Java tutorial
/* * Copyright (c) 2013, OpenCloudDB/MyCAT and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software;Designed and Developed mainly by many Chinese * opensource volunteers. you can redistribute it and/or modify it under the * terms of the GNU General Public License version 2 only, as published by the * Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Any questions about this component can be directed to it's project Web address * https://code.google.com/p/opencloudb/. * */ package org.opencloudb.net.mysql; import io.netty.channel.ChannelHandlerContext; import java.security.NoSuchAlgorithmException; import java.util.Set; import org.apache.log4j.Logger; import org.opencloudb.MycatSystem; import org.opencloudb.config.ErrorCode; import org.opencloudb.mysql.SecurityUtil; import org.opencloudb.net.ChannelDataHandler; import org.opencloudb.net.ConnectionInfo; import org.opencloudb.net.FrontSession; import org.opencloudb.net.handler.FrontendPrivileges; /** * ??? * * @author mycat */ public class FrontendAuthenticator implements ChannelDataHandler { public static FrontendAuthenticator INSTANCE = new FrontendAuthenticator(); private static final Logger LOGGER = Logger.getLogger(FrontendAuthenticator.class); private static final byte[] AUTH_OK = new byte[] { 7, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0 }; public void handle(ChannelHandlerContext ctx, byte[] data) { // check quit packet if (data.length == QuitPacket.QUIT.length && data[4] == MySQLPacket.COM_QUIT) { LOGGER.info("quick commmand recieved ,close "); ctx.close(); return; } AuthPacket auth = new AuthPacket(); auth.read(data); // check user // if (!checkUser(auth.user, source.getHost())) { // failure(ErrorCode.ER_ACCESS_DENIED_ERROR, "Access denied for user '" // + auth.user + "'"); // return; // } // check password if (!checkPassword(ctx, auth.password, auth.user)) { failure(ctx, ErrorCode.ER_ACCESS_DENIED_ERROR, "Access denied for user '" + auth.user + "'"); return; } // check schema if (schemaAllowed(ctx, auth.database, auth.user, NettyUtil.getConnectionInfo(ctx).getHost())) { success(ctx, auth); } } public static boolean checkUser(String user, String host) { return MycatSystem.getInstance().getPrivileges().userExists(user, host); } public static boolean schemaAllowed(ChannelHandlerContext ctx, String schema, String user, String userHost) { if (!MycatSystem.getInstance().getPrivileges().userExists(user, userHost)) { failure(ctx, ErrorCode.ER_DBACCESS_DENIED_ERROR, "Access denied for user '" + user + "'" + " from host:" + userHost); return false; } switch (checkSchema(schema, user)) { case ErrorCode.ER_BAD_DB_ERROR: failure(ctx, ErrorCode.ER_BAD_DB_ERROR, "Unknown database '" + schema + "'"); return false; case ErrorCode.ER_DBACCESS_DENIED_ERROR: String s = "Access denied for user '" + user + "' to database '" + schema + "'"; failure(ctx, ErrorCode.ER_DBACCESS_DENIED_ERROR, s); return false; default: return true; } } protected boolean checkPassword(ChannelHandlerContext ctx, byte[] password, String user) { String pass = MycatSystem.getInstance().getPrivileges().getPassword(user); // check null if (pass == null || pass.length() == 0) { if (password == null || password.length == 0) { return true; } else { return false; } } if (password == null || password.length == 0) { return false; } // encrypt byte[] encryptPass = null; try { ConnectionInfo conInf = NettyUtil.getConnectionInfo(ctx); encryptPass = SecurityUtil.scramble411(pass.getBytes(), conInf.getSeed()); } catch (NoSuchAlgorithmException e) { LOGGER.warn(ctx.channel() + " err:", e); return false; } if (encryptPass != null && (encryptPass.length == password.length)) { int i = encryptPass.length; while (i-- != 0) { if (encryptPass[i] != password[i]) { return false; } } } else { return false; } return true; } private static int checkSchema(String schema, String user) { if (schema == null) { return 0; } FrontendPrivileges privileges = MycatSystem.getInstance().getPrivileges(); if (!privileges.schemaExists(schema)) { return ErrorCode.ER_BAD_DB_ERROR; } Set<String> schemas = privileges.getUserSchemas(user); if (schemas == null || schemas.size() == 0 || schemas.contains(schema)) { return 0; } else { return ErrorCode.ER_DBACCESS_DENIED_ERROR; } } protected void success(ChannelHandlerContext ctx, AuthPacket auth) { ConnectionInfo conInf = NettyUtil.getConnectionInfo(ctx); conInf.setUser(auth.user); conInf.setSchema(auth.database); conInf.setCharsetIndex(auth.charsetIndex); // conInf.setHandler(new FrontendCommandHandler(source)); if (LOGGER.isInfoEnabled()) { StringBuilder s = new StringBuilder(); s.append(ctx.channel()).append('\'').append(auth.user).append("' login success"); byte[] extra = auth.extra; if (extra != null && extra.length > 0) { s.append(",extra:").append(new String(extra)); } LOGGER.info(s.toString()); } ctx.writeAndFlush(ctx.alloc().ioBuffer(AUTH_OK.length).writeBytes(AUTH_OK)); FrontSession session = new FrontSession(ctx, MycatSystem.getInstance().getPrivileges().isReadOnly(conInf.getUser()), conInf); NettyUtil.removeConnectionInfo(ctx); NettyUtil.updateFrontSession(ctx, session); // to query hanlder NettyUtil.setConnectionHandler(ctx, FrontendCommandHandler.INSTANCE); ctx.read(); } public static void failure(ChannelHandlerContext ctx, int errno, String info) { LOGGER.error(ctx.channel().toString() + info); NettyUtil.writeErrMessage(ctx, errno, info); } }