MXS-2483: Store listener SSLContext in unique_ptr
Also removed some unnecessary checks for session->listener: The Session constructor takes the listener as an argument.
This commit is contained in:
Markus Mäkelä
@ -146,7 +146,7 @@ public:
|
|||||||
/**
|
/**
|
||||||
* The mxs::SSLContext object
|
* The mxs::SSLContext object
|
||||||
*/
|
*/
|
||||||
mxs::SSLContext* ssl() const;
|
mxs::SSLContext* ssl_context() const;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Convert to JSON
|
* Convert to JSON
|
||||||
@ -209,7 +209,9 @@ private:
|
|||||||
std::string m_authenticator; /**< Name of authenticator */
|
std::string m_authenticator; /**< Name of authenticator */
|
||||||
std::string m_auth_options; /**< Authenticator options */
|
std::string m_auth_options; /**< Authenticator options */
|
||||||
void* m_auth_instance; /**< Authenticator instance */
|
void* m_auth_instance; /**< Authenticator instance */
|
||||||
mxs::SSLContext* m_ssl; /**< Structure of SSL data or NULL */
|
|
||||||
|
std::unique_ptr<mxs::SSLContext> m_ssl_context; /**< SSL context */
|
||||||
|
|
||||||
struct users* m_users; /**< The user data for this listener */
|
struct users* m_users; /**< The user data for this listener */
|
||||||
SERVICE* m_service; /**< The service which used by this listener */
|
SERVICE* m_service; /**< The service which used by this listener */
|
||||||
std::atomic<bool> m_active; /**< True if the port has not been deleted */
|
std::atomic<bool> m_active; /**< True if the port has not been deleted */
|
||||||
|
|||||||
@ -2150,8 +2150,8 @@ static int dcb_create_SSL(DCB* dcb, mxs::SSLContext* ssl)
|
|||||||
*/
|
*/
|
||||||
int dcb_accept_SSL(DCB* dcb)
|
int dcb_accept_SSL(DCB* dcb)
|
||||||
{
|
{
|
||||||
if (NULL == dcb->session->listener->ssl()
|
if (!dcb->session->listener->ssl_context()
|
||||||
|| (NULL == dcb->ssl && dcb_create_SSL(dcb, dcb->session->listener->ssl()) != 0))
|
|| (!dcb->ssl && dcb_create_SSL(dcb, dcb->session->listener->ssl_context()) != 0))
|
||||||
{
|
{
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -116,7 +116,7 @@ Listener::Listener(SERVICE* service,
|
|||||||
, m_authenticator(authenticator)
|
, m_authenticator(authenticator)
|
||||||
, m_auth_options(auth_opts)
|
, m_auth_options(auth_opts)
|
||||||
, m_auth_instance(auth_instance)
|
, m_auth_instance(auth_instance)
|
||||||
, m_ssl(ssl)
|
, m_ssl_context(ssl)
|
||||||
, m_users(nullptr)
|
, m_users(nullptr)
|
||||||
, m_service(service)
|
, m_service(service)
|
||||||
, m_proto_func(*(MXS_PROTOCOL*)load_module(protocol.c_str(), MODULE_PROTOCOL))
|
, m_proto_func(*(MXS_PROTOCOL*)load_module(protocol.c_str(), MODULE_PROTOCOL))
|
||||||
@ -147,8 +147,6 @@ Listener::~Listener()
|
|||||||
{
|
{
|
||||||
users_free(m_users);
|
users_free(m_users);
|
||||||
}
|
}
|
||||||
|
|
||||||
delete m_ssl;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
SListener Listener::create(const std::string& name,
|
SListener Listener::create(const std::string& name,
|
||||||
@ -477,9 +475,9 @@ bool Listener::create_listener_config(const char* filename)
|
|||||||
dprintf(file, "authenticator_options=%s\n", m_auth_options.c_str());
|
dprintf(file, "authenticator_options=%s\n", m_auth_options.c_str());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (m_ssl)
|
if (m_ssl_context)
|
||||||
{
|
{
|
||||||
dprintf(file, "%s", m_ssl->serialize().c_str());
|
dprintf(file, "%s", m_ssl_context->serialize().c_str());
|
||||||
}
|
}
|
||||||
|
|
||||||
::close(file);
|
::close(file);
|
||||||
@ -538,9 +536,9 @@ json_t* Listener::to_json() const
|
|||||||
json_object_set_new(param, "authenticator", json_string(m_authenticator.c_str()));
|
json_object_set_new(param, "authenticator", json_string(m_authenticator.c_str()));
|
||||||
json_object_set_new(param, "auth_options", json_string(m_auth_options.c_str()));
|
json_object_set_new(param, "auth_options", json_string(m_auth_options.c_str()));
|
||||||
|
|
||||||
if (m_ssl)
|
if (m_ssl_context)
|
||||||
{
|
{
|
||||||
json_object_set_new(param, "ssl", m_ssl->to_json());
|
json_object_set_new(param, "ssl", m_ssl_context->to_json());
|
||||||
}
|
}
|
||||||
|
|
||||||
json_t* attr = json_object();
|
json_t* attr = json_object();
|
||||||
@ -610,9 +608,9 @@ void* Listener::auth_instance() const
|
|||||||
return m_auth_instance;
|
return m_auth_instance;
|
||||||
}
|
}
|
||||||
|
|
||||||
mxs::SSLContext* Listener::ssl() const
|
mxs::SSLContext* Listener::ssl_context() const
|
||||||
{
|
{
|
||||||
return m_ssl;
|
return m_ssl_context.get();
|
||||||
}
|
}
|
||||||
|
|
||||||
const char* Listener::state() const
|
const char* Listener::state() const
|
||||||
|
|||||||
@ -241,7 +241,8 @@ std::string get_version_string(SERVICE* service)
|
|||||||
*/
|
*/
|
||||||
bool ssl_required_by_dcb(DCB* dcb)
|
bool ssl_required_by_dcb(DCB* dcb)
|
||||||
{
|
{
|
||||||
return NULL != dcb->session->listener && NULL != dcb->session->listener->ssl();
|
mxb_assert(dcb->session->listener);
|
||||||
|
return dcb->session->listener->ssl_context();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -256,9 +257,7 @@ bool ssl_required_by_dcb(DCB* dcb)
|
|||||||
*/
|
*/
|
||||||
bool ssl_required_but_not_negotiated(DCB* dcb)
|
bool ssl_required_but_not_negotiated(DCB* dcb)
|
||||||
{
|
{
|
||||||
return NULL != dcb->session->listener
|
return ssl_required_by_dcb(dcb) && SSL_HANDSHAKE_UNKNOWN == dcb->ssl_state;
|
||||||
&& NULL != dcb->session->listener->ssl()
|
|
||||||
&& SSL_HANDSHAKE_UNKNOWN == dcb->ssl_state;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -717,7 +716,7 @@ static void check_packet(DCB* dcb, GWBUF* buf, int bytes)
|
|||||||
if (bytes == MYSQL_AUTH_PACKET_BASE_SIZE)
|
if (bytes == MYSQL_AUTH_PACKET_BASE_SIZE)
|
||||||
{
|
{
|
||||||
/** This is an SSL request packet */
|
/** This is an SSL request packet */
|
||||||
mxb_assert(dcb->session->listener->ssl());
|
mxb_assert(dcb->session->listener->ssl_context());
|
||||||
mxb_assert(buflen == bytes && pktlen >= buflen);
|
mxb_assert(buflen == bytes && pktlen >= buflen);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -744,9 +743,7 @@ bool ssl_is_connection_healthy(DCB* dcb)
|
|||||||
* then everything is as we wish. Otherwise, either there is a problem or
|
* then everything is as we wish. Otherwise, either there is a problem or
|
||||||
* more to be done.
|
* more to be done.
|
||||||
*/
|
*/
|
||||||
return NULL == dcb->session->listener
|
return !dcb->session->listener->ssl_context() || dcb->ssl_state == SSL_ESTABLISHED;
|
||||||
|| NULL == dcb->session->listener->ssl()
|
|
||||||
|| dcb->ssl_state == SSL_ESTABLISHED;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Looks to be redundant - can remove include for ioctl too */
|
/* Looks to be redundant - can remove include for ioctl too */
|
||||||
@ -789,7 +786,7 @@ int ssl_authenticate_client(DCB* dcb, bool is_capable)
|
|||||||
const char* remote = dcb->remote ? dcb->remote : "";
|
const char* remote = dcb->remote ? dcb->remote : "";
|
||||||
const char* service = (dcb->service && dcb->service->name()) ? dcb->service->name() : "";
|
const char* service = (dcb->service && dcb->service->name()) ? dcb->service->name() : "";
|
||||||
|
|
||||||
if (NULL == dcb->session->listener || NULL == dcb->session->listener->ssl())
|
if (!dcb->session->listener->ssl_context())
|
||||||
{
|
{
|
||||||
/* Not an SSL connection on account of listener configuration */
|
/* Not an SSL connection on account of listener configuration */
|
||||||
return SSL_AUTH_CHECKS_OK;
|
return SSL_AUTH_CHECKS_OK;
|
||||||
|
|||||||
Reference in New Issue
Block a user