MXS-2231: Move TLS handshake code into MariaDBClient

The code is now in the correct place and TLS connections with all
authenticators should now work.

maxscale-system-test/kerberos_setup.cpp

@@ -135,17 +135,17 @@ int main(int argc, char *argv[])
     Test->tprintf("Trying use usr1 to execute query: RW Split\n");
     Test->add_result(
         Test->repl->ssh_node(1,
-                             "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4006", false),
+                             "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4006", false),
         "Error executing query against RW Split\n");
     Test->tprintf("Trying use usr1 to execute query: Read Connection Master\n");
     Test->add_result(
         Test->repl->ssh_node(1,
-                             "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4008", false),
+                             "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4008", false),
         "Error executing query against Read Connection Master\n");
     Test->tprintf("Trying use usr1 to execute query: Read Connection Slave\n");
     Test->add_result(
         Test->repl->ssh_node(1,
-                             "echo select User,Host from mysql.user | mysql -uusr1 -h maxscale.maxscale.test -P 4009", false),
+                             "echo select User,Host from mysql.user | mysql --ssl -uusr1 -h maxscale.maxscale.test -P 4009", false),
         "Error executing query against Read Connection Slave\n");
 
     for (int i = 0; i < Test->repl->N; i++)
@@ -153,6 +153,10 @@ int main(int argc, char *argv[])
         Test->repl->ssh_node(i, "sudo rm -f /etc/my.cnf.d/kerb.cnf", true);
     }
 
+    Test->repl->connect();
+    Test->try_query(Test->repl->nodes[0], "DROP USER usr1");
+    Test->repl->disconnect();
+
     int rval = Test->global_result;
     delete Test;
     return rval;

server/modules/authenticator/MySQLAuth/mysql_auth.c

@@ -276,9 +276,10 @@ static bool is_localhost_address(struct sockaddr_storage *addr)
 static int
 mysql_auth_authenticate(DCB *dcb)
 {
-    int auth_ret = ssl_authenticate_check_status(dcb);
+    int auth_ret = MXS_AUTH_SSL_COMPLETE;
     MYSQL_session *client_data = (MYSQL_session *)dcb->data;
-    if (auth_ret == MXS_AUTH_SSL_COMPLETE && *client_data->user)
+
+    if (*client_data->user)
     {
         MXS_DEBUG("Receiving connection from '%s' to database '%s'.",
                   client_data->user, client_data->db);

server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc

@@ -288,9 +288,9 @@ Buffer PamClientSession::create_auth_change_packet() const
 
 int PamClientSession::authenticate(DCB* dcb)
 {
-    int rval = ssl_authenticate_check_status(dcb);
+    int rval = MXS_AUTH_SSL_COMPLETE;
     MYSQL_session *ses = static_cast<MYSQL_session*>(dcb->data);
-    if (rval == MXS_AUTH_SSL_COMPLETE && *ses->user)
+    if (*ses->user)
     {
         rval = MXS_AUTH_FAILED;
         if (m_state == PAM_AUTH_INIT)

server/modules/protocol/MySQL/mariadbclient/mysql_client.cc

@@ -726,8 +726,14 @@ gw_read_do_authentication(DCB *dcb, GWBUF *read_buffer, int nbytes_read)
     int auth_val = MXS_AUTH_FAILED;
     if (dcb->authfunc.extract(dcb, read_buffer))
     {
+        auth_val = ssl_authenticate_check_status(dcb);
+
+        if (auth_val == MXS_AUTH_SSL_COMPLETE)
+        {
+            // TLS connection phase complete
             auth_val = dcb->authfunc.authenticate(dcb);
         }
+    }
     else
     {
         auth_val = MXS_AUTH_BAD_HANDSHAKE;