hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename and cleanup authenticator.h

Browse Source
This commit is contained in:
Esa Korhonen 2019-01-11 15:24:55 +02:00
parent b4d91d4b9a
commit 684ec3288b
19 changed files with 133 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
include/maxscale/authenticator.h → include/maxscale/authenticator.hh
View File

@ -13,19 +13,46 @@
#pragma once
/**
* @file authenticator.h
* @file authenticator.hh
*
* The authenticator module interface definitions for MaxScale
*/
#include <maxscale/cdefs.h>
#include <maxbase/jansson.h>
#include <maxscale/buffer.h>
#include <maxscale/ccdefs.hh>
class Listener;
class SERVER;
struct DCB;
typedef struct gwbuf GWBUF;
struct json_t;
struct MXS_SESSION;
MXS_BEGIN_DECLS
/**
* The MXS_AUTHENTICATOR version data. The following should be updated whenever
* the MXS_AUTHENTICATOR structure is changed. See the rules defined in modinfo.h
* that define how these numbers should change.
*/
#define MXS_AUTHENTICATOR_VERSION {2, 1, 0}
/** Maximum number of authenticator options */
#define AUTHENTICATOR_MAX_OPTIONS 256
/** Return values for extract and authenticate entry points */
#define MXS_AUTH_SUCCEEDED 0/**< Authentication was successful */
#define MXS_AUTH_FAILED 1/**< Authentication failed */
#define MXS_AUTH_FAILED_DB 2/**< Authentication failed, database not found */
#define MXS_AUTH_FAILED_SSL 3/**< SSL authentication failed */
#define MXS_AUTH_INCOMPLETE 4/**< Authentication is not yet complete */
#define MXS_AUTH_SSL_INCOMPLETE 5/**< SSL connection is not yet complete */
#define MXS_AUTH_SSL_COMPLETE 6/**< SSL connection complete or not required */
#define MXS_AUTH_NO_SESSION 7
#define MXS_AUTH_BAD_HANDSHAKE 8/**< Malformed client packet */
#define MXS_AUTH_FAILED_WRONG_PASSWORD 9/**< Client provided wrong password */
/** Return values for the loadusers entry point */
#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */
#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Temporary error, service is started */
#define MXS_AUTH_LOADUSERS_FATAL 2 /**< Fatal error, service is not started */
/**
* Specifies capabilities specific for authenticators.
@ -35,17 +62,10 @@ MXS_BEGIN_DECLS
* @note The values of the capabilities here *must* be between 0x000100000000
* and 0x008000000000, that is, bits 32 to 39.
*/
typedef enum authenticator_capability
enum authenticator_capability_t
{
ACAP_TYPE_ASYNC = 0x000100000000 /**< Supports asynchronous access */
} authenticator_capability_t;
/** Maximum number of authenticator options */
#define AUTHENTICATOR_MAX_OPTIONS 256
struct DCB;
struct SERVER;
struct MXS_SESSION;
};
/**
* @verbatim
@ -88,17 +108,17 @@ struct MXS_SESSION;
*
* @see load_module
*/
typedef struct mxs_authenticator
struct MXS_AUTHENTICATOR
{
void* (*initialize)(char** options);
void* (*create)(void* instance);
bool (* extract)(DCB*, GWBUF*);
bool (* connectssl)(DCB*);
int (* authenticate)(DCB*);
void (* free)(DCB*);
void (* destroy)(void*);
int (* loadusers)(Listener*);
void (* diagnostic)(DCB*, Listener*);
void* (* initialize)(char** options);
void* (* create)(void* instance);
bool (* extract)(DCB*, GWBUF*);
bool (* connectssl)(DCB*);
int (* authenticate)(DCB*);
void (* free)(DCB*);
void (* destroy)(void*);
int (* loadusers)(Listener*);
void (* diagnostic)(DCB*, Listener*);
/**
* @brief Return diagnostic information about the authenticator
@ -112,38 +132,25 @@ typedef struct mxs_authenticator
*
* @see jansson.h
*/
json_t* (*diagnostic_json)(const Listener * listener);
json_t* (* diagnostic_json)(const Listener* listener);
/** This entry point was added to avoid calling authenticator functions
* directly when a COM_CHANGE_USER command is executed. */
int (* reauthenticate)(DCB*,
const char* user,
uint8_t* token,
size_t token_len, /**< Client auth token */
uint8_t* scramble,
size_t scramble_len, /**< Scramble sent by MaxScale to client
* */
uint8_t* output,
size_t output_len); /**< Hashed client password used by backend
* protocols */
} MXS_AUTHENTICATOR;
/** Return values for extract and authenticate entry points */
#define MXS_AUTH_SUCCEEDED 0/**< Authentication was successful */
#define MXS_AUTH_FAILED 1/**< Authentication failed */
#define MXS_AUTH_FAILED_DB 2/**< Authentication failed, database not found */
#define MXS_AUTH_FAILED_SSL 3/**< SSL authentication failed */
#define MXS_AUTH_INCOMPLETE 4/**< Authentication is not yet complete */
#define MXS_AUTH_SSL_INCOMPLETE 5/**< SSL connection is not yet complete */
#define MXS_AUTH_SSL_COMPLETE 6/**< SSL connection complete or not required */
#define MXS_AUTH_NO_SESSION 7
#define MXS_AUTH_BAD_HANDSHAKE 8/**< Malformed client packet */
#define MXS_AUTH_FAILED_WRONG_PASSWORD 9/**< Client provided wrong password */
/** Return values for the loadusers entry point */
#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */
#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Temporary error, service is started */
#define MXS_AUTH_LOADUSERS_FATAL 2 /**< Fatal error, service is not started */
/**
* This entry point was added to avoid calling authenticator functions
* directly when a COM_CHANGE_USER command is executed.
*
* @param dcb The connection
* @param user Username
* @param token Client auth token
* @param token_len Auth token length
* @param scramble Scramble sent by MaxScale to client
* @param scramble_len Scramble length
* @param output Hashed client password used by backend protocols
* @param output_len Hash length
* @return 0 on success
*/
int (* reauthenticate)(DCB* dcb, const char* user, uint8_t* token, size_t token_len,
uint8_t* scramble, size_t scramble_len, uint8_t* output, size_t output_len);
};
/**
* Authentication states
@ -156,7 +163,7 @@ typedef struct mxs_authenticator
* the CONNECTED state, the connection will be in PENDING_CONNECT state until
* the connection can be created.
*/
typedef enum
enum mxs_auth_state_t
{
MXS_AUTH_STATE_INIT, /**< Initial authentication state */
MXS_AUTH_STATE_PENDING_CONNECT, /**< Connection creation is underway */
@ -166,56 +173,13 @@ typedef enum
MXS_AUTH_STATE_FAILED, /**< Authentication failed */
MXS_AUTH_STATE_HANDSHAKE_FAILED,/**< Authentication failed immediately */
MXS_AUTH_STATE_COMPLETE /**< Authentication is complete */
} mxs_auth_state_t;
#define STRPROTOCOLSTATE(s) \
((s) == MXS_AUTH_STATE_INIT ? "MXS_AUTH_STATE_INIT" \
: ((s) == MXS_AUTH_STATE_PENDING_CONNECT ? "MXS_AUTH_STATE_PENDING_CONNECT" \
: ((s) \
== MXS_AUTH_STATE_CONNECTED \
? "MXS_AUTH_STATE_CONNECTED" \
: (( \
s) \
== \
MXS_AUTH_STATE_MESSAGE_READ \
? \
"MXS_AUTH_STATE_MESSAGE_READ" \
: (( \
s) \
== \
MXS_AUTH_STATE_RESPONSE_SENT \
? \
"MXS_AUTH_STATE_RESPONSE_SENT" \
: (( \
s) \
== \
MXS_AUTH_STATE_FAILED \
? \
"MXS_AUTH_STATE_FAILED" \
: (( \
s) \
== \
MXS_AUTH_STATE_HANDSHAKE_FAILED \
? \
"MXS_AUTH_STATE_HANDSHAKE_FAILED" \
: (( \
s) \
== \
MXS_AUTH_STATE_COMPLETE \
? \
"MXS_AUTH_STATE_COMPLETE" \
: \
"UNKNOWN AUTH STATE"))))))))
/**
* The MXS_AUTHENTICATOR version data. The following should be updated whenever
* the MXS_AUTHENTICATOR structure is changed. See the rules defined in modinfo.h
* that define how these numbers should change.
*/
#define MXS_AUTHENTICATOR_VERSION {2, 1, 0}
};
bool authenticator_init(void** instance, const char* authenticator, const char* options);
const char* get_default_authenticator(const char* protocol);
MXS_END_DECLS
namespace maxscale
{
const char* to_string(mxs_auth_state_t state);
}

2
include/maxscale/dcb.hh
View File

@ -19,7 +19,7 @@
#include <maxscale/ccdefs.hh>
#include <netinet/in.h>
#include <maxbase/poll.h>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/buffer.h>
#include <maxscale/modinfo.h>
#include <maxscale/protocol.h>

44
server/core/authenticator.cc
View File

@ -11,7 +11,7 @@
* Public License.
*/
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/modutil.hh>
#include <maxscale/alloc.h>
@ -101,3 +101,45 @@ const char* get_default_authenticator(const char* protocol)
return rval;
}
namespace maxscale
{
const char* to_string(mxs_auth_state_t state)
{
const char* rval = "UNKNOWN AUTH STATE";
switch (state)
{
case MXS_AUTH_STATE_INIT:
rval = "MXS_AUTH_STATE_INIT";
break;
case MXS_AUTH_STATE_PENDING_CONNECT:
rval = "MXS_AUTH_STATE_PENDING_CONNECT";
break;
case MXS_AUTH_STATE_CONNECTED:
rval = "MXS_AUTH_STATE_CONNECTED";
break;
case MXS_AUTH_STATE_MESSAGE_READ:
rval = "MXS_AUTH_STATE_MESSAGE_READ";
break;
case MXS_AUTH_STATE_RESPONSE_SENT:
rval = "MXS_AUTH_STATE_RESPONSE_SENT";
break;
case MXS_AUTH_STATE_FAILED:
rval = "MXS_AUTH_STATE_FAILED";
break;
case MXS_AUTH_STATE_HANDSHAKE_FAILED:
rval = "MXS_AUTH_STATE_HANDSHAKE_FAILED";
break;
case MXS_AUTH_STATE_COMPLETE:
rval = "MXS_AUTH_STATE_COMPLETE";
break;
default:
mxb_assert(!true);
break;
}
return rval;
}
}

2
server/core/load_utils.cc
View File

@ -33,7 +33,7 @@
#include <maxscale/protocol.h>
#include <maxscale/router.hh>
#include <maxscale/filter.hh>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/monitor.hh>
#include <maxscale/query_classifier.h>

2
server/core/users.cc
View File

@ -21,7 +21,7 @@
#include <unordered_map>
#include <maxscale/users.h>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/jansson.hh>
namespace

2
server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc
View File

@ -27,7 +27,7 @@
#define MXS_MODULE_NAME "CDCPlainAuth"
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <fcntl.h>
#include <sys/stat.h>
#include <cdc.hh>

2
server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc
View File

@ -16,7 +16,7 @@
#include <maxscale/ccdefs.hh>
#include <maxscale/alloc.h>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/dcb.hh>
#include <maxscale/mysql_utils.hh>
#include <maxscale/protocol/mysql.hh>

2
server/modules/authenticator/GSSAPI/GSSAPIBackendAuth/gssapi_backend_auth.cc
View File

@ -15,7 +15,7 @@
#include <maxscale/ccdefs.hh>
#include <maxscale/alloc.h>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/dcb.hh>
#include <maxscale/protocol/mysql.hh>
#include <maxscale/server.hh>

2
server/modules/authenticator/HTTPAuth/http_auth.cc
View File

@ -26,7 +26,7 @@
#define MXS_MODULE_NAME "HTTPAuth"
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/alloc.h>
#include <maxscale/modinfo.h>
#include <maxscale/dcb.hh>

2
server/modules/authenticator/MaxAdminAuth/max_admin_auth.cc
View File

@ -28,7 +28,7 @@
#define MXS_MODULE_NAME "MaxAdminAuth"
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/alloc.h>
#include <maxscale/modinfo.h>
#include <maxscale/dcb.hh>

2
server/modules/authenticator/MySQLAuth/mysql_auth.cc
View File

@ -28,7 +28,7 @@
#include "mysql_auth.hh"
#include <maxscale/protocol/mysql.hh>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/alloc.h>
#include <maxscale/event.hh>
#include <maxscale/poll.hh>

2
server/modules/authenticator/MySQLAuth/mysql_auth.hh
View File

@ -19,7 +19,7 @@
#include <stdint.h>
#include <arpa/inet.h>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/dcb.hh>
#include <maxscale/buffer.hh>
#include <maxscale/service.hh>

2
server/modules/authenticator/MySQLBackendAuth/mysql_backend_auth.cc
View File

@ -25,7 +25,7 @@
#define MXS_MODULE_NAME "MySQLBackendAuth"
#include <maxscale/alloc.h>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/protocol/mysql.hh>
#include <maxscale/server.hh>
#include <maxscale/utils.h>

2
server/modules/authenticator/NullAuthAllow/null_auth_allow.cc
View File

@ -29,7 +29,7 @@
#define MXS_MODULE_NAME "NullAuthAllow"
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/modinfo.h>
#include <maxscale/dcb.hh>
#include <maxscale/buffer.h>

2
server/modules/authenticator/NullAuthDeny/null_auth_deny.cc
View File

@ -29,7 +29,7 @@
#define MXS_MODULE_NAME "NullAuthDeny"
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/modinfo.h>
#include <maxscale/dcb.hh>
#include <maxscale/buffer.h>

2
server/modules/authenticator/PAM/PAMAuth/pam_auth.cc
View File

@ -13,7 +13,7 @@
#include "pam_auth.hh"
#include <string>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/users.h>
#include "pam_instance.hh"

2
server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_auth.cc
View File

@ -13,7 +13,7 @@
#include "pam_backend_auth.hh"
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/server.hh>
#include "pam_backend_session.hh"
#include "../pam_auth_common.hh"

8
server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc
View File

@ -487,7 +487,7 @@ static int gw_read_backend_event(DCB* dcb)
dcb,
dcb->fd,
proto->protocol_auth_state,
STRPROTOCOLSTATE(proto->protocol_auth_state));
mxs::to_string(proto->protocol_auth_state));
int rc = 0;
if (proto->protocol_auth_state == MXS_AUTH_STATE_COMPLETE)
@ -1125,7 +1125,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue)
{
MXS_INFO("DCB and protocol state do not qualify for pooling: %s, %s",
STRDCBSTATE(dcb->state),
STRPROTOCOLSTATE(backend_protocol->protocol_auth_state));
mxs::to_string(backend_protocol->protocol_auth_state));
gwbuf_free(queue);
return 0;
}
@ -1230,7 +1230,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue)
MXS_DEBUG("write to dcb %p fd %d protocol state %s.",
dcb,
dcb->fd,
STRPROTOCOLSTATE(backend_protocol->protocol_auth_state));
mxs::to_string(backend_protocol->protocol_auth_state));
prepare_for_write(dcb, queue);
@ -1260,7 +1260,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue)
MXS_DEBUG("delayed write to dcb %p fd %d protocol state %s.",
dcb,
dcb->fd,
STRPROTOCOLSTATE(backend_protocol->protocol_auth_state));
mxs::to_string(backend_protocol->protocol_auth_state));
/** Store data until authentication is complete */
prepare_for_write(dcb, queue);

2
server/modules/protocol/MySQL/mariadbclient/mysql_client.cc
View File

@ -25,7 +25,7 @@
#include <vector>
#include <maxscale/alloc.h>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/modinfo.h>
#include <maxscale/modutil.hh>
#include <maxscale/poll.hh>