database/openGauss-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rm src/bin/gs_ktool & rm build/srcipt/gsql_env.sh

Browse Source
This commit is contained in:
shen kun
2021-03-12 16:00:26 +08:00
parent 6a3392fa94
commit b0bd5a37ec
21 changed files with 9 additions and 4714 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
build/script/gsql_env.sh
View File

@ -1,80 +0,0 @@
#!/bin/bash
#-----------------------------------------------------
#Copyright (c): 2020, Huawei Tech. Co., Ltd.
#FileName : gsql_env.sh
#Version : V500R001C10
#Date : 2020-08-06
#Description : This file is to configure environment variables of gsql
#-----------------------------------------------------
#find the absolute path of this script
LOCAL_PATH=${0}
if [ x${LOCAL_PATH:0:1} = "x-" ] || [ "x${LOCAL_PATH}" = "x/bin/bash" ] || [ "x${LOCAL_PATH}" = "x/bin/sh" ]; then
LOCAL_PATH="$(pwd)"
elif [ x${LOCAL_PATH:0:1} != "x/" ]; then
LOCAL_PATH="$(pwd)/$(dirname ${LOCAL_PATH})";
fi
function logerr()
{
printf "ERROR: $* \n" >&2
}
function loghint()
{
printf "HINT: $* \n" >&2
}
function logwarning()
{
printf "WARNING: $* \n" >&2
}
function doing()
{
length_of_line=60
printf "$1 ";
for ((i=${#1};i<$length_of_line;i++)); do
printf '.';
done;
printf " "
}
#------------------------------
# gsql things
#------------------------------
function cofig_gsql_and_gs_ktool()
{
doing 'Configuring LD_LIBRARY_PATH, PATH and GS_KTOOL_FILE_PATH for gsql and gs_ktool...'
LIB_PATH="${LOCAL_PATH}/lib"
BIN_PATH="${LOCAL_PATH}/bin"
GS_KT_FILE_PATH="${LOCAL_PATH}/gs_ktool_file"
if [ ! -f "${LOCAL_PATH}/bin/gsql" ]; then
logerr "failed to locate ./bin/gsql, please source this file at the path where it is. "
return 1;
fi;
if [ ! -f "${LOCAL_PATH}/bin/gs_ktool" ]; then
logerr "failed to locate ./bin/gs_ktool, please source this file at the path where it is. "
return 1;
fi;
if [ ! -f "${LOCAL_PATH}/gs_ktool_file/gs_ktool_conf.ini" ]; then
logerr "failed to locate ./gs_ktool_file/gs_ktool_con.ini, please source this file at the path where it is. "
return 1;
fi;
export LD_LIBRARY_PATH=${LIB_PATH}:${LD_LIBRARY_PATH}
export PATH=${BIN_PATH}:${PATH}
export GS_KTOOL_FILE_PATH=${GS_KT_FILE_PATH}
echo 'done'
return 0
}
if [ ! -z "$1" ]; then
echo "Usage:"
echo " source $0"
else
cofig_gsql_and_gs_ktool
if [ 0 -eq $? ]; then
echo 'All things done.'
fi
fi

1399
build/script/mpp_release_list_kylin_aarch64
View File

File diff suppressed because it is too large Load Diff

2
src/Makefile.global.in
View File

@ -1077,7 +1077,7 @@ endif
libpq = -L$(libpq_builddir) -lpq
ifneq ($(enable_multiple_nodes)_$(enable_privategauss), no_no)
libpq_ce = -L$(libpq_builddir) -lpq_ce -L$(top_builddir)/src/bin/gs_ktool/ -lgs_ktool -lsecurec -lkmc
libpq_ce = -L$(libpq_builddir) -lpq_ce -L$(top_builddir)/src/distribute/bin/gs_ktool/ -lgs_ktool -lsecurec -lkmc
else
libpq_ce = -L$(libpq_builddir) -lpq_ce
endif

7
src/bin/Makefile
View File

@ -34,8 +34,7 @@ SUBDIRS = \
gsqlerr \
pg_upgrade \
pg_basebackup \
pg_probackup \
gs_ktool
pg_probackup
ifeq ($(PORTNAME), win32)
SUBDIRS += pgevent
@ -57,10 +56,6 @@ SUBDIRS = \
pg_basebackup \
pg_probackup
ifeq ($(enable_privategauss), yes)
SUBDIRS += gs_ktool
endif
endif
$(recurse)

42
src/bin/gs_ktool/Makefile
View File

@ -1,42 +0,0 @@
#-------------------------------------------------------------------------
#
# Copyright (c) 2020 Huawei Technologies Co.,Ltd.
#
# src/bin/gs_tool/Makefile
#
#-------------------------------------------------------------------------
subdir = src/bin/gs_ktool
top_builddir = ../../..
include $(top_builddir)/src/Makefile.global
override CPPFLAGS += -I. -I$(top_builddir)/src/include/gs_ktool -I$(LIBKMC_INCLUDE_PATH)
override LDFLAGS += -L. -L$(LIBKMC_LIB_PATH)
override LDLIBS += -lsecurec -lssl -lcrypto -lkmc -ldl -lrt -Wl,-z,relro,-z,now -ftrapv -fstack-protector-strong
override CPPFLAGS := $(filter-out -fPIE, $(CPPFLAGS)) -fPIC -shared
OBJS = kt_common.o kt_kmc_callback.o kt_log_manage.o kt_key_manage.o kt_interface.o kt_main.o
all: gs_ktool libgs_ktool.so
gs_ktool: $(OBJS)
$(CC) -fPIE -pie $(CPPLAGS) $^ $(LDFLAGS) $(LDLIBS) -o $@
libgs_ktool.so: $(OBJS)
$(CC) -fPIC -shared $(CPPFLAGS) $^ $(LDFLAGS) $(LDLIBS) -o $@
install: all installdirs
$(INSTALL_PROGRAM) gs_ktool$(X) '$(DESTDIR)$(bindir)/gs_ktool$(X)'
$(INSTALL_DATA) gs_ktool_conf.ini$(X) '$(DESTDIR)$(bindir)/../etc/gs_ktool_file/gs_ktool_conf.ini$(X)'
$(INSTALL_DATA) libgs_ktool.so$(X) '$(DESTDIR)$(bindir)/../lib/libgs_ktool.so$(X)'
$(INSTALL_DATA) $(LIBKMC_LIB_PATH)/libkmc.so$(X) '$(DESTDIR)$(bindir)/../lib/libkmc.so$(X)'
rm -f ./gs_ktool
installdirs:
$(MKDIR_P) '$(DESTDIR)$(bindir)'
clean distclean maintainer-clean:
rm -f ./*.o ./gs_ktool ./*.so

15
src/bin/gs_ktool/gs_ktool_conf.ini
View File

@ -1,15 +0,0 @@
# use '#' to comment out a line in this file.
# we use "key = value" to config gs_ktool, please do not change the name of "key"
[KeyManage]
rk_validity = 3650; # (days) this configure is only valid for the first installtion, but you can update it when it is expired
cmk_validity = 365; # (days)
cmk_length = 32; # (bytes)
# you can config the file path and file name of key-store-file(ksf) by yourself, but the path must be real path
pri_ksf = DEFAULT; # DEFAULT = $GS_KTOOL_FILE_PATH/primary_ksf.dat
sec_ksf = DEFAULT; # DEFAULT = $GS_KTOOL_FILE_PATH/secondary_ksf.dat
export_ksf = DEFAULT; # DEFAULT = $GS_KTOOL_FILE_PATH/export_ksf.dat
[LogManage]
is_logmodule_open = ON;
log_file = DEFAULT; # DEFAULT = $GS_KTOOL_FILE_PATH/gs_ktool.log

415
src/bin/gs_ktool/kt_common.cpp
View File

@ -1,415 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_common.cpp
* Some common functions used by both key manage_module and log manage module, including:
* 1. define global var read from configuration file
* 2. report error
* 3. read configuration file
* 4. converse time and date format
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_common.cpp
*
* -------------------------------------------------------------------------
*/
#include "kt_common.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <time.h>
#include "securec.h"
#include "securec_check.h"
#include "pthread.h"
const char *CONF_FILE_NAME = "gs_ktool_conf.ini";
const char *ZERO_BUF = " ";
char g_env_value[MAX_REAL_PATH_LEN] = {0};
char g_conf_file[MAX_REAL_PATH_LEN ] = {0};
/* globa vars read from configuration file */
ConfIterm g_conf = { 0 };
static pthread_mutex_t g_env_lock;
bool g_is_print_err = true;
static bool find_conf_segment(FILE *conf_file_handle, const char *conf_segment_name);
static void read_conf_lines(FILE *conf_file_handle, char key_list[][MAX_CONF_KEY_LEN],
char value_list[][MAX_CONF_VALUE_LEN], size_t *conf_item_num);
static unsigned int trans_date_to_int(const Time date);
char *gs_getenv_r(const char *name)
{
char *ret = NULL;
(void)pthread_mutex_lock(&g_env_lock);
ret = getenv(name);
(void)pthread_mutex_unlock(&g_env_lock);
return ret;
}
static bool find_conf_segment(FILE *conf_file_handle, const char *conf_segment_name)
{
int conf_item_cnt = 0;
char cur_line[MAX_CONF_LINE_LEN] = {0};
char cur_segment[MAX_SETMENT_NAME_LEN] = {0};
bool is_find_segment = false;
while (is_find_segment == false && fgets(cur_line, MAX_CONF_LINE_LEN, conf_file_handle)) {
if (conf_item_cnt > MAX_CONF_ITEM_QUANTITY) {
printf("WARING: only %d configuration items can be read.\n", MAX_CONF_ITEM_QUANTITY);
return false;
}
if (strlen(cur_line) < strlen("[]")) {
continue;
}
/* find configuration segment location */
size_t ps = 0; /* position of segment */
for (size_t i = 0; i < strlen(cur_line); i++) {
if (cur_line[i] == ' ') {
continue;
} else if (cur_line[i] == '[') {
/* the configuration segment is defined as [Segment], if we find '[', then we will try to find ']' */
for (i = i + 1; i < strlen(cur_line); i++) {
if (cur_line[i] == ']') {
cur_segment[ps] = '\0';
break;
} else if (i == strlen(cur_line) - 1) {
printf("WARNING: incomplete configuration segment declaration: '%s'\n", cur_line);
break;
} else {
cur_segment[ps] = cur_line[i];
ps++;
}
}
if (strcmp(cur_segment, conf_segment_name) == 0) {
is_find_segment = true;
}
} else {
break;
}
}
}
return is_find_segment;
}
static void read_conf_lines(FILE *conf_file_handle, char key_list[][MAX_CONF_KEY_LEN],
char value_list[][MAX_CONF_VALUE_LEN], size_t *conf_item_num)
{
bool is_in_segment = true;
char cur_line[MAX_CONF_LINE_LEN] = {0};
char cur_key[MAX_CONF_KEY_LEN] = {0};
char cur_value[MAX_CONF_VALUE_LEN] = {0};
size_t pl = 0; /* position of line */
size_t pk = 0; /* position of key */
size_t pv = 0; /* position of value */
size_t conf_item_cnt = 0;
errno_t rc = 0;
while (is_in_segment == true && fgets(cur_line, MAX_CONF_LINE_LEN, conf_file_handle)) {
if (strlen(cur_line) < strlen(" = ;")) {
continue;
}
/* check segment end, then read key from configureation line */
for (; pl < strlen(cur_line); pl++) {
if (cur_line[pl] == '#') {
break;
} else if (cur_line[pl] == ' ') {
continue;
} else if (cur_line[pl] == '[') {
is_in_segment = false;
break;
} else if (cur_line[pl] == '=') {
cur_key[pk] = '\0';
break;
} else {
cur_key[pk] = cur_line[pl];
pk++;
}
}
/* read value from configureation line */
if (is_in_segment == true) {
for (pl = pl + 1; pl < strlen(cur_line); pl++) {
if (cur_line[pl] == ' ') {
continue;
} else if (cur_line[pl] == ';') {
cur_value[pv] = '\0';
break;
} else {
cur_value[pv] = cur_line[pl];
pv++;
}
}
if (strlen(cur_key) > 0 && strlen(cur_value) > 0) {
rc = strcpy_s(key_list[conf_item_cnt], MAX_CONF_KEY_LEN, cur_key);
securec_check_c(rc, "", "");
rc = strcpy_s(value_list[conf_item_cnt], MAX_CONF_VALUE_LEN, cur_value);
securec_check_c(rc, "", "");
conf_item_cnt++;
}
}
rc = memset_s(cur_line, MAX_CONF_LINE_LEN, 0, MAX_CONF_LINE_LEN);
securec_check_c(rc, "", "");
rc = memset_s(cur_key, MAX_CONF_KEY_LEN, 0, MAX_CONF_KEY_LEN);
securec_check_c(rc, "", "");
rc = memset_s(cur_value, MAX_CONF_VALUE_LEN, 0, MAX_CONF_VALUE_LEN);
securec_check_c(rc, "", "");
pl = 0;
pk = 0;
pv = 0;
}
*conf_item_num = conf_item_cnt;
}
bool read_conf_segment(const char *conf_file, const char *conf_segment_name, char key_list[][MAX_CONF_KEY_LEN],
char value_list[][MAX_CONF_VALUE_LEN], size_t *conf_item_num)
{
FILE *fp = NULL;
fp = fopen(conf_file, "rb");
if (fp == NULL) {
return false;
}
if (!find_conf_segment(fp, conf_segment_name)) {
fclose(fp);
return false;
}
read_conf_lines(fp, key_list, value_list, conf_item_num);
fclose(fp);
return true;
}
bool set_global_file(char *kt_file, const GlobalKtoolFile file_type, const char *file_str)
{
char default_kt_file_name[MAX_FILE_NAME_LEN];
errno_t rc = 0;
if (kt_file == NULL || g_env_value == NULL) {
return false;
}
if (strlen(file_str) >= MAX_REAL_PATH_LEN) {
return false;
}
/*
* file_str is read from configure file, it has 2 types:
* (1) “real_path/file_name” : the real_path and file_name are set by user.
* (2) “DEFAULT” :in this case, we will use the default file_path and file_name
*/
if (strcmp(file_str, "DEFAULT") != 0) {
/* file_str is a real path read from configuration file */
rc = sprintf_s(kt_file, MAX_REAL_PATH_LEN, "%s", file_str);
securec_check_ss_c(rc, "", "");
if (!check_kt_env_value(kt_file)) {
printf("ERROR: failed to set configuration, the path '%s' contains angerous character.\n", kt_file);
return false;
}
return true;
} else {
switch (file_type) {
case G_PRI_KSF:
rc = strcpy_s(default_kt_file_name, MAX_FILE_NAME_LEN, "primary_ksf.dat");
securec_check_c(rc, "", "");
break;
case G_SEC_KSF:
rc = strcpy_s(default_kt_file_name, MAX_FILE_NAME_LEN, "secondary_ksf.dat");
securec_check_c(rc, "", "");
break;
case G_EXPORT_KSF:
rc = strcpy_s(default_kt_file_name, MAX_FILE_NAME_LEN, "export_ksf.dat");
securec_check_c(rc, "", "");
break;
case G_LOG_FILE:
rc = strcpy_s(default_kt_file_name, MAX_FILE_NAME_LEN, "gs_ktool.log");
securec_check_c(rc, "", "");
break;
default:
break;
}
rc = sprintf_s(kt_file, MAX_REAL_PATH_LEN, "%s/%s", g_env_value, default_kt_file_name);
securec_check_ss_c(rc, "", "");
}
return true;
}
bool check_kt_env_value(const char *env_value)
{
const char* danger_char_list[] = {"|", ";", "&", "$", "<", ">", "`", "\\", "'", "\"",
"{", "}", "(", ")", "[", "]", "~", "*", "?", "!", "\n", NULL};
for (int i = 0; danger_char_list[i] != NULL; i++) {
if (strstr(env_value, danger_char_list[i]) != NULL) {
return false;
}
}
return true;
}
bool compare_list_element(const char list_a[][MAX_CONF_KEY_LEN], size_t list_a_cnt, char list_b[][MAX_CONF_KEY_LEN],
size_t list_b_cnt, size_t *loss_pos)
{
bool is_find_element = false;
for (size_t i = 0; i < list_a_cnt; i++) {
for (size_t j = 0; j < list_b_cnt; j++) {
if (strcmp(list_a[i], list_b[j]) == 0) {
is_find_element = true;
break;
}
}
if (!is_find_element) {
*loss_pos = i;
return false;
} else {
is_find_element = false;
}
}
return true;
}
/* to print pretty table, create line like "---------" */
void make_table_line(char *line_buf, const size_t buf_len, const size_t line_len)
{
size_t i = 0;
if (line_len >= buf_len) {
return;
}
for (i = 0; i < line_len; i++) {
line_buf[i] = '-';
}
line_buf[i] = '\0';
}
bool atoi_strictly(const char *str, unsigned int *num)
{
for (size_t i = 0; i < strlen(str); i++) {
if (str[i] < '0' || str[i] > '9') {
return false;
}
}
*num = atoi(str);
return true;
}
bool get_sys_time(Time *sys_time)
{
time_t t_time = { 0 };
struct tm *tm_time = { 0 };
unsigned int initial_year = 1900;
unsigned int initial_moth = 1;
time(&t_time);
tm_time = localtime(&t_time);
if (tm_time == NULL) {
return false;
}
sys_time->year = tm_time->tm_year + initial_year;
sys_time->month = tm_time->tm_mon + initial_moth;
sys_time->day = tm_time->tm_mday;
sys_time->hour = tm_time->tm_hour;
sys_time->minute = tm_time->tm_min;
sys_time->second = tm_time->tm_sec;
return true;
}
void date_ttos(const Time date_t, char *date_s, const size_t buf_size)
{
errno_t rc = 0;
rc = sprintf_s(date_s, buf_size, "%04u-%02u-%02u", date_t.year, date_t.month, date_t.day);
securec_check_ss_c(rc, "", "");
}
void time_ttos(const Time time_t, char *time_s, const size_t buf_size)
{
errno_t rc = 0;
rc = sprintf_s(time_s, buf_size, "%02u:%02u:%02u", time_t.hour, time_t.minute, time_t.second);
securec_check_ss_c(rc, "", "");
}
void trans_wsectime_to_time(WsecSysTime wsec_time_t, Time *time_t)
{
time_t->year = wsec_time_t.kmcYear;
time_t->month = wsec_time_t.kmcMonth;
time_t->day = wsec_time_t.kmcDate;
time_t->hour = wsec_time_t.kmcHour;
time_t->minute = wsec_time_t.kmcMinute;
time_t->second = wsec_time_t.kmcSecond;
}
static unsigned int trans_date_to_int(const Time date)
{
unsigned int days = 0;
/* my epochs, not use 1970.1.1, but use 2019.1.1 */
unsigned int origin_y = 2019;
unsigned int origin_m = 1;
/* origin_d = 1 */
const unsigned int leap_year[12] = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
const unsigned int lunar_year[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
for (unsigned int y = (origin_y + 1); y <= date.year; y++) {
if ((y - 1) % 4 == 0) {
days += 366;
} else {
days += 365;
}
}
for (unsigned int m = (origin_m + 1); m <= date.month; m++) {
if (date.year % 4 == 0) {
days += leap_year[m - 1];
} else {
days += lunar_year[m - 1];
}
}
days += date.day;
return days;
}
void timecpy(Time *dest_time, Time src_time)
{
securec_check_c(memcpy_s(dest_time, sizeof(Time), &src_time, sizeof(Time)), "\0", "\0");
}
/* to determine whether the key has expired */
int calculate_interval(Time start, Time end)
{
return (trans_date_to_int(end) - trans_date_to_int(start));
}

141
src/bin/gs_ktool/kt_common.h
View File

@ -1,141 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_common.h
* Some common functions used by both key manage_module and log manage module, including:
* 1. define global var read from configuration file
* 2. report error
* 3. read configuration file
* 4. converse time and date format
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_common.h
*
* -------------------------------------------------------------------------
*/
#ifndef GS_KT_COMMON_H
#define GS_KT_COMMON_H
#include "kt_kmc_callback.h"
extern const char *CONF_FILE_NAME;
extern const char *ZERO_BUF;
/* check length from conf file && from gs_ktool interfacs */
const int MAX_CONF_ITEM_QUANTITY = 100;
const int MAX_CONF_LINE_LEN = 2048;
const int MAX_CONF_KEY_LEN = 512;
const int MAX_CONF_VALUE_LEN = 512;
const int MAX_SETMENT_NAME_LEN = 1024;
const int MAX_RK_VALIDITY = 10000;
const int MAX_CMK_VALIDITY = 3660;
const int MAX_FILE_NAME_LEN = 512;
const int MAX_REAL_PATH_LEN = 4096;
const int MIN_CMK_LEN = 16;
const int MAX_CMK_LEN = 112; /* 112 bytes (the max length that KMC support) */
const int DEFAULT_DOMAIN = 2;
/* general limit */
const int MAX_LOG_RESULT_LEN = 2048;
const int MAX_USER_INPUT_LEN = 1024;
typedef enum KeyManageConf {
RK_VALIDITY = 0,
CMK_VALIDITY,
CMK_LENGTH,
PRI_KSF,
SEC_KSF,
EXPORT_KSF,
} KeyManageConf;
enum LogManageConf {
IS_LOGMODULE_OPEN = 0,
LOG_FILE,
};
typedef enum GlobalKtoolFile {
G_CONF_FILE = 0,
G_PRI_KSF,
G_SEC_KSF,
G_EXPORT_KSF,
G_LOG_FILE,
} GlobalKtoolFile;
typedef enum LogModuleStatus {
ON = 0,
OFF,
} LogModuleStatus;
typedef struct Time {
unsigned int year;
unsigned int month;
unsigned int day;
unsigned int hour;
unsigned int minute;
unsigned int second;
} Time;
typedef struct ConfIterm {
unsigned int rk_validity;
unsigned int cmk_validity;
unsigned int cmk_length;
char pri_ksf[MAX_REAL_PATH_LEN ];
char sec_ksf[MAX_REAL_PATH_LEN ];
char export_ksf[MAX_REAL_PATH_LEN ];
unsigned char is_logmodule_open;
char log_file[MAX_REAL_PATH_LEN ];
} ConfIterm;
#define return_false_if(condition) {\
if ((condition)) { \
return false; \
} \
}
#define kt_free(ptr) \
{ \
free(ptr); \
ptr = NULL; \
}
extern char g_env_value[MAX_REAL_PATH_LEN];
extern char g_conf_file[MAX_REAL_PATH_LEN ];
/* globa vars read from configuration file */
extern ConfIterm g_conf;
extern bool g_is_print_err;
extern char *gs_getenv_r(const char *name);
extern bool read_conf_segment(const char *conf_file, const char *conf_segment_name, char key_list[][MAX_CONF_KEY_LEN],
char value_list[][MAX_CONF_VALUE_LEN], size_t *conf_item_num);
extern bool set_global_file(char *kt_file, const GlobalKtoolFile file_type, const char *file_str);
extern bool check_kt_env_value(const char *env_value);
extern bool compare_list_element(const char list_a[][MAX_CONF_KEY_LEN], size_t list_a_cnt,
char list_b[][MAX_CONF_KEY_LEN], size_t list_b_cnt, size_t *loss_pos);
void make_table_line(char *line_buf, const size_t buf_len, const size_t line_len);
bool atoi_strictly(const char *str, unsigned int *num);
/* convert and calculate the time */
extern bool get_sys_time(Time *sys_time);
void date_ttos(const Time date_t, char *date_s, const size_t buf_size);
void time_ttos(const Time time_t, char *time_s, const size_t buf_size);
void trans_wsectime_to_time(WsecSysTime wsec_time_t, Time *time_t);
void timecpy(Time *dest_time, Time src_time);
/* to determine whether the key has expired */
int calculate_interval(Time start, Time end);
#endif

115
src/bin/gs_ktool/kt_interface.cpp
View File

@ -1,115 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_interface.cpp
* APIs for Encrypted Database.
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_interface.cpp
*
* -------------------------------------------------------------------------
*/
#include "kt_interface.h"
#include<stdio.h>
#include<stdlib.h>
#include "kt_common.h"
#include "kt_key_manage.h"
#include "kt_log_manage.h"
const int MAX_CMK_PLAIN_LEN = 112;
static bool init_kt_ksf();
static bool init_kt_ksf()
{
const char required_conf[][MAX_CONF_KEY_LEN] = {"pri_ksf", "sec_ksf"};
size_t required_conf_cnt = sizeof(required_conf) / sizeof(required_conf[0]);
if (!reg_callback_funcs()) {
printf("ERROR(GS_KTOOL): failed to register callback functions.\n");
return false;
}
if (!initialize_logmodule()) {
return false;
}
if (!load_key_manage_conf(required_conf, required_conf_cnt)) {
return false;
}
if (!has_ksf_existed()) {
insert_format_log(L_OPEN_FILE, KT_ERROR,
"please make sure 'gs_ktool' is installed and the key store file already exists");
return false;
}
return init_or_create_ksf();
}
bool get_cmk_len(unsigned int cmk_id, unsigned int *cmk_len)
{
KmcMkInfo cmk_info = { 0 };
unsigned char cmk_plain[MAX_CMK_PLAIN_LEN] = { 0 };
unsigned int cmk_plain_buf_len = MAX_CMK_PLAIN_LEN;
bool ret = true;
return_false_if(cmk_len == NULL);
if (!init_kt_ksf()) {
return false;
}
if (KmcGetMkDetail(DEFAULT_DOMAIN, cmk_id, &cmk_info, cmk_plain, &cmk_plain_buf_len) == WSEC_SUCCESS) {
insert_format_log(L_SELECT_CMK_LEN, KT_SUCCEED, "cmk id: %d", cmk_id);
} else {
insert_format_log(L_SELECT_CMK_LEN, KT_ERROR, "cmk id: %d", cmk_id);
ret = false;
}
WsecFinalizeEx();
*cmk_len = cmk_plain_buf_len;
return ret;
}
bool get_cmk_plain(unsigned int cmk_id, unsigned char *cmk_plain, unsigned int *cmk_len)
{
KmcMkInfo cmk_info = { 0 };
unsigned char tmp_cmk_plain[MAX_CMK_PLAIN_LEN] = {0};
unsigned int tmp_plain_buf_len = MAX_CMK_PLAIN_LEN;
bool ret = true;
return_false_if(cmk_plain == NULL);
if (!init_kt_ksf()) {
return false;
}
if (KmcGetMkDetail(DEFAULT_DOMAIN, cmk_id, &cmk_info, tmp_cmk_plain, &tmp_plain_buf_len) == WSEC_SUCCESS) {
for (unsigned int i = 0; i < tmp_plain_buf_len; i++) {
cmk_plain[i] = tmp_cmk_plain[i];
}
*cmk_len = tmp_plain_buf_len;
insert_format_log(L_SELECT_CMK_PLAIN, KT_SUCCEED, "cmk id: %d", cmk_id);
} else {
insert_format_log(L_SELECT_CMK_PLAIN, KT_ERROR, "cmk id: %d", cmk_id);
ret = false;
}
WsecFinalizeEx();
return ret;
}

589
src/bin/gs_ktool/kt_key_manage.cpp
View File

@ -1,589 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_key_manage.cpp
* Foreword : before reading this part of code, you should be familiar with the principle for key classification;
* This part is mainly used for encrypted database;
* Describe : in the scenario of three-level-key-schema, we use rk (root key) to encrypt cmk (client master key),
* use cmk to encrypt cek (client encrypt key), use cek to encrypt data. We use KMC to manage cmk and rk;
* Function : cmk manage : 1) generate cmk; 2) delete cmk; 3) select cmk info; 4) export cmk; 5) import cmk;
* rk manage : 1) select rk info; 2) update rk;
* (this module calls KMC interfaces to realize the key management functions.)
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_key_manage.cpp
*
* -------------------------------------------------------------------------
*/
#include "kt_key_manage.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "kt_log_manage.h"
static const char g_all_key_manage_conf[][MAX_CONF_KEY_LEN] = {"rk_validity", "cmk_validity", "cmk_length", "pri_ksf",
"sec_ksf", "export_ksf"};
static bool set_global_key_conf(KeyManageConf key_conf, const char *conf_key, const char *conf_value);
static bool set_rk_validity();
static bool check_rk_validity(int *days);
bool reg_callback_funcs(void)
{
return (RegFunCallback() == WSEC_SUCCESS);
}
bool load_key_manage_conf(const char required_conf[MAX_CONF_ITEM_QUANTITY][MAX_CONF_KEY_LEN],
size_t required_conf_cnt)
{
char key_list[MAX_CONF_ITEM_QUANTITY][MAX_CONF_KEY_LEN] = {0};
char value_list[MAX_CONF_ITEM_QUANTITY][MAX_CONF_VALUE_LEN] = {0};
size_t lost_conf_pos = 0;
size_t conf_item_cnt = 0;
bool ret = true;
bool is_find_conf_item = false;
if (!read_conf_segment(g_conf_file, "KeyManage", key_list, value_list, &conf_item_cnt)) {
insert_format_log(L_READ_CONF, KT_ERROR, "cannot find configuration segment : '%s'", "KeyManage");
return false;
}
if (!compare_list_element(required_conf, required_conf_cnt, key_list, conf_item_cnt, &lost_conf_pos)) {
insert_format_log(L_READ_CONF, KT_ERROR, "lost configuration item : '%s'", required_conf[lost_conf_pos]);
return false;
}
for (size_t i = 0; i < required_conf_cnt; i++) {
for (size_t j = 0; j < sizeof(g_all_key_manage_conf) / sizeof(g_all_key_manage_conf[0]); j++) {
if (strcmp(required_conf[i], g_all_key_manage_conf[j]) == 0) {
is_find_conf_item = true;
switch (j) {
case RK_VALIDITY:
if (!set_global_key_conf(RK_VALIDITY, key_list[j], value_list[j])) {
return false;
}
break;
case CMK_VALIDITY:
if (!set_global_key_conf(CMK_VALIDITY, key_list[j], value_list[j])) {
return false;
}
break;
case CMK_LENGTH:
if (!set_global_key_conf(CMK_LENGTH, key_list[j], value_list[j])) {
return false;
}
break;
case PRI_KSF:
ret = set_global_file(g_conf.pri_ksf, G_PRI_KSF, value_list[j]);
break;
case SEC_KSF:
ret = set_global_file(g_conf.sec_ksf, G_SEC_KSF, value_list[j]);
break;
case EXPORT_KSF:
ret = set_global_file(g_conf.export_ksf, G_EXPORT_KSF, value_list[j]);
break;
default:
break;
}
}
if (!ret) {
printf("%s %s\n", key_list[j], value_list[j]);
insert_format_log(L_SET_CONF, KT_ERROR, "the value of '%s' is invalid", key_list[i]);
return false;
}
}
if (!is_find_conf_item) {
insert_format_log(L_READ_CONF, KT_ERROR, "lost configuration item : '%s'", key_list[i]);
return false;
} else {
is_find_conf_item = false;
}
}
return true;
}
static bool set_global_key_conf(KeyManageConf key_conf, const char *conf_key, const char *conf_value)
{
unsigned int input_num = 0;
if (!atoi_strictly(conf_value, &input_num)) {
insert_format_log(L_SET_CONF, KT_ERROR, "this configuration value '%s' is expected to be an positive integer",
conf_value);
return false;
}
switch (key_conf) {
case RK_VALIDITY:
if (input_num < 1 || input_num > MAX_RK_VALIDITY) {
insert_format_log(L_SET_CONF, KT_ERROR, "'%s' should be in range (0, %d]", conf_key, MAX_RK_VALIDITY);
return false;
}
g_conf.rk_validity = input_num;
break;
case CMK_VALIDITY: {
if (input_num < 1 || input_num > MAX_CMK_VALIDITY) {
insert_format_log(L_SET_CONF, KT_ERROR, "'%s' should be in range (0, %d]", conf_key, MAX_CMK_VALIDITY);
return false;
}
g_conf.cmk_validity = input_num;
break;
}
case CMK_LENGTH:
if (input_num < MIN_CMK_LEN || input_num > MAX_CMK_LEN) {
insert_format_log(L_SET_CONF, KT_ERROR, "cmk_length '%u' should be in range [%d, %d]", input_num,
MIN_CMK_LEN, MAX_CMK_LEN);
return false;
}
g_conf.cmk_length = input_num;
break;
default:
break;
}
return true;
}
bool has_ksf_existed(void)
{
FILE *pri_fp = NULL;
FILE *sec_fp = NULL;
pri_fp = fopen(g_conf.pri_ksf, "r");
if (pri_fp == NULL) {
return false;
}
sec_fp = fopen(g_conf.sec_ksf, "r");
if (sec_fp == NULL) {
fclose(pri_fp);
return false;
}
fclose(pri_fp);
fclose(sec_fp);
return true;
}
bool init_or_create_ksf(void)
{
KmcKsfName ksf_paths = { 0 };
ksf_paths.keyStoreFile[0] = g_conf.pri_ksf;
ksf_paths.keyStoreFile[1] = g_conf.sec_ksf;
/*
* in WsecInitializeEx():
* if the ksf cannot be found, this func will create a new one
* else if the ksf is found, this func only initialize it
*/
return (WsecInitializeEx(KMC_ROLE_MASTER, &ksf_paths, WSEC_FALSE, NULL) == WSEC_SUCCESS);
}
static bool set_rk_validity()
{
KmcCfgRootKey rk_conf = { 0 };
rk_conf.validity = g_conf.rk_validity;
rk_conf.rmkIter = DEFAULT_RK_ITER;
return (KmcSetDefaultRootKeyCfg(&rk_conf) == WSEC_SUCCESS);
}
static bool check_rk_validity(int *days)
{
KmcRkAttributes rk_attr = { 0 };
Time today = { 0 };
Time expired_day = { 0 };
if (KmcGetRootKeyInfo(&rk_attr) != WSEC_SUCCESS) {
insert_format_log(L_SELECT_RK, KT_ERROR, "");
return false;
}
if (!get_sys_time(&today)) {
insert_format_log(L_GET_TIME, KT_ERROR, "");
return false;
}
trans_wsectime_to_time(rk_attr.rkExpiredTimeUtc, &expired_day);
*days = calculate_interval(today, expired_day);
return true;
}
bool init_keytool(void)
{
int rk_expired_days = 0;
const char required_conf[][MAX_CONF_KEY_LEN] = {"rk_validity", "cmk_validity", "cmk_length",
"pri_ksf", "sec_ksf", "export_ksf"};
size_t required_conf_cnt = sizeof(required_conf) / sizeof(required_conf[0]);
if (!reg_callback_funcs()) {
insert_format_log(L_REG_CALLBACK_FUNC, KT_ERROR, "");
return false;
}
if (!load_key_manage_conf(required_conf, required_conf_cnt)) {
return false;
}
if (!set_rk_validity()) {
insert_format_log(L_SET_RK_VALIDITY, KT_ERROR, "");
return false;
}
bool ret = has_ksf_existed();
if (!init_or_create_ksf()) {
insert_format_log(L_INIT_KMC, KT_ERROR, "");
return false;
}
if (!ret) {
printf("NOTICE: created new key store file : %s.\n", g_conf.pri_ksf);
insert_format_log(L_CREATE_FILE, KT_NOTICE, "new key store file : '%s'", g_conf.pri_ksf);
}
if (!check_rk_validity(&rk_expired_days)) {
return false;
}
if (rk_expired_days < 0) {
printf("WARNING: your root key has expired \"%d\" days.\n", -rk_expired_days);
insert_format_log(L_CHECK_RK_VALIDITY, KT_ALARM, "expired : %d", -rk_expired_days);
printf("HINT: you can use following conmmand to cycle root key:");
printf(" gs_ktool -R -u\n");
}
return true;
}
CmkInfo *init_cmk_info_list()
{
CmkInfo *cmk_info_list = NULL;
cmk_info_list = (CmkInfo *)malloc(sizeof(CmkInfo));
if (cmk_info_list == NULL) {
insert_format_log(L_MALLOC_MEMORY, KT_ERROR, "");
exit(1);
}
cmk_info_list->cmk_id = INVALID_CMK_KD;
cmk_info_list->next = NULL;
return cmk_info_list;
}
bool add_cmk_info_node(CmkInfo *cmk_info_list, unsigned int cmk_id, unsigned int cmk_plain_len,
const Time cmk_create_time, const Time cmk_expired_time)
{
bool is_list_empty = false;
CmkInfo *last_node = NULL;
CmkInfo *new_node = NULL;
Time today = { 0 };
bool is_expired = false;
int days = 0;
if (cmk_info_list->cmk_id == INVALID_CMK_KD) {
is_list_empty = true;
new_node = cmk_info_list;
} else {
new_node = (CmkInfo *)malloc(sizeof(CmkInfo));
if (new_node == NULL) {
insert_format_log(L_MALLOC_MEMORY, KT_ERROR, "");
return false;
}
}
/* check is cmk expired */
if (!get_sys_time(&today)) {
insert_format_log(L_GET_TIME, KT_ERROR, "");
if (new_node != NULL) {
kt_free(new_node);
}
return false;
}
days = calculate_interval(today, cmk_expired_time);
new_node->cmk_id = cmk_id;
new_node->cmk_plain_len = cmk_plain_len;
timecpy(&(new_node->create_time), cmk_create_time);
timecpy(&(new_node->expired_time), cmk_expired_time);
new_node->is_expired = is_expired;
if (days <= 0) {
new_node->is_expired = true;
new_node->expired_days = -days;
} else {
new_node->is_expired = false;
new_node->expired_days = 0;
}
new_node->next = NULL;
if (!is_list_empty) {
last_node = cmk_info_list;
while (last_node->next != NULL) {
last_node = last_node->next;
}
last_node->next = new_node;
}
return true;
}
void trav_cmk_info_list(CmkInfo *cmk_info_list)
{
char table_line[15 + 1] = {0};
CmkInfo *cur = cmk_info_list;
unsigned int cmk_cnt = 0;
char create_date_str[strlen("0000-00-00/")] = {0};
char create_time_str[strlen("00:00:00/")] = {0};
char expired_date_str[strlen("0000-00-00/")] = {0};
if (cmk_info_list != NULL && cmk_info_list->cmk_id == INVALID_CMK_KD) {
printf("no cmk found.\n");
return;
}
make_table_line(table_line, sizeof(table_line), 15);
printf(" %10s | %10s | %15s | %15s | %15s\n", "cmk id", "cmk length", "create date UTC", "create time UTC",
"expired date UTC");
printf(" %10s-+-%10s-+-%15s-+-%15s-+-%15s\n", "----------", "----------", table_line, table_line, table_line);
while (cur != NULL) {
cmk_cnt++;
date_ttos(cur->create_time, create_date_str, sizeof(create_date_str));
time_ttos(cur->create_time, create_time_str, sizeof(create_time_str));
date_ttos(cur->expired_time, expired_date_str, sizeof(expired_date_str));
printf(" %10u | %10u | %15s | %15s | %15s", cur->cmk_id, cur->cmk_plain_len, create_date_str, create_time_str,
expired_date_str);
if (cur->is_expired) {
printf(" (WARNING : EXPIRED %d days)\n", cur->expired_days);
} else {
printf("\n");
}
cur = cur->next;
}
printf("(%u Rows)\n", cmk_cnt);
}
void destroy_cmk_info_list(CmkInfo *cmk_info_list)
{
CmkInfo *to_free = NULL;
while (cmk_info_list != NULL) {
to_free = cmk_info_list;
cmk_info_list = cmk_info_list->next;
kt_free(to_free);
}
}
void print_rk_info(const RkInfo *rk_info)
{
char table_line[15 + 1] = {0};
char create_date_str[strlen("0000-00-00/")] = {0};
char create_time_str[strlen("00:00:00/")] = {0};
char expired_date_str[strlen("0000-00-00/")] = {0};
date_ttos(rk_info->create_time, create_date_str, sizeof(create_date_str));
time_ttos(rk_info->create_time, create_time_str, sizeof(create_time_str));
date_ttos(rk_info->expired_time, expired_date_str, sizeof(expired_date_str));
make_table_line(table_line, sizeof(table_line), 15);
printf(" %15s | %15s | %15s\n", "create date UTC", "create time UTC", "expired date UTC");
printf(" %15s-+-%15s-+-%15s\n", table_line, table_line, table_line);
printf(" %15s | %15s | %15s\n", create_date_str, create_time_str, expired_date_str);
if (rk_info->is_expired) {
printf("\nWARNNING: your root key has expired %d days.\n", rk_info->expired_days);
printf("HINT: you can use following conmmand to cycle root key:");
printf(" gs_ktool -R -u\n");
}
}
bool generate_cmk(const bool has_set_len, unsigned int key_len, unsigned int *key_id)
{
KmcCfgDomainInfo domain_info = { 0 };
KmcCfgKeyType k_type = { 0 };
unsigned int cmk_plain_len = 0;
domain_info = { DEFAULT_DOMAIN, KMC_MK_GEN_BY_INNER, { 0 }, KMC_DOMAIN_TYPE_SHARE, 0 };
errno_t rc = strcpy_s(domain_info.desc, sizeof(domain_info.desc), "CMK");
securec_check_c(rc, "", "");
if (has_set_len) {
cmk_plain_len = key_len;
} else {
cmk_plain_len = g_conf.cmk_length;
}
k_type = { KMC_KEY_TYPE_ENCRPT_INTEGRITY, cmk_plain_len, g_conf.cmk_validity, 0 };
return_false_if(KmcAddDomainEx(&domain_info) != WSEC_SUCCESS);
return_false_if(KmcAddDomainKeyTypeEx(DEFAULT_DOMAIN, &k_type) != WSEC_SUCCESS);
*key_id = KmcGetMkCount();
if (*key_id >= MAX_CMK_QUANTITY) {
insert_format_log(L_GEN_CMK, KT_ERROR, "the number of CMKs exceeds the upper limit : %d.", MAX_CMK_QUANTITY);
return false;
}
return (KmcCreateMkEx(DEFAULT_DOMAIN, key_id) == WSEC_SUCCESS);
}
bool delete_cmk(const bool has_set_all, unsigned int cmk_id, unsigned int del_cmk_id_list[], unsigned int *del_cmk_cnt)
{
KmcCfgDomainInfo domain_info = { 0 };
KmcMkInfo kmc_cmk_info = { 0 };
unsigned int all_cmk_cnt = 0;
domain_info = { DEFAULT_DOMAIN, KMC_MK_GEN_BY_INNER, { 0 }, KMC_DOMAIN_TYPE_SHARE, 0 };
if (KmcAddDomainEx(&domain_info) != WSEC_SUCCESS) {
return false;
}
/* delete one cmk (user has specificed the cmk id) */
if (!has_set_all) {
return (KmcRmvMk(DEFAULT_DOMAIN, cmk_id) == WSEC_SUCCESS);
} else { /* delete all cmk */
all_cmk_cnt = KmcGetMkCount();
for (unsigned int i = 0; i < all_cmk_cnt; i++) {
if (KmcGetMk(1, &kmc_cmk_info) == WSEC_SUCCESS && kmc_cmk_info.domainId == DEFAULT_DOMAIN) {
return_false_if(KmcRmvMk(DEFAULT_DOMAIN, kmc_cmk_info.keyId) != WSEC_SUCCESS);
del_cmk_id_list[*del_cmk_cnt] = kmc_cmk_info.keyId;
(*del_cmk_cnt)++;
}
}
return true;
}
return false;
}
CmkInfo *select_cmk_info(const bool has_set_all, unsigned int key_id)
{
KmcMkInfo kmc_cmk_info = { 0 };
/* only used for call the func of selecting cmk plian len */
unsigned char cmk_plain[MAX_CMK_LEN] = {0};
unsigned int cmk_plain_len = 0;
Time cmk_create_time = { 0 };
Time cmk_expired_time = { 0 };
CmkInfo *cmk_info_list = NULL;
errno_t rc = 0;
int all_cmk_cnt = 0;
all_cmk_cnt = KmcGetMkCount();
if (all_cmk_cnt <= 0) {
return NULL;
}
cmk_info_list = (CmkInfo *)malloc(sizeof(CmkInfo));
if (cmk_info_list == NULL) {
insert_format_log(L_MALLOC_MEMORY, KT_ERROR, "");
return NULL;
}
cmk_info_list->cmk_id = INVALID_CMK_KD;
cmk_info_list->next = NULL;
for (int i = 0; i < all_cmk_cnt; i++) {
if (KmcGetMk(i, &kmc_cmk_info) != WSEC_SUCCESS) {
destroy_cmk_info_list(cmk_info_list);
return NULL;
}
if (kmc_cmk_info.domainId != DEFAULT_DOMAIN) {
continue;
}
if (kmc_cmk_info.keyId == key_id || has_set_all) {
cmk_plain_len = sizeof(cmk_plain);
if (KmcGetMkDetail(DEFAULT_DOMAIN, kmc_cmk_info.keyId, &kmc_cmk_info, cmk_plain, &cmk_plain_len)
== WSEC_SUCCESS) {
/* cmk plain is unused */
rc = memset_s(cmk_plain, MAX_CMK_LEN, 0, sizeof(cmk_plain));
securec_check_c(rc, "", "");
trans_wsectime_to_time(kmc_cmk_info.mkCreateTimeUtc, &cmk_create_time);
trans_wsectime_to_time(kmc_cmk_info.mkExpiredTimeUtc, &cmk_expired_time);
if (!add_cmk_info_node(cmk_info_list, kmc_cmk_info.keyId, cmk_plain_len, cmk_create_time,
cmk_expired_time)) {
destroy_cmk_info_list(cmk_info_list);
return NULL;
}
}
}
}
return cmk_info_list;
}
bool import_cmks_from_ksf(const char *ksf, const unsigned char *ksf_passwd, unsigned int ksf_pass_len)
{
return (KmcImportMkFileEx(ksf, ksf_passwd, ksf_pass_len) == WSEC_SUCCESS);
}
bool export_cmks_to_ksf(const bool has_set_export_ksf, const char *ksf, const unsigned char *ksf_passwd,
unsigned int ksf_pass_len)
{
return_false_if(ksf_passwd == NULL);
if (has_set_export_ksf) {
return (KmcExportMkFileEx(KMC_MKF_VER, ksf, ksf_passwd, ksf_pass_len, ITER_ROUND) == WSEC_SUCCESS);
} else {
return (KmcExportMkFileEx(KMC_MKF_VER, g_conf.export_ksf, ksf_passwd, ksf_pass_len, ITER_ROUND) ==
WSEC_SUCCESS);
}
}
bool select_rk_info(RkInfo *rk_info)
{
KmcRkAttributes rk_attr = { 0 };
Time today = { 0 };
int days = 0;
return_false_if(KmcGetRootKeyInfo(&rk_attr) != WSEC_SUCCESS);
trans_wsectime_to_time(rk_attr.rkCreateTimeUtc, &rk_info->create_time);
trans_wsectime_to_time(rk_attr.rkExpiredTimeUtc, &rk_info->expired_time);
/* check if cmk expired */
if (!get_sys_time(&today)) {
insert_format_log(L_GET_TIME, KT_ERROR, "");
}
days = calculate_interval(today, rk_info->expired_time);
if (days <= 0) {
rk_info->is_expired = true;
rk_info->expired_days = -days;
} else {
rk_info->is_expired = false;
rk_info->expired_days = 0;
}
return true;
}
bool cycle_rk(void)
{
return (KmcUpdateRootKey(NULL, 0) == WSEC_SUCCESS);
}

90
src/bin/gs_ktool/kt_key_manage.h
View File

@ -1,90 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_key_manage.cpp
* Foreword : before reading this part of code, you should be familiar with the principle for key classification;
* This part is mainly used for encrypted database;
* Describe : in the scenario of three-level-key-schema, we use rk (root key) to encrypt cmk (client master key),
* use cmk to encrypt cek (client encrypt key), use cek to encrypt data. We use KMC to manage cmk and rk;
* Function : cmk manage : 1) generate cmk; 2) delete cmk; 3) select cmk info; 4) export cmk; 5) import cmk;
* rk manage : 1) select rk info; 2) update rk;
* (this module calls KMC interfaces to realize the key management functions.)
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_key_manage.cpp
*
* -------------------------------------------------------------------------
*/
#ifndef GS_KT_KEY_MANAGE_H
#define GS_KT_KEY_MANAGE_H
#include "kt_common.h"
const int INVALID_CMK_KD = 0;
const unsigned int DEFAULT_RK_ITER = 10000;
/* key configure limited by both KMC and me */
const int MAX_CMK_QUANTITY = 4095;
const int MAX_KSF_PASS_BUF_LEN = 256;
const int MIN_KSF_PASS_LEN = 8;
const int ITER_ROUND = 10000;
typedef struct RkInfo {
Time create_time;
Time expired_time;
bool is_expired;
unsigned int expired_days;
} RkInfo;
typedef struct CmkInfo {
unsigned int cmk_id;
unsigned int cmk_plain_len;
Time create_time;
Time expired_time;
bool is_expired;
unsigned int expired_days;
struct CmkInfo *next;
} CmkInfo;
/* Description : before opetating cmk and rk, gs_ktool needs to be initialized first. */
extern bool reg_callback_funcs(void);
extern bool load_key_manage_conf(const char required_conf[MAX_CONF_ITEM_QUANTITY][MAX_CONF_KEY_LEN],
size_t required_conf_cnt);
extern bool has_ksf_existed(void);
extern bool init_or_create_ksf(void);
extern bool init_keytool(void);
extern CmkInfo *init_cmk_info_list();
extern bool add_cmk_info_node(CmkInfo *cmk_info_list, unsigned int cmk_id, unsigned int cmk_plain_len,
const Time cmk_create_time, const Time cmk_expired_time);
extern void trav_cmk_info_list(CmkInfo *cmk_info_list);
extern void destroy_cmk_info_list(CmkInfo *cmk_info_list);
extern void print_rk_info(const RkInfo *rk_info);
/* functions to manage cmk : generate, delete, select, import, export. */
extern bool generate_cmk(const bool has_set_len, unsigned int key_len, unsigned int *key_id);
extern bool delete_cmk(const bool has_set_all, unsigned int cmk_id, unsigned int del_cmk_id_list[],
unsigned int *del_cmk_cnt);
extern CmkInfo *select_cmk_info(const bool has_set_all, unsigned int key_id);
extern bool import_cmks_from_ksf(const char *ksf, const unsigned char *ksf_passwd, unsigned int ksf_pass_len);
extern bool export_cmks_to_ksf(const bool has_set_export_ksf, const char *ksf, const unsigned char *ksf_passwd,
unsigned int ksf_pass_len);
/* functions to manage rk : select, cycle(update). */
extern bool select_rk_info(RkInfo *rk_info); /* we can use the same Struct to describ rk_info */
extern bool cycle_rk(void);
#endif

467
src/bin/gs_ktool/kt_kmc_callback.cpp
View File

@ -1,467 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_kmc_callback.cpp
* Register callback functions of KMC :
* There are 8 types of callback functions, each type has several functions
* Wsec[Type]Callbacks : Callback[Func]
* type | func | set
* ----------+------------------------------------------------------------------+--------
* mem | memAlloc, memFree, memCmp | default
* file | fileOpen, fileClose, fileRead, fileWrite, fileFlush, |
* | fileRemove, fileTell, fileSeek, fileEof, fileErrno | 11
* lock | createLock, destroyLock, lock, unlock | 4
* procLock | createProcLock, destroyProcLock, procLock, procUnlock | 4
* basicRely | writeLog, notify, doEvents | 3
* rng | getRandomNum, getEntropty, cleanupEntopy | 3
* time | gmTimeSate | 1
* hardWare | hwGetEncExtraData...(all 12) |
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_kmc_callback.cpp
*
* -------------------------------------------------------------------------
*/
#include "kt_kmc_callback.h"
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <getopt.h>
#include <malloc.h>
#include <fcntl.h>
#include <semaphore.h>
#include <pthread.h>
#include <sys/stat.h>
#include <sys/types.h>
#include "kt_log_manage.h"
const char *RND_DEVICE = "/dev/random";
const int ENTROPY_BUFF_SIZE = 128;
const int MAX_PROCESS_LOCK_NAME_LEN = 256;
static WsecBool KeCallbackCreateProcLock(WsecHandle *CProcLock);
static WsecVoid KeCallbackDestroyProcLock(WsecHandle DProcLock);
static WsecVoid KeCallbackProcLock(WsecHandle ProcLock);
static WsecVoid KeCallbackProcUnlock(WsecHandle ProcUnlock);
static WsecBool KeCallbackCreateThreadLock(WsecHandle *phMutex);
static WsecVoid KeCallbackDestroyThreadLock(WsecHandle phMutex);
static WsecVoid KeCallbackThreadLock(WsecHandle phMutex);
static WsecVoid KeCallbackThreadUnlock(WsecHandle phMutex);
static WsecHandle KeCallbackFopen(const char *filePathName, const KmcFileOpenMode mode);
static int KeCallbackFclose(WsecHandle stream);
/* only need to do single read process. the KMC caller has done the multiple read process */
static WsecBool KeCallbackFread(WsecVoid *buffer, size_t count, WsecHandle stream);
/* remove fsync, just kmc will flush data or close file after WSEC_FWRITE */
static WsecBool KeCallbackFwrite(const WsecVoid *buffer, size_t count, WsecHandle stream);
static int KeCallbackFflush(WsecHandle stream);
static int KeCallbackFremove(const char *path);
static long KeCallbackFtell(WsecVoid *stream);
/* return offset position if success(relative to file beginning), return -1 if failed */
static long KeCallbackFseek(WsecVoid *stream, long offset, KmcFileSeekPos origin);
static int KeCallbackFeof(WsecVoid *stream, WsecBool *endOfFile);
static int KeCallbackFerrno(WsecVoid *stream);
static int KeCallbackFexist(const char *filePathName);
static WsecBool KeCallbackUtcTime(const time_t *curTime, struct tm *curTm);
static unsigned long GetRandomNumbers(unsigned char *buff, size_t len);
static WsecBool KeCallbackGetEntropy(unsigned char **ppEnt, size_t buffLen);
static WsecVoid KeCallbackCleanupEntropy(unsigned char *pEnt, size_t buffLen);
static WsecVoid KeCallbackDoEvents(void);
static WsecVoid KeCallbackNotify(WsecUint32 eNtfCode, const WsecVoid *pData, size_t nDataSize);
static WsecVoid KeCallbackWriteLog(int nLevel, const char *module, const char *function, int line, const char *logCtx);
WsecBool KeCallbackCreateProcLock(WsecHandle* CProcLock)
{
sem_t* h = NULL;
uid_t user_id = 0;
char user_pro_lock_name[MAX_PROCESS_LOCK_NAME_LEN] = {0};
errno_t rc = 0;
int sem_val = 0;
int ret = 0;
if (CProcLock == NULL) {
return WSEC_FALSE;
}
user_id = getuid();
rc = sprintf_s(user_pro_lock_name, MAX_PROCESS_LOCK_NAME_LEN, "GS_KTOOL_PROCESS_LOCK_FOR_%u", user_id);
securec_check_ss_c(rc, "", "");
h = sem_open(user_pro_lock_name, O_CREAT, S_IRUSR | S_IWUSR, 1);
if (h == NULL) {
insert_format_log(L_OPEN_SEM, KT_ERROR, "semaphore name : '%s'", user_pro_lock_name);
return WSEC_FALSE;
}
ret = sem_getvalue(h, &sem_val);
if (ret == -1) {
insert_format_log(L_OPEN_SEM, KT_ERROR, "semaphore name : '%s'", user_pro_lock_name);
return WSEC_FALSE;
}
if (sem_val <= 0) {
if (sem_init(h, 0, 1) != 0) {
insert_format_log(L_INIT_SEM, KT_ERROR, "semaphore name : '%s', semaphore value : %d",
user_pro_lock_name, sem_val);
}
insert_format_log(L_INIT_SEM, KT_NOTICE,
"semaphore name : '%s', old semaphore value : %d, new semaphore value : 1", user_pro_lock_name, sem_val);
}
*CProcLock = h;
return WSEC_TRUE;
}
WsecVoid KeCallbackDestroyProcLock(WsecHandle DProcLock)
{
sem_t* h = (sem_t*)DProcLock;
if (h != NULL) {
(void)sem_close(h);
}
return;
}
WsecVoid KeCallbackProcLock(WsecHandle ProcLock)
{
sem_t* h = (sem_t*)ProcLock;
int ret = 0;
ret = (sem_wait(h) == 0);
if (ret == WSEC_FALSE) {
insert_format_log(L_WAIT_SEM, KT_ERROR, "");
}
return;
}
WsecVoid KeCallbackProcUnlock(WsecHandle ProcUnlock)
{
sem_t* h = (sem_t*)ProcUnlock;
int ret = 0;
ret = (sem_post(h) == 0);
if (ret == WSEC_FALSE) {
insert_format_log(L_POST_SEM, KT_ERROR, "");
}
return;
}
static WsecBool KeCallbackCreateThreadLock(WsecHandle *phMutex)
{
if (phMutex == NULL) {
return WSEC_FALSE;
}
if (*phMutex != NULL) {
return WSEC_FALSE;
}
pthread_mutex_t *mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t));
if (mutex == NULL) {
return WSEC_FALSE;
}
int result = pthread_mutex_init(mutex, NULL);
if (result != 0) {
kt_free(mutex);
return WSEC_FALSE;
}
*phMutex = mutex;
return WSEC_TRUE;
}
static WsecVoid KeCallbackDestroyThreadLock(WsecHandle phMutex)
{
pthread_mutex_t *mutex = (pthread_mutex_t *)phMutex;
if (mutex == NULL) {
return;
}
pthread_mutex_destroy(mutex);
kt_free(mutex);
}
static WsecVoid KeCallbackThreadLock(WsecHandle phMutex)
{
pthread_mutex_t *mutex = (pthread_mutex_t *)phMutex;
if (mutex == NULL) {
return;
}
pthread_mutex_lock(mutex);
}
static WsecVoid KeCallbackThreadUnlock(WsecHandle phMutex)
{
pthread_mutex_t *mutex = (pthread_mutex_t *)phMutex;
if (mutex == NULL) {
return;
}
pthread_mutex_unlock(mutex);
}
static WsecHandle KeCallbackFopen(const char *filePathName, const KmcFileOpenMode mode)
{
int flag = 0;
int *ret = NULL;
if (mode == KMC_FILE_READ_BINARY) {
flag = O_RDONLY;
} else if (mode == KMC_FILE_WRITE_BINARY) {
flag = O_CREAT | O_WRONLY;
} else if (mode == KMC_FILE_READWRITE_BINARY) {
flag = O_CREAT | O_RDWR;
} else {
return NULL;
}
int retFd = open(filePathName, flag, S_IRUSR | S_IWUSR);
if (-1 != retFd) {
ret = (int *)malloc(sizeof(int));
if (ret == NULL) {
insert_format_log(L_MALLOC_MEMORY, KT_ERROR, "");
close(retFd);
return NULL;
}
*ret = retFd;
}
return ret;
}
int KeCallbackFclose(WsecHandle stream)
{
int fd = *(int *)stream;
int ret = close(fd);
kt_free(stream);
return ret;
}
/* only need to do sigle read process. the KMC callee has done the multiple read process */
static WsecBool KeCallbackFread(WsecVoid *buffer, size_t count, WsecHandle stream)
{
int fd = *(int *)stream;
size_t ret = -1;
while (true) {
ret = read(fd, buffer, count);
if ((int)ret == -1 && errno == EINTR) {
continue;
}
break;
}
if ((int)ret == -1) {
return WSEC_FALSE;
}
return (count == ret) ? WSEC_TRUE : WSEC_FALSE;
}
/*
* remove fsync, just kmc will flush data or close file after WSEC_FWRITE
*/
static WsecBool KeCallbackFwrite(const WsecVoid *buffer, size_t count, WsecHandle stream)
{
int fd = *(int *)stream;
size_t ret = -1;
while (true) {
ret = write(fd, buffer, count);
if ((int)ret == -1 && errno == EINTR) {
continue;
}
break;
}
if ((int)ret == -1) {
return WSEC_FALSE;
}
return (count == ret) ? WSEC_TRUE : WSEC_FALSE;
}
/* Return 0 if success, return -1 if failed */
static int KeCallbackFflush(WsecHandle stream)
{
return fsync(*(int *)stream);
}
/* Return 0 if success, return -1 if failed */
static int KeCallbackFremove(const char *path)
{
return remove(path);
}
static long KeCallbackFtell(WsecVoid *stream)
{
return lseek(*(int *)stream, 0, SEEK_CUR);
}
/* return offset position if success(relative to file beginning), return -1 if failed */
static long KeCallbackFseek(WsecVoid *stream, long offset, KmcFileSeekPos origin)
{
int realOri = 0;
int fd = *(int *)stream;
long ret;
if (origin == KMC_FILE_SEEK_CUR) {
realOri = SEEK_CUR;
} else if (origin == KMC_FILE_SEEK_SET) {
realOri = SEEK_SET;
} else if (origin == KMC_FILE_SEEK_END) {
realOri = SEEK_END;
} else {
return -1;
}
ret = lseek(fd, offset, realOri);
return ret;
}
static int KeCallbackFeof(WsecVoid *stream, WsecBool *endOfFile)
{
int fd = *(int *)stream;
long len;
long curPos;
if (endOfFile == NULL) {
return -1;
}
curPos = lseek(fd, 0, SEEK_CUR);
if (curPos == -1) {
return -1;
}
len = lseek(fd, 0, SEEK_END);
if (len == -1) {
return -1;
}
if (lseek(fd, curPos, SEEK_SET) != curPos) {
return -1;
}
if (len != curPos) {
*endOfFile = WSEC_FALSE;
} else {
*endOfFile = WSEC_TRUE;
}
return 0;
}
static int KeCallbackFerrno(WsecVoid *stream)
{
return errno;
}
static int KeCallbackFexist(const char *filePathName)
{
return (access(filePathName, F_OK) == 0) ? WSEC_TRUE : WSEC_FALSE;
}
static WsecBool KeCallbackUtcTime(const time_t *curTime, struct tm *curTm)
{
return (gmtime_r(curTime, curTm) == NULL) ? WSEC_FALSE : WSEC_TRUE;
}
static unsigned long GetRandomNumbers(unsigned char *buff, size_t len)
{
unsigned long ret = 0xF;
FILE *fet = NULL;
fet = fopen(RND_DEVICE, "rb");
if (fet != NULL) {
if (len == fread(buff, 1, len, fet)) {
ret = 0;
}
fclose(fet);
fet = NULL;
} else {
insert_format_log(L_OPEN_FILE, KT_ERROR, "please make sure the device '%s' is avalilable", RND_DEVICE);
}
return ret;
}
static WsecBool KeCallbackGetEntropy(unsigned char **ppEnt, size_t buffLen)
{
errno_t rc = 0;
if (buffLen <= 0 || buffLen > ENTROPY_BUFF_SIZE) {
return WSEC_FALSE;
}
*ppEnt = (unsigned char *)malloc(buffLen);
if (*ppEnt == NULL) {
return WSEC_FALSE;
}
if (GetRandomNumbers(*ppEnt, buffLen) != 0) {
rc = memset_s(*ppEnt, buffLen, 0, buffLen);
securec_check_c(rc, "", "");
kt_free(*ppEnt);
return WSEC_FALSE;
}
return WSEC_TRUE;
}
static WsecVoid KeCallbackCleanupEntropy(unsigned char *pEnt, size_t buffLen)
{
errno_t rc = 0;
rc = memset_s(pEnt, buffLen, 0, buffLen);
securec_check_c(rc, "", "");
kt_free(pEnt);
}
static WsecVoid KeCallbackDoEvents(void) {}
static WsecVoid KeCallbackNotify(WsecUint32 eNtfCode, const WsecVoid *pData, size_t nDataSize)
{
(void)eNtfCode;
(void)pData;
(void)nDataSize;
}
static WsecVoid KeCallbackWriteLog(int nLevel, const char *module, const char *function, int line, const char *logCtx)
{
(void)nLevel;
(void)module;
(void)function;
(void)line;
(void)logCtx;
}
unsigned long RegFunCallback()
{
WsecCallbacks stMandatoryFun = { { 0 }, { 0 }, { 0 }, { 0 }, { 0 }, { 0 }, { 0 }, { 0 } };
/* register application dependended callback functions */
stMandatoryFun.basicRelyCallbacks.writeLog = KeCallbackWriteLog;
stMandatoryFun.basicRelyCallbacks.notify = KeCallbackNotify;
stMandatoryFun.basicRelyCallbacks.doEvents = KeCallbackDoEvents;
/* Register Process Locker operation + Critical Section callback functions */
stMandatoryFun.procLockCallbacks.createProcLock = KeCallbackCreateProcLock;
stMandatoryFun.procLockCallbacks.destroyProcLock = KeCallbackDestroyProcLock;
stMandatoryFun.procLockCallbacks.procLock = KeCallbackProcLock;
stMandatoryFun.procLockCallbacks.procUnlock = KeCallbackProcUnlock;
/* Register Thread Locker + Critical Section callback functions */
stMandatoryFun.lockCallbacks.createLock = KeCallbackCreateThreadLock;
stMandatoryFun.lockCallbacks.destroyLock = KeCallbackDestroyThreadLock;
stMandatoryFun.lockCallbacks.lock = KeCallbackThreadLock;
stMandatoryFun.lockCallbacks.unlock = KeCallbackThreadUnlock;
/* Register File Operated related callback functions */
stMandatoryFun.fileCallbacks.fileOpen = KeCallbackFopen;
stMandatoryFun.fileCallbacks.fileClose = KeCallbackFclose;
stMandatoryFun.fileCallbacks.fileRead = KeCallbackFread;
stMandatoryFun.fileCallbacks.fileWrite = KeCallbackFwrite;
stMandatoryFun.fileCallbacks.fileRemove = KeCallbackFremove;
stMandatoryFun.fileCallbacks.fileSeek = KeCallbackFseek;
stMandatoryFun.fileCallbacks.fileTell = KeCallbackFtell;
stMandatoryFun.fileCallbacks.fileFlush = KeCallbackFflush;
stMandatoryFun.fileCallbacks.fileEof = KeCallbackFeof;
stMandatoryFun.fileCallbacks.fileErrno = KeCallbackFerrno;
stMandatoryFun.fileCallbacks.fileExist = KeCallbackFexist;
/* Register Random Number callback functions */
stMandatoryFun.rngCallbacks.getRandomNum = NULL;
stMandatoryFun.rngCallbacks.getEntropy = KeCallbackGetEntropy;
stMandatoryFun.rngCallbacks.cleanupEntropy = KeCallbackCleanupEntropy;
/* Register Time Related callback functions */
stMandatoryFun.timeCallbacks.gmTimeSafe = KeCallbackUtcTime;
unsigned long wsecRet = WsecRegFuncEx(&stMandatoryFun);
return wsecRet;
}

58
src/bin/gs_ktool/kt_kmc_callback.h
View File

@ -1,58 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_kmc_callback.cpp
* Register callback functions of KMC :
* There are 8 types of callback functions, each type has several functions
* Wsec[Type]Callbacks : Callback[Func]
* type | func | set
* ----------+------------------------------------------------------------------+--------
* mem | memAlloc, memFree, memCmp | default
* file | fileOpen, fileClose, fileRead, fileWrite, fileFlush, |
* | fileRemove, fileTell, fileSeek, fileEof, fileErrno | 11
* lock | createLock, destroyLock, lock, unlock | 4
* procLock | createProcLock, destroyProcLock, procLock, procUnlock | 4
* basicRely | writeLog, notify, doEvents | 3
* rng | getRandomNum, getEntropty, cleanupEntopy | 3
* time | gmTimeSate | 1
* hardWare | hwGetEncExtraData...(all 12) |
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_kmc_callback.cpp
*
* -------------------------------------------------------------------------
*/
#ifndef GS_KT_CALLBACK_H
#define GS_KT_CALLBACK_H
#ifdef __cplusplus
extern "C" {
#endif
#include "wsecv2_errorcode.h"
#include "wsecv2_type.h"
#include "kmcv2_itf.h"
#include "wsecv2_itf.h"
#include "securec.h"
#include "securec_check.h"
extern unsigned long RegFunCallback();
#ifdef __cplusplus
}
#endif
#endif

361
src/bin/gs_ktool/kt_log_manage.cpp
View File

@ -1,361 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_log_manage.h
* Log manage module :
* 1. reading and writing log file;
* 2. providing log management interface.
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_log_manage.h
*
* -------------------------------------------------------------------------
*/
#include "kt_log_manage.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include "kt_common.h"
bool g_has_init_log_module = false;
static const char log_manage_conf[][MAX_CONF_KEY_LEN] = {"is_logmodule_open", "log_file"};
/* the log format recorded in log file : date time operation result [object] [level] information */
static const KtLog g_log_type[] = {
/* log type operation object level */
{L_CREATE_FILE, "create file", "system", "high"},
{L_INIT_KMC, "initlize kmc", "system", "high"},
{L_OPEN_FILE, "open file", "system", "high"},
{L_GEN_CMK, "generate cmk", "cmk", "high"},
{L_DEL_CMK, "delete cmk", "cmk", "high"},
{L_SELECT_CMK, "select cmk", "cmk", "high"},
{L_EXPORT_CMK, "export cmk", "cmk", "high"},
{L_IMPORT_CMK, "import cmk", "cmk", "high"},
{L_SELECT_CMK_LEN, "select cmk len", "cmk", "high"},
{L_SELECT_CMK_PLAIN, "select cmk plain", "cmk", "high"},
{L_SELECT_RK, "select rk", "rk", "high"},
{L_UPDATE_RK, "update rk", "rk", "high"},
{L_SET_RK_VALIDITY, "set rk validity", "rk", "high"},
{L_CHECK_RK_VALIDITY, "check rk validity", "rk", "high"},
{L_PARSE_USER_INPUT, "parse user input", "user input", "low"},
{L_CHECK_USER_INPUT, "check user input", "user input", "low"},
{L_READ_CONF, "read configuration", "configuration", "low"},
{L_SET_CONF, "set configuration", "configuration", "low"},
{L_REG_CALLBACK_FUNC, "register callback function", "system", "middle"},
{L_MALLOC_MEMORY, "malloc memory", "system", "middle"},
{L_GET_TIME, "get system time", "system", "middle"},
{L_GET_ENV_VALUE, "get environment value", "system", "middle"},
{L_CHECK_ENV_VALUE, "check environment value", "system", "middle"},
{L_OPEN_SEM, "open posix semaphore", "system", "middle"},
{L_INIT_SEM, "init posix semaphore", "system", "middle"},
{L_POST_SEM, "post posix semaphore", "system", "middle"},
{L_WAIT_SEM, "wait posix semaphore", "system", "middle"},
};
/*
* initialize log module.
* including read configure file, check or create log file.
*/
static bool set_global_env_value();
static bool load_conf_file(void);
static bool load_log_manage_conf();
static bool set_global_log_conf(LogManageConf log_conf, const char *conf_key, const char *conf_value);
static bool has_exist_logfile();
static bool create_logfile();
static void get_log_by_logtype(const KtLogType log_type, KtLog *log);
static char* log_class_enum_to_str(LogClass log_class);
static bool set_global_env_value()
{
char *gs_kt_file_path = NULL;
errno_t rc = 0;
/*
* this env path is not used alone, but used like : GS_KTOOL_FILE_PATH/filename
* so it is no need to check the path here, as well as the GAUSSHOME
*/
gs_kt_file_path = gs_getenv_r("GS_KTOOL_FILE_PATH");
if (gs_kt_file_path == NULL || realpath(gs_kt_file_path, g_env_value) == NULL) {
/* try to get GAUSSHOME */
gs_kt_file_path = gs_getenv_r("GAUSSHOME");
/* fail to get GAUSSHOME and GS_KTOOL_FILE_PATH */
if (gs_kt_file_path == NULL || realpath(gs_kt_file_path, g_env_value) == NULL) {
printf("ERROR: failed to get environment value : %s.\n", "GS_KTOOL_FILE_PATH");
return false;
}
/* fail to get GS_KTOOL_FILE_PATH but get GAUSSHOME */
rc = sprintf_s(g_env_value, MAX_REAL_PATH_LEN, "%s/%s", gs_kt_file_path, "/etc/gs_ktool_file");
securec_check_ss_c(rc, "", "");
}
if (!check_kt_env_value(gs_kt_file_path)) {
printf("ERROR: failed to check environment value, '$GS_KTOOL_FILE_PATH' contains dangerous character.\n");
return false;
}
return true;
}
static bool load_conf_file(void)
{
FILE *fp = NULL;
errno_t rc = 0;
if (g_env_value == NULL || g_conf_file == NULL) {
return false;
}
rc = sprintf_s(g_conf_file, MAX_REAL_PATH_LEN, "%s/%s", g_env_value, CONF_FILE_NAME);
securec_check_ss_c(rc, "", "");
if (!check_kt_env_value(g_conf_file)) {
printf("ERROR: environment value '%s' contains dangerous character.\n", g_conf_file);
return false;
}
fp = fopen(g_conf_file, "rb");
if (fp == NULL) {
insert_format_log(L_OPEN_FILE, KT_ERROR,
"please make sure the configuration file '$GS_KTOOL_FILE_PATH/gs_ktool_conf.ini' exists");
return false;
}
fclose(fp);
return true;
}
static bool load_log_manage_conf()
{
const char required_conf[][MAX_CONF_KEY_LEN] = {"is_logmodule_open", "log_file"};
size_t required_conf_cnt = sizeof(required_conf) / sizeof(required_conf[0]);
char key_list[MAX_CONF_ITEM_QUANTITY][MAX_CONF_KEY_LEN] = {0};
char value_list[MAX_CONF_ITEM_QUANTITY][MAX_CONF_VALUE_LEN] = {0};
size_t lost_conf_pos = 0;
size_t conf_item_cnt = 0;
bool is_set_log_conf = true;
if (!read_conf_segment(g_conf_file, "LogManage", key_list, value_list, &conf_item_cnt)) {
insert_format_log(L_READ_CONF, KT_ERROR, "cannot find configuration segment : %s", "LogManage");
return false;
}
if (!compare_list_element(required_conf, required_conf_cnt, key_list, conf_item_cnt, &lost_conf_pos)) {
insert_format_log(L_READ_CONF, KT_ERROR, "lost configuration item : %s", required_conf[lost_conf_pos]);
return false;
}
/* check confs (because the amount of data is small, use the algorithm whose time complexity is O(n^2)) */
for (size_t i = 0; i < conf_item_cnt; i++) {
for (size_t j = 0; j < sizeof(log_manage_conf) / sizeof(log_manage_conf[0]); j++) {
if (strcmp(key_list[i], log_manage_conf[j]) == 0) {
switch (j) {
case IS_LOGMODULE_OPEN:
is_set_log_conf = set_global_log_conf(IS_LOGMODULE_OPEN, key_list[j], value_list[j]);
break;
case LOG_FILE:
is_set_log_conf = set_global_file(g_conf.log_file, G_LOG_FILE, value_list[j]);
break;
/* remain to add new log configuration */
default:
break;
}
if (!is_set_log_conf) {
return false;
}
}
}
}
return true;
}
static bool set_global_log_conf(LogManageConf log_conf, const char *conf_key, const char *conf_value)
{
switch (log_conf) {
case IS_LOGMODULE_OPEN:
if (strcmp(conf_value, "ON") == 0) {
g_conf.is_logmodule_open = ON;
} else if (strcmp(conf_value, "OFF") == 0) {
g_conf.is_logmodule_open = OFF;
} else {
insert_format_log(L_SET_CONF, KT_ERROR, "the log configuration %s should be in one of {ON, OFF}",
conf_value);
return false;
}
break;
/* remain to add new log configuration : such as LOG_VALIDITY, LOG_QUANTITY and etc. */
default:
break;
}
return true;
}
static bool has_exist_logfile()
{
FILE *lfp = fopen(g_conf.log_file, "r");
if (lfp == NULL) {
return false;
}
fclose(lfp);
return true;
}
static bool create_logfile()
{
int logfile_handle = 0;
char log_file_header[MAX_LOG_RESULT_LEN] = { 0 };
errno_t rc = 0;
logfile_handle = open(g_conf.log_file, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
if (logfile_handle == -1) {
printf("ERROR: failed to create log file '%s'.\n", g_conf.log_file);
return false;
}
/* create header */
rc = sprintf_s(log_file_header, MAX_LOG_RESULT_LEN, "%-12s %-12s %-30s %-10s %-14s %-8s %s\n", "create_date",
"create_time", "operation", "result", "object", "level", "information");
securec_check_ss_c(rc, "", "");
write(logfile_handle, log_file_header, strlen(log_file_header));
close(logfile_handle);
g_has_init_log_module = true;
printf("NOTICE: created new log file : %s.\n", g_conf.log_file);
insert_format_log(L_CREATE_FILE, KT_NOTICE, "new log file : %s", g_conf.log_file);
return true;
}
bool initialize_logmodule()
{
if (!set_global_env_value()) {
return false;
};
if (!load_conf_file()) {
return false;
}
if (!load_log_manage_conf()) {
return false;
}
if (g_conf.is_logmodule_open != ON) {
return false;
}
if (!has_exist_logfile()) {
if (!create_logfile()) {
return false;
}
}
g_has_init_log_module = true;
return true;
}
static void get_log_by_logtype(const KtLogType log_type, KtLog *log)
{
for (size_t i = 0; i < sizeof(g_log_type) / sizeof(g_log_type[0]); i++) {
if (g_log_type[i].log_type == log_type) {
*log = g_log_type[i];
}
}
}
static char* log_class_enum_to_str(LogClass log_class)
{
char *log_class_str = NULL;
const char all_log_class[][MAX_LOG_CLASS_STR_LEN] = {"error", "succeeded", "alarm", "warning", "notice", "hint"};
error_t rc = 0;
log_class_str = (char *) malloc(MAX_LOG_CLASS_STR_LEN);
if (log_class_str == NULL) {
printf("ERROR: failed to malloc memory.\n");
exit(1);
}
rc = strcpy_s(log_class_str, MAX_LOG_CLASS_STR_LEN, all_log_class[log_class]);
securec_check_c(rc, "", "");
return log_class_str;
}
void insert_raw_log(const KtLogType log_type, const LogClass log_class, const char op_info[MAX_OP_RESULT_LEN])
{
KtLog kt_log = {0};
Time sys_time = {0};
errno_t rc = 0;
char create_date[strlen("0000-00-00/")] = {0};
char create_time[strlen("00:00:00/")] = {0};
char *result = NULL;
FILE *lfp = NULL;
char log_buf[MAX_LOG_RESULT_LEN] = {0};
get_log_by_logtype(log_type, &kt_log);
if (log_class == KT_ERROR && g_is_print_err) {
if (strlen(op_info) > 0) {
printf("ERROR: failed to %s, %s.\n", kt_log.operation, op_info);
} else {
printf("ERROR: failed to %s.\n", kt_log.operation);
}
}
if (!g_has_init_log_module || g_conf.is_logmodule_open == OFF) {
return;
}
if (!get_sys_time(&sys_time)) {
printf("ERROR: failed to get system time.\n");
return;
}
date_ttos(sys_time, create_date, sizeof(create_date));
time_ttos(sys_time, create_time, sizeof(create_time));
result = log_class_enum_to_str(log_class);
rc = sprintf_s(log_buf, MAX_LOG_RESULT_LEN, "%-12s %-12s %-30s %-10s %-14s %-8s %s\n", create_date,
create_time, kt_log.operation, result, kt_log.object, kt_log.level, op_info);
securec_check_ss_c(rc, "", "");
kt_free(result);
lfp = fopen(g_conf.log_file, "a");
if (lfp == NULL) {
printf("ERROR: failed to open log file '%s'.\n", g_conf.log_file);
return;
}
fwrite(log_buf, strlen(log_buf), sizeof(char), lfp);
fclose(lfp);
}

108
src/bin/gs_ktool/kt_log_manage.h
View File

@ -1,108 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
* -------------------------------------------------------------------------
*
* kt_log_manage.h
* Log manage module :
* 1. reading and writing log file;
* 2. providing log management interface.
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_log_manage.h
*
* -------------------------------------------------------------------------
*/
#ifndef GS_KT_LOG_MANAGE_H
#define GS_KT_LOG_MANAGE_H
#include "kt_common.h"
const int MAX_OP_LEN = 256;
const int MAX_OP_RESULT_LEN = 4096;
const int MAX_LOG_TYPE_STR_LEN = 15;
const int MAX_OBJECT_LEN = 15;
const int MAX_LOG_CLASS_STR_LEN = 15;
enum LogClass {
KT_ERROR = 0,
KT_SUCCEED,
KT_ALARM,
KT_WARNING,
KT_NOTICE,
KT_HINT,
};
enum KtLogType {
L_CREATE_FILE = 0,
L_INIT_KMC,
/* cmk manage */
L_GEN_CMK,
L_DEL_CMK,
L_SELECT_CMK,
L_EXPORT_CMK,
L_IMPORT_CMK,
L_SELECT_CMK_LEN,
L_SELECT_CMK_PLAIN,
/* rk manage */
L_SELECT_RK,
L_UPDATE_RK,
L_SET_RK_VALIDITY,
L_CHECK_RK_VALIDITY,
/* invalid cmd input */
L_PARSE_USER_INPUT,
L_CHECK_USER_INPUT,
/* invalid conf file input */
L_READ_CONF,
L_SET_CONF,
/* sys call */
L_REG_CALLBACK_FUNC,
L_MALLOC_MEMORY,
L_GET_TIME,
L_OPEN_FILE,
L_GET_ENV_VALUE,
L_CHECK_ENV_VALUE,
L_OPEN_SEM,
L_INIT_SEM,
L_POST_SEM,
L_WAIT_SEM,
};
typedef struct KtLog {
int log_type;
char operation[MAX_OP_LEN];
char object[MAX_OBJECT_LEN];
char level[MAX_LOG_CLASS_STR_LEN];
} KtLog;
extern bool g_has_init_log_module;
#define insert_format_log(log_type, log_class, format_info, ...) \
{ \
errno_t def_rc = 0; \
char res[MAX_LOG_RESULT_LEN] = {0}; \
def_rc = sprintf_s(res, MAX_LOG_RESULT_LEN, format_info, ##__VA_ARGS__); \
securec_check_ss_c(def_rc, "", ""); \
insert_raw_log(log_type, log_class, res); \
}
extern bool initialize_logmodule();
extern void insert_raw_log(const KtLogType log_type, const LogClass log_class, const char op_info[MAX_OP_RESULT_LEN]);
#endif

820
src/bin/gs_ktool/kt_main.cpp
View File

@ -1,820 +0,0 @@
/*
* Copyright (c) 2020 Huawei Technologies Co.,Ltd.
*
* openGauss is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*-------------------------------------------------------------------------
*
* kt_main.cpp
* Entry of gs_ktool :
* 1. parsing and checking commands read from the command line;
* 2. invoking executor to process commands.
*
* IDENTIFICATION
* src/bin/gs_ktool/kt_main.cpp
*
* -------------------------------------------------------------------------
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <getopt.h>
#include "kt_key_manage.h"
#include "kt_log_manage.h"
#include "kt_kmc_callback.h"
const char *KT_VERSION = "gs_ktool V1.0.0 || KMC V3.0.0.SPC005";
const int EXIT = 0;
const int NOT_EXIT = 1;
const int UNUSED = 0;
const int MIN_KSF_PASS_CHAR_TYPE = 3;
const char *g_cmk_manage_arg[] = {"-g", "-l", "-d", "-s", "-i", "-e", "-f", "-p"};
const char g_invalid_cmk_manage_arg[] = {0, 0, 0, 0, 0, 0, 0, 0};
const int CMK_ARG_CNT = 8;
typedef struct ArgValue {
bool has_set_all;
unsigned int cmk_id;
unsigned int cmk_len;
char ksf[MAX_REAL_PATH_LEN];
char ksf_passwd[MAX_KSF_PASS_BUF_LEN];
} ArgValue;
typedef void (*ManageCmkHookFunc)(ArgValue *arg_value);
typedef struct CmkManageFunc {
char arg_patten[CMK_ARG_CNT];
ManageCmkHookFunc manage_cmk_func;
struct CmkManageFunc *next;
} CmkManageFunc;
typedef struct CmkManageFuncList {
size_t node_cnt;
CmkManageFunc *first_node;
} CmkManageFuncList;
enum ArgType {
ARG_G = 0,
ARG_L,
ARG_D,
ARG_S,
ARG_I,
ARG_E,
ARG_F,
ARG_P,
};
enum InputType {
I_KEY_ID = 0,
I_KEY_LEN,
I_KSF,
};
enum AdviseType {
HELP = 0,
INPUT_PASSWD,
};
enum PasswdCharType {
NUM = 0,
UPPER,
LOWER,
SYMBOL,
};
enum PasswdErrType {
LEGAL = 0,
INVALID_LEN,
INVALID_CHAR,
FEW_TYPES,
};
/* read command from terminal */
int main(int argc, char *argv[]);
static void print_kt_version(void);
static void print_advise(AdviseType advise_type);
static void print_help_info(void);
/* parse command */
static void parse_cmd(int argc, char *argv[], char *arg_patten, ArgValue *arg_value);
static void parse_rk_manage_cmd(int argc, char *argv[]);
/* check commnad */
static bool get_passwd(char *passwd, const size_t pwbuf_size);
static PasswdErrType check_passwd(char *ksf_passwd);
static void report_passwd_err(PasswdErrType passwd_err);
static void check_user_input(const InputType input_type, const char *user_input);
/* register commnad and process funcs */
static bool is_arg_patten_equal(const char base_list[CMK_ARG_CNT], const char new_list[CMK_ARG_CNT]);
static bool reg_cmk_manage_func(CmkManageFuncList *cmk_manage_func_list, CmkManageFunc *new_func_node);
static CmkManageFunc *create_cmk_manage_func(const char arg_patten[CMK_ARG_CNT], ManageCmkHookFunc manage_cmk_func);
static void destroy_cmk_manage_func_list(CmkManageFuncList *cmk_manage_func_list);
static void reg_all_cmk_manage_func(CmkManageFuncList *cmk_manage_func_list);
/* process command */
static void process_cmd(const char arg_patten[CMK_ARG_CNT], ArgValue *arg_value);
static void process_gen_cmk_cmd(ArgValue *arg_value);
static void process_del_cmk_cmd(ArgValue *arg_value);
static void process_select_cmk_cmd(ArgValue *arg_value);
static void process_import_cmk_cmd(ArgValue *arg_value);
static void process_export_cmk_cmd(ArgValue *arg_value);
/* entry to all commands */
int main(int argc, char *argv[])
{
/* cmk manage args: -g -l -d -s -i -e -f -p */
char arg_patten[] = {0, 0, 0, 0, 0, 0, 0, 0};
ArgValue arg_value = { 0 };
if (!initialize_logmodule()) {
exit(1);
}
if (argc <= 1) {
print_help_info();
exit(0);
} else if (argc > 6) {
insert_format_log(L_PARSE_USER_INPUT, KT_ERROR, "the number of parameters exceeds the upper limit");
exit(1);
}
/* start parsing single CLI commands */
if (strcmp(argv[1], "-?") == 0) {
print_help_info();
} else if (strcmp(argv[1], "-R") == 0) {
parse_rk_manage_cmd(argc, argv);
} else {
/* unrecognized commnads will also be processed in this func */
parse_cmd(argc, argv, arg_patten, &arg_value);
process_cmd((const char *)arg_patten, &arg_value);
}
return 0;
}
static void print_advise(AdviseType advise_type)
{
switch (advise_type) {
case HELP:
printf("HINT: try '-h' or '-?' for more infromation.\n");
break;
case INPUT_PASSWD:
printf("WARNING:it is safer to enter password interactively than use '-p'\n");
default:
break;
}
}
static void print_kt_version(void)
{
printf("%s\n", KT_VERSION);
}
static void print_help_info(void)
{
printf("Description: gs_ktool is a CMK(Client Master Key) & RK(Root Key) management tool.\n");
printf("\n");
printf("Usage:\n");
printf(" gs_ktool [OPTION] [[CMK_ID] \"all\" [FILE] [FILE_PASSWD] ...]\n");
printf("\n");
printf("General options:\n");
printf(" %-7s %-40s\n", "-v", "Select gs_ktool version.");
printf(" %-7s %-40s\n", "-h/-?", "Select help info.");
printf("\n");
printf("CMK management options:\n");
printf(" %-7s %-40s\n", "-g", "Generate a CMK, can use '-l' to set key length.");
printf(" %-7s %-40s\n", "-l", "Set the key length while generating CMK.");
printf(" %-7s %-40s\n", "-d", "Delete specified CMK or delete all.");
printf(" %-7s %-40s\n", "-s", "Select specified CMK info or select all.");
printf(" %-7s %-40s\n", "-e",
"Export all CMKs to ksf, can use '-f' to set export file, can use '-p' to set password.");
printf(" %-7s %-40s\n", "-i",
"Import all CMKs from ksf, should use '-f' to specify import file, can use '-p' to specify password.");
printf(" %-7s %-40s\n", "-f", "Set or specify key store file while exporting or importing all keys.");
printf(" %-7s %-40s\n", "-p",
"Set or specify the password of key store file while exporting or importing all keys.");
printf("\n");
printf("RK management options:\n");
printf(" %-7s %-40s\n", "-R -s", "Select RK info.");
printf(" %-7s %-40s\n", "-R -u", "Update RK.");
}
static void parse_cmd(int argc, char *argv[], char *arg_patten, ArgValue *arg_value)
{
errno_t rc = 0;
bool is_passwd_too_long = false;
/* extern global variables in "getopt.h" */
optind = 1;
/* optarg */
const char *optstring = "vhgl:d:s:ief:p:";
static struct option long_options[] = {0}; /* remain */
int cur_arg = 0;
int cur_pos = 0;
arg_value->has_set_all = false;
while (optind < argc) {
cur_pos++;
cur_arg = getopt_long(argc, argv, optstring, long_options, NULL);
if (cur_arg == -1) {
insert_format_log(L_PARSE_USER_INPUT, KT_HINT, "unknown option '%s'", argv[cur_pos]);
print_advise(HELP);
exit(1);
}
switch (cur_arg) {
case 'v':
printf("VERSION\n");
print_kt_version();
exit(0);
case 'h':
printf("HELP\n");
print_help_info();
exit(0);
case 'g':
arg_patten[ARG_G]++;
break;
case 'l':
check_user_input(I_KEY_LEN, optarg);
arg_value->cmk_len = atoi(optarg);
arg_patten[ARG_L]++;
break;
case 'd':
check_user_input(I_KEY_ID, optarg);
if (strcmp(optarg, "all") == 0) {
arg_value->has_set_all = true;
} else {
arg_value->cmk_id = atoi(optarg);
}
arg_patten[ARG_D]++;
break;
case 's':
check_user_input(I_KEY_ID, optarg);
if (strcmp(optarg, "all") == 0) {
arg_value->has_set_all = true;
} else {
arg_value->cmk_id = atoi(optarg);
}
arg_patten[ARG_S]++;
break;
case 'i':
arg_patten[ARG_I]++;
break;
case 'e':
arg_patten[ARG_E]++;
break;
case 'f':
check_user_input(I_KSF, optarg);
rc = strcpy_s(arg_value->ksf, sizeof(arg_value->ksf), optarg);
securec_check_c(rc, "", "");
arg_patten[ARG_F]++;
break;
case 'p':
print_advise(INPUT_PASSWD);
if (strlen(optarg) >= MAX_KSF_PASS_BUF_LEN) {
is_passwd_too_long = true;
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR, "the password is too long");
} else {
rc = strcpy_s(arg_value->ksf_passwd, sizeof(arg_value->ksf_passwd), optarg);
securec_check_c(rc, "", "");
arg_patten[ARG_P]++;
}
rc = memset_s(optarg, strlen(optarg), 0, strlen(optarg));
securec_check_c(rc, "", "");
if (is_passwd_too_long) {
exit(1);
}
break;
case '?':
insert_format_log(L_PARSE_USER_INPUT, KT_HINT, "unknown option '%s'", argv[cur_pos]);
print_advise(HELP);
exit(1);
default:
print_advise(HELP);
exit(1);
}
}
}
static void parse_rk_manage_cmd(int argc, char *argv[])
{
/* extern global variables in "getopt.h" */
optind = 1;
/* optarg */
int option_index;
const char *optstring = "Rsu";
static struct option long_options[] = {0};
int cur_arg = 0;
int cur_pos = 0;
unsigned char is_exit = NOT_EXIT;
RkInfo rk_info = { 0 };
if (argc != 3) {
insert_format_log(L_PARSE_USER_INPUT, KT_ERROR, "unrecognized root key management option combination");
print_advise(HELP);
exit(1);
}
if (!init_keytool()) {
exit(1);
}
while (is_exit == NOT_EXIT) {
is_exit = EXIT;
cur_arg = getopt_long(argc, argv, optstring, long_options, &option_index);
cur_pos++;
if (cur_arg == -1) {
insert_format_log(L_PARSE_USER_INPUT, KT_ERROR, "unknown root key management option '%s'", argv[cur_pos]);
print_advise(HELP);
break;
}
switch (cur_arg) {
case 'R':
is_exit = NOT_EXIT;
break;
case 's':
if (select_rk_info(&rk_info)) {
insert_format_log(L_SELECT_RK, KT_SUCCEED, "");
print_rk_info(&rk_info);
} else {
insert_format_log(L_SELECT_RK, KT_ERROR, "");
}
break;
case 'u':
if (cycle_rk()) {
printf("UPDATE ROOTKEY\n");
insert_format_log(L_UPDATE_RK, KT_SUCCEED, "");
} else {
insert_format_log(L_UPDATE_RK, KT_ERROR, "");
}
break;
default:
print_advise(HELP);
break;
}
}
WsecFinalizeEx();
}
static bool get_passwd(char *passwd, const size_t pwbuf_size)
{
char *tmp_buf = NULL;
error_t rc = 0;
if (strlen(passwd) > 0) {
return true;
}
tmp_buf = getpass("please input the password of key store file :");
if (tmp_buf == NULL) {
insert_format_log(L_PARSE_USER_INPUT, KT_ERROR, "cannot get password");
return false;
}
rc = strcpy_s(passwd, pwbuf_size, tmp_buf);
securec_check_c(rc, "", "");
rc = memset_s(tmp_buf, strlen(tmp_buf), 0, strlen(tmp_buf));
securec_check_c(rc, "", "");
kt_free(tmp_buf);
return true;
}
static PasswdErrType check_passwd(char *ksf_passwd)
{
char chara_type_cnt = 0;
bool has_chara_type[4] = {false, false, false, false}; /* [num, upper letter, lower letter, symbol] */
const char legal_symbol[] = " !#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
bool is_legal_symbol = false;
error_t rc = 0;
if (strlen(ksf_passwd) < MIN_KSF_PASS_LEN || strlen(ksf_passwd) >= MAX_KSF_PASS_BUF_LEN) {
rc = memset_s(ksf_passwd, strlen(ksf_passwd), 0, strlen(ksf_passwd));
securec_check_c(rc, "", "");
return INVALID_LEN;
}
for (size_t i = 0; i < strlen(ksf_passwd); i++) {
if (ksf_passwd[i] >= '0' && ksf_passwd[i] <= '9') {
has_chara_type[NUM] = true;
} else if (ksf_passwd[i] >= 'A' && ksf_passwd[i] <= 'Z') {
has_chara_type[UPPER] = true;
} else if (ksf_passwd[i] >= 'a' && ksf_passwd[i] <= 'z') {
has_chara_type[LOWER] = true;
} else {
for (size_t j = 0; j < sizeof(legal_symbol) / sizeof(legal_symbol[0]); j++) {
if (ksf_passwd[i] == legal_symbol[j]) {
is_legal_symbol = true;
has_chara_type[SYMBOL] = true;
break;
}
}
if (is_legal_symbol == false) {
rc = memset_s(ksf_passwd, strlen(ksf_passwd), 0, strlen(ksf_passwd));
securec_check_c(rc, "", "");
return INVALID_CHAR;
}
is_legal_symbol = false;
}
}
for (size_t i = 0; i < sizeof(has_chara_type) / sizeof(has_chara_type[0]); i++) {
chara_type_cnt += has_chara_type[i];
}
if (chara_type_cnt < MIN_KSF_PASS_CHAR_TYPE) {
rc = memset_s(ksf_passwd, strlen(ksf_passwd), 0, strlen(ksf_passwd));
securec_check_c(rc, "", "");
return FEW_TYPES;
}
return LEGAL;
}
static void report_passwd_err(PasswdErrType passwd_err)
{
switch (passwd_err) {
case INVALID_LEN:
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR, "the password length should be in range [%d, %d)",
MIN_KSF_PASS_LEN, MAX_KSF_PASS_BUF_LEN);
break;
case INVALID_CHAR:
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR, "the password contains invalid character");
break;
case FEW_TYPES:
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR, "the password should contain 3 types of characters");
break;
default:
break;
}
}
static void check_user_input(const InputType input_type, const char *user_input)
{
char real_path_file[MAX_REAL_PATH_LEN] = { 0 };
unsigned int input_num = 0;
switch (input_type) {
case I_KEY_ID:
if (strcmp(optarg, "all") == 0 || strcmp(optarg, "all\n") == 0) {
break;
} else {
if (!atoi_strictly(user_input, &input_num)) {
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR,
"this input '%s' is expected to be an positive integer", user_input);
exit(1);
}
if (input_num < 1 || input_num > MAX_CMK_QUANTITY) {
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR, "the key id '%s' should be in range [1, %d]",
user_input, MAX_CMK_QUANTITY);
exit(1);
}
}
break;
case I_KEY_LEN:
if (!atoi_strictly(user_input, &input_num)) {
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR,
"this input '%s' is expected to be an positive integer", user_input);
exit(1);
}
if (input_num < MIN_CMK_LEN || input_num > MAX_CMK_LEN) {
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR, "the key len '%s' should be in range [%d, %d]",
user_input, MIN_CMK_LEN, MAX_CMK_LEN);
exit(1);
}
break;
case I_KSF:
if (strlen(user_input) >= MAX_REAL_PATH_LEN) {
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR, "the length of key store file name is too long");
exit(1);
}
realpath(user_input, real_path_file);
if (!check_kt_env_value(real_path_file)) {
insert_format_log(L_CHECK_USER_INPUT, KT_ERROR, "the path '%s' is invalid", real_path_file);
exit(1);
}
break;
default:
break;
}
}
static bool is_arg_patten_equal(const char base_list[CMK_ARG_CNT], const char new_list[CMK_ARG_CNT])
{
for (int i = 0; i < CMK_ARG_CNT; i++) {
if (base_list[i] != new_list[i]) {
if (new_list[i] > 1) {
insert_format_log(L_PARSE_USER_INPUT, KT_ERROR, "too many options : '%s'", g_cmk_manage_arg[i]);
exit(1);
}
return false;
}
}
return true;
}
static bool reg_cmk_manage_func(CmkManageFuncList *cmk_manage_func_list, CmkManageFunc *new_func_node)
{
CmkManageFunc *last_node = NULL;
if (cmk_manage_func_list == NULL || new_func_node == NULL) {
return false;
}
if (cmk_manage_func_list->first_node == NULL) {
cmk_manage_func_list->first_node = new_func_node;
cmk_manage_func_list->node_cnt++;
return true;
}
last_node = cmk_manage_func_list->first_node;
while (last_node->next != NULL) {
last_node = last_node->next;
}
last_node->next = new_func_node;
cmk_manage_func_list->node_cnt++;
return true;
}
static CmkManageFunc *create_cmk_manage_func(const char arg_patten[CMK_ARG_CNT], ManageCmkHookFunc manage_cmk_func)
{
errno_t rc = 0;
CmkManageFunc *cmk_manage_func = NULL;
cmk_manage_func = (CmkManageFunc *)malloc(sizeof(CmkManageFunc));
if (cmk_manage_func == NULL) {
insert_format_log(L_MALLOC_MEMORY, KT_ERROR, "");
return NULL;
}
rc = memcpy_s(cmk_manage_func->arg_patten, CMK_ARG_CNT, arg_patten, CMK_ARG_CNT);
securec_check_c(rc, "", "");
cmk_manage_func->manage_cmk_func = manage_cmk_func;
cmk_manage_func->next = NULL;
return cmk_manage_func;
}
static void destroy_cmk_manage_func_list(CmkManageFuncList *cmk_manage_func_list)
{
CmkManageFunc *cur_node = NULL;
CmkManageFunc *to_free = NULL;
cur_node = cmk_manage_func_list->first_node;
while (cur_node != NULL) {
to_free = cur_node;
cur_node = cur_node->next;
kt_free(to_free);
}
}
static void reg_all_cmk_manage_func(CmkManageFuncList *cmk_manage_func_list)
{
const char support_patten[][CMK_ARG_CNT] = {
/* g l d s i e f p */
{1, 0, 0, 0, 0, 0, 0, 0},
{1, 1, 0, 0, 0, 0, 0, 0},
{0, 0, 1, 0, 0, 0, 0, 0},
{0, 0, 0, 1, 0, 0, 0, 0},
{0, 0, 0, 0, 1, 0, 1, 1},
{0, 0, 0, 0, 1, 0, 1, 0},
{0, 0, 0, 0, 0, 1, 0, 0},
{0, 0, 0, 0, 0, 1, 0, 1},
{0, 0, 0, 0, 0, 1, 1, 1},
{0, 0, 0, 0, 0, 1, 1, 0},
};
const ManageCmkHookFunc manage_cmk_func[] = {
process_gen_cmk_cmd,
process_gen_cmk_cmd,
process_del_cmk_cmd,
process_select_cmk_cmd,
process_import_cmk_cmd,
process_import_cmk_cmd,
process_export_cmk_cmd,
process_export_cmk_cmd,
process_export_cmk_cmd,
process_export_cmk_cmd,
};
CmkManageFunc *new_func_node = NULL;
for (size_t i = 0; i < sizeof(support_patten) / sizeof(support_patten[0]); i++) {
new_func_node = create_cmk_manage_func(support_patten[i], manage_cmk_func[i]);
if (!reg_cmk_manage_func(cmk_manage_func_list, new_func_node)) {
kt_free(new_func_node);
destroy_cmk_manage_func_list(cmk_manage_func_list);
exit(1);
}
}
}
static void process_cmd(const char arg_patten[CMK_ARG_CNT], ArgValue *arg_value)
{
CmkManageFuncList cmk_manage_func_list = {0, NULL};
CmkManageFunc *cur_func = NULL;
bool is_arg_patten_legal = false;
/* step 1 : register key manage function */
reg_all_cmk_manage_func(&cmk_manage_func_list);
cur_func = cmk_manage_func_list.first_node;
while (cur_func != NULL) {
if (is_arg_patten_equal(cur_func->arg_patten, arg_patten)) {
is_arg_patten_legal = true;
/* step 2 : init gs_ktool */
if (!init_keytool()) {
break;
}
/* step 3 : call key manage function to process arg_value */
cur_func->manage_cmk_func(arg_value);
break;
}
cur_func = cur_func->next;
}
if (is_arg_patten_legal == false) {
insert_format_log(L_PARSE_USER_INPUT, KT_ERROR, "unrecognized option combination");
print_advise(HELP);
}
/* step 4 : clean call back functions and kmc */
destroy_cmk_manage_func_list(&cmk_manage_func_list);
WsecFinalizeEx();
}
static void process_gen_cmk_cmd(ArgValue *arg_value)
{
unsigned int cmk_id = 0;
if (arg_value->cmk_len == 0) {
if (generate_cmk(false, UNUSED, &cmk_id)) {
printf("GENERATE\n%u\n", cmk_id);
insert_format_log(L_GEN_CMK, KT_SUCCEED, "new cmk : %u", cmk_id);
} else {
insert_format_log(L_GEN_CMK, KT_ERROR, "");
}
} else {
if (generate_cmk(true, arg_value->cmk_len, &cmk_id)) {
printf("GENERATE\n%u\n", cmk_id);
insert_format_log(L_GEN_CMK, KT_SUCCEED, "new cmk : %d, cmk len : %d", cmk_id, arg_value->cmk_len);
} else {
insert_format_log(L_GEN_CMK, KT_ERROR, "");
}
}
}
static void process_del_cmk_cmd(ArgValue *arg_value)
{
unsigned int del_cmk_id_list[MAX_CMK_QUANTITY] = {0};
unsigned int del_cmk_cnt = 0;
if (arg_value->has_set_all == true) {
if (delete_cmk(true, UNUSED, del_cmk_id_list, &del_cmk_cnt)) {
printf("DELETE ALL\n");
for (unsigned int i = 0; i < del_cmk_cnt; i++) {
printf(" %u", del_cmk_id_list[i]);
}
printf("\n");
insert_format_log(L_DEL_CMK, KT_SUCCEED, "deleted all")
} else {
insert_format_log(L_DEL_CMK, KT_ERROR, "");
}
} else {
if (delete_cmk(false, arg_value->cmk_id, { 0 }, &del_cmk_cnt)) {
printf("DELETE\n%u\n", arg_value->cmk_id);
insert_format_log(L_DEL_CMK, KT_SUCCEED, "delete cmk : %d", arg_value->cmk_id);
} else {
insert_format_log(L_DEL_CMK, KT_ERROR, "which id is '%s'", optarg);
}
}
}
static void process_select_cmk_cmd(ArgValue *arg_value)
{
CmkInfo *cmk_info_list = NULL;
if (arg_value->has_set_all == true) {
cmk_info_list = select_cmk_info(true, UNUSED);
if (cmk_info_list == NULL) {
insert_format_log(L_SELECT_CMK, KT_ERROR, "");
return;
} else {
printf("SELECT ALL\n");
trav_cmk_info_list(cmk_info_list);
insert_format_log(L_SELECT_CMK, KT_SUCCEED, "select all");
}
} else {
cmk_info_list = select_cmk_info(false, arg_value->cmk_id);
if (cmk_info_list == NULL) {
insert_format_log(L_SELECT_CMK, KT_ERROR, "which id is '%s'", optarg);
return;
} else {
printf("SELECT\n");
trav_cmk_info_list(cmk_info_list);
insert_format_log(L_SELECT_CMK, KT_SUCCEED, "select : %d", arg_value->cmk_id);
}
}
destroy_cmk_info_list(cmk_info_list);
}
static void process_import_cmk_cmd(ArgValue *arg_value)
{
unsigned int ksf_pass_len = 0;
CmkInfo *cmk_info_list = NULL;
PasswdErrType pw_err = LEGAL;
if (!get_passwd(arg_value->ksf_passwd, sizeof(arg_value->ksf_passwd))) {
return;
}
pw_err = check_passwd(arg_value->ksf_passwd);
if (pw_err != LEGAL) {
insert_format_log(L_IMPORT_CMK, KT_ERROR,
"please make sure the key store file '%s' is legal and the password is correct", arg_value->ksf);
return;
}
ksf_pass_len = strlen(arg_value->ksf_passwd);
if (import_cmks_from_ksf(arg_value->ksf, (unsigned char *)arg_value->ksf_passwd, ksf_pass_len)) {
printf("SAFE IMPORT\n%s\n", arg_value->ksf);
cmk_info_list = select_cmk_info(true, UNUSED);
if (cmk_info_list == NULL) {
insert_format_log(L_SELECT_CMK, KT_ERROR, "");
return;
} else {
trav_cmk_info_list(cmk_info_list);
insert_format_log(L_SELECT_CMK, KT_SUCCEED, "select all");
}
insert_format_log(L_IMPORT_CMK, KT_SUCCEED, "import from : '%s'", arg_value->ksf);
} else {
insert_format_log(L_IMPORT_CMK, KT_ERROR,
"please make sure the key store file '%s' is legal and the password is correct", arg_value->ksf);
}
destroy_cmk_info_list(cmk_info_list);
}
static void process_export_cmk_cmd(ArgValue *arg_value)
{
unsigned int ksf_pass_len = 0;
bool ret = false;
PasswdErrType pw_err = LEGAL;
errno_t rc = 0;
if (!get_passwd(arg_value->ksf_passwd, sizeof(arg_value->ksf_passwd))) {
return;
}
pw_err = check_passwd(arg_value->ksf_passwd);
if (pw_err != LEGAL) {
report_passwd_err(pw_err);
return;
}
ksf_pass_len = strlen(arg_value->ksf_passwd);
if (strlen(arg_value->ksf) > 0) {
ret = export_cmks_to_ksf(true, arg_value->ksf, (unsigned char *)arg_value->ksf_passwd, ksf_pass_len);
} else {
ret = export_cmks_to_ksf(false, NULL, (unsigned char *)arg_value->ksf_passwd, ksf_pass_len);
rc = strcpy_s(arg_value->ksf, sizeof(arg_value->ksf), "path configured in gs_ktool_conf.ini");
securec_check_c(rc, "", "");
}
if (ret) {
printf("SAFE EXPORT\n%s\n", arg_value->ksf);
insert_format_log(L_EXPORT_CMK, KT_SUCCEED, "exported to : '%s'", arg_value->ksf);
} else {
insert_format_log(L_EXPORT_CMK, KT_ERROR, "please check the path : '%s'", arg_value->ksf);
}
}

2
src/bin/pg_dump/Makefile
View File

@ -59,7 +59,7 @@ all: submake-aes gs_dump gs_restore gs_dumpall
libpq_pgport:=$(subst -lpq,-lpq_ce,$(libpq_pgport))
ifneq ($(enable_multiple_nodes)_$(enable_privategauss), no_no)
libpq_pgport += -L$(top_builddir)/src/bin/gs_ktool/ -lgs_ktool -lsecurec -L$(LIBKMC_LIB_PATH) -lkmc
libpq_pgport += -L$(top_builddir)/src/distribute/bin/gs_ktool/ -lgs_ktool -lsecurec -L$(LIBKMC_LIB_PATH) -lkmc
endif
gs_dump: pg_dump.o common.o pg_dump_sort.o $(OBJS) $(KEYWRDOBJS) $(COMMON_OBJS) | submake-libpq_ce submake-libpgport

4
src/bin/psql/Makefile
View File

@ -24,7 +24,7 @@ SGMLDIR= $(top_builddir)/doc/src/sgml
override CPPFLAGS := -I. -I$(srcdir) -I$(libpq_srcdir) -I$(top_srcdir)/src/bin/pg_dump -DHAVE_CE $(CPPFLAGS)
ifneq ($(enable_multiple_nodes)_$(enable_privategauss), no_no)
CPPFLAGS += -L$(top_builddir)/src/bin/gs_ktool/ -lgs_ktool -L$(LIBKMC_LIB_PATH) -lkmc
CPPFLAGS += -L$(top_builddir)/src/distribute/bin/gs_ktool/ -lgs_ktool -L$(LIBKMC_LIB_PATH) -lkmc
endif
$(top_builddir)/src/common/interfaces/libpq/client_logic_processor/stmt_processor.o:
@ -72,7 +72,7 @@ all: submake-aes gsql
libpq_pgport:=$(subst -lpq,-lpq_ce,$(libpq_pgport))
ifneq ($(enable_multiple_nodes)_$(enable_privategauss), no_no)
libpq_pgport += -L$(top_builddir)/src/bin/gs_ktool/ -lgs_ktool -L$(LIBKMC_LIB_PATH) -lkmc
libpq_pgport += -L$(top_builddir)/src/distribute/bin/gs_ktool/ -lgs_ktool -L$(LIBKMC_LIB_PATH) -lkmc
endif
$(top_builddir)/src/lib/elog/elog.a:

4
src/common/interfaces/libpq/Makefile
View File

@ -29,7 +29,7 @@ override CPPFLAGS += -I$(top_builddir)/$(subdir)/client_logic_hooks/encryption_h
ifeq "$(ENABLE_CE)" "1"
override CPPFLAGS += -DHAVE_CE -DWORDS_BIGENDIAN
ifneq ($(enable_multiple_nodes)_$(enable_privategauss), no_no)
override CPPFLAGS += -L$(top_builddir)/src/bin/gs_ktool/ -lgs_ktool -L$(LIBKMC_LIB_PATH) -lkmc
override CPPFLAGS += -L$(top_builddir)/src/distribute/bin/gs_ktool/ -lgs_ktool -L$(LIBKMC_LIB_PATH) -lkmc
endif
endif
@ -175,7 +175,7 @@ endif
ifneq ($(enable_multiple_nodes)_$(enable_privategauss), no_no)
all: gs_ktool all-lib-depends
gs_ktool:
$(MAKE) -C $(top_builddir)/src/bin/gs_ktool
$(MAKE) -C $(top_builddir)/src/distribute/bin/gs_ktool
else
all: all-lib-depends
endif

2
src/common/interfaces/libpq/client_logic_hooks/Makefile
View File

@ -20,7 +20,7 @@ override CPPFLAGS := -DFRONTEND -DFRONTEND_PARSER -DPGXC -fstack-protector-all -
override CPPFLAGS += -I$(top_builddir)/src/common/interfaces/libpq/ -I$(top_builddir)/src/include/libpq/ -I$(top_builddir)/src/include/libpq/client_logic_cache
override CPPFLAGS += -I$(top_builddir)/src/common/interfaces/libpq/client_logic_hooks -I$(encryption_hooks_dir)
ifneq ($(enable_multiple_nodes)_$(enable_privategauss), no_no)
override CPPFLAGS += -L$(top_builddir)/src/bin/gs_ktool/ -lgs_ktool -lsecurec -L$(LIBKMC_LIB_PATH) -lkmc
override CPPFLAGS += -L$(top_builddir)/src/distribute/bin/gs_ktool/ -lgs_ktool -lsecurec -L$(LIBKMC_LIB_PATH) -lkmc
endif
override CPPFLAGS := $(filter-out -fPIE, $(CPPFLAGS)) -fPIC -shared
override CFLAGS := $(filter-out -fPIE, $(CFLAGS)) -fPIC -shared

2
src/common/interfaces/libpq/client_logic_hooks/encryption_hooks/Makefile
View File

@ -18,7 +18,7 @@ NAME=client_logic_encryption_hooks
override CPPFLAGS := -DFRONTEND -DPGXC -Wno-write-strings -fstack-protector-all -I$(srcdir) $(CPPFLAGS) -I$(top_builddir)/src/ -I$(top_builddir)/src/include -I$(top_builddir)/src/include/libpq -I$(top_builddir)/src/common/interfaces/libpq -I$(top_builddir)/src/common/interfaces/libpq/client_logic_hooks/ -I.
override CPPFLAGS += -lsecurec -lssl -lcrypto
ifneq ($(enable_multiple_nodes)_$(enable_privategauss), no_no)
override CPPFLAGS += -L$(top_builddir)/src/bin/gs_ktool/ -lgs_ktool -lsecurec -L$(LIBKMC_LIB_PATH) -lkmc
override CPPFLAGS += -L$(top_builddir)/src/distribute/bin/gs_ktool/ -lgs_ktool -lsecurec -L$(LIBKMC_LIB_PATH) -lkmc
endif
override CPPFLAGS := $(filter-out -fPIE, $(CPPFLAGS)) -fPIC -shared
override CFLAGS := $(filter-out -fPIE, $(CFLAGS)) -fPIC -shared