MySQL 8.0.40
Source Code Documentation
handshake.h
Go to the documentation of this file.
1/* Copyright (c) 2011, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef HANDSHAKE_H
25#define HANDSHAKE_H
26
27#include "common.h"
28#include "my_inttypes.h"
29
30/**
31 Name of the SSP (Security Support Provider) to be used for authentication.
32
33 We use "Negotiate" which will find the most secure SSP which can be used
34 and redirect to that SSP.
35*/
36#define SSP_NAME "Negotiate"
37
38/**
39 Maximal number of rounds in authentication handshake.
40
41 Server will interrupt authentication handshake with error if client's
42 identity can not be determined within this many rounds.
43*/
44#define MAX_HANDSHAKE_ROUNDS 50
45
46/// Convenience wrapper around @c SecBufferDesc.
47
48class Security_buffer : public SecBufferDesc {
49 SecBuffer m_buf; ///< A @c SecBuffer instance.
50
51 void init(byte *ptr, size_t len) {
52 ulVersion = 0;
53 cBuffers = 1;
54 pBuffers = &m_buf;
55
56 m_buf.BufferType = SECBUFFER_TOKEN;
57 m_buf.pvBuffer = ptr;
58 m_buf.cbBuffer = (ulong)len;
59 }
60
61 /// If @c false, no deallocation will be done in the destructor.
62 const bool m_allocated;
63
64 // Copying/assignment is not supported and can lead to memory leaks
65 // So declaring copy constructor and assignment operator as private
68
69 public:
70 explicit Security_buffer(const Blob &);
72
74
75 byte *ptr() const { return (byte *)m_buf.pvBuffer; }
76
77 size_t len() const { return m_buf.cbBuffer; }
78
79 const Blob as_blob() const { return Blob(ptr(), len()); }
80
81 void mem_free(void);
82};
83
84/// Common base for Handshake_{server,client}.
85
86class Handshake {
87 public:
88 typedef enum { CLIENT, SERVER } side_t;
89
90 Handshake(const char *ssp, side_t side);
91 virtual ~Handshake();
92
94
95 bool virtual is_complete() const { return m_complete; }
96
97 int error() const { return m_error; }
98
99 protected:
100 /// Security context object created during the handshake.
101 CtxtHandle m_sctx;
102
103 /// Credentials of the principal performing this handshake.
104 CredHandle m_cred;
105
106 /// Stores expiry date of the created security context.
107 TimeStamp m_expire;
108
109 /// Stores attributes of the created security context.
110 ULONG m_atts;
111
112 /**
113 Round of the handshake (starting from round 1). One round
114 consist of reading packet from the other side, processing it and
115 optionally sending a reply (see @c packet_processing_loop()).
116 */
117 unsigned int m_round;
118
119 /// If non-zero, stores error code of the last failed operation.
121
122 /// @c true when handshake is complete.
124
125 /// @c true when the principal credentials has been determined.
127
128 /// @c true when the security context has been created.
130
131 /// Buffer for data to be send to the other side.
133
134 bool process_result(int);
135
136 /**
137 This method is used inside @c packet_processing_loop to process
138 data packets received from the other end.
139
140 @param data data to be processed
141
142 @return A blob with data to be sent to the other end or null blob if
143 no more data needs to be exchanged.
144 */
145 virtual Blob process_data(const Blob &data) = 0;
146
147 /// Read packet from the other end.
148 virtual Blob read_packet() = 0;
149
150 /// Write packet to the other end.
151 virtual int write_packet(Blob &data) = 0;
152
153#ifndef NDEBUG
154
155 private:
156 SecPkgInfo *m_ssp_info;
157
158 public:
159 const char *ssp_name();
160
161#endif
162};
163
164#endif
Class representing a region of memory (e.g., a string or binary buffer).
Definition: common.h:160
Common base for Handshake_{server,client}.
Definition: handshake.h:86
side_t
Definition: handshake.h:88
@ SERVER
Definition: handshake.h:88
@ CLIENT
Definition: handshake.h:88
Security_buffer m_output
Buffer for data to be send to the other side.
Definition: handshake.h:132
bool m_have_credentials
true when the principal credentials has been determined.
Definition: handshake.h:126
CredHandle m_cred
Credentials of the principal performing this handshake.
Definition: handshake.h:104
bool m_have_sec_context
true when the security context has been created.
Definition: handshake.h:129
bool process_result(int)
Process result of {Initialize,Accept}SecurityContext() function.
Definition: handshake.cc:209
Handshake(const char *ssp, side_t side)
Handshake class implementation.
Definition: handshake.cc:42
int m_error
If non-zero, stores error code of the last failed operation.
Definition: handshake.h:120
TimeStamp m_expire
Stores expiry date of the created security context.
Definition: handshake.h:107
int error() const
Definition: handshake.h:97
ULONG m_atts
Stores attributes of the created security context.
Definition: handshake.h:110
virtual Blob read_packet()=0
Read packet from the other end.
int packet_processing_loop()
Read and process data packets from the other end of a connection.
Definition: handshake.cc:97
SecPkgInfo * m_ssp_info
Definition: handshake.h:156
bool m_complete
true when handshake is complete.
Definition: handshake.h:123
const char * ssp_name()
Get name of the security package which was used in authentication.
Definition: handshake.cc:174
CtxtHandle m_sctx
Security context object created during the handshake.
Definition: handshake.h:101
virtual int write_packet(Blob &data)=0
Write packet to the other end.
virtual bool is_complete() const
Definition: handshake.h:95
virtual Blob process_data(const Blob &data)=0
This method is used inside packet_processing_loop to process data packets received from the other end...
virtual ~Handshake()
Definition: handshake.cc:74
unsigned int m_round
Round of the handshake (starting from round 1).
Definition: handshake.h:117
Convenience wrapper around SecBufferDesc.
Definition: handshake.h:48
void init(byte *ptr, size_t len)
Definition: handshake.h:51
void mem_free(void)
Definition: handshake.cc:262
const Blob as_blob() const
Definition: handshake.h:79
~Security_buffer()
Definition: handshake.h:73
Security_buffer(const Security_buffer &)
byte * ptr() const
Definition: handshake.h:75
const bool m_allocated
If false, no deallocation will be done in the destructor.
Definition: handshake.h:62
size_t len() const
Definition: handshake.h:77
SecBuffer m_buf
A SecBuffer instance.
Definition: handshake.h:49
const Security_buffer & operator=(const Security_buffer &)
Security_buffer()
Definition: handshake.cc:260
Some integer typedefs for easier portability.
borrowable::binary::Blob< true > Blob
Definition: classic_protocol_binary.h:327