hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename and cleanup authenticator.h

Browse Source
This commit is contained in:
Esa Korhonen
2019-01-11 15:24:55 +02:00
parent b4d91d4b9a
commit 684ec3288b
19 changed files with 133 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
include/maxscale/authenticator.h → include/maxscale/authenticator.hh
View File

@ -13,19 +13,46 @@
#pragma once #pragma once
/** /**
* @file authenticator.h * @file authenticator.hh
* *
* The authenticator module interface definitions for MaxScale * The authenticator module interface definitions for MaxScale
*/ */
#include <maxscale/cdefs.h> #include <maxscale/ccdefs.hh>
#include <maxbase/jansson.h>
#include <maxscale/buffer.h>
class Listener; class Listener;
class SERVER;
struct DCB;
typedef struct gwbuf GWBUF;
struct json_t;
struct MXS_SESSION;
MXS_BEGIN_DECLS /**
* The MXS_AUTHENTICATOR version data. The following should be updated whenever
* the MXS_AUTHENTICATOR structure is changed. See the rules defined in modinfo.h
* that define how these numbers should change.
*/
#define MXS_AUTHENTICATOR_VERSION {2, 1, 0}
/** Maximum number of authenticator options */
#define AUTHENTICATOR_MAX_OPTIONS 256
/** Return values for extract and authenticate entry points */
#define MXS_AUTH_SUCCEEDED 0/**< Authentication was successful */
#define MXS_AUTH_FAILED 1/**< Authentication failed */
#define MXS_AUTH_FAILED_DB 2/**< Authentication failed, database not found */
#define MXS_AUTH_FAILED_SSL 3/**< SSL authentication failed */
#define MXS_AUTH_INCOMPLETE 4/**< Authentication is not yet complete */
#define MXS_AUTH_SSL_INCOMPLETE 5/**< SSL connection is not yet complete */
#define MXS_AUTH_SSL_COMPLETE 6/**< SSL connection complete or not required */
#define MXS_AUTH_NO_SESSION 7
#define MXS_AUTH_BAD_HANDSHAKE 8/**< Malformed client packet */
#define MXS_AUTH_FAILED_WRONG_PASSWORD 9/**< Client provided wrong password */
/** Return values for the loadusers entry point */
#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */
#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Temporary error, service is started */
#define MXS_AUTH_LOADUSERS_FATAL 2 /**< Fatal error, service is not started */
/** /**
* Specifies capabilities specific for authenticators. * Specifies capabilities specific for authenticators.
@ -35,17 +62,10 @@ MXS_BEGIN_DECLS
* @note The values of the capabilities here *must* be between 0x000100000000 * @note The values of the capabilities here *must* be between 0x000100000000
* and 0x008000000000, that is, bits 32 to 39. * and 0x008000000000, that is, bits 32 to 39.
*/ */
typedef enum authenticator_capability enum authenticator_capability_t
{ {
ACAP_TYPE_ASYNC = 0x000100000000 /**< Supports asynchronous access */ ACAP_TYPE_ASYNC = 0x000100000000 /**< Supports asynchronous access */
} authenticator_capability_t; };
/** Maximum number of authenticator options */
#define AUTHENTICATOR_MAX_OPTIONS 256
struct DCB;
struct SERVER;
struct MXS_SESSION;
/** /**
* @verbatim * @verbatim
@ -88,17 +108,17 @@ struct MXS_SESSION;
* *
* @see load_module * @see load_module
*/ */
typedef struct mxs_authenticator struct MXS_AUTHENTICATOR
{ {
void* (*initialize)(char** options); void* (* initialize)(char** options);
void* (*create)(void* instance); void* (* create)(void* instance);
bool (* extract)(DCB*, GWBUF*); bool (* extract)(DCB*, GWBUF*);
bool (* connectssl)(DCB*); bool (* connectssl)(DCB*);
int (* authenticate)(DCB*); int (* authenticate)(DCB*);
void (* free)(DCB*); void (* free)(DCB*);
void (* destroy)(void*); void (* destroy)(void*);
int (* loadusers)(Listener*); int (* loadusers)(Listener*);
void (* diagnostic)(DCB*, Listener*); void (* diagnostic)(DCB*, Listener*);
/** /**
* @brief Return diagnostic information about the authenticator * @brief Return diagnostic information about the authenticator
@ -112,38 +132,25 @@ typedef struct mxs_authenticator
* *
* @see jansson.h * @see jansson.h
*/ */
json_t* (*diagnostic_json)(const Listener * listener); json_t* (* diagnostic_json)(const Listener* listener);
/** This entry point was added to avoid calling authenticator functions /**
* directly when a COM_CHANGE_USER command is executed. */ * This entry point was added to avoid calling authenticator functions
int (* reauthenticate)(DCB*, * directly when a COM_CHANGE_USER command is executed.
const char* user, *
uint8_t* token, * @param dcb The connection
size_t token_len, /**< Client auth token */ * @param user Username
uint8_t* scramble, * @param token Client auth token
size_t scramble_len, /**< Scramble sent by MaxScale to client * @param token_len Auth token length
* */ * @param scramble Scramble sent by MaxScale to client
uint8_t* output, * @param scramble_len Scramble length
size_t output_len); /**< Hashed client password used by backend * @param output Hashed client password used by backend protocols
* protocols */ * @param output_len Hash length
} MXS_AUTHENTICATOR; * @return 0 on success
*/
/** Return values for extract and authenticate entry points */ int (* reauthenticate)(DCB* dcb, const char* user, uint8_t* token, size_t token_len,
#define MXS_AUTH_SUCCEEDED 0/**< Authentication was successful */ uint8_t* scramble, size_t scramble_len, uint8_t* output, size_t output_len);
#define MXS_AUTH_FAILED 1/**< Authentication failed */ };
#define MXS_AUTH_FAILED_DB 2/**< Authentication failed, database not found */
#define MXS_AUTH_FAILED_SSL 3/**< SSL authentication failed */
#define MXS_AUTH_INCOMPLETE 4/**< Authentication is not yet complete */
#define MXS_AUTH_SSL_INCOMPLETE 5/**< SSL connection is not yet complete */
#define MXS_AUTH_SSL_COMPLETE 6/**< SSL connection complete or not required */
#define MXS_AUTH_NO_SESSION 7
#define MXS_AUTH_BAD_HANDSHAKE 8/**< Malformed client packet */
#define MXS_AUTH_FAILED_WRONG_PASSWORD 9/**< Client provided wrong password */
/** Return values for the loadusers entry point */
#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */
#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Temporary error, service is started */
#define MXS_AUTH_LOADUSERS_FATAL 2 /**< Fatal error, service is not started */
/** /**
* Authentication states * Authentication states
@ -156,7 +163,7 @@ typedef struct mxs_authenticator
* the CONNECTED state, the connection will be in PENDING_CONNECT state until * the CONNECTED state, the connection will be in PENDING_CONNECT state until
* the connection can be created. * the connection can be created.
*/ */
typedef enum enum mxs_auth_state_t
{ {
MXS_AUTH_STATE_INIT, /**< Initial authentication state */ MXS_AUTH_STATE_INIT, /**< Initial authentication state */
MXS_AUTH_STATE_PENDING_CONNECT, /**< Connection creation is underway */ MXS_AUTH_STATE_PENDING_CONNECT, /**< Connection creation is underway */
@ -166,56 +173,13 @@ typedef enum
MXS_AUTH_STATE_FAILED, /**< Authentication failed */ MXS_AUTH_STATE_FAILED, /**< Authentication failed */
MXS_AUTH_STATE_HANDSHAKE_FAILED,/**< Authentication failed immediately */ MXS_AUTH_STATE_HANDSHAKE_FAILED,/**< Authentication failed immediately */
MXS_AUTH_STATE_COMPLETE /**< Authentication is complete */ MXS_AUTH_STATE_COMPLETE /**< Authentication is complete */
} mxs_auth_state_t; };
#define STRPROTOCOLSTATE(s) \
((s) == MXS_AUTH_STATE_INIT ? "MXS_AUTH_STATE_INIT" \
: ((s) == MXS_AUTH_STATE_PENDING_CONNECT ? "MXS_AUTH_STATE_PENDING_CONNECT" \
: ((s) \
== MXS_AUTH_STATE_CONNECTED \
? "MXS_AUTH_STATE_CONNECTED" \
: (( \
s) \
== \
MXS_AUTH_STATE_MESSAGE_READ \
? \
"MXS_AUTH_STATE_MESSAGE_READ" \
: (( \
s) \
== \
MXS_AUTH_STATE_RESPONSE_SENT \
? \
"MXS_AUTH_STATE_RESPONSE_SENT" \
: (( \
s) \
== \
MXS_AUTH_STATE_FAILED \
? \
"MXS_AUTH_STATE_FAILED" \
: (( \
s) \
== \
MXS_AUTH_STATE_HANDSHAKE_FAILED \
? \
"MXS_AUTH_STATE_HANDSHAKE_FAILED" \
: (( \
s) \
== \
MXS_AUTH_STATE_COMPLETE \
? \
"MXS_AUTH_STATE_COMPLETE" \
: \
"UNKNOWN AUTH STATE"))))))))
/**
* The MXS_AUTHENTICATOR version data. The following should be updated whenever
* the MXS_AUTHENTICATOR structure is changed. See the rules defined in modinfo.h
* that define how these numbers should change.
*/
#define MXS_AUTHENTICATOR_VERSION {2, 1, 0}
bool authenticator_init(void** instance, const char* authenticator, const char* options); bool authenticator_init(void** instance, const char* authenticator, const char* options);
const char* get_default_authenticator(const char* protocol); const char* get_default_authenticator(const char* protocol);
MXS_END_DECLS namespace maxscale
{
const char* to_string(mxs_auth_state_t state);
}

2
include/maxscale/dcb.hh
View File

@ -19,7 +19,7 @@
#include <maxscale/ccdefs.hh> #include <maxscale/ccdefs.hh>
#include <netinet/in.h> #include <netinet/in.h>
#include <maxbase/poll.h> #include <maxbase/poll.h>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/buffer.h> #include <maxscale/buffer.h>
#include <maxscale/modinfo.h> #include <maxscale/modinfo.h>
#include <maxscale/protocol.h> #include <maxscale/protocol.h>

44
server/core/authenticator.cc
View File

@ -11,7 +11,7 @@
* Public License. * Public License.
*/ */
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/modutil.hh> #include <maxscale/modutil.hh>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
@ -101,3 +101,45 @@ const char* get_default_authenticator(const char* protocol)
return rval; return rval;
} }
namespace maxscale
{
const char* to_string(mxs_auth_state_t state)
{
const char* rval = "UNKNOWN AUTH STATE";
switch (state)
{
case MXS_AUTH_STATE_INIT:
rval = "MXS_AUTH_STATE_INIT";
break;
case MXS_AUTH_STATE_PENDING_CONNECT:
rval = "MXS_AUTH_STATE_PENDING_CONNECT";
break;
case MXS_AUTH_STATE_CONNECTED:
rval = "MXS_AUTH_STATE_CONNECTED";
break;
case MXS_AUTH_STATE_MESSAGE_READ:
rval = "MXS_AUTH_STATE_MESSAGE_READ";
break;
case MXS_AUTH_STATE_RESPONSE_SENT:
rval = "MXS_AUTH_STATE_RESPONSE_SENT";
break;
case MXS_AUTH_STATE_FAILED:
rval = "MXS_AUTH_STATE_FAILED";
break;
case MXS_AUTH_STATE_HANDSHAKE_FAILED:
rval = "MXS_AUTH_STATE_HANDSHAKE_FAILED";
break;
case MXS_AUTH_STATE_COMPLETE:
rval = "MXS_AUTH_STATE_COMPLETE";
break;
default:
mxb_assert(!true);
break;
}
return rval;
}
}

2
server/core/load_utils.cc
View File

@ -33,7 +33,7 @@
#include <maxscale/protocol.h> #include <maxscale/protocol.h>
#include <maxscale/router.hh> #include <maxscale/router.hh>
#include <maxscale/filter.hh> #include <maxscale/filter.hh>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/monitor.hh> #include <maxscale/monitor.hh>
#include <maxscale/query_classifier.h> #include <maxscale/query_classifier.h>

2
server/core/users.cc
View File

@ -21,7 +21,7 @@
#include <unordered_map> #include <unordered_map>
#include <maxscale/users.h> #include <maxscale/users.h>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/jansson.hh> #include <maxscale/jansson.hh>
namespace namespace

2
server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc
View File

@ -27,7 +27,7 @@
#define MXS_MODULE_NAME "CDCPlainAuth" #define MXS_MODULE_NAME "CDCPlainAuth"
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <fcntl.h> #include <fcntl.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <cdc.hh> #include <cdc.hh>

2
server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc
View File

@ -16,7 +16,7 @@
#include <maxscale/ccdefs.hh> #include <maxscale/ccdefs.hh>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/dcb.hh> #include <maxscale/dcb.hh>
#include <maxscale/mysql_utils.hh> #include <maxscale/mysql_utils.hh>
#include <maxscale/protocol/mysql.hh> #include <maxscale/protocol/mysql.hh>

2
server/modules/authenticator/GSSAPI/GSSAPIBackendAuth/gssapi_backend_auth.cc
View File

@ -15,7 +15,7 @@
#include <maxscale/ccdefs.hh> #include <maxscale/ccdefs.hh>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/dcb.hh> #include <maxscale/dcb.hh>
#include <maxscale/protocol/mysql.hh> #include <maxscale/protocol/mysql.hh>
#include <maxscale/server.hh> #include <maxscale/server.hh>

2
server/modules/authenticator/HTTPAuth/http_auth.cc
View File

@ -26,7 +26,7 @@
#define MXS_MODULE_NAME "HTTPAuth" #define MXS_MODULE_NAME "HTTPAuth"
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/modinfo.h> #include <maxscale/modinfo.h>
#include <maxscale/dcb.hh> #include <maxscale/dcb.hh>

2
server/modules/authenticator/MaxAdminAuth/max_admin_auth.cc
View File

@ -28,7 +28,7 @@
#define MXS_MODULE_NAME "MaxAdminAuth" #define MXS_MODULE_NAME "MaxAdminAuth"
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/modinfo.h> #include <maxscale/modinfo.h>
#include <maxscale/dcb.hh> #include <maxscale/dcb.hh>

2
server/modules/authenticator/MySQLAuth/mysql_auth.cc
View File

@ -28,7 +28,7 @@
#include "mysql_auth.hh" #include "mysql_auth.hh"
#include <maxscale/protocol/mysql.hh> #include <maxscale/protocol/mysql.hh>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/event.hh> #include <maxscale/event.hh>
#include <maxscale/poll.hh> #include <maxscale/poll.hh>

2
server/modules/authenticator/MySQLAuth/mysql_auth.hh
View File

@ -19,7 +19,7 @@
#include <stdint.h> #include <stdint.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/dcb.hh> #include <maxscale/dcb.hh>
#include <maxscale/buffer.hh> #include <maxscale/buffer.hh>
#include <maxscale/service.hh> #include <maxscale/service.hh>

2
server/modules/authenticator/MySQLBackendAuth/mysql_backend_auth.cc
View File

@ -25,7 +25,7 @@
#define MXS_MODULE_NAME "MySQLBackendAuth" #define MXS_MODULE_NAME "MySQLBackendAuth"
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/protocol/mysql.hh> #include <maxscale/protocol/mysql.hh>
#include <maxscale/server.hh> #include <maxscale/server.hh>
#include <maxscale/utils.h> #include <maxscale/utils.h>

2
server/modules/authenticator/NullAuthAllow/null_auth_allow.cc
View File

@ -29,7 +29,7 @@
#define MXS_MODULE_NAME "NullAuthAllow" #define MXS_MODULE_NAME "NullAuthAllow"
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/modinfo.h> #include <maxscale/modinfo.h>
#include <maxscale/dcb.hh> #include <maxscale/dcb.hh>
#include <maxscale/buffer.h> #include <maxscale/buffer.h>

2
server/modules/authenticator/NullAuthDeny/null_auth_deny.cc
View File

@ -29,7 +29,7 @@
#define MXS_MODULE_NAME "NullAuthDeny" #define MXS_MODULE_NAME "NullAuthDeny"
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/modinfo.h> #include <maxscale/modinfo.h>
#include <maxscale/dcb.hh> #include <maxscale/dcb.hh>
#include <maxscale/buffer.h> #include <maxscale/buffer.h>

2
server/modules/authenticator/PAM/PAMAuth/pam_auth.cc
View File

@ -13,7 +13,7 @@
#include "pam_auth.hh" #include "pam_auth.hh"
#include <string> #include <string>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/users.h> #include <maxscale/users.h>
#include "pam_instance.hh" #include "pam_instance.hh"

2
server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_auth.cc
View File

@ -13,7 +13,7 @@
#include "pam_backend_auth.hh" #include "pam_backend_auth.hh"
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/server.hh> #include <maxscale/server.hh>
#include "pam_backend_session.hh" #include "pam_backend_session.hh"
#include "../pam_auth_common.hh" #include "../pam_auth_common.hh"

8
server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc
View File

@ -487,7 +487,7 @@ static int gw_read_backend_event(DCB* dcb)
dcb, dcb,
dcb->fd, dcb->fd,
proto->protocol_auth_state, proto->protocol_auth_state,
STRPROTOCOLSTATE(proto->protocol_auth_state)); mxs::to_string(proto->protocol_auth_state));
int rc = 0; int rc = 0;
if (proto->protocol_auth_state == MXS_AUTH_STATE_COMPLETE) if (proto->protocol_auth_state == MXS_AUTH_STATE_COMPLETE)
@ -1125,7 +1125,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue)
{ {
MXS_INFO("DCB and protocol state do not qualify for pooling: %s, %s", MXS_INFO("DCB and protocol state do not qualify for pooling: %s, %s",
STRDCBSTATE(dcb->state), STRDCBSTATE(dcb->state),
STRPROTOCOLSTATE(backend_protocol->protocol_auth_state)); mxs::to_string(backend_protocol->protocol_auth_state));
gwbuf_free(queue); gwbuf_free(queue);
return 0; return 0;
} }
@ -1230,7 +1230,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue)
MXS_DEBUG("write to dcb %p fd %d protocol state %s.", MXS_DEBUG("write to dcb %p fd %d protocol state %s.",
dcb, dcb,
dcb->fd, dcb->fd,
STRPROTOCOLSTATE(backend_protocol->protocol_auth_state)); mxs::to_string(backend_protocol->protocol_auth_state));
prepare_for_write(dcb, queue); prepare_for_write(dcb, queue);
@ -1260,7 +1260,7 @@ static int gw_MySQLWrite_backend(DCB* dcb, GWBUF* queue)
MXS_DEBUG("delayed write to dcb %p fd %d protocol state %s.", MXS_DEBUG("delayed write to dcb %p fd %d protocol state %s.",
dcb, dcb,
dcb->fd, dcb->fd,
STRPROTOCOLSTATE(backend_protocol->protocol_auth_state)); mxs::to_string(backend_protocol->protocol_auth_state));
/** Store data until authentication is complete */ /** Store data until authentication is complete */
prepare_for_write(dcb, queue); prepare_for_write(dcb, queue);

2
server/modules/protocol/MySQL/mariadbclient/mysql_client.cc
View File

@ -25,7 +25,7 @@
#include <vector> #include <vector>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.hh>
#include <maxscale/modinfo.h> #include <maxscale/modinfo.h>
#include <maxscale/modutil.hh> #include <maxscale/modutil.hh>
#include <maxscale/poll.hh> #include <maxscale/poll.hh>