Search in sources :

Example 1 with UserConfig

use of io.mycat.config.model.UserConfig in project Mycat_plus by coderczp.

the class RollbackConfig method rollback.

private static boolean rollback() {
    MycatConfig conf = MycatServer.getInstance().getConfig();
    Map<String, UserConfig> users = conf.getBackupUsers();
    Map<String, SchemaConfig> schemas = conf.getBackupSchemas();
    Map<String, PhysicalDBNode> dataNodes = conf.getBackupDataNodes();
    Map<String, PhysicalDBPool> dataHosts = conf.getBackupDataHosts();
    MycatCluster cluster = conf.getBackupCluster();
    FirewallConfig firewall = conf.getBackupFirewall();
    // 检查可回滚状态
    if (!conf.canRollback()) {
        return false;
    }
    // 如果回滚已经存在的pool
    boolean rollbackStatus = true;
    Map<String, PhysicalDBPool> cNodes = conf.getDataHosts();
    for (PhysicalDBPool dn : dataHosts.values()) {
        dn.init(dn.getActivedIndex());
        if (!dn.isInitSuccess()) {
            rollbackStatus = false;
            break;
        }
    }
    // 如果回滚不成功,则清理已初始化的资源。
    if (!rollbackStatus) {
        for (PhysicalDBPool dn : dataHosts.values()) {
            dn.clearDataSources("rollbackup config");
            dn.stopHeartbeat();
        }
        return false;
    }
    // 应用回滚
    conf.rollback(users, schemas, dataNodes, dataHosts, cluster, firewall);
    // 处理旧的资源
    for (PhysicalDBPool dn : cNodes.values()) {
        dn.clearDataSources("clear old config ");
        dn.stopHeartbeat();
    }
    // 清理缓存
    MycatServer.getInstance().getCacheService().clearCache();
    return true;
}
Also used : PhysicalDBNode(io.mycat.backend.datasource.PhysicalDBNode) SchemaConfig(io.mycat.config.model.SchemaConfig) MycatCluster(io.mycat.config.MycatCluster) PhysicalDBPool(io.mycat.backend.datasource.PhysicalDBPool) MycatConfig(io.mycat.config.MycatConfig) UserConfig(io.mycat.config.model.UserConfig) FirewallConfig(io.mycat.config.model.FirewallConfig)

Example 2 with UserConfig

use of io.mycat.config.model.UserConfig in project Mycat_plus by coderczp.

the class FrontendAuthenticator method setDefaultAccount.

/**
 * 设置了无密码登陆的情况下把客户端传过来的用户账号改变为默认账户
 * @param auth
 * @param userMaps
 */
private void setDefaultAccount(AuthPacket auth, Map<String, UserConfig> userMaps) {
    String defaultUser;
    Iterator<UserConfig> items = userMaps.values().iterator();
    while (items.hasNext()) {
        UserConfig userConfig = items.next();
        if (userConfig.isDefaultAccount()) {
            defaultUser = userConfig.getName();
            auth.user = defaultUser;
        }
    }
}
Also used : UserConfig(io.mycat.config.model.UserConfig)

Example 3 with UserConfig

use of io.mycat.config.model.UserConfig in project Mycat_plus by coderczp.

the class MycatPrivileges method checkFirewallWhiteHostPolicy.

/**
 * 防火墙白名单处理,根据防火墙配置,判断目前主机是否可以通过某用户登陆
 * 白名单配置请参考:
 * @see  XMLServerLoader
 * @see  FirewallConfig
 *
 * @modification 修改增加网段白名单识别配置
 * @date 2016/12/8
 * @modifiedBy Hash Zhang
 */
@Override
public boolean checkFirewallWhiteHostPolicy(String user, String host) {
    MycatConfig mycatConfig = MycatServer.getInstance().getConfig();
    FirewallConfig firewallConfig = mycatConfig.getFirewall();
    // 防火墙 白名单处理
    boolean isPassed = false;
    Map<String, List<UserConfig>> whitehost = firewallConfig.getWhitehost();
    Map<Pattern, List<UserConfig>> whitehostMask = firewallConfig.getWhitehostMask();
    if ((whitehost == null || whitehost.size() == 0) && (whitehostMask == null || whitehostMask.size() == 0)) {
        Map<String, UserConfig> users = mycatConfig.getUsers();
        isPassed = users.containsKey(user);
    } else {
        List<UserConfig> list = whitehost.get(host);
        Set<Pattern> patterns = whitehostMask.keySet();
        if (patterns != null && patterns.size() > 0) {
            for (Pattern pattern : patterns) {
                if (pattern.matcher(host).find()) {
                    isPassed = true;
                    break;
                }
            }
        }
        if (list != null) {
            for (UserConfig userConfig : list) {
                if (userConfig.getName().equals(user)) {
                    isPassed = true;
                    break;
                }
            }
        }
    }
    if (!isPassed) {
        ALARM.error(new StringBuilder().append(Alarms.FIREWALL_ATTACK).append("[host=").append(host).append(",user=").append(user).append(']').toString());
        return false;
    }
    return true;
}
Also used : Pattern(java.util.regex.Pattern) FirewallConfig(io.mycat.config.model.FirewallConfig) UserConfig(io.mycat.config.model.UserConfig) List(java.util.List)

Example 4 with UserConfig

use of io.mycat.config.model.UserConfig in project Mycat_plus by coderczp.

the class MycatPrivileges method isReadOnly.

@Override
public Boolean isReadOnly(String user) {
    MycatConfig conf = MycatServer.getInstance().getConfig();
    UserConfig uc = conf.getUsers().get(user);
    if (uc != null) {
        return uc.isReadOnly();
    } else {
        return null;
    }
}
Also used : UserConfig(io.mycat.config.model.UserConfig)

Example 5 with UserConfig

use of io.mycat.config.model.UserConfig in project Mycat_plus by coderczp.

the class MycatPrivileges method checkDmlPrivilege.

// 审计SQL权限
@Override
public boolean checkDmlPrivilege(String user, String schema, String sql) {
    if (schema == null) {
        return true;
    }
    boolean isPassed = false;
    MycatConfig conf = MycatServer.getInstance().getConfig();
    UserConfig userConfig = conf.getUsers().get(user);
    if (userConfig != null) {
        UserPrivilegesConfig userPrivilege = userConfig.getPrivilegesConfig();
        if (userPrivilege != null && userPrivilege.isCheck()) {
            UserPrivilegesConfig.SchemaPrivilege schemaPrivilege = userPrivilege.getSchemaPrivilege(schema);
            if (schemaPrivilege != null) {
                String tableName = null;
                int index = -1;
                // com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'begin',expect END, actual EOF begin
                if (sql != null && sql.length() == 5 && sql.equalsIgnoreCase("begin")) {
                    return true;
                }
                SQLStatementParser parser = new MycatStatementParser(sql);
                SQLStatement stmt = parser.parseStatement();
                if (stmt instanceof MySqlReplaceStatement || stmt instanceof SQLInsertStatement) {
                    index = 0;
                } else if (stmt instanceof SQLUpdateStatement) {
                    index = 1;
                } else if (stmt instanceof SQLSelectStatement) {
                    index = 2;
                } else if (stmt instanceof SQLDeleteStatement) {
                    index = 3;
                }
                if (index > -1) {
                    SchemaStatVisitor schemaStatVisitor = new MycatSchemaStatVisitor();
                    stmt.accept(schemaStatVisitor);
                    String key = schemaStatVisitor.getCurrentTable();
                    if (key != null) {
                        if (key.contains("`")) {
                            key = key.replaceAll("`", "");
                        }
                        int dotIndex = key.indexOf(".");
                        if (dotIndex > 0) {
                            tableName = key.substring(dotIndex + 1);
                        } else {
                            tableName = key;
                        }
                        // 获取table 权限, 此处不需要检测空值, 无设置则自动继承父级权限
                        UserPrivilegesConfig.TablePrivilege tablePrivilege = schemaPrivilege.getTablePrivilege(tableName);
                        if (tablePrivilege.getDml()[index] > 0) {
                            isPassed = true;
                        }
                    } else {
                        // skip
                        isPassed = true;
                    }
                } else {
                    // skip
                    isPassed = true;
                }
            } else {
                // skip
                isPassed = true;
            }
        } else {
            // skip
            isPassed = true;
        }
    } else {
        // skip
        isPassed = true;
    }
    if (!isPassed) {
        ALARM.error(new StringBuilder().append(Alarms.DML_ATTACK).append("[sql=").append(sql).append(",user=").append(user).append(']').toString());
    }
    return isPassed;
}
Also used : SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser) MycatStatementParser(io.mycat.route.parser.druid.MycatStatementParser) MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor) SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement) UserConfig(io.mycat.config.model.UserConfig) UserPrivilegesConfig(io.mycat.config.model.UserPrivilegesConfig) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement) SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement) SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement) SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement) SchemaStatVisitor(com.alibaba.druid.sql.visitor.SchemaStatVisitor) MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)

Aggregations

UserConfig (io.mycat.config.model.UserConfig)36 MycatConfig (io.mycat.config.MycatConfig)10 SchemaConfig (io.mycat.config.model.SchemaConfig)10 FirewallConfig (io.mycat.config.model.FirewallConfig)8 ArrayList (java.util.ArrayList)8 Pattern (java.util.regex.Pattern)8 PhysicalDBNode (io.mycat.backend.datasource.PhysicalDBNode)6 PhysicalDBPool (io.mycat.backend.datasource.PhysicalDBPool)6 MycatCluster (io.mycat.config.MycatCluster)6 ConfigException (io.mycat.config.util.ConfigException)6 List (java.util.List)6 TreeSet (java.util.TreeSet)6 ConfigInitializer (io.mycat.config.ConfigInitializer)4 EOFPacket (io.mycat.net.mysql.EOFPacket)4 FieldPacket (io.mycat.net.mysql.FieldPacket)4 RowDataPacket (io.mycat.net.mysql.RowDataPacket)4 ByteBuffer (java.nio.ByteBuffer)4 Matcher (java.util.regex.Matcher)4 Element (org.w3c.dom.Element)4 Node (org.w3c.dom.Node)4