hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename and cleanup authenticator.h

Browse Source
This commit is contained in:
Esa Korhonen
2019-01-11 15:24:55 +02:00
parent b4d91d4b9a
commit 684ec3288b
19 changed files with 133 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
include/maxscale/authenticator.h → include/maxscale/authenticator.hh
View File

@ -13,19 +13,46 @@
#pragma once
/**
* @file authenticator.h
* @file authenticator.hh
*
* The authenticator module interface definitions for MaxScale
*/
#include <maxscale/cdefs.h>
#include <maxbase/jansson.h>
#include <maxscale/buffer.h>
#include <maxscale/ccdefs.hh>
class Listener;
class SERVER;
struct DCB;
typedef struct gwbuf GWBUF;
struct json_t;
struct MXS_SESSION;
MXS_BEGIN_DECLS
/**
* The MXS_AUTHENTICATOR version data. The following should be updated whenever
* the MXS_AUTHENTICATOR structure is changed. See the rules defined in modinfo.h
* that define how these numbers should change.
*/
#define MXS_AUTHENTICATOR_VERSION {2, 1, 0}
/** Maximum number of authenticator options */
#define AUTHENTICATOR_MAX_OPTIONS 256
/** Return values for extract and authenticate entry points */
#define MXS_AUTH_SUCCEEDED 0/**< Authentication was successful */
#define MXS_AUTH_FAILED 1/**< Authentication failed */
#define MXS_AUTH_FAILED_DB 2/**< Authentication failed, database not found */
#define MXS_AUTH_FAILED_SSL 3/**< SSL authentication failed */
#define MXS_AUTH_INCOMPLETE 4/**< Authentication is not yet complete */
#define MXS_AUTH_SSL_INCOMPLETE 5/**< SSL connection is not yet complete */
#define MXS_AUTH_SSL_COMPLETE 6/**< SSL connection complete or not required */
#define MXS_AUTH_NO_SESSION 7
#define MXS_AUTH_BAD_HANDSHAKE 8/**< Malformed client packet */
#define MXS_AUTH_FAILED_WRONG_PASSWORD 9/**< Client provided wrong password */
/** Return values for the loadusers entry point */
#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */
#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Temporary error, service is started */
#define MXS_AUTH_LOADUSERS_FATAL 2 /**< Fatal error, service is not started */
/**
* Specifies capabilities specific for authenticators.
@ -35,17 +62,10 @@ MXS_BEGIN_DECLS
* @note The values of the capabilities here *must* be between 0x000100000000
* and 0x008000000000, that is, bits 32 to 39.
*/
typedef enum authenticator_capability
enum authenticator_capability_t
{
ACAP_TYPE_ASYNC = 0x000100000000 /**< Supports asynchronous access */
} authenticator_capability_t;
/** Maximum number of authenticator options */
#define AUTHENTICATOR_MAX_OPTIONS 256
struct DCB;
struct SERVER;
struct MXS_SESSION;
};
/**
* @verbatim
@ -88,17 +108,17 @@ struct MXS_SESSION;
*
* @see load_module
*/
typedef struct mxs_authenticator
struct MXS_AUTHENTICATOR
{
void* (*initialize)(char** options);
void* (*create)(void* instance);
bool (* extract)(DCB*, GWBUF*);
bool (* connectssl)(DCB*);
int (* authenticate)(DCB*);
void (* free)(DCB*);
void (* destroy)(void*);
int (* loadusers)(Listener*);
void (* diagnostic)(DCB*, Listener*);
void* (* initialize)(char** options);
void* (* create)(void* instance);
bool (* extract)(DCB*, GWBUF*);
bool (* connectssl)(DCB*);
int (* authenticate)(DCB*);
void (* free)(DCB*);
void (* destroy)(void*);
int (* loadusers)(Listener*);
void (* diagnostic)(DCB*, Listener*);
/**
* @brief Return diagnostic information about the authenticator
@ -112,38 +132,25 @@ typedef struct mxs_authenticator
*
* @see jansson.h
*/
json_t* (*diagnostic_json)(const Listener * listener);
json_t* (* diagnostic_json)(const Listener* listener);
/** This entry point was added to avoid calling authenticator functions
* directly when a COM_CHANGE_USER command is executed. */
int (* reauthenticate)(DCB*,
const char* user,
uint8_t* token,
size_t token_len, /**< Client auth token */
uint8_t* scramble,
size_t scramble_len, /**< Scramble sent by MaxScale to client
* */
uint8_t* output,
size_t output_len); /**< Hashed client password used by backend
* protocols */
} MXS_AUTHENTICATOR;
/** Return values for extract and authenticate entry points */
#define MXS_AUTH_SUCCEEDED 0/**< Authentication was successful */
#define MXS_AUTH_FAILED 1/**< Authentication failed */
#define MXS_AUTH_FAILED_DB 2/**< Authentication failed, database not found */
#define MXS_AUTH_FAILED_SSL 3/**< SSL authentication failed */
#define MXS_AUTH_INCOMPLETE 4/**< Authentication is not yet complete */
#define MXS_AUTH_SSL_INCOMPLETE 5/**< SSL connection is not yet complete */
#define MXS_AUTH_SSL_COMPLETE 6/**< SSL connection complete or not required */
#define MXS_AUTH_NO_SESSION 7
#define MXS_AUTH_BAD_HANDSHAKE 8/**< Malformed client packet */
#define MXS_AUTH_FAILED_WRONG_PASSWORD 9/**< Client provided wrong password */
/** Return values for the loadusers entry point */
#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */
#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Temporary error, service is started */
#define MXS_AUTH_LOADUSERS_FATAL 2 /**< Fatal error, service is not started */
/**
* This entry point was added to avoid calling authenticator functions
* directly when a COM_CHANGE_USER command is executed.
*
* @param dcb The connection
* @param user Username
* @param token Client auth token
* @param token_len Auth token length
* @param scramble Scramble sent by MaxScale to client
* @param scramble_len Scramble length
* @param output Hashed client password used by backend protocols
* @param output_len Hash length
* @return 0 on success
*/
int (* reauthenticate)(DCB* dcb, const char* user, uint8_t* token, size_t token_len,
uint8_t* scramble, size_t scramble_len, uint8_t* output, size_t output_len);
};
/**
* Authentication states
@ -156,7 +163,7 @@ typedef struct mxs_authenticator
* the CONNECTED state, the connection will be in PENDING_CONNECT state until
* the connection can be created.
*/
typedef enum
enum mxs_auth_state_t
{
MXS_AUTH_STATE_INIT, /**< Initial authentication state */
MXS_AUTH_STATE_PENDING_CONNECT, /**< Connection creation is underway */
@ -166,56 +173,13 @@ typedef enum
MXS_AUTH_STATE_FAILED, /**< Authentication failed */
MXS_AUTH_STATE_HANDSHAKE_FAILED,/**< Authentication failed immediately */
MXS_AUTH_STATE_COMPLETE /**< Authentication is complete */
} mxs_auth_state_t;
#define STRPROTOCOLSTATE(s) \
((s) == MXS_AUTH_STATE_INIT ? "MXS_AUTH_STATE_INIT" \
: ((s) == MXS_AUTH_STATE_PENDING_CONNECT ? "MXS_AUTH_STATE_PENDING_CONNECT" \
: ((s) \
== MXS_AUTH_STATE_CONNECTED \
? "MXS_AUTH_STATE_CONNECTED" \
: (( \
s) \
== \
MXS_AUTH_STATE_MESSAGE_READ \
? \
"MXS_AUTH_STATE_MESSAGE_READ" \
: (( \
s) \
== \
MXS_AUTH_STATE_RESPONSE_SENT \
? \
"MXS_AUTH_STATE_RESPONSE_SENT" \
: (( \
s) \
== \
MXS_AUTH_STATE_FAILED \
? \
"MXS_AUTH_STATE_FAILED" \
: (( \
s) \
== \
MXS_AUTH_STATE_HANDSHAKE_FAILED \
? \
"MXS_AUTH_STATE_HANDSHAKE_FAILED" \
: (( \
s) \
== \
MXS_AUTH_STATE_COMPLETE \
? \
"MXS_AUTH_STATE_COMPLETE" \
: \
"UNKNOWN AUTH STATE"))))))))
/**
* The MXS_AUTHENTICATOR version data. The following should be updated whenever
* the MXS_AUTHENTICATOR structure is changed. See the rules defined in modinfo.h
* that define how these numbers should change.
*/
#define MXS_AUTHENTICATOR_VERSION {2, 1, 0}
};
bool authenticator_init(void** instance, const char* authenticator, const char* options);
const char* get_default_authenticator(const char* protocol);
MXS_END_DECLS
namespace maxscale
{
const char* to_string(mxs_auth_state_t state);
}

2
include/maxscale/dcb.hh
View File

@ -19,7 +19,7 @@
#include <maxscale/ccdefs.hh>
#include <netinet/in.h>
#include <maxbase/poll.h>
#include <maxscale/authenticator.h>
#include <maxscale/authenticator.hh>
#include <maxscale/buffer.h>
#include <maxscale/modinfo.h>
#include <maxscale/protocol.h>