Files
MaxScale/server/modules/authenticator/MariaDBBackendAuth/mysql_backend_auth.cc
2020-02-12 08:27:48 +02:00

205 lines
5.5 KiB
C++

/*
* Copyright (c) 2016 MariaDB Corporation Ab
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file and at www.mariadb.com/bsl11.
*
* Change Date: 2024-02-10
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2 or later of the General
* Public License.
*/
/**
* @file mysql_backend_auth.c - MySQL backend authenticator
*
* Backend authentication module for the MySQL protocol. Implements the
* client side of the 'mysql_native_password' authentication plugin.
*
* The "heavy lifting" of the authentication is done by the protocol module so
* the only thing left for this module is to read the final OK packet from the
* server.
*/
#define MXS_MODULE_NAME "MariaDBBackendAuth"
#include <maxbase/alloc.h>
#include <maxscale/authenticator.hh>
#include <maxscale/protocol/mysql.hh>
#include <maxscale/server.hh>
#include <maxscale/utils.h>
/** Authentication states */
enum mba_state
{
MBA_NEED_OK, /**< Waiting for server's OK packet */
MBA_AUTH_OK, /**< Authentication completed successfully */
MBA_AUTH_FAILED /**< Authentication failed */
};
/** Structure representing the authentication state */
typedef struct mysql_backend_auth
{
enum mba_state state; /**< Authentication state */
} mysql_backend_auth_t;
/**
* @brief Allocate a new mysql_backend_auth object
* @return Allocated object or NULL if memory allocation failed
*/
void* auth_backend_create(void* instance)
{
mysql_backend_auth_t* mba = static_cast<mysql_backend_auth_t*>(MXS_MALLOC(sizeof(*mba)));
if (mba)
{
mba->state = MBA_NEED_OK;
}
return mba;
}
/**
* @brief Free allocated mysql_backend_auth object
* @param data Allocated mysql_backend_auth object
*/
void auth_backend_destroy(void* data)
{
if (data)
{
MXS_FREE(data);
}
}
/**
* @brief Extract backend response
*
* @param dcb Request handler DCB connected to the client
* @param buffer Buffer containing data from client
* @return True on success, false on error
* @see authenticator.h
*/
static bool auth_backend_extract(DCB* dcb, GWBUF* buf)
{
bool rval = false;
mysql_backend_auth_t* mba = (mysql_backend_auth_t*)dcb->authenticator_data;
switch (mba->state)
{
case MBA_NEED_OK:
if (mxs_mysql_is_ok_packet(buf))
{
rval = true;
mba->state = MBA_AUTH_OK;
}
else if (mxs_mysql_get_command(buf) == MYSQL_REPLY_AUTHSWITCHREQUEST
&& send_mysql_native_password_response(dcb, buf))
{
rval = true;
}
else
{
mba->state = MBA_AUTH_FAILED;
}
break;
default:
MXS_ERROR("Unexpected call to MySQLBackendAuth::extract");
mxb_assert(false);
break;
}
return rval;
}
/**
* @brief Authenticates as a MySQL user
*
* @param dcb Backend DCB
* @return Authentication status
* @see authenticator.h
*/
static int auth_backend_authenticate(DCB* dcb)
{
int rval = MXS_AUTH_FAILED;
mysql_backend_auth_t* mba = (mysql_backend_auth_t*)dcb->authenticator_data;
if (mba->state == MBA_AUTH_OK)
{
/** Authentication completed successfully */
rval = MXS_AUTH_SUCCEEDED;
}
else if (mba->state == MBA_NEED_OK)
{
/** Sent AuthSwitchRequest response */
rval = MXS_AUTH_INCOMPLETE;
}
return rval;
}
/**
* @brief Determine whether the client is SSL capable
*
* The authentication request from the client will indicate whether the client
* is expecting to make an SSL connection. The information has been extracted
* in the previous functions.
*
* @param dcb Request handler DCB connected to the client
* @return Boolean indicating whether client is SSL capable
*/
static bool auth_backend_ssl(DCB* dcb)
{
return dcb->server->ssl().context() != NULL;
}
extern "C"
{
/**
* The module entry point routine. It is this routine that
* must populate the structure that is referred to as the
* "module object", this is a structure with the set of
* external entry points for this module.
*
* @return The module object
*/
MXS_MODULE* MXS_CREATE_MODULE()
{
static MXS_AUTHENTICATOR MyObject =
{
NULL, /* No initialize entry point */
auth_backend_create, /* Create authenticator */
auth_backend_extract, /* Extract data into structure */
auth_backend_ssl, /* Check if client supports SSL */
auth_backend_authenticate, /* Authenticate user credentials */
NULL, /* The shared data is freed by the client DCB */
auth_backend_destroy, /* Destroy authenticator */
NULL, /* We don't need to load users */
NULL, /* No diagnostic */
NULL,
NULL /* No user reauthentication */
};
static MXS_MODULE info =
{
MXS_MODULE_API_AUTHENTICATOR,
MXS_MODULE_GA,
MXS_AUTHENTICATOR_VERSION,
"The MySQL MaxScale to backend server authenticator",
"V1.0.0",
MXS_NO_MODULE_CAPABILITIES,
&MyObject,
NULL, /* Process init. */
NULL, /* Process finish. */
NULL, /* Thread init. */
NULL, /* Thread finish. */
{
{MXS_END_MODULE_PARAMS}
}
};
return &info;
}
/*lint +e14 */
}