Example 6 with UserConfig
use of io.mycat.config.model.UserConfig in project Mycat-Server by MyCATApache.
the class ShowWhiteHost method setHost.
public static synchronized void setHost(ManagerConnection c, String ips) {
OkPacket ok = new OkPacket();
String[] users = ips.split(",");
if (users.length < 2) {
c.writeErrMessage(ErrorCode.ER_YES, "white host info error.");
return;
}
String host = "";
List<UserConfig> userConfigs = new ArrayList<UserConfig>();
int i = 0;
for (String user : users) {
if (i == 0) {
host = user;
i++;
} else {
i++;
UserConfig uc = MycatServer.getInstance().getConfig().getUsers().get(user);
if (null == uc) {
c.writeErrMessage(ErrorCode.ER_YES, "user doesn't exist in host.");
return;
}
if (uc.getSchemas() == null || uc.getSchemas().size() == 0) {
c.writeErrMessage(ErrorCode.ER_YES, "host contains one root privileges user.");
return;
}
userConfigs.add(uc);
}
}
if (MycatServer.getInstance().getConfig().getFirewall().addWhitehost(host, userConfigs)) {
try {
FirewallConfig.updateToFile(host, userConfigs);
} catch (Exception e) {
LOGGER.warn("set while host error : " + e.getMessage());
c.writeErrMessage(ErrorCode.ER_YES, "white host set success ,but write to file failed :" + e.getMessage());
}
ok.packetId = 1;
ok.affectedRows = 1;
ok.serverStatus = 2;
ok.message = "white host set to succeed.".getBytes();
ok.write(c);
} else {
c.writeErrMessage(ErrorCode.ER_YES, "host duplicated.");
}
}
Also used :
OkPacket(io.mycat.net.mysql.OkPacket)
ArrayList(java.util.ArrayList)
UserConfig(io.mycat.config.model.UserConfig)
ConfigException(io.mycat.config.util.ConfigException)
Example 7 with UserConfig
use of io.mycat.config.model.UserConfig in project Mycat-Server by MyCATApache.
the class RollbackConfig method rollback.
private static boolean rollback() {
MycatConfig conf = MycatServer.getInstance().getConfig();
Map<String, UserConfig> users = conf.getBackupUsers();
Map<String, SchemaConfig> schemas = conf.getBackupSchemas();
Map<String, PhysicalDBNode> dataNodes = conf.getBackupDataNodes();
Map<String, PhysicalDBPool> dataHosts = conf.getBackupDataHosts();
MycatCluster cluster = conf.getBackupCluster();
FirewallConfig firewall = conf.getBackupFirewall();
// 检查可回滚状态
if (!conf.canRollback()) {
return false;
}
// 如果回滚已经存在的pool
boolean rollbackStatus = true;
Map<String, PhysicalDBPool> cNodes = conf.getDataHosts();
for (PhysicalDBPool dn : dataHosts.values()) {
dn.init(dn.getActivedIndex());
if (!dn.isInitSuccess()) {
rollbackStatus = false;
break;
}
}
// 如果回滚不成功,则清理已初始化的资源。
if (!rollbackStatus) {
for (PhysicalDBPool dn : dataHosts.values()) {
dn.clearDataSources("rollbackup config");
dn.stopHeartbeat();
}
return false;
}
// 应用回滚
conf.rollback(users, schemas, dataNodes, dataHosts, cluster, firewall);
// 处理旧的资源
for (PhysicalDBPool dn : cNodes.values()) {
dn.clearDataSources("clear old config ");
dn.stopHeartbeat();
}
//清理缓存
MycatServer.getInstance().getCacheService().clearCache();
return true;
}
Also used :
PhysicalDBNode(io.mycat.backend.datasource.PhysicalDBNode)
SchemaConfig(io.mycat.config.model.SchemaConfig)
MycatCluster(io.mycat.config.MycatCluster)
PhysicalDBPool(io.mycat.backend.datasource.PhysicalDBPool)
MycatConfig(io.mycat.config.MycatConfig)
UserConfig(io.mycat.config.model.UserConfig)
FirewallConfig(io.mycat.config.model.FirewallConfig)
Example 8 with UserConfig
use of io.mycat.config.model.UserConfig in project Mycat-Server by MyCATApache.
the class MycatPrivileges method checkFirewallWhiteHostPolicy.
/**
* 防火墙白名单处理,根据防火墙配置,判断目前主机是否可以通过某用户登陆
* 白名单配置请参考:
* @see XMLServerLoader
* @see FirewallConfig
*
* @modification 修改增加网段白名单识别配置
* @date 2016/12/8
* @modifiedBy Hash Zhang
*/
@Override
public boolean checkFirewallWhiteHostPolicy(String user, String host) {
MycatConfig mycatConfig = MycatServer.getInstance().getConfig();
FirewallConfig firewallConfig = mycatConfig.getFirewall();
//防火墙 白名单处理
boolean isPassed = false;
Map<String, List<UserConfig>> whitehost = firewallConfig.getWhitehost();
Map<Pattern, List<UserConfig>> whitehostMask = firewallConfig.getWhitehostMask();
if ((whitehost == null || whitehost.size() == 0) && (whitehostMask == null || whitehostMask.size() == 0)) {
Map<String, UserConfig> users = mycatConfig.getUsers();
isPassed = users.containsKey(user);
} else {
List<UserConfig> list = whitehost.get(host);
Set<Pattern> patterns = whitehostMask.keySet();
if (patterns != null && patterns.size() > 0) {
for (Pattern pattern : patterns) {
if (pattern.matcher(host).find()) {
isPassed = true;
break;
}
}
}
if (list != null) {
for (UserConfig userConfig : list) {
if (userConfig.getName().equals(user)) {
isPassed = true;
break;
}
}
}
}
if (!isPassed) {
ALARM.error(new StringBuilder().append(Alarms.FIREWALL_ATTACK).append("[host=").append(host).append(",user=").append(user).append(']').toString());
return false;
}
return true;
}
Also used :
Pattern(java.util.regex.Pattern)
FirewallConfig(io.mycat.config.model.FirewallConfig)
UserConfig(io.mycat.config.model.UserConfig)
List(java.util.List)
Example 9 with UserConfig
use of io.mycat.config.model.UserConfig in project Mycat-Server by MyCATApache.
the class XMLServerLoader method loadFirewall.
/**
* 初始载入配置获取防火墙配置,配置防火墙方法之一,一共有两处,另一处:
* @see FirewallConfig
*
* @modification 修改增加网段白名单
* @date 2016/12/8
* @modifiedBy Hash Zhang
*/
private void loadFirewall(Element root) throws IllegalAccessException, InvocationTargetException {
NodeList list = root.getElementsByTagName("host");
Map<String, List<UserConfig>> whitehost = new HashMap<>();
Map<Pattern, List<UserConfig>> whitehostMask = new HashMap<>();
for (int i = 0, n = list.getLength(); i < n; i++) {
Node node = list.item(i);
if (node instanceof Element) {
Element e = (Element) node;
String host = e.getAttribute("host").trim();
String userStr = e.getAttribute("user").trim();
if (this.firewall.existsHost(host)) {
throw new ConfigException("host duplicated : " + host);
}
String[] users = userStr.split(",");
List<UserConfig> userConfigs = new ArrayList<UserConfig>();
for (String user : users) {
UserConfig uc = this.users.get(user);
if (null == uc) {
throw new ConfigException("[user: " + user + "] doesn't exist in [host: " + host + "]");
}
if (uc.getSchemas() == null || uc.getSchemas().size() == 0) {
throw new ConfigException("[host: " + host + "] contains one root privileges user: " + user);
}
userConfigs.add(uc);
}
if (host.contains("*") || host.contains("%")) {
whitehostMask.put(FirewallConfig.getMaskPattern(host), userConfigs);
} else {
whitehost.put(host, userConfigs);
}
}
}
firewall.setWhitehost(whitehost);
firewall.setWhitehostMask(whitehostMask);
WallConfig wallConfig = new WallConfig();
NodeList blacklist = root.getElementsByTagName("blacklist");
for (int i = 0, n = blacklist.getLength(); i < n; i++) {
Node node = blacklist.item(i);
if (node instanceof Element) {
Element e = (Element) node;
String check = e.getAttribute("check");
if (null != check) {
firewall.setCheck(Boolean.parseBoolean(check));
}
Map<String, Object> props = ConfigUtil.loadElements((Element) node);
ParameterMapping.mapping(wallConfig, props);
}
}
firewall.setWallConfig(wallConfig);
firewall.init();
}
Also used :
Pattern(java.util.regex.Pattern)
HashMap(java.util.HashMap)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
ConfigException(io.mycat.config.util.ConfigException)
WallConfig(com.alibaba.druid.wall.WallConfig)
UserConfig(io.mycat.config.model.UserConfig)
ArrayList(java.util.ArrayList)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
Example 10 with UserConfig
use of io.mycat.config.model.UserConfig in project Mycat-Server by MyCATApache.
the class ReloadConfig method reload.
public static boolean reload() {
/**
* 1、载入新的配置, ConfigInitializer 内部完成自检工作, 由于不更新数据源信息,此处不自检 dataHost dataNode
*/
ConfigInitializer loader = new ConfigInitializer(false);
Map<String, UserConfig> users = loader.getUsers();
Map<String, SchemaConfig> schemas = loader.getSchemas();
Map<String, PhysicalDBNode> dataNodes = loader.getDataNodes();
Map<String, PhysicalDBPool> dataHosts = loader.getDataHosts();
MycatCluster cluster = loader.getCluster();
FirewallConfig firewall = loader.getFirewall();
/**
* 2、在老的配置上,应用新的配置
*/
MycatServer.getInstance().getConfig().reload(users, schemas, dataNodes, dataHosts, cluster, firewall, false);
/**
* 3、清理缓存
*/
MycatServer.getInstance().getCacheService().clearCache();
MycatServer.getInstance().initRuleData();
return true;
}
Also used :
PhysicalDBNode(io.mycat.backend.datasource.PhysicalDBNode)
SchemaConfig(io.mycat.config.model.SchemaConfig)
ConfigInitializer(io.mycat.config.ConfigInitializer)
MycatCluster(io.mycat.config.MycatCluster)
PhysicalDBPool(io.mycat.backend.datasource.PhysicalDBPool)
UserConfig(io.mycat.config.model.UserConfig)
FirewallConfig(io.mycat.config.model.FirewallConfig)
Aggregations
UserConfig (io.mycat.config.model.UserConfig)16
MycatConfig (io.mycat.config.MycatConfig)5
SchemaConfig (io.mycat.config.model.SchemaConfig)5
FirewallConfig (io.mycat.config.model.FirewallConfig)4
ArrayList (java.util.ArrayList)4
Pattern (java.util.regex.Pattern)4
PhysicalDBNode (io.mycat.backend.datasource.PhysicalDBNode)3
PhysicalDBPool (io.mycat.backend.datasource.PhysicalDBPool)3
MycatCluster (io.mycat.config.MycatCluster)3
ConfigException (io.mycat.config.util.ConfigException)3
List (java.util.List)3
TreeSet (java.util.TreeSet)3
ConfigInitializer (io.mycat.config.ConfigInitializer)2
EOFPacket (io.mycat.net.mysql.EOFPacket)2
FieldPacket (io.mycat.net.mysql.FieldPacket)2
RowDataPacket (io.mycat.net.mysql.RowDataPacket)2
ByteBuffer (java.nio.ByteBuffer)2
Matcher (java.util.regex.Matcher)2
Element (org.w3c.dom.Element)2
Node (org.w3c.dom.Node)2
