hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[CP] sql nio support ssl and open by default on master

Browse Source
This commit is contained in:
obdev
2022-12-12 04:45:14 +00:00
committed by ob-robot
parent 09028517e6
commit 0dfcc0daf7
20 changed files with 779 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
deps/easy/src/io/easy_ssl.c vendored
View File

@ -1655,6 +1655,7 @@ static int easy_ssl_certificate_for_mysql_memory(easy_ssl_ctx_t *ssl, const char
easy_error_log("PEM_read_bio_RSAPrivateKey(\"%s\") failed", key);
return EASY_ERROR;
} else if (SSL_CTX_use_RSAPrivateKey(ssl->ctx, rsa) <= 0) {
RSA_free(rsa);
easy_error_log("SSL_CTX_use_RSAPrivateKey(\"%s\") failed", key);
return EASY_ERROR;
}

4
deps/oblib/src/lib/CMakeLists.txt vendored
View File

@ -187,6 +187,10 @@ ob_set_subtarget(oblib_lib ash
ash/ob_active_session_guard.cpp
)
ob_set_subtarget(oblib_lib ssl
ssl/ob_ssl_config.cpp
)
ob_lib_add_target(oblib_lib)
ob_set_subtarget(ob_malloc_object_list common_alloc

596
deps/oblib/src/lib/ssl/ob_ssl_config.cpp vendored Normal file
View File

@ -0,0 +1,596 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include "ob_ssl_config.h"
#include "lib/ob_define.h"
#include "lib/oblog/ob_log.h"
#include "lib/lock/ob_spin_rwlock.h"
namespace oceanbase {
namespace common {
static const int FD_MAX = 100 * 10000; //set the fd limit to be 100w
struct ssl_st {
SSL* ssl;
int hand_shake_done;
};
static SSL_CTX* gs_ssl_ctx_array[OB_SSL_CTX_ID_MAX][OB_SSL_ROLE_MAX];
static SpinRWLock gs_ssl_array_lock;
static struct ssl_st gs_ssl_array[FD_MAX];
const char tls_ciphers_list[]= "!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!DES:!RC2:!RC4:!PSK:"
"!DHE-DSS-DES-CBC3-SHA:!DHE-RSA-DES-CBC3-SHA:"
"!ECDH-RSA-DES-CBC3-SHA:!ECDH-ECDSA-DES-CBC3-SHA:"
"!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:"
"ECDHE-ECDSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES256-GCM-SHA384:"
"ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-RSA-AES256-GCM-SHA384:"
"ECDHE-ECDSA-AES128-SHA256:"
"ECDHE-RSA-AES128-SHA256:"
"ECDHE-ECDSA-AES256-SHA384:"
"ECDHE-RSA-AES256-SHA384:"
"DHE-RSA-AES128-GCM-SHA256:"
"DHE-DSS-AES128-GCM-SHA256:"
"DHE-RSA-AES128-SHA256:"
"DHE-DSS-AES128-SHA256:"
"DHE-DSS-AES256-GCM-SHA384:"
"DHE-RSA-AES256-SHA256:"
"DHE-DSS-AES256-SHA256:"
"ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:"
"ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:"
"DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:"
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA:DHE-RSA-AES256-SHA:"
"AES128-GCM-SHA256:DH-DSS-AES128-GCM-SHA256:"
"ECDH-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384:"
"DH-DSS-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:"
"AES128-SHA256:DH-DSS-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-SHA256:"
"DH-DSS-AES256-SHA256:ECDH-ECDSA-AES256-SHA384:AES128-SHA:"
"DH-DSS-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES256-SHA:"
"DH-DSS-AES256-SHA:ECDH-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:"
"DH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:DH-RSA-AES256-GCM-SHA384:"
"ECDH-RSA-AES256-GCM-SHA384:DH-RSA-AES128-SHA256:"
"ECDH-RSA-AES128-SHA256:DH-RSA-AES256-SHA256:"
"ECDH-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:"
"ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:"
"ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:"
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA:DHE-RSA-AES256-SHA:"
"AES128-SHA:DH-DSS-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES256-SHA:"
"DH-DSS-AES256-SHA:ECDH-ECDSA-AES256-SHA:DH-RSA-AES128-SHA:"
"ECDH-RSA-AES128-SHA:DH-RSA-AES256-SHA:ECDH-RSA-AES256-SHA:DES-CBC3-SHA";
const char baba_tls_ciphers_list[]= "!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!DES:!RC2:!RC4:!PSK:"
"!DHE-DSS-DES-CBC3-SHA:!DHE-RSA-DES-CBC3-SHA:"
"!ECDH-RSA-DES-CBC3-SHA:!ECDH-ECDSA-DES-CBC3-SHA:"
"!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:"
"ECC-SM2-WITH-SM4-SM3:ECDHE-SM2-WITH-SM4-SM3:"
"ECDHE-ECDSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES256-GCM-SHA384:"
"ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-RSA-AES256-GCM-SHA384:"
"ECDHE-ECDSA-AES128-SHA256:"
"ECDHE-RSA-AES128-SHA256:"
"ECDHE-ECDSA-AES256-SHA384:"
"ECDHE-RSA-AES256-SHA384:"
"DHE-RSA-AES128-GCM-SHA256:"
"DHE-DSS-AES128-GCM-SHA256:"
"DHE-RSA-AES128-SHA256:"
"DHE-DSS-AES128-SHA256:"
"DHE-DSS-AES256-GCM-SHA384:"
"DHE-RSA-AES256-SHA256:"
"DHE-DSS-AES256-SHA256:"
"ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:"
"ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:"
"DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:"
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA:DHE-RSA-AES256-SHA:"
"AES128-GCM-SHA256:DH-DSS-AES128-GCM-SHA256:"
"ECDH-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384:"
"DH-DSS-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:"
"AES128-SHA256:DH-DSS-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-SHA256:"
"DH-DSS-AES256-SHA256:ECDH-ECDSA-AES256-SHA384:AES128-SHA:"
"DH-DSS-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES256-SHA:"
"DH-DSS-AES256-SHA:ECDH-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:"
"DH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:DH-RSA-AES256-GCM-SHA384:"
"ECDH-RSA-AES256-GCM-SHA384:DH-RSA-AES128-SHA256:"
"ECDH-RSA-AES128-SHA256:DH-RSA-AES256-SHA256:"
"ECDH-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:"
"ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:"
"ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:"
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA:DHE-RSA-AES256-SHA:"
"AES128-SHA:DH-DSS-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES256-SHA:"
"DH-DSS-AES256-SHA:ECDH-ECDSA-AES256-SHA:DH-RSA-AES128-SHA:"
"ECDH-RSA-AES128-SHA:DH-RSA-AES256-SHA:ECDH-RSA-AES256-SHA:DES-CBC3-SHA";
static X509* ob_ssl_get_sm_cert_memory(const char *cert)
{
BIO *bio = NULL;
X509 *x509 = NULL;
if (NULL == (bio = BIO_new_mem_buf((void *)cert, -1))) {
COMMON_LOG(ERROR, "BIO_new_mem_buf failed", K(cert));
} else if (NULL == (x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL))) {
COMMON_LOG(WARN, "PEM_read_bio_X509 failed", K(cert));
}
if (NULL != bio) {
BIO_free(bio);
}
return x509;
}
static EVP_PKEY* ob_ssl_get_sm_pkey_memory(const char *key)
{
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
if (NULL == (bio = BIO_new_mem_buf((void *)key, strlen(key)))) {
COMMON_LOG(ERROR, "BIO_new_mem_buf failed", K(key));
} else if (NULL == (pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))) {
COMMON_LOG(WARN, "PEM_read_bio_PrivateKey failed", K(key));
}
if (NULL != bio) {
BIO_free(bio);
}
return pkey;
}
static int ob_ssl_config_check(const ObSSLConfig& ssl_config)
{
int ret = OB_SUCCESS;
if (!ssl_config.ca_cert_ || 0 == strlen(ssl_config.ca_cert_)) {
ret = OB_INVALID_ARGUMENT;
COMMON_LOG(WARN, "invalid ca_cert", K(ssl_config.ca_cert_), K(ret));
} else if (!ssl_config.sign_cert_ || 0 == strlen(ssl_config.sign_cert_)) {
ret = OB_INVALID_ARGUMENT;
COMMON_LOG(WARN, "invalid sign_cert", K(ssl_config.sign_cert_), K(ret));
} else if (!ssl_config.sign_private_key_ || 0 == strlen(ssl_config.sign_private_key_)) {
ret = OB_INVALID_ARGUMENT;
COMMON_LOG(WARN, "invalid sign_private_key", K(ssl_config.sign_private_key_), K(ret));
} else if (ssl_config.is_sm_) {
if (!ssl_config.enc_cert_ || 0 == strlen(ssl_config.enc_cert_)) {
ret = OB_INVALID_ARGUMENT;
COMMON_LOG(WARN, "sm mode, invalid enc_cert", K(ssl_config.enc_cert_), K(ret));
} else if (!ssl_config.enc_private_key_ || 0 == strlen(ssl_config.enc_private_key_)) {
ret = OB_INVALID_ARGUMENT;
COMMON_LOG(WARN, "sm mode, invalid enc_private_key", K(ssl_config.enc_private_key_), K(ret));
}
}
return ret;
}
static int ob_ssl_set_verify_mode_and_load_CA(SSL_CTX* ctx, const ObSSLConfig& ssl_config)
{
int ret = OB_SUCCESS;
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL);
if (ssl_config.is_from_file_) {
STACK_OF(X509_NAME) *list = NULL;
if (0 == SSL_CTX_load_verify_locations(ctx, ssl_config.ca_cert_, NULL)) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_load_verify_locations failed", K(ret), K(ssl_config.ca_cert_), K(ERR_error_string(ERR_get_error(), NULL)));
} else if (NULL == (list = SSL_load_client_CA_file(ssl_config.ca_cert_))) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_load_client_CA_file failed", K(ssl_config.ca_cert_), K(ret), K(ERR_error_string(ERR_get_error(), NULL)));
} else {
ERR_clear_error();
SSL_CTX_set_client_CA_list(ctx, list);
}
} else {
BIO *bio = NULL;
X509 *cert_x509 = NULL;
X509_STORE *x509_store = NULL;
if (NULL == (bio = BIO_new_mem_buf((void*)ssl_config.ca_cert_, -1))) {
ret = OB_ALLOCATE_MEMORY_FAILED;
COMMON_LOG(ERROR, "BIO_new_mem_buf failed ", K(ssl_config.ca_cert_), K(ret));
} else if (NULL == (cert_x509 = PEM_read_bio_X509(bio, NULL, 0, NULL))) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "PEM_read_bio_X509 failed", K(ssl_config.ca_cert_), K(ret));
} else if (NULL == (x509_store = X509_STORE_new())) {
ret = OB_ALLOCATE_MEMORY_FAILED;
COMMON_LOG(ERROR, "X509_STORE_new failed", K(ssl_config.ca_cert_), K(ret));
} else if (0 == X509_STORE_add_cert(x509_store, cert_x509)) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "X509_STORE_add_cert failed", K(ERR_error_string(ERR_get_error(), NULL)), K(ret));
} else {
SSL_CTX_set_cert_store(ctx, x509_store);
}
if (NULL != bio) {
BIO_free(bio);
}
if (NULL != cert_x509) {
X509_free(cert_x509);
}
if (OB_FAIL(ret)) {
if (NULL != x509_store) {
X509_STORE_free(x509_store);
}
}
}
return ret;
}
static int ob_ssl_load_cert_and_pkey_for_intl_memory(SSL_CTX* ctx, const ObSSLConfig& ssl_config)
{
int ret = OB_SUCCESS;
int is_first = 1;
BIO *bio = NULL;
STACK_OF(X509_INFO) *inf = NULL;
if (NULL == (bio = BIO_new_mem_buf((void*)ssl_config.sign_cert_, -1))) {
ret = OB_ALLOCATE_MEMORY_FAILED;
COMMON_LOG(ERROR, "BIO_new_mem_buf failed", K(ssl_config.sign_cert_), K(ret));
} else if (NULL == (inf = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL))) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(ERROR, "PEM_X509_INFO_read_bio failed", K(ret), K(ssl_config.sign_cert_));
} else {
for (int i = 0; i < sk_X509_INFO_num(inf) && OB_SUCC(ret); i++) {
X509_INFO *itmp = sk_X509_INFO_value(inf, i);
if (itmp->x509) {
if (is_first) {
is_first = 0;
if (SSL_CTX_use_certificate(ctx, itmp->x509) <= 0) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_use_certificate failed", K(ssl_config.sign_cert_), K(ret));
}
} else {
if (SSL_CTX_add_extra_chain_cert(ctx, itmp->x509) <= 0) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_add_extra_chain_cert failed", K(ssl_config.sign_cert_), K(ret));
} else {
itmp->x509 = NULL;
}
}
}
}
//free bio allocate before
if (NULL != bio) {
BIO_free(bio);
}
bio = NULL;
if (OB_SUCC(ret)) {
RSA *rsa = NULL;
if (NULL == (bio = BIO_new_mem_buf((void*)ssl_config.sign_private_key_, -1))) {
ret = OB_ALLOCATE_MEMORY_FAILED;
COMMON_LOG(ERROR, "BIO_new_mem_buf for sign_private_key failed", K(ssl_config.sign_private_key_), K(ret));
} else if (NULL == (rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, 0, NULL))) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "PEM_read_bio_RSAPrivateKey failed", K(ssl_config.sign_private_key_), K(ret));
} else if (SSL_CTX_use_RSAPrivateKey(ctx, rsa) <= 0) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_use_RSAPrivateKey failed", K(ssl_config.sign_private_key_), K(ret));
}
if (OB_FAIL(ret)) {
if (NULL != rsa) {
RSA_free(rsa);
}
}
}
}
if (NULL != inf) {
sk_X509_INFO_pop_free(inf, X509_INFO_free);
}
if (NULL != bio) {
BIO_free(bio);
}
return ret;
}
static int ob_ssl_load_cert_and_pkey(SSL_CTX* ctx, const ObSSLConfig& ssl_config)
{
int ret = OB_SUCCESS;
if (ssl_config.is_from_file_) {
if (ssl_config.is_sm_) {
} else {
if (SSL_CTX_use_certificate_chain_file(ctx, ssl_config.sign_cert_) <= 0) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_use_certificate_chain_file failed", K(ssl_config.sign_cert_), K(ret));
} else if (SSL_CTX_use_PrivateKey_file(ctx, ssl_config.sign_private_key_, SSL_FILETYPE_PEM) <= 0) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_use_PrivateKey_file failed", K(ssl_config.sign_private_key_), K(ret));
} else if (SSL_CTX_check_private_key(ctx) <= 0) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_check_private_key failed", K(ERR_error_string(ERR_get_error(), NULL)), K(ret));
}
}
} else {
if (ssl_config.is_sm_) {
} else {
if (OB_FAIL(ob_ssl_load_cert_and_pkey_for_intl_memory(ctx, ssl_config))) {
COMMON_LOG(WARN, "ob_ssl_load_cert_and_pkey_for_intl_memory failed", K(ret));
} else if (SSL_CTX_check_private_key(ctx) <= 0) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_check_private_key failed", K(ret), K(ERR_error_string(ERR_get_error(), NULL)));
}
}
}
return ret;
}
static SSL_CTX* ob_ssl_create_ssl_ctx(const ObSSLConfig& ssl_config)
{
int ret = OB_SUCCESS;
SSL_CTX *ctx = NULL;
if (ssl_config.is_sm_) {
} else {
ctx = SSL_CTX_new(SSLv23_method());
}
if (NULL == ctx) {
ret = OB_ALLOCATE_MEMORY_FAILED;
COMMON_LOG(ERROR, "SSL_CTX_new failed", K(ret));
} else if (SSL_CTX_set_cipher_list(ctx, (ssl_config.is_sm_ ? baba_tls_ciphers_list : tls_ciphers_list)) <= 0) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_CTX_set_cipher_list failed", K(ret), K(ssl_config.is_sm_), K(ERR_error_string(ERR_get_error(), NULL)));
} else if (OB_FAIL(ob_ssl_set_verify_mode_and_load_CA(ctx, ssl_config))) {
COMMON_LOG(WARN, "ob_ssl_set_verify_mode_and_load_CA failed", K(ret));
} else if (OB_FAIL(ob_ssl_load_cert_and_pkey(ctx, ssl_config))) {
COMMON_LOG(WARN, "ob_ssl_load_cert_and_pkey for client failed", K(ret));
} else {
/* client side options */
SSL_CTX_set_options(ctx, SSL_OP_MICROSOFT_SESS_ID_BUG);
SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG);
SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
/* server side options */
SSL_CTX_set_options(ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
SSL_CTX_set_options(ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
#endif
/* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
SSL_CTX_set_options(ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
SSL_CTX_set_options(ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
SSL_CTX_set_options(ctx, SSL_OP_TLS_D5_BUG);
SSL_CTX_set_options(ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_read_ahead(ctx, 1);
}
return ctx;
}
static int ob_ssl_ctx_reconfigure(int ctx_id, int ctx_role, SSL_CTX* ssl_ctx)
{
int ret = OB_SUCCESS;
SSL_CTX* ssl_ctx_temp = NULL;
if (NULL == (ssl_ctx_temp = gs_ssl_ctx_array[ctx_id][ctx_role])) {
gs_ssl_ctx_array[ctx_id][ctx_role] = ssl_ctx;
} else {
SSL_CTX_free(ssl_ctx_temp);
gs_ssl_ctx_array[ctx_id][ctx_role] = ssl_ctx;
}
return ret;
}
void ob_fd_disable_ssl(int fd)
{
SSL* ssl = gs_ssl_array[fd].ssl;
gs_ssl_array[fd].ssl = NULL;
gs_ssl_array[fd].hand_shake_done = 0;
if (OB_LIKELY(NULL == ssl)) {
} else {
int n = 0;
int mode = 0;
mode = SSL_RECEIVED_SHUTDOWN | SSL_SENT_SHUTDOWN;
SSL_set_shutdown(ssl, mode);
ERR_clear_error();
SSL_shutdown(ssl);
SSL_free(ssl);
}
}
int ob_ssl_load_config(int ctx_id, const ObSSLConfig& ssl_config)
{
int ret = OB_SUCCESS;
static int is_inited = 0;
SSL_CTX *client_ssl_ctx = NULL;
SSL_CTX *server_ssl_ctx = NULL;
if (ctx_id >= OB_SSL_CTX_ID_MAX) {
ret = OB_SIZE_OVERFLOW;
COMMON_LOG(ERROR, "ctx_id is beyond limit", K(ret), K(ctx_id), K(OB_SSL_CTX_ID_MAX));
} else {
if (!is_inited) {
memset(gs_ssl_ctx_array, 0, sizeof(gs_ssl_ctx_array));
memset(&gs_ssl_array, 0, sizeof(gs_ssl_array));
SSL_library_init();
SSL_load_error_strings();
ENGINE_load_builtin_engines();
OpenSSL_add_all_algorithms();
is_inited = 1;
}
if (OB_FAIL(ob_ssl_config_check(ssl_config))) {
COMMON_LOG(WARN, "ob_ssl_config_check failed", K(ctx_id), K(ret));
} else if (OB_ISNULL(client_ssl_ctx = ob_ssl_create_ssl_ctx(ssl_config))) {
COMMON_LOG(WARN, "ob_ssl_create_client_ctx failed", K(ctx_id), K(ret));
} else if (OB_ISNULL(server_ssl_ctx = ob_ssl_create_ssl_ctx(ssl_config))) {
COMMON_LOG(WARN, "ob_ssl_create_server_ctx failed", K(ctx_id), K(ret));
} else {
SpinWLockGuard guard(gs_ssl_array_lock);
if (OB_FAIL(ob_ssl_ctx_reconfigure(ctx_id, OB_SSL_ROLE_SERVER, server_ssl_ctx))) {
COMMON_LOG(WARN, "ob_ssl_ctx_reconfigure for server failed", K(ctx_id), K(ret));
} else if (OB_FAIL(ob_ssl_ctx_reconfigure(ctx_id, OB_SSL_ROLE_CLIENT, client_ssl_ctx))) {
COMMON_LOG(WARN, "ob_ssl_ctx_reconfigure for client failed", K(ctx_id), K(ret));
}
}
}
return ret;
}
int ob_fd_enable_ssl_for_server(int fd, int ctx_id)
{
int ret = OB_SUCCESS;
SSL_CTX *ctx = NULL;
SpinRLockGuard guard(gs_ssl_array_lock);
if (ctx_id >= OB_SSL_CTX_ID_MAX || fd >= FD_MAX) {
ret = OB_SIZE_OVERFLOW;
COMMON_LOG(ERROR, "ctx_id or fd is beyond limit", K(ret), K(fd), K(FD_MAX), K(ctx_id));
} else if (OB_ISNULL(ctx = gs_ssl_ctx_array[ctx_id][OB_SSL_ROLE_SERVER])) {
ret = OB_NOT_INIT;
COMMON_LOG(WARN, "SSL_CTX is null", K(ret), K(fd), K(ctx_id));
} else {
SSL* ssl = NULL;
if (OB_ISNULL(ssl = SSL_new(ctx))) {
ret = OB_ALLOCATE_MEMORY_FAILED;
COMMON_LOG(WARN, "SSL_new failed", K(ret), K(fd), K(ctx_id));
} else if (0 == SSL_set_fd(ssl, fd)) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_set_fd failed", K(ret), K(fd), K(ctx_id));
} else {
SSL_set_accept_state(ssl);
ATOMIC_STORE(&(gs_ssl_array[fd].ssl), ssl);
}
if (OB_FAIL(ret)) {
if (NULL != ssl) {
SSL_free(ssl);
}
}
}
return ret;
}
int ob_fd_enable_ssl_for_client(int fd, int ctx_id) {
int ret = OB_SUCCESS;
SSL_CTX *ctx = NULL;
SpinRLockGuard guard(gs_ssl_array_lock);
if (ctx_id >= OB_SSL_CTX_ID_MAX || fd >= FD_MAX) {
ret = OB_SIZE_OVERFLOW;
COMMON_LOG(ERROR, "ctx_id or fd is beyond limit", K(ret), K(fd), K(FD_MAX), K(ctx_id));
} else if (OB_ISNULL(ctx = gs_ssl_ctx_array[ctx_id][OB_SSL_ROLE_CLIENT])) {
ret = OB_NOT_INIT;
COMMON_LOG(WARN, "SSL_CTX is null", K(ret), K(fd), K(ctx_id));
} else {
SSL* ssl = NULL;
if (OB_ISNULL(ssl = SSL_new(ctx))) {
ret = OB_ALLOCATE_MEMORY_FAILED;
COMMON_LOG(WARN, "SSL_new failed", K(ret), K(fd), K(ctx_id));
} else if (0 == SSL_set_fd(ssl, fd)) {
ret = OB_ERR_UNEXPECTED;
COMMON_LOG(WARN, "SSL_set_fd failed", K(ret), K(fd), K(ctx_id));
} else {
SSL_set_connect_state(ssl);
ATOMIC_STORE(&(gs_ssl_array[fd].ssl), ssl);
}
if (OB_FAIL(ret)) {
if (NULL != ssl) {
SSL_free(ssl);
}
}
}
return ret;
}
ssize_t ob_read_regard_ssl(int fd, void *buf, size_t nbytes)
{
ssize_t rbytes = 0;
SSL* ssl = NULL;
if (OB_LIKELY(NULL == (ssl = gs_ssl_array[fd].ssl))) {
rbytes = read(fd, buf, nbytes);
} else {
if (OB_UNLIKELY(0 == gs_ssl_array[fd].hand_shake_done)) {
ERR_clear_error();
int ssl_ret = SSL_do_handshake(ssl);
if (ssl_ret > 0) {
rbytes = -1;
errno = EINTR;
gs_ssl_array[fd].hand_shake_done = 1;
COMMON_LOG(INFO, "SSL_do_handshake succ", K(fd));
} else {
int err = SSL_get_error(ssl, ssl_ret);
if (SSL_ERROR_WANT_READ == err) {
rbytes = -1;
errno = EAGAIN;
} else if (SSL_ERROR_WANT_WRITE == err) {
rbytes = -1;
errno = EIO;
COMMON_LOG(ERROR, "SSL_do_handshake want write in reading process", K(fd));
} else {
rbytes = -1;
errno = EIO;
COMMON_LOG(WARN, "SSL_do_handshake failed", K(fd), K(ERR_error_string(ERR_get_error(), NULL)));
}
}
} else {
ERR_clear_error();
rbytes = SSL_read(ssl, buf, nbytes);
if (rbytes <= 0) {
int ssl_error = 0;
ssl_error = SSL_get_error(ssl, rbytes);
if (SSL_ERROR_WANT_READ == ssl_error) {
rbytes = -1;
errno = EAGAIN;
} else if (SSL_ERROR_WANT_WRITE == ssl_error) {
rbytes = -1;
errno = EIO;
COMMON_LOG(ERROR, "SSL_read want write, maybe peer started SSL renegotiation", K(fd));
} else if (SSL_ERROR_ZERO_RETURN == ssl_error) {
/* connection shutdown by peer*/
rbytes = 0;
COMMON_LOG(WARN, "SSL_read return SSL_ERROR_ZERO_RETURN, peer shutdown", K(fd));
} else {
rbytes = -1;
errno = EIO;
COMMON_LOG(ERROR, "SSL_read failed", K(fd), K(ERR_error_string(ERR_get_error(), NULL)));
}
}
}
}
return rbytes;
}
ssize_t ob_write_regard_ssl(int fd, const void *buf, size_t nbytes)
{
ssize_t wbytes = 0;
SSL* ssl = NULL;
if (OB_LIKELY(NULL == (ssl = gs_ssl_array[fd].ssl))) {
wbytes = write(fd, buf, nbytes);
} else {
if (OB_UNLIKELY(0 == gs_ssl_array[fd].hand_shake_done)) {
ERR_clear_error();
int ssl_ret = SSL_do_handshake(ssl);
if (ssl_ret > 0) {
wbytes = -1;
errno = EINTR;
gs_ssl_array[fd].hand_shake_done = 1;
COMMON_LOG(INFO, "SSL_do_handshake succ", K(fd));
} else {
int err = SSL_get_error(ssl, ssl_ret);
if (SSL_ERROR_WANT_WRITE == err || SSL_ERROR_WANT_READ == err) {
wbytes = -1;
errno = EAGAIN;
} else {
wbytes = -1;
errno = EIO;
COMMON_LOG(ERROR, "SSL_do_handshake failed", K(fd), K(ERR_error_string(ERR_get_error(), NULL)));
}
}
} else {
ERR_clear_error();
if (0 < (wbytes = SSL_write(ssl, buf, nbytes))) {
} else {
wbytes = -1;
int ssl_error = 0;
ssl_error = SSL_get_error(ssl, wbytes);
if (SSL_ERROR_WANT_WRITE == ssl_error) {
errno = EAGAIN;
} else if (SSL_ERROR_WANT_READ == ssl_error) {
errno = EIO;
COMMON_LOG(ERROR, "SSL_write want read", K(fd));
} else {
errno = EIO;
COMMON_LOG(ERROR, "ssl write faild", K(fd), K(ERR_error_string(ERR_get_error(), NULL)));
}
}
}
}
return wbytes;
}
SSL* ob_fd_get_ssl_st(int fd)
{
return ATOMIC_LOAD(&(gs_ssl_array[fd].ssl));
}
}
}

45
deps/oblib/src/lib/ssl/ob_ssl_config.h vendored Normal file
View File

@ -0,0 +1,45 @@
#ifndef OB_SSL_CONFIG_H_
#define OB_SSL_CONFIG_H_
#include <stdint.h>
#include <openssl/ssl.h>
namespace oceanbase {
namespace common {
typedef struct ObSSLConfig {
ObSSLConfig(int is_from_file, int is_sm, const char* ca_cert, const char* sign_cert,
const char* sign_private_key, const char* enc_cert, const char* enc_private_key):
is_from_file_(is_from_file), is_sm_(is_sm), ca_cert_(ca_cert), sign_cert_(sign_cert),
sign_private_key_(sign_private_key), enc_cert_(enc_cert), enc_private_key_(enc_cert) {}
int is_from_file_;
int is_sm_;
const char* ca_cert_;
const char* sign_cert_;
const char* sign_private_key_;
const char* enc_cert_;
const char* enc_private_key_;
} ObSSLConfig;
enum OB_SSL_CTX_ID {
OB_SSL_CTX_ID_SQL_NIO,
OB_SSL_CTX_ID_MAX
};
enum OB_SSL_ROLE {
OB_SSL_ROLE_CLIENT,
OB_SSL_ROLE_SERVER,
OB_SSL_ROLE_MAX
};
int ob_ssl_load_config(int ctx_id, const ObSSLConfig& ssl_config);
int ob_fd_enable_ssl_for_server(int fd, int ctx_id);
int ob_fd_enable_ssl_for_client(int fd, int ctx_id);
void ob_fd_disable_ssl(int fd);
SSL* ob_fd_get_ssl_st(int fd);
ssize_t ob_read_regard_ssl(int fd, void *buf, size_t nbytes);
ssize_t ob_write_regard_ssl(int fd, const void *buf, size_t nbytes);
}
}
#endif

2
deps/oblib/src/rpc/frame/ob_net_easy.h vendored
View File

@ -18,6 +18,8 @@
#include "rpc/frame/ob_req_transport.h"
#include "rpc/obrpc/ob_listener.h"
#include "rpc/obrpc/ob_net_keepalive.h"
#include "lib/ssl/ob_ssl_config.h"
using namespace oceanbase::obrpc;
namespace oceanbase
{

13
deps/oblib/src/rpc/obmysql/ob_mysql_protocol_processor.cpp vendored
View File

@ -63,6 +63,19 @@ int ObMysqlProtocolProcessor::do_decode(ObSMConnection& conn, ObICSMemPool& pool
} else {
ObMySQLCapabilityFlags capability;
capability.capability_ = uint2korr(start);
/*
connection_phase_ state transition
(1)use ssl:
1.when tcp connection establised, the state is initialized as CPE_CONNECTED
2.if client decide to open ssl, after decode the first incomplete
login request packet, the state is changed to CPE_SSL_CONNECT, and the packet will be droped (not processed by processor)
3.after ssl handshake finished, after decode the complete login request
packet, the state changed to CPE_CONNECTED and deliver the packet to processor(ObMPConnect)
4.when complete the authentication operations, the state is changed to CPE_AUTHED
CPE_CONNECTED -> CPE_SSL_CONNECT -> CPE_CONNECTED -> CPE_AUTHED
(2)do not use ssl
CPE_CONNECTED -> CPE_AUTHED
*/
if (conn.is_in_connected_phase()) {
if (1 == capability.cap_flags_.OB_CLIENT_SSL) {
if (OB_FAIL(decode_sslr_body(pool, start, pktlen, pktseq, pkt))) {

4
deps/oblib/src/rpc/obmysql/ob_poc_sql_request_operator.cpp vendored
View File

@ -29,8 +29,8 @@ void* ObPocSqlRequestOperator::get_sql_session(ObRequest* req)
SSL* ObPocSqlRequestOperator::get_sql_ssl_st(ObRequest* req)
{
UNUSED(req);
SSL *ssl_st = NULL;
ObSqlSockSession* sess = (ObSqlSockSession*)req->get_server_handle_context();
SSL *ssl_st = sess->get_ssl_st();
return ssl_st;
}

48
deps/oblib/src/rpc/obmysql/ob_sql_nio.cpp vendored
View File

@ -220,9 +220,22 @@ private:
}
int do_read_fd(int64_t sz) {
int ret = OB_SUCCESS;
const int MAX_SSL_REQ_PKT_SIZE = 36;
while(remain() < sz && OB_SUCCESS == ret) {
int64_t rbytes = 0;
if ((rbytes = read(fd_, data_end_, buf_end_ - data_end_)) > 0) {
size_t read_size = 0;
if (OB_UNLIKELY(0 == consume_sz_)) {
/*
set read size for ssl, when client want to open ssl, it will send a 36 bytes
incomplete Login Request packet and then do SSL_connect, the data flow will be
like this |Login Request (36 bytes)|SSL handshake message|.To avoid read the SSL
handshake message by us, we read 36 bytes for the first packet.
*/
read_size = MAX_SSL_REQ_PKT_SIZE;
} else {
read_size = buf_end_ - data_end_;
}
if ((rbytes = ob_read_regard_ssl(fd_, data_end_, read_size)) > 0) {
data_end_ += rbytes;
} else if (0 == rbytes) {
LOG_INFO("read fd return EOF", K_(fd));
@ -292,7 +305,7 @@ private:
int64_t pos = 0;
while(pos < sz && OB_SUCCESS == ret) {
int64_t wbytes = 0;
if ((wbytes = write(fd, buf + pos, sz - pos)) >= 0) {
if ((wbytes = ob_write_regard_ssl(fd, buf + pos, sz - pos)) >= 0) {
pos += wbytes;
} else if (EAGAIN == errno || EWOULDBLOCK == errno) {
LOG_INFO("write return EAGAIN");
@ -331,6 +344,7 @@ public:
void do_close() {
if (fd_ >= 0) {
ob_fd_disable_ssl(fd_);
close(fd_);
read_buffer_.set_fd(-1);
fd_ = -1;
@ -368,7 +382,7 @@ public:
int64_t pos = 0;
while(pos < sz && OB_SUCCESS == ret) {
int64_t wbytes = 0;
if ((wbytes = write(fd_, buf + pos, sz - pos)) >= 0) {
if ((wbytes = ob_write_regard_ssl(fd_, buf + pos, sz - pos)) >= 0) {
pos += wbytes;
LOG_DEBUG("write fd", K(wbytes));
} else if (EAGAIN == errno || EWOULDBLOCK == errno) {
@ -384,6 +398,7 @@ public:
last_write_time_ = ObTimeUtility::current_time();
return ret;
}
const rpc::TraceId* get_trace_id() const {
ObSqlSockSession* sess = (ObSqlSockSession *)sess_;
return &(sess->sql_req_.get_trace_id());
@ -416,6 +431,8 @@ public:
void set_shutdown() { ATOMIC_STORE(&need_shutdown_, true); }
bool need_shutdown() const { return ATOMIC_LOAD(&need_shutdown_); }
void shutdown() { ::shutdown(fd_, SHUT_RD); }
int set_ssl_enabled();
SSL* get_ssl_st();
public:
ObDLink dlink_;
ObDLink all_list_link_;
@ -439,6 +456,20 @@ public:
char sess_[3000] __attribute__((aligned(16)));
};
int ObSqlSock::set_ssl_enabled()
{
int ret = OB_SUCCESS;
if (OB_FAIL(ob_fd_enable_ssl_for_server(fd_, OB_SSL_CTX_ID_SQL_NIO))) {
LOG_WARN("sqlnio enable ssl for server failed", K(ret), K(fd_));
}
return ret;
}
SSL* ObSqlSock::get_ssl_st()
{
return ob_fd_get_ssl_st(fd_);
}
static struct epoll_event *__make_epoll_event(struct epoll_event *event, uint32_t event_flag, void* val) {
event->events = event_flag;
event->data.ptr = val;
@ -942,5 +973,16 @@ void ObSqlNio::async_write_data(void* sess, const char* buf, int64_t sz)
sock->get_nio_impl().push_write_req(sock);
}
int ObSqlNio::set_ssl_enabled(void* sess)
{
ObSqlSock* sock = sess2sock(sess);
return sock->set_ssl_enabled();
}
SSL* ObSqlNio::get_ssl_st(void* sess)
{
ObSqlSock* sock = sess2sock(sess);
return sock->get_ssl_st();
}
}; // end namespace obmysql
}; // end namespace oceanbase

3
deps/oblib/src/rpc/obmysql/ob_sql_nio.h vendored
View File

@ -15,6 +15,7 @@
#include <pthread.h>
#include <stdint.h>
#include "lib/thread/threads.h"
#include "lib/ssl/ob_ssl_config.h"
namespace oceanbase
{
@ -43,6 +44,8 @@ public:
void set_sql_session_info(void* sess, void* sql_session);
void set_shutdown(void* sess);
void shutdown(void* sess);
int set_ssl_enabled(void* sess);
SSL* get_ssl_st(void* sess);
private:
void run(int64_t idx);
private:

4
deps/oblib/src/rpc/obmysql/ob_sql_sock_handler.cpp vendored
View File

@ -11,10 +11,9 @@
*/
#define USING_LOG_PREFIX RPC_OBMYSQL
#include "rpc/frame/ob_req_deliver.h"
#include "rpc/obmysql/ob_sql_sock_handler.h"
#include "rpc/frame/ob_req_deliver.h"
#include "rpc/obmysql/ob_sql_sock_processor.h"
#include "rpc/obmysql/ob_sql_sock_session.h"
namespace oceanbase
{
@ -149,6 +148,5 @@ int ObSqlSockHandler::on_readable(void* udata)
return ret;
}
}; // end namespace obmysql
}; // end namespace oceanbase

3
deps/oblib/src/rpc/obmysql/ob_sql_sock_handler.h vendored
View File

@ -14,7 +14,7 @@
#define OCEANBASE_OBMYSQL_OB_SQL_SOCK_HANDLER_H_
#include "rpc/obmysql/ob_i_sm_conn_callback.h"
#include "rpc/obmysql/ob_i_sql_sock_handler.h"
#include "rpc/obmysql/ob_sql_sock_processor.h"
#include "rpc/obmysql/ob_sql_sock_session.h"
namespace oceanbase
{
@ -23,6 +23,7 @@ namespace frame { class ObReqDeliver;};
};
namespace obmysql
{
class ObSqlSockProcessor;
class ObSqlNio;
class ObSqlSockHandler: public ObISqlSockHandler
{

7
deps/oblib/src/rpc/obmysql/ob_sql_sock_processor.cpp vendored
View File

@ -60,6 +60,13 @@ int ObSqlSockProcessor::decode_sql_packet(ObSqlSockSession& sess, rpc::ObPacket*
LOG_WARN("do_decode fail", K(ret));
} else if (NULL == pkt) {
// try read more
} else if (conn.is_in_ssl_connect_phase()) {
ret_pkt = NULL;
sess.set_last_pkt_sz(consume_sz);
if (OB_FAIL(sess.set_ssl_enabled())) {
LOG_WARN("sql nio enable ssl for server failed", K(ret));
}
break;
} else if (!conn.is_in_authed_phase()) {
ret_pkt = pkt;
sess.set_last_pkt_sz(consume_sz);

10
deps/oblib/src/rpc/obmysql/ob_sql_sock_session.cpp vendored
View File

@ -161,5 +161,15 @@ void ObSqlSockSession::set_sql_session_info(void* sess)
nio_.set_sql_session_info((void *)this, sess);
}
int ObSqlSockSession::set_ssl_enabled()
{
return nio_.set_ssl_enabled((void *)this);
}
SSL* ObSqlSockSession::get_ssl_st()
{
return nio_.get_ssl_st((void *)this);
}
}; // end namespace obmysql
}; // end namespace oceanbase

2
deps/oblib/src/rpc/obmysql/ob_sql_sock_session.h vendored
View File

@ -59,6 +59,8 @@ public:
int on_disconnect();
void clear_sql_session_info();
void set_sql_session_info(void* sess);
int set_ssl_enabled();
SSL* get_ssl_st();
ObSqlNio& nio_;
ObISMConnectionCallback& sm_conn_cb_;
rpc::ObRequest sql_req_;

5
src/observer/mysql/obsm_conn_callback.cpp
View File

@ -92,14 +92,15 @@ static int sm_conn_build_handshake(ObSMConnection& conn, obmysql::OMPKHandshake&
int ret = OB_SUCCESS;
RLOCAL(common::ObMysqlRandom, thread_scramble_rand);
hsp.set_thread_id(conn.sessid_);
hsp.set_ssl_cap(false);
const bool support_ssl = GCONF.ssl_client_authentication;
hsp.set_ssl_cap(support_ssl);
const int64_t BUF_LEN = sizeof(conn.scramble_buf_);
if (OB_FAIL(create_scramble_string(conn.scramble_buf_, BUF_LEN, thread_scramble_rand))) {
LOG_WARN("create scramble string failed", K(ret));
} else if (OB_FAIL(hsp.set_scramble(conn.scramble_buf_, BUF_LEN))) {
LOG_WARN("set scramble failed", K(ret));
} else {
LOG_INFO("new mysql sessid created", K(conn.sessid_));
LOG_INFO("new mysql sessid created", K(conn.sessid_), K(support_ssl));
}
return ret;
}

11
src/observer/ob_srv_network_frame.cpp
View File

@ -21,6 +21,7 @@
#include "observer/ob_server_struct.h"
#include "observer/ob_rpc_intrusion_detect.h"
#include "storage/ob_locality_manager.h"
#include "lib/ssl/ob_ssl_config.h"
#include <sys/types.h>
#include <sys/stat.h>
#include "storage/ob_locality_manager.h"
@ -366,6 +367,16 @@ int ObSrvNetworkFrame::reload_ssl_config()
last_ssl_info_hash_ = new_hash_value;
LOG_INFO("finish reload_ssl_config", K(use_bkmi), K(use_bkmi), K(use_sm),
"ssl_key_expired_time", GCTX.ssl_key_expired_time_, K(new_hash_value));
if (OB_SUCC(ret)) {
if (enable_new_sql_nio()) {
common::ObSSLConfig ssl_config(!use_bkmi, use_sm, ca_cert, public_cert, private_key, NULL, NULL);
if (OB_FAIL(ob_ssl_load_config(OB_SSL_CTX_ID_SQL_NIO, ssl_config))) {
LOG_WARN("create ssl ctx failed!", K(ret));
} else {
LOG_INFO("create ssl ctx success!", K(use_bkmi), K(use_sm));
}
}
}
}
}
}

2
src/share/parameter/ob_parameter_seed.ipp
View File

@ -1253,7 +1253,7 @@ DEF_TIME(ob_query_switch_leader_retry_timeout, OB_TENANT_PARAMETER, "0ms", "[0ms
DEF_BOOL(default_enable_extended_rowid, OB_TENANT_PARAMETER, "false",
"specifies whether to create table as extended rowid mode or not",
ObParameterAttr(Section::OBSERVER, Source::DEFAULT, EditLevel::DYNAMIC_EFFECTIVE));
DEF_BOOL(_enable_new_sql_nio, OB_CLUSTER_PARAMETER, "false",
DEF_BOOL(_enable_new_sql_nio, OB_CLUSTER_PARAMETER, "true",
"specifies whether SQL serial network is turned on. Turned on to support mysql_send_long_data"
"The default value is FALSE. Value: TRUE: turned on FALSE: turned off",
ObParameterAttr(Section::OBSERVER, Source::DEFAULT, EditLevel::STATIC_EFFECTIVE));

8
src/sql/engine/cmd/ob_alter_system_executor.cpp
View File

@ -37,6 +37,7 @@
#include "observer/omt/ob_tenant.h" //ObTenant
#include "rootserver/freeze/ob_major_freeze_helper.h" //ObMajorFreezeHelper
#include "share/ob_primary_standby_service.h" // ObPrimaryStandbyService
#include "rpc/obmysql/ob_sql_sock_session.h"
namespace oceanbase
{
using namespace common;
@ -1573,13 +1574,8 @@ int ObChangeTenantExecutor::execute(ObExecContext &ctx, ObChangeTenantStmt &stmt
} else {
// switch connection
if (OB_SUCC(ret)) {
rpc::ObSqlSockDesc& sock_desc = session_info->get_sock_desc();
easy_connection_t* easy_conn = nullptr;
observer::ObSMConnection* conn = nullptr;
if (OB_ISNULL((easy_conn = static_cast<easy_connection_t*>(sock_desc.sock_desc_)))) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("sock_desc is null", KR(ret), KPC(session_info));
} else if (OB_ISNULL(conn = static_cast<observer::ObSMConnection*>(easy_conn->user_data))) {
if (OB_ISNULL(conn = session_info->get_sm_connection())) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("connection is null", KR(ret), KPC(session_info));
} else {

25
src/sql/session/ob_basic_session_info.cpp
View File

@ -36,6 +36,7 @@
#include "share/rc/ob_tenant_base.h"
#include "pl/sys_package/ob_dbms_sql.h"
#include "pl/ob_pl_package_state.h"
#include "rpc/obmysql/ob_sql_sock_session.h"
using namespace oceanbase::common;
using namespace oceanbase::share;
@ -5816,5 +5817,29 @@ void ObBasicSessionInfo::on_revert_session()
K(sessid_), "backtrace", lbt());
}
observer::ObSMConnection *ObBasicSessionInfo::get_sm_connection()
{
observer::ObSMConnection *conn = nullptr;
rpc::ObSqlSockDesc &sock_desc = thread_data_.sock_desc_;
if (rpc::ObRequest::TRANSPORT_PROTO_EASY == sock_desc.type_) {
easy_connection_t* easy_conn = nullptr;
if (OB_ISNULL((easy_conn = static_cast<easy_connection_t *>(sock_desc.sock_desc_)))) {
LOG_ERROR("easy sock_desc is null");
} else {
conn = static_cast<observer::ObSMConnection*>(easy_conn->user_data);
}
} else if (rpc::ObRequest::TRANSPORT_PROTO_POC == sock_desc.type_) {
obmysql::ObSqlSockSession *sess = nullptr;
if (OB_ISNULL(sess = static_cast<obmysql::ObSqlSockSession *>(sock_desc.sock_desc_))) {
LOG_ERROR("sql nio sock_desc is null");
} else {
conn = &sess->conn_;
}
}
else {
LOG_ERROR("invalid sock_desc type", K(sock_desc.type_));
}
return conn;
}
}//end of namespace sql
}//end of namespace oceanbase

5
src/sql/session/ob_basic_session_info.h
View File

@ -47,6 +47,9 @@
namespace oceanbase
{
namespace observer {
class ObSMConnection;
}
using sql::FLTControlInfo;
namespace sql
{
@ -683,7 +686,7 @@ public:
const common::ObString &get_user_at_host() const { return thread_data_.user_at_host_name_;}
const common::ObString &get_user_at_client_ip() const { return thread_data_.user_at_client_ip_;}
rpc::ObSqlSockDesc& get_sock_desc() { return thread_data_.sock_desc_;}
observer::ObSMConnection *get_sm_connection();
void set_peer_addr(common::ObAddr peer_addr)
{
LockGuard lock_guard(thread_data_mutex_);