8000 WL#15440 MySQL REST Service (MRS) - Umbrella WL · mysql/mysql-server@eaae21c · GitHub
[go: up one dir, main page]
Skip to content

Commit eaae21c

Browse files
Andrzej Religadahlerlend
Andrzej Religa
authored and
dahlerlend
committed
WL#15440 MySQL REST Service (MRS) - Umbrella WL
Bug#37581032 MRS while doing authentication uses secondary ID in case of scram Secondary ID in SCRAM authentication is now checked for uniquness among the existing sessions. If it is not unique a new one is randomly picked and checked. Change-Id: Id7a8f30d3da11aa69053be6d0d08dc54d0fd6597
1 parent 5756106 commit eaae21c

File tree

8 files changed

+36
-13
lines changed

8 files changed

+36
-13
lines changed

router/src/mysql_rest_service/include/mrs/interface/auth_handler_factory.h

+2-1
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ class AuthHandlerFactory {
4242
using AuthApp = mrs::database::entry::AuthApp;
4343
using AuthHandlerPtr = std::shared_ptr<AuthorizeHandler>;
4444
using AuthorizeHandlerCallbakcs = helper::AuthorizeHandlerCallbakcs;
45+
using SessionManager = http::SessionManager;
4546

4647
public:
4748
virtual ~AuthHandlerFactory() = default;
@@ -57,7 +58,7 @@ class AuthHandlerFactory {
5758
AuthorizeHandlerCallbakcs *cb, const AuthApp &entry) const = 0;
5859
virtual AuthHandlerPtr create_scram_auth_handler(
5960
AuthorizeHandlerCallbakcs *cb, const AuthApp &entry,
60-
const std::string &rd) const = 0;
61+
const std::string &rd, SessionManager *session_manager) const = 0;
6162
};
6263

6364
} // namespace interface

router/src/mysql_rest_service/src/mrs/authentication/auth_handler_factory.cc

+3-3
Original file line numberDiff line numberDiff line change
@@ -68,10 +68,10 @@ AuthHandlerPtr AuthHandlerFactory::create_oidc_auth_handler(
6868
}
6969

7070
AuthHandlerPtr AuthHandlerFactory::create_scram_auth_handler(
71-
AuthorizeHandlerCallbakcs *cb, const AuthApp &entry,
72-
const std::string &rd) const {
71+
AuthorizeHandlerCallbakcs *cb, const AuthApp &entry, const std::string &rd,
72+
SessionManager *session_manager) const {
7373
using Obj = TrackAuthorizeHandler<AuthorizeHandlerCallbakcs, ScramHandler>;
74-
return std::make_shared<Obj>(cb, entry, rd, qf_);
74+
return std::make_shared<Obj>(cb, entry, rd, qf_, session_manager);
7575
}
7676

7777
} // namespace authentication

router/src/mysql_rest_service/src/mrs/authentication/auth_handler_factory.h

+2-1
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ class AuthHandlerFactory : public interface::AuthHandlerFactory {
4040
public:
4141
using MysqlCacheManager = collector::MysqlCacheManager;
4242
using QueryFactory = mrs::interface::QueryFactory;
43+
using SessionManager = http::SessionManager;
4344

4445
public:
4546
AuthHandlerFactory(QueryFactory *qf);
@@ -55,7 +56,7 @@ class AuthHandlerFactory : public interface::AuthHandlerFactory {
5556
const AuthApp &entry) const override;
5657
AuthHandlerPtr create_scram_auth_handler(
5758
AuthorizeHandlerCallbakcs *cb, const AuthApp &entry,
58-
const std::string &rd) const override;
59+
const std::string &rd, SessionManager *session_manager) const override;
5960

6061
private:
6162
QueryFactory *qf_;

router/src/mysql_rest_service/src/mrs/authentication/authorize_manager.cc

+2-1
Original file line numberDiff line numberDiff line change
@@ -333,7 +333,8 @@ AuthorizeHandlerPtr AuthorizeManager::create_authentication_application(
333333
} else if (entry.vendor_id == k_vendor_google) {
334334
return factory_->create_google_auth_handler(this, entry);
335335
} else if (entry.vendor_id == k_vendor_mrs) {
336-
return factory_->create_scram_auth_handler(this, entry, random_data_);
336+
return factory_->create_scram_auth_handler(this, entry, random_data_,
337+
&session_manager_);
337338
} else if (entry.vendor_id == k_vendor_oidc) {
338339
if (entry.url.empty()) {
339340
log_error(

router/src/mysql_rest_service/src/mrs/authentication/scram_handler.cc

+13-5
Original file line numberDiff line numberDiff line change
@@ -115,8 +115,10 @@ inline AuthApp limit_users(const AuthApp &a) {
115115
}
116116

117117
ScramHandler::ScramHandler(const AuthApp &entry, const std::string &random_data,
118-
QueryFactory *qf)
119-
: SaslHandler{limit_users(entry), qf}, random_data_{random_data} {
118+
QueryFactory *qf, SessionManager *session_manager)
119+
: SaslHandler{limit_users(entry), qf},
120+
random_data_{random_data},
121+
session_manager_{session_manager} {
120122
log_debug("ScramHandler for service %s", to_string(entry_).c_str());
121123
}
122124

@@ -187,9 +189,15 @@ SaslResult ScramHandler::client_initial_response(RequestContext &ctxt,
187189
} else {
188190
session_data->ksi = UserOptionsParser(session->user.auth_string).decode();
189191
}
190-
session_data->nonce +=
191-
helper::generate_string<kServerNonceLength, GeneratorNonceCharacters>();
192-
session->handler_secondary_id = session_data->nonce;
192+
193+
session_manager_->set_unique_session_secondary_id(
194+
session, [&session_data]() -> auto{
195+
return session_data->nonce +
196+
helper::generate_string<kServerNonceLength,
197+
GeneratorNonceCharacters>();
198+
});
199+
200+
session_data->nonce = session->handler_secondary_id;
193201

194202
if (!session_data->ksi.is_valid)
195203
return SaslResult(get_problem_description(HttpStatusCode::Unauthorized,

router/src/mysql_rest_service/src/mrs/authentication/scram_handler.h

+2-1
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ namespace authentication {
3535
class ScramHandler : public SaslHandler {
3636
public:
3737
ScramHandler(const AuthApp &entry, const std::string &random_data,
38-
QueryFactory *qf);
38+
QueryFactory *qf, SessionManager *session_manager);
3939

4040
const std::string &get_handler_name() const override;
4141
bool redirects(RequestContext &ctxt) const override;
@@ -57,6 +57,7 @@ class ScramHandler : public SaslHandler {
5757
private:
5858
std::string get_salt_for_the_user(const std::string &user_name) const;
5959
const std::string random_data_;
60+
SessionManager *session_manager_;
6061
};
6162

6263
} // namespace authentication

router/src/mysql_rest_service/src/mrs/http/session_manager.h

+11
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,17 @@ class SessionManager {
153153
const std::string &holder_name);
154154
SessionPtr new_session(const SessionId &session_id);
155155

156+
template <class Generator>
157+
void set_unique_session_secondary_id(Session *session, const Generator &g) {
158+
std::lock_guard<std::mutex> lck{mutex_};
159+
std::string id;
160+
do {
161+
id = g();
162+
} while (get_session_handler_specific_id_impl(id));
163+
164+
session->handler_secondary_id = id;
165+
}
166+
156167
void remove_session(const Session::SessionData *session_data);
157168
bool remove_session(const SessionPtr &session);
158169
bool remove_session(const SessionId session);

router/src/mysql_rest_service/tests/mock/mock_auth_handler_factory.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ class MockAuthHandlerFactory : public mrs::interface::AuthHandlerFactory {
4545
(const, override));
4646
MOCK_METHOD(AuthHandlerPtr, create_scram_auth_handler,
4747
(AuthorizeHandlerCallbakcs * cb, const AuthApp &entry,
48-
const std::string &rd),
48+
const std::string &rd, SessionManager *session_manager),
4949
(const, override));
5050
};
5151

0 commit comments

Comments
 (0)
0