viotcpip.c BitKeeper file /home/tonu/bk/mysql-4.0/vio/viotcpip.c

/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB

   This program is free software; you can redistribute it and/or modify

   it under the terms of the GNU General Public License as published by

   the Free Software Foundation; either version 2 of the License, or

   (at your option) any later version.

   This program is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License

   along with this program; if not, write to the Free Software

   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */

/*

  Note that we can't have assertion on file descriptors;  The reason for

  this is that during mysql shutdown, another thread can close a file

  we are working on.  In this case we should just return read errors from

  the file descriptior.

*/

#define DONT_MAP_VIO

#include <global.h>

#include <errno.h>

#include <assert.h>

#include <vio.h>

#include <my_sys.h>

#include <my_net.h>

#include <m_string.h>

#ifdef HAVE_POLL

#include <sys/poll.h>

#endif

#ifdef HAVE_SYS_IOCTL_H

#include <sys/ioctl.h>

#endif

#if defined(__EMX__)

#define ioctlsocket ioctl

#endif	/* defined(__EMX__) */

#if defined(MSDOS) || defined(__WIN__)

#ifdef __WIN__

#undef errno

#undef EINTR

#undef EAGAIN

#define errno WSAGetLastError()

#define EINTR  WSAEINTR

#define EAGAIN WSAEINPROGRESS

#endif /* __WIN__ */

#define O_NONBLOCK 1    /* For emulation of fcntl() */

#endif

#ifndef EWOULDBLOCK

#define EWOULDBLOCK EAGAIN

#endif

/*

 * Helper to fill most of the st_vio* with defaults.

 */

void vio_reset(st_vio* vio, enum enum_vio_type type,

		      my_socket sd, HANDLE hPipe,

		      my_bool localhost)

{

  bzero((char*) vio, sizeof(st_vio));

  vio->type	= type;

  vio->sd	= sd;

  vio->hPipe	= hPipe;

  vio->localhost= localhost;

#ifdef HAVE_VIO

if(type == VIO_TYPE_SSL){

	vio->viodelete	=vio_ssl_delete;

	vio->vioerrno	=vio_ssl_errno;

	vio->read	=vio_ssl_read;

	vio->write	=vio_ssl_write;

	vio->fastsend	=vio_ssl_fastsend;

	vio->viokeepalive=vio_ssl_keepalive;

	vio->should_retry=vio_ssl_should_retry;

	vio->vioclose	=vio_ssl_close;

	vio->peer_addr	=vio_ssl_peer_addr;

	vio->in_addr	=vio_ssl_in_addr;

	vio->poll_read	=vio_ssl_poll_read;

} else { /* default is VIO_TYPE_TCPIP */

	vio->viodelete	=vio_delete;

	vio->vioerrno	=vio_errno;

	vio->read	=vio_read;

	vio->write	=vio_write;

	vio->fastsend	=vio_fastsend;

	vio->viokeepalive=vio_keepalive;

	vio->should_retry=vio_should_retry;

	vio->vioclose	=vio_close;

	vio->peer_addr	=vio_peer_addr;

	vio->in_addr	=vio_in_addr;

	vio->poll_read	=vio_poll_read;

}

#endif /* HAVE_VIO */

}

/* Open the socket or TCP/IP connection and read the fnctl() status */

st_vio *vio_new(my_socket sd, enum enum_vio_type type, my_bool localhost)

{

  st_vio *vio;

  DBUG_ENTER("vio_new");

  DBUG_PRINT("enter", ("sd=%d", sd));

  if ((vio = (st_vio*) my_malloc(sizeof(*vio),MYF(MY_WME))))

  {

    vio_reset(vio, type, sd, 0, localhost);

    sprintf(vio->desc,

	    (vio->type == VIO_TYPE_SOCKET ? "socket (%d)" : "TCP/IP (%d)"),

	    vio->sd);

#if !defined(___WIN__) && !defined(__EMX__)

#if !defined(NO_FCNTL_NONBLOCK)

    vio->fcntl_mode = fcntl(sd, F_GETFL);

#elif defined(HAVE_SYS_IOCTL_H)			/* hpux */

    /* Non blocking sockets doesn't work good on HPUX 11.0 */

    (void) ioctl(sd,FIOSNBIO,0);

#endif

#else /* !defined(__WIN__) && !defined(__EMX__) */

    {

      /* set to blocking mode by default */

      ulong arg=0, r;

      r = ioctlsocket(sd,FIONBIO,(void*) &arg, sizeof(arg));

    }

#endif

  }

  DBUG_RETURN(vio);

}

#ifdef __WIN__

st_vio *vio_new_win32pipe(HANDLE hPipe)

{

  st_vio *vio;

  DBUG_ENTER("vio_new_handle");

  if ((vio = (st_vio*) my_malloc(sizeof(st_vio),MYF(MY_WME))))

  {

    vio_reset(vio, VIO_TYPE_NAMEDPIPE, 0, hPipe, TRUE);

    strmov(vio->desc, "named pipe");

  }

  DBUG_RETURN(vio);

}

#endif

/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB

   This library is free software; you can redistribute it and/or

   modify it under the terms of the GNU Library General Public

   License as published by the Free Software Foundation; either

   version 2 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

   Library General Public License for more details.

   You should have received a copy of the GNU Library General Public

   License along with this library; if not, write to the Free

   Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,

   MA 02111-1307, USA */

/*

  Note that we can't have assertion on file descriptors;  The reason for

  this is that during mysql shutdown, another thread can close a file

  we are working on.  In this case we should just return read errors from

  the file descriptior.

*/

#include <global.h>

#include <errno.h>

#include <assert.h>

#include <vio.h>

#include <my_sys.h>

#include <my_net.h>

#include <m_string.h>

#ifdef HAVE_POLL

#include <sys/poll.h>

#endif

#ifdef HAVE_SYS_IOCTL_H

#include <sys/ioctl.h>

#endif

#if defined(__EMX__)

#define ioctlsocket ioctl

#endif	/* defined(__EMX__) */

#if defined(MSDOS) || defined(__WIN__)

#ifdef __WIN__

#undef errno

#undef EINTR

#undef EAGAIN

#define errno WSAGetLastError()

#define EINTR  WSAEINTR

#define EAGAIN WSAEINPROGRESS

#endif /* __WIN__ */

#define O_NONBLOCK 1    /* For emulation of fcntl() */

#endif

#ifndef EWOULDBLOCK

#define EWOULDBLOCK EAGAIN

#endif

#ifndef __WIN__

#define HANDLE void *

#endif

#ifdef HAVE_OPENSSL

void vio_ssl_delete(st_vio * vio)

{

  /* It must be safe to delete null pointers. */

  /* This matches the semantics of C++'s delete operator. */

  if (vio)

  {

    if (vio->type != VIO_CLOSED)

      vio_close(vio);

    my_free((gptr) vio,MYF(0));

  }

}

int vio_ssl_errno(st_vio *vio __attribute__((unused)))

{

  return errno;			/* On Win32 this mapped to WSAGetLastError() */

}

int vio_ssl_read(st_vio * vio, gptr buf, int size)

{

  int r;

  DBUG_ENTER("vio_ssl_read");

  DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size));

  assert(vio->ssl_!= 0);

  r = SSL_read(vio->ssl_, buf, size);

#ifndef DBUG_OFF

  if ( r< 0)

    report_errors();

#endif /* DBUG_OFF */

  DBUG_PRINT("exit", ("%d", r));

  DBUG_RETURN(r);

}

int vio_ssl_write(st_vio * vio, const gptr buf, int size)

{

  int r;

  DBUG_ENTER("vio_ssl_write");

  DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size));

  assert(vio->ssl_!=0);

  r = SSL_write(vio->ssl_, buf, size);

#ifndef DBUG_OFF

  if (r<0)

    report_errors();

#endif /* DBUG_OFF */

  DBUG_PRINT("exit", ("%d", r));

  DBUG_RETURN(r);

}

int vio_ssl_fastsend(st_vio * vio __attribute__((unused)))

{

  int r=0;

  DBUG_ENTER("vio_ssl_fastsend");

#ifdef IPTOS_THROUGHPUT

  {

#ifndef __EMX__

    int tos = IPTOS_THROUGHPUT;

    if (!setsockopt(vio->sd, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(tos)))

#endif				/* !__EMX__ */

    {

      int nodelay = 1;

      if (setsockopt(vio->sd, IPPROTO_TCP, TCP_NODELAY, (void *) &nodelay,

		     sizeof(nodelay))) {

	DBUG_PRINT("warning",

		   ("Couldn't set socket option for fast send"));

	r= -1;

      }

    }

  }

#endif	/* IPTOS_THROUGHPUT */

  DBUG_PRINT("exit", ("%d", r));

  DBUG_RETURN(r);

}

int vio_ssl_keepalive(st_vio* vio, my_bool set_keep_alive)

{

  int r=0;

  uint opt = 0;

  DBUG_ENTER("vio_ssl_keepalive");

  DBUG_PRINT("enter", ("sd=%d, set_keep_alive=%d", vio->sd, (int)

		       set_keep_alive));

  if (vio->type != VIO_TYPE_NAMEDPIPE)

  {

    if (set_keep_alive)

      opt = 1;

    r = setsockopt(vio->sd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt,

		   sizeof(opt));

  }

  DBUG_RETURN(r);

}

my_bool

vio_ssl_should_retry(st_vio * vio __attribute__((unused)))

{

  int en = errno;

  return en == EAGAIN || en == EINTR || en == EWOULDBLOCK;

}

int vio_ssl_close(st_vio * vio)

{

  int r;

  DBUG_ENTER("vio_ssl_close");

  r=0;

  if (vio->ssl_)

  {

    r = SSL_shutdown(vio->ssl_);

    SSL_free(vio->ssl_);

    vio->ssl_= 0;

    vio->bio_ = 0;

  }

  if (shutdown(vio->sd,2))

    r= -1;

  if (closesocket(vio->sd))

    r= -1;

  if (r)

  {

    DBUG_PRINT("error", ("close() failed, error: %d",errno));

    /* FIXME: error handling (not critical for MySQL) */

  }

  vio->type= VIO_CLOSED;

  vio->sd=   -1;

  DBUG_RETURN(r);

}

const char *vio_ssl_description(st_vio * vio)

{

  return vio->desc;

}

enum enum_vio_type vio_ssl_type(st_vio* vio)

{

  return vio->type;

}

my_socket vio_ssl_fd(st_vio* vio)

{

  return vio->sd;

}

my_bool vio_ssl_peer_addr(st_vio * vio, char *buf)

{

  DBUG_ENTER("vio_ssl_peer_addr");

  DBUG_PRINT("enter", ("sd=%d", vio->sd));

  if (vio->localhost)

  {

    strmov(buf,"127.0.0.1");

  }

  else

  {

    size_socket addrLen = sizeof(struct sockaddr);

    if (getpeername(vio->sd, (struct sockaddr *) (& (vio->remote)),

		    &addrLen) != 0)

    {

      DBUG_PRINT("exit", ("getpeername, error: %d", errno));

      DBUG_RETURN(1);

    }

    /* FIXME */

/*    my_inet_ntoa(vio->remote.sin_addr,buf); */

  }

  DBUG_PRINT("exit", ("addr=%s", buf));

  DBUG_RETURN(0);

}

void vio_ssl_in_addr(st_vio *vio, struct in_addr *in)

{

  DBUG_ENTER("vio_ssl_in_addr");

  if (vio->localhost)

    bzero((char*) in, sizeof(*in));	/* This should never be executed */

  else

    *in=vio->remote.sin_addr;

  DBUG_VOID_RETURN;

}

/* Return 0 if there is data to be read */

my_bool vio_ssl_poll_read(st_vio *vio,uint timeout)

{

#ifndef HAVE_POLL

  return 0;

#else

  struct pollfd fds;

  int res;

  DBUG_ENTER("vio_ssl_poll");

  fds.fd=vio->sd;

  fds.events=POLLIN;

  fds.revents=0;

  if ((res=poll(&fds,1,(int) timeout*1000)) <= 0)

  {

    DBUG_RETURN(res < 0 ? 0 : 1);		/* Don't return 1 on errors */

  }

  DBUG_RETURN(fds.revents & POLLIN ? 0 : 1);

#endif

}

static void

report_errors()

{

  unsigned long	l;

  const char*	file;

  const char*	data;

  int		line,flags;

  DBUG_ENTER("report_errors");

  while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)

  {

    char buf[200];

    DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),

			 file,line,(flags&ERR_TXT_STRING)?data:"")) ;

  }

  DBUG_VOID_RETURN;

}

/* FIXME: There are some duplicate code in 

 * sslaccept()/sslconnect() which maybe can be eliminated 

 */

struct st_vio *sslaccept(struct st_VioSSLAcceptorFd* ptr, struct st_vio* sd)

{

  DBUG_ENTER("sslaccept");

  DBUG_PRINT("enter", ("sd=%s ptr=%p", sd->desc,ptr));

  vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE);

  ptr->bio_=0;

  sd->ssl_=0;

  sd->open_=FALSE; 

  assert(sd != 0);

  assert(ptr != 0);

  assert(ptr->ssl_context_ != 0);

  if (!(sd->ssl_ = SSL_new(ptr->ssl_context_)))

  {

    DBUG_PRINT("error", ("SSL_new failure"));

    report_errors();

    DBUG_RETURN(sd);

  }

  if (!(ptr->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE)))

  {

    DBUG_PRINT("error", ("BIO_new_socket failure"));

    report_errors();

    SSL_free(sd->ssl_);

    sd->ssl_=0;

    DBUG_RETURN(sd);

  }

  SSL_set_bio(sd->ssl_, ptr->bio_, ptr->bio_);

  SSL_set_accept_state(sd->ssl_);

  sprintf(ptr->desc_, "VioSSL(%d)", sd->sd);

/*  sd->ssl_cip_ = SSL_get_cipher(sd->ssl_); */

  sd->open_ = TRUE;

  DBUG_RETURN(sd);

}

struct st_vio *sslconnect(struct st_VioSSLConnectorFd* ptr, struct st_vio* sd)

{

  DBUG_ENTER("sslconnect");

  DBUG_PRINT("enter", ("sd=%s ptr=%p ctx: %p", sd->desc,ptr,ptr->ssl_context_));

  vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE);

  ptr->bio_=0;

  sd->ssl_=0;

  sd->open_=FALSE; 

  assert(sd != 0);

  assert(ptr != 0);

  assert(ptr->ssl_context_ != 0);

  if (!(sd->ssl_ = SSL_new(ptr->ssl_context_)))

  {

    DBUG_PRINT("error", ("SSL_new failure"));

    report_errors();

    DBUG_RETURN(sd);

  }

  if (!(ptr->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE)))

  {

    DBUG_PRINT("error", ("BIO_new_socket failure"));

    report_errors();

    SSL_free(sd->ssl_);

    sd->ssl_=0;

    DBUG_RETURN(sd);

  }

  SSL_set_bio(sd->ssl_, ptr->bio_, ptr->bio_);

  SSL_set_connect_state(sd->ssl_);

/*  sprintf(ptr->desc_, "VioSSL(%d)", sd->sd); 

  sd->ssl_cip_ = SSL_get_cipher(sd->ssl_);*/

  sd->open_ = TRUE;

  DBUG_RETURN(sd);

}

#endif /* HAVE_OPENSSL */

#include <global.h>

#include <my_sys.h>

#include <vio.h>

#ifdef HAVE_OPENSSL

static bool     ssl_algorithms_added    = FALSE;

static bool     ssl_error_strings_loaded= FALSE;

static int      verify_depth = 0;

static int      verify_error = X509_V_OK;

static void

report_errors()

{

  unsigned long	l;

  const char*	file;

  const char*	data;

  int		line,flags;

  DBUG_ENTER("report_errors");

  while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)

  {

    char buf[200];

    DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),

			 file,line,(flags&ERR_TXT_STRING)?data:"")) ;

  }

  DBUG_VOID_RETURN;

}

static int

vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)

{

  DBUG_ENTER("vio_set_cert_stuff");

  DBUG_PRINT("enter", ("ctx=%p, cert_file=%p, key_file=%p",

		       ctx, cert_file, key_file));

  if (cert_file != NULL)

  {

    if (SSL_CTX_use_certificate_file(ctx,cert_file,SSL_FILETYPE_PEM) <= 0)

    {

      DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file));

      /* FIX stderr */

      ERR_print_errors_fp(stderr);

      DBUG_RETURN(0);

    }

    if (key_file == NULL)

      key_file = cert_file;

    if (SSL_CTX_use_PrivateKey_file(ctx,key_file,

				    SSL_FILETYPE_PEM) <= 0)

    {

      DBUG_PRINT("error", ("unable to get private key from '%s'\n",key_file));

      /* FIX stderr */

      ERR_print_errors_fp(stderr);

      DBUG_RETURN(0);

    }

    /* If we are using DSA, we can copy the parameters from

     * the private key */

    /* Now we know that a key and cert have been set against

     * the SSL context */

    if (!SSL_CTX_check_private_key(ctx))

    {

      DBUG_PRINT("error", ("Private key does not match the certificate public key\n"));

      DBUG_RETURN(0);

    }

  }

  DBUG_RETURN(1);

}

static int

vio_verify_callback(int ok, X509_STORE_CTX *ctx)

{

  char	buf[256];

  X509*	err_cert;

  int	err,depth;

  DBUG_ENTER("vio_verify_callback");

  DBUG_PRINT("enter", ("ok=%d, ctx=%p", ok, ctx));

  err_cert=X509_STORE_CTX_get_current_cert(ctx);

  err=	   X509_STORE_CTX_get_error(ctx);

  depth=   X509_STORE_CTX_get_error_depth(ctx);

  X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof(buf));

  if (!ok)

  {

    DBUG_PRINT("error",("verify error:num=%d:%s\n",err,

			X509_verify_cert_error_string(err)));

    if (verify_depth >= depth)

    {

      ok=1;

      verify_error=X509_V_OK;

    }

    else

    {

      ok=0;

      verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;

    }

  }

  switch (ctx->error) {

  case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

    X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);

    DBUG_PRINT("info",("issuer= %s\n",buf));

    break;

  case X509_V_ERR_CERT_NOT_YET_VALID:

  case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

    DBUG_PRINT("error", ("notBefore"));

    /*ASN1_TIME_print_fp(stderr,X509_get_notBefore(ctx->current_cert));*/

    break;

  case X509_V_ERR_CERT_HAS_EXPIRED:

  case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

    DBUG_PRINT("error", ("notAfter error"));

    /*ASN1_TIME_print_fp(stderr,X509_get_notAfter(ctx->current_cert));*/

    break;

  }

  DBUG_PRINT("exit", ("r=%d", ok));

  DBUG_RETURN(ok);

}

/************************ VioSSLConnectorFd **********************************/

struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file,

				     const char* cert_file,

				     const char* ca_file,

				     const char* ca_path)

{

  int	verify = SSL_VERIFY_PEER;

  struct st_VioSSLConnectorFd* ptr;

  DBUG_ENTER("new_VioSSLConnectorFd");

  DBUG_PRINT("enter",

	     ("key_file=%s, cert_file=%s, ca_path=%s, ca_file=%s",

	      key_file, cert_file, ca_path, ca_file));

  ptr=(struct st_VioSSLConnectorFd*)my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0));

  ptr->ssl_context_=0;

  ptr->ssl_method_=0;

  /* FIXME: constants! */

  if (!ssl_algorithms_added)

  {

    DBUG_PRINT("info", ("todo: SSLeay_add_ssl_algorithms()"));

    ssl_algorithms_added = TRUE;

    SSLeay_add_ssl_algorithms();

  }

  if (!ssl_error_strings_loaded)

  {

    DBUG_PRINT("info", ("todo:SSL_load_error_strings()"));

    ssl_error_strings_loaded = TRUE;

    SSL_load_error_strings();

  }

  ptr->ssl_method_ = SSLv3_client_method();

  ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);

  DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_));

  if (ptr->ssl_context_ == 0)

  {

    DBUG_PRINT("error", ("SSL_CTX_new failed"));

    report_errors();

    goto ctor_failure;

  }

  /*

   * SSL_CTX_set_options

   * SSL_CTX_set_info_callback

   * SSL_CTX_set_cipher_list

   */

  SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback);

  if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1)

  {

    DBUG_PRINT("error", ("vio_set_cert_stuff failed"));

    report_errors();

    goto ctor_failure;

  }

  if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path)==0)

  {

    DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));

    if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0)

    {

      DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));

      report_errors();

      goto ctor_failure;

    }

  }

  DBUG_RETURN(ptr);

ctor_failure:

  DBUG_PRINT("exit", ("there was an error"));

  DBUG_VOID_RETURN;

}

/************************ VioSSLAcceptorFd **********************************/

struct st_VioSSLAcceptorFd*

new_VioSSLAcceptorFd(const char*	key_file,

				   const char*	cert_file,

				   const char*	ca_file,

				   const char*	ca_path)

{

  int	verify = (SSL_VERIFY_PEER			|

		  SSL_VERIFY_FAIL_IF_NO_PEER_CERT	|

		  SSL_VERIFY_CLIENT_ONCE);

  struct st_VioSSLAcceptorFd* ptr;

  DBUG_ENTER("new_VioSSLAcceptorFd");

  DBUG_PRINT("enter",

	     ("key_file=%s, cert_file=%s, ca_path=%s, ca_file=%s",

	      key_file, cert_file, ca_path, ca_file));

  ptr=(struct st_VioSSLAcceptorFd*)my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0));

  ptr->ssl_context_=0;

  ptr->ssl_method_=0;

  /* FIXME: constants! */