Search in sources :

Example 1 with UserConfig

use of io.mycat.config.UserConfig in project Mycat2 by MyCATApache.

the class VertxMySQLAuthHandler method auth.

private void auth(int packetId) {
    String username = authPacket.getUsername();
    String host = SocketAddressUtil.simplySocketAddress(socket.remoteAddress().toString());
    Authenticator authenticator = null;
    if (MetaClusterCurrent.exist(Authenticator.class)) {
        authenticator = MetaClusterCurrent.wrapper(Authenticator.class);
    }
    if (authenticator != null) {
        Authenticator.AuthInfo authInfo = authenticator.getPassword(username, host);
        String rightPassword = (authInfo.getRightPassword());
        if (!checkPassword(rightPassword, authPacket.getPassword())) {
            String message = "Access denied for user '" + username + "'@'" + host + "' (using password: YES)";
            LOGGER.error(message);
            socket.write(Buffer.buffer(MySQLPacketUtil.generateMySQLPacket(packetId + 1, MySQLPacketUtil.generateError(ER_ACCESS_DENIED_ERROR, message, 0))));
            socket.end();
            return;
        }
    }
    buffer = null;
    UserConfig userInfo = null;
    if (authenticator != null) {
        userInfo = authenticator.getUserInfo(username);
    } else {
        userInfo = new UserConfig();
    }
    InetSocketAddress remoteAddress = new InetSocketAddress(socket.remoteAddress().host(), socket.remoteAddress().port());
    mycatDataContext.setUser(new MycatUser(username, null, null, host, remoteAddress, userInfo));
    mycatDataContext.useShcema(Optional.ofNullable(authPacket.getDatabase()).orElse(userInfo.getSchema()));
    mycatDataContext.setServerCapabilities(authPacket.getCapabilities());
    mycatDataContext.setAutoCommit(true);
    mycatDataContext.setIsolation(MySQLIsolation.REPEATED_READ);
    mycatDataContext.setCharsetIndex(authPacket.getCharacterSet());
    MycatVertxMysqlSession vertxSession = new MycatVertxMysqlSession(mycatDataContext, socket);
    socket.handler(new VertxMySQLPacketResolver(socket, new MycatVertxMySQLHandler(vertxSession)));
    vertxSession.setPacketId(packetId);
    mysqlProxyServerVerticle.addSession(vertxSession);
    vertxSession.writeOkEndPacket();
}
Also used : MycatVertxMysqlSession(io.mycat.mycatmysql.MycatVertxMysqlSession) InetSocketAddress(java.net.InetSocketAddress) MycatVertxMySQLHandler(io.mycat.mycatmysql.MycatVertxMySQLHandler) UserConfig(io.mycat.config.UserConfig)

Example 2 with UserConfig

use of io.mycat.config.UserConfig in project Mycat2 by MyCATApache.

the class MySQLClientAuthHandler method onSocketRead.

// public void setMycatSession(MycatSession mycatSession) {
// this.mycat = mycatSession;
// }
@Override
public void onSocketRead(MycatSession mycat) {
    try {
        if (mycat.getCurNIOHandler() != this) {
            return;
        }
        if (!mycat.readFromChannel()) {
            return;
        }
        mycat.setResponseFinished(ProcessState.READY);
        // MycatSecurityConfig securityManager = runtime.getSecurityManager();
        byte[] password = new byte[] {};
        if (!isChangeAuthPlugin) {
            // 密码读取与验证
            this.auth = readResponseAuthPacket(mycat);
            String authPluginName = auth.getAuthPluginName();
            int capabilities = auth.getCapabilities();
            // 切换auth_plugin
            if (MySQLServerCapabilityFlags.isPluginAuth(capabilities) && !authPluginName.equals(clientAuthPluginName)) {
                // 发送切换包的auth_response
                isChangeAuthPlugin = true;
                AuthSwitchRequestPacket authSwitchRequestPacket = new AuthSwitchRequestPacket();
                clientAuthPluginName = StringUtil.isEmpty(authPluginName) ? MysqlNativePasswordPluginUtil.PROTOCOL_PLUGIN_NAME : authPluginName;
                authSwitchRequestPacket.setAuthPluginName(MysqlNativePasswordPluginUtil.PROTOCOL_PLUGIN_NAME);
                authSwitchRequestPacket.setStatus((byte) 0xfe);
                authSwitchRequestPacket.setAuthPluginData(new String(seed));
                MySQLPayloadWriter mySQLPayloadWriter = new MySQLPayloadWriter(1024);
                authSwitchRequestPacket.writePayload(mySQLPayloadWriter);
                mycat.writeBytes(mySQLPayloadWriter.toByteArray(), true);
                return;
            }
            // 握手包中的加密密码
            password = auth.getPassword();
        } else {
            MySQLPacket mySQLPacket = mycat.currentProxyPayload();
            password = mySQLPacket.readEOFStringBytes();
        }
        int capabilities = auth.getCapabilities();
        if (MySQLServerCapabilityFlags.isCanUseCompressionProtocol(capabilities)) {
            String message = "Can Not Use Compression Protocol!";
            failture(mycat, MySQLErrorCode.ER_UNKNOWN_ERROR, message);
            mycat.lazyClose(true, message);
            return;
        }
        String username = auth.getUsername();
        int maxPacketSize = auth.getMaxPacketSize();
        String database = auth.getDatabase();
        int characterSet = auth.getCharacterSet();
        Map<String, String> attrs = auth.getClientConnectAttrs();
        MycatUser user = null;
        SocketAddress remoteSocketAddress = mycat.channel().socket().getRemoteSocketAddress();
        Authenticator authenticator = MetaClusterCurrent.wrapper(Authenticator.class);
        String ip = SocketAddressUtil.simplySocketAddress(remoteSocketAddress);
        Authenticator.AuthInfo authInfo = authenticator.getPassword(username, ip);
        if (!authInfo.isOk()) {
            failture(mycat, authInfo.getErrorCode(), authInfo.getException());
            return;
        } else {
            String rightPassword = authInfo.getRightPassword();
            if (rightPassword != null) {
                if (!checkPassword(rightPassword, password)) {
                    // may be bug
                    String message = "Access denied for user '" + username + "'@'" + remoteSocketAddress.toString() + "' (using password: YES)";
                    mycat.setLastMessage(message);
                    mycat.setLastErrorCode(ER_ACCESS_DENIED_ERROR);
                    LOGGER.error("login fail: {}", message);
                    mycat.writeErrorEndPacketBySyncInProcessError(ER_ACCESS_DENIED_ERROR);
                    LOGGER.error("remoteSocketAddress:{} password is wrong", remoteSocketAddress);
                    return;
                }
            }
            UserConfig userInfo = authenticator.getUserInfo(username);
            user = new MycatUser(username, null, null, ip, remoteSocketAddress, userInfo);
        }
        mycat.getDataContext().setUser(user);
        mycat.setSchema(database);
        mycat.setServerCapabilities(auth.getCapabilities());
        mycat.setIsolation(MySQLIsolation.REPEATED_READ);
        mycat.setCharset(characterSet);
        finished = true;
        mycatSessionManager.initCommandDispatcher(mycat);
        mycat.writeOkEndPacket();
    } catch (Exception e) {
        LOGGER.error("", e);
        MycatMonitor.onAuthHandlerReadException(mycat, e);
        onClear(mycat);
        failture(mycat, e);
    }
}
Also used : AuthSwitchRequestPacket(io.mycat.beans.mysql.packet.AuthSwitchRequestPacket) MycatUser(io.mycat.MycatUser) UserConfig(io.mycat.config.UserConfig) MySQLPayloadWriter(io.mycat.beans.mysql.MySQLPayloadWriter) MySQLPacket(io.mycat.beans.mysql.packet.MySQLPacket) SocketAddress(java.net.SocketAddress) Authenticator(io.mycat.Authenticator)

Aggregations

UserConfig (io.mycat.config.UserConfig)2 Authenticator (io.mycat.Authenticator)1 MycatUser (io.mycat.MycatUser)1 MySQLPayloadWriter (io.mycat.beans.mysql.MySQLPayloadWriter)1 AuthSwitchRequestPacket (io.mycat.beans.mysql.packet.AuthSwitchRequestPacket)1 MySQLPacket (io.mycat.beans.mysql.packet.MySQLPacket)1 MycatVertxMySQLHandler (io.mycat.mycatmysql.MycatVertxMySQLHandler)1 MycatVertxMysqlSession (io.mycat.mycatmysql.MycatVertxMysqlSession)1 InetSocketAddress (java.net.InetSocketAddress)1 SocketAddress (java.net.SocketAddress)1