hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changes to improve robustness of SSL processing, separate it so far as possible from protocols. Separate the detailed mechanism of authentication from the MySQL protocol with a view to making it into a module later.

Browse Source
This commit is contained in:
counterpoint
2016-02-15 09:29:07 +00:00
parent 971d1d5de2
commit 866e91c088
17 changed files with 1218 additions and 741 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
server/core/dcb.c
View File

@ -61,6 +61,8 @@
* 17/10/2015 Martin Brampton Add hangup for each and bitmask display MaxAdmin
* 15/12/2015 Martin Brampton Merge most of SSL write code into non-SSL,
* enhance SSL code
* 07/02/2016 Martin Brampton Make dcb_read_SSL & dcb_create_SSL internal,
* further small SSL logic changes
*
* @endverbatim
*/
@ -111,6 +113,8 @@ static bool dcb_maybe_add_persistent(DCB *);
static inline bool dcb_write_parameter_check(DCB *dcb, GWBUF *queue);
static int dcb_bytes_readable(DCB *dcb);
static int dcb_read_no_bytes_available(DCB *dcb, int nreadtotal);
static int dcb_create_SSL(DCB* dcb);
static int dcb_read_SSL(DCB *dcb, GWBUF **head);
static GWBUF *dcb_basic_read(DCB *dcb, int bytesavailable, int maxbytes, int nreadtotal, int *nsingleread);
static GWBUF *dcb_basic_read_SSL(DCB *dcb, int *nsingleread);
#if defined(FAKE_CODE)
@ -118,7 +122,6 @@ static inline void dcb_write_fake_code(DCB *dcb);
#endif
static void dcb_log_write_failure(DCB *dcb, GWBUF *queue, int eno);
static inline void dcb_write_tidy_up(DCB *dcb, bool below_water);
static void dcb_log_ssl_read_error(DCB *dcb, int ssl_errno, int rc);
static int gw_write(DCB *dcb, bool *stop_writing);
static int gw_write_SSL(DCB *dcb, bool *stop_writing);
static void dcb_log_errors_SSL (DCB *dcb, const char *called_by, int ret);
@ -853,6 +856,11 @@ int dcb_read(DCB *dcb,
int nsingleread = 0;
int nreadtotal = 0;
if (SSL_HANDSHAKE_DONE == dcb->ssl_state || SSL_ESTABLISHED == dcb->ssl_state)
{
return dcb_read_SSL(dcb, head);
}
CHK_DCB(dcb);
if (dcb->fd <= 0)
@ -1048,7 +1056,7 @@ dcb_basic_read(DCB *dcb, int bytesavailable, int maxbytes, int nreadtotal, int *
* @param head Pointer to linked list to append data to
* @return -1 on error, otherwise the total number of bytes read
*/
int
static int
dcb_read_SSL(DCB *dcb, GWBUF **head)
{
GWBUF *buffer = NULL;
@ -1075,7 +1083,7 @@ dcb_read_SSL(DCB *dcb, GWBUF **head)
nreadtotal += nsingleread;
*head = gwbuf_append(*head, buffer);
while (buffer || SSL_pending(dcb->ssl))
while (SSL_pending(dcb->ssl))
{
dcb->last_read = hkheartbeat;
buffer = dcb_basic_read_SSL(dcb, &nsingleread);
@ -1224,14 +1232,17 @@ dcb_log_errors_SSL (DCB *dcb, const char *called_by, int ret)
char errbuf[STRERROR_BUFLEN];
unsigned long ssl_errno;
MXS_ERROR("SSL operation failed in %s, dcb %p in state "
"%s fd %d. More details may follow.",
called_by,
dcb,
STRDCBSTATE(dcb->state),
dcb->fd);
ssl_errno = ERR_get_error();
if (ret || ssl_errno)
{
MXS_ERROR("SSL operation failed in %s, dcb %p in state "
"%s fd %d return code %d. More details may follow.",
called_by,
dcb,
STRDCBSTATE(dcb->state),
dcb->fd,
ret);
}
if (ret && !ssl_errno)
{
int local_errno = errno;
@ -2831,7 +2842,8 @@ dcb_count_by_usage(DCB_USAGE usage)
* @param dcb
* @return -1 on error, 0 otherwise.
*/
int dcb_create_SSL(DCB* dcb)
static int
dcb_create_SSL(DCB* dcb)
{
if (NULL == dcb->listen_ssl || listener_init_SSL(dcb->listen_ssl) != 0)
{
@ -2884,7 +2896,8 @@ int dcb_accept_SSL(DCB* dcb)
{
case SSL_ERROR_NONE:
MXS_DEBUG("SSL_accept done for %s@%s", user, remote);
dcb->ssl_state = SSL_HANDSHAKE_DONE;
dcb->ssl_state = SSL_ESTABLISHED;
dcb->ssl_read_want_write = false;
return 1;
break;
@ -2895,6 +2908,7 @@ int dcb_accept_SSL(DCB* dcb)
case SSL_ERROR_WANT_WRITE:
MXS_DEBUG("SSL_accept ongoing want write for %s@%s", user, remote);
dcb->ssl_read_want_write = true;
return 0;
break;