From f5401c5244e89ddef968b41f9e133c18792c1e7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Mon, 4 Sep 2017 13:49:44 +0300 Subject: [PATCH] MXS-1346: Rename dbfwfilter instance and session Renamed the structures to C++ naming style and added initial declarations for DbfwSession methods. The DbfwSession methods are not yet fully implemented which is why parts of the class are still public. The intention is to use the filter template when the session class is sufficiently refactored. --- .../modules/filter/dbfwfilter/dbfwfilter.cc | 43 +++++++------------ .../modules/filter/dbfwfilter/dbfwfilter.hh | 36 +++++++++++++--- server/modules/filter/dbfwfilter/rules.cc | 16 +++---- server/modules/filter/dbfwfilter/rules.hh | 16 +++---- server/modules/filter/dbfwfilter/user.cc | 6 +-- server/modules/filter/dbfwfilter/user.hh | 6 +-- 6 files changed, 67 insertions(+), 56 deletions(-) diff --git a/server/modules/filter/dbfwfilter/dbfwfilter.cc b/server/modules/filter/dbfwfilter/dbfwfilter.cc index fd8661488..bf9fef03a 100644 --- a/server/modules/filter/dbfwfilter/dbfwfilter.cc +++ b/server/modules/filter/dbfwfilter/dbfwfilter.cc @@ -113,10 +113,10 @@ thread_local struct } this_thread; bool parse_at_times(const char** tok, char** saveptr, Rule* ruledef); -bool parse_limit_queries(FW_INSTANCE* instance, Rule* ruledef, const char* rule, char** saveptr); +bool parse_limit_queries(Dbfw* instance, Rule* ruledef, const char* rule, char** saveptr); static void rule_free_all(Rule* rule); static bool process_rule_file(const char* filename, RuleList* rules, UserMap* users); -bool replace_rules(FW_INSTANCE* instance); +bool replace_rules(Dbfw* instance); static void print_rule(Rule *rules, char *dest) { @@ -390,7 +390,7 @@ bool dbfw_reload_rules(const MODULECMD_ARG *argv, json_t** output) { bool rval = true; MXS_FILTER_DEF *filter = argv->argv[0].value.filter; - FW_INSTANCE *inst = (FW_INSTANCE*)filter_def_get_instance(filter); + Dbfw *inst = (Dbfw*)filter_def_get_instance(filter); if (modulecmd_arg_is_present(argv, 1)) { @@ -451,7 +451,7 @@ bool dbfw_show_rules(const MODULECMD_ARG *argv, json_t** output) { DCB *dcb = argv->argv[0].value.dcb; MXS_FILTER_DEF *filter = argv->argv[1].value.filter; - FW_INSTANCE *inst = (FW_INSTANCE*)filter_def_get_instance(filter); + Dbfw *inst = (Dbfw*)filter_def_get_instance(filter); dcb_printf(dcb, "Rule, Type, Times Matched\n"); @@ -477,7 +477,7 @@ bool dbfw_show_rules(const MODULECMD_ARG *argv, json_t** output) bool dbfw_show_rules_json(const MODULECMD_ARG *argv, json_t** output) { MXS_FILTER_DEF *filter = argv->argv[0].value.filter; - FW_INSTANCE *inst = (FW_INSTANCE*)filter_def_get_instance(filter); + Dbfw *inst = (Dbfw*)filter_def_get_instance(filter); json_t* arr = json_array(); @@ -1096,7 +1096,7 @@ static bool process_rule_file(const char* filename, RuleList* rules, UserMap* us * @param instance Filter instance * @return True if the session can continue, false on fatal error. */ -bool replace_rules(FW_INSTANCE* instance) +bool replace_rules(Dbfw* instance) { bool rval = true; spinlock_acquire(&instance->lock); @@ -1143,7 +1143,7 @@ bool replace_rules(FW_INSTANCE* instance) static MXS_FILTER * createInstance(const char *name, char **options, MXS_CONFIG_PARAMETER *params) { - FW_INSTANCE *my_instance = (FW_INSTANCE*)MXS_CALLOC(1, sizeof(FW_INSTANCE)); + Dbfw *my_instance = (Dbfw*)MXS_CALLOC(1, sizeof(Dbfw)); if (my_instance == NULL) { @@ -1191,17 +1191,8 @@ createInstance(const char *name, char **options, MXS_CONFIG_PARAMETER *params) */ static MXS_FILTER_SESSION* newSession(MXS_FILTER *instance, MXS_SESSION *session) { - FW_INSTANCE *my_instance = (FW_INSTANCE*)instance; - FW_SESSION *my_session = (FW_SESSION*)MXS_CALLOC(1, sizeof(FW_SESSION)); - - if (my_session) - { - my_session->session = session; - my_session->instance = my_instance; - my_session->errmsg = NULL; - } - - return (MXS_FILTER_SESSION*)my_session; + Dbfw *my_instance = (Dbfw*)instance; + return (MXS_FILTER_SESSION*)new (std::nothrow) DbfwSession(my_instance, session); } /** @@ -1225,10 +1216,8 @@ closeSession(MXS_FILTER *instance, MXS_FILTER_SESSION *session) static void freeSession(MXS_FILTER *instance, MXS_FILTER_SESSION *session) { - FW_SESSION *my_session = (FW_SESSION *) session; - MXS_FREE(my_session->errmsg); - delete my_session->query_speed; - MXS_FREE(my_session); + DbfwSession *my_session = (DbfwSession*)session; + delete my_session; } /** @@ -1242,7 +1231,7 @@ freeSession(MXS_FILTER *instance, MXS_FILTER_SESSION *session) static void setDownstream(MXS_FILTER *instance, MXS_FILTER_SESSION *session, MXS_DOWNSTREAM *downstream) { - FW_SESSION *my_session = (FW_SESSION *) session; + DbfwSession *my_session = (DbfwSession *) session; my_session->down = *downstream; } @@ -1371,7 +1360,7 @@ char* create_error(const char* format, ...) * i.e., whether it is in whitelist or blacklist mode. The point is that * irrespective of the mode, the query must be rejected. */ -static char* create_parse_error(FW_INSTANCE* my_instance, +static char* create_parse_error(Dbfw* my_instance, const char* reason, const char* query, bool* matchesp) @@ -1412,8 +1401,8 @@ static char* create_parse_error(FW_INSTANCE* my_instance, * @param query Pointer to the null-terminated query string * @return true if the query matches the rule */ -bool rule_matches(FW_INSTANCE* my_instance, - FW_SESSION* my_session, +bool rule_matches(Dbfw* my_instance, + DbfwSession* my_session, GWBUF *queue, SRule rule, char* query) @@ -1677,7 +1666,7 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue) static void diagnostic(MXS_FILTER *instance, MXS_FILTER_SESSION *fsession, DCB *dcb) { - FW_INSTANCE *my_instance = (FW_INSTANCE *) instance; + Dbfw *my_instance = (Dbfw *) instance; dcb_printf(dcb, "Firewall Filter\n"); dcb_printf(dcb, "Rule, Type, Times Matched\n"); diff --git a/server/modules/filter/dbfwfilter/dbfwfilter.hh b/server/modules/filter/dbfwfilter/dbfwfilter.hh index bc4426f72..56ce61a39 100644 --- a/server/modules/filter/dbfwfilter/dbfwfilter.hh +++ b/server/modules/filter/dbfwfilter/dbfwfilter.hh @@ -169,20 +169,42 @@ typedef struct int idgen; /*< UID generator */ char *rulefile; /*< Path to the rule file */ int rule_version; /*< Latest rule file version, incremented on reload */ -} FW_INSTANCE; +} Dbfw; + +class User; +typedef std::tr1::shared_ptr SUser; /** * The session structure for Firewall filter. */ -typedef struct +class DbfwSession { - MXS_SESSION *session; /*< Client session structure */ - char *errmsg; /*< Rule specific error message */ + DbfwSession(const DbfwSession&); + DbfwSession& operator=(const DbfwSession&); + +public: + DbfwSession(Dbfw* instance, MXS_SESSION* session); + ~DbfwSession(); + + void set_error(std::string error); + std::string get_error() const; + void clear_error(); + int send_error(); + + std::string user() const; + std::string remote() const; + + int routeQuery(GWBUF* query); + QuerySpeed *query_speed; /*< How fast the user has executed queries */ MXS_DOWNSTREAM down; /*< Next object in the downstream chain */ MXS_UPSTREAM up; /*< Next object in the upstream chain */ - FW_INSTANCE *instance; /*< Router instance */ -} FW_SESSION; + Dbfw *instance; /*< Router instance */ + +private: + MXS_SESSION *session; /*< Client session structure */ + std::string m_error; /*< Rule specific error message */ +}; /** Typedef for a list of strings */ typedef std::list ValueList; @@ -197,6 +219,6 @@ char* create_error(const char* format, ...); /** * Check if a rule matches */ -bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, +bool rule_matches(Dbfw* my_instance, DbfwSession* my_session, GWBUF *queue, SRule rule, char* query); bool rule_is_active(SRule rule); \ No newline at end of file diff --git a/server/modules/filter/dbfwfilter/rules.cc b/server/modules/filter/dbfwfilter/rules.cc index c16f55f9b..b8a5f8eba 100644 --- a/server/modules/filter/dbfwfilter/rules.cc +++ b/server/modules/filter/dbfwfilter/rules.cc @@ -39,7 +39,7 @@ Rule::~Rule() { } -bool Rule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const +bool Rule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const { *msg = create_error("Permission denied at this time."); MXS_NOTICE("rule '%s': query denied at this time.", name().c_str()); @@ -66,7 +66,7 @@ const std::string& Rule::type() const return m_type; } -bool WildCardRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const +bool WildCardRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const { bool rval = false; @@ -90,7 +90,7 @@ bool WildCardRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) return rval; } -bool NoWhereClauseRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const +bool NoWhereClauseRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const { bool rval = false; @@ -105,7 +105,7 @@ bool NoWhereClauseRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** return rval; } -bool RegexRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const +bool RegexRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const { bool rval = false; @@ -132,7 +132,7 @@ bool RegexRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) co return rval; } -bool ColumnsRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const +bool ColumnsRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const { bool rval = false; @@ -162,7 +162,7 @@ bool ColumnsRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) } -bool FunctionRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const +bool FunctionRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const { bool rval = false; @@ -199,7 +199,7 @@ bool FunctionRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) return rval; } -bool FunctionUsageRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const +bool FunctionUsageRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const { if (query_is_sql(buffer)) { @@ -228,7 +228,7 @@ bool FunctionUsageRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** return false; } -bool LimitQueriesRule::matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const +bool LimitQueriesRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const { if (session->query_speed == NULL) { diff --git a/server/modules/filter/dbfwfilter/rules.hh b/server/modules/filter/dbfwfilter/rules.hh index 5233302ba..a6049fb0f 100644 --- a/server/modules/filter/dbfwfilter/rules.hh +++ b/server/modules/filter/dbfwfilter/rules.hh @@ -30,7 +30,7 @@ class Rule public: Rule(std::string name, std::string type = "PERMISSION"); virtual ~Rule(); - virtual bool matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const; + virtual bool matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const; virtual bool need_full_parsing(GWBUF* buffer) const { @@ -73,7 +73,7 @@ public: return true; } - bool matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const; + bool matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const; }; /** @@ -99,7 +99,7 @@ public: return true; } - bool matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const; + bool matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const; }; @@ -138,7 +138,7 @@ public: { } - bool matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const; + bool matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const; }; /** @@ -155,7 +155,7 @@ public: { } - bool matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const; + bool matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const; }; @@ -173,7 +173,7 @@ public: { } - bool matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const; + bool matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const; }; @@ -203,7 +203,7 @@ public: return true; } - bool matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const; + bool matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const; private: int m_max; @@ -235,7 +235,7 @@ public: return false; } - bool matches_query(FW_SESSION* session, GWBUF* buffer, char** msg) const; + bool matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const; private: mxs::Closer m_re; diff --git a/server/modules/filter/dbfwfilter/user.cc b/server/modules/filter/dbfwfilter/user.cc index d3c7bbe6c..646cf746b 100644 --- a/server/modules/filter/dbfwfilter/user.cc +++ b/server/modules/filter/dbfwfilter/user.cc @@ -67,7 +67,7 @@ static bool should_match(GWBUF* buffer) * @param user The user whose rules are checked * @return True if the query matches at least one of the rules otherwise false */ -bool User::match_any(FW_INSTANCE* my_instance, FW_SESSION* my_session, +bool User::match_any(Dbfw* my_instance, DbfwSession* my_session, GWBUF *queue, char** rulename) { @@ -110,7 +110,7 @@ bool User::match_any(FW_INSTANCE* my_instance, FW_SESSION* my_session, * * @return True if the query matches all of the rules otherwise false */ -bool User::do_match(FW_INSTANCE* my_instance, FW_SESSION* my_session, +bool User::do_match(Dbfw* my_instance, DbfwSession* my_session, GWBUF *queue, match_mode mode, char** rulename) { bool rval = false; @@ -166,7 +166,7 @@ bool User::do_match(FW_INSTANCE* my_instance, FW_SESSION* my_session, return rval; } -bool User::match(FW_INSTANCE* instance, FW_SESSION* session, GWBUF* buffer, char** rulename) +bool User::match(Dbfw* instance, DbfwSession* session, GWBUF* buffer, char** rulename) { return match_any(instance, session, buffer, rulename) || do_match(instance, session, buffer, User::ALL, rulename) || diff --git a/server/modules/filter/dbfwfilter/user.hh b/server/modules/filter/dbfwfilter/user.hh index 467c62893..5c537389b 100644 --- a/server/modules/filter/dbfwfilter/user.hh +++ b/server/modules/filter/dbfwfilter/user.hh @@ -74,7 +74,7 @@ public: * * @return True if query matches */ - bool match(FW_INSTANCE* instance, FW_SESSION* session, GWBUF* buffer, char** rulename); + bool match(Dbfw* instance, DbfwSession* session, GWBUF* buffer, char** rulename); private: @@ -93,9 +93,9 @@ private: /** * Functions for matching rules */ - bool match_any(FW_INSTANCE* my_instance, FW_SESSION* my_session, + bool match_any(Dbfw* my_instance, DbfwSession* my_session, GWBUF *queue, char** rulename); - bool do_match(FW_INSTANCE* my_instance, FW_SESSION* my_session, + bool do_match(Dbfw* my_instance, DbfwSession* my_session, GWBUF *queue, match_mode mode, char** rulename); };