test/cetus
1
0
Fork 0
mirror of https://gitee.com/wangbin579/cetus.git synced 2024-12-02 11:57:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
afa51c3baa
cetus/plugins/admin/admin-plugin.c

739 lines
24 KiB
C
Raw Blame History

/* $%BEGINLICENSE%$
Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 of the
License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
02110-1301 USA
$%ENDLICENSE%$ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include "admin-plugin.h"
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include "cetus-users.h"
#include "cetus-util.h"
#include "cetus-variable.h"
#include "character-set.h"
#include "chassis-event.h"
#include "chassis-options.h"
#include "cetus-monitor.h"
#include "network-mysqld-packet.h"
#include "network-mysqld-proto.h"
#include "server-session.h"
#include "sys-pedantic.h"
#include "network-ssl.h"
#include "chassis-options-utils.h"
#include "admin-lexer.l.h"
#include "admin-parser.y.h"
#include "admin-commands.h"
#include "admin-stats.h"
/* get config->has_shard_plugin */
static gboolean
has_shard_plugin(GPtrArray *modules)
{
int i;
for (i = 0; i < modules->len; i++) {
chassis_plugin *plugin = modules->pdata[i];
if (strcmp(plugin->name, "shard") == 0) {
return TRUE;
}
}
return FALSE;
}
/* judge if client_ip is in allowed or denied ip range*/
static gboolean
ip_range_lookup(GHashTable *ip_table, char *client_ip)
{
char ip_range[128] = { 0 };
char wildcard[128] = { 0 };
GList *ip_range_table = g_hash_table_get_keys(ip_table);
GList *l;
for (l = ip_range_table; l; l = l->next) {
sscanf(l->data, "%64[0-9.].%s", ip_range, wildcard);
gchar *pos = NULL;
if ((pos = strcasestr(client_ip, ip_range))) {
if(pos == client_ip) {
return TRUE;
}
}
}
return FALSE;
}
NETWORK_MYSQLD_PLUGIN_PROTO(server_con_init)
{
network_mysqld_auth_challenge *challenge;
GString *packet;
challenge = network_mysqld_auth_challenge_new();
challenge->server_version_str = g_strdup("5.7 admin");
challenge->server_version = 50700;
challenge->charset = charset_get_number("utf8");
challenge->capabilities = CETUS_DEFAULT_FLAGS & (~CLIENT_TRANSACTIONS);
#ifdef HAVE_OPENSSL
if (chas->ssl) {
challenge->capabilities |= CLIENT_SSL;
}
#endif
challenge->server_status = SERVER_STATUS_AUTOCOMMIT;
challenge->thread_id = 1;
/* generate a random challenge */
network_mysqld_auth_challenge_set_challenge(challenge);
packet = g_string_new(NULL);
network_mysqld_proto_append_auth_challenge(packet, challenge);
con->client->challenge = challenge;
network_mysqld_queue_append(con->client, con->client->send_queue, S(packet));
g_string_free(packet, TRUE);
con->state = ST_SEND_HANDSHAKE;
/* status code of parser */
con->plugin_con_state = g_new0(int, 1);
return NETWORK_SOCKET_SUCCESS;
}
NETWORK_MYSQLD_PLUGIN_PROTO(server_read_auth) {
network_packet packet;
network_socket *recv_sock, *send_sock;
network_mysqld_auth_response *auth;
GString *excepted_response;
GString *hashed_pwd;
recv_sock = con->client;
send_sock = con->client;
packet.data = g_queue_peek_head(recv_sock->recv_queue->chunks);
packet.offset = 0;
/* decode the packet */
network_mysqld_proto_skip_network_header(&packet);
if (con->client->response == NULL) {
auth = network_mysqld_auth_response_new(con->client->challenge->capabilities);
if (network_mysqld_proto_get_auth_response(&packet, auth)) {
network_mysqld_auth_response_free(auth);
return NETWORK_SOCKET_ERROR;
}
if (!(auth->client_capabilities & CLIENT_PROTOCOL_41)) {
/* should use packet-id 0 */
network_mysqld_queue_append(con->client, con->client->send_queue,
C("\xff\xd7\x07" "4.0 protocol is not supported"));
network_mysqld_auth_response_free(auth);
return NETWORK_SOCKET_ERROR;
}
#ifdef HAVE_OPENSSL
if (auth->ssl_request) {
network_ssl_create_connection(con->client, NETWORK_SSL_SERVER);
g_string_free(g_queue_pop_tail(con->client->recv_queue->chunks), TRUE);
con->state = ST_FRONT_SSL_HANDSHAKE;
return NETWORK_SOCKET_SUCCESS;
}
#endif
con->client->response = auth;
if ((auth->client_capabilities & CLIENT_PLUGIN_AUTH)
&& (g_strcmp0(auth->auth_plugin_name->str, "mysql_native_password") != 0))
{
GString *packet = g_string_new(0);
network_mysqld_proto_append_auth_switch(packet, "mysql_native_password",
con->client->challenge->auth_plugin_data);
network_mysqld_queue_append(con->client, con->client->send_queue, S(packet));
con->state = ST_SEND_AUTH_RESULT;
con->auth_result_state = AUTH_SWITCH;
g_string_free(packet, TRUE);
g_string_free(g_queue_pop_tail(recv_sock->recv_queue->chunks), TRUE);
return NETWORK_SOCKET_SUCCESS;
}
} else {
/* auth switch response */
gsize auth_data_len = packet.data->len - 4;
GString *auth_data = g_string_sized_new(auth_data_len);
network_mysqld_proto_get_gstr_len(&packet, auth_data_len, auth_data);
g_string_append_len(con->client->response->auth_plugin_data, S(auth_data));
g_string_free(auth_data, TRUE);
auth = con->client->response;
}
/* Check client addr in admin-allow-ip and admin-deny-ip */
gboolean check_ip;
char *ip_err_msg = NULL;
if (con->config->allow_ip_table || con->config->deny_ip_table) {
char *client_addr = con->client->src->name->str;
char **client_addr_arr = g_strsplit(client_addr, ":", -1);
char *client_ip = client_addr_arr[0];
if (g_hash_table_size(con->config->allow_ip_table) != 0 &&
(g_hash_table_lookup(con->config->allow_ip_table, client_ip)
|| g_hash_table_lookup(con->config->allow_ip_table, "*")
|| ip_range_lookup(con->config->allow_ip_table, client_ip))) {
check_ip = FALSE;
} else if (g_hash_table_size(con->config->deny_ip_table) != 0 &&
(g_hash_table_lookup(con->config->deny_ip_table, client_ip)
|| g_hash_table_lookup(con->config->deny_ip_table, "*")
|| ip_range_lookup(con->config->deny_ip_table, client_ip))) {
check_ip = TRUE;
ip_err_msg = g_strdup_printf("Access denied for user '%s'@'%s'", con->config->admin_username, client_ip);
} else {
check_ip = FALSE;
}
g_strfreev(client_addr_arr);
} else {
check_ip = FALSE;
}
if (check_ip) {
network_mysqld_con_send_error_full(send_sock, L(ip_err_msg), 1045, "28000");
g_free(ip_err_msg);
con->state = ST_SEND_ERROR;
} else {
/* check if the password matches */
excepted_response = g_string_new(NULL);
hashed_pwd = g_string_new(NULL);
if (!strleq(S(con->client->response->username),
con->config->admin_username, strlen(con->config->admin_username))) {
network_mysqld_con_send_error_full(send_sock, C("unknown user"), 1045, "28000");
/* close the connection after we have sent this packet */
con->state = ST_SEND_ERROR;
} else if (network_mysqld_proto_password_hash(hashed_pwd,
con->config->admin_password,
strlen(con->config->admin_password))) {
} else if (network_mysqld_proto_password_scramble(excepted_response,
S(recv_sock->challenge->auth_plugin_data), S(hashed_pwd))) {
network_mysqld_con_send_error_full(send_sock, C("scrambling failed"), 1045, "28000");
/* close the connection after we have sent this packet */
con->state = ST_SEND_ERROR;
} else if (!g_string_equal(excepted_response, auth->auth_plugin_data)) {
network_mysqld_con_send_error_full(send_sock, C("password doesn't match"), 1045, "28000");
/* close the connection after we have sent this packet */
con->state = ST_SEND_ERROR;
} else {
network_mysqld_con_send_ok(send_sock);
con->state = ST_SEND_AUTH_RESULT;
}
g_string_free(hashed_pwd, TRUE);
g_string_free(excepted_response, TRUE);
}
g_string_free(g_queue_pop_tail(recv_sock->recv_queue->chunks), TRUE);
if (recv_sock->recv_queue->chunks->length > 0) {
g_warning("%s: client-recv-queue-len = %d", G_STRLOC, recv_sock->recv_queue->chunks->length);
}
return NETWORK_SOCKET_SUCCESS;
}
GList *network_mysqld_admin_plugin_allow_ip_get(chassis_plugin_config *config)
{
if (config && config->allow_ip_table) {
return g_hash_table_get_keys(config->allow_ip_table);
}
return NULL;
}
gboolean network_mysqld_admin_plugin_allow_ip_add(chassis_plugin_config *config, char *addr) {
if (!config || !addr) return FALSE;
if (!config->allow_ip_table) {
config->allow_ip_table = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL);
}
gboolean success = FALSE;
if (!g_hash_table_lookup(config->allow_ip_table, addr)) {
g_hash_table_insert(config->allow_ip_table, g_strdup(addr), (void *) TRUE);
success = TRUE;
}
return success;
}
gboolean network_mysqld_admin_plugin_allow_ip_del(chassis_plugin_config *config, char *addr) {
if (!config || !addr || !config->allow_ip_table) return FALSE;
return g_hash_table_remove(config->allow_ip_table, addr);
}
GList *network_mysqld_admin_plugin_deny_ip_get(chassis_plugin_config *config)
{
if (config && config->deny_ip_table) {
return g_hash_table_get_keys(config->deny_ip_table);
}
return NULL;
}
gboolean
network_mysqld_admin_plugin_deny_ip_add(chassis_plugin_config *config, char *addr)
{
if (!config || !addr)
return FALSE;
if (!config->deny_ip_table) {
config->deny_ip_table = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL);
}
gboolean success = FALSE;
if (!g_hash_table_lookup(config->deny_ip_table, addr)) {
g_hash_table_insert(config->deny_ip_table, g_strdup(addr), (void *)TRUE);
success = TRUE;
}
return success;
}
static gboolean
network_mysqld_admin_plugin_deny_ip_del(chassis_plugin_config *config, char *addr)
{
if (!config || !addr || !config->deny_ip_table)
return FALSE;
return g_hash_table_remove(config->deny_ip_table, addr);
}
void *adminParserAlloc(void *(*mallocProc)(size_t));
void adminParserFree(void*, void (*freeProc)(void*));
void adminParser(void*, int yymajor, token_t, void*);
void adminParserTrace(FILE*, char*);
static network_mysqld_stmt_ret admin_process_query(network_mysqld_con *con)
{
network_socket *recv_sock = con->client;
GList *chunk = recv_sock->recv_queue->chunks->head;
GString *packet = chunk->data;
if (packet->len < NET_HEADER_SIZE) {
/* packet too short */
return PROXY_SEND_QUERY;
}
char command = packet->str[NET_HEADER_SIZE + 0];
if (COM_QUERY == command) {
/* we need some more data after the COM_QUERY */
if (packet->len < NET_HEADER_SIZE + 2) return PROXY_SEND_QUERY;
}
g_string_assign_len(con->orig_sql, packet->str + (NET_HEADER_SIZE + 1),
packet->len - (NET_HEADER_SIZE + 1));
const char* sql = con->orig_sql->str;
admin_clear_error(con);
/* init lexer & parser */
yyscan_t scanner;
adminyylex_init(&scanner);
YY_BUFFER_STATE buf_state = adminyy_scan_string(sql, scanner);
void* parser = adminParserAlloc(malloc);
#if 0
adminParserTrace(stdout, "---ParserTrace: ");
#endif
int code;
int last_parsed_token;
token_t token;
while ((code = adminyylex(scanner)) > 0) {
token.z = adminyyget_text(scanner);
token.n = adminyyget_leng(scanner);
adminParser(parser, code, token, con);
last_parsed_token = code;
if (admin_get_error(con) != 0) {
break;
}
}
if (admin_get_error(con) == 0) {
if (last_parsed_token != TK_SEMI) {
adminParser(parser, TK_SEMI, token, con);
}
adminParser(parser, 0, token, con);
}
if (admin_get_error(con) != 0) {
network_mysqld_con_send_error(con->client,
C("syntax error, 'select help' for usage"));
}
/* free lexer & parser */
adminParserFree(parser, free);
adminyy_delete_buffer(buf_state, scanner);
adminyylex_destroy(scanner);
return PROXY_SEND_RESULT;
}
/**
* gets called after a query has been read
*/
NETWORK_MYSQLD_PLUGIN_PROTO(server_read_query) {
network_socket *recv_sock;
network_mysqld_stmt_ret ret;
gettimeofday(&(con->req_recv_time), NULL);
recv_sock = con->client;
if (recv_sock->recv_queue->chunks->length != 1) {
g_message("%s: client-recv-queue-len = %d", G_STRLOC,
recv_sock->recv_queue->chunks->length);
}
ret = admin_process_query(con);
switch (ret) {
case PROXY_NO_DECISION:
network_mysqld_con_send_error(con->client,
C("request error, \"select * from help\" for usage"));
con->state = ST_SEND_QUERY_RESULT;
break;
case PROXY_SEND_RESULT:
con->state = ST_SEND_QUERY_RESULT;
break;
default:
network_mysqld_con_send_error(con->client,
C("network packet error, closing connection"));
con->state = ST_SEND_ERROR;
break;
}
g_string_free(g_queue_pop_tail(recv_sock->recv_queue->chunks), TRUE);
return NETWORK_SOCKET_SUCCESS;
}
NETWORK_MYSQLD_PLUGIN_PROTO(server_timeout)
{
con->prev_state = con->state;
con->state = ST_SEND_ERROR;
return NETWORK_SOCKET_SUCCESS;
}
/**
* cleanup the admin specific data on the current connection
*
* @return NETWORK_SOCKET_SUCCESS
*/
NETWORK_MYSQLD_PLUGIN_PROTO(admin_disconnect_client) {
g_free(con->plugin_con_state);
con->plugin_con_state = NULL;
return NETWORK_SOCKET_SUCCESS;
}
static int network_mysqld_server_connection_init(network_mysqld_con *con) {
con->plugins.con_init = server_con_init;
con->plugins.con_read_auth = server_read_auth;
con->plugins.con_read_query = server_read_query;
con->plugins.con_timeout = server_timeout;
con->plugins.con_cleanup = admin_disconnect_client;
return 0;
}
chassis_plugin_config *config;
static chassis_plugin_config *network_mysqld_admin_plugin_new(void)
{
config = g_new0(chassis_plugin_config, 1);
return config;
}
static void network_mysqld_admin_plugin_free(chassis *chas, chassis_plugin_config *config) {
if (config->listen_con) {
/* the socket will be freed by network_mysqld_free() */
}
if (config->address) {
chassis_config_unregister_service(chas->config_manager, config->address);
g_free(config->address);
}
g_free(config->admin_username);
g_free(config->admin_password);
g_free(config->allow_ip);
if (config->allow_ip_table) g_hash_table_destroy(config->allow_ip_table);
g_free(config->deny_ip);
if (config->deny_ip_table) g_hash_table_destroy(config->deny_ip_table);
if (config->admin_stats) admin_stats_free(config->admin_stats);
g_free(config);
}
gchar*
show_admin_address(gpointer param) {
struct external_param *opt_param = (struct external_param *)param;
gint opt_type = opt_param->opt_type;
if(CAN_SHOW_OPTS_PROPERTY(opt_type)) {
return g_strdup_printf("%s", config->address != NULL ? config->address: "NULL");
}
if(CAN_SAVE_OPTS_PROPERTY(opt_type)) {
if(config->address != NULL) {
return g_strdup_printf("%s", config->address);
}
}
return NULL;
}
gchar*
show_admin_username(gpointer param) {
struct external_param *opt_param = (struct external_param *)param;
gint opt_type = opt_param->opt_type;
if(CAN_SHOW_OPTS_PROPERTY(opt_type)) {
return g_strdup_printf("%s", config->admin_username != NULL ? config->admin_username: "NULL");
}
if(CAN_SAVE_OPTS_PROPERTY(opt_type)) {
if(config->admin_username != NULL) {
return g_strdup_printf("%s", config->admin_username);
}
}
return NULL;
}
gchar*
show_admin_password(gpointer param) {
struct external_param *opt_param = (struct external_param *)param;
gint opt_type = opt_param->opt_type;
if(CAN_SHOW_OPTS_PROPERTY(opt_type)) {
return g_strdup_printf("%s", config->admin_password != NULL ? config->admin_password: "NULL");
}
if(CAN_SAVE_OPTS_PROPERTY(opt_type)) {
if(config->admin_password != NULL) {
return g_strdup_printf("%s", config->admin_password);
}
}
return NULL;
}
gchar*
show_admin_allow_ip(gpointer param) {
struct external_param *opt_param = (struct external_param *)param;
gchar *ret = NULL;
gint opt_type = opt_param->opt_type;
if(CAN_SAVE_OPTS_PROPERTY(opt_type)) {
GString *free_str = g_string_new(NULL);
GList *free_list = NULL;
if(config && config->allow_ip_table && g_hash_table_size(config->allow_ip_table)) {
free_list = g_hash_table_get_keys(config->allow_ip_table);
GList *it = NULL;
for(it = free_list; it; it=it->next) {
free_str = g_string_append(free_str, it->data);
free_str = g_string_append(free_str, ",");
}
if(free_str->len) {
free_str->str[free_str->len - 1] = '\0';
ret = g_strdup(free_str->str);
}
}
if(free_str) {
g_string_free(free_str, TRUE);
}
if(free_list) {
g_list_free(free_list);
}
}
return ret;
}
gchar*
show_admin_deny_ip(gpointer param) {
struct external_param *opt_param = (struct external_param *)param;
gchar *ret = NULL;
gint opt_type = opt_param->opt_type;
if(CAN_SAVE_OPTS_PROPERTY(opt_type)) {
GString *free_str = g_string_new(NULL);
GList *free_list = NULL;
if(config && config->deny_ip_table && g_hash_table_size(config->deny_ip_table)) {
free_list = g_hash_table_get_keys(config->deny_ip_table);
GList *it = NULL;
for(it = free_list; it; it=it->next) {
free_str = g_string_append(free_str, it->data);
free_str = g_string_append(free_str, ",");
}
if(free_str->len) {
free_str->str[free_str->len - 1] = '\0';
ret = g_strdup(free_str->str);
}
}
if(free_str) {
g_string_free(free_str, TRUE);
}
if(free_list) {
g_list_free(free_list);
}
}
return ret;
}
/**
* add the proxy specific options to the cmdline interface
*/
static GList *
network_mysqld_admin_plugin_get_options(chassis_plugin_config *config)
{
chassis_options_t opts = { 0 };
chassis_options_add(&opts, "admin-address",
0, 0, OPTION_ARG_STRING, &(config->address),
"listening address:port of the admin-server (default: :4041)", "<host:port>",
NULL, show_admin_address, SHOW_OPTS_PROPERTY|SAVE_OPTS_PROPERTY);
chassis_options_add(&opts, "admin-username",
0, 0, OPTION_ARG_STRING, &(config->admin_username), "username to allow to log in", "<string>",
NULL, show_admin_username, SHOW_OPTS_PROPERTY|SAVE_OPTS_PROPERTY);
chassis_options_add(&opts, "admin-password",
0, 0, OPTION_ARG_STRING, &(config->admin_password), "password to allow to log in", "<string>",
NULL, show_admin_password, SHOW_OPTS_PROPERTY|SAVE_OPTS_PROPERTY);
chassis_options_add(&opts, "admin-allow-ip",
0, 0, OPTION_ARG_STRING, &(config->allow_ip),
"ip address allowed to connect to admin", "<string>",
NULL, show_admin_allow_ip, SAVE_OPTS_PROPERTY);
chassis_options_add(&opts, "admin-deny-ip",
0, 0, OPTION_ARG_STRING, &(config->deny_ip),
"ip address denyed to connect to admin", "<string>",
NULL, show_admin_deny_ip, SAVE_OPTS_PROPERTY);
return opts.options;
}
/**
* init the plugin with the parsed config
*/
static int
network_mysqld_admin_plugin_apply_config(chassis *chas,
chassis_plugin_config *config)
{
network_mysqld_con *con;
network_socket *listen_sock;
if (!config->address) {
config->address = g_strdup(":4041");
} else {
chas->proxy_address = config->address;
g_message("set proxy address for chassis:%s", config->address);
}
if (!config->admin_username) {
g_critical("%s: --admin-username needs to be set",
G_STRLOC);
return -1;
}
if (!config->admin_password) {
g_critical("%s: --admin-password needs to be set",
G_STRLOC);
return -1;
}
if (!g_strcmp0(config->admin_password, "")) {
g_critical("%s: --admin-password cannot be empty",
G_STRLOC);
return -1;
}
GHashTable *allow_ip_table = NULL;
if (config->allow_ip) {
allow_ip_table = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL);
char **ip_arr = g_strsplit(config->allow_ip, ",", -1);
int i;
for (i = 0; ip_arr[i]; i++) {
g_hash_table_insert(allow_ip_table, g_strdup(ip_arr[i]), (void *) TRUE);
}
g_strfreev(ip_arr);
}
config->allow_ip_table = allow_ip_table;
/**
* create a connection handle for the listen socket
*/
con = network_mysqld_con_new();
network_mysqld_add_connection(chas, con, TRUE);
con->config = config;
config->listen_con = con;
listen_sock = network_socket_new();
con->server = listen_sock;
/*
* set the plugin hooks as we want to apply them to the new
* connections too later
*/
network_mysqld_server_connection_init(con);
/* FIXME: network_socket_set_address() */
if (0 != network_address_set_address(listen_sock->dst,
config->address))
{
return -1;
}
/* FIXME: network_socket_bind() */
if (0 != network_socket_bind(listen_sock)) {
return -1;
}
g_message("admin-server listening on port %s", config->address);
config->has_shard_plugin = has_shard_plugin(chas->modules);
/**
* call network_mysqld_con_accept() with this connection when we are done
*/
event_set(&(listen_sock->event), listen_sock->fd,
EV_READ|EV_PERSIST, network_mysqld_con_accept, con);
chassis_event_add(chas, &(listen_sock->event));
chassis_config_register_service(chas->config_manager, config->address, "admin");
config->admin_stats = admin_stats_init(chas);
return 0;
}
G_MODULE_EXPORT int plugin_init(chassis_plugin *p) {
p->magic = CHASSIS_PLUGIN_MAGIC;
p->name = g_strdup("admin");
p->version = g_strdup(PLUGIN_VERSION);
p->init = network_mysqld_admin_plugin_new;
p->get_options = network_mysqld_admin_plugin_get_options;
p->apply_config = network_mysqld_admin_plugin_apply_config;
p->destroy = network_mysqld_admin_plugin_free;
/* For allow_ip configs */
p->allow_ip_get = network_mysqld_admin_plugin_allow_ip_get;
p->allow_ip_add = network_mysqld_admin_plugin_allow_ip_add;
p->allow_ip_del = network_mysqld_admin_plugin_allow_ip_del;
return 0;
}
Reference in New Issue View Git Blame Copy Permalink