hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added service SSL mode variables.

Browse Source
This commit is contained in:
Markus Makela
2015-05-28 11:56:14 +03:00
parent 4365a04d2c
commit 16d6bd6d2c
5 changed files with 45 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/core/config.c
View File

@ -420,7 +420,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL);
/** Add the 5.5.5- string to the start of the version string if /** Add the 5.5.5- string to the start of the version string if
* the version string starts with "10.". * the version string starts with "10.".
* This mimics MariaDB 10.0 replication which adds 5.5.5- for backwards compatibility. */ * This mimics MariaDB 10.0 behavior which adds 5.5.5- for backwards compatibility. */
if(strncmp(version_string,"10.",3) == 0) if(strncmp(version_string,"10.",3) == 0)
{ {
((SERVICE *)(obj->element))->version_string = malloc((strlen(version_string) + ((SERVICE *)(obj->element))->version_string = malloc((strlen(version_string) +

13
server/core/service.c
View File

@ -136,7 +136,8 @@ SERVICE *service;
service->routerModule = strdup(router); service->routerModule = strdup(router);
service->users_from_all = false; service->users_from_all = false;
service->resources = NULL; service->resources = NULL;
service->ssl_mode = SSL_REQUIRED;
if (service->name == NULL || service->routerModule == NULL) if (service->name == NULL || service->routerModule == NULL)
{ {
if (service->name) if (service->name)
@ -855,6 +856,16 @@ serviceOptimizeWildcard(SERVICE *service, int action)
return 1; return 1;
} }
/** Enable or disable the service SSL capability*/
int
serviceSetSSL(SERVICE *service, int action)
{
if(action)
service->ssl_mode = SSL_REQUIRED;
else
service->ssl_mode = SSL_DISABLED;
}
/** /**
* Whether to strip escape characters from the name of the database the client * Whether to strip escape characters from the name of the database the client
* is connecting to. * is connecting to.

7
server/include/service.h
View File

@ -105,6 +105,12 @@ typedef struct server_ref_t{
SERVER* server; SERVER* server;
}SERVER_REF; }SERVER_REF;
typedef enum {
SSL_DISABLED,
SSL_ENABLED,
SSL_REQUIRED
} ssl_mode_t;
/** /**
* Defines a service within the gateway. * Defines a service within the gateway.
* *
@ -149,6 +155,7 @@ typedef struct service {
FILTER_DEF **filters; /**< Ordered list of filters */ FILTER_DEF **filters; /**< Ordered list of filters */
int n_filters; /**< Number of filters */ int n_filters; /**< Number of filters */
int conn_timeout; /*< Session timeout in seconds */ int conn_timeout; /*< Session timeout in seconds */
ssl_mode_t ssl_mode; /*< one of DISABLED, ENABLED or REQUIRED */
char *weightby; char *weightby;
struct service *next; /**< The next service in the linked list */ struct service *next; /**< The next service in the linked list */
} SERVICE; } SERVICE;

4
server/modules/include/mysql_client_server_protocol.h
View File

@ -97,6 +97,10 @@ typedef enum {
MYSQL_AUTH_RECV, MYSQL_AUTH_RECV,
MYSQL_AUTH_FAILED, MYSQL_AUTH_FAILED,
MYSQL_HANDSHAKE_FAILED, MYSQL_HANDSHAKE_FAILED,
MYSQL_AUTH_SSL_REQ, /*< client requested SSL */
MYSQL_AUTH_SSL_EXCHANGE_DONE, /*< SSL handshake done */
MYSQL_AUTH_SSL_EXCHANGE_ERR, /*< SSL handshake failure */
MYSQL_AUTH_SSL_RECV, /*< */
MYSQL_IDLE MYSQL_IDLE
} mysql_auth_state_t; } mysql_auth_state_t;

24
server/modules/protocol/mysql_client.c
View File

@ -242,7 +242,7 @@ MySQLSendHandshake(DCB* dcb)
char server_scramble[GW_MYSQL_SCRAMBLE_SIZE + 1]=""; char server_scramble[GW_MYSQL_SCRAMBLE_SIZE + 1]="";
char *version_string; char *version_string;
int len_version_string=0; int len_version_string=0;
MySQLProtocol *protocol = DCB_PROTOCOL(dcb, MySQLProtocol); MySQLProtocol *protocol = DCB_PROTOCOL(dcb, MySQLProtocol);
GWBUF *buf; GWBUF *buf;
@ -319,7 +319,16 @@ MySQLSendHandshake(DCB* dcb)
mysql_server_capabilities_one[0] &= ~GW_MYSQL_CAPABILITIES_COMPRESS; mysql_server_capabilities_one[0] &= ~GW_MYSQL_CAPABILITIES_COMPRESS;
mysql_server_capabilities_one[0] &= ~GW_MYSQL_CAPABILITIES_SSL;
if(dcb->service->ssl_mode != SSL_DISABLED)
{
mysql_server_capabilities_one[1] |= GW_MYSQL_CAPABILITIES_SSL >> 8;
}
else
{
mysql_server_capabilities_one[0] &= ~GW_MYSQL_CAPABILITIES_SSL;
}
memcpy(mysql_handshake_payload, mysql_server_capabilities_one, sizeof(mysql_server_capabilities_one)); memcpy(mysql_handshake_payload, mysql_server_capabilities_one, sizeof(mysql_server_capabilities_one));
mysql_handshake_payload = mysql_handshake_payload + sizeof(mysql_server_capabilities_one); mysql_handshake_payload = mysql_handshake_payload + sizeof(mysql_server_capabilities_one);
@ -402,7 +411,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
uint8_t *stage1_hash = NULL; uint8_t *stage1_hash = NULL;
int auth_ret = -1; int auth_ret = -1;
MYSQL_session *client_data = NULL; MYSQL_session *client_data = NULL;
int ssl = 0;
CHK_DCB(dcb); CHK_DCB(dcb);
protocol = DCB_PROTOCOL(dcb, MySQLProtocol); protocol = DCB_PROTOCOL(dcb, MySQLProtocol);
@ -451,6 +460,15 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
&protocol->client_capabilities); &protocol->client_capabilities);
*/ */
ssl = protocol->client_capabilities & GW_MYSQL_CAPABILITIES_SSL;
/** Client didn't requested SSL when SSL mode was required*/
if(!ssl && protocol->owner_dcb->service->ssl_mode == SSL_REQUIRED)
{
return 1;
}
username = get_username_from_auth(username, client_auth_packet); username = get_username_from_auth(username, client_auth_packet);
if (username == NULL) if (username == NULL)