Move all authenticators into separate subdirectories

2016-12-01 15:41:15 +02:00
parent aef6c7b099
commit 1707684992
20 changed files with 54 additions and 53 deletions
--- a/server/modules/authenticator/MaxAdminAuth/max_admin_auth.c
+++ b/server/modules/authenticator/MaxAdminAuth/max_admin_auth.c
@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 2016 MariaDB Corporation Ab
+ *
+ * Use of this software is governed by the Business Source License included
+ * in the LICENSE.TXT file and at www.mariadb.com/bsl.
+ *
+ * Change Date: 2019-07-01
+ *
+ * On the date above, in accordance with the Business Source License, use
+ * of this software will be governed by version 2 or later of the General
+ * Public License.
+ */
+
+/**
+ * @file max_admin_auth.c
+ *
+ * MaxScale Admin Authentication module for checking of clients credentials
+ * for access to MaxAdmin.  Might be usable for other purposes.
+ *
+ * @verbatim
+ * Revision History
+ * Date         Who                     Description
+ * 14/03/2016   Martin Brampton         Initial version
+ * 17/05/2016   Massimiliano Pinto      New version authenticates UNIX user
+ *
+ * @endverbatim
+ */
+
+#include <maxscale/gw_authenticator.h>
+#include <maxscale/alloc.h>
+#include <maxscale/modinfo.h>
+#include <maxscale/dcb.h>
+#include <maxscale/buffer.h>
+#include <maxscale/adminusers.h>
+#include <maxscale/users.h>
+
+/* @see function load_module in load_utils.c for explanation of the following
+ * lint directives.
+ */
+/*lint -e14 */
+MODULE_INFO info =
+{
+    MODULE_API_AUTHENTICATOR,
+    MODULE_GA,
+    GWAUTHENTICATOR_VERSION,
+    "The MaxScale Admin client authenticator implementation"
+};
+/*lint +e14 */
+
+static char *version_str = "V2.1.0";
+
+static int max_admin_auth_set_protocol_data(DCB *dcb, GWBUF *buf);
+static bool max_admin_auth_is_client_ssl_capable(DCB *dcb);
+static int max_admin_auth_authenticate(DCB *dcb);
+static void max_admin_auth_free_client_data(DCB *dcb);
+
+/*
+ * The "module object" for mysql client authenticator module.
+ */
+static GWAUTHENTICATOR MyObject =
+{
+    NULL,                                 /* No initialize entry point */
+    NULL,                                 /* No create entry point */
+    max_admin_auth_set_protocol_data,     /* Extract data into structure   */
+    max_admin_auth_is_client_ssl_capable, /* Check if client supports SSL  */
+    max_admin_auth_authenticate,          /* Authenticate user credentials */
+    max_admin_auth_free_client_data,      /* Free the client data held in DCB */
+    NULL,                                 /* No destroy entry point */
+    users_default_loadusers               /* Load generic users */
+};
+
+/**
+ * Implementation of the mandatory version entry point
+ *
+ * @return version string of the module
+ */
+/* @see function load_module in load_utils.c for explanation of the following
+ * lint directives.
+*/
+/*lint -e14 */
+char* version()
+{
+    return version_str;
+}
+
+/**
+ * The module initialisation routine, called when the module
+ * is first loaded.
+ */
+void ModuleInit()
+{
+}
+
+/**
+ * The module entry point routine. It is this routine that
+ * must populate the structure that is referred to as the
+ * "module object", this is a structure with the set of
+ * external entry points for this module.
+ *
+ * @return The module object
+ */
+GWAUTHENTICATOR* GetModuleObject()
+{
+    return &MyObject;
+}
+/*lint +e14 */
+
+/**
+ * @brief Authentication of a user/password combination.
+ *
+ * The validation is already done, the result is returned.
+ *
+ * @param dcb Request handler DCB connected to the client
+ * @return Authentication status - always 0 to denote success
+ */
+static int
+max_admin_auth_authenticate(DCB *dcb)
+{
+    return (dcb->data != NULL && ((ADMIN_session *)dcb->data)->validated) ? 0 : 1;
+}
+
+/**
+ * @brief Transfer data from the authentication request to the DCB.
+ *
+ * Expects a chain of two buffers as the second parameters, with the
+ * username in the first buffer and the password in the second buffer.
+ *
+ * @param dcb Request handler DCB connected to the client
+ * @param buffer Pointer to pointer to buffers containing data from client
+ * @return Authentication status - 0 for success, 1 for failure
+ */
+static int
+max_admin_auth_set_protocol_data(DCB *dcb, GWBUF *buf)
+{
+    ADMIN_session *session_data;
+
+    max_admin_auth_free_client_data(dcb);
+
+    if ((session_data = (ADMIN_session *)MXS_CALLOC(1, sizeof(ADMIN_session))) != NULL)
+    {
+        int user_len = (GWBUF_LENGTH(buf) > ADMIN_USER_MAXLEN) ? ADMIN_USER_MAXLEN : GWBUF_LENGTH(buf);
+#if defined(SS_DEBUG)
+        session_data->adminses_chk_top = CHK_NUM_ADMINSES;
+        session_data->adminses_chk_tail = CHK_NUM_ADMINSES;
+#endif
+        memcpy(session_data->user, GWBUF_DATA(buf), user_len);
+        session_data->validated = false;
+        dcb->data = (void *)session_data;
+
+        /* Check for existance of the user */
+        if (admin_linux_account_enabled(session_data->user))
+        {
+            session_data->validated = true;
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/**
+ * @brief Determine whether the client is SSL capable
+ *
+ * Always say that client is not SSL capable. Support for SSL is not yet
+ * available.
+ *
+ * @param dcb Request handler DCB connected to the client
+ * @return Boolean indicating whether client is SSL capable - false
+ */
+static bool
+max_admin_auth_is_client_ssl_capable(DCB *dcb)
+{
+    return false;
+}
+
+/**
+ * @brief Free the client data pointed to by the passed DCB.
+ *
+ * The max_admin authenticator uses a simple structure that can be freed with
+ * a single call to MXS_FREE().
+ *
+ * @param dcb Request handler DCB connected to the client
+ */
+static void
+max_admin_auth_free_client_data(DCB *dcb)
+{
+    MXS_FREE(dcb->data);
+}