MXS-862: Refactor backend authentication handling

The backend responses are now read in one place and the functions just read the data. The protocol level will now handle the packet gathering process and the authentication part just inspects the data. Backend connections now load authenticators when they are being connected. In the future, this enables the use of authentication modules for backend connection.
2016-09-22 09:42:05 +03:00
parent cd11971d5d
commit 35d9b35609
10 changed files with 599 additions and 843 deletions
--- a/server/core/config.c
+++ b/server/core/config.c
@ -196,6 +196,7 @@ static char *server_params[] =
    "protocol",
    "port",
    "address",
+    "authenticator",
    "monitoruser",
    "monitorpw",
    "persistpoolmax",
@ -2504,6 +2505,7 @@ int create_new_server(CONFIG_CONTEXT *obj)
    char *protocol = config_get_value(obj->parameters, "protocol");
    char *monuser = config_get_value(obj->parameters, "monitoruser");
    char *monpw = config_get_value(obj->parameters, "monitorpw");
+    char *auth = config_get_value(obj->parameters, "authenticator");

    if (address && port && protocol)
    {
@ -2540,6 +2542,11 @@ int create_new_server(CONFIG_CONTEXT *obj)
            error_count++;
        }

+        if (auth && (server->authenticator = MXS_STRDUP(auth)) == NULL)
+        {
+            error_count++;
+        }
+
        char *endptr;
        const char *poolmax = config_get_value_string(obj->parameters, "persistpoolmax");
        if (poolmax)
--- a/server/core/dcb.c
+++ b/server/core/dcb.c
@ -793,6 +793,22 @@ dcb_connect(SERVER *server, SESSION *session, const char *protocol)
    memcpy(&(dcb->func), funcs, sizeof(GWPROTOCOL));
    dcb->protoname = MXS_STRDUP_A(protocol);

+    const char *authenticator = server->authenticator ?
+        server->authenticator : dcb->func.auth_default ?
+        dcb->func.auth_default() : "NullAuthDeny";
+
+    GWAUTHENTICATOR *authfuncs = (GWAUTHENTICATOR*)load_module(authenticator,
+                                                               MODULE_AUTHENTICATOR);
+    if (authfuncs == NULL)
+    {
+
+        MXS_ERROR("Failed to load authenticator module '%s'.", authenticator);
+        dcb_close(dcb);
+        return NULL;
+    }
+
+    memcpy(&dcb->authfunc, authfuncs, sizeof(GWAUTHENTICATOR));
+
    /**
     * Link dcb to session. Unlink is called in dcb_final_free
     */
@ -3096,7 +3112,7 @@ dcb_accept(DCB *listener, GWPROTOCOL *protocol_funcs)
        }
        else
        {
-            const char *authenticator_name = "NullAuth";
+            const char *authenticator_name = "NullAuthDeny";
            GWAUTHENTICATOR *authfuncs;

            client_dcb->service = listener->session->service;
@ -3140,7 +3156,7 @@ dcb_accept(DCB *listener, GWPROTOCOL *protocol_funcs)
            if ((authfuncs = (GWAUTHENTICATOR *)load_module(authenticator_name,
                                                            MODULE_AUTHENTICATOR)) == NULL)
            {
-                if ((authfuncs = (GWAUTHENTICATOR *)load_module("NullAuth",
+                if ((authfuncs = (GWAUTHENTICATOR *)load_module("NullAuthDeny",
                                                                MODULE_AUTHENTICATOR)) == NULL)
                {
                    MXS_ERROR("Failed to load authenticator module for %s, free dcb %p\n",
--- a/server/core/server.c
+++ b/server/core/server.c
@ -83,6 +83,7 @@ server_alloc(char *servname, char *protocol, unsigned short port)
 #endif
    server->name = servname;
    server->protocol = protocol;
+    server->authenticator = NULL;
    server->port = port;
    server->status = SERVER_RUNNING;
    server->node_id = -1;