hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-862: Add create/destroy and remove plugin_name entry points

Browse Source 
The create and destroy entry points allow authenticators to store data in
the DCB. This data is not shared by other DCBs related to the same
session.

The plugin_name entry point wasn't really useful as the plugins would
still need to send a AuthSwitchRequest packet if they wanted to change the
authentication mechanism.
This commit is contained in:
Markus Makela
2016-10-04 12:06:52 +03:00
parent 829d5a7453
commit dfeb5c46c9
15 changed files with 155 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/modules/authenticator/cdc_plain_auth.c
View File

@ -67,12 +67,13 @@ extern char *decryptPassword(char *crypt);
*/
static GWAUTHENTICATOR MyObject =
{
cdc_auth_set_protocol_data, /* Extract data into structure */
cdc_auth_is_client_ssl_capable, /* Check if client supports SSL */
cdc_auth_authenticate, /* Authenticate user credentials */
cdc_auth_free_client_data, /* Free the client data held in DCB */
cdc_replace_users,
NULL
NULL, /* No create entry point */
cdc_auth_set_protocol_data, /* Extract data into structure */
cdc_auth_is_client_ssl_capable, /* Check if client supports SSL */
cdc_auth_authenticate, /* Authenticate user credentials */
cdc_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
cdc_replace_users /* Load CDC users */
};
static int cdc_auth_check(

13
server/modules/authenticator/http_auth.c
View File

@ -59,12 +59,13 @@ static void http_auth_free_client_data(DCB *dcb);
*/
static GWAUTHENTICATOR MyObject =
{
http_auth_set_protocol_data, /* Extract data into structure */
http_auth_is_client_ssl_capable, /* Check if client supports SSL */
http_auth_authenticate, /* Authenticate user credentials */
http_auth_free_client_data, /* Free the client data held in DCB */
users_default_loadusers,
NULL
NULL, /* No create entry point */
http_auth_set_protocol_data, /* Extract data into structure */
http_auth_is_client_ssl_capable, /* Check if client supports SSL */
http_auth_authenticate, /* Authenticate user credentials */
http_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
users_default_loadusers /* Load generic users */
};
typedef struct http_auth

13
server/modules/authenticator/max_admin_auth.c
View File

@ -59,12 +59,13 @@ static void max_admin_auth_free_client_data(DCB *dcb);
*/
static GWAUTHENTICATOR MyObject =
{
max_admin_auth_set_protocol_data, /* Extract data into structure */
max_admin_auth_is_client_ssl_capable, /* Check if client supports SSL */
max_admin_auth_authenticate, /* Authenticate user credentials */
max_admin_auth_free_client_data, /* Free the client data held in DCB */
users_default_loadusers,
NULL
NULL, /* No create entry point */
max_admin_auth_set_protocol_data, /* Extract data into structure */
max_admin_auth_is_client_ssl_capable, /* Check if client supports SSL */
max_admin_auth_authenticate, /* Authenticate user credentials */
max_admin_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
users_default_loadusers /* Load generic users */
};
/**

33
server/modules/authenticator/mysql_auth.c
View File

@ -62,12 +62,13 @@ static int mysql_auth_load_users(SERV_LISTENER *port);
*/
static GWAUTHENTICATOR MyObject =
{
mysql_auth_set_protocol_data, /* Extract data into structure */
mysql_auth_is_client_ssl_capable, /* Check if client supports SSL */
mysql_auth_authenticate, /* Authenticate user credentials */
mysql_auth_free_client_data, /* Free the client data held in DCB */
mysql_auth_load_users, /* Load users from backend databases */
"mysql_native_password"
NULL, /* No create entry point */
mysql_auth_set_protocol_data, /* Extract data into structure */
mysql_auth_is_client_ssl_capable, /* Check if client supports SSL */
mysql_auth_authenticate, /* Authenticate user credentials */
mysql_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
mysql_auth_load_users /* Load users from backend databases */
};
static int combined_auth_check(
@ -243,22 +244,8 @@ mysql_auth_set_protocol_data(DCB *dcb, GWBUF *buf)
protocol = DCB_PROTOCOL(dcb, MySQLProtocol);
CHK_PROTOCOL(protocol);
if (dcb->data == NULL)
{
if (NULL == (client_data = (MYSQL_session *)MXS_CALLOC(1, sizeof(MYSQL_session))))
{
return MXS_AUTH_FAILED;
}
#if defined(SS_DEBUG)
client_data->myses_chk_top = CHK_NUM_MYSQLSES;
client_data->myses_chk_tail = CHK_NUM_MYSQLSES;
#endif
dcb->data = client_data;
}
else
{
client_data = (MYSQL_session *)dcb->data;
}
client_data = (MYSQL_session *)dcb->data;
client_auth_packet_size = gwbuf_length(buf);
@ -311,7 +298,7 @@ mysql_auth_set_client_data(
gwbuf_copy_data(buffer, 0, client_auth_packet_size, client_auth_packet);
/* The numbers are the fixed elements in the client handshake packet */
int auth_packet_base_size = 4 + 4 + 4 + 1 + 23;
int auth_packet_base_size = MYSQL_AUTH_PACKET_BASE_SIZE;
int packet_length_used = 0;
/* Take data from fixed locations first */

43
server/modules/authenticator/mysql_backend_auth.c
View File

@ -50,7 +50,7 @@ typedef struct mysql_backend_auth
* @brief Allocate a new mysql_backend_auth object
* @return Allocated object or NULL if memory allocation failed
*/
mysql_backend_auth_t* mba_alloc()
void* auth_backend_create()
{
mysql_backend_auth_t* mba = MXS_MALLOC(sizeof(*mba));
@ -62,6 +62,18 @@ mysql_backend_auth_t* mba_alloc()
return mba;
}
/**
* @brief Free allocated mysql_backend_auth object
* @param data Allocated mysql_backend_auth object
*/
void auth_backend_destroy(void *data)
{
if (data)
{
MXS_FREE(data);
}
}
/**
* Receive the MySQL authentication packet from backend, packet # is 2
*
@ -95,9 +107,9 @@ auth_backend_extract(DCB *dcb, GWBUF *buf)
{
int rval = MXS_AUTH_FAILED;
if (dcb->backend_data || (dcb->backend_data = mba_alloc()))
if (dcb->authenticator_data)
{
mysql_backend_auth_t *mba = (mysql_backend_auth_t*)dcb->backend_data;
mysql_backend_auth_t *mba = (mysql_backend_auth_t*)dcb->authenticator_data;
switch (mba->state)
{
@ -146,7 +158,7 @@ static int
auth_backend_authenticate(DCB *dcb)
{
int rval = MXS_AUTH_FAILED;
mysql_backend_auth_t *mba = (mysql_backend_auth_t*)dcb->backend_data;
mysql_backend_auth_t *mba = (mysql_backend_auth_t*)dcb->authenticator_data;
if (mba->state == MBA_SEND_RESPONSE)
{
@ -192,16 +204,6 @@ auth_backend_ssl(DCB *dcb)
return dcb->server->server_ssl != NULL;
}
/**
* @brief Dummy function for the free entry point
*/
static void
auth_backend_free(DCB *dcb)
{
MXS_FREE(dcb->backend_data);
dcb->backend_data = NULL;
}
/**
* @brief Dummy function for the loadusers entry point
*/
@ -230,12 +232,13 @@ static char *version_str = "V1.0.0";
*/
static GWAUTHENTICATOR MyObject =
{
auth_backend_extract, /* Extract data into structure */
auth_backend_ssl, /* Check if client supports SSL */
auth_backend_authenticate, /* Authenticate user credentials */
auth_backend_free, /* Free the client data held in DCB */
auth_backend_load_users, /* Load users from backend databases */
DEFAULT_MYSQL_AUTH_PLUGIN
auth_backend_create, /* Create authenticator */
auth_backend_extract, /* Extract data into structure */
auth_backend_ssl, /* Check if client supports SSL */
auth_backend_authenticate, /* Authenticate user credentials */
NULL, /* The shared data is freed by the client DCB */
auth_backend_destroy, /* Destroy authenticator */
NULL /* We don't need to load users */
};
/**

13
server/modules/authenticator/null_auth_allow.c
View File

@ -58,12 +58,13 @@ static void null_auth_free_client_data(DCB *dcb);
*/
static GWAUTHENTICATOR MyObject =
{
null_auth_set_protocol_data, /* Extract data into structure */
null_auth_is_client_ssl_capable, /* Check if client supports SSL */
null_auth_authenticate, /* Authenticate user credentials */
null_auth_free_client_data, /* Free the client data held in DCB */
users_default_loadusers,
NULL
NULL, /* No create entry point */
null_auth_set_protocol_data, /* Extract data into structure */
null_auth_is_client_ssl_capable, /* Check if client supports SSL */
null_auth_authenticate, /* Authenticate user credentials */
null_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
users_default_loadusers /* Load generic users */
};
/**

13
server/modules/authenticator/null_auth_deny.c
View File

@ -58,12 +58,13 @@ static void null_auth_free_client_data(DCB *dcb);
*/
static GWAUTHENTICATOR MyObject =
{
null_auth_set_protocol_data, /* Extract data into structure */
null_auth_is_client_ssl_capable, /* Check if client supports SSL */
null_auth_authenticate, /* Authenticate user credentials */
null_auth_free_client_data, /* Free the client data held in DCB */
users_default_loadusers,
NULL
NULL, /* No create entry point */
null_auth_set_protocol_data, /* Extract data into structure */
null_auth_is_client_ssl_capable, /* Check if client supports SSL */
null_auth_authenticate, /* Authenticate user credentials */
null_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
users_default_loadusers /* Load generic users */
};
/**