8
0
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-22 20:03:02 +01:00

Added various ways to get infomation about wire crypt plugin name: variable in rdb$get_context(), field in mon$attachments and tag in Attachment::getInfo()

This commit is contained in:
AlexPeshkoff 2020-01-15 18:02:03 +03:00
parent 9164797892
commit b9f4c65220
18 changed files with 76 additions and 6 deletions

View File

@ -114,6 +114,7 @@ Monitoring tables
- MON$STATEMENT_TIMEOUT (statement timeout) - MON$STATEMENT_TIMEOUT (statement timeout)
- MON$WIRE_COMPRESSED (wire compression enabled/disabled) - MON$WIRE_COMPRESSED (wire compression enabled/disabled)
- MON$WIRE_ENCRYPTED (wire encryption enabled/disabled) - MON$WIRE_ENCRYPTED (wire encryption enabled/disabled)
- MON$WIRE_CRYPT_PLUGIN (name of wire encryption plugin)
MON$TRANSACTIONS (started transactions) MON$TRANSACTIONS (started transactions)
- MON$TRANSACTION_ID (transaction ID) - MON$TRANSACTION_ID (transaction ID)

View File

@ -64,6 +64,9 @@ Usage:
WIRE_ENCRYPTED | Encryption status of current connection. WIRE_ENCRYPTED | Encryption status of current connection.
| Value is the same as for compression status above. | Value is the same as for compression status above.
| |
WIRE_CRYPT_PLUGIN | If connection is encrypted - returns name of current plugin,
| otherwise NULL.
|
CLIENT_ADDRESS | The wire protocol address and port number of remote client CLIENT_ADDRESS | The wire protocol address and port number of remote client
| represented as string. Value is IP address concatenated with | represented as string. Value is IP address concatenated with
| port number using the '/' separator character. Value is | port number using the '/' separator character. Value is

View File

@ -32,10 +32,22 @@ New items for isc_database_info
See also CORE-2054. See also CORE-2054.
4. Database encryption information:
fb_info_crypt_state - flags describing encryption state:
fb_info_crypt_encrypted - database is encrypted,
fb_info_crypt_process - encryption/decryption process is not complete;
fb_info_crypt_plugin - name of database crypt plugin;
fb_info_crypt_key - name of used database crypt key.
5. Connection information:
fb_info_conn_flags - flags describing connection state:
isc_dpb_addr_flag_conn_compressed - compression is used for connection,
isc_dpb_addr_flag_conn_encrypted - connection is encrypted;
fb_info_wire_crypt - name of connection encryption plugin.
New items for isc_transaction_info: New items for isc_transaction_info:
1. isc_info_tra_oldest_interesting : 1. isc_info_tra_oldest_interesting :
return number of oldest interesting transaction when current return number of oldest interesting transaction when current
transaction started. For snapshot transactions this is also the transaction started. For snapshot transactions this is also the

View File

@ -153,8 +153,9 @@
<address-element> ::= <address-element> ::=
isc_dpb_addr_protocol <byte-clumplet-length> <protocol-string> | isc_dpb_addr_protocol <byte-clumplet-length> <protocol-string> |
isc_dpb_addr_endpoint <byte-clumplet-length> <remote-endpoint-string> isc_dpb_addr_endpoint <byte-clumplet-length> <remote-endpoint-string> |
isc_dpb_addr_flags <byte-clumplet-length> <flags-int> isc_dpb_addr_flags <byte-clumplet-length> <flags-int> |
isc_dpb_addr_crypt <byte-clumplet-length> <plugin-string>
<protocol-string> ::= <protocol-string> ::=
"TCPv4" | "TCPv4" |
@ -163,6 +164,11 @@
"WNET" | "WNET" |
.... ....
<plugin-string> ::=
"Arc4" |
"ChaCha" |
....
<remote-endpoint-string> ::= <remote-endpoint-string> ::=
<IPv4-address> | // such as "172.20.1.1" <IPv4-address> | // such as "172.20.1.1"
<IPv6-address> | // such as "2001:0:13FF:09FF::1" <IPv6-address> | // such as "2001:0:13FF:09FF::1"
@ -178,6 +184,7 @@
#define isc_dpb_addr_protocol 1 #define isc_dpb_addr_protocol 1
#define isc_dpb_addr_endpoint 2 #define isc_dpb_addr_endpoint 2
#define isc_dpb_addr_flags 3 #define isc_dpb_addr_flags 3
#define isc_dpb_addr_crypt 4
/* possible addr flags */ /* possible addr flags */
#define isc_dpb_addr_flag_conn_compressed 0x01 #define isc_dpb_addr_flag_conn_compressed 0x01

View File

@ -160,6 +160,8 @@ enum db_info_types
fb_info_creation_timestamp_tz = 139, fb_info_creation_timestamp_tz = 139,
fb_info_wire_crypt = 140,
isc_info_db_last_value /* Leave this LAST! */ isc_info_db_last_value /* Leave this LAST! */
}; };

View File

@ -524,6 +524,7 @@
const USHORT f_mon_att_stmt_timeout = 22; const USHORT f_mon_att_stmt_timeout = 22;
const USHORT f_mon_att_wire_compressed = 23; const USHORT f_mon_att_wire_compressed = 23;
const USHORT f_mon_att_wire_encrypted = 24; const USHORT f_mon_att_wire_encrypted = 24;
const USHORT f_mon_att_remote_crypt = 25;
// Relation 35 (MON$TRANSACTIONS) // Relation 35 (MON$TRANSACTIONS)

View File

@ -251,6 +251,7 @@ static const UCHAR db_items[] =
isc_info_db_id, isc_info_db_id,
#endif #endif
fb_info_crypt_state, fb_info_crypt_state,
fb_info_wire_crypt,
isc_info_end isc_info_end
}; };
@ -554,6 +555,11 @@ bool SHOW_dbb_parameters(Firebird::IAttachment* db_handle,
(SLONG) isqlGlob.major_ods, value_out, separator); (SLONG) isqlGlob.major_ods, value_out, separator);
break; break;
case fb_info_wire_crypt:
if (d)
sprintf (info, "Wire crypt plugin: %.*s%s", length, d, separator);
break;
#ifdef DEV_BUILD #ifdef DEV_BUILD
case isc_info_db_id: case isc_info_db_id:
{ {

View File

@ -221,6 +221,7 @@ Jrd::Attachment::Attachment(MemoryPool* pool, Database* dbb)
att_context_vars(*pool), att_context_vars(*pool),
ddlTriggersContext(*pool), ddlTriggersContext(*pool),
att_network_protocol(*pool), att_network_protocol(*pool),
att_remote_crypt(*pool),
att_remote_address(*pool), att_remote_address(*pool),
att_remote_process(*pool), att_remote_process(*pool),
att_client_version(*pool), att_client_version(*pool),

View File

@ -440,6 +440,7 @@ public:
Firebird::StringMap att_context_vars; // Context variables for the connection Firebird::StringMap att_context_vars; // Context variables for the connection
Firebird::Stack<DdlTriggerContext*> ddlTriggersContext; // Context variables for DDL trigger event Firebird::Stack<DdlTriggerContext*> ddlTriggersContext; // Context variables for DDL trigger event
Firebird::string att_network_protocol; // Network protocol used by client for connection Firebird::string att_network_protocol; // Network protocol used by client for connection
Firebird::PathName att_remote_crypt; // Name of wire crypt plugin (if any)
Firebird::string att_remote_address; // Protocol-specific address of remote client Firebird::string att_remote_address; // Protocol-specific address of remote client
SLONG att_remote_pid; // Process id of remote client SLONG att_remote_pid; // Process id of remote client
ULONG att_remote_flags; // Flags specific for server/client link ULONG att_remote_flags; // Flags specific for server/client link

View File

@ -978,6 +978,8 @@ void Monitoring::putAttachment(SnapshotData::DumpRecord& record, const Jrd::Atta
record.storeString(f_mon_att_client_version, attachment->att_client_version); record.storeString(f_mon_att_client_version, attachment->att_client_version);
// remote protocol version // remote protocol version
record.storeString(f_mon_att_remote_version, attachment->att_remote_protocol); record.storeString(f_mon_att_remote_version, attachment->att_remote_protocol);
// wire encryption plugin
record.storeString(f_mon_att_remote_crypt, attachment->att_remote_crypt);
// remote host name // remote host name
record.storeString(f_mon_att_remote_host, attachment->att_remote_host); record.storeString(f_mon_att_remote_host, attachment->att_remote_host);
// OS user name // OS user name

View File

@ -335,6 +335,7 @@ const char
NETWORK_PROTOCOL_NAME[] = "NETWORK_PROTOCOL", NETWORK_PROTOCOL_NAME[] = "NETWORK_PROTOCOL",
WIRE_COMPRESSED_NAME[] = "WIRE_COMPRESSED", WIRE_COMPRESSED_NAME[] = "WIRE_COMPRESSED",
WIRE_ENCRYPTED_NAME[] = "WIRE_ENCRYPTED", WIRE_ENCRYPTED_NAME[] = "WIRE_ENCRYPTED",
WIRE_CRYPT_PLUGIN_NAME[] = "WIRE_CRYPT_PLUGIN",
CLIENT_ADDRESS_NAME[] = "CLIENT_ADDRESS", CLIENT_ADDRESS_NAME[] = "CLIENT_ADDRESS",
CLIENT_HOST_NAME[] = "CLIENT_HOST", CLIENT_HOST_NAME[] = "CLIENT_HOST",
CLIENT_PID_NAME[] = "CLIENT_PID", CLIENT_PID_NAME[] = "CLIENT_PID",
@ -4048,6 +4049,13 @@ dsc* evlGetContext(thread_db* tdbb, const SysFunction*, const NestValueArray& ar
resultStr = (attachment->att_remote_flags & isc_dpb_addr_flag_conn_encrypted) ? TRUE_VALUE : FALSE_VALUE; resultStr = (attachment->att_remote_flags & isc_dpb_addr_flag_conn_encrypted) ? TRUE_VALUE : FALSE_VALUE;
} }
else if (nameStr == WIRE_CRYPT_PLUGIN_NAME)
{
if (attachment->att_remote_crypt.isEmpty())
return NULL;
resultStr = attachment->att_remote_crypt.ToString();
}
else if (nameStr == CLIENT_ADDRESS_NAME) else if (nameStr == CLIENT_ADDRESS_NAME)
{ {
if (attachment->att_remote_address.isEmpty()) if (attachment->att_remote_address.isEmpty())

View File

@ -208,4 +208,5 @@
FIELD(fld_tz_db_version , nam_tz_db_version , dtype_varying , 10 , dsc_text_type_ascii , NULL , true) FIELD(fld_tz_db_version , nam_tz_db_version , dtype_varying , 10 , dsc_text_type_ascii , NULL , true)
FIELD(fld_crypt_state , nam_crypt_state , dtype_short , sizeof(SSHORT) , 0 , NULL , true) FIELD(fld_crypt_state , nam_crypt_state , dtype_short , sizeof(SSHORT) , 0 , NULL , true)
FIELD(fld_remote_crypt , nam_wire_crypt_plugin, dtype_varying, MAX_SQL_IDENTIFIER_LEN , dsc_text_type_metadata , NULL , true)

View File

@ -822,6 +822,19 @@ void INF_database_info(thread_db* tdbb,
length = INF_convert(tdbb->getAttachment()->att_remote_flags, buffer); length = INF_convert(tdbb->getAttachment()->att_remote_flags, buffer);
break; break;
case fb_info_wire_crypt:
{
const PathName& nm = tdbb->getAttachment()->att_remote_crypt;
if (!(info = INF_put_item(item, static_cast<USHORT>(nm.length()), nm.c_str(), info, end)))
{
if (transaction)
TRA_commit(tdbb, transaction, false);
return;
}
}
continue;
case fb_info_statement_timeout_db: case fb_info_statement_timeout_db:
length = INF_convert(dbb->dbb_config->getStatementTimeout(), buffer); length = INF_convert(dbb->dbb_config->getStatementTimeout(), buffer);
break; break;

View File

@ -1065,6 +1065,7 @@ namespace Jrd
PathName dpb_working_directory; PathName dpb_working_directory;
string dpb_set_db_charset; string dpb_set_db_charset;
string dpb_network_protocol; string dpb_network_protocol;
PathName dpb_remote_crypt;
string dpb_remote_address; string dpb_remote_address;
string dpb_remote_host; string dpb_remote_host;
string dpb_remote_os_user; string dpb_remote_os_user;
@ -6970,6 +6971,9 @@ void DatabaseOptions::get(const UCHAR* dpb, USHORT dpb_length, bool& invalid_cli
case isc_dpb_addr_flags: case isc_dpb_addr_flags:
dpb_remote_flags = address.getInt(); dpb_remote_flags = address.getInt();
break; break;
case isc_dpb_addr_crypt:
address.getPath(dpb_remote_crypt);
break;
default: default:
break; break;
} }
@ -7275,6 +7279,7 @@ static JAttachment* create_attachment(const PathName& alias_name,
attachment->att_filename = alias_name; attachment->att_filename = alias_name;
attachment->att_network_protocol = options.dpb_network_protocol; attachment->att_network_protocol = options.dpb_network_protocol;
attachment->att_remote_crypt = options.dpb_remote_crypt;
attachment->att_remote_address = options.dpb_remote_address; attachment->att_remote_address = options.dpb_remote_address;
attachment->att_remote_pid = options.dpb_remote_pid; attachment->att_remote_pid = options.dpb_remote_pid;
attachment->att_remote_flags = options.dpb_remote_flags; attachment->att_remote_flags = options.dpb_remote_flags;

View File

@ -419,6 +419,7 @@ NAME("MON$STATEMENT_TIMER", nam_stmt_timer)
NAME("MON$WIRE_COMPRESSED", nam_wire_compressed) NAME("MON$WIRE_COMPRESSED", nam_wire_compressed)
NAME("MON$WIRE_ENCRYPTED", nam_wire_encrypted) NAME("MON$WIRE_ENCRYPTED", nam_wire_encrypted)
NAME("MON$WIRE_CRYPT_PLUGIN", nam_wire_crypt_plugin)
NAME("RDB$TIME_ZONES", nam_time_zones) NAME("RDB$TIME_ZONES", nam_time_zones)
NAME("RDB$TIME_ZONE_ID", nam_tz_id) NAME("RDB$TIME_ZONE_ID", nam_tz_id)

View File

@ -523,6 +523,7 @@ RELATION(nam_mon_attachments, rel_mon_attachments, ODS_11_1, rel_virtual)
FIELD(f_mon_att_stmt_timeout, nam_stmt_timeout, fld_stmt_timeout, 0, ODS_13_0) FIELD(f_mon_att_stmt_timeout, nam_stmt_timeout, fld_stmt_timeout, 0, ODS_13_0)
FIELD(f_mon_att_wire_compressed, nam_wire_compressed, fld_bool, 0, ODS_13_0) FIELD(f_mon_att_wire_compressed, nam_wire_compressed, fld_bool, 0, ODS_13_0)
FIELD(f_mon_att_wire_encrypted, nam_wire_encrypted, fld_bool, 0, ODS_13_0) FIELD(f_mon_att_wire_encrypted, nam_wire_encrypted, fld_bool, 0, ODS_13_0)
FIELD(f_mon_att_remote_crypt, nam_wire_crypt_plugin, fld_remote_crypt, 0, ODS_12_0)
END_RELATION END_RELATION
// Relation 35 (MON$TRANSACTIONS) // Relation 35 (MON$TRANSACTIONS)

View File

@ -1093,6 +1093,7 @@ struct rem_port : public Firebird::GlobalStorage, public Firebird::RefCounted
Firebird::IWireCryptPlugin* port_crypt_plugin; // plugin used by port, when not NULL - crypts wire data Firebird::IWireCryptPlugin* port_crypt_plugin; // plugin used by port, when not NULL - crypts wire data
Firebird::ICryptKeyCallback* port_client_crypt_callback; // client callback to transfer database crypt key Firebird::ICryptKeyCallback* port_client_crypt_callback; // client callback to transfer database crypt key
ServerCallbackBase* port_server_crypt_callback; // server callback to transfer database crypt key ServerCallbackBase* port_server_crypt_callback; // server callback to transfer database crypt key
Firebird::PathName port_crypt_name; // name of actual wire crypt plugin
Firebird::RefPtr<Firebird::IReplicator> port_replicator; Firebird::RefPtr<Firebird::IReplicator> port_replicator;
@ -1138,8 +1139,8 @@ public:
port_srv_auth(NULL), port_srv_auth_block(NULL), port_srv_auth(NULL), port_srv_auth_block(NULL),
port_crypt_keys(getPool()), port_crypt_complete(false), port_crypt_level(WIRECRYPT_REQUIRED), port_crypt_keys(getPool()), port_crypt_complete(false), port_crypt_level(WIRECRYPT_REQUIRED),
port_known_server_keys(getPool()), port_crypt_plugin(NULL), port_known_server_keys(getPool()), port_crypt_plugin(NULL),
port_client_crypt_callback(NULL), port_server_crypt_callback(NULL), port_replicator(NULL), port_client_crypt_callback(NULL), port_server_crypt_callback(NULL), port_crypt_name(getPool()),
port_buffer(FB_NEW_POOL(getPool()) UCHAR[rpt]), port_replicator(NULL), port_buffer(FB_NEW_POOL(getPool()) UCHAR[rpt]),
port_snd_packets(0), port_rcv_packets(0), port_snd_bytes(0), port_rcv_bytes(0) port_snd_packets(0), port_rcv_packets(0), port_snd_bytes(0), port_rcv_bytes(0)
{ {
addRef(); addRef();

View File

@ -2328,7 +2328,10 @@ static void addClumplets(ClumpletWriter* dpb_buffer,
flags |= isc_dpb_addr_flag_conn_compressed; flags |= isc_dpb_addr_flag_conn_compressed;
#endif #endif
if (port->port_crypt_plugin) if (port->port_crypt_plugin)
{
flags |= isc_dpb_addr_flag_conn_encrypted; flags |= isc_dpb_addr_flag_conn_encrypted;
address_record.insertString(isc_dpb_addr_crypt, port->port_crypt_name);
}
if (flags) if (flags)
address_record.insertInt(isc_dpb_addr_flags, flags); address_record.insertInt(isc_dpb_addr_flags, flags);
@ -6175,6 +6178,7 @@ void rem_port::start_crypt(P_CRYPT * crypt, PACKET* sendL)
port_crypt_plugin = cp.plugin(); port_crypt_plugin = cp.plugin();
port_crypt_plugin->addRef(); port_crypt_plugin->addRef();
port_crypt_complete = true; port_crypt_complete = true;
port_crypt_name = cp.name();
send_response(sendL, 0, 0, &st, false); send_response(sendL, 0, 0, &st, false);
WIRECRYPT_DEBUG(fprintf(stderr, "Srv: Installed cipher %s\n", cp.name())); WIRECRYPT_DEBUG(fprintf(stderr, "Srv: Installed cipher %s\n", cp.name()));