mirror of
https://gitee.com/wangbin579/cetus.git
synced 2024-12-02 03:47:41 +08:00
not save challenge from backends, cetus can generate challenge directly
This commit is contained in:
jingxiaobing
parent
e7f9a2521b
commit
0b8bc3cf97
@ -26,7 +26,6 @@
|
||||
#include "chassis-plugin.h"
|
||||
#include "glib-ext.h"
|
||||
#include "network-mysqld-proto.h"
|
||||
#include "network-mysqld-packet.h"
|
||||
#include "character-set.h"
|
||||
#include "cetus-util.h"
|
||||
#include "cetus-users.h"
|
||||
@ -57,7 +56,7 @@ network_backend_new()
|
||||
b->addr = network_address_new();
|
||||
b->server_group = g_string_new(NULL);
|
||||
b->address = g_string_new(NULL);
|
||||
b->challenges = g_ptr_array_new();
|
||||
b->server_version = g_string_new(NULL);
|
||||
|
||||
return b;
|
||||
}
|
||||
@ -70,14 +69,10 @@ network_backend_free(network_backend_t *b)
|
||||
|
||||
network_connection_pool_free(b->pool);
|
||||
|
||||
if (b->addr)
|
||||
network_address_free(b->addr);
|
||||
if (b->uuid)
|
||||
g_string_free(b->uuid, TRUE);
|
||||
if (b->challenges)
|
||||
g_ptr_array_free(b->challenges, TRUE);
|
||||
if (b->server_group)
|
||||
g_string_free(b->server_group, TRUE);
|
||||
network_address_free(b->addr);
|
||||
g_string_free(b->uuid, TRUE);
|
||||
g_string_free(b->server_version, TRUE);
|
||||
g_string_free(b->server_group, TRUE);
|
||||
|
||||
if (b->config) {
|
||||
if (b->config->default_username) {
|
||||
@ -118,51 +113,6 @@ network_backend_conns_count(network_backend_t *b)
|
||||
return in_use + pooled;
|
||||
}
|
||||
|
||||
/*
|
||||
* save challenges from backend, will be used to authenticate front user
|
||||
*/
|
||||
void
|
||||
network_backend_save_challenge(network_backend_t *b, const network_mysqld_auth_challenge *chal, gboolean have_ssl)
|
||||
{
|
||||
if (b->challenges->len >= 1024) {
|
||||
network_mysqld_auth_challenge *challenge;
|
||||
challenge = g_ptr_array_remove_index(b->challenges, 0);
|
||||
network_mysqld_auth_challenge_free(challenge);
|
||||
}
|
||||
|
||||
static const guint32 not_supported = CLIENT_LOCAL_FILES | CLIENT_DEPRECATE_EOF;
|
||||
|
||||
network_mysqld_auth_challenge *challenge = network_mysqld_auth_challenge_copy(chal);
|
||||
|
||||
challenge->capabilities &= ~not_supported;
|
||||
#ifdef HAVE_OPENSSL
|
||||
if (have_ssl)
|
||||
challenge->capabilities |= CLIENT_SSL;
|
||||
else
|
||||
challenge->capabilities &= ~CLIENT_SSL;
|
||||
#endif
|
||||
char *old_str = challenge->server_version_str;
|
||||
challenge->server_version_str = g_strdup_printf("%s (%s)", old_str, PACKAGE_STRING);
|
||||
g_free(old_str);
|
||||
|
||||
g_ptr_array_add(b->challenges, challenge);
|
||||
}
|
||||
|
||||
struct network_mysqld_auth_challenge *
|
||||
network_backend_get_challenge(network_backend_t *b)
|
||||
{
|
||||
if (b->challenges->len == 0) {
|
||||
g_message("challenges len 0 for backend:%s", b->addr->name->str);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int ndx = g_random_int_range(0, 1024);
|
||||
ndx = ndx % b->challenges->len;
|
||||
|
||||
network_mysqld_auth_challenge *challenge = g_ptr_array_index(b->challenges, ndx);
|
||||
return challenge;
|
||||
}
|
||||
|
||||
static network_group_t *network_group_new();
|
||||
static void network_group_free(network_group_t *);
|
||||
static void network_group_add(network_group_t *, network_backend_t *);
|
||||
@ -192,12 +142,6 @@ network_backends_free(network_backends_t *bs)
|
||||
|
||||
for (i = 0; i < bs->backends->len; i++) {
|
||||
network_backend_t *backend = bs->backends->pdata[i];
|
||||
|
||||
for (j = 0; j < backend->challenges->len; j++) {
|
||||
network_mysqld_auth_challenge *challenge = backend->challenges->pdata[j];
|
||||
network_mysqld_auth_challenge_free(challenge);
|
||||
}
|
||||
|
||||
network_backend_free(backend);
|
||||
}
|
||||
g_ptr_array_free(bs->backends, TRUE);
|
||||
@ -646,14 +590,11 @@ network_backends_find_address(network_backends_t *bs, const char *ipport)
|
||||
return -1;
|
||||
}
|
||||
|
||||
network_mysqld_auth_challenge *
|
||||
network_backends_get_challenge(network_backends_t *bs, int back_ndx)
|
||||
void network_backends_server_version(network_backends_t *bs, GString* version)
|
||||
{
|
||||
network_backend_t *b = network_backends_get(bs, back_ndx);
|
||||
network_backend_t *b = network_backends_get(bs, 0);
|
||||
if (b)
|
||||
return network_backend_get_challenge(b);
|
||||
else
|
||||
return NULL;
|
||||
g_string_assign_len(version, b->server_version->str, b->server_version->len);
|
||||
}
|
||||
|
||||
/* round robin pick */
|
||||
|
||||
@ -82,17 +82,16 @@ typedef struct {
|
||||
GString *uuid;
|
||||
|
||||
backend_config *config;
|
||||
GPtrArray *challenges;
|
||||
|
||||
time_t last_check_time;
|
||||
int slave_delay_msec; /* valid if this is a ReadOnly slave */
|
||||
GString *server_version;
|
||||
} network_backend_t;
|
||||
|
||||
NETWORK_API network_backend_t *network_backend_new();
|
||||
NETWORK_API void network_backend_free(network_backend_t *b);
|
||||
NETWORK_API int network_backend_conns_count(network_backend_t *b);
|
||||
NETWORK_API int network_backend_init_extra(network_backend_t *b, chassis *chas);
|
||||
void network_backend_save_challenge(network_backend_t *b, const network_mysqld_auth_challenge *, gboolean);
|
||||
network_mysqld_auth_challenge *network_backend_get_challenge(network_backend_t *b);
|
||||
|
||||
typedef struct {
|
||||
unsigned int ro_server_num;
|
||||
@ -121,7 +120,7 @@ NETWORK_API gboolean network_backends_load_config(network_backends_t *, chassis
|
||||
/* get backend index by ip:port string */
|
||||
int network_backends_find_address(network_backends_t *bs, const char *);
|
||||
|
||||
network_mysqld_auth_challenge *network_backends_get_challenge(network_backends_t *b, int back_ndx);
|
||||
void network_backends_server_version(network_backends_t *b, GString* version);
|
||||
|
||||
#define MAX_GROUP_SLAVES 4
|
||||
|
||||
|
||||
@ -103,7 +103,8 @@ typedef struct {
|
||||
& ~CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA \
|
||||
& ~CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS \
|
||||
& ~CLIENT_SESSION_TRACK \
|
||||
& ~CLIENT_DEPRECATE_EOF
|
||||
& ~CLIENT_DEPRECATE_EOF \
|
||||
& ~CLIENT_LOCAL_FILES
|
||||
|
||||
NETWORK_API network_mysqld_com_query_result_t *network_mysqld_com_query_result_new(void);
|
||||
NETWORK_API void network_mysqld_com_query_result_free(network_mysqld_com_query_result_t *);
|
||||
|
||||
@ -177,6 +177,7 @@ network_mysqld_priv_init(void)
|
||||
priv->backends = network_backends_new();
|
||||
priv->users = cetus_users_new();
|
||||
priv->monitor = cetus_monitor_new();
|
||||
priv->thread_id = 1;
|
||||
return priv;
|
||||
}
|
||||
|
||||
@ -4345,8 +4346,9 @@ proxy_self_read_handshake(chassis *srv, server_connection_state_t *con)
|
||||
}
|
||||
|
||||
con->server->challenge = challenge;
|
||||
network_backend_save_challenge(con->backend, challenge, srv->ssl);
|
||||
|
||||
if (con->backend->server_version->len == 0) {
|
||||
g_string_append(con->backend->server_version, challenge->server_version_str);
|
||||
}
|
||||
return RET_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
@ -742,6 +742,7 @@ struct chassis_private {
|
||||
struct cetus_users_t *users;
|
||||
struct cetus_variable_t *stats_variables;
|
||||
struct cetus_monitor_t *monitor;
|
||||
guint32 thread_id;
|
||||
};
|
||||
|
||||
NETWORK_API network_socket_retval_t
|
||||
|
||||
@ -123,10 +123,12 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de
|
||||
C("\xff\xd7\x07" "4.0 protocol is not supported"));
|
||||
network_mysqld_auth_response_free(auth);
|
||||
return NETWORK_SOCKET_ERROR;
|
||||
} else if (auth->client_capabilities & CLIENT_COMPRESS) {
|
||||
}
|
||||
if (auth->client_capabilities & CLIENT_COMPRESS) {
|
||||
con->is_client_compressed = 1;
|
||||
g_message("%s: client compressed for con:%p", G_STRLOC, con);
|
||||
} else if (auth->client_capabilities & CLIENT_MULTI_STATEMENTS) {
|
||||
}
|
||||
if (auth->client_capabilities & CLIENT_MULTI_STATEMENTS) {
|
||||
con->client->is_multi_stmt_set = 1;
|
||||
}
|
||||
|
||||
@ -361,14 +363,21 @@ do_connect_cetus(network_mysqld_con *con, network_backend_t **backend, int *back
|
||||
return NETWORK_SOCKET_SUCCESS;
|
||||
}
|
||||
|
||||
network_mysqld_auth_challenge *challenge = network_backends_get_challenge(g->backends, *backend_ndx);
|
||||
|
||||
if (challenge == NULL) {
|
||||
network_connection_pool_create_conn(con);
|
||||
network_mysqld_con_send_error(con->client, C(" no server challenge for this client"));
|
||||
con->state = ST_SEND_AUTH_RESULT;
|
||||
return NETWORK_SOCKET_SUCCESS;
|
||||
}
|
||||
/* create a "mysql_native_password" handshake packet */
|
||||
network_mysqld_auth_challenge *challenge = network_mysqld_auth_challenge_new();
|
||||
#ifdef HAVE_OPENSSL
|
||||
if (con->srv->ssl)
|
||||
challenge->capabilities |= CLIENT_SSL;
|
||||
else
|
||||
challenge->capabilities &= ~CLIENT_SSL;
|
||||
#endif
|
||||
network_mysqld_auth_challenge_set_challenge(challenge);
|
||||
GString *version = g_string_new("");
|
||||
network_backends_server_version(g->backends, version);
|
||||
g_string_append(version, " (cetus)");
|
||||
challenge->server_version_str = version->str;
|
||||
g_string_free(version, FALSE);
|
||||
challenge->thread_id = g->thread_id++;
|
||||
|
||||
GString *auth_packet = g_string_new(NULL);
|
||||
network_mysqld_proto_append_auth_challenge(auth_packet, challenge);
|
||||
@ -379,7 +388,7 @@ do_connect_cetus(network_mysqld_con *con, network_backend_t **backend, int *back
|
||||
|
||||
g_assert(con->client->challenge == NULL);
|
||||
|
||||
con->client->challenge = network_mysqld_auth_challenge_copy(challenge);
|
||||
con->client->challenge = challenge;
|
||||
|
||||
con->state = ST_SEND_HANDSHAKE;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user