MySQL 8.0.39
Source Code Documentation
network_provider.h
Go to the documentation of this file.
1/* Copyright (c) 2015, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef NETWORK_PROVIDER_H
25#define NETWORK_PROVIDER_H
26
27#ifndef XCOM_WITHOUT_OPENSSL
28#ifdef _WIN32
29/* In OpenSSL before 1.1.0, we need this first. */
30#include <winsock2.h>
31#endif
32#include <openssl/err.h>
33#include <openssl/ssl.h>
34#endif
35
36#include <atomic>
37#include <functional>
38#include <memory>
39#include <string>
40#include <vector>
41
42/**
43 * @brief Enum that describes the available XCom Communication Stacks
44 */
49};
50
51/*
52 Possible operation modes as explained further down. If you
53 want to add a new mode, do it before the LAST_SSL_MODE.
54*/
63};
64
65/*
66 Possible operation fips modes as explained further down. If you
67 want to add a new ssl fips mode, do it before the LAST_SSL_FIPS_MODE.
68*/
75};
76
77/**
78 * @brief Dynamic log level enum values
79 *
80 * Network Provider will allow external entities to change a given log level,
81 * determined by an external condition.
82 *
83 * For that, we create an enumeration that contains all possible generic log
84 * levels that we have seen in all implementations of a Network Provider.
85 *
86 * Each Network Provider specialization must provide a mapping between
87 * network_provider_dynamic_log_level and their specific log level.
88 *
89 * An example of this mechanism is as follows:
90 *
91 * Let us consider that a coder decided that a certain log output in
92 * open_connection, on an implementation of a network provider, is ERROR.
93 *
94 * At the same time, that developer allows an external entity that calls
95 * open_connection to override that log output. That could happen because the
96 * caller of open_connection wants to lower the verbosity due to too many errors
97 * in a short amount of time.
98 *
99 * The developer must then use the implemented mapping referenced above on
100 * that instruction and consume the input parameter of open_connection that
101 * refers to an external network_provider_dynamic_log_level.
102 */
104 PROVIDED = 0,
105 FATAL,
106 ERROR,
107 WARNING,
108 INFO,
109 DEBUG,
110 TRACE,
112};
113
114/**
115 * @brief This class is a helper to translate a Communication Stack to a
116 string
117 *
118 */
120 public:
121 static const char *to_string(enum_transport_protocol protocol) {
122 static std::vector<const char *> m_running_protocol_to_string = {"XCom",
123 "MySQL"};
124
125 return protocol > INVALID_PROTOCOL && protocol <= MYSQL_PROTOCOL
126 ? m_running_protocol_to_string[protocol]
127 : "Invalid Protocol";
128 }
129};
130
131/**
132 * @brief Security credentials to establish a connection
133 */
135 std::string user;
136 std::string pass;
138};
139
140/*
141 Set the necessary SSL parameters before initialization.
142
143 server_key_file - Path of file that contains the server's X509 key in PEM
144 format.
145 server_cert_file - Path of file that contains the server's X509 certificate
146 in PEM format.
147 client_key_file - Path of file that contains the client's X509 key in PEM
148 format.
149 client_cert_file - Path of file that contains the client's X509 certificate
150 in PEM format.
151 ca_file - Path of file that contains list of trusted SSL CAs.
152 ca_path - Path of directory that contains trusted SSL CA
153 certificates in PEM format.
154 crl_file - Path of file that contains certificate revocation lists.
155 crl_path - Path of directory that contains certificate revocation
156 list files.
157 cipher - List of permitted ciphers to use for connection
158 encryption.
159 tls_version - Protocols permitted for secure connections.
160 tls_ciphersuites - List of permitted ciphersuites to use for TLS 1.3
161 connection encryption.
162
163 Note that only the server_key_file/server_cert_file and the client_key_file/
164 client_cert_file are required and the rest of the pointers can be NULL.
165 If the key is provided along with the certificate, either the key file or
166 the other can be omitted.
167
168 The caller can free the parameters after the SSL is started
169 if this is necessary.
170*/
173 const char *server_key_file;
174 const char *server_cert_file;
175 const char *client_key_file;
176 const char *client_cert_file;
177 const char *ca_file;
178 const char *ca_path;
179 const char *crl_file;
180 const char *crl_path;
181 const char *cipher;
182};
184 const char *tls_version;
185 const char *tls_ciphersuites;
186};
187
188/**
189 * @brief Possible configuration parameters
190 */
192 unsigned short port;
193
196};
197
198/**
199 * @brief Represents an open connection.
200 */
202 Network_connection(int parameter_fd)
203 : fd(parameter_fd)
204#ifndef XCOM_WITHOUT_OPENSSL
205 ,
207#endif
208 ,
209 has_error(false) {
210 }
211
212 Network_connection(int parameter_fd
213#ifndef XCOM_WITHOUT_OPENSSL
214 ,
215 SSL *parameter_ssl_fd
216#endif
217 )
218 : fd(parameter_fd)
219#ifndef XCOM_WITHOUT_OPENSSL
220 ,
221 ssl_fd(parameter_ssl_fd)
222#endif
223 ,
224 has_error(false) {
225 }
226
227 Network_connection(int parameter_fd
228#ifndef XCOM_WITHOUT_OPENSSL
229 ,
230 SSL *parameter_ssl_fd
231#endif
232 ,
233 bool parameter_has_error)
234 : fd(parameter_fd)
235#ifndef XCOM_WITHOUT_OPENSSL
236 ,
237 ssl_fd(parameter_ssl_fd)
238#endif
239 ,
240 has_error(parameter_has_error) {
241 }
242
243 int fd;
244#ifndef XCOM_WITHOUT_OPENSSL
245 SSL *ssl_fd;
246#endif
248};
249
250/**
251 * @brief Class that provides Network Namespace services
252 */
254 public:
256
257 /**
258 Method to get the network namespace configured for a channel
259
260 @param[out] net_ns The network namespace to extract
261
262 @return the operation status
263 @retval false OK
264 @retval true Error, channel not found
265*/
266 virtual int channel_get_network_namespace(std::string &net_ns) = 0;
267
268 /**
269 Set active network namespace specified by a name.
270
271 @param network_namespace the name of a network namespace to be set active
272
273 @return false on success, true on error
274 @note all opened descriptors used during function run are closed on error
275 */
276 virtual bool set_network_namespace(const std::string &network_namespace) = 0;
277
278 /**
279 Restore original network namespace used to be active before a new network
280 namespace has been set.
281
282 @return false on success, true on failure
283 */
285};
286
287/**
288 * @brief Base class for External Network Providers
289 *
290 * This virtual class will serve as base class for any external entity that
291 * whishes to provide network connections to XCom.
292 *
293 * It will have to implement the following methods:
294 * - start();
295 * - stop();
296 * - get_ĩd();
297 * - configure();
298 * - open_connection();
299 * - close_connection();
300 *
301 * If provides a lock free implementation of (set)\‍(get)_connection() for
302 * multithreaded usage.
303 *
304 *
305 */
307 public:
309 m_shared_connection.store(nullptr);
310 }
313
316
317 virtual ~Network_provider() {}
318
319 /**
320 * @brief Starts the network provider.
321 *
322 * Each implementation will place here any code that it needs to start a
323 * network provider.
324 *
325 * start() is synchronous. After start() succeeded, it is assumed that XCom
326 * is ready to receive new connections.
327 *
328 * @return a pair of <bool,int>
329 * bool indicates the success of the operation. false means success.
330 * int returns an error code.
331 */
332 virtual std::pair<bool, int> start() = 0;
333
334 /**
335 * @brief Stops the network provider.
336 *
337 * Each implementation will place here any code that it needs to stop a
338 * network provider.
339 *
340 * stop() is synchronous. After stop() succeeded, it is assumed that XCom
341 * shall not receive any new connection.
342 *
343 * @return a pair of <bool,int>
344 * bool indicates the success of the operation. false means success.
345 * int returns an error code.
346 */
347 virtual std::pair<bool, int> stop() = 0;
348
349 /**
350 * @brief Get the communication stack implemented by this provider
351 *
352 * Return a valid value withint the range of RunningProtocol enum.
353 *
354 * @return RunningProtocol valid value
355 */
357
358 /**
359 * @brief Configures a network provider
360 *
361 * @param params a sensible list of possibly configurable network parameters
362 *
363 * @return true in case of a successful configuration.
364 * @return false in case of a unsuccessful configuration.
365 */
366 virtual bool configure(const Network_configuration_parameters &params) = 0;
367
368 /**
369 * @brief Configures the active provider with all things needed to establish
370 * SSL connections
371 *
372 * @param params configuration parameters for SSL.
373 *
374 * @return true In case of success.
375 * @return false In case of failure.
376 */
378 const Network_configuration_parameters &params) = 0;
379
381
382 virtual std::function<void()> get_secure_connections_context_cleaner() {
383 std::function<void()> retval = []() {
384#if OPENSSL_VERSION_NUMBER < 0x10100000L
385 ERR_remove_thread_state(0);
386#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
387 };
388
389 return retval;
390 }
391
393
394 /**
395 * @brief Opens a new connection to another XCom endpoint served by the same
396 * Network provider.
397 *
398 * @param address address of the remote endpoint
399 * @param port port of the remote endpoint
400 * @param security_credentials security credentials to connect to the remote
401 * endpoint
402 * @param connection_timeout connection timeout
403 * @param log_level log level @see network_provider_dynamic_log_level for more
404 * information
405 * @return std::unique_ptr<Network_connection> an established connection.
406 * nullptr in case of failure.
407 */
408 virtual std::unique_ptr<Network_connection> open_connection(
409 const std::string &address, const unsigned short port,
410 const Network_security_credentials &security_credentials,
411 int connection_timeout = default_connection_timeout(),
414
415 /**
416 * @brief Closes an open connection to another XCom endpoint served by the
417 * same Network provider.
418 *
419 * @param connection an open and valid connection
420 * @return int an error code in case of error. 0, otherwise.
421 */
422 virtual int close_connection(const Network_connection &connection) = 0;
423
424 /**
425 * @brief Lock-free Set connection
426 *
427 * Sets a new connection received by this provider. It will be consumed
428 * internally by get_new_connection().
429 *
430 * @param connection a newly created connection.
431 */
433 Network_connection *null_desired_value;
434 do {
435 null_desired_value = nullptr;
436 } while (!m_shared_connection.compare_exchange_weak(null_desired_value,
437 connection));
438 }
439
440 /**
441 * @brief Get the new connection object
442 *
443 * @return Network_connection* a new connection coming from this network
444 * provider
445 */
448
450
451 if (new_connection != nullptr) m_shared_connection.store(nullptr);
452
453 return new_connection;
454 }
455
458
459 if (to_purge) {
460 close_connection(*to_purge);
461 }
462
463 delete to_purge;
464 }
465
466 static constexpr int default_connection_timeout() { return 3000; }
467
468 private:
469 std::atomic<Network_connection *> m_shared_connection;
470};
471
472#endif // NETWORK_PROVIDER_H
This class is a helper to translate a Communication Stack to a string.
Definition: network_provider.h:119
static const char * to_string(enum_transport_protocol protocol)
Definition: network_provider.h:121
Class that provides Network Namespace services.
Definition: network_provider.h:253
virtual bool set_network_namespace(const std::string &network_namespace)=0
Set active network namespace specified by a name.
virtual ~Network_namespace_manager()
Definition: network_provider.h:255
virtual bool restore_original_network_namespace()=0
Restore original network namespace used to be active before a new network namespace has been set.
virtual int channel_get_network_namespace(std::string &net_ns)=0
Method to get the network namespace configured for a channel.
Base class for External Network Providers.
Definition: network_provider.h:306
void reset_new_connection()
Definition: network_provider.h:456
virtual int close_connection(const Network_connection &connection)=0
Closes an open connection to another XCom endpoint served by the same Network provider.
virtual bool finalize_secure_connections_context()=0
Network_connection * get_new_connection()
Get the new connection object.
Definition: network_provider.h:446
virtual std::function< void()> get_secure_connections_context_cleaner()
Definition: network_provider.h:382
virtual std::pair< bool, int > start()=0
Starts the network provider.
virtual std::pair< bool, int > stop()=0
Stops the network provider.
static constexpr int default_connection_timeout()
Definition: network_provider.h:466
Network_provider()
Definition: network_provider.h:308
virtual bool configure_secure_connections(const Network_configuration_parameters &params)=0
Configures the active provider with all things needed to establish SSL connections.
std::atomic< Network_connection * > m_shared_connection
Definition: network_provider.h:469
virtual ~Network_provider()
Definition: network_provider.h:317
Network_provider & operator=(Network_provider &param)=delete
virtual enum_transport_protocol get_communication_stack() const =0
Get the communication stack implemented by this provider.
virtual void cleanup_secure_connections_context()=0
virtual bool configure(const Network_configuration_parameters &params)=0
Configures a network provider.
void set_new_connection(Network_connection *connection)
Lock-free Set connection.
Definition: network_provider.h:432
Network_provider(Network_provider &&param)
Definition: network_provider.h:311
Network_provider(Network_provider &param)=delete
virtual std::unique_ptr< Network_connection > open_connection(const std::string &address, const unsigned short port, const Network_security_credentials &security_credentials, int connection_timeout=default_connection_timeout(), network_provider_dynamic_log_level log_level=network_provider_dynamic_log_level::PROVIDED)=0
Opens a new connection to another XCom endpoint served by the same Network provider.
Fido Client Authentication nullptr
Definition: fido_client_plugin.cc:222
bool load(THD *, const dd::String_type &fname, dd::String_type *buf)
Read an sdi file from disk and store in a buffer.
Definition: sdi_file.cc:308
ssl_enum_fips_mode_options
Definition: network_provider.h:69
@ INVALID_SSL_FIPS_MODE
Definition: network_provider.h:70
@ FIPS_MODE_ON
Definition: network_provider.h:72
@ FIPS_MODE_OFF
Definition: network_provider.h:71
@ FIPS_MODE_STRICT
Definition: network_provider.h:73
@ LAST_SSL_FIPS_MODE
Definition: network_provider.h:74
enum_transport_protocol
Enum that describes the available XCom Communication Stacks.
Definition: network_provider.h:45
@ INVALID_PROTOCOL
Definition: network_provider.h:46
@ MYSQL_PROTOCOL
Definition: network_provider.h:48
@ XCOM_PROTOCOL
Definition: network_provider.h:47
ssl_enum_mode_options
Definition: network_provider.h:55
@ LAST_SSL_MODE
Definition: network_provider.h:62
@ SSL_VERIFY_CA
Definition: network_provider.h:60
@ SSL_VERIFY_IDENTITY
Definition: network_provider.h:61
@ SSL_REQUIRED
Definition: network_provider.h:59
@ SSL_PREFERRED
Definition: network_provider.h:58
@ INVALID_SSL_MODE
Definition: network_provider.h:56
@ SSL_DISABLED
Definition: network_provider.h:57
network_provider_dynamic_log_level
Dynamic log level enum values.
Definition: network_provider.h:103
static connection_descriptor * new_connection(int fd, SSL *ssl_fd)
Definition: node_connection.h:61
required string network_namespace
Definition: replication_asynchronous_connection_failover.proto:34
required uint64 port
Definition: replication_asynchronous_connection_failover.proto:33
Possible configuration parameters.
Definition: network_provider.h:191
struct ssl_parameters ssl_params
Definition: network_provider.h:194
struct tls_parameters tls_params
Definition: network_provider.h:195
unsigned short port
Definition: network_provider.h:192
Represents an open connection.
Definition: network_provider.h:201
Network_connection(int parameter_fd, SSL *parameter_ssl_fd, bool parameter_has_error)
Definition: network_provider.h:227
Network_connection(int parameter_fd, SSL *parameter_ssl_fd)
Definition: network_provider.h:212
int fd
Definition: network_provider.h:243
Network_connection(int parameter_fd)
Definition: network_provider.h:202
SSL * ssl_fd
Definition: network_provider.h:245
bool has_error
Definition: network_provider.h:247
Security credentials to establish a connection.
Definition: network_provider.h:134
std::string user
Definition: network_provider.h:135
bool use_ssl
Definition: network_provider.h:137
std::string pass
Definition: network_provider.h:136
Definition: network_provider.h:171
const char * server_key_file
Definition: network_provider.h:173
const char * client_key_file
Definition: network_provider.h:175
const char * ca_path
Definition: network_provider.h:178
const char * cipher
Definition: network_provider.h:181
const char * crl_file
Definition: network_provider.h:179
const char * client_cert_file
Definition: network_provider.h:176
const char * crl_path
Definition: network_provider.h:180
int ssl_mode
Definition: network_provider.h:172
const char * server_cert_file
Definition: network_provider.h:174
const char * ca_file
Definition: network_provider.h:177
Definition: network_provider.h:183
const char * tls_ciphersuites
Definition: network_provider.h:185
const char * tls_version
Definition: network_provider.h:184