MySQL  8.0.21
Source Code Documentation
ssl_acceptor_context_operator.h
Go to the documentation of this file.
1 /* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef SSL_ACCEPTOR_CONTEXT_OPERATOR
24 #define SSL_ACCEPTOR_CONTEXT_OPERATOR
25 
26 #include <my_rcu_lock.h> /* MyRcuLock */
27 #include "sql/ssl_acceptor_context_data.h" /** Ssl_acceptor_context_data */
28 
29 /* Types of supported contexts */
34 };
35 
37 class TLS_channel;
38 
39 /** TLS context access protector */
41  protected:
44  void switch_data(Ssl_acceptor_context_data *new_data);
45 
47 
49 
50  /* F.R.I.E.N.D.S. */
52  friend class TLS_channel;
53 };
54 
57 
58 /** TLS context manager */
59 class TLS_channel {
60  public:
61  /**
62  Initialize the single instance of the acceptor
63 
64  @param [out] out Object initialized by the funciton
65  @param [in] channel Name of the channel
66  @param [in] use_ssl_arg Pass false if you don't want the actual
67  SSL context created
68  (as in when SSL is initially disabled)
69  @param [in] callbacks Handle to the initialization callback object
70  @param [in] db_init Whether database is being initialized or not
71 
72  @returns Initialization status
73  @retval true failure to init
74  @retval false initialized ok
75 */
76  static bool singleton_init(Ssl_acceptor_context_container **out,
77  std::string channel, bool use_ssl_arg,
78  Ssl_init_callback *callbacks, bool db_init);
79 
80  /**
81  De-initialize the single instance of the acceptor
82 
83  @param [in] container TLS acceptor context object
84  */
85  static void singleton_deinit(Ssl_acceptor_context_container *container);
86  /**
87  Re-initialize the single instance of the acceptor
88 
89  @param [in,out] container TLS acceptor context object
90  @param [in] channel Name of the channel
91  @param [in] callbacks Handle to the initialization callback object
92  @param [out] error SSL Error information
93  @param [in] force Activate the SSL settings even if this will lead
94  to disabling SSL
95  */
96  static void singleton_flush(Ssl_acceptor_context_container *container,
97  std::string channel, Ssl_init_callback *callbacks,
98  enum enum_ssl_init_error *error, bool force);
99 };
100 
102 
103 /** TLS context access wrapper for ease of use */
105  public:
107  : read_lock_(context->lock_) {}
109 
110  /** Access protected @ref Ssl_acceptor_context_data */
111  operator const Ssl_acceptor_context_data *() {
112  const Ssl_acceptor_context_data *c = read_lock_;
113  return c;
114  }
115 
116  /**
117  Access to the SSL_CTX from the protected @ref Ssl_acceptor_context_data
118  */
119  operator SSL_CTX *() {
120  const Ssl_acceptor_context_data *c = read_lock_;
121  return c->ssl_acceptor_fd_->ssl_context;
122  }
123 
124  /**
125  Access to the SSL from the protected @ref Ssl_acceptor_context_data
126  */
127  operator SSL *() {
128  const Ssl_acceptor_context_data *c = read_lock_;
129  return c->acceptor_;
130  }
131 
132  /**
133  Access to st_VioSSLFd from the protected @ref Ssl_acceptor_context_data
134  */
135  operator struct st_VioSSLFd *() {
136  const Ssl_acceptor_context_data *c = read_lock_;
137  return c->ssl_acceptor_fd_;
138  }
139 
140  /**
141  Fetch given property from underlying TLS context
142 
143  @param [in] property_type Property to be fetched
144 
145  @returns Value of property for given context. Empty in case of failure.
146  */
147  std::string show_property(Ssl_acceptor_context_property_type property_type);
148 
149  /**
150  Fetch channel name
151 
152  @returns Name of underlying channel
153  */
154  std::string channel_name();
155 
156  /**
157  TLS context validity
158 
159  @returns Validity of TLS context
160  @retval true Valid
161  @retval false Invalid
162  */
163  bool have_ssl();
164 
165  private:
166  /** Read lock over TLS context */
168 };
169 
170 bool have_ssl();
171 
172 #endif // SSL_ACCEPTOR_CONTEXT_OPERATOR
SSL_CTX * ssl_context
Definition: violite.h:255
Definition: ssl_init_callback.h:57
app_data_ptr new_data(u_int n, char *val, cons_type consensus)
Definition: app_data.cc:360
Ssl_acceptor_context_data_lock::ReadLock read_lock_
Read lock over TLS context.
Definition: ssl_acceptor_context_operator.h:167
static constexpr Flags SSL(1<< 11)
enum_ssl_init_error
Definition: violite.h:235
Definition: task.h:437
High level read API for readers.
Definition: my_rcu_lock.h:111
Container of SSL Acceptor context data.
Definition: ssl_acceptor_context_data.h:102
Ssl_acceptor_context_container * mysql_main
Definition: ssl_acceptor_context_operator.cc:31
TLS context manager.
Definition: ssl_acceptor_context_operator.h:59
Ssl_acceptor_context_data_lock * lock_
Definition: ssl_acceptor_context_operator.h:48
bool have_ssl()
Definition: ssl_acceptor_context_operator.cc:130
Ssl_acceptor_context_container * mysql_admin
Definition: ssl_acceptor_context_operator.cc:32
Definition: violite.h:254
A class that implements a limited version of the Read-Copy-Update lock pattern.
Definition: my_rcu_lock.h:78
TLS context access protector.
Definition: ssl_acceptor_context_operator.h:40
Lock_and_access_ssl_acceptor_context(Ssl_acceptor_context_container *context)
Definition: ssl_acceptor_context_operator.h:106
container
Following are enums defining column IDs indexing into each of three system tables.
Definition: innodb_config.h:78
~Lock_and_access_ssl_acceptor_context()
Definition: ssl_acceptor_context_operator.h:108
Ssl_acceptor_context_type
Ssl_acceptor_context_data.
Definition: ssl_acceptor_context_operator.h:30
TLS context access wrapper for ease of use.
Definition: ssl_acceptor_context_operator.h:104
struct st_VioSSLFd * ssl_acceptor_fd_
SSL_CTX barerer.
Definition: ssl_acceptor_context_data.h:194
Ssl_acceptor_context_property_type
Properties exposed by Ssl Acceptor context.
Definition: ssl_acceptor_context_data.h:43
static const sasl_callback_t callbacks[]
Definition: auth_ldap_sasl_client.h:44
SSL * acceptor_
An SSL for ssl_acceptor_fd_ to allow access to parameters not in SSL_CTX to be available even if the ...
Definition: ssl_acceptor_context_data.h:201