Skip to content

Shardingsphere
Shardingsphere

apache / Shardingsphere

通知 56
Star 3
Fork 0
Shardingsphere
Shardingsphere

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
MySQLAuthenticationHandler.java 4.2 KB
Newer Older
T
new function: proxy authority.  
tristaZero 已提交
1 
/*
T
change copyright from shardingsphere.io to ASF  
terrymanu 已提交
2 3 4 5 6 7 
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
T
new function: proxy authority.  
tristaZero 已提交
8 9 10 11 12 13 14 15 16 17 
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
L
Rename sharding-proxy to shardingsphere-proxy (#5645)  
Liang Zhang 已提交
18 
package org.apache.shardingsphere.proxy.frontend.mysql.auth;
T
new function: proxy authority.  
tristaZero 已提交
19
ShardingSphere's avatar
Revert "use maven shade"  
ShardingSphere 已提交
20 
import com.google.common.base.Strings;
T
new function: proxy authority.  
tristaZero 已提交
21 22 
import lombok.Getter;
import org.apache.commons.codec.digest.DigestUtils;
Fixes #3068 Add a judgment for user's database privileges. (#3079)  
孙不服 已提交
23 
import org.apache.commons.collections4.CollectionUtils;
L
Rename shardingsphere-database-protocol to shardingsphere-db-protocol (#5637)  
Liang Zhang 已提交
24 25 
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
J
Replace authentication of ShardingSphereProxyContext (#5752)  
Juan Pan(Trista) 已提交
26 27 
import org.apache.shardingsphere.infra.auth.ProxyUser;
import org.apache.shardingsphere.proxy.backend.schema.ProxySchemaContexts;
T
new function: proxy authority.  
tristaZero 已提交
28 29 

import java.util.Arrays;
Fixes #3068 Add a judgment for user's database privileges. (#3079)  
孙不服 已提交
30 
import java.util.Collection;
P
ShardingProxy supports multiple users and authorizedSchemas (#2237)  
panjuan 已提交
31 
import java.util.Map.Entry;
L
Upgrade to Java8 (#4583)  
Liang Zhang 已提交
32 
import java.util.Optional;
T
new function: proxy authority.  
tristaZero 已提交
33 34 

/**
T
for #1941, merge MySQLConnectionIdGenerator & PostgreSQLConnectionIdGenerator...  
terrymanu 已提交
35 
 * Authentication handler for MySQL.
T
new function: proxy authority.  
tristaZero 已提交
36 37 
 */
@Getter
T
#1845, rename other MySQL packets  
tuohai666 已提交
38 
public final class MySQLAuthenticationHandler {
T
new function: proxy authority.  
tristaZero 已提交
39
J
Replace authentication of ShardingSphereProxyContext (#5752)  
Juan Pan(Trista) 已提交
40 
    private static final ProxySchemaContexts PROXY_SCHEMA_CONTEXTS = ProxySchemaContexts.getInstance();
T
refactor RULE_REGISTRY as final static field  
terrymanu 已提交
41
T
for #1941, rename variable mySQLXXX => xxx  
terrymanu 已提交
42 
    private final MySQLAuthPluginData authPluginData = new MySQLAuthPluginData();
T
new function: proxy authority.  
tristaZero 已提交
43 44 
    
    /**
T
refactor AuthorityHandler & AuthorityHandlerTest  
terrymanu 已提交
45 
     * Login.
T
new function: proxy authority.  
tristaZero 已提交
46 
     *
L
Refactor QueryCommandExecutor.isQueryResponse for impl (#7041)  
Liang Zhang 已提交
47 
     * @param username username.
Z
support mysql-client8 for sharding-proxy (#5218)  
zhaojun 已提交
48 49 
     * @param authResponse auth response
     * @param database database
T
refactor AuthorityHandler & AuthorityHandlerTest  
terrymanu 已提交
50 
     * @return login success or failure
T
new function: proxy authority.  
tristaZero 已提交
51 
     */
L
Refactor QueryCommandExecutor.isQueryResponse for impl (#7041)  
Liang Zhang 已提交
52 53 
    public Optional<MySQLServerErrorCode> login(final String username, final byte[] authResponse, final String database) {
        Optional<ProxyUser> user = getUser(username);
Z
support mysql-client8 for sharding-proxy (#5218)  
zhaojun 已提交
54 
        if (!user.isPresent() || !isPasswordRight(user.get().getPassword(), authResponse)) {
Fixes #3068 Add a judgment for user's database privileges. (#3079)  
孙不服 已提交
55 56 
            return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
        }
Z
support mysql-client8 for sharding-proxy (#5218)  
zhaojun 已提交
57 
        if (!isAuthorizedSchema(user.get().getAuthorizedSchemas(), database)) {
Fixes #3068 Add a judgment for user's database privileges. (#3079)  
孙不服 已提交
58 59 
            return Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
        }
L
Upgrade to Java8 (#4583)  
Liang Zhang 已提交
60 
        return Optional.empty();
Fixes #3068 Add a judgment for user's database privileges. (#3079)  
孙不服 已提交
61 
    }
P
ShardingProxy supports multiple users and authorizedSchemas (#2237)  
panjuan 已提交
62 63 
    
    private Optional<ProxyUser> getUser(final String username) {
J
Replace authentication of ShardingSphereProxyContext (#5752)  
Juan Pan(Trista) 已提交
64 
        for (Entry<String, ProxyUser> entry : PROXY_SCHEMA_CONTEXTS.getSchemaContexts().getAuthentication().getUsers().entrySet()) {
P
ShardingProxy supports multiple users and authorizedSchemas (#2237)  
panjuan 已提交
65 66 67 
            if (entry.getKey().equals(username)) {
                return Optional.of(entry.getValue());
            }
T
support that proxy password is empty.  
tristaZero 已提交
68 
        }
L
Upgrade to Java8 (#4583)  
Liang Zhang 已提交
69 
        return Optional.empty();
T
new function: proxy authority.  
tristaZero 已提交
70 71 
    }
L
Decouple sharding-proxy-transport's dependencies (#4664)  
Liang Zhang 已提交
72 73 74 75 76 77 78 79 
    private boolean isPasswordRight(final String password, final byte[] authResponse) {
        return Strings.isNullOrEmpty(password) || Arrays.equals(getAuthCipherBytes(password), authResponse);
    }
    
    private boolean isAuthorizedSchema(final Collection<String> authorizedSchemas, final String schema) {
        return Strings.isNullOrEmpty(schema) || CollectionUtils.isEmpty(authorizedSchemas) || authorizedSchemas.contains(schema);
    }
T
new function: proxy authority.  
tristaZero 已提交
80 81 82 
    private byte[] getAuthCipherBytes(final String password) {
        byte[] sha1Password = DigestUtils.sha1(password);
        byte[] doubleSha1Password = DigestUtils.sha1(sha1Password);
T
for #1941, rename variable mySQLXXX => xxx  
terrymanu 已提交
83 84 85 
        byte[] concatBytes = new byte[authPluginData.getAuthPluginData().length + doubleSha1Password.length];
        System.arraycopy(authPluginData.getAuthPluginData(), 0, concatBytes, 0, authPluginData.getAuthPluginData().length);
        System.arraycopy(doubleSha1Password, 0, concatBytes, authPluginData.getAuthPluginData().length, doubleSha1Password.length);
T
new function: proxy authority.  
tristaZero 已提交
86 87 88 89 90 
        byte[] sha1ConcatBytes = DigestUtils.sha1(concatBytes);
        return xor(sha1Password, sha1ConcatBytes);
    }
    
    private byte[] xor(final byte[] input, final byte[] secret) {
L
For code inspection (#6651)  
Liang Zhang 已提交
91 
        byte[] result = new byte[input.length];
T
new function: proxy authority.  
tristaZero 已提交
92 93 94 95 96 97 
        for (int i = 0; i < input.length; ++i) {
            result[i] = (byte) (input[i] ^ secret[i]);
        }
        return result;
    }
}