From 684ec3288b4e65d5737036e3edb823e292c8a4de Mon Sep 17 00:00:00 2001 From: Esa Korhonen Date: Fri, 11 Jan 2019 15:24:55 +0200 Subject: [PATCH] Rename and cleanup authenticator.h --- .../{authenticator.h => authenticator.hh} | 176 +++++++----------- include/maxscale/dcb.hh | 2 +- server/core/authenticator.cc | 44 ++++- server/core/load_utils.cc | 2 +- server/core/users.cc | 2 +- .../CDCPlainAuth/cdc_plain_auth.cc | 2 +- .../GSSAPI/GSSAPIAuth/gssapi_auth.cc | 2 +- .../GSSAPIBackendAuth/gssapi_backend_auth.cc | 2 +- .../authenticator/HTTPAuth/http_auth.cc | 2 +- .../MaxAdminAuth/max_admin_auth.cc | 2 +- .../authenticator/MySQLAuth/mysql_auth.cc | 2 +- .../authenticator/MySQLAuth/mysql_auth.hh | 2 +- .../MySQLBackendAuth/mysql_backend_auth.cc | 2 +- .../NullAuthAllow/null_auth_allow.cc | 2 +- .../NullAuthDeny/null_auth_deny.cc | 2 +- .../authenticator/PAM/PAMAuth/pam_auth.cc | 2 +- .../PAM/PAMBackendAuth/pam_backend_auth.cc | 2 +- .../MySQL/mariadbbackend/mysql_backend.cc | 8 +- .../MySQL/mariadbclient/mysql_client.cc | 2 +- 19 files changed, 133 insertions(+), 127 deletions(-) rename include/maxscale/{authenticator.h => authenticator.hh} (51%) diff --git a/include/maxscale/authenticator.h b/include/maxscale/authenticator.hh similarity index 51% rename from include/maxscale/authenticator.h rename to include/maxscale/authenticator.hh index 0c93fe2b1..c308778d6 100644 --- a/include/maxscale/authenticator.h +++ b/include/maxscale/authenticator.hh @@ -13,19 +13,46 @@ #pragma once /** - * @file authenticator.h + * @file authenticator.hh * * The authenticator module interface definitions for MaxScale */ -#include - -#include -#include +#include class Listener; +class SERVER; +struct DCB; +typedef struct gwbuf GWBUF; +struct json_t; +struct MXS_SESSION; -MXS_BEGIN_DECLS +/** + * The MXS_AUTHENTICATOR version data. The following should be updated whenever + * the MXS_AUTHENTICATOR structure is changed. See the rules defined in modinfo.h + * that define how these numbers should change. + */ +#define MXS_AUTHENTICATOR_VERSION {2, 1, 0} + +/** Maximum number of authenticator options */ +#define AUTHENTICATOR_MAX_OPTIONS 256 + +/** Return values for extract and authenticate entry points */ +#define MXS_AUTH_SUCCEEDED 0/**< Authentication was successful */ +#define MXS_AUTH_FAILED 1/**< Authentication failed */ +#define MXS_AUTH_FAILED_DB 2/**< Authentication failed, database not found */ +#define MXS_AUTH_FAILED_SSL 3/**< SSL authentication failed */ +#define MXS_AUTH_INCOMPLETE 4/**< Authentication is not yet complete */ +#define MXS_AUTH_SSL_INCOMPLETE 5/**< SSL connection is not yet complete */ +#define MXS_AUTH_SSL_COMPLETE 6/**< SSL connection complete or not required */ +#define MXS_AUTH_NO_SESSION 7 +#define MXS_AUTH_BAD_HANDSHAKE 8/**< Malformed client packet */ +#define MXS_AUTH_FAILED_WRONG_PASSWORD 9/**< Client provided wrong password */ + +/** Return values for the loadusers entry point */ +#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */ +#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Temporary error, service is started */ +#define MXS_AUTH_LOADUSERS_FATAL 2 /**< Fatal error, service is not started */ /** * Specifies capabilities specific for authenticators. @@ -35,17 +62,10 @@ MXS_BEGIN_DECLS * @note The values of the capabilities here *must* be between 0x000100000000 * and 0x008000000000, that is, bits 32 to 39. */ -typedef enum authenticator_capability +enum authenticator_capability_t { ACAP_TYPE_ASYNC = 0x000100000000 /**< Supports asynchronous access */ -} authenticator_capability_t; - -/** Maximum number of authenticator options */ -#define AUTHENTICATOR_MAX_OPTIONS 256 - -struct DCB; -struct SERVER; -struct MXS_SESSION; +}; /** * @verbatim @@ -88,17 +108,17 @@ struct MXS_SESSION; * * @see load_module */ -typedef struct mxs_authenticator +struct MXS_AUTHENTICATOR { - void* (*initialize)(char** options); - void* (*create)(void* instance); - bool (* extract)(DCB*, GWBUF*); - bool (* connectssl)(DCB*); - int (* authenticate)(DCB*); - void (* free)(DCB*); - void (* destroy)(void*); - int (* loadusers)(Listener*); - void (* diagnostic)(DCB*, Listener*); + void* (* initialize)(char** options); + void* (* create)(void* instance); + bool (* extract)(DCB*, GWBUF*); + bool (* connectssl)(DCB*); + int (* authenticate)(DCB*); + void (* free)(DCB*); + void (* destroy)(void*); + int (* loadusers)(Listener*); + void (* diagnostic)(DCB*, Listener*); /** * @brief Return diagnostic information about the authenticator @@ -112,38 +132,25 @@ typedef struct mxs_authenticator * * @see jansson.h */ - json_t* (*diagnostic_json)(const Listener * listener); + json_t* (* diagnostic_json)(const Listener* listener); - /** This entry point was added to avoid calling authenticator functions - * directly when a COM_CHANGE_USER command is executed. */ - int (* reauthenticate)(DCB*, - const char* user, - uint8_t* token, - size_t token_len, /**< Client auth token */ - uint8_t* scramble, - size_t scramble_len, /**< Scramble sent by MaxScale to client - * */ - uint8_t* output, - size_t output_len); /**< Hashed client password used by backend - * protocols */ -} MXS_AUTHENTICATOR; - -/** Return values for extract and authenticate entry points */ -#define MXS_AUTH_SUCCEEDED 0/**< Authentication was successful */ -#define MXS_AUTH_FAILED 1/**< Authentication failed */ -#define MXS_AUTH_FAILED_DB 2/**< Authentication failed, database not found */ -#define MXS_AUTH_FAILED_SSL 3/**< SSL authentication failed */ -#define MXS_AUTH_INCOMPLETE 4/**< Authentication is not yet complete */ -#define MXS_AUTH_SSL_INCOMPLETE 5/**< SSL connection is not yet complete */ -#define MXS_AUTH_SSL_COMPLETE 6/**< SSL connection complete or not required */ -#define MXS_AUTH_NO_SESSION 7 -#define MXS_AUTH_BAD_HANDSHAKE 8/**< Malformed client packet */ -#define MXS_AUTH_FAILED_WRONG_PASSWORD 9/**< Client provided wrong password */ - -/** Return values for the loadusers entry point */ -#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */ -#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Temporary error, service is started */ -#define MXS_AUTH_LOADUSERS_FATAL 2 /**< Fatal error, service is not started */ + /** + * This entry point was added to avoid calling authenticator functions + * directly when a COM_CHANGE_USER command is executed. + * + * @param dcb The connection + * @param user Username + * @param token Client auth token + * @param token_len Auth token length + * @param scramble Scramble sent by MaxScale to client + * @param scramble_len Scramble length + * @param output Hashed client password used by backend protocols + * @param output_len Hash length + * @return 0 on success + */ + int (* reauthenticate)(DCB* dcb, const char* user, uint8_t* token, size_t token_len, + uint8_t* scramble, size_t scramble_len, uint8_t* output, size_t output_len); +}; /** * Authentication states @@ -156,7 +163,7 @@ typedef struct mxs_authenticator * the CONNECTED state, the connection will be in PENDING_CONNECT state until * the connection can be created. */ -typedef enum +enum mxs_auth_state_t { MXS_AUTH_STATE_INIT, /**< Initial authentication state */ MXS_AUTH_STATE_PENDING_CONNECT, /**< Connection creation is underway */ @@ -166,56 +173,13 @@ typedef enum MXS_AUTH_STATE_FAILED, /**< Authentication failed */ MXS_AUTH_STATE_HANDSHAKE_FAILED,/**< Authentication failed immediately */ MXS_AUTH_STATE_COMPLETE /**< Authentication is complete */ -} mxs_auth_state_t; - -#define STRPROTOCOLSTATE(s) \ - ((s) == MXS_AUTH_STATE_INIT ? "MXS_AUTH_STATE_INIT" \ - : ((s) == MXS_AUTH_STATE_PENDING_CONNECT ? "MXS_AUTH_STATE_PENDING_CONNECT" \ - : ((s) \ - == MXS_AUTH_STATE_CONNECTED \ - ? "MXS_AUTH_STATE_CONNECTED" \ - : (( \ - s) \ - == \ - MXS_AUTH_STATE_MESSAGE_READ \ - ? \ - "MXS_AUTH_STATE_MESSAGE_READ" \ - : (( \ - s) \ - == \ - MXS_AUTH_STATE_RESPONSE_SENT \ - ? \ - "MXS_AUTH_STATE_RESPONSE_SENT" \ - : (( \ - s) \ - == \ - MXS_AUTH_STATE_FAILED \ - ? \ - "MXS_AUTH_STATE_FAILED" \ - : (( \ - s) \ - == \ - MXS_AUTH_STATE_HANDSHAKE_FAILED \ - ? \ - "MXS_AUTH_STATE_HANDSHAKE_FAILED" \ - : (( \ - s) \ - == \ - MXS_AUTH_STATE_COMPLETE \ - ? \ - "MXS_AUTH_STATE_COMPLETE" \ - : \ - "UNKNOWN AUTH STATE")))))))) - -/** - * The MXS_AUTHENTICATOR version data. The following should be updated whenever - * the MXS_AUTHENTICATOR structure is changed. See the rules defined in modinfo.h - * that define how these numbers should change. - */ -#define MXS_AUTHENTICATOR_VERSION {2, 1, 0} - +}; bool authenticator_init(void** instance, const char* authenticator, const char* options); const char* get_default_authenticator(const char* protocol); -MXS_END_DECLS +namespace maxscale +{ + +const char* to_string(mxs_auth_state_t state); +} diff --git a/include/maxscale/dcb.hh b/include/maxscale/dcb.hh index 2d2bbd080..9a684b0e6 100644 --- a/include/maxscale/dcb.hh +++ b/include/maxscale/dcb.hh @@ -19,7 +19,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/server/core/authenticator.cc b/server/core/authenticator.cc index 8631f1f65..b76b08bee 100644 --- a/server/core/authenticator.cc +++ b/server/core/authenticator.cc @@ -11,7 +11,7 @@ * Public License. */ -#include +#include #include #include @@ -101,3 +101,45 @@ const char* get_default_authenticator(const char* protocol) return rval; } + +namespace maxscale +{ + +const char* to_string(mxs_auth_state_t state) +{ + const char* rval = "UNKNOWN AUTH STATE"; + switch (state) + { + case MXS_AUTH_STATE_INIT: + rval = "MXS_AUTH_STATE_INIT"; + break; + case MXS_AUTH_STATE_PENDING_CONNECT: + rval = "MXS_AUTH_STATE_PENDING_CONNECT"; + break; + case MXS_AUTH_STATE_CONNECTED: + rval = "MXS_AUTH_STATE_CONNECTED"; + break; + case MXS_AUTH_STATE_MESSAGE_READ: + rval = "MXS_AUTH_STATE_MESSAGE_READ"; + break; + case MXS_AUTH_STATE_RESPONSE_SENT: + rval = "MXS_AUTH_STATE_RESPONSE_SENT"; + break; + case MXS_AUTH_STATE_FAILED: + rval = "MXS_AUTH_STATE_FAILED"; + break; + case MXS_AUTH_STATE_HANDSHAKE_FAILED: + rval = "MXS_AUTH_STATE_HANDSHAKE_FAILED"; + break; + case MXS_AUTH_STATE_COMPLETE: + rval = "MXS_AUTH_STATE_COMPLETE"; + break; + default: + mxb_assert(!true); + break; + } + + return rval; +} + +} diff --git a/server/core/load_utils.cc b/server/core/load_utils.cc index e4f035dc7..d1d66092a 100644 --- a/server/core/load_utils.cc +++ b/server/core/load_utils.cc @@ -33,7 +33,7 @@ #include #include #include -#include +#include #include #include diff --git a/server/core/users.cc b/server/core/users.cc index 8e9280ec9..edb97c747 100644 --- a/server/core/users.cc +++ b/server/core/users.cc @@ -21,7 +21,7 @@ #include #include -#include +#include #include namespace diff --git a/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc b/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc index 29fceb587..890dc59d6 100644 --- a/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc +++ b/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc @@ -27,7 +27,7 @@ #define MXS_MODULE_NAME "CDCPlainAuth" -#include +#include #include #include #include diff --git a/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc b/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc index 44476f328..238cc27b6 100644 --- a/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc +++ b/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc @@ -16,7 +16,7 @@ #include #include -#include +#include #include #include #include diff --git a/server/modules/authenticator/GSSAPI/GSSAPIBackendAuth/gssapi_backend_auth.cc b/server/modules/authenticator/GSSAPI/GSSAPIBackendAuth/gssapi_backend_auth.cc index d396856b4..baa32c7fb 100644 --- a/server/modules/authenticator/GSSAPI/GSSAPIBackendAuth/gssapi_backend_auth.cc +++ b/server/modules/authenticator/GSSAPI/GSSAPIBackendAuth/gssapi_backend_auth.cc @@ -15,7 +15,7 @@ #include #include -#include +#include #include #include #include diff --git a/server/modules/authenticator/HTTPAuth/http_auth.cc b/server/modules/authenticator/HTTPAuth/http_auth.cc index 4e2c7af27..54558c7ef 100644 --- a/server/modules/authenticator/HTTPAuth/http_auth.cc +++ b/server/modules/authenticator/HTTPAuth/http_auth.cc @@ -26,7 +26,7 @@ #define MXS_MODULE_NAME "HTTPAuth" -#include +#include #include #include #include diff --git a/server/modules/authenticator/MaxAdminAuth/max_admin_auth.cc b/server/modules/authenticator/MaxAdminAuth/max_admin_auth.cc index 5240436ff..8f26e7877 100644 --- a/server/modules/authenticator/MaxAdminAuth/max_admin_auth.cc +++ b/server/modules/authenticator/MaxAdminAuth/max_admin_auth.cc @@ -28,7 +28,7 @@ #define MXS_MODULE_NAME "MaxAdminAuth" -#include +#include #include #include #include diff --git a/server/modules/authenticator/MySQLAuth/mysql_auth.cc b/server/modules/authenticator/MySQLAuth/mysql_auth.cc index d1664b765..ec304c09b 100644 --- a/server/modules/authenticator/MySQLAuth/mysql_auth.cc +++ b/server/modules/authenticator/MySQLAuth/mysql_auth.cc @@ -28,7 +28,7 @@ #include "mysql_auth.hh" #include -#include +#include #include #include #include diff --git a/server/modules/authenticator/MySQLAuth/mysql_auth.hh b/server/modules/authenticator/MySQLAuth/mysql_auth.hh index 5874f53cd..19ff443d1 100644 --- a/server/modules/authenticator/MySQLAuth/mysql_auth.hh +++ b/server/modules/authenticator/MySQLAuth/mysql_auth.hh @@ -19,7 +19,7 @@ #include #include -#include +#include #include #include #include diff --git a/server/modules/authenticator/MySQLBackendAuth/mysql_backend_auth.cc b/server/modules/authenticator/MySQLBackendAuth/mysql_backend_auth.cc index 9cde45cb7..ea3653a8f 100644 --- a/server/modules/authenticator/MySQLBackendAuth/mysql_backend_auth.cc +++ b/server/modules/authenticator/MySQLBackendAuth/mysql_backend_auth.cc @@ -25,7 +25,7 @@ #define MXS_MODULE_NAME "MySQLBackendAuth" #include -#include +#include #include #include #include diff --git a/server/modules/authenticator/NullAuthAllow/null_auth_allow.cc b/server/modules/authenticator/NullAuthAllow/null_auth_allow.cc index 3d34b8ed9..41863d3f1 100644 --- a/server/modules/authenticator/NullAuthAllow/null_auth_allow.cc +++ b/server/modules/authenticator/NullAuthAllow/null_auth_allow.cc @@ -29,7 +29,7 @@ #define MXS_MODULE_NAME "NullAuthAllow" -#include +#include #include #include #include diff --git a/server/modules/authenticator/NullAuthDeny/null_auth_deny.cc b/server/modules/authenticator/NullAuthDeny/null_auth_deny.cc index ca166c870..c297e7c55 100644 --- a/server/modules/authenticator/NullAuthDeny/null_auth_deny.cc +++ b/server/modules/authenticator/NullAuthDeny/null_auth_deny.cc @@ -29,7 +29,7 @@ #define MXS_MODULE_NAME "NullAuthDeny" -#include +#include #include #include #include diff --git a/server/modules/authenticator/PAM/PAMAuth/pam_auth.cc b/server/modules/authenticator/PAM/PAMAuth/pam_auth.cc index 933b1f56f..602c54ca0 100644 --- a/server/modules/authenticator/PAM/PAMAuth/pam_auth.cc +++ b/server/modules/authenticator/PAM/PAMAuth/pam_auth.cc @@ -13,7 +13,7 @@ #include "pam_auth.hh" #include -#include +#include #include #include "pam_instance.hh" diff --git a/server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_auth.cc b/server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_auth.cc index 68857c14a..5f00fe8e8 100644 --- a/server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_auth.cc +++ b/server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_auth.cc @@ -13,7 +13,7 @@ #include "pam_backend_auth.hh" -#include +#include #include #include "pam_backend_session.hh" #include "../pam_auth_common.hh" diff --git a/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc b/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc index 0d6193871..347c4f2d1 100644 --- a/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc +++ b/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc @@ -487,7 +487,7 @@ static int gw_read_backend_event(DCB* dcb) dcb, dcb->fd, proto->protocol_auth_state, - STRPROTOCOLSTATE(proto->protocol_auth_state)); + mxs::to_string(proto->protocol_auth_state)); int rc = 0; if (proto->protocol_auth_state == MXS_AUTH_STATE_COMPLETE) @@ -1125,7 +1125,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue) { MXS_INFO("DCB and protocol state do not qualify for pooling: %s, %s", STRDCBSTATE(dcb->state), - STRPROTOCOLSTATE(backend_protocol->protocol_auth_state)); + mxs::to_string(backend_protocol->protocol_auth_state)); gwbuf_free(queue); return 0; } @@ -1230,7 +1230,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue) MXS_DEBUG("write to dcb %p fd %d protocol state %s.", dcb, dcb->fd, - STRPROTOCOLSTATE(backend_protocol->protocol_auth_state)); + mxs::to_string(backend_protocol->protocol_auth_state)); prepare_for_write(dcb, queue); @@ -1260,7 +1260,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue) MXS_DEBUG("delayed write to dcb %p fd %d protocol state %s.", dcb, dcb->fd, - STRPROTOCOLSTATE(backend_protocol->protocol_auth_state)); + mxs::to_string(backend_protocol->protocol_auth_state)); /** Store data until authentication is complete */ prepare_for_write(dcb, queue); diff --git a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc index 712eebf87..2561a11a3 100644 --- a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc +++ b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc @@ -25,7 +25,7 @@ #include #include -#include +#include #include #include #include