Merge branch 'master' into feature-remote-logs
This commit is contained in:
Evan Tschannen
commit
e67f951c06
|
|
@ -21,12 +21,12 @@
|
|||
<ClCompile Include="FDBLibTLSSession.cpp" />
|
||||
</ItemGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|X64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<ConfigurationType>StaticLibrary</ConfigurationType>
|
||||
<CharacterSet>MultiByte</CharacterSet>
|
||||
<PlatformToolset>v140_xp</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|X64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<ConfigurationType>StaticLibrary</ConfigurationType>
|
||||
<CharacterSet>MultiByte</CharacterSet>
|
||||
<PlatformToolset>v140_xp</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ ITLSPolicy *FDBLibTLSPlugin::create_policy(ITLSLogFunc logf) {
|
|||
return new FDBLibTLSPolicy(Reference<FDBLibTLSPlugin>::addRef(this), logf);
|
||||
}
|
||||
|
||||
extern "C" BOOST_SYMBOL_EXPORT void *get_plugin(const char *plugin_type_name_and_version) {
|
||||
extern "C" BOOST_SYMBOL_EXPORT void *get_tls_plugin(const char *plugin_type_name_and_version) {
|
||||
if (strcmp(plugin_type_name_and_version, FDBLibTLSPlugin::get_plugin_type_name_and_version()) == 0) {
|
||||
return new FDBLibTLSPlugin;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,28 @@
|
|||
FDBLibTLS_CFLAGS := -fPIC -I/usr/local/include -I$(BOOSTDIR) -Ifdbrpc
|
||||
FDBLibTLS_STATIC_LIBS := -ltls -lssl -lcrypto
|
||||
FDBLibTLS_LDFLAGS := -L/usr/local/lib -static-libstdc++ -static-libgcc -lrt
|
||||
FDBLibTLS_LDFLAGS += -Wl,-soname,FDBLibTLS.so -Wl,--version-script=FDBLibTLS/FDBLibTLS.map
|
||||
#
|
||||
# local.mk
|
||||
#
|
||||
# This source file is part of the FoundationDB open source project
|
||||
#
|
||||
# Copyright 2013-2018 Apple Inc. and the FoundationDB project authors
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# The plugin isn't a typical library, so it feels more sensible to have a copy
|
||||
# of it in bin/.
|
||||
bin/fdb-libressl-plugin.$(DLEXT): lib/libFDBLibTLS.$(DLEXT)
|
||||
@cp $< $@
|
||||
# -*- mode: makefile; -*-
|
||||
|
||||
TARGETS += bin/fdb-libressl-plugin.$(DLEXT)
|
||||
FDBLibTLS_BUILD_SOURCES +=
|
||||
|
||||
|
||||
FDBLibTLS_CFLAGS := -fPIC -I/usr/local/include -I$(BOOSTDIR) -Ifdbrpc -DUSE_UCONTEXT
|
||||
|
||||
lib/libFDBLibTLS.a: bin/coverage.FDBLibTLS.xml
|
||||
|
|
|
|||
7
Makefile
7
Makefile
|
|
@ -87,6 +87,13 @@ CFLAGS += -g
|
|||
|
||||
# valgrind-compatibile builds are enabled by uncommenting lines in valgind.mk
|
||||
|
||||
ifdef TLS_DISABLED
|
||||
CFLAGS += -DTLS_DISABLED
|
||||
TLS_LIBS :=
|
||||
else
|
||||
TLS_LIBS := lib/libFDBLibTLS.a $(shell gcc --print-file-name=libtls.a) $(shell gcc --print-file-name=libssl.a) $(shell gcc --print-file-name=libcrypto.a)
|
||||
endif
|
||||
|
||||
CXXFLAGS += -Wno-deprecated
|
||||
LDFLAGS :=
|
||||
LIBS :=
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ FOR /F "tokens=1" %%i in ('hg.exe id') do copy /Y "$(TargetPath)" "$(TargetPath)
|
|||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
<AdditionalOptions>/bigobj @..\..\flow/no_intellisense.opt %(AdditionalOptions)</AdditionalOptions>
|
||||
</ClCompile>
|
||||
|
|
@ -95,7 +95,7 @@ FOR /F "tokens=1" %%i in ('hg.exe id') do copy /Y "$(TargetPath)" "$(TargetPath)
|
|||
<Optimization>MaxSpeed</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<AdditionalOptions>/bigobj @..\..\flow/no_intellisense.opt %(AdditionalOptions)</AdditionalOptions>
|
||||
</ClCompile>
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
|
||||
fdb_c_CFLAGS := $(fdbclient_CFLAGS)
|
||||
fdb_c_LDFLAGS := $(fdbrpc_LDFLAGS)
|
||||
fdb_c_LIBS := lib/libfdbclient.a lib/libfdbrpc.a lib/libflow.a
|
||||
fdb_c_LIBS := lib/libfdbclient.a lib/libfdbrpc.a lib/libflow.a $(TLS_LIBS)
|
||||
fdb_c_tests_LIBS := -Llib -lfdb_c
|
||||
fdb_c_tests_HEADERS := -Ibindings/c
|
||||
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@
|
|||
<Optimization>Disabled</Optimization>
|
||||
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);..\c</AdditionalIncludeDirectories>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<AdditionalOptions>/bigobj @..\..\flow/no_intellisense.opt %(AdditionalOptions)</AdditionalOptions>
|
||||
|
|
@ -118,7 +118,7 @@
|
|||
<Optimization>Full</Optimization>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);..\c</AdditionalIncludeDirectories>
|
||||
<EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
|
||||
<EnablePREfast>false</EnablePREfast>
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@
|
|||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<MinimalRebuild>false</MinimalRebuild>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
|
|
@ -100,7 +100,7 @@
|
|||
</PrecompiledHeader>
|
||||
<Optimization>Full</Optimization>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
|
|
|
|||
|
|
@ -65,7 +65,10 @@ func windowSize(start int64) int64 {
|
|||
func (hca highContentionAllocator) allocate(tr fdb.Transaction, s subspace.Subspace) (subspace.Subspace, error) {
|
||||
for {
|
||||
rr := tr.Snapshot().GetRange(hca.counters, fdb.RangeOptions{Limit: 1, Reverse: true})
|
||||
kvs := rr.GetSliceOrPanic()
|
||||
kvs, e := rr.GetSliceWithError()
|
||||
if e != nil {
|
||||
return nil, e
|
||||
}
|
||||
|
||||
var start int64
|
||||
var window int64
|
||||
|
|
@ -135,7 +138,10 @@ func (hca highContentionAllocator) allocate(tr fdb.Transaction, s subspace.Subsp
|
|||
|
||||
allocatorMutex.Unlock()
|
||||
|
||||
kvs = latestCounter.GetSliceOrPanic()
|
||||
kvs, e = latestCounter.GetSliceWithError()
|
||||
if e != nil {
|
||||
return nil, e
|
||||
}
|
||||
if len(kvs) > 0 {
|
||||
t, e := hca.counters.Unpack(kvs[0].Key)
|
||||
if e != nil {
|
||||
|
|
|
|||
|
|
@ -102,9 +102,11 @@ func (dl directoryLayer) createOrOpen(rtr fdb.ReadTransaction, tr *fdb.Transacti
|
|||
return nil, errors.New("the directory already exists")
|
||||
}
|
||||
|
||||
if layer != nil && bytes.Compare(existingNode._layer.MustGet(), layer) != 0 {
|
||||
if layer != nil {
|
||||
if l, e := existingNode._layer.Get(); e != nil || bytes.Compare(l, layer) != 0 {
|
||||
return nil, errors.New("the directory was created with an incompatible layer")
|
||||
}
|
||||
}
|
||||
|
||||
return existingNode.getContents(dl, nil)
|
||||
}
|
||||
|
|
@ -325,7 +327,11 @@ func (dl directoryLayer) Move(t fdb.Transactor, oldPath []string, newPath []stri
|
|||
|
||||
dl.removeFromParent(tr, oldPath)
|
||||
|
||||
return dl.contentsOfNode(oldNode.subspace, newPath, oldNode._layer.MustGet())
|
||||
l, e := oldNode._layer.Get()
|
||||
if e != nil {
|
||||
return nil, e
|
||||
}
|
||||
return dl.contentsOfNode(oldNode.subspace, newPath, l)
|
||||
})
|
||||
if e != nil {
|
||||
return nil, e
|
||||
|
|
@ -415,7 +421,10 @@ func (dl directoryLayer) subdirNames(rtr fdb.ReadTransaction, node subspace.Subs
|
|||
var ret []string
|
||||
|
||||
for ri.Advance() {
|
||||
kv := ri.MustGet()
|
||||
kv, e := ri.Get()
|
||||
if e != nil {
|
||||
return nil, e
|
||||
}
|
||||
|
||||
p, e := sd.Unpack(kv.Key)
|
||||
if e != nil {
|
||||
|
|
@ -453,7 +462,10 @@ func (dl directoryLayer) nodeContainingKey(rtr fdb.ReadTransaction, key []byte)
|
|||
bk, _ := dl.nodeSS.FDBRangeKeys()
|
||||
kr := fdb.KeyRange{bk, fdb.Key(append(dl.nodeSS.Pack(tuple.Tuple{key}), 0x00))}
|
||||
|
||||
kvs := rtr.GetRange(kr, fdb.RangeOptions{Reverse: true, Limit: 1}).GetSliceOrPanic()
|
||||
kvs, e := rtr.GetRange(kr, fdb.RangeOptions{Reverse: true, Limit: 1}).GetSliceWithError()
|
||||
if e != nil {
|
||||
return nil, e
|
||||
}
|
||||
if len(kvs) == 1 {
|
||||
pp, e := dl.nodeSS.Unpack(kvs[0].Key)
|
||||
if e != nil {
|
||||
|
|
@ -495,7 +507,10 @@ func (dl directoryLayer) isPrefixFree(rtr fdb.ReadTransaction, prefix []byte) (b
|
|||
}
|
||||
|
||||
func (dl directoryLayer) checkVersion(rtr fdb.ReadTransaction, tr *fdb.Transaction) error {
|
||||
version := rtr.Get(dl.rootNode.Sub([]byte("version"))).MustGet()
|
||||
version, err := rtr.Get(dl.rootNode.Sub([]byte("version"))).Get()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if version == nil {
|
||||
if tr != nil {
|
||||
|
|
|
|||
|
|
@ -67,5 +67,9 @@ func (n *node) getPartitionSubpath() []string {
|
|||
}
|
||||
|
||||
func (n *node) getContents(dl directoryLayer, tr *fdb.Transaction) (DirectorySubspace, error) {
|
||||
return dl.contentsOfNode(n.subspace, n.path, n._layer.MustGet())
|
||||
l, err := n._layer.Get()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return dl.contentsOfNode(n.subspace, n.path, l)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@
|
|||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);$(SolutionDir)bindings\c</AdditionalIncludeDirectories>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
<AdditionalOptions>/bigobj "@$(SolutionDir)flow/no_intellisense.opt" %(AdditionalOptions)</AdditionalOptions>
|
||||
</ClCompile>
|
||||
|
|
@ -75,7 +75,7 @@
|
|||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);$(SolutionDir)bindings\c</AdditionalIncludeDirectories>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=_WIN32_WINNT_WS03;WINVER=_WIN32_WINNT_WS03;NTDDI_VERSION=NTDDI_WS03;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<AdditionalOptions>/bigobj "@$(SolutionDir)flow/no_intellisense.opt" %(AdditionalOptions)</AdditionalOptions>
|
||||
</ClCompile>
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ RUN cd /opt/ && wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.4
|
|||
gpg --import libressl.asc && gpg --verify libressl-2.6.4.tar.gz.asc libressl-2.6.4.tar.gz &&\
|
||||
tar -xzf libressl-2.6.4.tar.gz && cd libressl-2.6.4 &&\
|
||||
./configure CFLAGS="-fPIC -O3" && make -j4 && make install &&\
|
||||
cd /opt/ # && rm -r libressl-2.6.4/ libressl-2.6.4.tar.gz libressl-2.6.4.tar.gz.asc libressl.asc
|
||||
cd /opt/ && rm -r libressl-2.6.4/ libressl-2.6.4.tar.gz libressl-2.6.4.tar.gz.asc libressl.asc
|
||||
|
||||
RUN LANGUAGE=en_US.UTF-8 LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 locale-gen en_US.UTF-8
|
||||
|
||||
|
|
@ -33,3 +33,6 @@ ENV TARGET_LIBC_VERSION=$TARGET_LIBC_VERSION
|
|||
|
||||
ARG CC=/usr/bin/gcc
|
||||
ENV CC=$CC
|
||||
|
||||
ARG LIBRARY_PATH=/usr/local/lib
|
||||
ENV LIBRARY_PATH=$LD_FLAGS
|
||||
|
|
|
|||
|
|
@ -121,9 +121,7 @@ ifeq ($(PLATFORM),linux)
|
|||
@rm -f packages/foundationdb-server-*.rpm packages/foundationdb-clients-*.rpm
|
||||
@packaging/rpm/buildrpms.sh $(VERSION) $(PKGRELEASE)
|
||||
|
||||
FDBTLS: bin/fdb-libressl-plugin.$(DLEXT)
|
||||
|
||||
packages: DEB RPM JAVA_RELEASE FDBTESTS FDBHEADERS FDBTLS
|
||||
packages: DEB RPM JAVA_RELEASE FDBTESTS FDBHEADERS
|
||||
|
||||
packages_clean: DEB_clean RPM_clean JAVA_RELEASE_clean FDBHEADERS_clean
|
||||
|
||||
|
|
|
|||
|
|
@ -159,4 +159,9 @@ info:
|
|||
@echo "User: ($(USERID)) $(USER)"
|
||||
@echo "Java Version: ($(JAVAVERMAJOR).$(JAVAVERMINOR)) $(JAVAVER)"
|
||||
@echo "Platform: $(PLATFORM)"
|
||||
ifdef TLS_DISABLED
|
||||
@echo "TLS: Disabled"
|
||||
else
|
||||
@echo "TLS: Enabled"
|
||||
endif
|
||||
@echo ""
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Introduction
|
|||
|
||||
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are protocols designed to provide communication security over public networks. Users exchange a symmetric session key that is used to encrypt data exchanged between the parties.
|
||||
|
||||
By default, a FoundationDB cluster uses *unencrypted* connections among client and server processes. This document describes the `Transport Layer Security <http://en.wikipedia.org/wiki/Transport_Layer_Security>`_ (TLS) capabilities of FoundationDB, which enable security and authentication through a public/private key infrastructure. TLS is provided in FoundationDB via a plugin-based architecture. This document will describe the basic TLS capabilities of FoundationDB and document the default plugin, which is based on `LibreSSL <https://www.libressl.org/>`_. TLS-enabled servers will only communicate with other TLS-enabled servers and TLS-enabled clients. Therefore, a cluster's machines must all enable TLS in order for TLS to be used.
|
||||
By default, a FoundationDB cluster uses *unencrypted* connections among client and server processes. This document describes the `Transport Layer Security <http://en.wikipedia.org/wiki/Transport_Layer_Security>`_ (TLS) capabilities of FoundationDB, which enable security and authentication through a public/private key infrastructure. TLS is compiled into each FoundationDB binary. This document will describe the basic TLS capabilities of FoundationDB and document its implementation, which is based on `LibreSSL <https://www.libressl.org/>`_. TLS-enabled servers will only communicate with other TLS-enabled servers and TLS-enabled clients. Therefore, a cluster's machines must all enable TLS in order for TLS to be used.
|
||||
|
||||
|
||||
Setting Up FoundationDB to use TLS
|
||||
|
|
@ -42,23 +42,22 @@ Enabling TLS on an existing (non-TLS) cluster cannot be accomplished without dow
|
|||
|
||||
3) Restart the cluster and the clients.
|
||||
|
||||
.. _configuring-tls-plugin:
|
||||
.. _configuring-tls:
|
||||
|
||||
Configuring the TLS Plugin
|
||||
Configuring TLS
|
||||
==========================
|
||||
|
||||
The location and operation of the TLS plugin are configured through four settings. These settings can be provided as command-line options, client options, or environment variables, and are named as follows:
|
||||
The operation of TLS is configured through five settings. These settings can be provided as command-line options, client options, or environment variables, and are named as follows:
|
||||
|
||||
======================== ==================== ============================ ==================================================
|
||||
Command-line Option Client Option Environment Variable Purpose
|
||||
======================== ==================== ============================ ==================================================
|
||||
``tls_plugin`` ``TLS_plugin`` ``FDB_TLS_PLUGIN`` Path to the file to be loaded as the TLS plugin
|
||||
``tls_certificate_file`` ``TLS_cert_path`` ``FDB_TLS_CERTIFICATE_FILE`` Path to the file from which the local certificates
|
||||
can be loaded, used by the plugin
|
||||
can be loaded
|
||||
``tls_key_file`` ``TLS_key_path`` ``FDB_TLS_KEY_FILE`` Path to the file from which to load the private
|
||||
key, used by the plugin
|
||||
key
|
||||
``tls_verify_peers`` ``TLS_verify_peers`` ``FDB_TLS_VERIFY_PEERS`` The byte-string for the verification of peer
|
||||
certificates and sessions, used by the plugin
|
||||
certificates and sessions
|
||||
``tls_password`` ``TLS_password`` ``FDB_TLS_PASSWORD`` The byte-string representing the passcode for
|
||||
unencrypting the private key
|
||||
``tls_ca_file`` ``TLS_ca_path`` ``FDB_TLS_CA_FILE`` Path to the file containing the CA certificates
|
||||
|
|
@ -73,22 +72,11 @@ The value for each setting can be specified in more than one way. The actual va
|
|||
|
||||
As with all other command-line options to ``fdbserver``, the TLS settings can be specified in the :ref:`[fdbserver] section of the configuration file <foundationdb-conf-fdbserver>`.
|
||||
|
||||
The settings for certificate file, key file, peer verification, password and CA file are interpreted by the loaded plugin.
|
||||
The settings for certificate file, key file, peer verification, password and CA file are interpreted by the software.
|
||||
|
||||
Default Values
|
||||
--------------
|
||||
|
||||
Plugin default location
|
||||
^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Similarly, if a value is not specified for the parameter ``tls_plugin``, the file will be specified by the environment variable ``FDB_TLS_PLUGIN`` or, if this variable is not set, the system-dependent location:
|
||||
|
||||
* Linux: ``/usr/lib/foundationdb/plugins/fdb-libressl-plugin.so``
|
||||
* macOS: ``/usr/local/foundationdb/plugins/fdb-libressl-plugin.dylib``
|
||||
* Windows: ``C:\Program Files\foundationdb\plugins\fdb-libressl-plugin.dll``
|
||||
|
||||
On Windows, this location will be relative to the chosen installation location. The environment variable ``FOUNDATIONDB_INSTALL_PATH`` will be used in place of ``C:\Program Files\foundationdb\`` to determine this location.
|
||||
|
||||
Certificate file default location
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
@ -106,31 +94,29 @@ The default peer verification is ``Check.Valid=1``.
|
|||
Default Password
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
There is no default password. If no password is specified, the plugin assumes that private key is unencrypted.
|
||||
There is no default password. If no password is specified, it is assumed that the private key is unencrypted.
|
||||
|
||||
CA file default location
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If a value is not specified, the plugin searches for certs in the default openssl certs location.
|
||||
If a value is not specified, the software searches for certs in the default openssl certs location.
|
||||
|
||||
Parameters and client bindings
|
||||
------------------------------
|
||||
|
||||
When loading a TLS plugin from a non-default location when using a client binding, the ``TLS_PLUGIN`` network option must be specified before any other TLS option. Because a loaded TLS plugin is allowed to reject the values specified in the other options, the plugin load operation will be forced by specifying one of the other options, if it not already specified.
|
||||
|
||||
The default LibreSSL-based plugin
|
||||
The default LibreSSL-based implementation
|
||||
=================================
|
||||
|
||||
FoundationDB offers a TLS plugin based on the LibreSSL library. By default, it will be loaded automatically when participating in a TLS-enabled cluster.
|
||||
FoundationDB offers TLS based on the LibreSSL library. By default, it will be enabled automatically when participating in a TLS-enabled cluster.
|
||||
|
||||
For the plugin to operate, each process (both server and client) must have an X509 certificate, its corresponding private key, and potentially the certificates with which is was signed. When a process begins to communicate with a FoundationDB server process, the peer's certificate is checked to see if it is trusted and the fields of the peer certificate are verified. Peers must share the same root trusted certificate, and they must both present certificates whose signing chain includes this root certificate.
|
||||
For TLS to operate, each process (both server and client) must have an X509 certificate, its corresponding private key, and potentially the certificates with which is was signed. When a process begins to communicate with a FoundationDB server process, the peer's certificate is checked to see if it is trusted and the fields of the peer certificate are verified. Peers must share the same root trusted certificate, and they must both present certificates whose signing chain includes this root certificate.
|
||||
|
||||
If the local certificate and chain is invalid, a FoundationDB server process bound to a TLS address will not start. In the case of invalid certificates on a client, the client will be able to start but will be unable to connect any TLS-enabled cluster.
|
||||
|
||||
Formats
|
||||
-------
|
||||
|
||||
The LibreSSL plugin can read certificates and their private keys in base64-encoded DER-formatted X.509 format (which is known as PEM). A PEM file can contain both certificates and a private key or the two can be stored in separate files.
|
||||
LibreSSL can read certificates and their private keys in base64-encoded DER-formatted X.509 format (which is known as PEM). A PEM file can contain both certificates and a private key or the two can be stored in separate files.
|
||||
|
||||
Required files
|
||||
--------------
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@
|
|||
<Optimization>Disabled</Optimization>
|
||||
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<AdditionalOptions>/bigobj @../flow/no_intellisense.opt %(AdditionalOptions)</AdditionalOptions>
|
||||
|
|
@ -98,7 +98,7 @@
|
|||
<Optimization>Full</Optimization>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
|
||||
<EnablePREfast>false</EnablePREfast>
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
|
||||
fdbbackup_CFLAGS := $(fdbclient_CFLAGS)
|
||||
fdbbackup_LDFLAGS := $(fdbrpc_LDFLAGS)
|
||||
fdbbackup_LIBS := lib/libfdbclient.a lib/libfdbrpc.a lib/libflow.a
|
||||
fdbbackup_LIBS := lib/libfdbclient.a lib/libfdbrpc.a lib/libflow.a $(TLS_LIBS)
|
||||
|
||||
ifeq ($(PLATFORM),linux)
|
||||
fdbbackup_LIBS += -ldl -lpthread -lrt
|
||||
|
|
|
|||
|
|
@ -72,7 +72,9 @@ CSimpleOpt::SOption g_rgOptions[] = {
|
|||
{ OPT_VERSION, "--version", SO_NONE },
|
||||
{ OPT_VERSION, "-v", SO_NONE },
|
||||
|
||||
#ifndef TLS_DISABLED
|
||||
TLS_OPTION_FLAGS
|
||||
#endif
|
||||
|
||||
SO_END_OF_OPTIONS
|
||||
};
|
||||
|
|
@ -400,7 +402,9 @@ static void printProgramUsage(const char* name) {
|
|||
" and then exits.\n"
|
||||
" --no-status Disables the initial status check done when starting\n"
|
||||
" the CLI.\n"
|
||||
#ifndef TLS_DISABLED
|
||||
TLS_HELP
|
||||
#endif
|
||||
" -v, --version Print FoundationDB CLI version information and exit.\n"
|
||||
" -h, --help Display this help and exit.\n");
|
||||
}
|
||||
|
|
@ -2147,14 +2151,10 @@ struct CLIOptions {
|
|||
initialStatusCheck = false;
|
||||
break;
|
||||
|
||||
#ifndef TLS_DISABLED
|
||||
// TLS Options
|
||||
case TLSOptions::OPT_TLS_PLUGIN:
|
||||
try {
|
||||
setNetworkOption(FDBNetworkOptions::TLS_PLUGIN, std::string(args.OptionArg()));
|
||||
} catch( Error& e ) {
|
||||
fprintf(stderr, "ERROR: cannot load TLS plugin `%s' (%s)\n", args.OptionArg(), e.what());
|
||||
return 1;
|
||||
}
|
||||
args.OptionArg();
|
||||
break;
|
||||
case TLSOptions::OPT_TLS_CERTIFICATES:
|
||||
tlsCertPath = args.OptionArg();
|
||||
|
|
@ -2171,6 +2171,7 @@ struct CLIOptions {
|
|||
case TLSOptions::OPT_TLS_VERIFY_PEERS:
|
||||
tlsVerifyPeers = args.OptionArg();
|
||||
break;
|
||||
#endif
|
||||
case OPT_HELP:
|
||||
printProgramUsage(program_name.c_str());
|
||||
return 0;
|
||||
|
|
@ -3203,6 +3204,7 @@ int main(int argc, char **argv) {
|
|||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (opt.tlsCAPath.size()) {
|
||||
try {
|
||||
setNetworkOption(FDBNetworkOptions::TLS_CA_PATH, opt.tlsCAPath);
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@
|
|||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>..\zookeeper\win32;..\zookeeper\generated;..\zookeeper\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<MinimalRebuild>false</MinimalRebuild>
|
||||
|
|
@ -105,7 +105,7 @@
|
|||
</PrecompiledHeader>
|
||||
<Optimization>Full</Optimization>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>..\zookeeper\win32;..\zookeeper\generated;..\zookeeper\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
|
||||
fdbcli_CFLAGS := $(fdbclient_CFLAGS)
|
||||
fdbcli_LDFLAGS := $(fdbrpc_LDFLAGS)
|
||||
fdbcli_LIBS := lib/libfdbclient.a lib/libfdbrpc.a lib/libflow.a -ldl
|
||||
fdbcli_LIBS := lib/libfdbclient.a lib/libfdbrpc.a lib/libflow.a -ldl $(TLS_LIBS)
|
||||
fdbcli_STATIC_LIBS :=
|
||||
|
||||
fdbcli_GENERATED_SOURCES += versions.h
|
||||
|
|
|
|||
|
|
@ -783,7 +783,6 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional<StringRef> valu
|
|||
}
|
||||
case FDBNetworkOptions::TLS_PLUGIN:
|
||||
validateOptionValue(value, true);
|
||||
tlsOptions->set_plugin_name_or_path( value.get().toString() );
|
||||
break;
|
||||
case FDBNetworkOptions::TLS_CERT_PATH:
|
||||
validateOptionValue(value, true);
|
||||
|
|
@ -872,7 +871,9 @@ void setupNetwork(uint64_t transportId, bool useMetrics) {
|
|||
FlowTransport::createInstance(transportId);
|
||||
Net2FileSystem::newFileSystem();
|
||||
|
||||
#ifndef TLS_DISABLED
|
||||
tlsOptions->register_network();
|
||||
#endif
|
||||
}
|
||||
|
||||
void runNetwork() {
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@
|
|||
<Optimization>Disabled</Optimization>
|
||||
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<AdditionalOptions>/bigobj @../flow/no_intellisense.opt %(AdditionalOptions)</AdditionalOptions>
|
||||
|
|
@ -178,7 +178,7 @@
|
|||
<Optimization>Full</Optimization>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
|
||||
<EnablePREfast>false</EnablePREfast>
|
||||
|
|
|
|||
|
|
@ -20,13 +20,25 @@
|
|||
|
||||
#pragma once
|
||||
|
||||
// Specialized TLS plugin library
|
||||
extern "C" void *get_tls_plugin(const char *plugin_type_name_and_version);
|
||||
|
||||
// Name of specialized TLS Plugin
|
||||
extern const char* tlsPluginName;
|
||||
|
||||
template <class T>
|
||||
Reference<T> loadPlugin( std::string const& plugin_name ) {
|
||||
void* plugin = loadLibrary( plugin_name.c_str() );
|
||||
void *(*get_plugin)(const char*) = (void*(*)(const char*))loadFunction( plugin, "get_plugin" );
|
||||
|
||||
if ( get_plugin )
|
||||
return Reference<T>( (T*)get_plugin( T::get_plugin_type_name_and_version() ) );
|
||||
void *(*get_plugin)(const char*) = NULL;
|
||||
#ifndef TLS_DISABLED
|
||||
if (!plugin_name.compare(tlsPluginName)) {
|
||||
get_plugin = (void*(*)(const char*)) get_tls_plugin;
|
||||
}
|
||||
else
|
||||
return Reference<T>( NULL );
|
||||
#endif
|
||||
{
|
||||
void* plugin = loadLibrary( plugin_name.c_str() );
|
||||
if (plugin)
|
||||
get_plugin = (void*(*)(const char*))loadFunction( plugin, "get_plugin" );
|
||||
}
|
||||
return (get_plugin) ? Reference<T>( (T*)get_plugin( T::get_plugin_type_name_and_version() ) ) : Reference<T>( NULL );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,9 @@
|
|||
#include "Platform.h"
|
||||
#include <memory>
|
||||
|
||||
// Name of specialized TLS Plugin
|
||||
const char* tlsPluginName = "fdb-libressl-plugin";
|
||||
|
||||
// Must not throw an exception from this function!
|
||||
static int send_func(void* ctx, const uint8_t* buf, int len) {
|
||||
TLSConnection* conn = (TLSConnection*)ctx;
|
||||
|
|
@ -194,13 +197,6 @@ Reference<IListener> TLSNetworkConnections::listen( NetworkAddress localAddr ) {
|
|||
// 5MB for loading files into memory
|
||||
#define CERT_FILE_MAX_SIZE (5 * 1024 * 1024)
|
||||
|
||||
void TLSOptions::set_plugin_name_or_path( std::string const& plugin_name_or_path ) {
|
||||
if ( plugin )
|
||||
throw invalid_option();
|
||||
|
||||
init_plugin( plugin_name_or_path );
|
||||
}
|
||||
|
||||
void TLSOptions::set_cert_file( std::string const& cert_file ) {
|
||||
try {
|
||||
TraceEvent("TLSConnectionSettingCertFile").detail("CertFilePath", cert_file);
|
||||
|
|
@ -374,22 +370,14 @@ static void TLSConnectionLogFunc( const char* event, void* uid_ptr, bool is_erro
|
|||
va_end( ap );
|
||||
}
|
||||
|
||||
void TLSOptions::init_plugin( std::string const& plugin_path ) {
|
||||
std::string path;
|
||||
void TLSOptions::init_plugin() {
|
||||
|
||||
if ( plugin_path.length() ) {
|
||||
path = plugin_path;
|
||||
} else {
|
||||
if ( !platform::getEnvironmentVar( "FDB_TLS_PLUGIN", path ) )
|
||||
// FIXME: should there be other fallbacks?
|
||||
path = platform::getDefaultPluginPath("fdb-libressl-plugin");
|
||||
}
|
||||
TraceEvent("TLSConnectionLoadingPlugin").detail("Plugin", tlsPluginName);
|
||||
|
||||
plugin = loadPlugin<ITLSPlugin>( tlsPluginName );
|
||||
|
||||
TraceEvent("TLSConnectionLoadingPlugin").detail("PluginPath", path);
|
||||
plugin = loadPlugin<ITLSPlugin>( path.c_str() );
|
||||
if ( !plugin ) {
|
||||
// FIXME: allow?
|
||||
TraceEvent(SevError, "TLSConnectionPluginInitError").detail("Plugin", path).GetLastError();
|
||||
TraceEvent(SevError, "TLSConnectionPluginInitError").detail("Plugin", tlsPluginName).GetLastError();
|
||||
throw tls_error();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -82,9 +82,12 @@ struct TLSListener : IListener, ReferenceCounted<TLSListener> {
|
|||
struct TLSOptions : ReferenceCounted<TLSOptions> {
|
||||
enum { OPT_TLS = 100000, OPT_TLS_PLUGIN, OPT_TLS_CERTIFICATES, OPT_TLS_KEY, OPT_TLS_VERIFY_PEERS, OPT_TLS_CA_FILE, OPT_TLS_PASSWORD };
|
||||
enum PolicyType { POLICY_VERIFY_PEERS = 1, POLICY_NO_VERIFY_PEERS };
|
||||
TLSOptions() : certs_set(false), key_set(false), verify_peers_set(false), ca_set(false) {}
|
||||
TLSOptions() : certs_set(false), key_set(false), verify_peers_set(false), ca_set(false) {
|
||||
#ifndef TLS_DISABLED
|
||||
init_plugin( );
|
||||
#endif
|
||||
}
|
||||
|
||||
void set_plugin_name_or_path( std::string const& plugin_name_or_path );
|
||||
void set_cert_file( std::string const& cert_file );
|
||||
void set_cert_data( std::string const& cert_data );
|
||||
void set_ca_file(std::string const& ca_file);
|
||||
|
|
@ -101,7 +104,7 @@ struct TLSOptions : ReferenceCounted<TLSOptions> {
|
|||
bool enabled();
|
||||
|
||||
private:
|
||||
void init_plugin( std::string const& plugin_path = "" );
|
||||
void init_plugin( );
|
||||
|
||||
Reference<ITLSPlugin> plugin;
|
||||
Reference<ITLSPolicy> policyVerifyPeersSet;
|
||||
|
|
@ -132,7 +135,7 @@ private:
|
|||
#define TLS_PASSWORD_FLAG "--tls_password"
|
||||
|
||||
#define TLS_OPTION_FLAGS \
|
||||
{ TLSOptions::OPT_TLS_PLUGIN, TLS_PLUGIN_FLAG, SO_OPT }, \
|
||||
{ TLSOptions::OPT_TLS_PLUGIN, TLS_PLUGIN_FLAG, SO_REQ_SEP }, \
|
||||
{ TLSOptions::OPT_TLS_CERTIFICATES, TLS_CERTIFICATE_FILE_FLAG, SO_REQ_SEP }, \
|
||||
{ TLSOptions::OPT_TLS_KEY, TLS_KEY_FILE_FLAG, SO_REQ_SEP }, \
|
||||
{ TLSOptions::OPT_TLS_VERIFY_PEERS, TLS_VERIFY_PEERS_FLAG, SO_REQ_SEP }, \
|
||||
|
|
@ -140,11 +143,6 @@ private:
|
|||
{ TLSOptions::OPT_TLS_CA_FILE, TLS_CA_FILE_FLAG, SO_REQ_SEP },
|
||||
|
||||
#define TLS_HELP \
|
||||
" " TLS_PLUGIN_FLAG " PLUGIN\n" \
|
||||
" The name/path of a FoundationDB TLS plugin to be loaded.\n" \
|
||||
" PLUGIN will be opened using dlopen (or LoadLibrary on\n" \
|
||||
" Windows) and will be located using the search order\n" \
|
||||
" of dlopen or LoadLibrary on your platform.\n" \
|
||||
" " TLS_CERTIFICATE_FILE_FLAG " CERTFILE\n" \
|
||||
" The path of a file containing the TLS certificate and CA\n" \
|
||||
" chain.\n" \
|
||||
|
|
|
|||
|
|
@ -198,7 +198,7 @@
|
|||
<Optimization>Disabled</Optimization>
|
||||
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<AdditionalOptions>/bigobj @../flow/no_intellisense.opt %(AdditionalOptions)</AdditionalOptions>
|
||||
|
|
@ -222,7 +222,7 @@
|
|||
<Optimization>Full</Optimization>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;FDB_CLEAN_BUILD;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;FDB_CLEAN_BUILD;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
|
||||
<EnablePREfast>false</EnablePREfast>
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@
|
|||
#include <openssl/md5.h>
|
||||
#elif !defined(_MD5_H)
|
||||
#define _MD5_H
|
||||
#include "flow/Platform.h"
|
||||
|
||||
/* Any 32-bit or wider unsigned integer data type will do */
|
||||
typedef unsigned int MD5_u32plus;
|
||||
|
|
@ -41,9 +42,9 @@ typedef struct {
|
|||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
void MD5_Init(MD5_CTX *ctx);
|
||||
void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
|
||||
void MD5_Final(unsigned char *result, MD5_CTX *ctx);
|
||||
extern void MULTIPLY_DEFINED_SYMBOL MD5_Init(MD5_CTX *ctx);
|
||||
extern void MULTIPLY_DEFINED_SYMBOL MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
|
||||
extern void MULTIPLY_DEFINED_SYMBOL MD5_Final(unsigned char *result, MD5_CTX *ctx);
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -151,7 +151,9 @@ CSimpleOpt::SOption g_rgOptions[] = {
|
|||
{ OPT_IO_TRUST_SECONDS, "--io_trust_seconds", SO_REQ_SEP },
|
||||
{ OPT_IO_TRUST_WARN_ONLY, "--io_trust_warn_only", SO_NONE },
|
||||
|
||||
#ifndef TLS_DISABLED
|
||||
TLS_OPTION_FLAGS
|
||||
#endif
|
||||
|
||||
SO_END_OF_OPTIONS
|
||||
};
|
||||
|
|
@ -627,7 +629,9 @@ static void printUsage( const char *name, bool devhelp ) {
|
|||
" Machine class (valid options are storage, transaction,\n"
|
||||
" resolution, proxy, master, test, unset, stateless, log, router,\n"
|
||||
" and cluster_controller).\n");
|
||||
#ifndef TLS_DISABLED
|
||||
printf(TLS_HELP);
|
||||
#endif
|
||||
printf(" -v, --version Print version information and exit.\n");
|
||||
printf(" -h, -?, --help Display this help and exit.\n");
|
||||
if( devhelp ) {
|
||||
|
|
@ -1191,15 +1195,9 @@ int main(int argc, char* argv[]) {
|
|||
case OPT_IO_TRUST_WARN_ONLY:
|
||||
fileIoWarnOnly = true;
|
||||
break;
|
||||
#ifndef TLS_DISABLED
|
||||
case TLSOptions::OPT_TLS_PLUGIN:
|
||||
try {
|
||||
const char* plugin_path = args.OptionArg();
|
||||
tlsOptions->set_plugin_name_or_path( plugin_path ? plugin_path : "" );
|
||||
} catch (Error& e) {
|
||||
fprintf(stderr, "ERROR: cannot load TLS plugin `%s' (%s)\n", args.OptionArg(), e.what());
|
||||
printHelpTeaser(argv[0]);
|
||||
flushAndExit(FDB_EXIT_ERROR);
|
||||
}
|
||||
args.OptionArg();
|
||||
break;
|
||||
case TLSOptions::OPT_TLS_CERTIFICATES:
|
||||
tlsCertPath = args.OptionArg();
|
||||
|
|
@ -1216,6 +1214,7 @@ int main(int argc, char* argv[]) {
|
|||
case TLSOptions::OPT_TLS_VERIFY_PEERS:
|
||||
tlsVerifyPeers.push_back(args.OptionArg());
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1475,6 +1474,7 @@ int main(int argc, char* argv[]) {
|
|||
|
||||
openTraceFile(publicAddress, rollsize, maxLogsSize, logFolder, "trace", logGroup);
|
||||
|
||||
#ifndef TLS_DISABLED
|
||||
if ( tlsCertPath.size() )
|
||||
tlsOptions->set_cert_file( tlsCertPath );
|
||||
if (tlsCAPath.size())
|
||||
|
|
@ -1489,7 +1489,7 @@ int main(int argc, char* argv[]) {
|
|||
tlsOptions->set_verify_peers( tlsVerifyPeers );
|
||||
|
||||
tlsOptions->register_network();
|
||||
|
||||
#endif
|
||||
if (role == FDBD || role == NetworkTestServer) {
|
||||
try {
|
||||
listenError = FlowTransport::transport().bind(publicAddress, listenAddress);
|
||||
|
|
|
|||
|
|
@ -252,7 +252,7 @@
|
|||
<Optimization>Disabled</Optimization>
|
||||
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<AdditionalOptions>/bigobj @../flow/no_intellisense.opt %(AdditionalOptions)</AdditionalOptions>
|
||||
|
|
@ -273,7 +273,7 @@
|
|||
<Optimization>Full</Optimization>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
|
||||
<EnablePREfast>false</EnablePREfast>
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
|
||||
fdbserver_CFLAGS := $(fdbclient_CFLAGS) -I fdbserver/workloads
|
||||
fdbserver_LDFLAGS := $(fdbrpc_LDFLAGS)
|
||||
fdbserver_LIBS := lib/libfdbclient.a lib/libfdbrpc.a lib/libflow.a
|
||||
fdbserver_LIBS := lib/libfdbclient.a lib/libfdbrpc.a lib/libflow.a $(TLS_LIBS)
|
||||
|
||||
ifeq ($(PLATFORM),linux)
|
||||
fdbserver_LIBS += -ldl -lpthread -lrt
|
||||
|
|
|
|||
|
|
@ -529,6 +529,17 @@ void* loadFunction(void* lib, const char* func_name);
|
|||
#define EXTERNC
|
||||
#endif // __cplusplus
|
||||
|
||||
/*
|
||||
* Multiply Defined Symbol (support for weak function declaration).
|
||||
*/
|
||||
#ifndef MULTIPLY_DEFINED_SYMBOL
|
||||
#if defined(_MSC_VER)
|
||||
#define MULTIPLY_DEFINED_SYMBOL
|
||||
#else
|
||||
#define MULTIPLY_DEFINED_SYMBOL __attribute__((weak))
|
||||
#endif
|
||||
#endif
|
||||
|
||||
// Logs a critical error message and exits the program
|
||||
EXTERNC void criticalError(int exitCode, const char *type, const char *message);
|
||||
EXTERNC void flushAndExit(int exitCode);
|
||||
|
|
|
|||
|
|
@ -152,7 +152,7 @@
|
|||
<Optimization>Disabled</Optimization>
|
||||
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;_DEBUG;_HAS_ITERATOR_DEBUGGING=0;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<MultiProcessorCompilation>true</MultiProcessorCompilation>
|
||||
<AdditionalOptions>/bigobj @../flow/no_intellisense.opt %(AdditionalOptions)</AdditionalOptions>
|
||||
|
|
@ -175,7 +175,7 @@
|
|||
<Optimization>Full</Optimization>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;FDB_CLEAN_BUILD;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>TLS_DISABLED;WIN32;_WIN32_WINNT=0x0502;WINVER=0x0502;NTDDI_VERSION=0x05020000;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;FDB_CLEAN_BUILD;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
<EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
|
||||
<EnablePREfast>false</EnablePREfast>
|
||||
|
|
|
|||
Loading…
Reference in New Issue