/* * Copyright (c) 2013, OpenCloudDB/MyCAT and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software;Designed and Developed mainly by many Chinese * opensource volunteers. you can redistribute it and/or modify it under the * terms of the GNU General Public License version 2 only, as published by the * Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Any questions about this component can be directed to it's project Web address * https://code.google.com/p/opencloudb/. * */ package org.opencloudb.net.handler; import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.util.Set; import org.apache.log4j.Logger; import org.opencloudb.config.ErrorCode; import org.opencloudb.mysql.SecurityUtil; import org.opencloudb.net.FrontendConnection; import org.opencloudb.net.NIOHandler; import org.opencloudb.net.mysql.AuthPacket; import org.opencloudb.net.mysql.MySQLPacket; import org.opencloudb.net.mysql.QuitPacket; /** * 前端认证处理器 * * @author mycat */ public class FrontendAuthenticator implements NIOHandler { private static final Logger LOGGER = Logger.getLogger(FrontendAuthenticator.class); private static final byte[] AUTH_OK = new byte[] { 7, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0 }; protected final FrontendConnection source; public FrontendAuthenticator(FrontendConnection source) { this.source = source; } @Override public void handle(byte[] data) { // check quit packet if (data.length == QuitPacket.QUIT.length && data[4] == MySQLPacket.COM_QUIT) { source.close("quit packet"); return; } AuthPacket auth = new AuthPacket(); auth.read(data); // check user if (!checkUser(auth.user, source.getHost())) { failure(ErrorCode.ER_ACCESS_DENIED_ERROR, "Access denied for user '" + auth.user + "'"); return; } // check password if (!checkPassword(auth.password, auth.user)) { failure(ErrorCode.ER_ACCESS_DENIED_ERROR, "Access denied for user '" + auth.user + "'"); return; } // check schema switch (checkSchema(auth.database, auth.user)) { case ErrorCode.ER_BAD_DB_ERROR: failure(ErrorCode.ER_BAD_DB_ERROR, "Unknown database '" + auth.database + "'"); break; case ErrorCode.ER_DBACCESS_DENIED_ERROR: String s = "Access denied for user '" + auth.user + "' to database '" + auth.database + "'"; failure(ErrorCode.ER_DBACCESS_DENIED_ERROR, s); break; default: success(auth); } } protected boolean checkUser(String user, String host) { return source.getPrivileges().userExists(user, host); } protected boolean checkPassword(byte[] password, String user) { String pass = source.getPrivileges().getPassword(user); // check null if (pass == null || pass.length() == 0) { if (password == null || password.length == 0) { return true; } else { return false; } } if (password == null || password.length == 0) { return false; } // encrypt byte[] encryptPass = null; try { encryptPass = SecurityUtil.scramble411(pass.getBytes(), source.getSeed()); } catch (NoSuchAlgorithmException e) { LOGGER.warn(source.toString(), e); return false; } if (encryptPass != null && (encryptPass.length == password.length)) { int i = encryptPass.length; while (i-- != 0) { if (encryptPass[i] != password[i]) { return false; } } } else { return false; } return true; } protected int checkSchema(String schema, String user) { if (schema == null) { return 0; } FrontendPrivileges privileges = source.getPrivileges(); if (!privileges.schemaExists(schema)) { return ErrorCode.ER_BAD_DB_ERROR; } Set<String> schemas = privileges.getUserSchemas(user); if (schemas == null || schemas.size() == 0 || schemas.contains(schema)) { return 0; } else { return ErrorCode.ER_DBACCESS_DENIED_ERROR; } } protected void success(AuthPacket auth) { source.setAuthenticated(true); source.setUser(auth.user); source.setSchema(auth.database); source.setCharsetIndex(auth.charsetIndex); source.setHandler(new FrontendCommandHandler(source)); if (LOGGER.isInfoEnabled()) { StringBuilder s = new StringBuilder(); s.append(source).append('\'').append(auth.user).append("' login success"); byte[] extra = auth.extra; if (extra != null && extra.length > 0) { s.append(",extra:").append(new String(extra)); } LOGGER.info(s.toString()); } ByteBuffer buffer = source.allocate(); source.write(source.writeToBuffer(AUTH_OK, buffer)); } protected void failure(int errno, String info) { LOGGER.error(source.toString() + info); source.writeErrMessage((byte) 2, errno, info); } }