mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-22 20:03:02 +01:00
Added various ways to get infomation about wire crypt plugin name: variable in rdb$get_context(), field in mon$attachments and tag in Attachment::getInfo()
This commit is contained in:
parent
9164797892
commit
b9f4c65220
@ -114,6 +114,7 @@ Monitoring tables
|
|||||||
- MON$STATEMENT_TIMEOUT (statement timeout)
|
- MON$STATEMENT_TIMEOUT (statement timeout)
|
||||||
- MON$WIRE_COMPRESSED (wire compression enabled/disabled)
|
- MON$WIRE_COMPRESSED (wire compression enabled/disabled)
|
||||||
- MON$WIRE_ENCRYPTED (wire encryption enabled/disabled)
|
- MON$WIRE_ENCRYPTED (wire encryption enabled/disabled)
|
||||||
|
- MON$WIRE_CRYPT_PLUGIN (name of wire encryption plugin)
|
||||||
|
|
||||||
MON$TRANSACTIONS (started transactions)
|
MON$TRANSACTIONS (started transactions)
|
||||||
- MON$TRANSACTION_ID (transaction ID)
|
- MON$TRANSACTION_ID (transaction ID)
|
||||||
|
@ -64,6 +64,9 @@ Usage:
|
|||||||
WIRE_ENCRYPTED | Encryption status of current connection.
|
WIRE_ENCRYPTED | Encryption status of current connection.
|
||||||
| Value is the same as for compression status above.
|
| Value is the same as for compression status above.
|
||||||
|
|
|
|
||||||
|
WIRE_CRYPT_PLUGIN | If connection is encrypted - returns name of current plugin,
|
||||||
|
| otherwise NULL.
|
||||||
|
|
|
||||||
CLIENT_ADDRESS | The wire protocol address and port number of remote client
|
CLIENT_ADDRESS | The wire protocol address and port number of remote client
|
||||||
| represented as string. Value is IP address concatenated with
|
| represented as string. Value is IP address concatenated with
|
||||||
| port number using the '/' separator character. Value is
|
| port number using the '/' separator character. Value is
|
||||||
|
@ -32,10 +32,22 @@ New items for isc_database_info
|
|||||||
|
|
||||||
See also CORE-2054.
|
See also CORE-2054.
|
||||||
|
|
||||||
|
4. Database encryption information:
|
||||||
|
fb_info_crypt_state - flags describing encryption state:
|
||||||
|
fb_info_crypt_encrypted - database is encrypted,
|
||||||
|
fb_info_crypt_process - encryption/decryption process is not complete;
|
||||||
|
fb_info_crypt_plugin - name of database crypt plugin;
|
||||||
|
fb_info_crypt_key - name of used database crypt key.
|
||||||
|
|
||||||
|
5. Connection information:
|
||||||
|
fb_info_conn_flags - flags describing connection state:
|
||||||
|
isc_dpb_addr_flag_conn_compressed - compression is used for connection,
|
||||||
|
isc_dpb_addr_flag_conn_encrypted - connection is encrypted;
|
||||||
|
fb_info_wire_crypt - name of connection encryption plugin.
|
||||||
|
|
||||||
|
|
||||||
New items for isc_transaction_info:
|
New items for isc_transaction_info:
|
||||||
|
|
||||||
1. isc_info_tra_oldest_interesting :
|
1. isc_info_tra_oldest_interesting :
|
||||||
return number of oldest interesting transaction when current
|
return number of oldest interesting transaction when current
|
||||||
transaction started. For snapshot transactions this is also the
|
transaction started. For snapshot transactions this is also the
|
||||||
|
@ -153,8 +153,9 @@
|
|||||||
|
|
||||||
<address-element> ::=
|
<address-element> ::=
|
||||||
isc_dpb_addr_protocol <byte-clumplet-length> <protocol-string> |
|
isc_dpb_addr_protocol <byte-clumplet-length> <protocol-string> |
|
||||||
isc_dpb_addr_endpoint <byte-clumplet-length> <remote-endpoint-string>
|
isc_dpb_addr_endpoint <byte-clumplet-length> <remote-endpoint-string> |
|
||||||
isc_dpb_addr_flags <byte-clumplet-length> <flags-int>
|
isc_dpb_addr_flags <byte-clumplet-length> <flags-int> |
|
||||||
|
isc_dpb_addr_crypt <byte-clumplet-length> <plugin-string>
|
||||||
|
|
||||||
<protocol-string> ::=
|
<protocol-string> ::=
|
||||||
"TCPv4" |
|
"TCPv4" |
|
||||||
@ -163,6 +164,11 @@
|
|||||||
"WNET" |
|
"WNET" |
|
||||||
....
|
....
|
||||||
|
|
||||||
|
<plugin-string> ::=
|
||||||
|
"Arc4" |
|
||||||
|
"ChaCha" |
|
||||||
|
....
|
||||||
|
|
||||||
<remote-endpoint-string> ::=
|
<remote-endpoint-string> ::=
|
||||||
<IPv4-address> | // such as "172.20.1.1"
|
<IPv4-address> | // such as "172.20.1.1"
|
||||||
<IPv6-address> | // such as "2001:0:13FF:09FF::1"
|
<IPv6-address> | // such as "2001:0:13FF:09FF::1"
|
||||||
@ -178,6 +184,7 @@
|
|||||||
#define isc_dpb_addr_protocol 1
|
#define isc_dpb_addr_protocol 1
|
||||||
#define isc_dpb_addr_endpoint 2
|
#define isc_dpb_addr_endpoint 2
|
||||||
#define isc_dpb_addr_flags 3
|
#define isc_dpb_addr_flags 3
|
||||||
|
#define isc_dpb_addr_crypt 4
|
||||||
|
|
||||||
/* possible addr flags */
|
/* possible addr flags */
|
||||||
#define isc_dpb_addr_flag_conn_compressed 0x01
|
#define isc_dpb_addr_flag_conn_compressed 0x01
|
||||||
|
@ -160,6 +160,8 @@ enum db_info_types
|
|||||||
|
|
||||||
fb_info_creation_timestamp_tz = 139,
|
fb_info_creation_timestamp_tz = 139,
|
||||||
|
|
||||||
|
fb_info_wire_crypt = 140,
|
||||||
|
|
||||||
isc_info_db_last_value /* Leave this LAST! */
|
isc_info_db_last_value /* Leave this LAST! */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -524,6 +524,7 @@
|
|||||||
const USHORT f_mon_att_stmt_timeout = 22;
|
const USHORT f_mon_att_stmt_timeout = 22;
|
||||||
const USHORT f_mon_att_wire_compressed = 23;
|
const USHORT f_mon_att_wire_compressed = 23;
|
||||||
const USHORT f_mon_att_wire_encrypted = 24;
|
const USHORT f_mon_att_wire_encrypted = 24;
|
||||||
|
const USHORT f_mon_att_remote_crypt = 25;
|
||||||
|
|
||||||
|
|
||||||
// Relation 35 (MON$TRANSACTIONS)
|
// Relation 35 (MON$TRANSACTIONS)
|
||||||
|
@ -251,6 +251,7 @@ static const UCHAR db_items[] =
|
|||||||
isc_info_db_id,
|
isc_info_db_id,
|
||||||
#endif
|
#endif
|
||||||
fb_info_crypt_state,
|
fb_info_crypt_state,
|
||||||
|
fb_info_wire_crypt,
|
||||||
isc_info_end
|
isc_info_end
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -554,6 +555,11 @@ bool SHOW_dbb_parameters(Firebird::IAttachment* db_handle,
|
|||||||
(SLONG) isqlGlob.major_ods, value_out, separator);
|
(SLONG) isqlGlob.major_ods, value_out, separator);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case fb_info_wire_crypt:
|
||||||
|
if (d)
|
||||||
|
sprintf (info, "Wire crypt plugin: %.*s%s", length, d, separator);
|
||||||
|
break;
|
||||||
|
|
||||||
#ifdef DEV_BUILD
|
#ifdef DEV_BUILD
|
||||||
case isc_info_db_id:
|
case isc_info_db_id:
|
||||||
{
|
{
|
||||||
|
@ -221,6 +221,7 @@ Jrd::Attachment::Attachment(MemoryPool* pool, Database* dbb)
|
|||||||
att_context_vars(*pool),
|
att_context_vars(*pool),
|
||||||
ddlTriggersContext(*pool),
|
ddlTriggersContext(*pool),
|
||||||
att_network_protocol(*pool),
|
att_network_protocol(*pool),
|
||||||
|
att_remote_crypt(*pool),
|
||||||
att_remote_address(*pool),
|
att_remote_address(*pool),
|
||||||
att_remote_process(*pool),
|
att_remote_process(*pool),
|
||||||
att_client_version(*pool),
|
att_client_version(*pool),
|
||||||
|
@ -440,6 +440,7 @@ public:
|
|||||||
Firebird::StringMap att_context_vars; // Context variables for the connection
|
Firebird::StringMap att_context_vars; // Context variables for the connection
|
||||||
Firebird::Stack<DdlTriggerContext*> ddlTriggersContext; // Context variables for DDL trigger event
|
Firebird::Stack<DdlTriggerContext*> ddlTriggersContext; // Context variables for DDL trigger event
|
||||||
Firebird::string att_network_protocol; // Network protocol used by client for connection
|
Firebird::string att_network_protocol; // Network protocol used by client for connection
|
||||||
|
Firebird::PathName att_remote_crypt; // Name of wire crypt plugin (if any)
|
||||||
Firebird::string att_remote_address; // Protocol-specific address of remote client
|
Firebird::string att_remote_address; // Protocol-specific address of remote client
|
||||||
SLONG att_remote_pid; // Process id of remote client
|
SLONG att_remote_pid; // Process id of remote client
|
||||||
ULONG att_remote_flags; // Flags specific for server/client link
|
ULONG att_remote_flags; // Flags specific for server/client link
|
||||||
|
@ -978,6 +978,8 @@ void Monitoring::putAttachment(SnapshotData::DumpRecord& record, const Jrd::Atta
|
|||||||
record.storeString(f_mon_att_client_version, attachment->att_client_version);
|
record.storeString(f_mon_att_client_version, attachment->att_client_version);
|
||||||
// remote protocol version
|
// remote protocol version
|
||||||
record.storeString(f_mon_att_remote_version, attachment->att_remote_protocol);
|
record.storeString(f_mon_att_remote_version, attachment->att_remote_protocol);
|
||||||
|
// wire encryption plugin
|
||||||
|
record.storeString(f_mon_att_remote_crypt, attachment->att_remote_crypt);
|
||||||
// remote host name
|
// remote host name
|
||||||
record.storeString(f_mon_att_remote_host, attachment->att_remote_host);
|
record.storeString(f_mon_att_remote_host, attachment->att_remote_host);
|
||||||
// OS user name
|
// OS user name
|
||||||
|
@ -335,6 +335,7 @@ const char
|
|||||||
NETWORK_PROTOCOL_NAME[] = "NETWORK_PROTOCOL",
|
NETWORK_PROTOCOL_NAME[] = "NETWORK_PROTOCOL",
|
||||||
WIRE_COMPRESSED_NAME[] = "WIRE_COMPRESSED",
|
WIRE_COMPRESSED_NAME[] = "WIRE_COMPRESSED",
|
||||||
WIRE_ENCRYPTED_NAME[] = "WIRE_ENCRYPTED",
|
WIRE_ENCRYPTED_NAME[] = "WIRE_ENCRYPTED",
|
||||||
|
WIRE_CRYPT_PLUGIN_NAME[] = "WIRE_CRYPT_PLUGIN",
|
||||||
CLIENT_ADDRESS_NAME[] = "CLIENT_ADDRESS",
|
CLIENT_ADDRESS_NAME[] = "CLIENT_ADDRESS",
|
||||||
CLIENT_HOST_NAME[] = "CLIENT_HOST",
|
CLIENT_HOST_NAME[] = "CLIENT_HOST",
|
||||||
CLIENT_PID_NAME[] = "CLIENT_PID",
|
CLIENT_PID_NAME[] = "CLIENT_PID",
|
||||||
@ -4048,6 +4049,13 @@ dsc* evlGetContext(thread_db* tdbb, const SysFunction*, const NestValueArray& ar
|
|||||||
|
|
||||||
resultStr = (attachment->att_remote_flags & isc_dpb_addr_flag_conn_encrypted) ? TRUE_VALUE : FALSE_VALUE;
|
resultStr = (attachment->att_remote_flags & isc_dpb_addr_flag_conn_encrypted) ? TRUE_VALUE : FALSE_VALUE;
|
||||||
}
|
}
|
||||||
|
else if (nameStr == WIRE_CRYPT_PLUGIN_NAME)
|
||||||
|
{
|
||||||
|
if (attachment->att_remote_crypt.isEmpty())
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
resultStr = attachment->att_remote_crypt.ToString();
|
||||||
|
}
|
||||||
else if (nameStr == CLIENT_ADDRESS_NAME)
|
else if (nameStr == CLIENT_ADDRESS_NAME)
|
||||||
{
|
{
|
||||||
if (attachment->att_remote_address.isEmpty())
|
if (attachment->att_remote_address.isEmpty())
|
||||||
|
@ -208,4 +208,5 @@
|
|||||||
|
|
||||||
FIELD(fld_tz_db_version , nam_tz_db_version , dtype_varying , 10 , dsc_text_type_ascii , NULL , true)
|
FIELD(fld_tz_db_version , nam_tz_db_version , dtype_varying , 10 , dsc_text_type_ascii , NULL , true)
|
||||||
|
|
||||||
FIELD(fld_crypt_state , nam_crypt_state , dtype_short , sizeof(SSHORT) , 0 , NULL , true)
|
FIELD(fld_crypt_state , nam_crypt_state , dtype_short , sizeof(SSHORT) , 0 , NULL , true)
|
||||||
|
FIELD(fld_remote_crypt , nam_wire_crypt_plugin, dtype_varying, MAX_SQL_IDENTIFIER_LEN , dsc_text_type_metadata , NULL , true)
|
||||||
|
@ -822,6 +822,19 @@ void INF_database_info(thread_db* tdbb,
|
|||||||
length = INF_convert(tdbb->getAttachment()->att_remote_flags, buffer);
|
length = INF_convert(tdbb->getAttachment()->att_remote_flags, buffer);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case fb_info_wire_crypt:
|
||||||
|
{
|
||||||
|
const PathName& nm = tdbb->getAttachment()->att_remote_crypt;
|
||||||
|
if (!(info = INF_put_item(item, static_cast<USHORT>(nm.length()), nm.c_str(), info, end)))
|
||||||
|
{
|
||||||
|
if (transaction)
|
||||||
|
TRA_commit(tdbb, transaction, false);
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
|
||||||
case fb_info_statement_timeout_db:
|
case fb_info_statement_timeout_db:
|
||||||
length = INF_convert(dbb->dbb_config->getStatementTimeout(), buffer);
|
length = INF_convert(dbb->dbb_config->getStatementTimeout(), buffer);
|
||||||
break;
|
break;
|
||||||
|
@ -1065,6 +1065,7 @@ namespace Jrd
|
|||||||
PathName dpb_working_directory;
|
PathName dpb_working_directory;
|
||||||
string dpb_set_db_charset;
|
string dpb_set_db_charset;
|
||||||
string dpb_network_protocol;
|
string dpb_network_protocol;
|
||||||
|
PathName dpb_remote_crypt;
|
||||||
string dpb_remote_address;
|
string dpb_remote_address;
|
||||||
string dpb_remote_host;
|
string dpb_remote_host;
|
||||||
string dpb_remote_os_user;
|
string dpb_remote_os_user;
|
||||||
@ -6970,6 +6971,9 @@ void DatabaseOptions::get(const UCHAR* dpb, USHORT dpb_length, bool& invalid_cli
|
|||||||
case isc_dpb_addr_flags:
|
case isc_dpb_addr_flags:
|
||||||
dpb_remote_flags = address.getInt();
|
dpb_remote_flags = address.getInt();
|
||||||
break;
|
break;
|
||||||
|
case isc_dpb_addr_crypt:
|
||||||
|
address.getPath(dpb_remote_crypt);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -7275,6 +7279,7 @@ static JAttachment* create_attachment(const PathName& alias_name,
|
|||||||
|
|
||||||
attachment->att_filename = alias_name;
|
attachment->att_filename = alias_name;
|
||||||
attachment->att_network_protocol = options.dpb_network_protocol;
|
attachment->att_network_protocol = options.dpb_network_protocol;
|
||||||
|
attachment->att_remote_crypt = options.dpb_remote_crypt;
|
||||||
attachment->att_remote_address = options.dpb_remote_address;
|
attachment->att_remote_address = options.dpb_remote_address;
|
||||||
attachment->att_remote_pid = options.dpb_remote_pid;
|
attachment->att_remote_pid = options.dpb_remote_pid;
|
||||||
attachment->att_remote_flags = options.dpb_remote_flags;
|
attachment->att_remote_flags = options.dpb_remote_flags;
|
||||||
|
@ -419,6 +419,7 @@ NAME("MON$STATEMENT_TIMER", nam_stmt_timer)
|
|||||||
|
|
||||||
NAME("MON$WIRE_COMPRESSED", nam_wire_compressed)
|
NAME("MON$WIRE_COMPRESSED", nam_wire_compressed)
|
||||||
NAME("MON$WIRE_ENCRYPTED", nam_wire_encrypted)
|
NAME("MON$WIRE_ENCRYPTED", nam_wire_encrypted)
|
||||||
|
NAME("MON$WIRE_CRYPT_PLUGIN", nam_wire_crypt_plugin)
|
||||||
|
|
||||||
NAME("RDB$TIME_ZONES", nam_time_zones)
|
NAME("RDB$TIME_ZONES", nam_time_zones)
|
||||||
NAME("RDB$TIME_ZONE_ID", nam_tz_id)
|
NAME("RDB$TIME_ZONE_ID", nam_tz_id)
|
||||||
|
@ -523,6 +523,7 @@ RELATION(nam_mon_attachments, rel_mon_attachments, ODS_11_1, rel_virtual)
|
|||||||
FIELD(f_mon_att_stmt_timeout, nam_stmt_timeout, fld_stmt_timeout, 0, ODS_13_0)
|
FIELD(f_mon_att_stmt_timeout, nam_stmt_timeout, fld_stmt_timeout, 0, ODS_13_0)
|
||||||
FIELD(f_mon_att_wire_compressed, nam_wire_compressed, fld_bool, 0, ODS_13_0)
|
FIELD(f_mon_att_wire_compressed, nam_wire_compressed, fld_bool, 0, ODS_13_0)
|
||||||
FIELD(f_mon_att_wire_encrypted, nam_wire_encrypted, fld_bool, 0, ODS_13_0)
|
FIELD(f_mon_att_wire_encrypted, nam_wire_encrypted, fld_bool, 0, ODS_13_0)
|
||||||
|
FIELD(f_mon_att_remote_crypt, nam_wire_crypt_plugin, fld_remote_crypt, 0, ODS_12_0)
|
||||||
END_RELATION
|
END_RELATION
|
||||||
|
|
||||||
// Relation 35 (MON$TRANSACTIONS)
|
// Relation 35 (MON$TRANSACTIONS)
|
||||||
|
@ -1093,6 +1093,7 @@ struct rem_port : public Firebird::GlobalStorage, public Firebird::RefCounted
|
|||||||
Firebird::IWireCryptPlugin* port_crypt_plugin; // plugin used by port, when not NULL - crypts wire data
|
Firebird::IWireCryptPlugin* port_crypt_plugin; // plugin used by port, when not NULL - crypts wire data
|
||||||
Firebird::ICryptKeyCallback* port_client_crypt_callback; // client callback to transfer database crypt key
|
Firebird::ICryptKeyCallback* port_client_crypt_callback; // client callback to transfer database crypt key
|
||||||
ServerCallbackBase* port_server_crypt_callback; // server callback to transfer database crypt key
|
ServerCallbackBase* port_server_crypt_callback; // server callback to transfer database crypt key
|
||||||
|
Firebird::PathName port_crypt_name; // name of actual wire crypt plugin
|
||||||
|
|
||||||
Firebird::RefPtr<Firebird::IReplicator> port_replicator;
|
Firebird::RefPtr<Firebird::IReplicator> port_replicator;
|
||||||
|
|
||||||
@ -1138,8 +1139,8 @@ public:
|
|||||||
port_srv_auth(NULL), port_srv_auth_block(NULL),
|
port_srv_auth(NULL), port_srv_auth_block(NULL),
|
||||||
port_crypt_keys(getPool()), port_crypt_complete(false), port_crypt_level(WIRECRYPT_REQUIRED),
|
port_crypt_keys(getPool()), port_crypt_complete(false), port_crypt_level(WIRECRYPT_REQUIRED),
|
||||||
port_known_server_keys(getPool()), port_crypt_plugin(NULL),
|
port_known_server_keys(getPool()), port_crypt_plugin(NULL),
|
||||||
port_client_crypt_callback(NULL), port_server_crypt_callback(NULL), port_replicator(NULL),
|
port_client_crypt_callback(NULL), port_server_crypt_callback(NULL), port_crypt_name(getPool()),
|
||||||
port_buffer(FB_NEW_POOL(getPool()) UCHAR[rpt]),
|
port_replicator(NULL), port_buffer(FB_NEW_POOL(getPool()) UCHAR[rpt]),
|
||||||
port_snd_packets(0), port_rcv_packets(0), port_snd_bytes(0), port_rcv_bytes(0)
|
port_snd_packets(0), port_rcv_packets(0), port_snd_bytes(0), port_rcv_bytes(0)
|
||||||
{
|
{
|
||||||
addRef();
|
addRef();
|
||||||
|
@ -2328,7 +2328,10 @@ static void addClumplets(ClumpletWriter* dpb_buffer,
|
|||||||
flags |= isc_dpb_addr_flag_conn_compressed;
|
flags |= isc_dpb_addr_flag_conn_compressed;
|
||||||
#endif
|
#endif
|
||||||
if (port->port_crypt_plugin)
|
if (port->port_crypt_plugin)
|
||||||
|
{
|
||||||
flags |= isc_dpb_addr_flag_conn_encrypted;
|
flags |= isc_dpb_addr_flag_conn_encrypted;
|
||||||
|
address_record.insertString(isc_dpb_addr_crypt, port->port_crypt_name);
|
||||||
|
}
|
||||||
|
|
||||||
if (flags)
|
if (flags)
|
||||||
address_record.insertInt(isc_dpb_addr_flags, flags);
|
address_record.insertInt(isc_dpb_addr_flags, flags);
|
||||||
@ -6175,6 +6178,7 @@ void rem_port::start_crypt(P_CRYPT * crypt, PACKET* sendL)
|
|||||||
port_crypt_plugin = cp.plugin();
|
port_crypt_plugin = cp.plugin();
|
||||||
port_crypt_plugin->addRef();
|
port_crypt_plugin->addRef();
|
||||||
port_crypt_complete = true;
|
port_crypt_complete = true;
|
||||||
|
port_crypt_name = cp.name();
|
||||||
|
|
||||||
send_response(sendL, 0, 0, &st, false);
|
send_response(sendL, 0, 0, &st, false);
|
||||||
WIRECRYPT_DEBUG(fprintf(stderr, "Srv: Installed cipher %s\n", cp.name()));
|
WIRECRYPT_DEBUG(fprintf(stderr, "Srv: Installed cipher %s\n", cp.name()));
|
||||||
|
Loading…
Reference in New Issue
Block a user