MCOL-497 securing mysql connection with TLS in crossengine and querystats code.

utils/CMakeLists.txt

@@ -24,3 +24,4 @@ add_subdirectory(winport)
 add_subdirectory(thrift)
 add_subdirectory(querytele)
 add_subdirectory(clusterTester)
+add_subdirectory(libmysql_client)

utils/libmysql_client/CMakeLists.txt

@@ -0,0 +1,13 @@
+
+include_directories( ${ENGINE_COMMON_INCLUDES} )
+
+########### next target ###############
+
+set(libmysql_client_LIB_SRCS libmysql_client.cpp)
+
+add_library(libmysql_client SHARED ${libmysql_client_LIB_SRCS})
+
+set_target_properties(libmysql_client PROPERTIES VERSION 1.0.0 SOVERSION 1)
+
+install(TARGETS libmysql_client DESTINATION ${ENGINE_LIBDIR} COMPONENT libs)
+

utils/libmysql_client/libmysql_client.cpp

@@ -0,0 +1,144 @@
+/* Copyright (C) 2014 InfiniDB, Inc.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; version 2 of
+   the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+   MA 02110-1301, USA. */
+
+#include <unistd.h>
+//#define NDEBUG
+#include <cassert>
+#include <sstream>
+#include <iomanip>
+using namespace std;
+
+#include "idberrorinfo.h"
+using namespace logging;
+
+#include "liboamcpp.h"
+
+#include "libmysql_client.h"
+
+namespace utils
+{
+
+LibMySQL::LibMySQL() : fCon(NULL), fRes(NULL)
+{
+}
+
+
+LibMySQL::~LibMySQL()
+{
+    if (fRes)
+    {
+        mysql_free_result(fRes);
+    }
+
+    fRes = NULL;
+
+    if (fCon)
+    {
+        mysql_close(fCon);
+    }
+
+    fCon = NULL;
+}
+
+
+int LibMySQL::init(const char* h, unsigned int p, const char* u, const char* w, const char* d)
+{
+    int ret = 0;
+
+    fCon = mysql_init(NULL);
+
+    oam::Oam oam;
+    oam::oamModuleInfo_t moduleInfo;
+    moduleInfo = oam.getModuleInfo();
+    string moduleName = boost::get<0>(moduleInfo);
+    int serverTypeInstall = boost::get<5>(moduleInfo);
+
+    // This is single server installation so use um1 instead of pm1.
+    if ( serverTypeInstall == 2 )
+        moduleName.assign("um1");
+
+    oam::ModuleConfig moduleconfig;
+    oam.getSystemConfig(moduleName, moduleconfig);
+
+    if (!(moduleconfig.TLSCA.empty() || moduleconfig.TLSClientCert.empty() || moduleconfig.TLSClientKey.empty()))
+    {
+        mysql_ssl_set(fCon, moduleconfig.TLSClientKey.c_str(), moduleconfig.TLSClientCert.c_str(),
+             moduleconfig.TLSCA.c_str(), NULL, NULL);
+    }
+
+    if (fCon != NULL)
+    {
+        unsigned int tcp_option = MYSQL_PROTOCOL_TCP;
+        mysql_options(fCon, MYSQL_OPT_PROTOCOL, &tcp_option);
+
+        if (mysql_real_connect(fCon, h, u, w, d, p, NULL, 0) == NULL)
+        {
+            fErrStr = "fatal error running mysql_real_connect() in libmysql_client lib";
+            ret = mysql_errno(fCon);
+        }
+        else
+        {
+            mysql_set_character_set(fCon, "utf8");
+        }
+    }
+    else
+    {
+        fErrStr = "fatal error running mysql_init() in libmysql_client lib";
+        ret = -1;
+    }
+
+    return ret;
+}
+
+
+int LibMySQL::run(const char* query)
+{
+    int ret = 0;
+
+    if (mysql_real_query(fCon, query, strlen(query)) != 0)
+    {
+        fErrStr = "fatal error runing mysql_real_query() in libmysql_client lib";
+        ret = -1;
+    }
+
+    fRes = mysql_use_result(fCon);
+
+    if (fRes == NULL)
+    {
+        fErrStr = "fatal error running mysql_use_result() or empty result set in libmysql_client lib";
+        ret = -1;
+    }
+
+    return ret;
+}
+
+void LibMySQL::handleMySqlError(const char* errStr, unsigned int errCode) 
+{
+    ostringstream oss;
+    oss << errStr << "(" << errCode << ")";
+
+    if (errCode == (unsigned int) - 1)
+        oss << "(null pointer)";
+    else
+        oss << "(" << errCode << ")";
+
+    throw IDBExcept(oss.str(), ERR_CROSS_ENGINE_CONNECT);
+
+    return;
+}
+
+} // namespace

utils/libmysql_client/libmysql_client.h

@@ -0,0 +1,89 @@
+/* Copyright (C) 2014 InfiniDB, Inc.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; version 2 of
+   the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+   MA 02110-1301, USA. */
+
+#ifndef UTILS_LIBMYSQL_CL_H
+#define UTILS LIBMYSQL_CL_H
+
+#include <my_config.h>
+#include <mysql.h>
+
+#include <boost/scoped_array.hpp>
+
+namespace utils
+{
+
+class LibMySQL
+{
+public:
+    LibMySQL();
+    ~LibMySQL();
+
+    // init:   host          port        username      passwd         db
+    int init(const char*, unsigned int, const char*, const char*, const char*);
+
+    // run the query
+    int run(const char* q);
+
+    void handleMySqlError(const char*, unsigned int);
+
+    MYSQL* getMySqlCon()
+    {
+        return fCon;
+    }
+    int getFieldCount()
+    {
+        return mysql_num_fields(fRes);
+    }
+    int getRowCount()
+    {
+        return mysql_num_rows(fRes);
+    }
+    char** nextRow()
+    {
+        char** row = mysql_fetch_row(fRes);
+        fieldLengths = mysql_fetch_lengths(fRes);
+        fFields = mysql_fetch_fields(fRes);
+        return row;
+    }
+    long getFieldLength(int field)
+    {
+        return fieldLengths[field];
+    }
+    MYSQL_FIELD* getField(int field)
+    {
+        return &fFields[field];
+    }
+    const std::string& getError()
+    {
+        return fErrStr;
+    }
+
+private:
+    MYSQL*          fCon;
+    MYSQL_RES*      fRes;
+    MYSQL_FIELD*    fFields;
+    std::string     fErrStr;
+    unsigned long*  fieldLengths;
+};
+
+} // namespace
+
+
+
+#endif  // UTILS_LIBMYSQL_CL_H
+
+// vim:ts=4 sw=4:

utils/querystats/querystats.cpp

@@ -37,6 +37,8 @@ using namespace joblist;
 #include "errorids.h"
 using namespace logging;
 
+#include "libmysql_client.h"
+
 #include "querystats.h"
 
 namespace querystats
@@ -44,21 +46,6 @@ namespace querystats
 
 const string SCHEMA = "infinidb_querystats";
 
-struct IDB_MySQL
-{
-    IDB_MySQL(): fCon(NULL), fRes(NULL) {}
-    ~IDB_MySQL()
-    {
-        if (fRes)
-            mysql_free_result(fRes);
-
-        if (fCon)
-            mysql_close(fCon);
-    }
-    MYSQL* fCon;
-    MYSQL_RES* fRes;
-};
-
 QueryStats::QueryStats()
 {
     reset();
@@ -197,6 +184,7 @@ void QueryStats::insert()
         return;
 
     // get configure for every query to allow only changing of connect info
+    int ret;
     string host, user, pwd;
     uint32_t port;
 
@@ -205,23 +193,17 @@ void QueryStats::insert()
                         ERR_CROSS_ENGINE_CONFIG);
 
     // insert stats to querystats table
-    IDB_MySQL mysql;
+    utils::LibMySQL mysql;
 
-    mysql.fCon = mysql_init(NULL);
+    ret = mysql.init(host.c_str(), port, user.c_str(), pwd.c_str(),
+                     SCHEMA.c_str());
 
-    if (mysql.fCon == NULL)
-        handleMySqlError("fatal error initializing querystats lib", -1);
-
-    unsigned int tcp_option = MYSQL_PROTOCOL_TCP;
-    mysql_options(mysql.fCon, MYSQL_OPT_PROTOCOL, &tcp_option);
-
-    if (mysql_real_connect(mysql.fCon, host.c_str(), user.c_str(), pwd.c_str(),
-                           SCHEMA.c_str(), port, NULL, 0) == NULL)
-        handleMySqlError("fatal error setting up parms in querystats lib", mysql_errno(mysql.fCon));
+    if (ret != 0) 
+        mysql.handleMySqlError(mysql.getError().c_str(), ret);
 
     // escape quote characters
     boost::scoped_array<char> query(new char[fQuery.length() * 2 + 1]);
-    mysql_real_escape_string(mysql.fCon, query.get(), fQuery.c_str(), fQuery.length());
+    mysql_real_escape_string(mysql.getMySqlCon(), query.get(), fQuery.c_str(), fQuery.length());
 
     ostringstream insert;
     insert << "insert into querystats values (0, ";
@@ -246,19 +228,10 @@ void QueryStats::insert()
     insert << fNumFiles << ", ";
     insert << fFileBytes << ")"; // the last 2 fields are not populated yet
 
-    int ret = mysql_real_query(mysql.fCon, insert.str().c_str(), insert.str().length());
+    ret = mysql.run(insert.str().c_str());
 
     if (ret != 0)
-        handleMySqlError("fatal error executing query in querystats lib", ret);
-}
-
-void QueryStats::handleMySqlError(const char* errStr, unsigned int errCode)
-{
-    ostringstream oss;
-    oss << errStr << " (" << errCode << ")";
-    Message::Args args;
-    args.add(oss.str());
-    throw IDBExcept(ERR_CROSS_ENGINE_CONNECT, args);
+        mysql.handleMySqlError(mysql.getError().c_str(), ret);
 }
 
 uint32_t QueryStats::userPriority(string _host, const string _user)
@@ -288,22 +261,18 @@ uint32_t QueryStats::userPriority(string _host, const string _user)
                         ERR_CROSS_ENGINE_CONFIG);
 
     // get user priority
-    IDB_MySQL mysql;
-    mysql.fCon = mysql_init(NULL);
+    utils::LibMySQL mysql;
 
-    if (mysql.fCon == NULL)
-        handleMySqlError("fatal error initializing querystats lib", -1);
+    int ret;
+    ret = mysql.init(host.c_str(), port, user.c_str(), pwd.c_str(),
+                     SCHEMA.c_str());
 
-    unsigned int tcp_option = MYSQL_PROTOCOL_TCP;
-    mysql_options(mysql.fCon, MYSQL_OPT_PROTOCOL, &tcp_option);
-
-    if (mysql_real_connect(mysql.fCon, host.c_str(), user.c_str(), pwd.c_str(),
-                           SCHEMA.c_str(), port, NULL, 0) == NULL)
-        handleMySqlError("fatal error connecting to InfiniDB in querystats lib", mysql_errno(mysql.fCon));
+    if (ret != 0) 
+        mysql.handleMySqlError(mysql.getError().c_str(), ret);
 
     // get the part of host string befor ':' if there is.
     size_t pos = _host.find(':', 0);
-
+ 
     if (pos != string::npos)
         _host = _host.substr(0, pos);
 
@@ -318,28 +287,19 @@ uint32_t QueryStats::userPriority(string _host, const string _user)
           << _user
           << "') and upper(a.priority) = upper(b.priority)";
 
-    int ret = mysql_real_query(mysql.fCon, query.str().c_str(), query.str().length());
+    ret = mysql.run(query.str().c_str());
+    if (ret != 0) 
+        mysql.handleMySqlError(mysql.getError().c_str(), ret);
 
-    if (ret != 0)
-        handleMySqlError("fatal error executing query in querystats lib", ret);
-
-    // Using mysql_store_result here as for mysql_use_result we would need to get every row
-    // Maybe limit 1 on the query in the future?
-    mysql.fRes = mysql_store_result(mysql.fCon);
-
-    if (mysql.fRes == NULL)
-        handleMySqlError("fatal error reading results from InfiniDB in querystats lib", mysql_errno(mysql.fCon));
-
-    // only fetch one row. if duplicate user name in the table, the first one will be got.
-    MYSQL_ROW row;
-    row = mysql_fetch_row(mysql.fRes);
-
-    if (row)
+    char** rowIn;
+    rowIn = mysql.nextRow();
+ 
+    if(rowIn)
     {
-        fPriority = row[0];
-        fPriorityLevel = atoi(row[1]);
+        fPriority = rowIn[0];
+        fPriorityLevel = atoi(rowIn[1]);
     }
-
+ 
     return fPriorityLevel;
 }
 

utils/querystats/querystats.h

@@ -127,7 +127,6 @@ struct QueryStats
      modified accordingly.
     */
     void insert();
-    void handleMySqlError(const char*, unsigned int);
 
     /* User mysql API to query priority table and get this user's assigned priority */
     uint32_t userPriority(std::string host, const std::string user);