The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
rlm_sql_mysql.c
Go to the documentation of this file.
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or (at
5  * your option) any later version.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15  */
16 
17 /**
18  * $Id: 3920a7af012a0bf141e30ff305369e4b7aaf7b6b $
19  * @file rlm_sql_mysql.c
20  * @brief MySQL driver.
21  *
22  * @copyright 2014-2015 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
23  * @copyright 2000-2007,2015 The FreeRADIUS server project
24  * @copyright 2000 Mike Machado (mike@innercite.com)
25  * @copyright 2000 Alan DeKok (aland@freeradius.org)
26  */
27 RCSID("$Id: 3920a7af012a0bf141e30ff305369e4b7aaf7b6b $")
28 
29 #define LOG_PREFIX log_prefix
30 
31 #include <freeradius-devel/server/base.h>
32 #include <freeradius-devel/util/debug.h>
33 
34 #include <sys/stat.h>
35 
36 #include "config.h"
37 
38 #ifdef HAVE_MYSQL_MYSQL_H
39 # include <mysql/errmsg.h>
40 DIAG_OFF(strict-prototypes) /* Seen with homebrew mysql client 5.7.13 */
41 # include <mysql/mysql.h>
42 DIAG_ON(strict-prototypes)
43 # include <mysql/mysqld_error.h>
44 #elif defined(HAVE_MYSQL_H)
45 # include <errmsg.h>
46 DIAG_OFF(strict-prototypes) /* Seen with homebrew mysql client 5.7.13 */
47 # include <mysql.h>
48 DIAG_ON(strict-prototypes)
49 # include <mysqld_error.h>
50 #endif
51 
52 #include "rlm_sql.h"
53 #include "rlm_sql_trunk.h"
54 
55 typedef enum {
56  SERVER_WARNINGS_AUTO = 0,
57  SERVER_WARNINGS_YES,
58  SERVER_WARNINGS_NO
59 } rlm_sql_mysql_warnings;
60 
61 static fr_table_num_sorted_t const server_warnings_table[] = {
62  { L("auto"), SERVER_WARNINGS_AUTO },
63  { L("no"), SERVER_WARNINGS_NO },
64  { L("yes"), SERVER_WARNINGS_YES }
65 };
66 static size_t server_warnings_table_len = NUM_ELEMENTS(server_warnings_table);
67 
68 typedef struct {
69  MYSQL db; //!< Structure representing connection details.
70  MYSQL *sock; //!< Connection details as returned by connection init functions.
71  MYSQL_RES *result; //!< Result from most recent query.
72  connection_t *conn; //!< Generic connection structure for this connection.
73  int fd; //!< fd for this connection's I/O events.
74  fr_sql_query_t *query_ctx; //!< Current query running on this connection.
75  int status; //!< returned by the most recent non-blocking function call.
76 } rlm_sql_mysql_conn_t;
77 
78 typedef struct {
79  char const *tls_ca_file; //!< Path to the CA used to validate the server's certificate.
80  char const *tls_ca_path; //!< Directory containing CAs that may be used to validate the
81  //!< servers certificate.
82  char const *tls_certificate_file; //!< Public certificate we present to the server.
83  char const *tls_private_key_file; //!< Private key for the certificate we present to the server.
84 
85  char const *tls_crl_file; //!< Public certificate we present to the server.
86  char const *tls_crl_path; //!< Private key for the certificate we present to the server.
87 
88  char const *tls_cipher; //!< Colon separated list of TLS ciphers for TLS <= 1.2.
89 
90  bool tls_required; //!< Require that the connection is encrypted.
91  bool tls_check_cert; //!< Verify there's a trust relationship between the server's
92  ///< cert and one of the CAs we have configured.
93  bool tls_check_cert_cn; //!< Verify that the CN in the server cert matches the host
94  ///< we passed to mysql_real_connect().
95 
96  char const *warnings_str; //!< Whether we always query the server for additional warnings.
97  rlm_sql_mysql_warnings warnings; //!< mysql_warning_count() doesn't
98  //!< appear to work with NDB cluster
99 
100  char const *character_set; //!< Character set to use on connections.
101 } rlm_sql_mysql_t;
102 
103 static conf_parser_t tls_config[] = {
104  { FR_CONF_OFFSET_FLAGS("ca_file", CONF_FLAG_FILE_INPUT, rlm_sql_mysql_t, tls_ca_file) },
105  { FR_CONF_OFFSET_FLAGS("ca_path", CONF_FLAG_FILE_INPUT, rlm_sql_mysql_t, tls_ca_path) },
106  { FR_CONF_OFFSET_FLAGS("certificate_file", CONF_FLAG_FILE_INPUT, rlm_sql_mysql_t, tls_certificate_file) },
107  { FR_CONF_OFFSET_FLAGS("private_key_file", CONF_FLAG_FILE_INPUT, rlm_sql_mysql_t, tls_private_key_file) },
108  { FR_CONF_OFFSET_FLAGS("crl_file", CONF_FLAG_FILE_INPUT, rlm_sql_mysql_t, tls_crl_file) },
109  { FR_CONF_OFFSET_FLAGS("crl_path", CONF_FLAG_FILE_INPUT, rlm_sql_mysql_t, tls_crl_path) },
110  /*
111  * MySQL Specific TLS attributes
112  */
113  { FR_CONF_OFFSET("cipher", rlm_sql_mysql_t, tls_cipher) },
114 
115  /*
116  * The closest thing we have to these options in other modules is
117  * in rlm_rest. rlm_ldap has its own bizarre option set.
118  *
119  * There, the options can be toggled independently, here they can't
120  * but for consistency we break them out anyway, and warn if the user
121  * has provided an invalid list of flags.
122  */
123  { FR_CONF_OFFSET("tls_required", rlm_sql_mysql_t, tls_required) },
124  { FR_CONF_OFFSET("check_cert", rlm_sql_mysql_t, tls_check_cert) },
125  { FR_CONF_OFFSET("check_cert_cn", rlm_sql_mysql_t, tls_check_cert_cn) },
126  CONF_PARSER_TERMINATOR
127 };
128 
129 static const conf_parser_t driver_config[] = {
130  { FR_CONF_POINTER("tls", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) tls_config },
131 
132  { FR_CONF_OFFSET("warnings", rlm_sql_mysql_t, warnings_str), .dflt = "auto" },
133  { FR_CONF_OFFSET("character_set", rlm_sql_mysql_t, character_set) },
134  CONF_PARSER_TERMINATOR
135 };
136 
137 /* Prototypes */
138 static sql_rcode_t sql_free_result(fr_sql_query_t *, rlm_sql_config_t const *);
139 
140 static int mod_instantiate(module_inst_ctx_t const *mctx)
141 {
142  rlm_sql_mysql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_mysql_t);
143  int warnings;
144  char const *log_prefix = mctx->mi->name;
145 
146  warnings = fr_table_value_by_str(server_warnings_table, inst->warnings_str, -1);
147  if (warnings < 0) {
148  ERROR("Invalid warnings value \"%s\", must be yes, no, or auto", inst->warnings_str);
149  return -1;
150  }
151  inst->warnings = (rlm_sql_mysql_warnings)warnings;
152 
153  if (inst->tls_check_cert && !inst->tls_required) {
154  WARN("Implicitly setting tls_required = yes, as tls_check_cert = yes");
155  inst->tls_required = true;
156  }
157  if (inst->tls_check_cert_cn) {
158  if (!inst->tls_required) {
159  WARN("Implicitly setting tls_required = yes, as check_cert_cn = yes");
160  inst->tls_required = true;
161  }
162 
163  if (!inst->tls_check_cert) {
164  WARN("Implicitly setting check_cert = yes, as check_cert_cn = yes");
165  inst->tls_check_cert = true;
166  }
167  }
168  return 0;
169 }
170 
171 static void mod_unload(void)
172 {
173  mysql_library_end();
174 }
175 
176 static int mod_load(void)
177 {
178  char const *log_prefix = "rlm_sql_mysql";
179  if (mysql_library_init(0, NULL, NULL)) {
180  ERROR("libmysql initialisation failed");
181 
182  return -1;
183  }
184 
185  INFO("libmysql version: %s", mysql_get_client_info());
186 
187  return 0;
188 }
189 
190 /** Callback for I/O events in response to mysql_real_connect_start()
191  */
192 static void _sql_connect_io_notify(fr_event_list_t *el, int fd, UNUSED int flags, void *uctx)
193 {
194  rlm_sql_mysql_conn_t *c = talloc_get_type_abort(uctx, rlm_sql_mysql_conn_t);
195  char const *log_prefix = c->conn->name;
196 
197  fr_event_fd_delete(el, fd, FR_EVENT_FILTER_IO);
198 
199  if (c->status == 0) goto connected;
200  c->status = mysql_real_connect_cont(&c->sock, &c->db, c->status);
201 
202  /*
203  * If status is not zero, we're still waiting for something.
204  * The event will be fired again when that happens.
205  */
206  if (c->status != 0) {
207  (void) fr_event_fd_insert(c, NULL, c->conn->el, c->fd,
208  c->status & MYSQL_WAIT_READ ? _sql_connect_io_notify : NULL,
209  c->status & MYSQL_WAIT_WRITE ? _sql_connect_io_notify : NULL, NULL, c);
210  return;
211  }
212 
213 connected:
214  if (!c->sock) {
215  ERROR("MySQL error: %s", mysql_error(&c->db));
216  connection_signal_reconnect(c->conn, CONNECTION_FAILED);
217  return;
218  }
219 
220  DEBUG2("Connected to database on %s, server version %s, protocol version %i",
221  mysql_get_host_info(c->sock),
222  mysql_get_server_info(c->sock), mysql_get_proto_info(c->sock));
223 
224  connection_signal_connected(c->conn);
225 }
226 
227 static void _sql_connect_query_run(connection_t *conn, UNUSED connection_state_t prev,
228  UNUSED connection_state_t state, void *uctx)
229 {
230  rlm_sql_t const *sql = talloc_get_type_abort_const(uctx, rlm_sql_t);
231  rlm_sql_mysql_conn_t *sql_conn = talloc_get_type_abort(conn->h, rlm_sql_mysql_conn_t);
232  char const *log_prefix = conn->name;
233  int ret;
234  MYSQL_RES *result;
235 
236  DEBUG2("Executing \"%s\"", sql->config.connect_query);
237 
238  ret = mysql_real_query(sql_conn->sock, sql->config.connect_query, strlen(sql->config.connect_query));
239  if (ret != 0) {
240  char const *info;
241  ERROR("Failed running \"open_query\"");
242  info = mysql_info(sql_conn->sock);
243  if (info) ERROR("%s", info);
244  connection_signal_reconnect(conn, CONNECTION_FAILED);
245  return;
246  }
247 
248  /*
249  * These queries should not return any results - but let's be safe
250  */
251  result = mysql_store_result(sql_conn->sock);
252  if (result) mysql_free_result(result);
253  while ((mysql_next_result(sql_conn->sock) == 0) &&
254  (result = mysql_store_result(sql_conn->sock))) {
255  mysql_free_result(result);
256  }
257 }
258 
259 CC_NO_UBSAN(function) /* UBSAN: false positive - public vs private connection_t trips --fsanitize=function*/
260 static connection_state_t _sql_connection_init(void **h, connection_t *conn, void *uctx)
261 {
262  rlm_sql_t const *sql = talloc_get_type_abort_const(uctx, rlm_sql_t);
263  rlm_sql_mysql_t const *inst = talloc_get_type_abort(sql->driver_submodule->data, rlm_sql_mysql_t);
264  char const *log_prefix = conn->name;
265  rlm_sql_mysql_conn_t *c;
266  rlm_sql_config_t const *config = &sql->config;
267 
268  unsigned long sql_flags;
269  enum mysql_option ssl_mysql_opt;
270  unsigned int ssl_mode = 0;
271  bool ssl_mode_isset = false;
272 
273  MEM(c = talloc_zero(conn, rlm_sql_mysql_conn_t));
274  c->conn = conn;
275  c->fd = -1;
276 
277  DEBUG("Starting connect to MySQL server");
278 
279  mysql_init(&c->db);
280 
281  /*
282  * If any of the TLS options are set, configure TLS
283  *
284  * According to MySQL docs this function always returns 0, so we won't
285  * know if ssl setup succeeded until mysql_real_connect is called below.
286  */
287  if (inst->tls_ca_file || inst->tls_ca_path ||
288  inst->tls_certificate_file || inst->tls_private_key_file) {
289  mysql_ssl_set(&(c->db), inst->tls_private_key_file, inst->tls_certificate_file,
290  inst->tls_ca_file, inst->tls_ca_path, inst->tls_cipher);
291  }
292 
293 #ifdef MARIADB_BASE_VERSION
294  if (inst->tls_required || inst->tls_check_cert || inst->tls_check_cert_cn) {
295  ssl_mode_isset = true;
296  /**
297  * For MariaDB, It should be true as can be seen in
298  * https://github.com/MariaDB/server/blob/mariadb-5.5.68/sql-common/client.c#L4338
299  */
300  ssl_mode = true;
301  ssl_mysql_opt = MYSQL_OPT_SSL_VERIFY_SERVER_CERT;
302  }
303 #else
304  ssl_mysql_opt = MYSQL_OPT_SSL_MODE;
305  if (inst->tls_required) {
306  ssl_mode = SSL_MODE_REQUIRED;
307  ssl_mode_isset = true;
308  }
309  if (inst->tls_check_cert) {
310  ssl_mode = SSL_MODE_VERIFY_CA;
311  ssl_mode_isset = true;
312  }
313  if (inst->tls_check_cert_cn) {
314  ssl_mode = SSL_MODE_VERIFY_IDENTITY;
315  ssl_mode_isset = true;
316  }
317 #endif
318  if (ssl_mode_isset) mysql_options(&(c->db), ssl_mysql_opt, &ssl_mode);
319 
320  if (inst->tls_crl_file) mysql_options(&(c->db), MYSQL_OPT_SSL_CRL, inst->tls_crl_file);
321  if (inst->tls_crl_path) mysql_options(&(c->db), MYSQL_OPT_SSL_CRLPATH, inst->tls_crl_path);
322 
323  mysql_options(&(c->db), MYSQL_READ_DEFAULT_GROUP, "freeradius");
324 
325  if (inst->character_set) mysql_options(&(c->db), MYSQL_SET_CHARSET_NAME, inst->character_set);
326 
327 #if MYSQL_VERSION_ID < 80034
328  /*
329  * We need to know about connection errors, and are capable
330  * of reconnecting automatically.
331  *
332  * This deprecated as of 8.0.34.
333  */
334  {
335  bool reconnect = 0;
336  mysql_options(&(c->db), MYSQL_OPT_RECONNECT, &reconnect);
337  }
338 #endif
339 
340  sql_flags = CLIENT_MULTI_RESULTS | CLIENT_FOUND_ROWS;
341 
342 #ifdef CLIENT_MULTI_STATEMENTS
343  sql_flags |= CLIENT_MULTI_STATEMENTS;
344 #endif
345 
346  mysql_options(&c->db, MYSQL_OPT_NONBLOCK, 0);
347 
348  c->status = mysql_real_connect_start(&c->sock, &c->db,
349  config->sql_server,
350  config->sql_login,
351  config->sql_password,
352  config->sql_db,
353  config->sql_port, NULL, sql_flags);
354 
355  c->fd = mysql_get_socket(&c->db);
356 
357  if (c->fd <= 0) {
358  ERROR("Could't connect to MySQL server %s@%s:%s", config->sql_login,
359  config->sql_server, config->sql_db);
360  ERROR("MySQL error: %s", mysql_error(&c->db));
361  error:
362  talloc_free(c);
363  return CONNECTION_STATE_FAILED;
364  }
365 
366  if (c->status == 0) {
367  DEBUG2("Connected to database '%s' on %s, server version %s, protocol version %i",
368  config->sql_db, mysql_get_host_info(c->sock),
369  mysql_get_server_info(c->sock), mysql_get_proto_info(c->sock));
370  goto finish;
371  }
372 
373  if (fr_event_fd_insert(c, NULL, c->conn->el, c->fd,
374  c->status & MYSQL_WAIT_READ ? _sql_connect_io_notify : NULL,
375  c->status & MYSQL_WAIT_WRITE ? _sql_connect_io_notify : NULL, NULL, c) != 0) goto error;
376 
377  DEBUG2("Connecting to database '%s' on %s:%d, fd %d",
378  config->sql_db, config->sql_server, config->sql_port, c->fd);
379 
380 finish:
381  *h = c;
382 
383  if (config->connect_query) connection_add_watch_post(conn, CONNECTION_STATE_CONNECTED,
384  _sql_connect_query_run, true, sql);
385 
386  return c->status == 0 ? CONNECTION_STATE_CONNECTED : CONNECTION_STATE_CONNECTING;
387 }
388 
389 static void _sql_connection_close(fr_event_list_t *el, void *h, UNUSED void *uctx)
390 {
391  rlm_sql_mysql_conn_t *c = talloc_get_type_abort(h, rlm_sql_mysql_conn_t);
392 
393  if (c->fd >= 0) {
394  fr_event_fd_delete(el, c->fd, FR_EVENT_FILTER_IO);
395  c->fd = -1;
396  }
397  mysql_close(&c->db);
398  c->query_ctx = NULL;
399  talloc_free(h);
400 }
401 
402 /** Analyse the last error that occurred on the socket, and determine an action
403  *
404  * @param server Socket from which to extract the server error. May be NULL.
405  * @param client_errno Error from the client.
406  * @return an action for #rlm_sql_t to take.
407  */
408 static sql_rcode_t sql_check_error(MYSQL *server, int client_errno)
409 {
410  int sql_errno = 0;
411 
412  /*
413  * The client and server error numbers are in the
414  * same numberspace.
415  */
416  if (server) sql_errno = mysql_errno(server);
417  if ((sql_errno == 0) && (client_errno != 0)) sql_errno = client_errno;
418 
419  if (sql_errno > 0) switch (sql_errno) {
420  case CR_SERVER_GONE_ERROR:
421  case CR_SERVER_LOST:
422  return RLM_SQL_RECONNECT;
423 
424  case CR_OUT_OF_MEMORY:
425  case CR_COMMANDS_OUT_OF_SYNC:
426  case CR_UNKNOWN_ERROR:
427  default:
428  return RLM_SQL_ERROR;
429 
430  /*
431  * Constraints errors that signify a duplicate, or that we might
432  * want to try an alternative query.
433  *
434  * Error constants not found in the 3.23/4.0/4.1 manual page
435  * are checked for.
436  * Other error constants should always be available.
437  */
438  case ER_DUP_UNIQUE: /* Can't write, because of unique constraint, to table '%s'. */
439  case ER_DUP_KEY: /* Can't write; duplicate key in table '%s' */
440 
441  case ER_DUP_ENTRY: /* Duplicate entry '%s' for key %d. */
442  case ER_NO_REFERENCED_ROW: /* Cannot add or update a child row: a foreign key constraint fails */
443  case ER_ROW_IS_REFERENCED: /* Cannot delete or update a parent row: a foreign key constraint fails */
444 #ifdef ER_FOREIGN_DUPLICATE_KEY
445  case ER_FOREIGN_DUPLICATE_KEY: /* Upholding foreign key constraints for table '%s', entry '%s', key %d would lead to a duplicate entry. */
446 #endif
447 #ifdef ER_DUP_ENTRY_WITH_KEY_NAME
448  case ER_DUP_ENTRY_WITH_KEY_NAME: /* Duplicate entry '%s' for key '%s' */
449 #endif
450 #ifdef ER_NO_REFERENCED_ROW_2
451  case ER_NO_REFERENCED_ROW_2:
452 #endif
453 #ifdef ER_ROW_IS_REFERENCED_2
454  case ER_ROW_IS_REFERENCED_2:
455 #endif
456  return RLM_SQL_ALT_QUERY;
457 
458  /*
459  * Constraints errors that signify an invalid query
460  * that can never succeed.
461  */
462  case ER_BAD_NULL_ERROR: /* Column '%s' cannot be null */
463  case ER_NON_UNIQ_ERROR: /* Column '%s' in %s is ambiguous */
464  return RLM_SQL_QUERY_INVALID;
465 
466  /*
467  * Constraints errors that signify no data returned.
468  *
469  * This is considered OK as the caller may look for the next result set.
470  */
471  case ER_SP_FETCH_NO_DATA:
472  return RLM_SQL_OK;
473 
474  }
475 
476  return RLM_SQL_OK;
477 }
478 
479 static sql_rcode_t sql_store_result(rlm_sql_mysql_conn_t *conn, UNUSED rlm_sql_config_t const *config)
480 {
481  sql_rcode_t rcode;
482  int ret;
483 
484 retry_store_result:
485  conn->result = mysql_store_result(conn->sock);
486  if (!conn->result) {
487  rcode = sql_check_error(conn->sock, 0);
488  if (rcode != RLM_SQL_OK) return rcode;
489  ret = mysql_next_result(conn->sock);
490  if (ret == 0) {
491  /* there are more results */
492  goto retry_store_result;
493  } else if (ret > 0) return sql_check_error(NULL, ret);
494  /* ret == -1 signals no more results */
495  }
496  return RLM_SQL_OK;
497 }
498 
499 static int sql_num_rows(fr_sql_query_t *query_ctx, UNUSED rlm_sql_config_t const *config)
500 {
501  rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(query_ctx->tconn->conn->h, rlm_sql_mysql_conn_t);
502 
503  if (conn->result) return mysql_num_rows(conn->result);
504 
505  return 0;
506 }
507 
508 static sql_rcode_t sql_fields(char const **out[], fr_sql_query_t *query_ctx, UNUSED rlm_sql_config_t const *config)
509 {
510  rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(query_ctx->tconn->conn->h, rlm_sql_mysql_conn_t);
511 
512  unsigned int fields, i;
513  MYSQL_FIELD *field_info;
514  char const **names;
515 
516  /*
517  * Use our internal function to abstract out the API call.
518  * Different versions of SQL use different functions,
519  * and some don't like NULL pointers.
520  */
521  fields = mysql_field_count(conn->sock);
522  if (fields == 0) return RLM_SQL_ERROR;
523 
524  /*
525  * https://bugs.mysql.com/bug.php?id=32318
526  * Hints that we don't have to free field_info.
527  */
528  field_info = mysql_fetch_fields(conn->result);
529  if (!field_info) return RLM_SQL_ERROR;
530 
531  MEM(names = talloc_array(query_ctx, char const *, fields));
532 
533  for (i = 0; i < fields; i++) names[i] = field_info[i].name;
534  *out = names;
535 
536  return RLM_SQL_OK;
537 }
538 
539 static unlang_action_t sql_fetch_row(rlm_rcode_t *p_result, UNUSED int *priority, UNUSED request_t *request, void *uctx)
540 {
541  fr_sql_query_t *query_ctx = talloc_get_type_abort(uctx, fr_sql_query_t);
542  rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(query_ctx->tconn->conn->h, rlm_sql_mysql_conn_t);
543  MYSQL_ROW row;
544  int ret;
545  unsigned int num_fields, i;
546  unsigned long *field_lens;
547 
548  /*
549  * Check pointer before de-referencing it.
550  * Lack of conn->result is either an error, or no result returned.
551  */
552  if (!conn->result) {
553  query_ctx->rcode = sql_check_error(conn->sock, 0);
554  if (query_ctx->rcode == RLM_SQL_OK) {
555  query_ctx->rcode = RLM_SQL_NO_MORE_ROWS;
556  RETURN_MODULE_OK;
557  }
558  RETURN_MODULE_FAIL;
559  }
560 
561  TALLOC_FREE(query_ctx->row); /* Clear previous row set */
562 
563 retry_fetch_row:
564  row = mysql_fetch_row(conn->result);
565  if (!row) {
566  query_ctx->rcode = sql_check_error(conn->sock, 0);
567  if (query_ctx->rcode != RLM_SQL_OK) RETURN_MODULE_FAIL;
568 
569  mysql_free_result(conn->result);
570  conn->result = NULL;
571 
572  ret = mysql_next_result(conn->sock);
573  if (ret == 0) {
574  /* there are more results */
575  if ((sql_store_result(conn, &query_ctx->inst->config) == 0) && (conn->result != NULL)) {
576  goto retry_fetch_row;
577  }
578  } else if (ret > 0) {
579  query_ctx->rcode = sql_check_error(NULL, ret);
580  if (query_ctx->rcode == RLM_SQL_OK) RETURN_MODULE_OK;
581  RETURN_MODULE_FAIL;
582  }
583  /* If ret is -1 then there are no more rows */
584 
585  query_ctx->rcode = RLM_SQL_NO_MORE_ROWS;
586  RETURN_MODULE_OK;
587  }
588 
589  num_fields = mysql_field_count(conn->sock);
590  if (!num_fields) {
591  query_ctx->rcode = RLM_SQL_NO_MORE_ROWS;
592  RETURN_MODULE_OK;
593  }
594 
595  field_lens = mysql_fetch_lengths(conn->result);
596 
597  MEM(query_ctx->row = talloc_zero_array(query_ctx, char *, num_fields + 1));
598  for (i = 0; i < num_fields; i++) {
599  if (!row[i]) continue;
600  MEM(query_ctx->row[i] = talloc_bstrndup(query_ctx->row, row[i], field_lens[i]));
601  }
602 
603  query_ctx->rcode = RLM_SQL_OK;
604  RETURN_MODULE_OK;
605 }
606 
607 static sql_rcode_t sql_free_result(fr_sql_query_t *query_ctx, UNUSED rlm_sql_config_t const *config)
608 {
609  rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(query_ctx->tconn->conn->h, rlm_sql_mysql_conn_t);
610 
611  if (conn->result) {
612  mysql_free_result(conn->result);
613  conn->result = NULL;
614  }
615  TALLOC_FREE(query_ctx->row);
616 
617  return RLM_SQL_OK;
618 }
619 
620 /** Retrieves any warnings associated with the last query
621  *
622  * MySQL stores a limited number of warnings associated with the last query
623  * executed. These can be very useful in diagnosing issues, or in some cases
624  * working around bugs in MySQL which causes it to return the wrong error.
625  *
626  * @note Caller should free any memory allocated in ctx (talloc_free_children()).
627  *
628  * @param ctx to allocate temporary error buffers in.
629  * @param out Array of sql_log_entrys to fill.
630  * @param outlen Length of out array.
631  * @param conn MySQL connection the query was run on.
632  * @param config rlm_sql config.
633  * @return
634  * - Number of errors written to the #sql_log_entry_t array.
635  * - -1 on failure.
636  */
637 static size_t sql_warnings(TALLOC_CTX *ctx, sql_log_entry_t out[], size_t outlen,
638  rlm_sql_mysql_conn_t *conn)
639 {
640  MYSQL_RES *result;
641  MYSQL_ROW row;
642  unsigned int num_fields;
643  size_t i = 0;
644  char const *log_prefix = conn->conn->name;
645 
646  if (outlen == 0) return 0;
647 
648  /*
649  * Retrieve any warnings associated with the previous query
650  * that were left lingering on the server.
651  */
652  if (mysql_query(conn->sock, "SHOW WARNINGS") != 0) return -1;
653  result = mysql_store_result(conn->sock);
654  if (!result) return -1;
655 
656  /*
657  * Fields should be [0] = Level, [1] = Code, [2] = Message
658  */
659  num_fields = mysql_field_count(conn->sock);
660  if (num_fields < 3) {
661  WARN("Failed retrieving warnings, expected 3 fields got %u", num_fields);
662  mysql_free_result(result);
663 
664  return -1;
665  }
666 
667  while ((row = mysql_fetch_row(result))) {
668  char *msg = NULL;
669  fr_log_type_t type;
670 
671  /*
672  * Translate the MySQL log level into our internal
673  * log levels, so they get colourised correctly.
674  */
675  if (strcasecmp(row[0], "warning") == 0) type = L_WARN;
676  else if (strcasecmp(row[0], "note") == 0) type = L_DBG;
677  else type = L_ERR;
678 
679  msg = talloc_typed_asprintf(ctx, "%s: %s", row[1], row[2]);
680  out[i].type = type;
681  out[i].msg = msg;
682  if (++i == outlen) break;
683  }
684 
685  mysql_free_result(result);
686 
687  return i;
688 }
689 
690 /** Retrieves any errors associated with the query context
691  *
692  * @note Caller should free any memory allocated in ctx (talloc_free_children()).
693  *
694  * @param ctx to allocate temporary error buffers in.
695  * @param out Array of sql_log_entrys to fill.
696  * @param outlen Length of out array.
697  * @param query_ctx Query context to retrieve error for.
698  * @param config rlm_sql config.
699  * @return number of errors written to the #sql_log_entry_t array.
700  */
701 static size_t sql_error(TALLOC_CTX *ctx, sql_log_entry_t out[], size_t outlen,
702  fr_sql_query_t *query_ctx)
703 {
704  rlm_sql_mysql_t const *inst = talloc_get_type_abort_const(query_ctx->inst->driver_submodule->data, rlm_sql_mysql_t);
705  rlm_sql_mysql_conn_t *conn;
706  char const *error;
707  size_t i = 0;
708  char const *log_prefix;
709 
710  if (!query_ctx->tconn) return 0;
711  conn = talloc_get_type_abort(query_ctx->tconn->conn->h, rlm_sql_mysql_conn_t);
712  log_prefix = conn->conn->name;
713 
714  fr_assert(outlen > 0);
715 
716  error = mysql_error(conn->sock);
717 
718  /*
719  * Grab the error now in case it gets cleared on the next operation.
720  */
721  if (error && (error[0] != '\0')) {
722  error = talloc_typed_asprintf(ctx, "ERROR %u (%s): %s", mysql_errno(conn->sock), error,
723  mysql_sqlstate(conn->sock));
724  } else {
725  error = NULL;
726  }
727 
728  /*
729  * Don't attempt to get errors from the server, if the last error
730  * was that the server was unavailable.
731  */
732  if ((outlen > 1) && (sql_check_error(conn->sock, 0) != RLM_SQL_RECONNECT)) {
733  size_t ret;
734  unsigned int msgs;
735 
736  switch (inst->warnings) {
737  case SERVER_WARNINGS_AUTO:
738  /*
739  * Check to see if any warnings can be retrieved from the server.
740  */
741  msgs = mysql_warning_count(conn->sock);
742  if (msgs == 0) {
743  DEBUG3("No additional diagnostic info on server");
744  break;
745  }
746 
747  FALL_THROUGH;
748  case SERVER_WARNINGS_YES:
749  ret = sql_warnings(ctx, out, outlen - 1, conn);
750  if (ret > 0) i += ret;
751  break;
752 
753  case SERVER_WARNINGS_NO:
754  break;
755 
756  default:
757  fr_assert(0);
758  }
759  }
760 
761  if (error) {
762  out[i].type = L_ERR;
763  out[i].msg = error;
764  i++;
765  }
766 
767  return i;
768 }
769 
770 /** Finish query
771  *
772  * As a single SQL statement may return multiple results
773  * sets, (for example stored procedures) it is necessary to check
774  * whether more results exist and process them in turn if so.
775  *
776  */
777 static sql_rcode_t sql_finish_query(fr_sql_query_t *query_ctx, rlm_sql_config_t const *config)
778 {
779  rlm_sql_mysql_conn_t *conn;
780  int ret;
781  MYSQL_RES *result;
782 
783  /*
784  * If the query is not in a state which would return results, then do nothing.
785  */
786  if (query_ctx->treq && !(query_ctx->treq->state &
787  (TRUNK_REQUEST_STATE_SENT | TRUNK_REQUEST_STATE_REAPABLE | TRUNK_REQUEST_STATE_COMPLETE))) return RLM_SQL_OK;
788 
789  /*
790  * If the connection doesn't exist there's nothing to do
791  */
792  if (!query_ctx->tconn || !query_ctx->tconn->conn || !query_ctx->tconn->conn->h) return RLM_SQL_ERROR;
793 
794  conn = talloc_get_type_abort(query_ctx->tconn->conn->h, rlm_sql_mysql_conn_t);
795 
796  /*
797  * If the connection is not active, then all that we can do is free any stored results
798  */
799  if (query_ctx->tconn->conn->state != CONNECTION_STATE_CONNECTED) {
800  sql_free_result(query_ctx, config);
801  return RLM_SQL_OK;
802  }
803 
804  /*
805  * If there's no result associated with the
806  * connection handle, assume the first result in the
807  * result set hasn't been retrieved.
808  *
809  * MySQL docs says there's no performance penalty for
810  * calling mysql_store_result for queries which don't
811  * return results.
812  */
813  if (conn->result == NULL) {
814  result = mysql_store_result(conn->sock);
815  if (result) mysql_free_result(result);
816  /*
817  * ...otherwise call sql_free_result to free an
818  * already stored result.
819  */
820  } else {
821  sql_free_result(query_ctx, config); /* sql_free_result sets conn->result to NULL */
822  }
823 
824  /*
825  * Drain any other results associated with the handle
826  *
827  * mysql_next_result advances the result cursor so that
828  * the next call to mysql_store_result will retrieve
829  * the next result from the server.
830  *
831  * Unfortunately this really does appear to be the
832  * only way to return the handle to a consistent state.
833  */
834  while (((ret = mysql_next_result(conn->sock)) == 0) &&
835  (result = mysql_store_result(conn->sock))) {
836  mysql_free_result(result);
837  }
838  if (ret > 0) return sql_check_error(NULL, ret);
839 
840  return RLM_SQL_OK;
841 }
842 
843 static int sql_affected_rows(fr_sql_query_t *query_ctx, UNUSED rlm_sql_config_t const *config)
844 {
845  rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(query_ctx->tconn->conn->h, rlm_sql_mysql_conn_t);
846 
847  return mysql_affected_rows(conn->sock);
848 }
849 
850 static ssize_t sql_escape_func(request_t *request, char *out, size_t outlen, char const *in, void *arg)
851 {
852  size_t inlen;
853  connection_t *c = talloc_get_type_abort(arg, connection_t);
854  rlm_sql_mysql_conn_t *conn;
855  char const *log_prefix = c->name;
856 
857  if ((c->state == CONNECTION_STATE_HALTED) || (c->state == CONNECTION_STATE_CLOSED)) {
858  ROPTIONAL(RERROR, ERROR, "Connection not available for escaping");
859  return -1;
860  }
861 
862  conn = talloc_get_type_abort(c->h, rlm_sql_mysql_conn_t);
863 
864  /* Check for potential buffer overflow */
865  inlen = strlen(in);
866  if ((inlen * 2 + 1) > outlen) return 0;
867  /* Prevent integer overflow */
868  if ((inlen * 2 + 1) <= inlen) return 0;
869 
870  return mysql_real_escape_string(&conn->db, out, in, inlen);
871 }
872 
873 SQL_TRUNK_CONNECTION_ALLOC
874 
875 #undef LOG_PREFIX
876 #define LOG_PREFIX "rlm_sql_mysql"
877 
878 TRUNK_NOTIFY_FUNC(sql_trunk_connection_notify, rlm_sql_mysql_conn_t)
879 
880 #undef LOG_PREFIX
881 #define LOG_PREFIX log_prefix
882 
883 CC_NO_UBSAN(function) /* UBSAN: false positive - public vs private connection_t trips --fsanitize=function*/
884 static void sql_trunk_request_mux(UNUSED fr_event_list_t *el, trunk_connection_t *tconn,
885  connection_t *conn, UNUSED void *uctx)
886 {
887  rlm_sql_mysql_conn_t *sql_conn = talloc_get_type_abort(conn->h, rlm_sql_mysql_conn_t);
888  char const *log_prefix = conn->name;
889  request_t *request;
890  trunk_request_t *treq;
891  fr_sql_query_t *query_ctx;
892  char const *info;
893  int err;
894 
895  if (trunk_connection_pop_request(&treq, tconn) != 0) return;
896  if (!treq) return;
897 
898  query_ctx = talloc_get_type_abort(treq->preq, fr_sql_query_t);
899  request = query_ctx->request;
900 
901  /*
902  * Each of the MariaDB async "start" calls returns a non-zero value
903  * if they are waiting on I/O.
904  * A return value of zero means that the operation completed.
905  */
906 
907  switch (query_ctx->status) {
908  case SQL_QUERY_PREPARED:
909  ROPTIONAL(RDEBUG2, DEBUG2, "Executing query: %s", query_ctx->query_str);
910  sql_conn->status = mysql_real_query_start(&err, sql_conn->sock, query_ctx->query_str, strlen(query_ctx->query_str));
911  query_ctx->tconn = tconn;
912 
913  if (sql_conn->status) {
914  ROPTIONAL(RDEBUG3, DEBUG3, "Waiting for IO");
915  query_ctx->status = SQL_QUERY_SUBMITTED;
916  sql_conn->query_ctx = query_ctx;
917  trunk_request_signal_sent(treq);
918  return;
919  }
920 
921  if (err) {
922  /*
923  * Need to check what kind of error this is - it may
924  * be a unique key conflict, we run the next query.
925  */
926  info = mysql_info(sql_conn->sock);
927  query_ctx->rcode = sql_check_error(sql_conn->sock, 0);
928  if (info) ERROR("%s", info);
929  switch (query_ctx->rcode) {
930  case RLM_SQL_OK:
931  case RLM_SQL_ALT_QUERY:
932  break;
933 
934  default:
935  query_ctx->status = SQL_QUERY_FAILED;
936  trunk_request_signal_fail(treq);
937  if (request) unlang_interpret_mark_runnable(request);
938  return;
939  }
940  } else {
941  query_ctx->rcode = RLM_SQL_OK;
942  }
943  query_ctx->status = SQL_QUERY_RETURNED;
944 
945  break;
946 
947  case SQL_QUERY_RETURNED:
948  ROPTIONAL(RDEBUG2, DEBUG2, "Fetching results");
949  fr_assert(query_ctx->tconn == tconn);
950  sql_conn->status = mysql_store_result_start(&sql_conn->result, sql_conn->sock);
951 
952  if (sql_conn->status) {
953  ROPTIONAL(RDEBUG3, DEBUG3, "Waiting for IO");
954  query_ctx->status = SQL_QUERY_FETCHING_RESULTS;
955  sql_conn->query_ctx = query_ctx;
956  trunk_request_signal_sent(treq);
957  return;
958  }
959  query_ctx->status = SQL_QUERY_RESULTS_FETCHED;
960  query_ctx->rcode = RLM_SQL_OK;
961 
962  break;
963 
964  default:
965  /*
966  * The request outstanding on this connection returned
967  * immediately, so we are not actually waiting for I/O.
968  */
969  return;
970  }
971 
972  /*
973  * The current request is not waiting for I/O so the request can run
974  */
975  ROPTIONAL(RDEBUG3, DEBUG3, "Got immediate response");
976  trunk_request_signal_reapable(treq);
977  if (request) unlang_interpret_mark_runnable(request);
978 }
979 
980 CC_NO_UBSAN(function) /* UBSAN: false positive - public vs private connection_t trips --fsanitize=function*/
981 static void sql_trunk_request_demux(UNUSED fr_event_list_t *el, UNUSED trunk_connection_t *tconn,
982  connection_t *conn, UNUSED void *uctx)
983 {
984  rlm_sql_mysql_conn_t *sql_conn = talloc_get_type_abort(conn->h, rlm_sql_mysql_conn_t);
985  char const *log_prefix = conn->name;
986  fr_sql_query_t *query_ctx;
987  char const *info;
988  int err = 0;
989  request_t *request;
990 
991  /*
992  * Lookup the outstanding SQL query for this connection.
993  * There will only ever be one per tconn.
994  */
995  query_ctx = sql_conn->query_ctx;
996 
997  /*
998  * No outstanding query on this connection.
999  * Should not happen, but added for safety.
1000  */
1001  if (unlikely(!query_ctx)) return;
1002 
1003  switch (query_ctx->status) {
1004  case SQL_QUERY_SUBMITTED:
1005  sql_conn->status = mysql_real_query_cont(&err, sql_conn->sock, sql_conn->status);
1006  break;
1007 
1008  case SQL_QUERY_FETCHING_RESULTS:
1009  sql_conn->status = mysql_store_result_cont(&sql_conn->result, sql_conn->sock, sql_conn->status);
1010  break;
1011 
1012  default:
1013  /*
1014  * The request outstanding on this connection returned
1015  * immediately, so we are not actually waiting for I/O.
1016  */
1017  return;
1018  }
1019 
1020  /*
1021  * Are we still waiting for any further I/O?
1022  */
1023  if (sql_conn->status != 0) return;
1024 
1025  sql_conn->query_ctx = NULL;
1026 
1027  switch (query_ctx->status) {
1028  case SQL_QUERY_SUBMITTED:
1029  query_ctx->status = SQL_QUERY_RETURNED;
1030  break;
1031 
1032  case SQL_QUERY_FETCHING_RESULTS:
1033  query_ctx->status = SQL_QUERY_RESULTS_FETCHED;
1034  break;
1035 
1036  default:
1037  fr_assert(0);
1038  }
1039 
1040  request = query_ctx->request;
1041  if (request) unlang_interpret_mark_runnable(request);
1042 
1043  if (err) {
1044  info = mysql_info(sql_conn->sock);
1045  query_ctx->rcode = sql_check_error(sql_conn->sock, 0);
1046  if (info) ROPTIONAL(RERROR, ERROR, "%s", info);
1047  return;
1048  }
1049 
1050  query_ctx->rcode = RLM_SQL_OK;
1051 }
1052 
1053 CC_NO_UBSAN(function) /* UBSAN: false positive - public vs private connection_t trips --fsanitize=function*/
1054 static void sql_request_cancel(connection_t *conn, void *preq, trunk_cancel_reason_t reason,
1055  UNUSED void *uctx)
1056 {
1057  fr_sql_query_t *query_ctx = talloc_get_type_abort(preq, fr_sql_query_t);
1058  rlm_sql_mysql_conn_t *sql_conn = talloc_get_type_abort(conn->h, rlm_sql_mysql_conn_t);
1059 
1060  if (!query_ctx->treq) return;
1061  if (reason != TRUNK_CANCEL_REASON_SIGNAL) return;
1062  if (sql_conn->query_ctx == query_ctx) sql_conn->query_ctx = NULL;
1063 }
1064 
1065 CC_NO_UBSAN(function) /* UBSAN: false positive - public vs private connection_t trips --fsanitize=function*/
1066 static void sql_request_cancel_mux(UNUSED fr_event_list_t *el, trunk_connection_t *tconn,
1067  connection_t *conn, UNUSED void *uctx)
1068 {
1069  trunk_request_t *treq;
1070 
1071  /*
1072  * The MariaDB non-blocking API doesn't have any cancellation functions -
1073  * rather you are expected to close the connection.
1074  */
1075  if ((trunk_connection_pop_cancellation(&treq, tconn)) == 0) {
1076  trunk_request_signal_cancel_complete(treq);
1077  connection_signal_reconnect(conn, CONNECTION_FAILED);
1078  }
1079 }
1080 
1081 SQL_QUERY_FAIL
1082 SQL_QUERY_RESUME
1083 
1084 static unlang_action_t sql_select_query_resume(rlm_rcode_t *p_result, UNUSED int *priority, UNUSED request_t *request, void *uctx)
1085 {
1086  fr_sql_query_t *query_ctx = talloc_get_type_abort(uctx, fr_sql_query_t);
1087 
1088  if (query_ctx->rcode != RLM_SQL_OK) RETURN_MODULE_FAIL;
1089 
1090  if (query_ctx->status == SQL_QUERY_RETURNED) {
1091  trunk_request_requeue(query_ctx->treq);
1092 
1093  if (unlang_function_repeat_set(request, sql_select_query_resume) < 0) {
1094  query_ctx->rcode = RLM_SQL_ERROR;
1095  RETURN_MODULE_FAIL;
1096  }
1097 
1098  return UNLANG_ACTION_YIELD;
1099  }
1100 
1101  RETURN_MODULE_OK;
1102 }
1103 
1104 /** Allocate the argument used for the SQL escape function
1105  *
1106  * In this case, a dedicated connection to allow the escape
1107  * function to have access to server side parameters, though
1108  * no packets ever flow after the connection is made.
1109  */
1110 static void *sql_escape_arg_alloc(TALLOC_CTX *ctx, fr_event_list_t *el, void *uctx)
1111 {
1112  rlm_sql_t const *inst = talloc_get_type_abort(uctx, rlm_sql_t);
1113  connection_t *conn;
1114  char const *log_prefix = inst->name;
1115 
1116  conn = connection_alloc(ctx, el,
1117  &(connection_funcs_t){
1118  .init = _sql_connection_init,
1119  .close = _sql_connection_close,
1120  },
1121  inst->config.trunk_conf.conn_conf,
1122  inst->name, inst);
1123 
1124  if (!conn) {
1125  PERROR("Failed allocating state handler for SQL escape connection");
1126  return NULL;
1127  }
1128 
1129  connection_signal_init(conn);
1130  return conn;
1131 }
1132 
1133 static void sql_escape_arg_free(void *uctx)
1134 {
1135  connection_t *conn = talloc_get_type_abort(uctx, connection_t);
1136  connection_signal_halt(conn);
1137 }
1138 
1139 /* Exported to rlm_sql */
1140 extern rlm_sql_driver_t rlm_sql_mysql;
1141 rlm_sql_driver_t rlm_sql_mysql = {
1142  .common = {
1143  .name = "sql_mysql",
1144  .magic = MODULE_MAGIC_INIT,
1145  .inst_size = sizeof(rlm_sql_mysql_t),
1146  .onload = mod_load,
1147  .unload = mod_unload,
1148  .config = driver_config,
1149  .instantiate = mod_instantiate
1150  },
1151  .flags = RLM_SQL_RCODE_FLAGS_ALT_QUERY,
1152  .sql_query_resume = sql_query_resume,
1153  .sql_select_query_resume = sql_select_query_resume,
1154  .sql_num_rows = sql_num_rows,
1155  .sql_affected_rows = sql_affected_rows,
1156  .sql_fields = sql_fields,
1157  .sql_fetch_row = sql_fetch_row,
1158  .sql_free_result = sql_free_result,
1159  .sql_error = sql_error,
1160  .sql_finish_query = sql_finish_query,
1161  .sql_finish_select_query = sql_finish_query,
1162  .sql_escape_func = sql_escape_func,
1163  .sql_escape_arg_alloc = sql_escape_arg_alloc,
1164  .sql_escape_arg_free = sql_escape_arg_free,
1165  .uses_trunks = true,
1166  .trunk_io_funcs = {
1167  .connection_alloc = sql_trunk_connection_alloc,
1168  .connection_notify = sql_trunk_connection_notify,
1169  .request_mux = sql_trunk_request_mux,
1170  .request_demux = sql_trunk_request_demux,
1171  .request_cancel_mux = sql_request_cancel_mux,
1172  .request_cancel = sql_request_cancel,
1173  .request_fail = sql_request_fail,
1174  }
1175 };
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35
UNLANG_ACTION_YIELD
@ UNLANG_ACTION_YIELD
Temporarily pause execution until an event occurs.
Definition: action.h:42
msg
log_entry msg
Definition: acutest.h:794
RCSID
#define RCSID(id)
Definition: build.h:481
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition: build.h:207
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition: build.h:320
DIAG_ON
#define DIAG_ON(_x)
Definition: build.h:456
unlikely
#define unlikely(_x)
Definition: build.h:379
UNUSED
#define UNUSED
Definition: build.h:313
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition: build.h:335
DIAG_OFF
#define DIAG_OFF(_x)
Definition: build.h:455
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition: cf_parse.h:627
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:268
FR_CONF_POINTER
#define FR_CONF_POINTER(_name, _type, _flags, _res_p)
conf_parser_t which parses a single CONF_PAIR producing a single global result
Definition: cf_parse.h:310
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:256
CONF_FLAG_FILE_INPUT
@ CONF_FLAG_FILE_INPUT
File matching value must exist, and must be readable.
Definition: cf_parse.h:411
CONF_FLAG_SUBSECTION
@ CONF_FLAG_SUBSECTION
Instead of putting the information into a configuration structure, the configuration file routines MA...
Definition: cf_parse.h:399
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition: cf_parse.h:564
connection_state_t
connection_state_t
Definition: connection.h:45
CONNECTION_STATE_FAILED
@ CONNECTION_STATE_FAILED
Connection has failed.
Definition: connection.h:54
CONNECTION_STATE_HALTED
@ CONNECTION_STATE_HALTED
The connection is in a halted stat.
Definition: connection.h:46
CONNECTION_STATE_CLOSED
@ CONNECTION_STATE_CLOSED
Connection has been closed.
Definition: connection.h:55
CONNECTION_STATE_CONNECTED
@ CONNECTION_STATE_CONNECTED
File descriptor is open (ready for writing).
Definition: connection.h:52
CONNECTION_STATE_CONNECTING
@ CONNECTION_STATE_CONNECTING
Waiting for connection to establish.
Definition: connection.h:50
CONNECTION_FAILED
@ CONNECTION_FAILED
Connection is being reconnected because it failed.
Definition: connection.h:84
connection_funcs_t
Holds a complete set of functions for a connection.
Definition: connection.h:186
uctx
fr_dcursor_eval_t void const * uctx
Definition: dcursor.h:546
ERROR
#define ERROR(fmt,...)
Definition: dhcpclient.c:41
DEBUG
#define DEBUG(fmt,...)
Definition: dhcpclient.c:39
err
static fr_slen_t err
Definition: dict.h:821
in
static fr_slen_t in
Definition: dict.h:821
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:63
fr_event_fd_insert
#define fr_event_fd_insert(...)
Definition: event.h:232
FR_EVENT_FILTER_IO
@ FR_EVENT_FILTER_IO
Combined filter for read/write functions/.
Definition: event.h:62
unlang_function_repeat_set
#define unlang_function_repeat_set(_request, _repeat)
Set a new repeat function for an existing function frame.
Definition: function.h:89
unlang_interpret_mark_runnable
void unlang_interpret_mark_runnable(request_t *request)
Mark a request as resumable.
Definition: interpret.c:1359
PERROR
#define PERROR(_fmt,...)
Definition: log.h:228
DEBUG3
#define DEBUG3(_fmt,...)
Definition: log.h:266
ROPTIONAL
#define ROPTIONAL(_l_request, _l_global, _fmt,...)
Use different logging functions depending on whether request is NULL or not.
Definition: log.h:528
RDEBUG3
#define RDEBUG3(fmt,...)
Definition: log.h:343
RERROR
#define RERROR(fmt,...)
Definition: log.h:298
talloc_free
talloc_free(reap)
fr_event_fd_delete
int fr_event_fd_delete(fr_event_list_t *el, int fd, fr_event_filter_t filter)
Remove a file descriptor from the event loop.
Definition: event.c:1260
fr_event_list
Stores all information relating to an event list.
Definition: event.c:411
fr_log_type_t
fr_log_type_t
Definition: log.h:54
L_WARN
@ L_WARN
Warning.
Definition: log.h:57
L_ERR
@ L_ERR
Error message.
Definition: log.h:56
L_DBG
@ L_DBG
Only displayed when debugging is enabled.
Definition: log.h:59
ssize_t
long int ssize_t
Definition: merged_model.c:24
request_t
Definition: merged_model.c:210
strcasecmp
int strcasecmp(char *s1, char *s2)
Definition: missing.c:66
module_inst_ctx_t::mi
module_instance_t * mi
Instance of the module being instantiated.
Definition: module_ctx.h:51
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition: module_ctx.h:50
config
static const conf_parser_t config[]
Definition: base.c:183
RDEBUG2
#define RDEBUG2(fmt,...)
Definition: radclient.h:54
DEBUG2
#define DEBUG2(fmt,...)
Definition: radclient.h:43
WARN
#define WARN(fmt,...)
Definition: radclient.h:47
INFO
#define INFO(fmt,...)
Definition: radict.c:54
RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition: rcode.h:57
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40
name
static char const * name
Definition: rlm_redis_ippool_tool.c:156
instantiate
static int instantiate(module_inst_ctx_t const *mctx)
Definition: rlm_rest.c:1302
rlm_sql.h
Prototypes and functions for the SQL module.
fr_sql_query_t::status
fr_sql_query_status_t status
Status of the query.
Definition: rlm_sql.h:146
fr_sql_query_t::tconn
trunk_connection_t * tconn
Trunk connection this query is being run on.
Definition: rlm_sql.h:142
fr_sql_query_t::inst
rlm_sql_t const * inst
Module instance for this query.
Definition: rlm_sql.h:138
fr_sql_query_t::query_str
char const * query_str
Query string to run.
Definition: rlm_sql.h:144
fr_sql_query_t::request
request_t * request
Request this query relates to.
Definition: rlm_sql.h:139
sql_rcode_t
sql_rcode_t
Action to take at end of an SQL query.
Definition: rlm_sql.h:44
RLM_SQL_QUERY_INVALID
@ RLM_SQL_QUERY_INVALID
Query syntax error.
Definition: rlm_sql.h:45
RLM_SQL_ALT_QUERY
@ RLM_SQL_ALT_QUERY
Key constraint violation, use an alternative query.
Definition: rlm_sql.h:49
RLM_SQL_RECONNECT
@ RLM_SQL_RECONNECT
Stale connection, should reconnect.
Definition: rlm_sql.h:48
RLM_SQL_ERROR
@ RLM_SQL_ERROR
General connection/server error.
Definition: rlm_sql.h:46
RLM_SQL_OK
@ RLM_SQL_OK
Success.
Definition: rlm_sql.h:47
RLM_SQL_NO_MORE_ROWS
@ RLM_SQL_NO_MORE_ROWS
No more rows available.
Definition: rlm_sql.h:50
RLM_SQL_RCODE_FLAGS_ALT_QUERY
#define RLM_SQL_RCODE_FLAGS_ALT_QUERY
Can distinguish between other errors and those.
Definition: rlm_sql.h:172
fr_sql_query_t::row
rlm_sql_row_t row
Row data from the last query.
Definition: rlm_sql.h:148
fr_sql_query_t::rcode
sql_rcode_t rcode
Result code.
Definition: rlm_sql.h:147
fr_sql_query_t::treq
trunk_request_t * treq
Trunk request for this query.
Definition: rlm_sql.h:143
rlm_sql_config_t::connect_query
char const * connect_query
Query executed after establishing new connection.
Definition: rlm_sql.h:96
SQL_QUERY_RETURNED
@ SQL_QUERY_RETURNED
Query has executed.
Definition: rlm_sql.h:131
SQL_QUERY_FETCHING_RESULTS
@ SQL_QUERY_FETCHING_RESULTS
Fetching results from server.
Definition: rlm_sql.h:132
SQL_QUERY_FAILED
@ SQL_QUERY_FAILED
Failed to submit.
Definition: rlm_sql.h:128
SQL_QUERY_SUBMITTED
@ SQL_QUERY_SUBMITTED
Submitted for execution.
Definition: rlm_sql.h:130
SQL_QUERY_PREPARED
@ SQL_QUERY_PREPARED
Ready to submit.
Definition: rlm_sql.h:129
SQL_QUERY_RESULTS_FETCHED
@ SQL_QUERY_RESULTS_FETCHED
Results fetched from the server.
Definition: rlm_sql.h:133
fr_sql_query_t
Definition: rlm_sql.h:137
rlm_sql_config_t
Definition: rlm_sql.h:73
sql_log_entry_t
Definition: rlm_sql.h:61
sql_request_fail
static void sql_request_fail(request_t *request, void *preq, UNUSED void *rctx, UNUSED trunk_request_state_t state, UNUSED void *uctx)
Definition: rlm_sql_db2.c:301
sql_check_error
static sql_rcode_t sql_check_error(MYSQL *server, int client_errno)
Analyse the last error that occurred on the socket, and determine an action.
Definition: rlm_sql_mysql.c:408
mod_load
static int mod_load(void)
Definition: rlm_sql_mysql.c:176
sql_fields
static sql_rcode_t sql_fields(char const **out[], fr_sql_query_t *query_ctx, UNUSED rlm_sql_config_t const *config)
Definition: rlm_sql_mysql.c:508
rlm_sql_mysql_t::tls_check_cert
bool tls_check_cert
Verify there's a trust relationship between the server's cert and one of the CAs we have configured.
Definition: rlm_sql_mysql.c:91
rlm_sql_mysql_t::tls_certificate_file
char const * tls_certificate_file
Public certificate we present to the server.
Definition: rlm_sql_mysql.c:82
sql_escape_arg_alloc
static void * sql_escape_arg_alloc(TALLOC_CTX *ctx, fr_event_list_t *el, void *uctx)
Allocate the argument used for the SQL escape function.
Definition: rlm_sql_mysql.c:1110
rlm_sql_mysql_conn_t::query_ctx
fr_sql_query_t * query_ctx
Current query running on this connection.
Definition: rlm_sql_mysql.c:74
sql_free_result
static sql_rcode_t sql_free_result(fr_sql_query_t *, rlm_sql_config_t const *)
_sql_connection_close
static void _sql_connection_close(fr_event_list_t *el, void *h, UNUSED void *uctx)
Definition: rlm_sql_mysql.c:389
server_warnings_table
static fr_table_num_sorted_t const server_warnings_table[]
Definition: rlm_sql_mysql.c:61
rlm_sql_mysql_t::tls_private_key_file
char const * tls_private_key_file
Private key for the certificate we present to the server.
Definition: rlm_sql_mysql.c:83
rlm_sql_mysql_t::tls_crl_path
char const * tls_crl_path
Private key for the certificate we present to the server.
Definition: rlm_sql_mysql.c:86
rlm_sql_mysql_t::tls_crl_file
char const * tls_crl_file
Public certificate we present to the server.
Definition: rlm_sql_mysql.c:85
sql_select_query_resume
SQL_QUERY_FAIL static SQL_QUERY_RESUME unlang_action_t sql_select_query_resume(rlm_rcode_t *p_result, UNUSED int *priority, UNUSED request_t *request, void *uctx)
Definition: rlm_sql_mysql.c:1084
rlm_sql_mysql_conn_t::status
int status
returned by the most recent non-blocking function call.
Definition: rlm_sql_mysql.c:75
rlm_sql_mysql_t::tls_cipher
char const * tls_cipher
Colon separated list of TLS ciphers for TLS <= 1.2.
Definition: rlm_sql_mysql.c:88
_sql_connect_io_notify
static void _sql_connect_io_notify(fr_event_list_t *el, int fd, UNUSED int flags, void *uctx)
Callback for I/O events in response to mysql_real_connect_start()
Definition: rlm_sql_mysql.c:192
sql_escape_func
static ssize_t sql_escape_func(request_t *request, char *out, size_t outlen, char const *in, void *arg)
Definition: rlm_sql_mysql.c:850
rlm_sql_mysql_t::tls_ca_path
char const * tls_ca_path
Directory containing CAs that may be used to validate the servers certificate.
Definition: rlm_sql_mysql.c:80
rlm_sql_mysql_warnings
rlm_sql_mysql_warnings
Definition: rlm_sql_mysql.c:55
SERVER_WARNINGS_AUTO
@ SERVER_WARNINGS_AUTO
Definition: rlm_sql_mysql.c:56
SERVER_WARNINGS_NO
@ SERVER_WARNINGS_NO
Definition: rlm_sql_mysql.c:58
SERVER_WARNINGS_YES
@ SERVER_WARNINGS_YES
Definition: rlm_sql_mysql.c:57
sql_fetch_row
static unlang_action_t sql_fetch_row(rlm_rcode_t *p_result, UNUSED int *priority, UNUSED request_t *request, void *uctx)
Definition: rlm_sql_mysql.c:539
sql_escape_arg_free
static void sql_escape_arg_free(void *uctx)
Definition: rlm_sql_mysql.c:1133
rlm_sql_mysql_conn_t::fd
int fd
fd for this connection's I/O events.
Definition: rlm_sql_mysql.c:73
tls_config
static conf_parser_t tls_config[]
Definition: rlm_sql_mysql.c:103
rlm_sql_mysql
rlm_sql_driver_t rlm_sql_mysql
Definition: rlm_sql_mysql.c:1141
rlm_sql_mysql_conn_t::sock
MYSQL * sock
Connection details as returned by connection init functions.
Definition: rlm_sql_mysql.c:70
sql_num_rows
static int sql_num_rows(fr_sql_query_t *query_ctx, UNUSED rlm_sql_config_t const *config)
Definition: rlm_sql_mysql.c:499
rlm_sql_mysql_conn_t::db
MYSQL db
Structure representing connection details.
Definition: rlm_sql_mysql.c:69
sql_warnings
static size_t sql_warnings(TALLOC_CTX *ctx, sql_log_entry_t out[], size_t outlen, rlm_sql_mysql_conn_t *conn)
Retrieves any warnings associated with the last query.
Definition: rlm_sql_mysql.c:637
mod_unload
static void mod_unload(void)
Definition: rlm_sql_mysql.c:171
sql_error
static size_t sql_error(TALLOC_CTX *ctx, sql_log_entry_t out[], size_t outlen, fr_sql_query_t *query_ctx)
Retrieves any errors associated with the query context.
Definition: rlm_sql_mysql.c:701
rlm_sql_mysql_t::character_set
char const * character_set
Character set to use on connections.
Definition: rlm_sql_mysql.c:100
rlm_sql_mysql_t::warnings_str
char const * warnings_str
Whether we always query the server for additional warnings.
Definition: rlm_sql_mysql.c:96
driver_config
static const conf_parser_t driver_config[]
Definition: rlm_sql_mysql.c:129
sql_store_result
static sql_rcode_t sql_store_result(rlm_sql_mysql_conn_t *conn, UNUSED rlm_sql_config_t const *config)
Definition: rlm_sql_mysql.c:479
server_warnings_table_len
static size_t server_warnings_table_len
Definition: rlm_sql_mysql.c:66
sql_finish_query
static sql_rcode_t sql_finish_query(fr_sql_query_t *query_ctx, rlm_sql_config_t const *config)
Finish query.
Definition: rlm_sql_mysql.c:777
_sql_connect_query_run
static void _sql_connect_query_run(connection_t *conn, UNUSED connection_state_t prev, UNUSED connection_state_t state, void *uctx)
Definition: rlm_sql_mysql.c:227
rlm_sql_mysql_conn_t::conn
connection_t * conn
Generic connection structure for this connection.
Definition: rlm_sql_mysql.c:72
rlm_sql_mysql_t::tls_check_cert_cn
bool tls_check_cert_cn
Verify that the CN in the server cert matches the host we passed to mysql_real_connect().
Definition: rlm_sql_mysql.c:93
CC_NO_UBSAN
CC_NO_UBSAN(function)
Definition: rlm_sql_mysql.c:259
sql_affected_rows
static int sql_affected_rows(fr_sql_query_t *query_ctx, UNUSED rlm_sql_config_t const *config)
Definition: rlm_sql_mysql.c:843
rlm_sql_mysql_t::tls_ca_file
char const * tls_ca_file
Path to the CA used to validate the server's certificate.
Definition: rlm_sql_mysql.c:79
rlm_sql_mysql_t::tls_required
bool tls_required
Require that the connection is encrypted.
Definition: rlm_sql_mysql.c:90
rlm_sql_mysql_conn_t::result
MYSQL_RES * result
Result from most recent query.
Definition: rlm_sql_mysql.c:71
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition: rlm_sql_mysql.c:140
rlm_sql_mysql_t::warnings
rlm_sql_mysql_warnings warnings
mysql_warning_count() doesn't appear to work with NDB cluster
Definition: rlm_sql_mysql.c:97
rlm_sql_mysql_conn_t
Definition: rlm_sql_mysql.c:68
rlm_sql_mysql_t
Definition: rlm_sql_mysql.c:78
rlm_sql_trunk.h
Macros to reduce boilerplate in trunk SQL drivers.
SQL_QUERY_RESUME
#define SQL_QUERY_RESUME
Definition: rlm_sql_trunk.h:56
SQL_TRUNK_CONNECTION_ALLOC
#define SQL_TRUNK_CONNECTION_ALLOC
Allocate an SQL trunk connection.
Definition: rlm_sql_trunk.h:35
SQL_QUERY_FAIL
#define SQL_QUERY_FAIL
Definition: rlm_sql_trunk.h:64
connection_signal_halt
void connection_signal_halt(connection_t *conn)
Shuts down a connection ungracefully.
Definition: connection.c:1291
connection_signal_reconnect
void connection_signal_reconnect(connection_t *conn, connection_reason_t reason)
Asynchronously signal the connection should be reconnected.
Definition: connection.c:1167
connection_signal_init
void connection_signal_init(connection_t *conn)
Asynchronously signal a halted connection to start.
Definition: connection.c:1107
connection_add_watch_post
connection_watch_entry_t * connection_add_watch_post(connection_t *conn, connection_state_t state, connection_watch_t watch, bool oneshot, void const *uctx)
Add a callback to be executed after a state function has been called.
Definition: connection.c:532
connection_alloc
connection_t * connection_alloc(TALLOC_CTX *ctx, fr_event_list_t *el, connection_funcs_t const *funcs, connection_conf_t const *conf, char const *log_prefix, void const *uctx)
Allocate a new connection.
Definition: connection.c:1512
connection_signal_connected
void connection_signal_connected(connection_t *conn)
Asynchronously signal that the connection is open.
Definition: connection.c:1137
connection_s
Definition: connection.c:87
module_instance_s::name
char const * name
Instance name e.g. user_database.
Definition: module.h:335
module_instance_s::data
void * data
Module's instance data.
Definition: module.h:271
RETURN_MODULE_FAIL
RETURN_MODULE_FAIL
Definition: state_machine.c:1215
fr_assert
fr_assert(0)
MEM
MEM(pair_append_request(&vp, attr_eap_aka_sim_identity) >=0)
inst
eap_aka_sim_process_conf_t * inst
Definition: state_machine.c:3620
type
fr_aka_sim_id_type_t type
Definition: state_machine.c:3623
rlm_sql_driver_t
Definition: rlm_sql.h:203
rlm_sql_driver_t::common
module_t common
Common fields for all loadable modules.
Definition: rlm_sql.h:204
sql_inst
Definition: rlm_sql.h:237
sql_inst::driver_submodule
module_instance_t * driver_submodule
Driver's submodule.
Definition: rlm_sql.h:245
sql_inst::config
rlm_sql_config_t config
Definition: rlm_sql.h:238
fr_table_value_by_str
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition: table.h:653
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition: table.h:49
talloc_bstrndup
char * talloc_bstrndup(TALLOC_CTX *ctx, char const *in, size_t inlen)
Binary safe strndup function.
Definition: talloc.c:564
talloc_typed_asprintf
char * talloc_typed_asprintf(TALLOC_CTX *ctx, char const *fmt,...)
Call talloc vasprintf, setting the type on the new chunk correctly.
Definition: talloc.c:492
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition: talloc.h:282
names
static const char * names[8]
Definition: time.c:617
trunk_connection_pop_cancellation
int trunk_connection_pop_cancellation(trunk_request_t **treq_out, trunk_connection_t *tconn)
Pop a cancellation request off a connection's cancellation queue.
Definition: trunk.c:3813
trunk_request_signal_fail
void trunk_request_signal_fail(trunk_request_t *treq)
Signal that a trunk request failed.
Definition: trunk.c:2120
trunk_request_requeue
trunk_enqueue_t trunk_request_requeue(trunk_request_t *treq)
Re-enqueue a request on the same connection.
Definition: trunk.c:2664
trunk_request_signal_cancel_complete
void trunk_request_signal_cancel_complete(trunk_request_t *treq)
Signal that a remote server acked our cancellation.
Definition: trunk.c:2272
trunk_connection_pop_request
int trunk_connection_pop_request(trunk_request_t **treq_out, trunk_connection_t *tconn)
Pop a request off a connection's pending queue.
Definition: trunk.c:3861
trunk_request_signal_sent
void trunk_request_signal_sent(trunk_request_t *treq)
Signal that the request was written to a connection successfully.
Definition: trunk.c:2043
trunk_request_signal_reapable
void trunk_request_signal_reapable(trunk_request_t *treq)
Signal that the request was written to a connection successfully, but no response is expected.
Definition: trunk.c:2065
trunk_connection_s
Associates request queues with a connection.
Definition: trunk.c:131
trunk_request_s
Wraps a normal request.
Definition: trunk.c:97
TRUNK_NOTIFY_FUNC
#define TRUNK_NOTIFY_FUNC(_name, _type)
Helper macro for building generic trunk notify callback.
Definition: trunk.h:945
trunk_cancel_reason_t
trunk_cancel_reason_t
Reasons for a request being cancelled.
Definition: trunk.h:55
TRUNK_CANCEL_REASON_SIGNAL
@ TRUNK_CANCEL_REASON_SIGNAL
Request cancelled due to a signal.
Definition: trunk.h:57
TRUNK_REQUEST_STATE_REAPABLE
@ TRUNK_REQUEST_STATE_REAPABLE
Request has been written, needs to persist, but we are not currently waiting for any response.
Definition: trunk.h:173
TRUNK_REQUEST_STATE_COMPLETE
@ TRUNK_REQUEST_STATE_COMPLETE
The request is complete.
Definition: trunk.h:182
TRUNK_REQUEST_STATE_SENT
@ TRUNK_REQUEST_STATE_SENT
Was written to a socket. Waiting for a response.
Definition: trunk.h:172
el
static fr_event_list_t * el
Definition: unit_test_attribute.c:270
inlen
static size_t char fr_sbuff_t size_t inlen
Definition: value.h:997
out
static size_t char ** out
Definition: value.h:997
Generated by   doxygen 1.9.1