1 /* Copyright (c) 2006, 2021, Oracle and/or its affiliates. 2 3 This program is free software; you can redistribute it and/or modify 4 it under the terms of the GNU General Public License, version 2.0, 5 as published by the Free Software Foundation. 6 7 This program is also distributed with certain software (including 8 but not limited to OpenSSL) that is licensed under separate terms, 9 as designated in a particular file or component or in included license 10 documentation. The authors of MySQL hereby grant you an additional 11 permission to link the program and your derivative works with the 12 separately licensed software that they have included with MySQL. 13 14 This program is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License, version 2.0, for more details. 18 19 You should have received a copy of the GNU General Public License 20 along with this program; if not, write to the Free Software 21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ 22 23 #ifndef HOSTNAME_INCLUDED 24 #define HOSTNAME_INCLUDED 25 26 #include "my_global.h" /* uint */ 27 #include "hash_filo.h" 28 29 #ifdef HAVE_NETINET_IN_H 30 #include <netinet/in.h> 31 #endif 32 33 struct Host_errors 34 { 35 public: 36 Host_errors(); 37 ~Host_errors(); 38 39 void reset(); 40 void aggregate(const Host_errors *errors); 41 42 /** Number of connect errors. */ 43 ulong m_connect; 44 45 /** Number of host blocked errors. */ 46 ulong m_host_blocked; 47 /** Number of transient errors from getnameinfo(). */ 48 ulong m_nameinfo_transient; 49 /** Number of permanent errors from getnameinfo(). */ 50 ulong m_nameinfo_permanent; 51 /** Number of errors from is_hostname_valid(). */ 52 ulong m_format; 53 /** Number of transient errors from getaddrinfo(). */ 54 ulong m_addrinfo_transient; 55 /** Number of permanent errors from getaddrinfo(). */ 56 ulong m_addrinfo_permanent; 57 /** Number of errors from Forward-Confirmed reverse DNS checks. */ 58 ulong m_FCrDNS; 59 /** Number of errors from host grants. */ 60 ulong m_host_acl; 61 /** Number of errors from missing auth plugin. */ 62 ulong m_no_auth_plugin; 63 /** Number of errors from auth plugin. */ 64 ulong m_auth_plugin; 65 /** Number of errors from authentication plugins. */ 66 ulong m_handshake; 67 /** Number of errors from proxy user. */ 68 ulong m_proxy_user; 69 /** Number of errors from proxy user acl. */ 70 ulong m_proxy_user_acl; 71 /** Number of errors from authentication. */ 72 ulong m_authentication; 73 /** Number of errors from ssl. */ 74 ulong m_ssl; 75 /** Number of errors from max user connection. */ 76 ulong m_max_user_connection; 77 /** Number of errors from max user connection per hour. */ 78 ulong m_max_user_connection_per_hour; 79 /** Number of errors from the default database. */ 80 ulong m_default_database; 81 /** Number of errors from init_connect. */ 82 ulong m_init_connect; 83 /** Number of errors from the server itself. */ 84 ulong m_local; 85 has_errorHost_errors86 bool has_error() const 87 { 88 return ((m_host_blocked != 0) 89 || (m_nameinfo_transient != 0) 90 || (m_nameinfo_permanent != 0) 91 || (m_format != 0) 92 || (m_addrinfo_transient != 0) 93 || (m_addrinfo_permanent != 0) 94 || (m_FCrDNS != 0) 95 || (m_host_acl != 0) 96 || (m_no_auth_plugin != 0) 97 || (m_auth_plugin != 0) 98 || (m_handshake != 0) 99 || (m_proxy_user != 0) 100 || (m_proxy_user_acl != 0) 101 || (m_authentication != 0) 102 || (m_ssl != 0) 103 || (m_max_user_connection != 0) 104 || (m_max_user_connection_per_hour != 0) 105 || (m_default_database != 0) 106 || (m_init_connect != 0) 107 || (m_local != 0)); 108 } 109 sum_connect_errorsHost_errors110 void sum_connect_errors() 111 { 112 /* Current (historical) behavior: */ 113 m_connect= m_handshake; 114 } 115 clear_connect_errorsHost_errors116 void clear_connect_errors() 117 { 118 m_connect= 0; 119 } 120 }; 121 122 /** Size of IP address string in the hash cache. */ 123 #define HOST_ENTRY_KEY_SIZE INET6_ADDRSTRLEN 124 125 /** 126 An entry in the hostname hash table cache. 127 128 Host name cache does two things: 129 - caches host names to save DNS look ups; 130 - counts errors from IP. 131 132 Host name can be empty (that means DNS look up failed), 133 but errors still are counted. 134 */ 135 class Host_entry : public hash_filo_element 136 { 137 public: next()138 Host_entry *next() 139 { return (Host_entry*) hash_filo_element::next(); } 140 141 /** 142 Client IP address. This is the key used with the hash table. 143 144 The client IP address is always expressed in IPv6, even when the 145 network IPv6 stack is not present. 146 147 This IP address is never used to connect to a socket. 148 */ 149 char ip_key[HOST_ENTRY_KEY_SIZE]; 150 151 /** 152 One of the host names for the IP address. May be a zero length string. 153 */ 154 char m_hostname[HOSTNAME_LENGTH + 1]; 155 /** Length in bytes of @c m_hostname. */ 156 uint m_hostname_length; 157 /** The hostname is validated and used for authorization. */ 158 bool m_host_validated; 159 ulonglong m_first_seen; 160 ulonglong m_last_seen; 161 ulonglong m_first_error_seen; 162 ulonglong m_last_error_seen; 163 /** Error statistics. */ 164 Host_errors m_errors; 165 set_error_timestamps(ulonglong now)166 void set_error_timestamps(ulonglong now) 167 { 168 if (m_first_error_seen == 0) 169 m_first_error_seen= now; 170 m_last_error_seen= now; 171 } 172 }; 173 174 #define RC_OK 0 175 #define RC_BLOCKED_HOST 1 176 int ip_to_hostname(struct sockaddr_storage *ip_storage, 177 const char *ip_string, 178 char **hostname, uint *connect_errors); 179 180 void inc_host_errors(const char *ip_string, Host_errors *errors); 181 void reset_host_connect_errors(const char *ip_string); 182 bool hostname_cache_init(uint size); 183 void hostname_cache_free(); 184 void hostname_cache_refresh(void); 185 uint hostname_cache_size(); 186 void hostname_cache_resize(uint size); 187 void hostname_cache_lock(); 188 void hostname_cache_unlock(); 189 Host_entry *hostname_cache_first(); 190 191 #endif /* HOSTNAME_INCLUDED */ 192