Added various ways to get infomation about wire crypt plugin name: variable in rdb$get_context(), field in mon$attachments and tag in Attachment::getInfo()

2025-01-22 20:03:02 +01:00 · 2020-01-15 18:02:03 +03:00 · 2020-01-15 18:02:03 +03:00 · b9f4c65220
commit b9f4c65220
parent 9164797892
18 changed files with 76 additions and 6 deletions
--- a/doc/README.monitoring_tables
+++ b/doc/README.monitoring_tables
@ -114,6 +114,7 @@ Monitoring tables
      - MON$STATEMENT_TIMEOUT (statement timeout)
      - MON$WIRE_COMPRESSED (wire compression enabled/disabled)
      - MON$WIRE_ENCRYPTED (wire encryption enabled/disabled)
+      - MON$WIRE_CRYPT_PLUGIN (name of wire encryption plugin)

    MON$TRANSACTIONS (started transactions)
      - MON$TRANSACTION_ID (transaction ID)
--- a/doc/sql.extensions/README.context_variables2
+++ b/doc/sql.extensions/README.context_variables2
@ -64,6 +64,9 @@ Usage:
   WIRE_ENCRYPTED               | Encryption status of current connection.
                                | Value is the same as for compression status above.
                                |
+   WIRE_CRYPT_PLUGIN            | If connection is encrypted - returns name of current plugin,
+                                | otherwise NULL.
+                                |
   CLIENT_ADDRESS               | The wire protocol address and port number of remote client
                                | represented as string. Value is IP address concatenated with
                                | port number using the '/' separator character. Value is
--- a/doc/sql.extensions/README.isc_info_xxx
+++ b/doc/sql.extensions/README.isc_info_xxx
@ -32,6 +32,18 @@ New items for isc_database_info

 	See also CORE-2054.

+4. Database encryption information:
+   fb_info_crypt_state - flags describing encryption state:
+	fb_info_crypt_encrypted - database is encrypted,
+	fb_info_crypt_process - encryption/decryption process is not complete;
+   fb_info_crypt_plugin - name of database crypt plugin;
+   fb_info_crypt_key - name of used database crypt key.
+
+5. Connection information:
+   fb_info_conn_flags - flags describing connection state:
+	isc_dpb_addr_flag_conn_compressed - compression is used for connection,
+	isc_dpb_addr_flag_conn_encrypted - connection is encrypted;
+   fb_info_wire_crypt - name of connection encryption plugin.


 New items for isc_transaction_info:
--- a/src/include/firebird/impl/consts_pub.h
+++ b/src/include/firebird/impl/consts_pub.h
@ -153,8 +153,9 @@

 <address-element> ::=
 	isc_dpb_addr_protocol <byte-clumplet-length> <protocol-string> |
-	isc_dpb_addr_endpoint <byte-clumplet-length> <remote-endpoint-string>
-	isc_dpb_addr_flags <byte-clumplet-length> <flags-int>
+	isc_dpb_addr_endpoint <byte-clumplet-length> <remote-endpoint-string> |
+	isc_dpb_addr_flags <byte-clumplet-length> <flags-int> |
+	isc_dpb_addr_crypt <byte-clumplet-length> <plugin-string>

 <protocol-string> ::=
 	"TCPv4" |
@ -163,6 +164,11 @@
 	"WNET" |
 	....

+ <plugin-string> ::=
+	"Arc4" |
+	"ChaCha" |
+	....
+
 <remote-endpoint-string> ::=
 	<IPv4-address> | // such as "172.20.1.1"
 	<IPv6-address> | // such as "2001:0:13FF:09FF::1"
@ -178,6 +184,7 @@
 #define isc_dpb_addr_protocol 1
 #define isc_dpb_addr_endpoint 2
 #define isc_dpb_addr_flags 3
+#define isc_dpb_addr_crypt 4

 /* possible addr flags */
 #define isc_dpb_addr_flag_conn_compressed	0x01
--- a/src/include/firebird/impl/inf_pub.h
+++ b/src/include/firebird/impl/inf_pub.h
@ -160,6 +160,8 @@ enum db_info_types

 	fb_info_creation_timestamp_tz = 139,

+	fb_info_wire_crypt = 140,
+
 	isc_info_db_last_value   /* Leave this LAST! */
 };

--- a/src/include/gen/ids.h
+++ b/src/include/gen/ids.h
@ -524,6 +524,7 @@
 	const USHORT  f_mon_att_stmt_timeout = 22;
 	const USHORT  f_mon_att_wire_compressed = 23;
 	const USHORT  f_mon_att_wire_encrypted = 24;
+	const USHORT  f_mon_att_remote_crypt = 25;


 // Relation 35 (MON$TRANSACTIONS)
--- a/src/isql/show.epp
+++ b/src/isql/show.epp
@ -251,6 +251,7 @@ static const UCHAR db_items[] =
 	isc_info_db_id,
 #endif
 	fb_info_crypt_state,
+	fb_info_wire_crypt,
 	isc_info_end
 };

@ -554,6 +555,11 @@ bool SHOW_dbb_parameters(Firebird::IAttachment* db_handle,
 					(SLONG) isqlGlob.major_ods, value_out, separator);
 			break;

+		case fb_info_wire_crypt:
+			if (d)
+				sprintf (info, "Wire crypt plugin: %.*s%s", length, d, separator);
+			break;
+
 #ifdef DEV_BUILD
 		case isc_info_db_id:
 			{
--- a/src/jrd/Attachment.cpp
+++ b/src/jrd/Attachment.cpp
@ -221,6 +221,7 @@ Jrd::Attachment::Attachment(MemoryPool* pool, Database* dbb)
 	  att_context_vars(*pool),
 	  ddlTriggersContext(*pool),
 	  att_network_protocol(*pool),
+	  att_remote_crypt(*pool),
 	  att_remote_address(*pool),
 	  att_remote_process(*pool),
 	  att_client_version(*pool),
--- a/src/jrd/Attachment.h
+++ b/src/jrd/Attachment.h
@ -440,6 +440,7 @@ public:
 	Firebird::StringMap att_context_vars;	// Context variables for the connection
 	Firebird::Stack<DdlTriggerContext*> ddlTriggersContext;	// Context variables for DDL trigger event
 	Firebird::string att_network_protocol;	// Network protocol used by client for connection
+	Firebird::PathName att_remote_crypt;	// Name of wire crypt plugin (if any)
 	Firebird::string att_remote_address;	// Protocol-specific address of remote client
 	SLONG att_remote_pid;					// Process id of remote client
 	ULONG att_remote_flags;					// Flags specific for server/client link
--- a/src/jrd/Monitoring.cpp
+++ b/src/jrd/Monitoring.cpp
@ -978,6 +978,8 @@ void Monitoring::putAttachment(SnapshotData::DumpRecord& record, const Jrd::Atta
 	record.storeString(f_mon_att_client_version, attachment->att_client_version);
 	// remote protocol version
 	record.storeString(f_mon_att_remote_version, attachment->att_remote_protocol);
+	// wire encryption plugin
+	record.storeString(f_mon_att_remote_crypt, attachment->att_remote_crypt);
 	// remote host name
 	record.storeString(f_mon_att_remote_host, attachment->att_remote_host);
 	// OS user name
--- a/src/jrd/SysFunction.cpp
+++ b/src/jrd/SysFunction.cpp
@ -335,6 +335,7 @@ const char
 	NETWORK_PROTOCOL_NAME[] = "NETWORK_PROTOCOL",
 	WIRE_COMPRESSED_NAME[] = "WIRE_COMPRESSED",
 	WIRE_ENCRYPTED_NAME[] = "WIRE_ENCRYPTED",
+	WIRE_CRYPT_PLUGIN_NAME[] = "WIRE_CRYPT_PLUGIN",
 	CLIENT_ADDRESS_NAME[] = "CLIENT_ADDRESS",
 	CLIENT_HOST_NAME[] = "CLIENT_HOST",
 	CLIENT_PID_NAME[] = "CLIENT_PID",
@ -4048,6 +4049,13 @@ dsc* evlGetContext(thread_db* tdbb, const SysFunction*, const NestValueArray& ar

 			resultStr = (attachment->att_remote_flags & isc_dpb_addr_flag_conn_encrypted) ? TRUE_VALUE : FALSE_VALUE;
 		}
+		else if (nameStr == WIRE_CRYPT_PLUGIN_NAME)
+		{
+			if (attachment->att_remote_crypt.isEmpty())
+				return NULL;
+
+			resultStr = attachment->att_remote_crypt.ToString();
+		}
 		else if (nameStr == CLIENT_ADDRESS_NAME)
 		{
 			if (attachment->att_remote_address.isEmpty())
--- a/src/jrd/fields.h
+++ b/src/jrd/fields.h
@ -209,3 +209,4 @@
 	FIELD(fld_tz_db_version	, nam_tz_db_version	, dtype_varying	, 10						, dsc_text_type_ascii		, NULL		, true)

 	FIELD(fld_crypt_state	, nam_crypt_state	, dtype_short	, sizeof(SSHORT)			, 0							, NULL		, true)
+	FIELD(fld_remote_crypt	, nam_wire_crypt_plugin, dtype_varying, MAX_SQL_IDENTIFIER_LEN	, dsc_text_type_metadata	, NULL		, true)
--- a/src/jrd/inf.cpp
+++ b/src/jrd/inf.cpp
@ -822,6 +822,19 @@ void INF_database_info(thread_db* tdbb,
 			length = INF_convert(tdbb->getAttachment()->att_remote_flags, buffer);
 			break;

+		case fb_info_wire_crypt:
+			{
+				const PathName& nm = tdbb->getAttachment()->att_remote_crypt;
+				if (!(info = INF_put_item(item, static_cast<USHORT>(nm.length()), nm.c_str(), info, end)))
+				{
+					if (transaction)
+						TRA_commit(tdbb, transaction, false);
+
+					return;
+				}
+			}
+			continue;
+
 		case fb_info_statement_timeout_db:
 			length = INF_convert(dbb->dbb_config->getStatementTimeout(), buffer);
 			break;
--- a/src/jrd/jrd.cpp
+++ b/src/jrd/jrd.cpp
@ -1065,6 +1065,7 @@ namespace Jrd
 		PathName	dpb_working_directory;
 		string	dpb_set_db_charset;
 		string	dpb_network_protocol;
+		PathName	dpb_remote_crypt;
 		string	dpb_remote_address;
 		string	dpb_remote_host;
 		string	dpb_remote_os_user;
@ -6970,6 +6971,9 @@ void DatabaseOptions::get(const UCHAR* dpb, USHORT dpb_length, bool& invalid_cli
 							case isc_dpb_addr_flags:
 								dpb_remote_flags = address.getInt();
 								break;
+							case isc_dpb_addr_crypt:
+								address.getPath(dpb_remote_crypt);
+								break;
 							default:
 								break;
 						}
@ -7275,6 +7279,7 @@ static JAttachment* create_attachment(const PathName& alias_name,

 	attachment->att_filename = alias_name;
 	attachment->att_network_protocol = options.dpb_network_protocol;
+	attachment->att_remote_crypt = options.dpb_remote_crypt;
 	attachment->att_remote_address = options.dpb_remote_address;
 	attachment->att_remote_pid = options.dpb_remote_pid;
 	attachment->att_remote_flags = options.dpb_remote_flags;
--- a/src/jrd/names.h
+++ b/src/jrd/names.h
@ -419,6 +419,7 @@ NAME("MON$STATEMENT_TIMER", nam_stmt_timer)

 NAME("MON$WIRE_COMPRESSED", nam_wire_compressed)
 NAME("MON$WIRE_ENCRYPTED", nam_wire_encrypted)
+NAME("MON$WIRE_CRYPT_PLUGIN", nam_wire_crypt_plugin)

 NAME("RDB$TIME_ZONES", nam_time_zones)
 NAME("RDB$TIME_ZONE_ID", nam_tz_id)
--- a/src/jrd/relations.h
+++ b/src/jrd/relations.h
@ -523,6 +523,7 @@ RELATION(nam_mon_attachments, rel_mon_attachments, ODS_11_1, rel_virtual)
 	FIELD(f_mon_att_stmt_timeout, nam_stmt_timeout, fld_stmt_timeout, 0, ODS_13_0)
 	FIELD(f_mon_att_wire_compressed, nam_wire_compressed, fld_bool, 0, ODS_13_0)
 	FIELD(f_mon_att_wire_encrypted, nam_wire_encrypted, fld_bool, 0, ODS_13_0)
+	FIELD(f_mon_att_remote_crypt, nam_wire_crypt_plugin, fld_remote_crypt, 0, ODS_12_0)
 END_RELATION

 // Relation 35 (MON$TRANSACTIONS)
--- a/src/remote/remote.h
+++ b/src/remote/remote.h
@ -1093,6 +1093,7 @@ struct rem_port : public Firebird::GlobalStorage, public Firebird::RefCounted
 	Firebird::IWireCryptPlugin* port_crypt_plugin;		// plugin used by port, when not NULL - crypts wire data
 	Firebird::ICryptKeyCallback* port_client_crypt_callback;	// client callback to transfer database crypt key
 	ServerCallbackBase* port_server_crypt_callback;			// server callback to transfer database crypt key
+	Firebird::PathName port_crypt_name;		// name of actual wire crypt plugin

 	Firebird::RefPtr<Firebird::IReplicator> port_replicator;

@ -1138,8 +1139,8 @@ public:
 		port_srv_auth(NULL), port_srv_auth_block(NULL),
 		port_crypt_keys(getPool()), port_crypt_complete(false), port_crypt_level(WIRECRYPT_REQUIRED),
 		port_known_server_keys(getPool()), port_crypt_plugin(NULL),
-		port_client_crypt_callback(NULL), port_server_crypt_callback(NULL), port_replicator(NULL),
-		port_buffer(FB_NEW_POOL(getPool()) UCHAR[rpt]),
+		port_client_crypt_callback(NULL), port_server_crypt_callback(NULL), port_crypt_name(getPool()),
+		port_replicator(NULL), port_buffer(FB_NEW_POOL(getPool()) UCHAR[rpt]),
 		port_snd_packets(0), port_rcv_packets(0), port_snd_bytes(0), port_rcv_bytes(0)
 	{
 		addRef();
--- a/src/remote/server/server.cpp
+++ b/src/remote/server/server.cpp
@ -2328,7 +2328,10 @@ static void addClumplets(ClumpletWriter* dpb_buffer,
 		flags |= isc_dpb_addr_flag_conn_compressed;
 #endif
 	if (port->port_crypt_plugin)
+	{
 		flags |= isc_dpb_addr_flag_conn_encrypted;
+		address_record.insertString(isc_dpb_addr_crypt, port->port_crypt_name);
+	}

 	if (flags)
 		address_record.insertInt(isc_dpb_addr_flags, flags);
@ -6175,6 +6178,7 @@ void rem_port::start_crypt(P_CRYPT * crypt, PACKET* sendL)
 		port_crypt_plugin = cp.plugin();
 		port_crypt_plugin->addRef();
 		port_crypt_complete = true;
+		port_crypt_name = cp.name();

 		send_response(sendL, 0, 0, &st, false);
 		WIRECRYPT_DEBUG(fprintf(stderr, "Srv: Installed cipher %s\n", cp.name()));