MySQL  8.0.22
Source Code Documentation
gcs_xcom_networking.h
Go to the documentation of this file.
1 /* Copyright (c) 2016, 2020, Oracle and/or its affiliates.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef GCS_XCOM_NETWORKING_H
24 #define GCS_XCOM_NETWORKING_H
25 
26 #include <map>
27 #include <string>
28 #include <vector>
29 
32 
33 #ifdef _WIN32
34 typedef u_short sa_family_t;
35 #endif
36 
37 /**
38  * @brief Interface to decouple XCom sock_probe implementation to allow
39  * unit testing.
40  */
42  public:
45 
46  virtual int init_sock_probe(sock_probe *s) = 0;
47  virtual int number_of_interfaces(sock_probe *s) = 0;
48  virtual void get_sockaddr_address(sock_probe *s, int count,
49  struct sockaddr **out) = 0;
50  virtual void get_sockaddr_netmask(sock_probe *s, int count,
51  struct sockaddr **out) = 0;
52  virtual char *get_if_name(sock_probe *s, int count) = 0;
53  virtual bool_t is_if_running(sock_probe *s, int count) = 0;
54  virtual void close_sock_probe(sock_probe *s) = 0;
55 
58  default; // move constructor must be explicit because copy is
60  default;
62  default; // move assignment must be explicit because move is
63 };
64 
65 /**
66  * @brief Implementation of @class Gcs_sock_probe_interface
67  */
69  public:
72 
73  int init_sock_probe(sock_probe *s) override;
74  int number_of_interfaces(sock_probe *s) override;
76  struct sockaddr **out) override;
77  void get_sockaddr_netmask(sock_probe *s, int count,
78  struct sockaddr **out) override;
79  char *get_if_name(sock_probe *s, int count) override;
80  bool_t is_if_running(sock_probe *s, int count) override;
81  void close_sock_probe(sock_probe *s) override;
82 
85  default; // move constructor must be explicit because copy is
87  const Gcs_sock_probe_interface_impl &) = default;
89  default; // move assignment must be explicit because move is
90 };
91 
92 /**
93  This function gets all network addresses on this host and their
94  subnet masks as a string.
95 
96  @param[out] sock_probe Socket probe interface
97  @param[out] out maps IP addresses to subnetmasks
98  @param filter_out_inactive If set to true, only active interfaces will be
99  added to out
100  @return false on success, true otherwise.
101  */
103  std::map<std::string, int> &out,
104  bool filter_out_inactive = false);
105 
106 /**
107  This function gets all private network addresses and their
108  subnet masks as a string. IPv4 only. (SOCK_STREAM only)
109  @param[out] out maps IP addresses to subnetmasks
110  @param filter_out_inactive If set to true, only active interfaces will be added
111  to out
112  @return false on sucess, true otherwise.
113  */
114 bool get_local_private_addresses(std::map<std::string, int> &out,
115  bool filter_out_inactive = false);
116 
117 /**
118  This function translates hostnames to all possible IP addresses.
119 
120  @param[in] name The hostname to translate.
121  @param[out] ips The IP addresses after translation.
122 
123  @return false on success, true otherwise.
124  */
126  std::string name, std::vector<std::pair<sa_family_t, std::string>> &ips);
127 
128 /**
129  This function translates hostname to all possible IP addresses.
130 
131  @param[in] name The hostname to translate.
132  @param[out] ip The IP addresses after translation.
133 
134  @return false on success, true otherwise.
135  */
136 bool resolve_ip_addr_from_hostname(std::string name,
137  std::vector<std::string> &ip);
138 
139 /**
140  Converts an address in string format (X.X.X.X/XX) into network octet format
141 
142  @param[in] addr IP address in X.X.X.X format
143  @param[in] mask Network mask associated with the address
144  @param[out] out_pair IP address and netmask, in binary format (network byte
145  order)
146 
147  @return false on success, true otherwise.
148  */
149 bool get_address_for_allowlist(std::string addr, std::string mask,
150  std::pair<std::vector<unsigned char>,
151  std::vector<unsigned char>> &out_pair);
152 
153 /**
154  @class Gcs_ip_allowlist_entry
155  @brief Base abstract class for the allowlist entries.
156 
157  This is the base class for the Allowlist entries. Any derived class must
158  implement its two abstract methods:
159  - init_value();
160  - get_value();
161  */
163  public:
164  /**
165  Constructor
166 
167  @param[in] addr IP address or hostname of this entry
168  @param[in] mask Network mask of this entry.
169  */
170  Gcs_ip_allowlist_entry(std::string addr, std::string mask);
171 
173 
174  /**
175  Entry initialization.
176 
177  If one needs to initialize internal values, it should be done in this
178  method.
179 
180  @return false on success, true otherwise
181  */
182  virtual bool init_value() = 0;
183 
184  /**
185  Virtual Method that implements value retrieval for this entry.
186 
187  The returned value must be a list of std::pairs that contains both the
188  address and the mask in network octet value. This is in list format because
189  in the case of allowlist names, we can have multiple value for the same
190  entry
191 
192  @return an std::vector of std::pair with ip and mask in network octet form
193  */
194  virtual std::vector<
195  std::pair<std::vector<unsigned char>, std::vector<unsigned char>>>
196  *get_value() = 0;
197 
198  /** Getters */
199  std::string get_addr() const { return m_addr; }
200  std::string get_mask() const { return m_mask; }
201 
202  private:
203  std::string m_addr;
204  std::string m_mask;
205 };
206 
209  const Gcs_ip_allowlist_entry *rhs) const {
210  // Check if addresses are different in content
211  if (lhs->get_addr() != rhs->get_addr()) { // Then compare only the
212  // addresses
213  return lhs->get_addr() < rhs->get_addr();
214  } else { // If addresses are equal, then compare the masks to untie.
215  return lhs->get_mask() < rhs->get_mask();
216  }
217  }
218 };
219 
220 /**
221  @class Gcs_ip_allowlist_entry_ip
222  @brief Implementation of Gcs_ip_allowlist_entry to use with
223  raw IP addresses in format X.X.X.X/XX
224  */
226  public:
227  Gcs_ip_allowlist_entry_ip(std::string addr, std::string mask);
228 
229  public:
230  bool init_value() override;
231  std::vector<std::pair<std::vector<unsigned char>, std::vector<unsigned char>>>
232  *get_value() override;
233 
234  private:
235  std::pair<std::vector<unsigned char>, std::vector<unsigned char>> m_value;
236 };
237 
238 /**
239  @class Gcs_ip_allowlist_entry_hostname
240  @brief Implementation of Gcs_ip_allowlist_entry to use with
241  hostnames
242  */
244  public:
245  Gcs_ip_allowlist_entry_hostname(std::string addr, std::string mask);
246  Gcs_ip_allowlist_entry_hostname(std::string addr);
247 
248  public:
249  bool init_value() override;
250  std::vector<std::pair<std::vector<unsigned char>, std::vector<unsigned char>>>
251  *get_value() override;
252 };
253 
255  public:
256  static const std::string DEFAULT_ALLOWLIST;
257 
258  private:
259  /*
260  The IP allowlist. It is a list of tuples Hexadecimal IP number
261  and subnet mask also in Hexadecimal. E.g.: 192.168.1.2/24 or 127.0.0.1/32.
262 
263  This is for optimization purposes, so that we don't calculate the
264  values each time we want to check.
265  */
266  std::set<Gcs_ip_allowlist_entry *, Gcs_ip_allowlist_entry_pointer_comparator>
268 
269  /**
270  This is the list that originally submitted to be parsed and to configure
271  the allowlist.
272  */
273  std::string m_original_list;
274 
275  public:
276  Gcs_ip_allowlist() : m_ip_allowlist(), m_original_list() {}
277  virtual ~Gcs_ip_allowlist();
278 
279  /**
280  This member function shall be used to configure the allowlist.
281 
282  @param the_list The list with IP addresses. This list is a comma separated
283  list formatted only with IP addresses and/or in the form of
284  a subnet range, e.g., IP/netbits.
285  @return true if the configuration failed, false otherwise.
286  */
287  bool configure(const std::string &the_list);
288 
289  /**
290  This member function shall be used to validate the list that is used as
291  input to the configure member function.
292 
293  @param the_list The list with IP addresses. This list is a comma separated
294  list formatted only with IP addresses and/or in the form of
295  a subnet range, e.g., IP/netbits.
296 
297  @return true if the configuration failed, false otherwise.
298  */
299  bool is_valid(const std::string &the_list) const;
300 
301  /**
302  This member function SHALL return true if the given IP is to be blocked,
303  false otherwise.
304 
305  @param ip_addr a string representation of an IPv4 address.
306  @param xcom_config the latest XCom configuration.
307 
308  @return true if the ip should be blocked, false otherwise.
309  */
310  bool shall_block(const std::string &ip_addr,
311  site_def const *xcom_config = nullptr) const;
312 
313  /**
314  This member function SHALL return true if the IP of the given file
315  descriptor is to be blocked, false otherwise.
316 
317  @param fd the file descriptor of the accepted socket to check.
318  @param xcom_config the latest XCom configuration.
319 
320  @return true if the ip should be blocked, false otherwise.
321  */
322  bool shall_block(int fd, site_def const *xcom_config = nullptr) const;
323 
324  /**
325  This member function gets the textual representation of the list as
326  provided to the configure member function.
327  */
328  const std::string &get_configured_ip_allowlist() const {
329  return m_original_list;
330  }
331 
332  /**
333  A string representation of the internal list of IP addresses. Can have
334  more addresses than those submitted through the configure member
335  function, since there are addresses that are implicitly added when
336  configuring the list.
337  */
338  std::string to_string() const;
339 
340  private:
341  bool do_check_block(struct sockaddr_storage *sa,
342  site_def const *xcom_config) const;
343  bool do_check_block_allowlist(
344  std::vector<unsigned char> const &incoming_octets) const;
345  bool do_check_block_xcom(std::vector<unsigned char> const &incoming_octets,
346  site_def const *xcom_config) const;
347  bool add_address(std::string addr, std::string mask);
348 
349  /**
350  @brief Clears the contents of this Allowlist object.
351 
352  It deletes all entries and clears the internal set.
353  */
354  void clear();
355 
356  private:
359 };
360 
361 #endif /* GCS_XCOM_NETWORKING_H */
void clear(Shards< COUNT > &shards) noexcept
Clear the counter - reset to 0.
Definition: ut0counter.h:343
Definition: site_struct.h:29
Base abstract class for the allowlist entries.
Definition: gcs_xcom_networking.h:162
ssize_t count
Definition: memcached.c:386
static mi_bit_type mask[]
Definition: mi_packrec.cc:140
std::vector< T, ut_allocator< T > > vector
Specialization of vector which uses ut_allocator.
Definition: ut0new.h:1306
bool get_local_addresses(Gcs_sock_probe_interface &sock_probe, std::map< std::string, int > &out, bool filter_out_inactive=false)
This function gets all network addresses on this host and their subnet masks as a string...
Definition: gcs_xcom_networking.cc:92
Gcs_sock_probe_interface_impl()
Definition: gcs_xcom_networking.h:70
__u_short u_short
Definition: types.h:71
struct sockaddr sockaddr
Definition: sock_probe_win32.cc:63
virtual void close_sock_probe(sock_probe *s)=0
virtual char * get_if_name(sock_probe *s, int count)=0
Gcs_ip_allowlist()
Definition: gcs_xcom_networking.h:276
const std::string & get_configured_ip_allowlist() const
This member function gets the textual representation of the list as provided to the configure member ...
Definition: gcs_xcom_networking.h:328
Implementation of Gcs_ip_allowlist_entry to use with hostnames.
Definition: gcs_xcom_networking.h:243
bool is_valid(const dd::Spatial_reference_system *srs, const Geometry *g, const char *func_name, bool *is_valid) noexcept
Decides if a geometry is valid.
Definition: is_valid.cc:94
bool get_address_for_allowlist(std::string addr, std::string mask, std::pair< std::vector< unsigned char >, std::vector< unsigned char >> &out_pair)
Converts an address in string format (X.X.X.X/XX) into network octet format.
Definition: gcs_xcom_networking.cc:698
bool operator()(const Gcs_ip_allowlist_entry *lhs, const Gcs_ip_allowlist_entry *rhs) const
Definition: gcs_xcom_networking.h:208
virtual ~Gcs_ip_allowlist_entry()
Definition: gcs_xcom_networking.h:172
Definition: sock_probe_ix.cc:53
bool resolve_ip_addr_from_hostname(std::string name, std::vector< std::string > &ip)
This function translates hostname to all possible IP addresses.
Definition: gcs_xcom_networking.cc:257
std::string m_mask
Definition: gcs_xcom_networking.h:204
virtual void get_sockaddr_netmask(sock_probe *s, int count, struct sockaddr **out)=0
Definition: gcs_xcom_networking.h:207
std::set< Gcs_ip_allowlist_entry *, Gcs_ip_allowlist_entry_pointer_comparator > m_ip_allowlist
Definition: gcs_xcom_networking.h:267
Gcs_sock_probe_interface()
Definition: gcs_xcom_networking.h:43
virtual int number_of_interfaces(sock_probe *s)=0
case opt name
Definition: sslopt-case.h:32
Interface to decouple XCom sock_probe implementation to allow unit testing.
Definition: gcs_xcom_networking.h:41
Implementation of Gcs_ip_allowlist_entry to use with raw IP addresses in format X.X.X.X/XX.
Definition: gcs_xcom_networking.h:225
bool resolve_all_ip_addr_from_hostname(std::string name, std::vector< std::pair< sa_family_t, std::string >> &ips)
This function translates hostnames to all possible IP addresses.
Definition: gcs_xcom_networking.cc:299
virtual ~Gcs_sock_probe_interface()
Definition: gcs_xcom_networking.h:44
std::string get_addr() const
Getters.
Definition: gcs_xcom_networking.h:199
virtual void get_sockaddr_address(sock_probe *s, int count, struct sockaddr **out)=0
int bool_t
Definition: types.h:34
Definition: gcs_xcom_networking.h:254
Gcs_sock_probe_interface & operator=(const Gcs_sock_probe_interface &)=default
std::pair< std::vector< unsigned char >, std::vector< unsigned char > > m_value
Definition: gcs_xcom_networking.h:235
std::string get_mask() const
Definition: gcs_xcom_networking.h:200
bool get_local_private_addresses(std::map< std::string, int > &out, bool filter_out_inactive=false)
This function gets all private network addresses and their subnet masks as a string.
Definition: gcs_xcom_networking.cc:208
std::string m_addr
Definition: gcs_xcom_networking.h:203
virtual int init_sock_probe(sock_probe *s)=0
std::string m_original_list
This is the list that originally submitted to be parsed and to configure the allowlist.
Definition: gcs_xcom_networking.h:273
~Gcs_sock_probe_interface_impl() override
Definition: gcs_xcom_networking.h:71
static std::string to_string(const LEX_STRING &str)
Definition: lex_string.h:48
Definition: gcs_xcom_networking.h:68
static const std::string DEFAULT_ALLOWLIST
Definition: gcs_xcom_networking.h:256
virtual bool_t is_if_running(sock_probe *s, int count)=0