Skip to content
This repository was archived by the owner on Aug 31, 2021. It is now read-only.

Commit 1fd2122

Browse files
[[ Postgresql SSL ]] Updated the postgresql database driver to allow secure connections.
The dbpostgresql database driver was updated to weakly link against libcrypto and libssl. The revOpenDatabase function was updated for postgres to take 6 extra parameters that determine the nature of the SSL connection. dbpostgresql was updated to connect using PQconnectdbParams, passing through the extra SSL paramters.
1 parent b13d305 commit 1fd2122

File tree

4 files changed

+164
-50
lines changed

4 files changed

+164
-50
lines changed

revdb/revdb.gyp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
'src/dbmysqlapi.cpp',
2525
'src/mysql_connection.cpp',
2626
'src/mysql_cursor.cpp',
27+
'src/ssl.cpp',
2728
],
2829

2930
'dbodbc_sources':
@@ -42,6 +43,7 @@
4243
'src/dbpostgresqlapi.cpp',
4344
'src/postgresql_connection.cpp',
4445
'src/postgresql_cursor.cpp',
46+
'src/ssl.cpp',
4547
],
4648

4749
'dbsqlite_sources':
@@ -319,6 +321,7 @@
319321
[
320322
'../libexternal/libexternal.gyp:libExternal',
321323
'../thirdparty/libpq/libpq.gyp:libpq',
324+
'../thirdparty/libopenssl/libopenssl.gyp:libopenssl',
322325
],
323326

324327
'include_dirs':
@@ -364,6 +367,7 @@
364367
[
365368
'../libexternal/libexternal.gyp:libExternal',
366369
'../thirdparty/libpq/libpq.gyp:libpq',
370+
'../thirdparty/libopenssl/libopenssl.gyp:libopenssl',
367371
],
368372

369373
'include_dirs':

revdb/src/mysql_connection.cpp

Lines changed: 1 addition & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -15,53 +15,8 @@ You should have received a copy of the GNU General Public License
1515
along with LiveCode. If not see <http://www.gnu.org/licenses/>. */
1616

1717
#include "dbmysql.h"
18-
static bool s_ssl_loaded = false;
1918

20-
#if !defined(_SERVER)
21-
extern "C" int initialise_weak_link_crypto(void);
22-
extern "C" int initialise_weak_link_ssl(void);
23-
bool load_ssl_library()
24-
{
25-
if (s_ssl_loaded)
26-
return true;
27-
28-
s_ssl_loaded = initialise_weak_link_crypto() && initialise_weak_link_ssl();
29-
30-
return s_ssl_loaded;
31-
}
32-
#elif defined(_SERVER)
33-
bool load_ssl_library()
34-
{
35-
return true;
36-
}
37-
#endif
38-
39-
#ifdef TARGET_SUBPLATFORM_IPHONE
40-
#if defined(__i386__) || defined(__x86_64__)
41-
#include <dlfcn.h>
42-
extern "C" void *IOS_LoadModule(const char *mod)
43-
{
44-
return dlopen(mod, RTLD_NOW);
45-
}
46-
47-
extern "C" void *IOS_ResolveSymbol(void *mod, const char *sym)
48-
{
49-
return dlsym(mod, sym);
50-
}
51-
#else
52-
extern "C" void *load_module(const char *);
53-
extern "C" void *resolve_symbol(void *, const char *);
54-
extern "C" void *IOS_LoadModule(const char *mod)
55-
{
56-
return load_module(mod);
57-
}
58-
59-
extern "C" void *IOS_ResolveSymbol(void *mod, const char *sym)
60-
{
61-
return resolve_symbol(mod, sym);
62-
}
63-
#endif
64-
#endif
19+
extern bool load_ssl_library();
6520

6621
#if defined(_WINDOWS)
6722
#define strcasecmp stricmp

revdb/src/postgresql_connection.cpp

Lines changed: 96 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ along with LiveCode. If not see <http://www.gnu.org/licenses/>. */
1616

1717
#include "dbpostgresql.h"
1818

19+
extern bool load_ssl_library();
20+
1921
/*DBCONNECTION_POSTGRESQL - CONNECTION OBJECT FOR MYSQL DATABASES CHILD OF DBCONNECTION*/
2022

2123
char *strndup(const char *p_string, int p_length)
@@ -59,11 +61,101 @@ Bool DBConnection_POSTGRESQL::connect(char **args, int numargs)
5961
if (t_delimiter != NULL)
6062
{
6163
t_port = (t_delimiter + (1 * sizeof(char)));
62-
*t_delimiter = NULL;
64+
*t_delimiter = '\0';
6365
}
64-
65-
dbconn = NULL;
66-
dbconn = PQsetdbLogin(t_host, t_port, NULL, NULL, t_database, t_user, t_password);
66+
67+
bool t_have_ssl;
68+
t_have_ssl = load_ssl_library();
69+
70+
// if an ssl mode (other than disable) has been passed, make sure we can load libopenssl
71+
// if no ssl mode has been passed, use prefer if we have libopenssl (try an ssl connection,
72+
// if that fails try non-ssl), if we don't have libopenssl, don't attempt an ssl connection (disable sslmode)
73+
char *t_sslmode;
74+
t_sslmode = NULL;
75+
if (numargs > 4)
76+
{
77+
if (strcmp(args[4], "disable") != 0 && !t_have_ssl)
78+
{
79+
errorMessageSet("revdb,unable to load SSL library");
80+
return false;
81+
}
82+
t_sslmode = strdup(args[4]);
83+
}
84+
else if (t_have_ssl)
85+
t_sslmode = strdup("prefer");
86+
else
87+
t_sslmode = strdup("disable");
88+
89+
if (t_sslmode == NULL)
90+
{
91+
errorMessageSet("revdb,unable to extract SSL mode");
92+
return false;
93+
}
94+
95+
char *t_sslcompression;
96+
t_sslcompression = NULL;
97+
if (numargs > 5)
98+
t_sslcompression = args[5];
99+
100+
char *t_sslcert;
101+
t_sslcert = NULL;
102+
if (numargs > 6)
103+
t_sslcert = args[6];
104+
105+
char *t_sslkey;
106+
t_sslkey = NULL;
107+
if (numargs > 7)
108+
t_sslkey = args[7];
109+
110+
char *t_sslrootcert;
111+
t_sslrootcert = NULL;
112+
if (numargs > 8)
113+
t_sslrootcert = args[8];
114+
115+
char *t_sslcrl;
116+
t_sslcrl = NULL;
117+
if (numargs > 9)
118+
t_sslcrl = args[9];
119+
120+
const char *t_connect_keys[] =
121+
{
122+
"host",
123+
"port",
124+
"dbname",
125+
"user",
126+
"password",
127+
128+
"sslmode",
129+
"sslcompression",
130+
"sslcert",
131+
"sslkey",
132+
"sslrootcert",
133+
"sslcrl",
134+
135+
NULL,
136+
};
137+
const char *t_connect_values[] =
138+
{
139+
t_host,
140+
t_port,
141+
t_database,
142+
t_user,
143+
t_password,
144+
145+
t_sslmode,
146+
t_sslcompression,
147+
t_sslcert,
148+
t_sslkey,
149+
t_sslrootcert,
150+
t_sslcrl,
151+
152+
NULL,
153+
};
154+
155+
dbconn = NULL;
156+
dbconn = PQconnectdbParams(t_connect_keys, t_connect_values, 0);
157+
158+
free(t_sslmode);
67159

68160
// OK-2008-05-16 : Bug where failed connections to postgres databases would
69161
// not return any error information. According to the postgres docs, dbconn

revdb/src/ssl.cpp

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
/* Copyright (C) 2003-2015 LiveCode Ltd.
2+
3+
This file is part of LiveCode.
4+
5+
LiveCode is free software; you can redistribute it and/or modify it under
6+
the terms of the GNU General Public License v3 as published by the Free
7+
Software Foundation.
8+
9+
LiveCode is distributed in the hope that it will be useful, but WITHOUT ANY
10+
WARRANTY; without even the implied warranty of MERCHANTABILITY or
11+
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12+
for more details.
13+
14+
You should have received a copy of the GNU General Public License
15+
along with LiveCode. If not see <http://www.gnu.org/licenses/>. */
16+
17+
static bool s_ssl_loaded = false;
18+
19+
#if !defined(_SERVER)
20+
extern "C" int initialise_weak_link_crypto(void);
21+
extern "C" int initialise_weak_link_ssl(void);
22+
bool load_ssl_library()
23+
{
24+
if (s_ssl_loaded)
25+
return true;
26+
27+
s_ssl_loaded = initialise_weak_link_crypto() && initialise_weak_link_ssl();
28+
29+
return s_ssl_loaded;
30+
}
31+
#elif defined(_SERVER)
32+
bool load_ssl_library()
33+
{
34+
return true;
35+
}
36+
#endif
37+
38+
#ifdef TARGET_SUBPLATFORM_IPHONE
39+
#if defined(__i386__) || defined(__x86_64__)
40+
#include <dlfcn.h>
41+
extern "C" void *IOS_LoadModule(const char *mod)
42+
{
43+
return dlopen(mod, RTLD_NOW);
44+
}
45+
46+
extern "C" void *IOS_ResolveSymbol(void *mod, const char *sym)
47+
{
48+
return dlsym(mod, sym);
49+
}
50+
#else
51+
extern "C" void *load_module(const char *);
52+
extern "C" void *resolve_symbol(void *, const char *);
53+
extern "C" void *IOS_LoadModule(const char *mod)
54+
{
55+
return load_module(mod);
56+
}
57+
58+
extern "C" void *IOS_ResolveSymbol(void *mod, const char *sym)
59+
{
60+
return resolve_symbol(mod, sym);
61+
}
62+
#endif
63+
#endif

0 commit comments

Comments
 (0)