From 92f757c60a079ce5231cf69aef0662bbfbbdf983 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?= Date: Tue, 23 Apr 2024 13:02:48 +0200 Subject: [PATCH 1/3] Add new table 'ssl_ciphers' to ProxySQL Admin Exposes the currently supported ciphers through a Admin table. --- include/proxysql_admin.h | 4 ++++ lib/ProxySQL_Admin.cpp | 28 ++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/include/proxysql_admin.h b/include/proxysql_admin.h index c56d68bbb6..3445a7a1c8 100644 --- a/include/proxysql_admin.h +++ b/include/proxysql_admin.h @@ -289,6 +289,10 @@ class ProxySQL_Admin { ProxySQL_External_Scheduler *scheduler; void dump_mysql_collations(); + /** + * @brief Dumps into the Admin SQLite3 table 'ssl_ciphers' currently available ciphers. + */ + void dump_ssl_ciphers(); void insert_into_tables_defs(std::vector *, const char *table_name, const char *table_def); void drop_tables_defs(std::vector *tables_defs); void check_and_build_standard_tables(SQLite3DB *db, std::vector *tables_defs); diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index 17ac811b0c..b6f10687ce 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -442,6 +442,8 @@ MHD_Result http_handler(void *cls, struct MHD_Connection *connection, const char #define ADMIN_SQLITE_TABLE_MYSQL_COLLATIONS "CREATE TABLE mysql_collations (Id INTEGER NOT NULL PRIMARY KEY , Collation VARCHAR NOT NULL , Charset VARCHAR NOT NULL , `Default` VARCHAR NOT NULL)" +#define ADMIN_SQLITE_TABLE_SSL_CIPHERS "CREATE TABLE ssl_ciphers (cipher_name VARCHAR NOT NULL, cipher_description VARCHAR NOT NULL)" + #define ADMIN_SQLITE_TABLE_RESTAPI_ROUTES_V2_0_15 "CREATE TABLE restapi_routes (id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT , active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1 , interval_ms INTEGER CHECK (interval_ms>=100 AND interval_ms<=100000000) NOT NULL , method VARCHAR NOT NULL CHECK (UPPER(method) IN ('GET','POST')) , uri VARCHAR NOT NULL , script VARCHAR NOT NULL , comment VARCHAR NOT NULL DEFAULT '')" #define ADMIN_SQLITE_TABLE_RESTAPI_ROUTES_v2_1_0 "CREATE TABLE restapi_routes (id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT , active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1 , timeout_ms INTEGER CHECK (timeout_ms>=100 AND timeout_ms<=100000000) NOT NULL , method VARCHAR NOT NULL CHECK (UPPER(method) IN ('GET','POST')) , uri VARCHAR NOT NULL , script VARCHAR NOT NULL , comment VARCHAR NOT NULL DEFAULT '')" @@ -6474,6 +6476,7 @@ bool ProxySQL_Admin::init(const bootstrap_info_t& bootstrap_info) { insert_into_tables_defs(tables_defs_admin,"global_variables", ADMIN_SQLITE_TABLE_GLOBAL_VARIABLES); insert_into_tables_defs(tables_defs_admin,"runtime_global_variables", ADMIN_SQLITE_RUNTIME_GLOBAL_VARIABLES); insert_into_tables_defs(tables_defs_admin,"mysql_collations", ADMIN_SQLITE_TABLE_MYSQL_COLLATIONS); + insert_into_tables_defs(tables_defs_admin,"ssl_ciphers", ADMIN_SQLITE_TABLE_SSL_CIPHERS); insert_into_tables_defs(tables_defs_admin,"scheduler", ADMIN_SQLITE_TABLE_SCHEDULER); insert_into_tables_defs(tables_defs_admin,"runtime_scheduler", ADMIN_SQLITE_TABLE_RUNTIME_SCHEDULER); insert_into_tables_defs(tables_defs_admin,"mysql_firewall_whitelist_users", ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_USERS); @@ -6588,6 +6591,7 @@ bool ProxySQL_Admin::init(const bootstrap_info_t& bootstrap_info) { __attach_db(statsdb, statsdb_disk, (char *)"stats_history"); dump_mysql_collations(); + dump_ssl_ciphers(); #ifdef DEBUG admindb->execute("ATTACH DATABASE 'file:mem_mydb?mode=memory&cache=shared' AS myhgm"); @@ -7041,6 +7045,30 @@ void ProxySQL_Admin::dump_mysql_collations() { // admindb->execute("INSERT INTO disk.mysql_collations SELECT * FROM main.mysql_collations"); } +void ProxySQL_Admin::dump_ssl_ciphers() { + const char insert_t[] { "INSERT OR REPLACE INTO ssl_ciphers VALUES (\"%s\", \"%s\")" }; + + STACK_OF(SSL_CIPHER)* ciphers = nullptr; + ciphers = SSL_CTX_get_ciphers(GloVars.global.ssl_ctx); + admindb->execute("DELETE FROM ssl_ciphers"); + + if (ciphers) { + int num = sk_SSL_CIPHER_num(ciphers); + + for(int i = 0; i < num; i++){ + char buf[128] = { 0 }; + const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(ciphers, i); + + SSL_CIPHER_description(cipher, buf, sizeof(buf)); + char* fst_newline = strchr(buf, '\n'); + if (fst_newline) { *fst_newline = '\0'; } + const string insert { cstr_format(insert_t, SSL_CIPHER_get_name(cipher), buf).str }; + + admindb->execute(insert.c_str()); + } + } +} + void ProxySQL_Admin::check_and_build_standard_tables(SQLite3DB *db, std::vector *tables_defs) { // int i; table_def_t *td; From 9162339a991851b88d7c8a3e5a0f5bff248d9e2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?= Date: Tue, 23 Apr 2024 14:32:05 +0200 Subject: [PATCH 2/3] Update 'admin_various_commands' to exercise 'ssl_ciphers' table --- test/tap/tests/admin_various_commands-t.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/tap/tests/admin_various_commands-t.cpp b/test/tap/tests/admin_various_commands-t.cpp index cbc2ea3c9b..4316173cf2 100644 --- a/test/tap/tests/admin_various_commands-t.cpp +++ b/test/tap/tests/admin_various_commands-t.cpp @@ -86,10 +86,11 @@ int main() { { 10, "SHOW MYSQL STATUS" }, { 1, "SELECT DATABASE()" }, { 1, "SELECT DATABASE() AS name" }, + { 1, "SELECT COUNT(*) FROM sqlite_schema WHERE type='table' AND name='ssl_ciphers'" }, + { 30, "SELECT * FROM ssl_ciphers" }, /* { , "" }, { , "" }, - { , "" }, */ }; plan(1+queries.size()); From 6ec5586fb174fd39cb1de048d1d7e7aa846f5079 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Wed, 24 Apr 2024 03:49:55 +0000 Subject: [PATCH 3/3] Updated table definition of ssl_ciphers Added primary key Added space for better formatting --- lib/ProxySQL_Admin.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index b6f10687ce..b5ac81f4a5 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -442,7 +442,7 @@ MHD_Result http_handler(void *cls, struct MHD_Connection *connection, const char #define ADMIN_SQLITE_TABLE_MYSQL_COLLATIONS "CREATE TABLE mysql_collations (Id INTEGER NOT NULL PRIMARY KEY , Collation VARCHAR NOT NULL , Charset VARCHAR NOT NULL , `Default` VARCHAR NOT NULL)" -#define ADMIN_SQLITE_TABLE_SSL_CIPHERS "CREATE TABLE ssl_ciphers (cipher_name VARCHAR NOT NULL, cipher_description VARCHAR NOT NULL)" +#define ADMIN_SQLITE_TABLE_SSL_CIPHERS "CREATE TABLE ssl_ciphers (cipher_name VARCHAR NOT NULL PRIMARY KEY , cipher_description VARCHAR NOT NULL)" #define ADMIN_SQLITE_TABLE_RESTAPI_ROUTES_V2_0_15 "CREATE TABLE restapi_routes (id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT , active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1 , interval_ms INTEGER CHECK (interval_ms>=100 AND interval_ms<=100000000) NOT NULL , method VARCHAR NOT NULL CHECK (UPPER(method) IN ('GET','POST')) , uri VARCHAR NOT NULL , script VARCHAR NOT NULL , comment VARCHAR NOT NULL DEFAULT '')"