diff --git a/builds/install/arch-specific/linux/makeInstallImage.sh.in b/builds/install/arch-specific/linux/makeInstallImage.sh.in index 894e377a36..390bfb6426 100644 --- a/builds/install/arch-specific/linux/makeInstallImage.sh.in +++ b/builds/install/arch-specific/linux/makeInstallImage.sh.in @@ -208,12 +208,15 @@ copyFiles() { ReadOnlyTree ${TargetDir}@FB_SAMPLEDIR@ chmod 0664 ${TargetDir}@FB_SAMPLEDBDIR@/*.fdb - chmod 0755 ${TargetDir}@FB_SAMPLEDIR@/prebuilt/bin/* #plugins samples makeDirs ${TargetDir}@FB_SAMPLEDIR@/prebuilt - cp $BuiltFBDir/plugins/*_example.so ${TargetDir}@FB_SAMPLEDIR@/prebuilt/plugins + cp $BuiltFBDir/plugins/*fbSample* ${TargetDir}@FB_SAMPLEDIR@/prebuilt/plugins + cp $BuiltFBDir/bin/*fbSample* ${TargetDir}@FB_SAMPLEDIR@/prebuilt/bin chmod 0644 ${TargetDir}@FB_SAMPLEDIR@/prebuilt/plugins/* + + # exec bit for sample binaries + chmod 0755 ${TargetDir}@FB_SAMPLEDIR@/prebuilt/bin/* fi #QLI help @@ -255,7 +258,7 @@ copyFiles() { chmod 0755 ${TargetDir}@FB_LIBDIR@/*.so* #plugins - (cd $BuiltFBDir/plugins;tar cf - --exclude='*_example.so' .) | (cd ${TargetDir}@FB_PLUGDIR@; tar xvf -) + (cd $BuiltFBDir/plugins;tar cf - --exclude='*fbSample*' .) | (cd ${TargetDir}@FB_PLUGDIR@; tar xvf -) for file in `find ${TargetDir}@FB_PLUGDIR@ -name '*.so*' -print`; do chmod 0755 ${file} diff --git a/builds/posix/Makefile.in.examples b/builds/posix/Makefile.in.examples index d87bb832ec..d184d2a1a4 100644 --- a/builds/posix/Makefile.in.examples +++ b/builds/posix/Makefile.in.examples @@ -82,7 +82,7 @@ EMPLOYEE_DB= $(EXAMPLES_DEST)/employee.fdb FINAL_EMPDB= $(EXAMPLES_FB)/empbuild/employee.fdb INTLEMP_DB= $(EXAMPLES_DEST)/intlemp.fdb -EXTAUTH_PLUGIN= $(EXAMPLES_FB)/prebuilt/libExtAuth.$(SHRLIB_EXT) +EXTAUTH_PLUGIN= $(EXAMPLES_FB)/prebuilt/libfbSampleExtAuth.$(SHRLIB_EXT) .PHONY: all examples @@ -92,7 +92,7 @@ all: examples examples: $(FINAL_EMPDB) $(EXAMPLES_FB)/README $(EXTAUTH_PLUGIN) $(EXTAUTH_PLUGIN): $(EXAMPLES_FB)/extauth/Makefile - make -C $(EXAMPLES_FB)/extauth OUT=$(EXAMPLES_FB)/prebuilt INTERMED=$(TMP_ROOT)/examples/extauth + $(MAKE) -C $(EXAMPLES_FB)/extauth OUT=$(EXAMPLES_FB)/prebuilt INTERMED=$(TMP_ROOT)/examples/extauth $(EXAMPLES_FB)/extauth/Makefile: ifeq ($(TOMCRYPT_BUILD_FLG),Y) diff --git a/builds/posix/Makefile.in.plugins_examples b/builds/posix/Makefile.in.plugins_examples index 93fbfb17f0..989e80da0a 100644 --- a/builds/posix/Makefile.in.plugins_examples +++ b/builds/posix/Makefile.in.plugins_examples @@ -73,27 +73,29 @@ endif DC_Objects = $(call makeObjects,../examples/dbcrypt,DbCrypt.cpp) -DC_Plugin = $(call makePluginName,DbCrypt_example) +DC_Plugin = $(call makePluginName,fbSampleDbCrypt) AllObjects += $(DC_Objects) dc_example: $(DC_Plugin) $(DC_Plugin): $(DC_Objects) $(LINK_PLUGIN) $(call LIB_LINK_SONAME,$(notdir $@).0) -o $@ $^ $(LINK_PLUG_LIBS) $(FIREBIRD_LIBRARY_LINK) + $(CP) $(EXA_ROOT)/dbcrypt/fbSampleDbCrypt.conf $(PLUGINS) KH_Objects = $(call makeObjects,../examples/dbcrypt,CryptKeyHolder.cpp) -KH_Plugin = $(call makePluginName,CryptKeyHolder_example) +KH_Plugin = $(call makePluginName,fbSampleKeyHolder) AllObjects += $(KH_Objects) kh_example: $(KH_Plugin) $(KH_Plugin): $(KH_Objects) $(LINK_PLUGIN) $(call LIB_LINK_SONAME,$(notdir $@).0) -o $@ $^ $(LINK_PLUG_LIBS) $(FIREBIRD_LIBRARY_LINK) + $(CP) $(EXA_ROOT)/dbcrypt/fbSampleKeyHolder.conf $(PLUGINS) CA_Objects = $(call makeObjects,../examples/dbcrypt,CryptApplication.cpp) -CRYPT_APP = $(BIN)/cryptAppSample$(EXEC_EXT) +CRYPT_APP = $(BIN)/fbSampleDbCryptApp$(EXEC_EXT) AllObjects += $(CA_Objects) crypt_app: $(CRYPT_APP) diff --git a/examples/dbcrypt/ReadMe.txt b/examples/dbcrypt/ReadMe.txt index 90ad08f808..dc77390074 100644 --- a/examples/dbcrypt/ReadMe.txt +++ b/examples/dbcrypt/ReadMe.txt @@ -5,19 +5,19 @@ Brief description of the sample. -Sample contains 3 components - DbCrypt plugin, KeyHolder plugin and application, which can pass -crypt key to server. Plugins do not perform any real encryption (XOR with single byte hardly can -be treated as encryption though makes database useless without crypt plugin), key is sent between -components in plain form - they just demonstrate what calls in plugins should be done and what -methods should be implemented in order for plugin to start to work. +Sample contains 3 components - fbSampleDbCrypt plugin, fbSampleKeyHolder plugin and application, +which can pass crypt key to server. Plugins do not perform any real encryption (XOR with single +byte hardly can be treated as encryption) though makes database useless without crypt plugin, +key is sent between components in plain form - they just demonstrate what calls in plugins +should be done and what methods should be implemented in order for plugin to start to work. Depending upon settings in configuration file plugins may use different ways to manage encryption -key. DbCrypt's configuration file may contain following parameters: +key. fbSampleDbCrypt's configuration file may contain following parameters: Auto - boolean value, when FALSE plugin queries KeyHolder plugin for key value (this is default), when TRUE get key value from "Value" configuration parameter. Value - integer value (lower byte is actually used), used in "Auto" mode as key value (default 90). -CryptKeyHolder's configuration file may contain following parameters: +fbSampleKeyHolder's configuration file may contain following parameters: Auto - boolean value, when FALSE plugin queries client application for key value (this is default), when TRUE get key value from configuration file by name or use default (90) for unnamed key. Key{Name} - integer value, a key with name "Name" (i.e. when one issues "ALTER DATABASE ENCRYPT ... diff --git a/examples/dbcrypt/fbSampleDbCrypt.conf b/examples/dbcrypt/fbSampleDbCrypt.conf new file mode 100644 index 0000000000..0b5ebc44d7 --- /dev/null +++ b/examples/dbcrypt/fbSampleDbCrypt.conf @@ -0,0 +1,12 @@ +# Auto - boolean value, when FALSE plugin queries KeyHolder plugin for key value (this is default), +# when TRUE get key value from "Value" configuration parameter. + +#Auto = false + + + +# Value - integer value (lower byte is actually used), used in "Auto" mode as key value (default 90). + +#Value = 90 + + diff --git a/examples/dbcrypt/fbSampleKeyHolder.conf b/examples/dbcrypt/fbSampleKeyHolder.conf new file mode 100644 index 0000000000..8aac9e266a --- /dev/null +++ b/examples/dbcrypt/fbSampleKeyHolder.conf @@ -0,0 +1,22 @@ +# Auto - boolean value, when FALSE plugin queries client application for key value (this is default), +# when TRUE get key value from configuration file by name or use default (90) for unnamed key. + +#Auto = false + + + +# Key{Name} - integer value, a key with name "Name" (i.e. when one issues "ALTER DATABASE ENCRYPT ... +# KEY Doggy" configuration parameter KeyDoggy should be present). + +#Key = 90 +#KeyDoggy = [0 - 255] + + + +# OnlyOwnKey - boolean value, enables/disables use of a key from another key holder in SuperServer. +# Default value is TRUE (i.e. only key, owned by this KeyHolder, can be used by related +# attachment). + +#OnlyOwnKey = true + + diff --git a/examples/extauth/INSTALL b/examples/extauth/INSTALL index 645c48c37a..6bdf5f7df0 100644 --- a/examples/extauth/INSTALL +++ b/examples/extauth/INSTALL @@ -1,14 +1,14 @@ 0. Brief description. -ExtAuth plugin is useful when you want to run 'execute statement on external' statement -connecting to databases on non-local servers but do not wish to explicitly add login and -password to your PL/SQL code. When 2 servers completely trust each other this plugin may -be used to enable access to remote database without entering login and password in SQL -code. To ensure that connection comes from trusted source shared secret key (placed into -plugin's .conf file) is used. That means that the value of a "Key" parameter should be -exacly the same for all trusting each other hosts. Pay attention - SQL name of connected -user on remote host may not match local logon, it depends also upon mappings on remote -host. +fbSampleExtAuth plugin is useful when you want to run 'execute statement on external' +statement connecting to databases on non-local servers but do not wish to explicitly +add login and password to your PL/SQL code. When 2 servers completely trust each other +this plugin may be used to enable access to remote database without entering login and +password in SQL code. To ensure that connection comes from trusted source shared secret +key (placed into plugin's .conf file) is used. That means that the value of a "Key" +parameter should be exacly the same for all trusting each other hosts. Pay attention - +SQL name of connected user on remote host may not match local logon, it depends also +upon mappings on remote host. 1. Before starting the build. @@ -35,19 +35,19 @@ separate servers. See 'Testing' for more details. 4.Testing. - imagine you have two hosts: host1 and host2; -- generate configuration file using extauth_keygen utility on any of them (only ONCE - +- generate configuration file using fbSampleExtAuthKeygen utility on any of them (only ONCE - on ONE host !!!); - copy that file and plugin itself to $FIREBIRD/plugins directory on each host; - modify firebird.cond, it should contain something like: - AuthServer = Srp256, ExtAuth - AuthClient = Srp256, ExtAuth + AuthServer = Srp256, fbSampleExtAuth + AuthClient = Srp256, fbSampleExtAuth lines, certainly something else may be used instead recommended Srp256; -- if you need WIN_SSPI plugin please add it AFTER ExtAuth; +- if you need WIN_SSPI plugin please add it AFTER fbSampleExtAuth; - do not forget to restart firebird after reconfiguring it; - create minimal required mapping on host1: - CREATE MAPPING EXT USING PLUGIN EXTAUTH FROM ANY USER TO USER EXTUSER; + CREATE MAPPING EXT USING PLUGIN fbSampleExtAuth FROM ANY USER TO USER EXTUSER; - run the following script on host2: - ^SET TERM ^; + SET TERM ^; EXECUTE BLOCK RETURNS(REMNAME CHAR(32)) AS BEGIN EXECUTE STATEMENT 'SELECT CURRENT_USER FROM RDB$DATABASE' ON EXTERNAL 'host1:employee' INTO :REMNAME; diff --git a/examples/extauth/Makefile b/examples/extauth/Makefile index ce5a497775..c9e2a50407 100644 --- a/examples/extauth/Makefile +++ b/examples/extauth/Makefile @@ -49,11 +49,11 @@ TOMCRYPT_COMPILE += -Itomcrypt.include TOMCRYPT_LINK=-L$(LIB)/.tm endif -SIMPLE_KEY_AUTH_NAME=$(LIB_PREFIX)ExtAuth.$(SHRLIB_EXT) +SIMPLE_KEY_AUTH_NAME=$(LIB_PREFIX)fbSampleExtAuth.$(SHRLIB_EXT) BLD_SIMPLE_KEY_AUTH=$(OUT_PLUG)/$(SIMPLE_KEY_AUTH_NAME) SIMPLE_KEY_AUTH=$(PLUGINS)/$(SIMPLE_KEY_AUTH_NAME) -KEYGEN_NAME=extauth_keygen +KEYGEN_NAME=fbSampleExtAuthKeygen BLD_KEYGEN=$(OUT_BIN)/$(KEYGEN_NAME) KEYGEN=$(BIN)/$(KEYGEN_NAME) diff --git a/examples/extauth/keygen.cpp b/examples/extauth/keygen.cpp index b7061d0d78..bc25f02620 100644 --- a/examples/extauth/keygen.cpp +++ b/examples/extauth/keygen.cpp @@ -42,7 +42,7 @@ int main(int ac, char** av) check(NULL, rsa_export(outbuf, &outlen, PK_PRIVATE, &key), "Error exporting private RSA key"); - const char* const file = "ExtAuth.conf"; + const char* const file = "fbSampleExtAuth.conf"; FILE* conf = fopen(file, "w"); if (!conf) {