From e3865be3a81ff0c2b04c9f6f98bb04dbf55263b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Sun, 2 Jul 2023 22:49:46 +0000 Subject: [PATCH] Minor changes in branches Also added few FIXME to review part of the code --- lib/MySQL_Protocol.cpp | 19 +++++++++++----- lib/MySQL_Session.cpp | 49 ++++++++++++++++++++---------------------- 2 files changed, 37 insertions(+), 31 deletions(-) diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index f5b93b644..fbcd6c35d 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -1698,8 +1698,14 @@ bool MySQL_Protocol::process_pkt_COM_CHANGE_USER(unsigned char *pkt, unsigned in // this function was inline in process_pkt_handshake_response() , split for readibility int MySQL_Protocol::PPHR_1(unsigned char *pkt, unsigned int len, bool& ret, MyProt_tmp_auth_vars& vars1) { // process_pkt_handshake_response inner 1 - if ((*myds)->switching_auth_stage == 1) (*myds)->switching_auth_stage=2; - if ((*myds)->switching_auth_stage == 4) (*myds)->switching_auth_stage=5; + if ((*myds)->switching_auth_stage == 1) { + // this was set in PPHR_4auth0() or PPHR_4auth1() + (*myds)->switching_auth_stage=2; + } + if ((*myds)->switching_auth_stage == 4) { + // this was set in PPHR_sha2full() + (*myds)->switching_auth_stage=5; + } (*myds)->auth_in_progress = 0; if (len==5) { ret = false; @@ -1965,6 +1971,7 @@ void MySQL_Protocol::PPHR_5passwordTrue( void MySQL_Protocol::PPHR_5passwordFalse_0( + // FIXME: does this work only for mysql_native_password ? unsigned char *pkt, unsigned int len, bool& ret, MyProt_tmp_auth_vars& vars1, @@ -2343,6 +2350,8 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned case AUTH_UNKNOWN_PLUGIN: case AUTH_MYSQL_NATIVE_PASSWORD: // for now we always switch to mysql_native_password + // FIXME: verify if it is correct to call this here. + // maybe it should only be called for AUTH_UNKNOWN_PLUGIN and not for AUTH_MYSQL_NATIVE_PASSWORD bool_rc = PPHR_4auth0(pkt, len, ret, vars1); if (bool_rc == false) { goto __exit_process_pkt_handshake_response; @@ -2387,9 +2396,8 @@ __do_auth: vars1.password=GloMyAuth->lookup((char *)vars1.user, USERNAME_FRONTEND, &attr1._ret_use_ssl, &attr1.default_hostgroup, &attr1.default_schema, &attr1.schema_locked, &attr1.transaction_persistent, &attr1.fast_forward, &attr1.max_connections, &sha1_pass, &attr1.attributes); } //assert(default_hostgroup>=0); - if (vars1.password) { - PPHR_5passwordTrue(pkt, len, ret, vars1, reply, attr1); - } + //if (vars1.password) { + //} if (vars1.password == NULL) { // this is a workaround for bug #603 if ( @@ -2410,6 +2418,7 @@ __do_auth: } } } else { + PPHR_5passwordTrue(pkt, len, ret, vars1, reply, attr1); if (vars1.pass_len==0 && strlen(vars1.password)==0) { ret=true; proxy_debug(PROXY_DEBUG_MYSQL_AUTH, 5, "Session=%p , DS=%p , username='%s' , password=''\n", (*myds), (*myds)->sess, vars1.user); diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp index 30fe25821..938373127 100644 --- a/lib/MySQL_Session.cpp +++ b/lib/MySQL_Session.cpp @@ -5371,32 +5371,29 @@ void MySQL_Session::handler___status_CONNECTING_CLIENT___STATE_SERVER_HANDSHAKE( bool handshake_err = true; proxy_debug(PROXY_DEBUG_MYSQL_CONNECTION,8,"Session=%p , DS=%p , handshake_response=%d , switching_auth_stage=%d , is_encrypted=%d , client_encrypted=%d\n", this, client_myds, handshake_response_return, client_myds->switching_auth_stage, is_encrypted, client_myds->encrypted); - if ( - //(handshake_response_return == false) && (client_myds->switching_auth_stage == 1) - (handshake_response_return == false) && (client_myds->auth_in_progress != 0) - ) { - l_free(pkt->size,pkt->ptr); - proxy_debug(PROXY_DEBUG_MYSQL_CONNECTION,8,"Session=%p , DS=%p . Returning\n", this, client_myds); - return; - } - - if ( - (is_encrypted == false) && // the connection was encrypted - (handshake_response_return == false) && // the authentication didn't complete - (client_myds->encrypted == true) // client is asking for encryption - ) { - // use SSL - proxy_debug(PROXY_DEBUG_MYSQL_CONNECTION,8,"Session=%p , DS=%p . SSL_INIT\n", this, client_myds); - client_myds->DSS=STATE_SSL_INIT; - client_myds->rbio_ssl = BIO_new(BIO_s_mem()); - client_myds->wbio_ssl = BIO_new(BIO_s_mem()); - client_myds->ssl = GloVars.get_SSL_new(); - SSL_set_fd(client_myds->ssl, client_myds->fd); - SSL_set_accept_state(client_myds->ssl); - SSL_set_bio(client_myds->ssl, client_myds->rbio_ssl, client_myds->wbio_ssl); - l_free(pkt->size,pkt->ptr); - proxysql_keylog_attach_callback(GloVars.get_SSL_ctx()); - return; + if (handshake_response_return == false) { + if (client_myds->auth_in_progress != 0) { + l_free(pkt->size,pkt->ptr); + proxy_debug(PROXY_DEBUG_MYSQL_CONNECTION,8,"Session=%p , DS=%p . Returning\n", this, client_myds); + return; + } + if ( + (is_encrypted == false) && // the connection was encrypted + (client_myds->encrypted == true) // client is asking for encryption + ) { + // use SSL + proxy_debug(PROXY_DEBUG_MYSQL_CONNECTION,8,"Session=%p , DS=%p . SSL_INIT\n", this, client_myds); + client_myds->DSS=STATE_SSL_INIT; + client_myds->rbio_ssl = BIO_new(BIO_s_mem()); + client_myds->wbio_ssl = BIO_new(BIO_s_mem()); + client_myds->ssl = GloVars.get_SSL_new(); + SSL_set_fd(client_myds->ssl, client_myds->fd); + SSL_set_accept_state(client_myds->ssl); + SSL_set_bio(client_myds->ssl, client_myds->rbio_ssl, client_myds->wbio_ssl); + l_free(pkt->size,pkt->ptr); + proxysql_keylog_attach_callback(GloVars.get_SSL_ctx()); + return; + } } if (