Merge lp:~linuxjedi/drizzle/drizzle-libdrizzle-ssl into lp:drizzle
- drizzle-libdrizzle-ssl
- Merge into 7.2
Proposed by
Andrew Hutchings
| Status: | Merged |
|---|---|
| Approved by: | Brian Aker |
| Approved revision: | 2554 |
| Merged at revision: | 2555 |
| Proposed branch: | lp:~linuxjedi/drizzle/drizzle-libdrizzle-ssl |
| Merge into: | lp:drizzle |
| Diff against target: |
691 lines (+380/-53) 15 files modified
configure.ac (+1/-0) libdrizzle-1.0/constants.h (+6/-0) libdrizzle-1.0/drizzle.h (+10/-0) libdrizzle-1.0/drizzle_client.h (+1/-0) libdrizzle-1.0/handshake_client.h (+10/-0) libdrizzle-1.0/include.am (+5/-1) libdrizzle-1.0/return.h (+1/-0) libdrizzle-1.0/ssl.h (+49/-0) libdrizzle-1.0/structs.h (+4/-0) libdrizzle/conn.cc (+35/-17) libdrizzle/drizzle.cc (+14/-0) libdrizzle/handshake.cc (+108/-35) libdrizzle/ssl.cc (+83/-0) libdrizzle/state.h (+1/-0) m4/pandora_have_libssl.m4 (+52/-0) |
| To merge this branch: | bzr merge lp:~linuxjedi/drizzle/drizzle-libdrizzle-ssl |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Drizzle Trunk | Pending | ||
|
Review via email:
|
|||
Commit message
Description of the change
Adds SSL support to client side libdrizzle. Note that it will add openssl to the dependencies
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === modified file 'configure.ac' |
| 2 | --- configure.ac 2012-05-06 07:53:45 +0000 |
| 3 | +++ configure.ac 2012-05-14 06:07:23 +0000 |
| 4 | @@ -101,6 +101,7 @@ |
| 5 | PANDORA_REQUIRE_PTHREAD |
| 6 | PANDORA_REQUIRE_LIBUUID |
| 7 | PANDORA_REQUIRE_LIBZ |
| 8 | +PANDORA_REQUIRE_LIBSSL |
| 9 | PANDORA_REQUIRE_LIBPCRE |
| 10 | PANDORA_REQUIRE_LIBREADLINE |
| 11 | PANDORA_REQUIRE_LIBDL |
| 12 | |
| 13 | === modified file 'libdrizzle-1.0/constants.h' |
| 14 | --- libdrizzle-1.0/constants.h 2012-01-13 06:27:22 +0000 |
| 15 | +++ libdrizzle-1.0/constants.h 2012-05-14 06:07:23 +0000 |
| 16 | @@ -444,6 +444,12 @@ |
| 17 | DRIZZLE_COLUMN_FLAGS_RENAMED= (1 << 21) |
| 18 | }; |
| 19 | |
| 20 | +typedef enum |
| 21 | +{ |
| 22 | + DRIZZLE_SSL_STATE_NONE= 0, |
| 23 | + DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE |
| 24 | +} drizzle_ssl_state_t; |
| 25 | + |
| 26 | #ifndef __cplusplus |
| 27 | typedef enum drizzle_column_flags_t drizzle_column_flags_t; |
| 28 | #endif |
| 29 | |
| 30 | === modified file 'libdrizzle-1.0/drizzle.h' |
| 31 | --- libdrizzle-1.0/drizzle.h 2011-11-07 15:04:16 +0000 |
| 32 | +++ libdrizzle-1.0/drizzle.h 2012-05-14 06:07:23 +0000 |
| 33 | @@ -90,6 +90,8 @@ |
| 34 | # include <poll.h> |
| 35 | #endif |
| 36 | |
| 37 | +#include <openssl/ssl.h> |
| 38 | + |
| 39 | #include <assert.h> |
| 40 | #include <errno.h> |
| 41 | |
| 42 | @@ -119,6 +121,14 @@ |
| 43 | */ |
| 44 | |
| 45 | /** |
| 46 | + * Intialize the Drizzle library |
| 47 | + * |
| 48 | + * Currently only initalizes the SSL library |
| 49 | + */ |
| 50 | +DRIZZLE_API |
| 51 | +void drizzle_library_init(void); |
| 52 | + |
| 53 | +/** |
| 54 | * Get library version string. |
| 55 | * |
| 56 | * @return Pointer to static buffer in library that holds the version string. |
| 57 | |
| 58 | === modified file 'libdrizzle-1.0/drizzle_client.h' |
| 59 | --- libdrizzle-1.0/drizzle_client.h 2012-04-16 03:42:10 +0000 |
| 60 | +++ libdrizzle-1.0/drizzle_client.h 2012-05-14 06:07:23 +0000 |
| 61 | @@ -53,6 +53,7 @@ |
| 62 | #include <libdrizzle-1.0/row_client.h> |
| 63 | #include <libdrizzle-1.0/field_client.h> |
| 64 | #include <libdrizzle-1.0/error.h> |
| 65 | +#include <libdrizzle-1.0/ssl.h> |
| 66 | |
| 67 | #ifdef __cplusplus |
| 68 | extern "C" { |
| 69 | |
| 70 | === modified file 'libdrizzle-1.0/handshake_client.h' |
| 71 | --- libdrizzle-1.0/handshake_client.h 2011-11-07 15:04:16 +0000 |
| 72 | +++ libdrizzle-1.0/handshake_client.h 2012-05-14 06:07:23 +0000 |
| 73 | @@ -75,6 +75,16 @@ |
| 74 | DRIZZLE_API |
| 75 | drizzle_return_t drizzle_handshake_client_write(drizzle_con_st *con); |
| 76 | |
| 77 | +/** |
| 78 | + * Write client SSL handshake packet to a server. |
| 79 | + * |
| 80 | + * @param[in] con Connection structure previously initialized with |
| 81 | + * drizzle_con_create(), drizzle_con_clone(), or related functions. |
| 82 | + * @return Standard drizzle return value. |
| 83 | + */ |
| 84 | +DRIZZLE_API |
| 85 | +drizzle_return_t drizzle_handshake_ssl_client_write(drizzle_con_st *con); |
| 86 | + |
| 87 | /** @} */ |
| 88 | |
| 89 | #ifdef __cplusplus |
| 90 | |
| 91 | === modified file 'libdrizzle-1.0/include.am' |
| 92 | --- libdrizzle-1.0/include.am 2012-04-16 03:42:10 +0000 |
| 93 | +++ libdrizzle-1.0/include.am 2012-05-14 06:07:23 +0000 |
| 94 | @@ -48,6 +48,8 @@ |
| 95 | -version-info \ |
| 96 | $(LIBDRIZZLE_LIBRARY_VERSION) |
| 97 | |
| 98 | +libdrizzle_1_0_libdrizzle_la_LIBADD= $(LIBSSL) |
| 99 | + |
| 100 | libdrizzle_1_0_libdrizzle_la_SOURCES= \ |
| 101 | libdrizzle/column.cc \ |
| 102 | libdrizzle/command.cc \ |
| 103 | @@ -62,7 +64,8 @@ |
| 104 | libdrizzle/result.cc \ |
| 105 | libdrizzle/row.cc \ |
| 106 | libdrizzle/sha1.cc \ |
| 107 | - libdrizzle/state.cc |
| 108 | + libdrizzle/state.cc \ |
| 109 | + libdrizzle/ssl.cc |
| 110 | |
| 111 | nobase_include_HEADERS+= libdrizzle-1.0/version.h |
| 112 | nobase_include_HEADERS+= \ |
| 113 | @@ -91,6 +94,7 @@ |
| 114 | libdrizzle-1.0/return.h \ |
| 115 | libdrizzle-1.0/row_client.h \ |
| 116 | libdrizzle-1.0/row_server.h \ |
| 117 | + libdrizzle-1.0/ssl.h \ |
| 118 | libdrizzle-1.0/structs.h \ |
| 119 | libdrizzle-1.0/verbose.h \ |
| 120 | libdrizzle-1.0/visibility.h |
| 121 | |
| 122 | === modified file 'libdrizzle-1.0/return.h' |
| 123 | --- libdrizzle-1.0/return.h 2012-01-13 06:27:22 +0000 |
| 124 | +++ libdrizzle-1.0/return.h 2012-05-14 06:07:23 +0000 |
| 125 | @@ -67,6 +67,7 @@ |
| 126 | DRIZZLE_RETURN_HANDSHAKE_FAILED, |
| 127 | DRIZZLE_RETURN_TIMEOUT, |
| 128 | DRIZZLE_RETURN_INVALID_ARGUMENT, |
| 129 | + DRIZZLE_RETURN_SSL_ERROR, |
| 130 | DRIZZLE_RETURN_MAX /* Always add new codes to the end before this one. */ |
| 131 | }; |
| 132 | |
| 133 | |
| 134 | === added file 'libdrizzle-1.0/ssl.h' |
| 135 | --- libdrizzle-1.0/ssl.h 1970-01-01 00:00:00 +0000 |
| 136 | +++ libdrizzle-1.0/ssl.h 2012-05-14 06:07:23 +0000 |
| 137 | @@ -0,0 +1,49 @@ |
| 138 | +/* |
| 139 | + * Drizzle Client & Protocol Library |
| 140 | + * |
| 141 | + * Copyright (C) 2012 Andrew Hutchings (andrew@linuxjedi.co.uk) |
| 142 | + * All rights reserved. |
| 143 | + * |
| 144 | + * Redistribution and use in source and binary forms, with or without |
| 145 | + * modification, are permitted provided that the following conditions are |
| 146 | + * met: |
| 147 | + * |
| 148 | + * * Redistributions of source code must retain the above copyright |
| 149 | + * notice, this list of conditions and the following disclaimer. |
| 150 | + * |
| 151 | + * * Redistributions in binary form must reproduce the above |
| 152 | + * copyright notice, this list of conditions and the following disclaimer |
| 153 | + * in the documentation and/or other materials provided with the |
| 154 | + * distribution. |
| 155 | + * |
| 156 | + * * The names of its contributors may not be used to endorse or |
| 157 | + * promote products derived from this software without specific prior |
| 158 | + * written permission. |
| 159 | + * |
| 160 | + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 161 | + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 162 | + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 163 | + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 164 | + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 165 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 166 | + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 167 | + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 168 | + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 169 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 170 | + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 171 | + * |
| 172 | + */ |
| 173 | + |
| 174 | +#pragma once |
| 175 | + |
| 176 | +#ifdef __cplusplus |
| 177 | +extern "C" { |
| 178 | +#endif |
| 179 | + |
| 180 | +DRIZZLE_API |
| 181 | +drizzle_return_t drizzle_set_ssl(drizzle_con_st *con, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher); |
| 182 | + |
| 183 | +#ifdef __cplusplus |
| 184 | +} |
| 185 | +#endif |
| 186 | + |
| 187 | |
| 188 | === modified file 'libdrizzle-1.0/structs.h' |
| 189 | --- libdrizzle-1.0/structs.h 2012-01-30 05:36:54 +0000 |
| 190 | +++ libdrizzle-1.0/structs.h 2012-05-14 06:07:23 +0000 |
| 191 | @@ -43,6 +43,7 @@ |
| 192 | #pragma once |
| 193 | |
| 194 | #include <sys/types.h> |
| 195 | +#include <openssl/ssl.h> |
| 196 | |
| 197 | #ifdef NI_MAXHOST |
| 198 | # define LIBDRIZZLE_NI_MAXHOST NI_MAXHOST |
| 199 | @@ -157,6 +158,9 @@ |
| 200 | char server_extra[DRIZZLE_MAX_SERVER_EXTRA_SIZE]; |
| 201 | drizzle_state_fn *state_stack[DRIZZLE_STATE_STACK_SIZE]; |
| 202 | char user[DRIZZLE_MAX_USER_SIZE]; |
| 203 | + SSL_CTX *ssl_context; |
| 204 | + SSL *ssl; |
| 205 | + drizzle_ssl_state_t ssl_state; |
| 206 | }; |
| 207 | |
| 208 | /** |
| 209 | |
| 210 | === modified file 'libdrizzle/conn.cc' |
| 211 | --- libdrizzle/conn.cc 2012-04-20 20:26:15 +0000 |
| 212 | +++ libdrizzle/conn.cc 2012-05-14 06:07:23 +0000 |
| 213 | @@ -1403,6 +1403,11 @@ |
| 214 | return DRIZZLE_RETURN_COULD_NOT_CONNECT; |
| 215 | } |
| 216 | |
| 217 | + if (con->ssl) |
| 218 | + { |
| 219 | + SSL_set_fd(con->ssl, con->fd); |
| 220 | + } |
| 221 | + |
| 222 | drizzle_state_pop(con); |
| 223 | } |
| 224 | |
| 225 | @@ -1510,7 +1515,11 @@ |
| 226 | { |
| 227 | size_t available_buffer= (size_t)DRIZZLE_MAX_BUFFER_SIZE - |
| 228 | ((size_t)(con->buffer_ptr - con->buffer) + con->buffer_size); |
| 229 | - read_size = recv(con->fd, (char *)con->buffer_ptr + con->buffer_size, |
| 230 | + |
| 231 | + if (con->ssl_state == DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE) |
| 232 | + read_size= SSL_read(con->ssl, (char*)con->buffer_ptr + con->buffer_size, available_buffer); |
| 233 | + else |
| 234 | + read_size = recv(con->fd, (char *)con->buffer_ptr + con->buffer_size, |
| 235 | available_buffer, 0); |
| 236 | #ifdef _WIN32 |
| 237 | errno = WSAGetLastError(); |
| 238 | @@ -1548,8 +1557,10 @@ |
| 239 | break; |
| 240 | } |
| 241 | #endif /* _WIN32 */ |
| 242 | - drizzle_log_crazy(con->drizzle, "read fd=%d return=%zd errno=%s", con->fd, |
| 243 | - read_size, strerror(errno)); |
| 244 | + drizzle_log_crazy(con->drizzle, "read fd=%d return=%zd ssl= %d errno=%s", |
| 245 | + con->fd, read_size, |
| 246 | + (con->ssl_state == DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE) ? 1 : 0, |
| 247 | + strerror(errno)); |
| 248 | |
| 249 | if (read_size == 0) |
| 250 | { |
| 251 | @@ -1629,8 +1640,10 @@ |
| 252 | |
| 253 | while (con->buffer_size != 0) |
| 254 | { |
| 255 | - |
| 256 | - write_size = send(con->fd,(char *) con->buffer_ptr, con->buffer_size, 0); |
| 257 | + if (con->ssl_state == DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE) |
| 258 | + write_size= SSL_write(con->ssl, con->buffer_ptr, con->buffer_size); |
| 259 | + else |
| 260 | + write_size = send(con->fd,(char *) con->buffer_ptr, con->buffer_size, 0); |
| 261 | |
| 262 | #ifdef _WIN32 |
| 263 | errno = WSAGetLastError(); |
| 264 | @@ -1669,8 +1682,10 @@ |
| 265 | } |
| 266 | #endif /* _WIN32 */ |
| 267 | |
| 268 | - drizzle_log_crazy(con->drizzle, "write fd=%d return=%zd errno=%s", con->fd, |
| 269 | - write_size, strerror(errno)); |
| 270 | + drizzle_log_crazy(con->drizzle, "write fd=%d return=%zd ssl=%d errno=%s", |
| 271 | + con->fd, write_size, |
| 272 | + (con->ssl_state == DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE) ? 1 : 0, |
| 273 | + strerror(errno)); |
| 274 | |
| 275 | if (write_size == 0) |
| 276 | { } |
| 277 | @@ -1944,18 +1959,21 @@ |
| 278 | ioctlsocket(con->fd, FIONBIO, &asyncmode); |
| 279 | } |
| 280 | #else |
| 281 | - ret= fcntl(con->fd, F_GETFL, 0); |
| 282 | - if (ret == -1) |
| 283 | + if (!con->ssl) |
| 284 | { |
| 285 | - drizzle_set_error(con->drizzle, __func__, "fcntl:F_GETFL:%s", strerror(errno)); |
| 286 | - return DRIZZLE_RETURN_ERRNO; |
| 287 | - } |
| 288 | + ret= fcntl(con->fd, F_GETFL, 0); |
| 289 | + if (ret == -1) |
| 290 | + { |
| 291 | + drizzle_set_error(con->drizzle, __func__, "fcntl:F_GETFL:%s", strerror(errno)); |
| 292 | + return DRIZZLE_RETURN_ERRNO; |
| 293 | + } |
| 294 | |
| 295 | - ret= fcntl(con->fd, F_SETFL, ret | O_NONBLOCK); |
| 296 | - if (ret == -1) |
| 297 | - { |
| 298 | - drizzle_set_error(con->drizzle, __func__, "fcntl:F_SETFL:%s", strerror(errno)); |
| 299 | - return DRIZZLE_RETURN_ERRNO; |
| 300 | + ret= fcntl(con->fd, F_SETFL, ret | O_NONBLOCK); |
| 301 | + if (ret == -1) |
| 302 | + { |
| 303 | + drizzle_set_error(con->drizzle, __func__, "fcntl:F_SETFL:%s", strerror(errno)); |
| 304 | + return DRIZZLE_RETURN_ERRNO; |
| 305 | + } |
| 306 | } |
| 307 | #endif |
| 308 | |
| 309 | |
| 310 | === modified file 'libdrizzle/drizzle.cc' |
| 311 | --- libdrizzle/drizzle.cc 2012-04-16 03:42:10 +0000 |
| 312 | +++ libdrizzle/drizzle.cc 2012-05-14 06:07:23 +0000 |
| 313 | @@ -67,6 +67,11 @@ |
| 314 | * Common Definitions |
| 315 | */ |
| 316 | |
| 317 | +void drizzle_library_init(void) |
| 318 | +{ |
| 319 | + SSL_library_init(); |
| 320 | +} |
| 321 | + |
| 322 | const char *drizzle_version(void) |
| 323 | { |
| 324 | return LIBDRIZZLE_VERSION_STRING; |
| 325 | @@ -457,6 +462,9 @@ |
| 326 | con->server_version[0]= 0; |
| 327 | /* con->state_stack doesn't need to be set */ |
| 328 | con->user[0]= 0; |
| 329 | + con->ssl_context= NULL; |
| 330 | + con->ssl= NULL; |
| 331 | + con->ssl_state= DRIZZLE_SSL_STATE_NONE; |
| 332 | |
| 333 | return con; |
| 334 | } |
| 335 | @@ -539,6 +547,12 @@ |
| 336 | if (con->next != NULL) |
| 337 | con->next->prev= con->prev; |
| 338 | |
| 339 | + if (con->ssl) |
| 340 | + SSL_free(con->ssl); |
| 341 | + |
| 342 | + if (con->ssl_context) |
| 343 | + SSL_CTX_free(con->ssl_context); |
| 344 | + |
| 345 | con->drizzle->con_count--; |
| 346 | |
| 347 | if (con->options & DRIZZLE_CON_ALLOCATED) |
| 348 | |
| 349 | === modified file 'libdrizzle/handshake.cc' |
| 350 | --- libdrizzle/handshake.cc 2011-12-28 21:59:11 +0000 |
| 351 | +++ libdrizzle/handshake.cc 2012-05-14 06:07:23 +0000 |
| 352 | @@ -63,6 +63,12 @@ |
| 353 | { |
| 354 | drizzle_state_push(con, drizzle_state_write); |
| 355 | drizzle_state_push(con, drizzle_state_handshake_client_write); |
| 356 | + |
| 357 | + if (con->ssl) |
| 358 | + { |
| 359 | + drizzle_state_push(con, drizzle_state_write); |
| 360 | + drizzle_state_push(con, drizzle_state_handshake_ssl_client_write); |
| 361 | + } |
| 362 | } |
| 363 | |
| 364 | return drizzle_state_loop(con); |
| 365 | @@ -226,6 +232,11 @@ |
| 366 | drizzle_state_push(con, drizzle_state_packet_read); |
| 367 | drizzle_state_push(con, drizzle_state_write); |
| 368 | drizzle_state_push(con, drizzle_state_handshake_client_write); |
| 369 | + if (con->ssl) |
| 370 | + { |
| 371 | + drizzle_state_push(con, drizzle_state_write); |
| 372 | + drizzle_state_push(con, drizzle_state_handshake_ssl_client_write); |
| 373 | + } |
| 374 | } |
| 375 | |
| 376 | return DRIZZLE_RETURN_OK; |
| 377 | @@ -491,42 +502,9 @@ |
| 378 | return DRIZZLE_RETURN_OK; |
| 379 | } |
| 380 | |
| 381 | -drizzle_return_t drizzle_state_handshake_client_write(drizzle_con_st *con) |
| 382 | +int drizzle_compile_capabilities(drizzle_con_st *con) |
| 383 | { |
| 384 | - uint8_t *ptr; |
| 385 | int capabilities; |
| 386 | - drizzle_return_t ret; |
| 387 | - |
| 388 | - if (con == NULL) |
| 389 | - { |
| 390 | - return DRIZZLE_RETURN_INVALID_ARGUMENT; |
| 391 | - } |
| 392 | - drizzle_log_debug(con->drizzle, "drizzle_state_handshake_client_write"); |
| 393 | - |
| 394 | - /* Calculate max packet size. */ |
| 395 | - con->packet_size= 4 /* Capabilities */ |
| 396 | - + 4 /* Max packet size */ |
| 397 | - + 1 /* Charset */ |
| 398 | - + 23 /* Unused */ |
| 399 | - + strlen(con->user) + 1 |
| 400 | - + 1 /* Scramble size */ |
| 401 | - + DRIZZLE_MAX_SCRAMBLE_SIZE |
| 402 | - + strlen(con->db) + 1; |
| 403 | - |
| 404 | - /* Assume the entire handshake packet will fit in the buffer. */ |
| 405 | - if ((con->packet_size + 4) > DRIZZLE_MAX_BUFFER_SIZE) |
| 406 | - { |
| 407 | - drizzle_set_error(con->drizzle, "drizzle_state_handshake_client_write", |
| 408 | - "buffer too small:%zu", con->packet_size + 4); |
| 409 | - return DRIZZLE_RETURN_INTERNAL_ERROR; |
| 410 | - } |
| 411 | - |
| 412 | - ptr= con->buffer_ptr; |
| 413 | - |
| 414 | - /* Store packet size at the end since it may change. */ |
| 415 | - ptr[3]= con->packet_number; |
| 416 | - con->packet_number++; |
| 417 | - ptr+= 4; |
| 418 | |
| 419 | if (con->options & DRIZZLE_CON_MYSQL) |
| 420 | con->capabilities|= DRIZZLE_CAPABILITIES_PROTOCOL_41; |
| 421 | @@ -550,10 +528,69 @@ |
| 422 | capabilities|= int(DRIZZLE_CAPABILITIES_PLUGIN_AUTH); |
| 423 | } |
| 424 | |
| 425 | - capabilities&= ~(int(DRIZZLE_CAPABILITIES_COMPRESS) | int(DRIZZLE_CAPABILITIES_SSL)); |
| 426 | + if (con->ssl) |
| 427 | + { |
| 428 | + capabilities|= int(DRIZZLE_CAPABILITIES_SSL); |
| 429 | + } |
| 430 | + |
| 431 | + capabilities&= ~(int(DRIZZLE_CAPABILITIES_COMPRESS)); |
| 432 | if (con->db[0] == 0) |
| 433 | capabilities&= ~int(DRIZZLE_CAPABILITIES_CONNECT_WITH_DB); |
| 434 | |
| 435 | + return capabilities; |
| 436 | +} |
| 437 | + |
| 438 | +drizzle_return_t drizzle_state_handshake_client_write(drizzle_con_st *con) |
| 439 | +{ |
| 440 | + uint8_t *ptr; |
| 441 | + int capabilities; |
| 442 | + int ssl_ret; |
| 443 | + drizzle_return_t ret; |
| 444 | + |
| 445 | + if (con == NULL) |
| 446 | + { |
| 447 | + return DRIZZLE_RETURN_INVALID_ARGUMENT; |
| 448 | + } |
| 449 | + drizzle_log_debug(con->drizzle, "drizzle_state_handshake_client_write"); |
| 450 | + |
| 451 | + if (con->ssl) |
| 452 | + { |
| 453 | + ssl_ret= SSL_connect(con->ssl); |
| 454 | + if (ssl_ret != 1) |
| 455 | + { |
| 456 | + drizzle_set_error(con->drizzle, "drizzle_state_handshake_client_write", "SSL error: %d", SSL_get_error(con->ssl, ssl_ret)); |
| 457 | + return DRIZZLE_RETURN_SSL_ERROR; |
| 458 | + } |
| 459 | + con->ssl_state= DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE; |
| 460 | + } |
| 461 | + |
| 462 | + /* Calculate max packet size. */ |
| 463 | + con->packet_size= 4 /* Capabilities */ |
| 464 | + + 4 /* Max packet size */ |
| 465 | + + 1 /* Charset */ |
| 466 | + + 23 /* Unused */ |
| 467 | + + strlen(con->user) + 1 |
| 468 | + + 1 /* Scramble size */ |
| 469 | + + DRIZZLE_MAX_SCRAMBLE_SIZE |
| 470 | + + strlen(con->db) + 1; |
| 471 | + |
| 472 | + /* Assume the entire handshake packet will fit in the buffer. */ |
| 473 | + if ((con->packet_size + 4) > DRIZZLE_MAX_BUFFER_SIZE) |
| 474 | + { |
| 475 | + drizzle_set_error(con->drizzle, "drizzle_state_handshake_client_write", |
| 476 | + "buffer too small:%zu", con->packet_size + 4); |
| 477 | + return DRIZZLE_RETURN_INTERNAL_ERROR; |
| 478 | + } |
| 479 | + |
| 480 | + ptr= con->buffer_ptr; |
| 481 | + |
| 482 | + /* Store packet size at the end since it may change. */ |
| 483 | + ptr[3]= con->packet_number; |
| 484 | + con->packet_number++; |
| 485 | + ptr+= 4; |
| 486 | + |
| 487 | + capabilities= drizzle_compile_capabilities(con); |
| 488 | + |
| 489 | drizzle_set_byte4(ptr, capabilities); |
| 490 | ptr+= 4; |
| 491 | |
| 492 | @@ -588,6 +625,42 @@ |
| 493 | return DRIZZLE_RETURN_OK; |
| 494 | } |
| 495 | |
| 496 | +drizzle_return_t drizzle_state_handshake_ssl_client_write(drizzle_con_st *con) |
| 497 | +{ |
| 498 | + uint8_t *ptr; |
| 499 | + int capabilities; |
| 500 | + |
| 501 | + drizzle_log_debug(con->drizzle, "drizzle_state_handshake_ssl_client_write"); |
| 502 | + |
| 503 | + /* SSL handshake packet structure */ |
| 504 | + con->packet_size= 4 /* Capabilities */ |
| 505 | + + 4 /* Max packet size */ |
| 506 | + + 1 /* Charset */ |
| 507 | + + 23; /* Padding unused bytes */ |
| 508 | + |
| 509 | + ptr= con->buffer_ptr; |
| 510 | + drizzle_set_byte3(ptr, con->packet_size); |
| 511 | + ptr[3]= con->packet_number; |
| 512 | + con->packet_number++; |
| 513 | + ptr+= 4; |
| 514 | + |
| 515 | + capabilities= drizzle_compile_capabilities(con); |
| 516 | + drizzle_set_byte4(ptr, capabilities); |
| 517 | + ptr+= 4; |
| 518 | + drizzle_set_byte4(ptr, con->max_packet_size); |
| 519 | + ptr+= 4; |
| 520 | + |
| 521 | + ptr[0]= con->charset; |
| 522 | + |
| 523 | + con->buffer_size+= con->packet_size + 4; |
| 524 | + ptr++; |
| 525 | + |
| 526 | + memset(ptr, 0, 23); |
| 527 | + |
| 528 | + drizzle_state_pop(con); |
| 529 | + return DRIZZLE_RETURN_OK; |
| 530 | +} |
| 531 | + |
| 532 | drizzle_return_t drizzle_state_handshake_result_read(drizzle_con_st *con) |
| 533 | { |
| 534 | if (con == NULL) |
| 535 | |
| 536 | === added file 'libdrizzle/ssl.cc' |
| 537 | --- libdrizzle/ssl.cc 1970-01-01 00:00:00 +0000 |
| 538 | +++ libdrizzle/ssl.cc 2012-05-14 06:07:23 +0000 |
| 539 | @@ -0,0 +1,83 @@ |
| 540 | +/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab: |
| 541 | + * |
| 542 | + * Drizzle Client & Protocol Library |
| 543 | + * |
| 544 | + * Copyright (C) 2012 Andrew Hutchings (andrew@linuxjedi.co.uk) |
| 545 | + * All rights reserved. |
| 546 | + * |
| 547 | + * Redistribution and use in source and binary forms, with or without |
| 548 | + * modification, are permitted provided that the following conditions are |
| 549 | + * met: |
| 550 | + * |
| 551 | + * * Redistributions of source code must retain the above copyright |
| 552 | + * notice, this list of conditions and the following disclaimer. |
| 553 | + * |
| 554 | + * * Redistributions in binary form must reproduce the above |
| 555 | + * copyright notice, this list of conditions and the following disclaimer |
| 556 | + * in the documentation and/or other materials provided with the |
| 557 | + * distribution. |
| 558 | + * |
| 559 | + * * The names of its contributors may not be used to endorse or |
| 560 | + * promote products derived from this software without specific prior |
| 561 | + * written permission. |
| 562 | + * |
| 563 | + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 564 | + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 565 | + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 566 | + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 567 | + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 568 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 569 | + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 570 | + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 571 | + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 572 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 573 | + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 574 | + * |
| 575 | + */ |
| 576 | + |
| 577 | +#include <libdrizzle/common.h> |
| 578 | + |
| 579 | +drizzle_return_t drizzle_set_ssl(drizzle_con_st *con, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher) |
| 580 | +{ |
| 581 | + con->ssl_context= SSL_CTX_new(TLSv1_client_method()); |
| 582 | + |
| 583 | + if (cipher) |
| 584 | + { |
| 585 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot set the SSL cipher list"); |
| 586 | + return DRIZZLE_RETURN_SSL_ERROR; |
| 587 | + } |
| 588 | + |
| 589 | + if (SSL_CTX_load_verify_locations(con->ssl_context, ca, capath) != 1) |
| 590 | + { |
| 591 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL certificate authority file"); |
| 592 | + return DRIZZLE_RETURN_SSL_ERROR; |
| 593 | + } |
| 594 | + |
| 595 | + if (cert) |
| 596 | + { |
| 597 | + if (SSL_CTX_use_certificate_file(con->ssl_context, cert, SSL_FILETYPE_PEM) != 1) |
| 598 | + { |
| 599 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL certificate file"); |
| 600 | + return DRIZZLE_RETURN_SSL_ERROR; |
| 601 | + } |
| 602 | + |
| 603 | + if (!key) |
| 604 | + key= cert; |
| 605 | + |
| 606 | + if (SSL_CTX_use_PrivateKey_file(con->ssl_context, key, SSL_FILETYPE_PEM) != 1) |
| 607 | + { |
| 608 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL key file"); |
| 609 | + return DRIZZLE_RETURN_SSL_ERROR; |
| 610 | + } |
| 611 | + |
| 612 | + if (SSL_CTX_check_private_key(con->ssl_context) != 1) |
| 613 | + { |
| 614 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Error validating the SSL private key"); |
| 615 | + return DRIZZLE_RETURN_SSL_ERROR; |
| 616 | + } |
| 617 | + } |
| 618 | + |
| 619 | + con->ssl= SSL_new(con->ssl_context); |
| 620 | + |
| 621 | + return DRIZZLE_RETURN_OK; |
| 622 | +} |
| 623 | |
| 624 | === modified file 'libdrizzle/state.h' |
| 625 | --- libdrizzle/state.h 2011-12-28 21:59:11 +0000 |
| 626 | +++ libdrizzle/state.h 2012-05-14 06:07:23 +0000 |
| 627 | @@ -79,6 +79,7 @@ |
| 628 | drizzle_return_t drizzle_state_handshake_server_write(drizzle_con_st *con); |
| 629 | drizzle_return_t drizzle_state_handshake_client_read(drizzle_con_st *con); |
| 630 | drizzle_return_t drizzle_state_handshake_client_write(drizzle_con_st *con); |
| 631 | +drizzle_return_t drizzle_state_handshake_ssl_client_write(drizzle_con_st *con); |
| 632 | drizzle_return_t drizzle_state_handshake_result_read(drizzle_con_st *con); |
| 633 | |
| 634 | /* Functions in command.c */ |
| 635 | |
| 636 | === added file 'm4/pandora_have_libssl.m4' |
| 637 | --- m4/pandora_have_libssl.m4 1970-01-01 00:00:00 +0000 |
| 638 | +++ m4/pandora_have_libssl.m4 2012-05-14 06:07:23 +0000 |
| 639 | @@ -0,0 +1,52 @@ |
| 640 | +dnl Copyright (C) 2009 Sun Microsystems, Inc. |
| 641 | +dnl This file is free software; Sun Microsystems, Inc. |
| 642 | +dnl gives unlimited permission to copy and/or distribute it, |
| 643 | +dnl with or without modifications, as long as this notice is preserved. |
| 644 | + |
| 645 | +#-------------------------------------------------------------------- |
| 646 | +# Check for openssl |
| 647 | +#-------------------------------------------------------------------- |
| 648 | + |
| 649 | + |
| 650 | +AC_DEFUN([_PANDORA_SEARCH_LIBSSL],[ |
| 651 | + AC_REQUIRE([AC_LIB_PREFIX]) |
| 652 | + |
| 653 | + AC_LIB_HAVE_LINKFLAGS(ssl,, |
| 654 | + [ |
| 655 | + #include <openssl/ssl.h> |
| 656 | + ],[ |
| 657 | + SSL_CTX *ctx; |
| 658 | + ctx= SSL_CTX_new(TLSv1_client_method()); |
| 659 | + ]) |
| 660 | + |
| 661 | + AM_CONDITIONAL(HAVE_LIBSSL, [test "x${ac_cv_libssl}" = "xyes"]) |
| 662 | +]) |
| 663 | + |
| 664 | +AC_DEFUN([_PANDORA_HAVE_LIBSSL],[ |
| 665 | + |
| 666 | + AC_ARG_ENABLE([libssl], |
| 667 | + [AS_HELP_STRING([--disable-libssl], |
| 668 | + [Build with libssl support @<:@default=on@:>@])], |
| 669 | + [ac_enable_libssl="$enableval"], |
| 670 | + [ac_enable_libssl="yes"]) |
| 671 | + |
| 672 | + _PANDORA_SEARCH_LIBSSL |
| 673 | +]) |
| 674 | + |
| 675 | + |
| 676 | +AC_DEFUN([PANDORA_HAVE_LIBSSL],[ |
| 677 | + AC_REQUIRE([_PANDORA_HAVE_LIBSSL]) |
| 678 | +]) |
| 679 | + |
| 680 | +AC_DEFUN([_PANDORA_REQUIRE_LIBSSL],[ |
| 681 | + ac_enable_libssl="yes" |
| 682 | + _PANDORA_SEARCH_LIBSSL |
| 683 | + |
| 684 | + AS_IF([test x$ac_cv_libssl = xno],[ |
| 685 | + PANDORA_MSG_ERROR([libssl is required for ${PACKAGE}. On Debian this can be found in libssl-dev. On RedHat this can be found in openssl-devel.]) |
| 686 | + ]) |
| 687 | +]) |
| 688 | + |
| 689 | +AC_DEFUN([PANDORA_REQUIRE_LIBSSL],[ |
| 690 | + AC_REQUIRE([_PANDORA_REQUIRE_LIBSSL]) |
| 691 | +]) |
