use of io.mycat.config.UserConfig in project Mycat2 by MyCATApache.
the class VertxMySQLAuthHandler method auth.
private void auth(int packetId) {
String username = authPacket.getUsername();
String host = SocketAddressUtil.simplySocketAddress(socket.remoteAddress().toString());
Authenticator authenticator = null;
if (MetaClusterCurrent.exist(Authenticator.class)) {
authenticator = MetaClusterCurrent.wrapper(Authenticator.class);
}
if (authenticator != null) {
Authenticator.AuthInfo authInfo = authenticator.getPassword(username, host);
String rightPassword = (authInfo.getRightPassword());
if (!checkPassword(rightPassword, authPacket.getPassword())) {
String message = "Access denied for user '" + username + "'@'" + host + "' (using password: YES)";
LOGGER.error(message);
socket.write(Buffer.buffer(MySQLPacketUtil.generateMySQLPacket(packetId + 1, MySQLPacketUtil.generateError(ER_ACCESS_DENIED_ERROR, message, 0))));
socket.end();
return;
}
}
buffer = null;
UserConfig userInfo = null;
if (authenticator != null) {
userInfo = authenticator.getUserInfo(username);
} else {
userInfo = new UserConfig();
}
InetSocketAddress remoteAddress = new InetSocketAddress(socket.remoteAddress().host(), socket.remoteAddress().port());
mycatDataContext.setUser(new MycatUser(username, null, null, host, remoteAddress, userInfo));
mycatDataContext.useShcema(Optional.ofNullable(authPacket.getDatabase()).orElse(userInfo.getSchema()));
mycatDataContext.setServerCapabilities(authPacket.getCapabilities());
mycatDataContext.setAutoCommit(true);
mycatDataContext.setIsolation(MySQLIsolation.REPEATED_READ);
mycatDataContext.setCharsetIndex(authPacket.getCharacterSet());
MycatVertxMysqlSession vertxSession = new MycatVertxMysqlSession(mycatDataContext, socket);
socket.handler(new VertxMySQLPacketResolver(socket, new MycatVertxMySQLHandler(vertxSession)));
vertxSession.setPacketId(packetId);
mysqlProxyServerVerticle.addSession(vertxSession);
vertxSession.writeOkEndPacket();
}
use of io.mycat.config.UserConfig in project Mycat2 by MyCATApache.
the class MySQLClientAuthHandler method onSocketRead.
// public void setMycatSession(MycatSession mycatSession) {
// this.mycat = mycatSession;
// }
@Override
public void onSocketRead(MycatSession mycat) {
try {
if (mycat.getCurNIOHandler() != this) {
return;
}
if (!mycat.readFromChannel()) {
return;
}
mycat.setResponseFinished(ProcessState.READY);
// MycatSecurityConfig securityManager = runtime.getSecurityManager();
byte[] password = new byte[] {};
if (!isChangeAuthPlugin) {
// 密码读取与验证
this.auth = readResponseAuthPacket(mycat);
String authPluginName = auth.getAuthPluginName();
int capabilities = auth.getCapabilities();
// 切换auth_plugin
if (MySQLServerCapabilityFlags.isPluginAuth(capabilities) && !authPluginName.equals(clientAuthPluginName)) {
// 发送切换包的auth_response
isChangeAuthPlugin = true;
AuthSwitchRequestPacket authSwitchRequestPacket = new AuthSwitchRequestPacket();
clientAuthPluginName = StringUtil.isEmpty(authPluginName) ? MysqlNativePasswordPluginUtil.PROTOCOL_PLUGIN_NAME : authPluginName;
authSwitchRequestPacket.setAuthPluginName(MysqlNativePasswordPluginUtil.PROTOCOL_PLUGIN_NAME);
authSwitchRequestPacket.setStatus((byte) 0xfe);
authSwitchRequestPacket.setAuthPluginData(new String(seed));
MySQLPayloadWriter mySQLPayloadWriter = new MySQLPayloadWriter(1024);
authSwitchRequestPacket.writePayload(mySQLPayloadWriter);
mycat.writeBytes(mySQLPayloadWriter.toByteArray(), true);
return;
}
// 握手包中的加密密码
password = auth.getPassword();
} else {
MySQLPacket mySQLPacket = mycat.currentProxyPayload();
password = mySQLPacket.readEOFStringBytes();
}
int capabilities = auth.getCapabilities();
if (MySQLServerCapabilityFlags.isCanUseCompressionProtocol(capabilities)) {
String message = "Can Not Use Compression Protocol!";
failture(mycat, MySQLErrorCode.ER_UNKNOWN_ERROR, message);
mycat.lazyClose(true, message);
return;
}
String username = auth.getUsername();
int maxPacketSize = auth.getMaxPacketSize();
String database = auth.getDatabase();
int characterSet = auth.getCharacterSet();
Map<String, String> attrs = auth.getClientConnectAttrs();
MycatUser user = null;
SocketAddress remoteSocketAddress = mycat.channel().socket().getRemoteSocketAddress();
Authenticator authenticator = MetaClusterCurrent.wrapper(Authenticator.class);
String ip = SocketAddressUtil.simplySocketAddress(remoteSocketAddress);
Authenticator.AuthInfo authInfo = authenticator.getPassword(username, ip);
if (!authInfo.isOk()) {
failture(mycat, authInfo.getErrorCode(), authInfo.getException());
return;
} else {
String rightPassword = authInfo.getRightPassword();
if (rightPassword != null) {
if (!checkPassword(rightPassword, password)) {
// may be bug
String message = "Access denied for user '" + username + "'@'" + remoteSocketAddress.toString() + "' (using password: YES)";
mycat.setLastMessage(message);
mycat.setLastErrorCode(ER_ACCESS_DENIED_ERROR);
LOGGER.error("login fail: {}", message);
mycat.writeErrorEndPacketBySyncInProcessError(ER_ACCESS_DENIED_ERROR);
LOGGER.error("remoteSocketAddress:{} password is wrong", remoteSocketAddress);
return;
}
}
UserConfig userInfo = authenticator.getUserInfo(username);
user = new MycatUser(username, null, null, ip, remoteSocketAddress, userInfo);
}
mycat.getDataContext().setUser(user);
mycat.setSchema(database);
mycat.setServerCapabilities(auth.getCapabilities());
mycat.setIsolation(MySQLIsolation.REPEATED_READ);
mycat.setCharset(characterSet);
finished = true;
mycatSessionManager.initCommandDispatcher(mycat);
mycat.writeOkEndPacket();
} catch (Exception e) {
LOGGER.error("", e);
MycatMonitor.onAuthHandlerReadException(mycat, e);
onClear(mycat);
failture(mycat, e);
}
}
Aggregations