(sd != 0); + assert(ptr != 0); + assert(ptr->ssl_context_ != 0); + + if (!(sd->ssl_ = SSL_new(ptr->ssl_context_))) + { + DBUG_PRINT("error", ("SSL_new failure")); + report_errors(); + DBUG_RETURN(sd); + } + if (!(ptr->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE))) + { + DBUG_PRINT("error", ("BIO_new_socket failure")); + report_errors(); + SSL_free(sd->ssl_); + sd->ssl_=0; + DBUG_RETURN(sd); + } + SSL_set_bio(sd->ssl_, ptr->bio_, ptr->bio_); + SSL_set_connect_state(sd->ssl_); +/* sprintf(ptr->desc_, "VioSSL(%d)", sd->sd); + sd->ssl_cip_ = SSL_get_cipher(sd->ssl_);*/ + sd->open_ = TRUE; + DBUG_RETURN(sd); +} + + +#endif /* HAVE_OPENSSL */ diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c new file mode 100644 index 00000000000..2b2eaf4fff5 --- /dev/null +++ b/vio/viosslfactories.c @@ -0,0 +1,276 @@ + + +#include <global.h> +#include <my_sys.h> +#include <vio.h> + +#ifdef HAVE_OPENSSL + +static bool ssl_algorithms_added = FALSE; +static bool ssl_error_strings_loaded= FALSE; +static int verify_depth = 0; +static int verify_error = X509_V_OK; + + +static void +report_errors() +{ + unsigned long l; + const char* file; + const char* data; + int line,flags; + + DBUG_ENTER("report_errors"); + + while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) + { + char buf[200]; + DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf), + file,line,(flags&ERR_TXT_STRING)?data:"")) ; + } + DBUG_VOID_RETURN; +} + + +static int +vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file) +{ + DBUG_ENTER("vio_set_cert_stuff"); + DBUG_PRINT("enter", ("ctx=%p, cert_file=%p, key_file=%p", + ctx, cert_file, key_file)); + if (cert_file != NULL) + { + if (SSL_CTX_use_certificate_file(ctx,cert_file,SSL_FILETYPE_PEM) <= 0) + { + DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file)); + /* FIX stderr */ + ERR_print_errors_fp(stderr); + DBUG_RETURN(0); + } + if (key_file == NULL) + key_file = cert_file; + if (SSL_CTX_use_PrivateKey_file(ctx,key_file, + SSL_FILETYPE_PEM) <= 0) + { + DBUG_PRINT("error", ("unable to get private key from '%s'\n",key_file)); + /* FIX stderr */ + ERR_print_errors_fp(stderr); + DBUG_RETURN(0); + } + + /* If we are using DSA, we can copy the parameters from + * the private key */ + /* Now we know that a key and cert have been set against + * the SSL context */ + if (!SSL_CTX_check_private_key(ctx)) + { + DBUG_PRINT("error", ("Private key does not match the certificate public key\n")); + DBUG_RETURN(0); + } + } + DBUG_RETURN(1); +} + + +static int +vio_verify_callback(int ok, X509_STORE_CTX *ctx) +{ + char buf[256]; + X509* err_cert; + int err,depth; + + DBUG_ENTER("vio_verify_callback"); + DBUG_PRINT("enter", ("ok=%d, ctx=%p", ok, ctx)); + err_cert=X509_STORE_CTX_get_current_cert(ctx); + err= X509_STORE_CTX_get_error(ctx); + depth= X509_STORE_CTX_get_error_depth(ctx); + + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof(buf)); + if (!ok) + { + DBUG_PRINT("error",("verify error:num=%d:%s\n",err, + X509_verify_cert_error_string(err))); + if (verify_depth >= depth) + { + ok=1; + verify_error=X509_V_OK; + } + else + { + ok=0; + verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; + } + } + switch (ctx->error) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + DBUG_PRINT("info",("issuer= %s\n",buf)); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + DBUG_PRINT("error", ("notBefore")); + /*ASN1_TIME_print_fp(stderr,X509_get_notBefore(ctx->current_cert));*/ + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + DBUG_PRINT("error", ("notAfter error")); + /*ASN1_TIME_print_fp(stderr,X509_get_notAfter(ctx->current_cert));*/ + break; + } + DBUG_PRINT("exit", ("r=%d", ok)); + DBUG_RETURN(ok); +} + + +/************************ VioSSLConnectorFd **********************************/ +struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file, + const char* cert_file, + const char* ca_file, + const char* ca_path) +{ + int verify = SSL_VERIFY_PEER; + struct st_VioSSLConnectorFd* ptr; + DBUG_ENTER("new_VioSSLConnectorFd"); + DBUG_PRINT("enter", + ("key_file=%s, cert_file=%s, ca_path=%s, ca_file=%s", + key_file, cert_file, ca_path, ca_file)); + ptr=(struct st_VioSSLConnectorFd*)my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0)); + ptr->ssl_context_=0; + ptr->ssl_method_=0; + /* FIXME: constants! */ + + if (!ssl_algorithms_added) + { + DBUG_PRINT("info", ("todo: SSLeay_add_ssl_algorithms()")); + ssl_algorithms_added = TRUE; + SSLeay_add_ssl_algorithms(); + } + if (!ssl_error_strings_loaded) + { + DBUG_PRINT("info", ("todo:SSL_load_error_strings()")); + ssl_error_strings_loaded = TRUE; + SSL_load_error_strings(); + } + ptr->ssl_method_ = SSLv3_client_method(); + ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_); + DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_)); + if (ptr->ssl_context_ == 0) + { + DBUG_PRINT("error", ("SSL_CTX_new failed")); + report_errors(); + goto ctor_failure; + } + /* + * SSL_CTX_set_options + * SSL_CTX_set_info_callback + * SSL_CTX_set_cipher_list + */ + SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); + if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) + { + DBUG_PRINT("error", ("vio_set_cert_stuff failed")); + report_errors(); + goto ctor_failure; + } + if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path)==0) + { + DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); + if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0) + { + DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); + report_errors(); + goto ctor_failure; + } + } + DBUG_RETURN(ptr); +ctor_failure: + DBUG_PRINT("exit", ("there was an error")); + DBUG_VOID_RETURN; +} + + +/************************ VioSSLAcceptorFd **********************************/ + +struct st_VioSSLAcceptorFd* +new_VioSSLAcceptorFd(const char* key_file, + const char* cert_file, + const char* ca_file, + const char* ca_path) +{ + int verify = (SSL_VERIFY_PEER | + SSL_VERIFY_FAIL_IF_NO_PEER_CERT | + SSL_VERIFY_CLIENT_ONCE); + + struct st_VioSSLAcceptorFd* ptr; + DBUG_ENTER("new_VioSSLAcceptorFd"); + DBUG_PRINT("enter", + ("key_file=%s, cert_file=%s, ca_path=%s, ca_file=%s", + key_file, cert_file, ca_path, ca_file)); + + ptr=(struct st_VioSSLAcceptorFd*)my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0)); + ptr->ssl_context_=0; + ptr->ssl_method_=0; + /* FIXME: constants! */ + ptr->session_id_context_ = ptr; + + if (!ssl_algorithms_added) + { + DBUG_PRINT("info", ("todo: SSLeay_add_ssl_algorithms()")); + ssl_algorithms_added = TRUE; + SSLeay_add_ssl_algorithms(); + } + if (!ssl_error_strings_loaded) + { + DBUG_PRINT("info", ("todo: SSL_load_error_strings()")); + ssl_error_strings_loaded = TRUE; + SSL_load_error_strings(); + } + ptr->ssl_method_ = SSLv3_server_method(); + ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_); + if (ptr->ssl_context_==0) + { + DBUG_PRINT("error", ("SSL_CTX_new failed")); + report_errors(); + goto ctor_failure; + } + /* + * SSL_CTX_set_quiet_shutdown(ctx,1); + * + */ + SSL_CTX_sess_set_cache_size(ptr->ssl_context_,128); + + /* DH? + */ + SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); + SSL_CTX_set_session_id_context(ptr->ssl_context_,(const uchar*)&(ptr->session_id_context_),sizeof(ptr->session_id_context_)); + + /* + * SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); + */ + if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) + { + DBUG_PRINT("error", ("vio_set_cert_stuff failed")); + report_errors(); + goto ctor_failure; + } + if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path)==0) + { + DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); + if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0) + { + DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); + report_errors(); + goto ctor_failure; + } + } + DBUG_RETURN(ptr); +ctor_failure: + DBUG_PRINT("exit", ("there was an error")); + DBUG_VOID_RETURN; +} + + +#endif /* HAVE_OPENSSL */ + + + diff --git a/vio/viotcpip.c b/vio/viotcpip.c new file mode 100644 index 00000000000..f0dfc81cf4f --- /dev/null +++ b/vio/viotcpip.c @@ -0,0 +1,351 @@ +/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + MA 02111-1307, USA */ + +/* + Note that we can't have assertion on file descriptors; The reason for + this is that during mysql shutdown, another thread can close a file + we are working on. In this case we should just return read errors from + the file descriptior. +*/ + +#define DONT_MAP_VIO +#include <global.h> + +#include <errno.h> +#include <assert.h> +#include <vio.h> +#include <my_sys.h> +#include <my_net.h> +#include <m_string.h> +#ifdef HAVE_POLL +#include <sys/poll.h> +#endif +#ifdef HAVE_SYS_IOCTL_H +#include <sys/ioctl.h> +#endif + +#if defined(__EMX__) +#define ioctlsocket ioctl +#endif /* defined(__EMX__) */ + +#if defined(MSDOS) || defined(__WIN__) +#ifdef __WIN__ +#undef errno +#undef EINTR +#undef EAGAIN +#define errno WSAGetLastError() +#define EINTR WSAEINTR +#define EAGAIN WSAEINPROGRESS +#endif /* __WIN__ */ +#define O_NONBLOCK 1 /* For emulation of fcntl() */ +#endif +#ifndef EWOULDBLOCK +#define EWOULDBLOCK EAGAIN +#endif + +#ifndef __WIN__ +#define HANDLE void * +#endif + +void vio_delete(st_vio* vio) +{ + /* It must be safe to delete null pointers. */ + /* This matches the semantics of C++'s delete operator. */ + if (vio) + { + if (vio->type != VIO_CLOSED) + vio_close(vio); + my_free((gptr) vio,MYF(0)); + } +} + +int vio_errno(st_vio *vio __attribute__((unused))) +{ + return errno; /* On Win32 this mapped to WSAGetLastError() */ +} + + +int vio_read(st_vio * vio, gptr buf, int size) +{ + int r; + DBUG_ENTER("vio_read"); + DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); +#ifdef __WIN__ + if (vio->type == VIO_TYPE_NAMEDPIPE) + { + DWORD length; + if (!ReadFile(vio->hPipe, buf, size, &length, NULL)) + DBUG_RETURN(-1); + DBUG_RETURN(length); + } + r = recv(vio->sd, buf, size,0); +#else + errno=0; /* For linux */ + r = read(vio->sd, buf, size); +#endif /* __WIN__ */ +#ifndef DBUG_OFF + if (r < 0) + { + DBUG_PRINT("error", ("Got error %d during read",errno)); + } +#endif /* DBUG_OFF */ + DBUG_PRINT("exit", ("%d", r)); + DBUG_RETURN(r); +} + + +int vio_write(st_vio * vio, const gptr buf, int size) +{ + int r; + DBUG_ENTER("vio_write"); + DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); +#ifdef __WIN__ + if ( vio->type == VIO_TYPE_NAMEDPIPE) + { + DWORD length; + if (!WriteFile(vio->hPipe, (char*) buf, size, &length, NULL)) + DBUG_RETURN(-1); + DBUG_RETURN(length); + } + r = send(vio->sd, buf, size,0); +#else + r = write(vio->sd, buf, size); +#endif /* __WIN__ */ +#ifndef DBUG_OFF + if (r < 0) + { + DBUG_PRINT("error", ("Got error on write: %d",errno)); + } +#endif /* DBUG_OFF */ + DBUG_PRINT("exit", ("%d", r)); + DBUG_RETURN(r); +} + + +int vio_blocking(st_vio * vio, my_bool set_blocking_mode) +{ + int r=0; + DBUG_ENTER("vio_blocking"); + DBUG_PRINT("enter", ("set_blocking_mode: %d", (int) set_blocking_mode)); + +#if !defined(___WIN__) && !defined(__EMX__) +#if !defined(NO_FCNTL_NONBLOCK) + + if (vio->sd >= 0) + { + int old_fcntl=vio->fcntl_mode; + if (set_blocking_mode) + vio->fcntl_mode &= ~O_NONBLOCK; /* clear bit */ + else + vio->fcntl_mode |= O_NONBLOCK; /* set bit */ + if (old_fcntl != vio->fcntl_mode) + r = fcntl(vio->sd, F_SETFL, vio->fcntl_mode); + } +#endif /* !defined(NO_FCNTL_NONBLOCK) */ +#else /* !defined(__WIN__) && !defined(__EMX__) */ +#ifndef __EMX__ + if (vio->type != VIO_TYPE_NAMEDPIPE) +#endif + { + ulong arg; + int old_fcntl=vio->fcntl_mode; + if (set_blocking_mode) + { + arg = 0; + vio->fcntl_mode &= ~O_NONBLOCK; /* clear bit */ + } + else + { + arg = 1; + vio->fcntl_mode |= O_NONBLOCK; /* set bit */ + } + if (old_fcntl != vio->fcntl_mode) + r = ioctlsocket(vio->sd,FIONBIO,(void*) &arg, sizeof(arg)); + } +#endif /* !defined(__WIN__) && !defined(__EMX__) */ + DBUG_RETURN(r); +} + +my_bool +vio_is_blocking(st_vio * vio) +{ + my_bool r; + DBUG_ENTER("vio_is_blocking"); + r = !(vio->fcntl_mode & O_NONBLOCK); + DBUG_PRINT("exit", ("%d", (int) r)); + DBUG_RETURN(r); +} + + +int vio_fastsend(st_vio * vio __attribute__((unused))) +{ + int r=0; + DBUG_ENTER("vio_fastsend"); + +#ifdef IPTOS_THROUGHPUT + { +#ifndef __EMX__ + int tos = IPTOS_THROUGHPUT; + if (!setsockopt(vio->sd, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(tos))) +#endif /* !__EMX__ */ + { + int nodelay = 1; + if (setsockopt(vio->sd, IPPROTO_TCP, TCP_NODELAY, (void *) &nodelay, + sizeof(nodelay))) { + DBUG_PRINT("warning", + ("Couldn't set socket option for fast send")); + r= -1; + } + } + } +#endif /* IPTOS_THROUGHPUT */ + DBUG_PRINT("exit", ("%d", r)); + DBUG_RETURN(r); +} + +int vio_keepalive(st_vio* vio, my_bool set_keep_alive) +{ + int r=0; + uint opt = 0; + DBUG_ENTER("vio_keepalive"); + DBUG_PRINT("enter", ("sd=%d, set_keep_alive=%d", vio->sd, (int) + set_keep_alive)); + if (vio->type != VIO_TYPE_NAMEDPIPE) + { + if (set_keep_alive) + opt = 1; + r = setsockopt(vio->sd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt, + sizeof(opt)); + } + DBUG_RETURN(r); +} + + +my_bool +vio_should_retry(st_vio * vio __attribute__((unused))) +{ + int en = errno; + return en == EAGAIN || en == EINTR || en == EWOULDBLOCK; +} + + +int vio_close(st_vio * vio) +{ + int r; + DBUG_ENTER("vio_close"); +#ifdef __WIN__ + if (vio->type == VIO_TYPE_NAMEDPIPE) + { +#if defined(__NT__) && defined(MYSQL_SERVER) + CancelIo(vio->hPipe); + DisconnectNamedPipe(vio->hPipe); +#endif + r=CloseHandle(vio->hPipe); + } + else if (vio->type != VIO_CLOSED) +#endif /* __WIN__ */ + { + r=0; + if (shutdown(vio->sd,2)) + r= -1; + if (closesocket(vio->sd)) + r= -1; + } + if (r) + { + DBUG_PRINT("error", ("close() failed, error: %d",errno)); + /* FIXME: error handling (not critical for MySQL) */ + } + vio->type= VIO_CLOSED; + vio->sd= -1; + DBUG_RETURN(r); +} + + +const char *vio_description(st_vio * vio) +{ + return vio->desc; +} + +enum enum_vio_type vio_type(st_vio* vio) +{ + return vio->type; +} + +my_socket vio_fd(st_vio* vio) +{ + return vio->sd; +} + + +my_bool vio_peer_addr(st_vio * vio, char *buf) +{ + DBUG_ENTER("vio_peer_addr"); + DBUG_PRINT("enter", ("sd=%d", vio->sd)); + if (vio->localhost) + { + strmov(buf,"127.0.0.1"); + } + else + { + size_socket addrLen = sizeof(struct sockaddr); + if (getpeername(vio->sd, (struct sockaddr *) (& (vio->remote)), + &addrLen) != 0) + { + DBUG_PRINT("exit", ("getpeername, error: %d", errno)); + DBUG_RETURN(1); + } + /* FIXME */ +/* my_inet_ntoa(vio->remote.sin_addr,buf); */ + } + DBUG_PRINT("exit", ("addr=%s", buf)); + DBUG_RETURN(0); +} + + +void vio_in_addr(st_vio *vio, struct in_addr *in) +{ + DBUG_ENTER("vio_in_addr"); + if (vio->localhost) + bzero((char*) in, sizeof(*in)); /* This should never be executed */ + else + *in=vio->remote.sin_addr; + DBUG_VOID_RETURN; +} + + +/* Return 0 if there is data to be read */ + +my_bool vio_poll_read(st_vio *vio,uint timeout) +{ +#ifndef HAVE_POLL + return 0; +#else + struct pollfd fds; + int res; + DBUG_ENTER("vio_poll"); + fds.fd=vio->sd; + fds.events=POLLIN; + fds.revents=0; + if ((res=poll(&fds,1,(int) timeout*1000)) <= 0) + { + DBUG_RETURN(res < 0 ? 0 : 1); /* Don't return 1 on errors */ + } + DBUG_RETURN(fds.revents & POLLIN ? 0 : 1); +#endif +} + |