Commit 66b160c2 authored by monty@narttu.mysql.fi's avatar monty@narttu.mysql.fi

vio ssl structure renames (to get rid of ending _)

Added TCP/IP read/write timeout for windows
Check on windows if second server is started with same TCP/IP port
parent f5a134ba
......@@ -536,3 +536,5 @@ Docs/internals.pdf
Docs/internals.txt
Docs/internals_toc.html
scripts/make_win_src_distribution
libmysql/vio_priv.h
libmysql_r/vio_priv.h
......@@ -708,6 +708,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
break;
case 'W':
#ifdef __WIN__
my_free(opt_mysql_unix_port, MYF(MY_ALLOW_ZERO_PTR));
opt_mysql_unix_port= my_strdup(MYSQL_NAMEDPIPE, MYF(0));
#endif
break;
......@@ -2329,10 +2330,10 @@ com_status(String *buffer __attribute__((unused)),
(void) mysql_fetch_row(result); // Read eof
}
#ifdef HAVE_OPENSSL
if (mysql.net.vio && mysql.net.vio->ssl_ &&
SSL_get_cipher(mysql.net.vio->ssl_))
if (mysql.net.vio && mysql.net.vio->ssl_arg &&
SSL_get_cipher((SSL*) mysql.net.vio->ssl_arg))
tee_fprintf(stdout, "SSL:\t\t\tCipher in use is %s\n",
SSL_get_cipher(mysql.net.vio->ssl_));
SSL_get_cipher((SSL*) mysql.net.vio->ssl_arg));
else
#endif /* HAVE_OPENSSL */
tee_puts("SSL:\t\t\tNot in use", stdout);
......
......@@ -43,6 +43,7 @@ Vio* vio_new(my_socket sd, enum enum_vio_type type, my_bool localhost);
Vio* vio_new_win32pipe(HANDLE hPipe);
#endif
void vio_delete(Vio* vio);
int vio_close(Vio* vio);
#ifdef EMBEDDED_LIBRARY
void vio_reset(Vio *vio);
......@@ -51,146 +52,85 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
my_socket sd, HANDLE hPipe, my_bool localhost);
#endif
/*
* vio_read and vio_write should have the same semantics
* as read(2) and write(2).
*/
int vio_read(Vio *vio, gptr buf, int size);
int vio_write(Vio *vio, const gptr buf, int size);
/*
* Whenever the socket is set to blocking mode or not.
*/
int vio_blocking(Vio *vio, my_bool onoff, my_bool *old_mode);
my_bool vio_is_blocking(Vio *vio);
/*
* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible.
*/
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible */
int vio_fastsend(Vio *vio);
/*
* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible.
*/
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible */
int vio_keepalive(Vio *vio, my_bool onoff);
/*
* Whenever we should retry the last read/write operation.
*/
/* Whenever we should retry the last read/write operation. */
my_bool vio_should_retry(Vio *vio);
/*
* When the workday is over...
*/
int vio_close(Vio* vio);
/*
* Short text description of the socket for those, who are curious..
*/
/* Short text description of the socket for those, who are curious.. */
const char* vio_description(Vio *vio);
/* Return the type of the connection */
enum enum_vio_type vio_type(Vio* vio);
/* Return last error number */
int vio_errno(Vio*vio);
/* Get socket number */
my_socket vio_fd(Vio*vio);
/*
* Remote peer's address and name in text form.
*/
/* Remote peer's address and name in text form */
my_bool vio_peer_addr(Vio* vio, char *buf, uint16 *port);
/* Remotes in_addr */
void vio_in_addr(Vio *vio, struct in_addr *in);
my_bool vio_poll_read(Vio *vio,uint timeout);
#ifdef __cplusplus
}
#endif
#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
#define vio_delete(vio) (vio)->viodelete(vio)
#define vio_errno(vio) (vio)->vioerrno(vio)
#define vio_read(vio, buf, size) (vio)->read(vio,buf,size)
#define vio_write(vio, buf, size) (vio)->write(vio, buf, size)
#define vio_blocking(vio, set_blocking_mode, old_mode)\
(vio)->vioblocking(vio, set_blocking_mode, old_mode)
#define vio_is_blocking(vio) (vio)->is_blocking(vio)
#define vio_fastsend(vio) (vio)->fastsend(vio)
#define vio_keepalive(vio, set_keep_alive) (vio)->viokeepalive(vio, set_keep_alive)
#define vio_should_retry(vio) (vio)->should_retry(vio)
#define vio_close(vio) ((vio)->vioclose)(vio)
#define vio_peer_addr(vio, buf, prt) (vio)->peer_addr(vio, buf, prt)
#define vio_in_addr(vio, in) (vio)->in_addr(vio, in)
#endif /* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */
void vio_timeout(Vio *vio,uint timeout);
#ifdef HAVE_OPENSSL
#define HEADER_DES_LOCL_H dummy_something
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "my_net.h" /* needed because of struct in_addr */
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
void vio_ssl_delete(Vio* vio);
int vio_ssl_read(Vio* vio,gptr buf, int size);
int vio_ssl_write(Vio* vio,const gptr buf,int size);
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
int vio_ssl_fastsend(Vio* vio);
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
int vio_ssl_keepalive(Vio* vio, my_bool onoff);
/* Whenever we should retry the last read/write operation. */
my_bool vio_ssl_should_retry(Vio* vio);
/* When the workday is over... */
int vio_ssl_close(Vio* vio);
/* Return last error number */
int vio_ssl_errno(Vio *vio);
my_bool vio_ssl_peer_addr(Vio* vio, char *buf, uint16 *port);
void vio_ssl_in_addr(Vio *vio, struct in_addr *in);
int vio_ssl_blocking(Vio * vio, my_bool set_blocking_mode, my_bool *old_mode);
/* Single copy for server */
enum vio_ssl_acceptorfd_state
{
state_connect = 1,
state_accept = 2
};
struct st_VioSSLAcceptorFd
{
SSL_CTX* ssl_context_;
SSL_METHOD* ssl_method_;
struct st_VioSSLAcceptorFd* session_id_context_;
SSL_CTX *ssl_context;
SSL_METHOD *ssl_method;
struct st_VioSSLAcceptorFd *session_id_context;
};
/* One copy for client */
struct st_VioSSLConnectorFd
{
SSL_CTX* ssl_context_;
SSL_CTX *ssl_context;
/* function pointers which are only once for SSL client */
SSL_METHOD* ssl_method_;
SSL_METHOD *ssl_method;
};
int sslaccept(struct st_VioSSLAcceptorFd*, Vio*, long timeout);
int sslconnect(struct st_VioSSLConnectorFd*, Vio*, long timeout);
int sslaccept(struct st_VioSSLAcceptorFd*, Vio *, long timeout);
int sslconnect(struct st_VioSSLConnectorFd*, Vio *, long timeout);
struct st_VioSSLConnectorFd
*new_VioSSLConnectorFd(const char* key_file, const char* cert_file,
const char* ca_file, const char* ca_path,
const char* cipher);
*new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path,
const char *cipher);
struct st_VioSSLAcceptorFd
*new_VioSSLAcceptorFd(const char* key_file, const char* cert_file,
const char* ca_file,const char* ca_path,
const char* cipher);
Vio* new_VioSSL(struct st_VioSSLAcceptorFd* fd, Vio* sd,int state);
*new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
const char *ca_file,const char *ca_path,
const char *cipher);
Vio *new_VioSSL(struct st_VioSSLAcceptorFd *fd, Vio *sd, int state);
#endif
#ifdef __cplusplus
}
#endif
#endif /* HAVE_OPENSSL */
#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
#define vio_delete(vio) (vio)->viodelete(vio)
#define vio_errno(vio) (vio)->vioerrno(vio)
#define vio_read(vio, buf, size) (vio)->read(vio,buf,size)
#define vio_write(vio, buf, size) (vio)->write(vio, buf, size)
#define vio_blocking(vio, set_blocking_mode, old_mode)\
(vio)->vioblocking(vio, set_blocking_mode, old_mode)
#define vio_is_blocking(vio) (vio)->is_blocking(vio)
#define vio_fastsend(vio) (vio)->fastsend(vio)
#define vio_keepalive(vio, set_keep_alive) (vio)->viokeepalive(vio, set_keep_alive)
#define vio_should_retry(vio) (vio)->should_retry(vio)
#define vio_close(vio) ((vio)->vioclose)(vio)
#define vio_peer_addr(vio, buf, prt) (vio)->peer_addr(vio, buf, prt)
#define vio_in_addr(vio, in) (vio)->in_addr(vio, in)
#define vio_timeout(vio, seconds) (vio)->timeout(vio, seconds)
#endif /* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */
/* This enumerator is used in parser - should be always visible */
enum SSL_type
......@@ -228,10 +168,8 @@ struct st_vio
void (*in_addr)(Vio*, struct in_addr*);
my_bool (*should_retry)(Vio*);
int (*vioclose)(Vio*);
#ifdef HAVE_OPENSSL
SSL* ssl_;
#endif /* HAVE_OPENSSL */
void (*timeout)(Vio*, unsigned int timeout);
void *ssl_arg;
#endif /* HAVE_VIO */
};
#endif /* EMBEDDED_LIBRARY */
......
......@@ -41,7 +41,7 @@ link_sources:
rm -f $(srcdir)/$$f; \
@LN_CP_F@ $(srcdir)/../strings/$$f $(srcdir)/$$f; \
done; \
for f in $$vs; do \
for f in $$vs $(vioheaders); do \
rm -f $(srcdir)/$$f; \
@LN_CP_F@ $(srcdir)/../vio/$$f $(srcdir)/$$f; \
done; \
......
......@@ -46,6 +46,7 @@ mystringsextra= strto.c
mystringsgen= ctype_autoconf.c
dbugobjects = dbug.lo # IT IS IN SAFEMALLOC.C sanity.lo
mysysheaders = mysys_priv.h my_static.h
vioheaders = vio_priv.h
mysysobjects1 = my_init.lo my_static.lo my_malloc.lo my_realloc.lo \
my_create.lo my_delete.lo mf_tempfile.lo my_open.lo \
mf_casecnv.lo my_read.lo my_write.lo errors.lo \
......@@ -86,7 +87,7 @@ clean-local:
`echo $(mysysobjects) | sed "s;\.lo;.c;g"` \
`echo $(vio_objects) | sed "s;\.lo;.c;g"` \
$(CHARSET_SRCS) $(CHARSET_OBJS) \
$(mystringsextra) $(mystringsgen) $(mysysheaders) \
$(mystringsextra) $(mystringsgen) $(mysysheaders) $(vioheaders)\
ctype_extra_sources.c net.c ../linked_client_sources
ctype_extra_sources.c: conf_to_src
......
......@@ -218,4 +218,9 @@ my_bool vio_poll_read(Vio *vio,uint timeout)
return 0;
}
void vio_timeout(Vio *vio __attribute__((unused)),
uint timeout __attribute__((unused)))
{
}
#endif /* HAVE_VIO */
-- require r/have_openssl_2.require
disable_query_log;
SHOW STATUS LIKE "SSL_get_cipher";
enable_query_log;
# We want to test everything with SSL turned on.
-- source include/have_openssl_2.inc
SHOW STATUS LIKE 'SSL%';
......@@ -464,8 +464,7 @@ static int setval(const struct my_option *opts, char *argument,
break;
case GET_STR_ALLOC:
if ((*((char**) result_pos)))
my_free((*(char**) result_pos),
MYF(MY_WME | MY_FAE));
my_free((*(char**) result_pos), MYF(MY_WME | MY_FAE));
if (!(*((char**) result_pos)= my_strdup(argument, MYF(MY_WME))))
return EXIT_OUT_OF_MEMORY;
break;
......
......@@ -1177,7 +1177,10 @@ Item_cond::fix_fields(THD *thd,TABLE_LIST *tables)
{
List_iterator<Item> li(list);
Item *item;
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char buff[sizeof(char*)]; // Max local vars in function
#endif
not_null_tables_cache= used_tables_cache= 0;
const_item_cache= 0;
/*
......
......@@ -59,7 +59,10 @@ bool
Item_func::fix_fields(THD *thd,TABLE_LIST *tables)
{
Item **arg,**arg_end;
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char buff[STACK_BUFF_ALLOC]; // Max argument in function
#endif
binary=0;
used_tables_cache= not_null_tables_cache= 0;
const_item_cache=1;
......@@ -1159,7 +1162,9 @@ bool
udf_handler::fix_fields(THD *thd,TABLE_LIST *tables,Item_result_field *func,
uint arg_count, Item **arguments)
{
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char buff[STACK_BUFF_ALLOC]; // Max argument in function
#endif
DBUG_ENTER("Item_udf_func::fix_fields");
if (thd)
......
......@@ -843,7 +843,7 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
}
/* Do the SSL layering. */
DBUG_PRINT("info", ("IO layer change in progress..."));
DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context_));
DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context));
sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio, (long)(mysql->options.connect_timeout));
DBUG_PRINT("info", ("IO layer change done!"));
}
......
......@@ -1136,7 +1136,14 @@ static void server_init(void)
IPaddr.sin_family = AF_INET;
IPaddr.sin_addr.s_addr = my_bind_addr;
IPaddr.sin_port = (unsigned short) htons((unsigned short) mysql_port);
#ifndef __WIN__
/*
We should not use SO_REUSEADDR on windows as this would enable a
user to open two mysqld servers with the same TCP/IP port.
*/
(void) setsockopt(ip_sock,SOL_SOCKET,SO_REUSEADDR,(char*)&arg,sizeof(arg));
#endif
if (bind(ip_sock, my_reinterpret_cast(struct sockaddr *) (&IPaddr),
sizeof(IPaddr)) < 0)
{
......@@ -3011,6 +3018,12 @@ extern "C" pthread_handler_decl(handle_connections_sockets,
}
if (sock == unix_sock)
thd->host=(char*) localhost;
#ifdef __WIN__
/* Set default wait_timeout */
ulong wait_timeout= global_system_variables.net_wait_timeout * 1000;
(void) setsockopt(new_sock, SOL_SOCKET, SO_RCVTIMEO, (char*)&wait_timeout,
sizeof(wait_timeout));
#endif
create_new_thread(thd);
}
......
......@@ -434,6 +434,7 @@ net_real_write(NET *net,const char *packet,ulong len)
thr_alarm(&alarmed,(uint) net->write_timeout,&alarm_buff);
#else
alarmed=0;
vio_timeout(net->vio, net->write_timeout);
#endif /* NO_ALARM */
pos=(char*) packet; end=pos+len;
......@@ -623,6 +624,8 @@ my_real_read(NET *net, ulong *complen)
#ifndef NO_ALARM
if (net_blocking)
thr_alarm(&alarmed,net->read_timeout,&alarm_buff);
#else
vio_timeout(net->vio, net->read_timeout);
#endif /* NO_ALARM */
pos = net->buff + net->where_b; /* net->packet -4 */
......
......@@ -531,6 +531,9 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
(my_bool) old_ver)))
{
Vio *vio=thd->net.vio;
#ifdef HAVE_OPENSSL
SSL *ssl= (SSL*) vio->ssl_arg;
#endif
/*
In this point we know that user is allowed to connect
from given host by given username/password pair. Now
......@@ -553,8 +556,8 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
we should reject connection.
*/
if (vio_type(vio) == VIO_TYPE_SSL &&
SSL_get_verify_result(vio->ssl_) == X509_V_OK &&
SSL_get_peer_certificate(vio->ssl_))
SSL_get_verify_result(ssl) == X509_V_OK &&
SSL_get_peer_certificate(ssl))
user_access=acl_user->access;
break;
case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
......@@ -563,28 +566,28 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
we should reject connection.
*/
if (vio_type(vio) == VIO_TYPE_SSL &&
SSL_get_verify_result(vio->ssl_) == X509_V_OK)
SSL_get_verify_result(ssl) == X509_V_OK)
{
if (acl_user->ssl_cipher)
{
DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
acl_user->ssl_cipher,
SSL_get_cipher(vio->ssl_)));
if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
SSL_get_cipher(ssl)));
if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(ssl)))
user_access=acl_user->access;
else
{
if (global_system_variables.log_warnings)
sql_print_error("X509 ciphers mismatch: should be '%s' but is '%s'",
acl_user->ssl_cipher,
SSL_get_cipher(vio->ssl_));
SSL_get_cipher(ssl));
user_access=NO_ACCESS;
break;
}
}
/* Prepare certificate (if exists) */
DBUG_PRINT("info",("checkpoint 1"));
X509* cert=SSL_get_peer_certificate(vio->ssl_);
X509* cert=SSL_get_peer_certificate(ssl);
DBUG_PRINT("info",("checkpoint 2"));
/* If X509 issuer is speified, we check it... */
if (acl_user->x509_issuer)
......
......@@ -1274,77 +1274,77 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
case SHOW_SSL_CTX_SESS_ACCEPT:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_accept(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_accept(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_ACCEPT_GOOD:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_CONNECT_GOOD:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_CB_HITS:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_HITS:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_CACHE_FULL:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_MISSES:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_TIMEOUTS:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_NUMBER:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_CONNECT:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_SESS_GET_CACHE_SIZE:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_GET_VERIFY_MODE:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_GET_VERIFY_DEPTH:
net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 :
SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context_)));
SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context)));
break;
case SHOW_SSL_CTX_GET_SESSION_CACHE_MODE:
if (!ssl_acceptor_fd)
......@@ -1352,7 +1352,7 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
net_store_data(&packet2,"NONE" );
break;
}
switch (SSL_CTX_get_session_cache_mode(ssl_acceptor_fd->ssl_context_))
switch (SSL_CTX_get_session_cache_mode(ssl_acceptor_fd->ssl_context))
{
case SSL_SESS_CACHE_OFF:
net_store_data(&packet2,"OFF" );
......@@ -1379,37 +1379,38 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
break;
/* First group - functions relying on SSL */
case SHOW_SSL_GET_VERSION:
net_store_data(&packet2, thd->net.vio->ssl_ ?
SSL_get_version(thd->net.vio->ssl_) : "");
net_store_data(&packet2, thd->net.vio->ssl_arg ?
SSL_get_version((SSL*) thd->net.vio->ssl_arg) : "");
break;
case SHOW_SSL_SESSION_REUSED:
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ?
SSL_session_reused(thd->net.vio->ssl_) : 0));
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
SSL_session_reused((SSL*) thd->net.vio->ssl_arg) : 0));
break;
case SHOW_SSL_GET_DEFAULT_TIMEOUT:
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ?
SSL_get_default_timeout(thd->net.vio->ssl_):0));
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
SSL_get_default_timeout((SSL*) thd->net.vio->ssl_arg) :
0));
break;
case SHOW_SSL_GET_VERIFY_MODE:
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ?
SSL_get_verify_mode(thd->net.vio->ssl_):0));
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
SSL_get_verify_mode((SSL*) thd->net.vio->ssl_arg):0));
break;
case SHOW_SSL_GET_VERIFY_DEPTH:
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ?
SSL_get_verify_depth(thd->net.vio->ssl_):0));
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
SSL_get_verify_depth((SSL*) thd->net.vio->ssl_arg):0));
break;
case SHOW_SSL_GET_CIPHER:
net_store_data(&packet2, thd->net.vio->ssl_ ?
SSL_get_cipher(thd->net.vio->ssl_) : "");
net_store_data(&packet2, thd->net.vio->ssl_arg ?
SSL_get_cipher((SSL*) thd->net.vio->ssl_arg) : "");
break;
case SHOW_SSL_GET_CIPHER_LIST:
if (thd->net.vio->ssl_)
if (thd->net.vio->ssl_arg)
{
char buf[1024], *pos;
pos=buf;
for (int i=0 ; i++ ;)
{
const char *p=SSL_get_cipher_list(thd->net.vio->ssl_,i);
const char *p=SSL_get_cipher_list((SSL*) thd->net.vio->ssl_arg,i);
if (p == NULL)
break;
pos=strmov(pos, p);
......
......@@ -21,13 +21,7 @@
the file descriptior.
*/
#define DONT_MAP_VIO
#include <my_global.h>
#include <mysql_com.h>
#include <my_sys.h>
#include <m_string.h>
#include <violite.h>
#include <errno.h>
#include "vio_priv.h"
/*
* Helper to fill most of the Vio* with defaults.
......@@ -61,6 +55,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
vio->in_addr =vio_ssl_in_addr;
vio->vioblocking =vio_ssl_blocking;
vio->is_blocking =vio_is_blocking;
vio->timeout =vio_ssl_timeout;
}
else /* default is VIO_TYPE_TCPIP */
#endif /* HAVE_OPENSSL */
......@@ -77,6 +72,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
vio->in_addr =vio_in_addr;
vio->vioblocking =vio_blocking;
vio->is_blocking =vio_is_blocking;
vio->timeout =vio_timeout;
}
#endif /* HAVE_VIO */
DBUG_VOID_RETURN;
......
/* Copyright (C) 2003 MySQL AB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/* Structures and functions private to the vio package */
#define DONT_MAP_VIO
#include <my_global.h>
#include <mysql_com.h>
#include <my_sys.h>
#include <m_string.h>
#include <violite.h>
#ifdef HAVE_OPENSSL
#include "my_net.h" /* needed because of struct in_addr */
void vio_ssl_delete(Vio* vio);
int vio_ssl_read(Vio *vio,gptr buf, int size);
int vio_ssl_write(Vio *vio,const gptr buf,int size);
void vio_ssl_timeout(Vio *vio, uint timeout);
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
int vio_ssl_fastsend(Vio *vio);
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
int vio_ssl_keepalive(Vio *vio, my_bool onoff);
/* Whenever we should retry the last read/write operation. */
my_bool vio_ssl_should_retry(Vio *vio);
/* When the workday is over... */
int vio_ssl_close(Vio *vio);
/* Return last error number */
int vio_ssl_errno(Vio *vio);
my_bool vio_ssl_peer_addr(Vio *vio, char *buf, uint16 *port);
void vio_ssl_in_addr(Vio *vio, struct in_addr *in);
int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode);
/* Single copy for server */
enum vio_ssl_acceptorfd_state
{
state_connect = 1,
state_accept = 2
};
#endif /* HAVE_OPENSSL */
......@@ -21,19 +21,7 @@
the file descriptior.
*/
#define DONT_MAP_VIO
#include <my_global.h>
#include <mysql_com.h>
#include <errno.h>
#include <my_sys.h>
#include <violite.h>
#include <my_net.h>
#include <m_string.h>
#ifndef __WIN__
#define HANDLE void *
#endif
#include "vio_priv.h"
void vio_delete(Vio* vio)
{
......@@ -334,3 +322,14 @@ my_bool vio_poll_read(Vio *vio,uint timeout)
DBUG_RETURN(fds.revents & POLLIN ? 0 : 1);
#endif
}
void vio_timeout(Vio *vio __attribute__((unused)),
uint timeout __attribute__((unused)))
{
#ifdef __WIN__
ulong wait_timeout= (ulong) timeout * 1000;
(void) setsockopt(vio->sd, SOL_SOCKET, SO_RCVTIMEO, (char*) &wait_timeout,
sizeof(wait_timeout));
#endif /* __WIN__ */
}
......@@ -21,23 +21,10 @@
the file descriptior.
*/
#include <my_global.h>
#include "vio_priv.h"
#ifdef HAVE_OPENSSL
#include <mysql_com.h>
#include <errno.h>
#include <assert.h>
#include <violite.h>
#include <my_sys.h>
#include <my_net.h>
#include <m_string.h>
#ifndef __WIN__
#define HANDLE void *
#endif
static void
report_errors()
{
......@@ -88,11 +75,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
int r;
DBUG_ENTER("vio_ssl_read");
DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d, ssl_=%p",
vio->sd, buf, size, vio->ssl_));
vio->sd, buf, size, vio->ssl_arg));
if ((r= SSL_read(vio->ssl_, buf, size)) < 0)
if ((r= SSL_read((SSL*) vio->ssl_arg, buf, size)) < 0)
{
int err= SSL_get_error(vio->ssl_, r);
int err= SSL_get_error((SSL*) vio->ssl_arg, r);
DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err));
report_errors();
}
......@@ -107,7 +94,7 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
DBUG_ENTER("vio_ssl_write");
DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size));
if ((r= SSL_write(vio->ssl_, buf, size)) < 0)
if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0)
report_errors();
DBUG_PRINT("exit", ("%d", r));
DBUG_RETURN(r);
......@@ -171,11 +158,11 @@ int vio_ssl_close(Vio * vio)
int r;
DBUG_ENTER("vio_ssl_close");
r=0;
if (vio->ssl_)
if ((SSL*) vio->ssl_arg)
{
r = SSL_shutdown(vio->ssl_);
SSL_free(vio->ssl_);
vio->ssl_= 0;
r = SSL_shutdown((SSL*) vio->ssl_arg);
SSL_free((SSL*) vio->ssl_arg);
vio->ssl_arg= 0;
}
if (vio->sd >= 0)
{
......@@ -273,8 +260,8 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
net_blocking = vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
vio->ssl_=0;
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
vio->ssl_arg= 0;
if (!(vio->ssl_arg= (void*) SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors();
......@@ -282,25 +269,25 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout));
SSL_clear(vio->ssl_);
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
SSL_set_fd(vio->ssl_,vio->sd);
SSL_set_accept_state(vio->ssl_);
if (SSL_do_handshake(vio->ssl_) < 1)
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",(SSL*) vio->ssl_arg, timeout));
SSL_clear((SSL*) vio->ssl_arg);
SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout);
SSL_set_fd((SSL*) vio->ssl_arg,vio->sd);
SSL_set_accept_state((SSL*) vio->ssl_arg);
if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1)
{
DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors();
SSL_free(vio->ssl_);
vio->ssl_=0;
SSL_free((SSL*) vio->ssl_arg);
vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUF_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
,SSL_get_cipher_name(vio->ssl_)));
client_cert = SSL_get_peer_certificate (vio->ssl_);
,SSL_get_cipher_name((SSL*) vio->ssl_arg)));
client_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg);
if (client_cert != NULL)
{
DBUG_PRINT("info",("Client certificate:"));
......@@ -317,7 +304,7 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
else
DBUG_PRINT("info",("Client does not have certificate."));
str=SSL_get_shared_ciphers(vio->ssl_, buf, sizeof(buf));
str=SSL_get_shared_ciphers((SSL*) vio->ssl_arg, buf, sizeof(buf));
if (str)
{
DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str));
......@@ -340,14 +327,14 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
my_bool net_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_));
DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context));
old_type= vio->type;
net_blocking = vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
vio->ssl_=0;
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
vio->ssl_arg= 0;
if (!(vio->ssl_arg = SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors();
......@@ -355,25 +342,25 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout));
SSL_clear(vio->ssl_);
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
SSL_set_fd (vio->ssl_, vio->sd);
SSL_set_connect_state(vio->ssl_);
if (SSL_do_handshake(vio->ssl_) < 1)
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",(SSL*) vio->ssl_arg, timeout));
SSL_clear((SSL*) vio->ssl_arg);
SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout);
SSL_set_fd ((SSL*) vio->ssl_arg, vio->sd);
SSL_set_connect_state((SSL*) vio->ssl_arg);
if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1)
{
DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors();
SSL_free(vio->ssl_);
vio->ssl_=0;
SSL_free((SSL*) vio->ssl_arg);
vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
,SSL_get_cipher_name(vio->ssl_)));
server_cert = SSL_get_peer_certificate (vio->ssl_);
,SSL_get_cipher_name((SSL*) vio->ssl_arg)));
server_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg);
if (server_cert != NULL)
{
DBUG_PRINT("info",("Server certificate:"));
......@@ -407,4 +394,10 @@ int vio_ssl_blocking(Vio * vio __attribute__((unused)),
return set_blocking_mode ? 0 : 1;
}
void vio_ssl_timeout(Vio *vio __attribute__((unused)),
uint timeout __attribute__((unused)))
{
/* Not yet implemented (non critical) */
}
#endif /* HAVE_OPENSSL */
......@@ -14,15 +14,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#include <my_global.h>
#include "vio_priv.h"
#ifdef HAVE_OPENSSL
#include <mysql_com.h>
#include <my_sys.h>
#include <violite.h>
static bool ssl_algorithms_added = FALSE;
static bool ssl_error_strings_loaded= FALSE;
static int verify_depth = 0;
......@@ -203,8 +198,8 @@ new_VioSSLConnectorFd(const char* key_file,
my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0)))))
DBUG_RETURN(0);
ptr->ssl_context_= 0;
ptr->ssl_method_= 0;
ptr->ssl_context= 0;
ptr->ssl_method= 0;
/* FIXME: constants! */
if (!ssl_algorithms_added)
......@@ -219,10 +214,10 @@ new_VioSSLConnectorFd(const char* key_file,
ssl_error_strings_loaded = TRUE;
SSL_load_error_strings();
}
ptr->ssl_method_ = TLSv1_client_method();
ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);
DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_));
if (ptr->ssl_context_ == 0)
ptr->ssl_method = TLSv1_client_method();
ptr->ssl_context = SSL_CTX_new(ptr->ssl_method);
DBUG_PRINT("info", ("ssl_context: %p",ptr->ssl_context));
if (ptr->ssl_context == 0)
{
DBUG_PRINT("error", ("SSL_CTX_new failed"));
report_errors();
......@@ -234,20 +229,20 @@ new_VioSSLConnectorFd(const char* key_file,
*/
if (cipher)
{
result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher);
result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
}
SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback);
if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1)
SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
{
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
report_errors();
goto ctor_failure;
}
if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path) == 0)
if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file,ca_path) == 0)
{
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_) == 0)
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context) == 0)
{
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
report_errors();
......@@ -257,7 +252,7 @@ new_VioSSLConnectorFd(const char* key_file,
/* DH stuff */
dh=get_dh512();
SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh);
SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
DH_free(dh);
DBUG_RETURN(ptr);
......@@ -292,10 +287,10 @@ new_VioSSLAcceptorFd(const char *key_file,
ptr= ((struct st_VioSSLAcceptorFd*)
my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0)));
ptr->ssl_context_=0;
ptr->ssl_method_=0;
ptr->ssl_context=0;
ptr->ssl_method=0;
/* FIXME: constants! */
ptr->session_id_context_ = ptr;
ptr->session_id_context= ptr;
if (!ssl_algorithms_added)
{
......@@ -310,9 +305,9 @@ new_VioSSLAcceptorFd(const char *key_file,
ssl_error_strings_loaded = TRUE;
SSL_load_error_strings();
}
ptr->ssl_method_= TLSv1_server_method();
ptr->ssl_context_= SSL_CTX_new(ptr->ssl_method_);
if (ptr->ssl_context_ == 0)
ptr->ssl_method= TLSv1_server_method();
ptr->ssl_context= SSL_CTX_new(ptr->ssl_method);
if (ptr->ssl_context == 0)
{
DBUG_PRINT("error", ("SSL_CTX_new failed"));
report_errors();
......@@ -320,31 +315,31 @@ new_VioSSLAcceptorFd(const char *key_file,
}
if (cipher)
{
result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher);
result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
}
/* SSL_CTX_set_quiet_shutdown(ctx,1); */
SSL_CTX_sess_set_cache_size(ptr->ssl_context_,128);
SSL_CTX_sess_set_cache_size(ptr->ssl_context,128);
/* DH? */
SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback);
SSL_CTX_set_session_id_context(ptr->ssl_context_,
(const uchar*) &(ptr->session_id_context_),
sizeof(ptr->session_id_context_));
SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
SSL_CTX_set_session_id_context(ptr->ssl_context,
(const uchar*) &(ptr->session_id_context),
sizeof(ptr->session_id_context));
/*
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
*/
if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1)
if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
{
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
report_errors();
goto ctor_failure;
}
if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path) == 0)
if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file, ca_path) == 0)
{
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0)
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context)==0)
{
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
report_errors();
......@@ -353,7 +348,7 @@ new_VioSSLAcceptorFd(const char *key_file,
}
/* DH stuff */
dh=get_dh512();
SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh);
SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
DH_free(dh);
DBUG_RETURN(ptr);
......@@ -362,6 +357,4 @@ new_VioSSLAcceptorFd(const char *key_file,
my_free((gptr) ptr,MYF(0));
DBUG_RETURN(0);
}
#endif /* HAVE_OPENSSL */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment