Move reauthentication to authenticators

Currently the only situation where a user needs to be authenticated after the initial authentication is when a COM_CHANGE_USER is being executed. This was previously handled by directly calling a function in the MySQLAuth authenticator. The new entry in the API of the authenticators is very specific to MySQL and should be reviewed once other protocols are added.
2017-01-28 11:23:49 +02:00
parent 6da8cfe97e
commit d4a06c61de
8 changed files with 169 additions and 152 deletions
--- a/server/modules/protocol/MySQL/MySQLBackend/mysql_backend.c
+++ b/server/modules/protocol/MySQL/MySQLBackend/mysql_backend.c
@ -23,7 +23,6 @@
 #include <maxscale/alloc.h>
 #include <maxscale/modinfo.h>
 #include <maxscale/protocol.h>
-#include <mysql_auth.h>

 /*
 * MySQL Protocol module for handling the protocol between the gateway
@ -1526,11 +1525,20 @@ static int gw_change_user(DCB *backend,
     * Decode the token and check the password.
     * Note: if auth_token_len == 0 && auth_token == NULL, user is without password
     */
-    auth_ret = gw_check_mysql_scramble_data(backend->session->client_dcb,
+    DCB *dcb = backend->session->client_dcb;
+
+    if (dcb->authfunc.reauthenticate == NULL)
+    {
+        /** Authenticator does not support reauthentication */
+        rv = 0;
+        goto retblock;
+    }
+
+    auth_ret = dcb->authfunc.reauthenticate(dcb, username,
                                            auth_token, auth_token_len,
                                            client_protocol->scramble,
-                                            sizeof(client_protocol->scramble),
-                                            username, client_sha1);
+                                            sizeof(client_protocol->scramble));
+
    strcpy(current_session->db, current_database);

    if (auth_ret != 0)
@ -1540,21 +1548,17 @@ static int gw_change_user(DCB *backend,
            /* Try authentication again with new repository data */
            /* Note: if no auth client authentication will fail */
            *current_session->db = 0;
-            auth_ret = gw_check_mysql_scramble_data(
-                           backend->session->client_dcb,
-                           auth_token, auth_token_len,
-                           client_protocol->scramble,
-                           sizeof(client_protocol->scramble),
-                           username, client_sha1);
+
+            auth_ret = dcb->authfunc.reauthenticate(dcb, username,
+                                                    auth_token, auth_token_len,
+                                                    client_protocol->scramble,
+                                                    sizeof(client_protocol->scramble));
+
            strcpy(current_session->db, current_database);
        }
    }

-    /* let's free the auth_token now */
-    if (auth_token)
-    {
-        MXS_FREE(auth_token);
-    }
+    MXS_FREE(auth_token);

    if (auth_ret != 0)
    {
--- a/server/modules/protocol/MySQL/MySQLClient/mysql_client.c
+++ b/server/modules/protocol/MySQL/MySQLClient/mysql_client.c
@ -52,7 +52,6 @@
 #include <maxscale/alloc.h>
 #include <maxscale/log_manager.h>
 #include <maxscale/protocol/mysql.h>
-#include <mysql_auth.h>
 #include <maxscale/ssl.h>
 #include <maxscale/poll.h>
 #include <maxscale/modinfo.h>