Release/0.1.2 (#166)

* Fix non-TLS Connection to Authenticator (#147) * Fix disable_tls=True * Fix Psycopg2 example * refactor * Fix TLS flag (#157) * PR #164 * Exclude new sqllibs and opentelem * Update poetry.lock hash Co-authored-by: Dio Gado <[email protected]>
cyralinc · Jul 22, 2020 · 2b15210 · 2b15210
1 parent 76415d2
commit 2b15210
Show file tree

Hide file tree

Showing 6 changed files with 98 additions and 150 deletions.
diff --git a/authenticator/server/config/config.go b/authenticator/server/config/config.go
@@ -140,7 +140,7 @@ func setConfigFlags() {
 		pflag.String("httpport", "", "")
 		pflag.String("grpcport", "", "")
 
-		pflag.String("disabletls", "", "")
+		pflag.Bool("disabletls", false, "")
 		pflag.String("tlscertpath", "", "")
 		pflag.String("tlskeypath", "", "")
 

diff --git a/sdk/python/approzium/_authenticator.py b/sdk/python/approzium/_authenticator.py
@@ -58,13 +58,13 @@ def __init__(
                     "if tls is not disabled, "
                     "client_cert and client_key must be provided"
                 )
+            self.tls_config = TLSConfig(
+                trusted_certs=tls_config.trusted_certs,
+                client_cert=tls_config.client_cert,
+                client_key=tls_config.client_key,
+            )
 
         self.disable_tls = disable_tls
-        self.tls_config = TLSConfig(
-            trusted_certs=tls_config.trusted_certs,
-            client_cert=tls_config.client_cert,
-            client_key=tls_config.client_key,
-        )
         self.authenticated = False
         self._counter = count(1)
         self.n_conns = 0

diff --git a/sdk/python/approzium/_socketfromfd.py b/sdk/python/approzium/_socketfromfd.py
diff --git a/sdk/python/approzium/psycopg2/_psycopg2_ctypes.py b/sdk/python/approzium/psycopg2/_psycopg2_ctypes.py
@@ -1,7 +1,8 @@
 import logging
+import os
 import select
 import struct
-import warnings
+import subprocess
 from ctypes import (
     CDLL,
     c_char_p,
@@ -13,14 +14,12 @@
     string_at,
 )
 from ctypes.util import find_library
+from os import path
 from sys import getsizeof
 
-from .._socketfromfd import fromfd
-
 logger = logging.getLogger(__name__)
 
 libpq = cdll.LoadLibrary(find_library("pq"))
-libssl = cdll.LoadLibrary(find_library("ssl"))
 
 
 # setup ctypes functions
@@ -41,13 +40,52 @@
 libpq_PQsetnonblocking.argtypes = [c_void_p, c_int]
 libpq_PQsetnonblocking.restype = c_int
 
-libssl_SSL_read = libssl.SSL_read
-libssl_SSL_read.argtypes = [c_void_p, c_char_p, c_int]
-libssl_SSL_read.restype = c_int
 
-libssl_SSL_write = libssl.SSL_write
-libssl_SSL_write.argtypes = [c_void_p, c_char_p, c_int]
-libssl_SSL_write.restype = c_int
+def stdout(command):
+    return subprocess.run(command, capture_output=True).stdout.decode("utf-8")
+
+
+def ssl_supported():
+    out = stdout(["pg_config", "--configure"])
+    return "--with-openssl" in out
+
+
+def possible_library_files(name):
+    return [
+        "lib%s.dylib" % name,
+        "%s.dylib" % name,
+        "%s.framework/%s" % (name, name),
+        "lib%s.so" % name,
+    ]
+
+
+def setup_ssl():
+    sslpath = ""
+    # try to find OpenSSL path in `pg_config`'s LDFLAGS
+    out = stdout(["pg_config", "--ldflags"])
+    for lib in out.split(" "):
+        if "openssl" in lib:
+            ssldir = lib.split("-L")[-1]
+            # directory path is found, so search for actual file
+            for filename in possible_library_files("ssl"):
+                possible_sslpath = path.join(ssldir, filename)
+                if path.exists(possible_sslpath):
+                    sslpath = possible_sslpath
+                    break
+    # if none is found, use the SSL library that the system's dynamic linker finds
+    if not sslpath:
+        sslpath = find_library("ssl")
+    global libssl
+    global libssl_SSL_read
+    global libssl_SSL_write
+    libssl = cdll.LoadLibrary(sslpath)
+    libssl_SSL_read = libssl.SSL_read
+    libssl_SSL_read.argtypes = [c_void_p, c_char_p, c_int]
+    libssl_SSL_read.restype = c_int
+
+    libssl_SSL_write = libssl.SSL_write
+    libssl_SSL_write.argtypes = [c_void_p, c_char_p, c_int]
+    libssl_SSL_write.restype = c_int
 
 
 def set_connection_sync(pgconn):
@@ -96,14 +134,12 @@ def read_bytes(n):
             nread = -1
             while nread == -1:
                 nread = libssl_SSL_read(ssl_obj, c_buffer, n)
+
             msg = bytes(c_buffer.raw[:nread])
             return msg
         else:
             fd = pgconn.fileno()
-            with warnings.catch_warnings():
-                warnings.simplefilter("ignore", ResourceWarning)
-                sock = fromfd(fd)
-                return sock.recv(n)
+            return os.read(fd, n)
 
     select.select([pgconn.fileno()], [], [])
     msg_type = read_bytes(1)
@@ -123,10 +159,7 @@ def write_msg(pgconn, msg):
         if n != len(msg):
             raise ValueError("could not send response")
     else:
-        with warnings.catch_warnings():
-            warnings.simplefilter("ignore", ResourceWarning)
-            sock = fromfd(pgconn.fileno(), keep_fd=True)
-            sock.sendall(msg)
+        os.write(pgconn.fileno(), msg)
     logger.debug(f"sent: {msg}")
 
 
@@ -139,3 +172,7 @@ def set_debug(conn):
 def ensure_compatible_ssl(conn):
     if conn.info.ssl_attribute("library") != "OpenSSL":
         raise Exception("Unsupported SSL library")
+
+
+if ssl_supported():
+    setup_ssl()
diff --git a/sdk/python/examples/psycopg2_connect.py b/sdk/python/examples/psycopg2_connect.py
@@ -1,3 +1,4 @@
+import approzium
 from approzium import AuthClient
 from approzium.psycopg2 import connect
 from approzium.psycopg2.pool import ThreadedConnectionPool
@@ -11,6 +12,7 @@
 conn = connect(dsn, authenticator=auth)
 print("Connection Established")
 
+approzium.default_auth_client = auth
 conns = ThreadedConnectionPool(1, 5, dsn)
 conn = conns.getconn()
 print("Connection Pool Established")
diff --git a/sdk/python/poetry.lock b/sdk/python/poetry.lock