MXS-2231: Move TLS handshake code into MariaDBClient

The code is now in the correct place and TLS connections with all authenticators should now work.
2018-12-28 17:22:44 +02:00 · 2018-12-28 17:22:44 +02:00 · 04dd05b262
commit 04dd05b262
parent d48c17fd08
4 changed files with 19 additions and 8 deletions
--- a/maxscale-system-test/kerberos_setup.cpp
+++ b/maxscale-system-test/kerberos_setup.cpp
@ -135,17 +135,17 @@ int main(int argc, char *argv[])
    Test->tprintf("Trying use usr1 to execute query: RW Split\n");
    Test->add_result(
        Test->repl->ssh_node(1,
-                             "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4006", false),
+                             "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4006", false),
        "Error executing query against RW Split\n");
    Test->tprintf("Trying use usr1 to execute query: Read Connection Master\n");
    Test->add_result(
        Test->repl->ssh_node(1,
-                             "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4008", false),
+                             "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4008", false),
        "Error executing query against Read Connection Master\n");
    Test->tprintf("Trying use usr1 to execute query: Read Connection Slave\n");
    Test->add_result(
        Test->repl->ssh_node(1,
-                             "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4009", false),
+                             "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4009", false),
        "Error executing query against Read Connection Slave\n");

    for (int i = 0; i < Test->repl->N; i++)
@ -153,6 +153,10 @@ int main(int argc, char *argv[])
        Test->repl->ssh_node(i, "sudo rm -f /etc/my.cnf.d/kerb.cnf", true);
    }

+    Test->repl->connect();
+    Test->try_query(Test->repl->nodes[0], "DROP USER usr1");
+    Test->repl->disconnect();
+
    int rval = Test->global_result;
    delete Test;
    return rval;
--- a/server/modules/authenticator/MySQLAuth/mysql_auth.c
+++ b/server/modules/authenticator/MySQLAuth/mysql_auth.c
@ -276,9 +276,10 @@ static bool is_localhost_address(struct sockaddr_storage *addr)
 static int
 mysql_auth_authenticate(DCB *dcb)
 {
-    int auth_ret = ssl_authenticate_check_status(dcb);
+    int auth_ret = MXS_AUTH_SSL_COMPLETE;
    MYSQL_session *client_data = (MYSQL_session *)dcb->data;
-    if (auth_ret == MXS_AUTH_SSL_COMPLETE && *client_data->user)
+
+    if (*client_data->user)
    {
        MXS_DEBUG("Receiving connection from '%s' to database '%s'.",
                  client_data->user, client_data->db);
--- a/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
+++ b/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
@ -288,9 +288,9 @@ Buffer PamClientSession::create_auth_change_packet() const

 int PamClientSession::authenticate(DCB* dcb)
 {
-    int rval = ssl_authenticate_check_status(dcb);
+    int rval = MXS_AUTH_SSL_COMPLETE;
    MYSQL_session *ses = static_cast<MYSQL_session*>(dcb->data);
-    if (rval == MXS_AUTH_SSL_COMPLETE && *ses->user)
+    if (*ses->user)
    {
        rval = MXS_AUTH_FAILED;
        if (m_state == PAM_AUTH_INIT)
--- a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc
+++ b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc
@ -726,7 +726,13 @@ gw_read_do_authentication(DCB *dcb, GWBUF *read_buffer, int nbytes_read)
    int auth_val = MXS_AUTH_FAILED;
    if (dcb->authfunc.extract(dcb, read_buffer))
    {
-        auth_val = dcb->authfunc.authenticate(dcb);
+        auth_val = ssl_authenticate_check_status(dcb);
+
+        if (auth_val == MXS_AUTH_SSL_COMPLETE)
+        {
+            // TLS connection phase complete
+            auth_val = dcb->authfunc.authenticate(dcb);
+        }
    }
    else
    {