| 2370 | |
| 2371 | |
| 2372 | static void addClumplets(ClumpletWriter* dpb_buffer, |
| 2373 | const ParametersSet& par, |
| 2374 | const rem_port* port) |
| 2375 | { |
| 2376 | /************************************** |
| 2377 | * |
| 2378 | * a d d C l u m p l e t s |
| 2379 | * |
| 2380 | ************************************** |
| 2381 | * |
| 2382 | * Functional description |
| 2383 | * Insert remote connection info into DPB |
| 2384 | * |
| 2385 | **************************************/ |
| 2386 | ClumpletWriter address_stack_buffer(ClumpletReader::UnTagged, MAX_UCHAR - 2); |
| 2387 | if (dpb_buffer->find(par.address_path)) |
| 2388 | { |
| 2389 | address_stack_buffer.reset(dpb_buffer->getBytes(), dpb_buffer->getClumpLength()); |
| 2390 | dpb_buffer->deleteClumplet(); |
| 2391 | } |
| 2392 | |
| 2393 | ClumpletWriter address_record(ClumpletReader::UnTagged, MAX_UCHAR - 2); |
| 2394 | |
| 2395 | if (port->port_protocol_id.hasData()) |
| 2396 | address_record.insertString(isc_dpb_addr_protocol, port->port_protocol_id); |
| 2397 | |
| 2398 | if (port->port_address.hasData()) |
| 2399 | address_record.insertString(isc_dpb_addr_endpoint, port->port_address); |
| 2400 | |
| 2401 | int flags = 0; |
| 2402 | #ifdef WIRE_COMPRESS_SUPPORT |
| 2403 | if (port->port_compressed) |
| 2404 | flags |= isc_dpb_addr_flag_conn_compressed; |
| 2405 | #endif |
| 2406 | if (port->port_crypt_plugin) |
| 2407 | { |
| 2408 | flags |= isc_dpb_addr_flag_conn_encrypted; |
| 2409 | address_record.insertString(isc_dpb_addr_crypt, port->port_crypt_name); |
| 2410 | } |
| 2411 | |
| 2412 | if (flags) |
| 2413 | address_record.insertInt(isc_dpb_addr_flags, flags); |
| 2414 | |
| 2415 | // We always insert remote address descriptor as a first element |
| 2416 | // of appropriate clumplet so user cannot fake it and engine may somewhat trust it. |
| 2417 | fb_assert(address_stack_buffer.getCurOffset() == 0); |
| 2418 | address_stack_buffer.insertBytes(isc_dpb_address, |
| 2419 | address_record.getBuffer(), address_record.getBufferLength()); |
| 2420 | |
| 2421 | dpb_buffer->insertBytes(par.address_path, address_stack_buffer.getBuffer(), |
| 2422 | address_stack_buffer.getBufferLength()); |
| 2423 | |
| 2424 | // Remove all remaining isc_*pb_address_path clumplets. |
| 2425 | // This is the security feature to prevent user from faking remote address |
| 2426 | // by passing multiple address_path clumplets. Engine assumes that |
| 2427 | // dpb contains no more than one address_path clumplet and for |
| 2428 | // clients coming via remote interface it can trust the first address from |
| 2429 | // address stack. Clients acessing database directly can do whatever they |
no test coverage detected