From 4e550354afb94afd977d2e04e87e67bbbd984e26 Mon Sep 17 00:00:00 2001 From: Harbor Liu <460660596@qq.com> Date: Thu, 27 Feb 2025 17:30:51 +0800 Subject: [PATCH] [Refactor] Refactor Authentication logical from MysqlProto (#56307) Signed-off-by: HangyuanLiu <460660596@qq.com> --- .../AuthenticationException.java | 10 +- .../authentication/AuthenticationHandler.java | 108 ++++++++++++++++++ .../authentication/AuthenticationMgr.java | 91 --------------- .../AuthenticationProviderFactory.java | 33 +++--- .../PlainPasswordAuthenticationProvider.java | 6 +- .../common/AuthenticationException.java | 48 -------- .../java/com/starrocks/http/BaseAction.java | 18 ++- .../java/com/starrocks/mysql/MysqlProto.java | 75 ++---------- .../starrocks/mysql/nio/AcceptListener.java | 8 +- .../service/FrontendServiceImpl.java | 12 +- .../ArrowFlightSqlCredentialValidator.java | 15 ++- .../AuthenticationManagerTest.java | 103 ++++++++++------- .../AuthenticationProviderFactoryTest.java | 58 ---------- .../starrocks/qe/ConnectSchedulerTest.java | 6 - 14 files changed, 231 insertions(+), 360 deletions(-) create mode 100644 fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationHandler.java delete mode 100644 fe/fe-core/src/main/java/com/starrocks/common/AuthenticationException.java delete mode 100644 fe/fe-core/src/test/java/com/starrocks/authentication/AuthenticationProviderFactoryTest.java diff --git a/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationException.java b/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationException.java index cdaa107a65b81..dbf314b5dd52c 100644 --- a/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationException.java +++ b/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationException.java @@ -12,10 +12,12 @@ // See the License for the specific language governing permissions and // limitations under the License. - package com.starrocks.authentication; -public class AuthenticationException extends Exception { +import com.starrocks.common.ErrorCode; +import com.starrocks.common.StarRocksException; + +public class AuthenticationException extends StarRocksException { public AuthenticationException(String msg) { super(msg); } @@ -23,4 +25,8 @@ public AuthenticationException(String msg) { public AuthenticationException(String msg, Exception e) { super(msg, e); } + + public AuthenticationException(ErrorCode errorCode, Object... objs) { + super(errorCode, objs); + } } diff --git a/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationHandler.java b/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationHandler.java new file mode 100644 index 0000000000000..51c013dbd4e0c --- /dev/null +++ b/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationHandler.java @@ -0,0 +1,108 @@ +// Copyright 2021-present StarRocks, Inc. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.starrocks.authentication; + +import com.starrocks.common.Config; +import com.starrocks.common.ConfigBase; +import com.starrocks.common.ErrorCode; +import com.starrocks.qe.ConnectContext; +import com.starrocks.server.GlobalStateMgr; +import com.starrocks.sql.ast.UserIdentity; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Map; + +public class AuthenticationHandler { + private static final Logger LOG = LogManager.getLogger(AuthenticationHandler.class); + + public static UserIdentity authenticate(ConnectContext context, String user, String remoteHost, + byte[] authResponse, byte[] randomString) throws AuthenticationException { + String usePasswd = authResponse.length == 0 ? "NO" : "YES"; + if (user == null || user.isEmpty()) { + throw new AuthenticationException(ErrorCode.ERR_AUTHENTICATION_FAIL, "", usePasswd); + } + + AuthenticationMgr authenticationMgr = GlobalStateMgr.getCurrentState().getAuthenticationMgr(); + + UserIdentity authenticatedUser = null; + if (Config.enable_auth_check) { + String[] authChain = Config.authentication_chain; + + for (String authMechanism : authChain) { + if (authenticatedUser != null) { + break; + } + + if (authMechanism.equals(ConfigBase.AUTHENTICATION_CHAIN_MECHANISM_NATIVE)) { + Map.Entry matchedUserIdentity = + authenticationMgr.getBestMatchedUserIdentity(user, remoteHost); + + if (matchedUserIdentity == null) { + LOG.debug("cannot find user {}@{}", user, remoteHost); + } else { + try { + AuthenticationProvider provider = + AuthenticationProviderFactory.create(matchedUserIdentity.getValue().getAuthPlugin()); + provider.authenticate(user, remoteHost, authResponse, randomString, matchedUserIdentity.getValue()); + authenticatedUser = matchedUserIdentity.getKey(); + } catch (AuthenticationException e) { + LOG.debug("failed to authenticate for native, user: {}@{}, error: {}", + user, remoteHost, e.getMessage()); + } + } + } else { + SecurityIntegration securityIntegration = authenticationMgr.getSecurityIntegration(authMechanism); + if (securityIntegration == null) { + continue; + } + + try { + AuthenticationProvider provider = securityIntegration.getAuthenticationProvider(); + UserAuthenticationInfo userAuthenticationInfo = new UserAuthenticationInfo(); + provider.authenticate(user, remoteHost, authResponse, randomString, userAuthenticationInfo); + // the ephemeral user is identified as 'username'@'auth_mechanism' + authenticatedUser = UserIdentity.createEphemeralUserIdent(user, securityIntegration.getName()); + } catch (AuthenticationException e) { + LOG.debug("failed to authenticate, user: {}@{}, security integration: {}, error: {}", + user, remoteHost, securityIntegration, e.getMessage()); + } + } + } + } else { + Map.Entry matchedUserIdentity = + authenticationMgr.getBestMatchedUserIdentity(user, remoteHost); + if (matchedUserIdentity == null) { + LOG.info("enable_auth_check is false, but cannot find user '{}'@'{}'", user, remoteHost); + throw new AuthenticationException(ErrorCode.ERR_AUTHENTICATION_FAIL, user, usePasswd); + } else { + authenticatedUser = matchedUserIdentity.getKey(); + } + } + + if (authenticatedUser == null) { + throw new AuthenticationException(ErrorCode.ERR_AUTHENTICATION_FAIL, user, usePasswd); + } + + context.setCurrentUserIdentity(authenticatedUser); + if (!authenticatedUser.isEphemeral()) { + context.setCurrentRoleIds(authenticatedUser); + context.setAuthDataSalt(randomString); + } + context.setQualifiedUser(user); + + return authenticatedUser; + } +} diff --git a/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationMgr.java b/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationMgr.java index 054e32183b1e2..0093ac7d9cdee 100644 --- a/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationMgr.java +++ b/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationMgr.java @@ -12,7 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. - package com.starrocks.authentication; import com.google.common.collect.Maps; @@ -22,11 +21,9 @@ import com.starrocks.authorization.PrivilegeException; import com.starrocks.authorization.UserPrivilegeCollectionV2; import com.starrocks.common.Config; -import com.starrocks.common.ConfigBase; import com.starrocks.common.DdlException; import com.starrocks.common.Pair; import com.starrocks.mysql.MysqlPassword; -import com.starrocks.mysql.privilege.AuthPlugin; import com.starrocks.persist.EditLog; import com.starrocks.persist.GroupProviderLog; import com.starrocks.persist.ImageWriter; @@ -52,7 +49,6 @@ import java.io.IOException; import java.net.URL; import java.net.URLClassLoader; -import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -93,21 +89,6 @@ public class AuthenticationMgr { private boolean isLoaded = false; public AuthenticationMgr() { - // default plugin - AuthenticationProviderFactory.installPlugin( - PlainPasswordAuthenticationProvider.PLUGIN_NAME, new PlainPasswordAuthenticationProvider()); - AuthenticationProviderFactory.installPlugin( - LDAPAuthProviderForNative.PLUGIN_NAME, new LDAPAuthProviderForNative()); - AuthenticationProviderFactory.installPlugin( - KerberosAuthenticationProvider.PLUGIN_NAME, new KerberosAuthenticationProvider()); - - AuthenticationProviderFactory.installPlugin(OpenIdConnectAuthenticationProvider.PLUGIN_NAME, - new OpenIdConnectAuthenticationProvider( - Config.oidc_jwks_url, - Config.oidc_principal_field, - Config.oidc_required_issuer, - Config.oidc_required_audience)); - // default user userToAuthenticationInfo = new UserAuthInfoTreeMap(); UserAuthenticationInfo info = new UserAuthenticationInfo(); @@ -249,78 +230,6 @@ public Map.Entry getBestMatchedUserIdentit } } - private UserIdentity checkPasswordForNative( - String remoteUser, String remoteHost, byte[] remotePasswd, byte[] randomString) { - Map.Entry matchedUserIdentity = - getBestMatchedUserIdentity(remoteUser, remoteHost); - if (matchedUserIdentity == null) { - LOG.debug("cannot find user {}@{}", remoteUser, remoteHost); - } else { - try { - AuthenticationProvider provider = - AuthenticationProviderFactory.create(matchedUserIdentity.getValue().getAuthPlugin()); - provider.authenticate(remoteUser, remoteHost, remotePasswd, randomString, - matchedUserIdentity.getValue()); - return matchedUserIdentity.getKey(); - } catch (AuthenticationException e) { - LOG.debug("failed to authenticate for native, user: {}@{}, error: {}", - remoteUser, remoteHost, e.getMessage()); - } - } - - return null; - } - - protected UserIdentity checkPasswordForNonNative( - String remoteUser, String remoteHost, byte[] remotePasswd, byte[] randomString, String authMechanism) { - SecurityIntegration securityIntegration = - nameToSecurityIntegrationMap.getOrDefault(authMechanism, null); - if (securityIntegration == null) { - LOG.info("'{}' authentication mechanism not found", authMechanism); - } else { - try { - AuthenticationProvider provider = securityIntegration.getAuthenticationProvider(); - UserAuthenticationInfo userAuthenticationInfo = new UserAuthenticationInfo(); - userAuthenticationInfo.extraInfo.put(AuthPlugin.AUTHENTICATION_LDAP_SIMPLE_FOR_EXTERNAL.name(), - securityIntegration); - provider.authenticate(remoteUser, remoteHost, remotePasswd, randomString, - userAuthenticationInfo); - // the ephemeral user is identified as 'username'@'auth_mechanism' - UserIdentity authenticatedUser = UserIdentity.createEphemeralUserIdent(remoteUser, authMechanism); - return authenticatedUser; - } catch (AuthenticationException e) { - LOG.debug("failed to authenticate, user: {}@{}, security integration: {}, error: {}", - remoteUser, remoteHost, securityIntegration, e.getMessage()); - } - } - - return null; - } - - public UserIdentity checkPassword(String remoteUser, String remoteHost, byte[] remotePasswd, byte[] randomString) { - String[] authChain = Config.authentication_chain; - UserIdentity authenticatedUser = null; - for (String authMechanism : authChain) { - if (authenticatedUser != null) { - break; - } - - if (authMechanism.equals(ConfigBase.AUTHENTICATION_CHAIN_MECHANISM_NATIVE)) { - authenticatedUser = checkPasswordForNative(remoteUser, remoteHost, remotePasswd, randomString); - } else { - authenticatedUser = checkPasswordForNonNative( - remoteUser, remoteHost, remotePasswd, randomString, authMechanism); - } - } - - return authenticatedUser; - } - - public UserIdentity checkPlainPassword(String remoteUser, String remoteHost, String remotePasswd) { - return checkPassword(remoteUser, remoteHost, - remotePasswd.getBytes(StandardCharsets.UTF_8), null); - } - public void createUser(CreateUserStmt stmt) throws DdlException { UserIdentity userIdentity = stmt.getUserIdentity(); UserAuthenticationInfo info = stmt.getAuthenticationInfo(); diff --git a/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationProviderFactory.java b/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationProviderFactory.java index a2f467f8ab448..0463b683a9742 100644 --- a/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationProviderFactory.java +++ b/fe/fe-core/src/main/java/com/starrocks/authentication/AuthenticationProviderFactory.java @@ -12,35 +12,28 @@ // See the License for the specific language governing permissions and // limitations under the License. - package com.starrocks.authentication; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; +import com.google.common.collect.ImmutableMap; +import com.starrocks.common.Config; -import java.util.HashMap; import java.util.Map; public class AuthenticationProviderFactory { - private static final Logger LOG = LogManager.getLogger(AuthenticationProviderFactory.class); - private static final Map PLUGIN_NAME_TO_AUTHENTICATION_PROVIDER = new HashMap<>(); + private static final Map PLUGIN_NAME_TO_AUTHENTICATION_PROVIDER = + ImmutableMap.builder() + .put(PlainPasswordAuthenticationProvider.PLUGIN_NAME, new PlainPasswordAuthenticationProvider()) + .put(LDAPAuthProviderForNative.PLUGIN_NAME, new LDAPAuthProviderForNative()) + .put(KerberosAuthenticationProvider.PLUGIN_NAME, new KerberosAuthenticationProvider()) + .put(OpenIdConnectAuthenticationProvider.PLUGIN_NAME, new OpenIdConnectAuthenticationProvider( + Config.oidc_jwks_url, + Config.oidc_principal_field, + Config.oidc_required_issuer, + Config.oidc_required_audience)) + .build(); private AuthenticationProviderFactory() {} - public static void installPlugin(String pluginName, AuthenticationProvider provider) { - if (PLUGIN_NAME_TO_AUTHENTICATION_PROVIDER.containsKey(pluginName)) { - LOG.warn("Plugin {} has already been installed!", pluginName); - } - PLUGIN_NAME_TO_AUTHENTICATION_PROVIDER.put(pluginName, provider); - } - - public static void uninstallPlugin(String pluginName) { - if (!PLUGIN_NAME_TO_AUTHENTICATION_PROVIDER.containsKey(pluginName)) { - LOG.warn("Cannot find {} from {} ", pluginName, PLUGIN_NAME_TO_AUTHENTICATION_PROVIDER.keySet()); - } - PLUGIN_NAME_TO_AUTHENTICATION_PROVIDER.remove(pluginName); - } - public static AuthenticationProvider create(String plugin) throws AuthenticationException { if (!PLUGIN_NAME_TO_AUTHENTICATION_PROVIDER.containsKey(plugin)) { throw new AuthenticationException("Cannot find " + plugin + " from " diff --git a/fe/fe-core/src/main/java/com/starrocks/authentication/PlainPasswordAuthenticationProvider.java b/fe/fe-core/src/main/java/com/starrocks/authentication/PlainPasswordAuthenticationProvider.java index 961da0e2a4bea..eebf61cf87a6d 100644 --- a/fe/fe-core/src/main/java/com/starrocks/authentication/PlainPasswordAuthenticationProvider.java +++ b/fe/fe-core/src/main/java/com/starrocks/authentication/PlainPasswordAuthenticationProvider.java @@ -18,7 +18,7 @@ import com.google.common.base.Strings; import com.starrocks.common.Config; import com.starrocks.mysql.MysqlPassword; -import com.starrocks.server.GlobalStateMgr; +import com.starrocks.qe.ConnectContext; import com.starrocks.sql.ast.UserAuthOption; import com.starrocks.sql.ast.UserIdentity; import org.apache.commons.lang3.StringUtils; @@ -63,8 +63,8 @@ protected void validatePassword(UserIdentity userIdentity, String password) thro } if (!Config.enable_password_reuse) { - GlobalStateMgr.getCurrentState().getAuthenticationMgr().checkPlainPassword( - userIdentity.getUser(), userIdentity.getHost(), password); + AuthenticationHandler.authenticate(new ConnectContext(), userIdentity.getUser(), userIdentity.getHost(), + password.getBytes(StandardCharsets.UTF_8), null); } } diff --git a/fe/fe-core/src/main/java/com/starrocks/common/AuthenticationException.java b/fe/fe-core/src/main/java/com/starrocks/common/AuthenticationException.java deleted file mode 100644 index a1c4302fb7155..0000000000000 --- a/fe/fe-core/src/main/java/com/starrocks/common/AuthenticationException.java +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright 2021-present StarRocks, Inc. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// This file is based on code available under the Apache license here: -// https://github.com/apache/incubator-doris/blob/master/fe/fe-core/src/main/java/org/apache/doris/common/AuthenticationException.java - -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.starrocks.common; - -/** - * Thrown for authorization errors encountered when accessing GlobalStateMgr objects. - */ -public class AuthenticationException extends StarRocksException { - public AuthenticationException(String msg, Throwable cause) { - super(msg, cause); - } - - public AuthenticationException(String msg) { - super(msg); - } -} diff --git a/fe/fe-core/src/main/java/com/starrocks/http/BaseAction.java b/fe/fe-core/src/main/java/com/starrocks/http/BaseAction.java index 782235e7b50d5..ffc3c455f4c98 100644 --- a/fe/fe-core/src/main/java/com/starrocks/http/BaseAction.java +++ b/fe/fe-core/src/main/java/com/starrocks/http/BaseAction.java @@ -36,6 +36,8 @@ import com.google.common.base.Preconditions; import com.google.common.base.Strings; +import com.starrocks.authentication.AuthenticationException; +import com.starrocks.authentication.AuthenticationHandler; import com.starrocks.authorization.AccessDeniedException; import com.starrocks.authorization.AuthorizationMgr; import com.starrocks.authorization.PrivilegeBuiltinConstants; @@ -314,17 +316,13 @@ protected void checkUserOwnsAdminRole(UserIdentity currentUser) throws AccessDen } // return currentUserIdentity from StarRocks auth - public static UserIdentity checkPassword(ActionAuthorizationInfo authInfo) - throws AccessDeniedException { - GlobalStateMgr globalStateMgr = GlobalStateMgr.getCurrentState(); - UserIdentity currentUser = - globalStateMgr.getAuthenticationMgr().checkPlainPassword( - authInfo.fullUserName, authInfo.remoteIp, authInfo.password); - if (currentUser == null) { - throw new AccessDeniedException("Access denied for " - + authInfo.fullUserName + "@" + authInfo.remoteIp); + public static UserIdentity checkPassword(ActionAuthorizationInfo authInfo) throws AccessDeniedException { + try { + return AuthenticationHandler.authenticate(new ConnectContext(), authInfo.fullUserName, + authInfo.remoteIp, authInfo.password.getBytes(StandardCharsets.UTF_8), null); + } catch (AuthenticationException e) { + throw new AccessDeniedException("Access denied for " + authInfo.fullUserName + "@" + authInfo.remoteIp); } - return currentUser; } public ActionAuthorizationInfo getAuthorizationInfo(BaseRequest request) diff --git a/fe/fe-core/src/main/java/com/starrocks/mysql/MysqlProto.java b/fe/fe-core/src/main/java/com/starrocks/mysql/MysqlProto.java index 07ad35755193a..f1b96304742a3 100644 --- a/fe/fe-core/src/main/java/com/starrocks/mysql/MysqlProto.java +++ b/fe/fe-core/src/main/java/com/starrocks/mysql/MysqlProto.java @@ -35,7 +35,8 @@ package com.starrocks.mysql; import com.google.common.base.Strings; -import com.starrocks.authentication.AuthenticationMgr; +import com.starrocks.authentication.AuthenticationException; +import com.starrocks.authentication.AuthenticationHandler; import com.starrocks.authentication.UserAuthenticationInfo; import com.starrocks.common.Config; import com.starrocks.common.DdlException; @@ -59,48 +60,6 @@ public class MysqlProto { private static final Logger LOG = LogManager.getLogger(MysqlProto.class); - // scramble: data receive from server. - // randomString: data send by server in plug-in data field - // user_name#HIGH@cluster_name - private static boolean authenticate(ConnectContext context, byte[] scramble, byte[] randomString, String user) { - String usePasswd = scramble.length == 0 ? "NO" : "YES"; - - if (user == null || user.isEmpty()) { - ErrorReport.report(ErrorCode.ERR_AUTHENTICATION_FAIL, "", usePasswd); - return false; - } - - String remoteIp = context.getMysqlChannel().getRemoteIp(); - - AuthenticationMgr authenticationManager = context.getGlobalStateMgr().getAuthenticationMgr(); - UserIdentity currentUser = null; - if (Config.enable_auth_check) { - currentUser = authenticationManager.checkPassword(user, remoteIp, scramble, randomString); - if (currentUser == null) { - ErrorReport.report(ErrorCode.ERR_AUTHENTICATION_FAIL, user, usePasswd); - return false; - } - } else { - Map.Entry matchedUserIdentity = - authenticationManager.getBestMatchedUserIdentity(user, remoteIp); - if (matchedUserIdentity == null) { - LOG.info("enable_auth_check is false, but cannot find user '{}'@'{}'", user, remoteIp); - ErrorReport.report(ErrorCode.ERR_AUTHENTICATION_FAIL, user, usePasswd); - return false; - } else { - currentUser = matchedUserIdentity.getKey(); - } - } - - context.setCurrentUserIdentity(currentUser); - if (!currentUser.isEphemeral()) { - context.setCurrentRoleIds(currentUser); - context.setAuthDataSalt(randomString); - } - context.setQualifiedUser(user); - return true; - } - // send response packet(OK/EOF/ERR). // before call this function, should set information in state of ConnectContext public static void sendResponsePacket(ConnectContext context) throws IOException { @@ -215,8 +174,10 @@ public static NegotiateResult negotiate(ConnectContext context) throws IOExcepti byte[] randomString = Objects.equals(authPluginName, MysqlHandshakePacket.CLEAR_PASSWORD_PLUGIN_NAME) ? null : handshakePacket.getAuthPluginData(); - // check authenticate - if (!authenticate(context, authPacket.getAuthResponse(), randomString, authPacket.getUser())) { + try { + AuthenticationHandler.authenticate(context, authPacket.getUser(), context.getMysqlChannel().getRemoteIp(), + authPacket.getAuthResponse(), randomString); + } catch (AuthenticationException e) { sendResponsePacket(context); return new NegotiateResult(authPacket, NegotiateState.AUTHENTICATION_FAILED); } @@ -310,8 +271,11 @@ public static boolean changeUser(ConnectContext context, ByteBuffer buffer) thro String previousQualifiedUser = context.getQualifiedUser(); String previousResourceGroup = context.getSessionVariable().getResourceGroup(); // do authenticate again - if (!authenticate(context, changeUserPacket.getAuthResponse(), context.getAuthDataSalt(), - changeUserPacket.getUser())) { + + try { + AuthenticationHandler.authenticate(context, changeUserPacket.getUser(), context.getMysqlChannel().getRemoteIp(), + changeUserPacket.getAuthResponse(), context.getAuthDataSalt()); + } catch (AuthenticationException e) { LOG.warn("Command `Change user` failed, from [{}] to [{}]. ", previousQualifiedUser, changeUserPacket.getUser()); sendResponsePacket(context); @@ -430,21 +394,6 @@ public static byte[] readNulTerminateString(ByteBuffer buffer) { return buf; } - public static class NegotiateResult { - private final MysqlAuthPacket authPacket; - private final NegotiateState state; - - public NegotiateResult(MysqlAuthPacket authPacket, NegotiateState state) { - this.authPacket = authPacket; - this.state = state; - } - - public MysqlAuthPacket getAuthPacket() { - return authPacket; - } - - public NegotiateState getState() { - return state; - } + public record NegotiateResult(MysqlAuthPacket authPacket, NegotiateState state) { } } diff --git a/fe/fe-core/src/main/java/com/starrocks/mysql/nio/AcceptListener.java b/fe/fe-core/src/main/java/com/starrocks/mysql/nio/AcceptListener.java index ff2472eabd5ee..6995f1c80c9d6 100644 --- a/fe/fe-core/src/main/java/com/starrocks/mysql/nio/AcceptListener.java +++ b/fe/fe-core/src/main/java/com/starrocks/mysql/nio/AcceptListener.java @@ -91,8 +91,8 @@ public void handleEvent(AcceptingChannel channel) { context.setConnectScheduler(connectScheduler); // authenticate check failed. result = MysqlProto.negotiate(context); - if (result.getState() != NegotiateState.OK) { - throw new AfterConnectedException(result.getState().getMsg()); + if (result.state() != NegotiateState.OK) { + throw new AfterConnectedException(result.state().getMsg()); } Pair registerResult = connectScheduler.registerConnection(context); if (registerResult.first) { @@ -134,8 +134,8 @@ public void handleEvent(AcceptingChannel channel) { } finally { // Ignore the NegotiateState.READ_FIRST_AUTH_PKG_FAILED connections, // because this maybe caused by port probe. - if (result != null && result.getState() != NegotiateState.READ_FIRST_AUTH_PKG_FAILED) { - LogUtil.logConnectionInfoToAuditLogAndQueryQueue(context, result.getAuthPacket()); + if (result != null && result.state() != NegotiateState.READ_FIRST_AUTH_PKG_FAILED) { + LogUtil.logConnectionInfoToAuditLogAndQueryQueue(context, result.authPacket()); ConnectContext.remove(); } } diff --git a/fe/fe-core/src/main/java/com/starrocks/service/FrontendServiceImpl.java b/fe/fe-core/src/main/java/com/starrocks/service/FrontendServiceImpl.java index 3e85ae2b47b6f..f65f4e8ce9a25 100644 --- a/fe/fe-core/src/main/java/com/starrocks/service/FrontendServiceImpl.java +++ b/fe/fe-core/src/main/java/com/starrocks/service/FrontendServiceImpl.java @@ -47,6 +47,8 @@ import com.starrocks.analysis.TableName; import com.starrocks.analysis.TupleDescriptor; import com.starrocks.analysis.TupleId; +import com.starrocks.authentication.AuthenticationException; +import com.starrocks.authentication.AuthenticationHandler; import com.starrocks.authentication.AuthenticationMgr; import com.starrocks.authorization.AccessDeniedException; import com.starrocks.authorization.PrivilegeBuiltinConstants; @@ -83,7 +85,6 @@ import com.starrocks.catalog.system.sys.SysObjectDependencies; import com.starrocks.cluster.ClusterNamespace; import com.starrocks.common.AnalysisException; -import com.starrocks.common.AuthenticationException; import com.starrocks.common.CaseSensibility; import com.starrocks.common.Config; import com.starrocks.common.ConfigBase; @@ -360,6 +361,7 @@ import org.jetbrains.annotations.NotNull; import java.io.IOException; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -1214,12 +1216,8 @@ public TMasterOpResult forward(TMasterOpRequest params) throws TException { private void checkPasswordAndLoadPriv(String user, String passwd, String db, String tbl, String clientIp) throws AuthenticationException { - GlobalStateMgr globalStateMgr = GlobalStateMgr.getCurrentState(); - UserIdentity currentUser = - globalStateMgr.getAuthenticationMgr().checkPlainPassword(user, clientIp, passwd); - if (currentUser == null) { - throw new AuthenticationException("Access denied for " + user + "@" + clientIp); - } + UserIdentity currentUser = AuthenticationHandler.authenticate(new ConnectContext(), user, clientIp, + passwd.getBytes(StandardCharsets.UTF_8), null); // check INSERT action on table try { Authorizer.checkTableAction(currentUser, null, db, tbl, PrivilegeType.INSERT); diff --git a/fe/fe-core/src/main/java/com/starrocks/service/arrow/flight/sql/auth/ArrowFlightSqlCredentialValidator.java b/fe/fe-core/src/main/java/com/starrocks/service/arrow/flight/sql/auth/ArrowFlightSqlCredentialValidator.java index 4e9d3a446ba1e..3ed0543282f37 100644 --- a/fe/fe-core/src/main/java/com/starrocks/service/arrow/flight/sql/auth/ArrowFlightSqlCredentialValidator.java +++ b/fe/fe-core/src/main/java/com/starrocks/service/arrow/flight/sql/auth/ArrowFlightSqlCredentialValidator.java @@ -14,7 +14,9 @@ package com.starrocks.service.arrow.flight.sql.auth; -import com.starrocks.server.GlobalStateMgr; +import com.starrocks.authentication.AuthenticationException; +import com.starrocks.authentication.AuthenticationHandler; +import com.starrocks.qe.ConnectContext; import com.starrocks.service.arrow.flight.sql.session.ArrowFlightSqlTokenManager; import com.starrocks.sql.ast.UserIdentity; import org.apache.arrow.flight.CallHeaders; @@ -23,6 +25,8 @@ import org.apache.arrow.flight.auth2.BasicCallHeaderAuthenticator; import org.apache.arrow.flight.auth2.CallHeaderAuthenticator; +import java.nio.charset.StandardCharsets; + public class ArrowFlightSqlCredentialValidator implements BasicCallHeaderAuthenticator.CredentialValidator { private final ArrowFlightSqlTokenManager arrowFlightSqlTokenManager; @@ -33,10 +37,11 @@ public ArrowFlightSqlCredentialValidator(ArrowFlightSqlTokenManager arrowFlightS @Override public CallHeaderAuthenticator.AuthResult validate(String username, String password) throws Exception { - GlobalStateMgr globalStateMgr = GlobalStateMgr.getCurrentState(); - UserIdentity currentUser = - globalStateMgr.getAuthenticationMgr().checkPlainPassword(username, "0.0.0.0", password); - if (currentUser == null) { + UserIdentity currentUser; + try { + currentUser = AuthenticationHandler.authenticate(new ConnectContext(), username, "0.0.0.0", + password.getBytes(StandardCharsets.UTF_8), null); + } catch (AuthenticationException e) { throw CallStatus.UNAUTHENTICATED.withDescription("Access denied for " + username).toRuntimeException(); } diff --git a/fe/fe-core/src/test/java/com/starrocks/authentication/AuthenticationManagerTest.java b/fe/fe-core/src/test/java/com/starrocks/authentication/AuthenticationManagerTest.java index d49a83c0a2413..f24d004fd1cb9 100644 --- a/fe/fe-core/src/test/java/com/starrocks/authentication/AuthenticationManagerTest.java +++ b/fe/fe-core/src/test/java/com/starrocks/authentication/AuthenticationManagerTest.java @@ -12,7 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. - package com.starrocks.authentication; import com.starrocks.authorization.AuthorizationMgr; @@ -86,8 +85,9 @@ public void testCreateUserPersist() throws Exception { byte[] scramble = MysqlPassword.scramble(seed, "abc"); AuthenticationMgr masterManager = new AuthenticationMgr(); - Assert.assertNull(masterManager.checkPassword( - testUserWithIp.getUser(), testUserWithIp.getHost(), scramble, seed)); + Assert.assertThrows(AuthenticationException.class, () -> + AuthenticationHandler.authenticate(ctx, testUserWithIp.getUser(), testUserWithIp.getHost(), scramble, seed)); + Assert.assertFalse(masterManager.doesUserExist(testUser)); Assert.assertFalse(masterManager.doesUserExist(testUserWithIp)); UtFrameUtils.PseudoJournalReplayer.resetFollowerJournalQueue(); @@ -100,8 +100,7 @@ public void testCreateUserPersist() throws Exception { masterManager.createUser(stmt); Assert.assertTrue(masterManager.doesUserExist(testUser)); Assert.assertFalse(masterManager.doesUserExist(testUserWithIp)); - UserIdentity user = masterManager.checkPassword(testUser.getUser(), - "10.1.1.1", new byte[0], new byte[0]); + UserIdentity user = masterManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.1").getKey(); Assert.assertEquals(user, testUser); // create twice fail @@ -113,7 +112,7 @@ public void testCreateUserPersist() throws Exception { masterManager.createUser(stmt); Assert.assertTrue(masterManager.doesUserExist(testUser)); Assert.assertTrue(masterManager.doesUserExist(testUserWithIp)); - user = masterManager.checkPassword(testUser.getUser(), testUserWithIp.getHost(), scramble, seed); + user = masterManager.getBestMatchedUserIdentity(testUser.getUser(), testUserWithIp.getHost()).getKey(); Assert.assertEquals(user, testUserWithIp); // make final snapshot @@ -121,8 +120,11 @@ public void testCreateUserPersist() throws Exception { masterManager.saveV2(finalImage.getImageWriter()); // login from 10.1.1.2 with password will fail - user = masterManager.checkPassword(testUser.getUser(), "10.1.1.2", scramble, seed); - Assert.assertNull(user); + Map.Entry entry = + masterManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.2"); + PlainPasswordAuthenticationProvider provider = new PlainPasswordAuthenticationProvider(); + Assert.assertThrows(AuthenticationException.class, () -> + provider.authenticate(entry.getKey().getUser(), entry.getKey().getHost(), scramble, seed, entry.getValue())); // start to replay AuthenticationMgr followerManager = new AuthenticationMgr(); @@ -143,8 +145,10 @@ public void testCreateUserPersist() throws Exception { info.getPluginVersion()); Assert.assertTrue(followerManager.doesUserExist(testUser)); Assert.assertFalse(followerManager.doesUserExist(testUserWithIp)); - user = followerManager.checkPassword(testUser.getUser(), "10.1.1.1", new byte[0], new byte[0]); - Assert.assertEquals(user, testUser); + + Map.Entry bestUser = + followerManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.1"); + Assert.assertEquals(bestUser.getKey(), testUser); // replay create test@10.1.1.1 info = (CreateUserInfo) UtFrameUtils.PseudoJournalReplayer.replayNextJournal(OperationType.OP_CREATE_USER_V2); @@ -157,12 +161,14 @@ public void testCreateUserPersist() throws Exception { info.getPluginVersion()); Assert.assertTrue(followerManager.doesUserExist(testUser)); Assert.assertTrue(followerManager.doesUserExist(testUserWithIp)); - user = followerManager.checkPassword(testUser.getUser(), "10.1.1.1", scramble, seed); - Assert.assertEquals(user, testUserWithIp); + bestUser = followerManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.1"); + Assert.assertEquals(bestUser.getKey(), testUserWithIp); // login from 10.1.1.2 with password will fail - user = followerManager.checkPassword(testUser.getUser(), "10.1.1.2", scramble, seed); - Assert.assertNull(user); + Map.Entry entry1 = + followerManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.2"); + Assert.assertThrows(AuthenticationException.class, () -> + provider.authenticate(entry1.getKey().getUser(), entry1.getKey().getHost(), scramble, seed, entry1.getValue())); // purely loaded from image AuthenticationMgr imageManager = new AuthenticationMgr(); @@ -170,10 +176,12 @@ public void testCreateUserPersist() throws Exception { Assert.assertTrue(imageManager.doesUserExist(testUser)); Assert.assertTrue(imageManager.doesUserExist(testUserWithIp)); - user = imageManager.checkPassword(testUser.getUser(), "10.1.1.1", scramble, seed); - Assert.assertEquals(user, testUserWithIp); - user = imageManager.checkPassword(testUser.getUser(), "10.1.1.2", scramble, seed); - Assert.assertNull(user); + bestUser = followerManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.1"); + Assert.assertEquals(bestUser.getKey(), testUserWithIp); + Map.Entry entry2 = + followerManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.2"); + Assert.assertThrows(AuthenticationException.class, () -> + provider.authenticate(entry2.getKey().getUser(), entry2.getKey().getHost(), scramble, seed, entry2.getValue())); } @Test @@ -329,7 +337,7 @@ public void testDropAlterUser() throws Exception { byte[] scramble = MysqlPassword.scramble(seed, "abc"); AuthenticationMgr manager = ctx.getGlobalStateMgr().getAuthenticationMgr(); - Assert.assertNull(manager.checkPassword( + Assert.assertThrows(AuthenticationException.class, () -> AuthenticationHandler.authenticate(ctx, testUser.getUser(), testUser.getHost(), scramble, seed)); Assert.assertFalse(manager.doesUserExist(testUser)); Assert.assertFalse(manager.doesUserExist(testUserWithIp)); @@ -341,7 +349,7 @@ public void testDropAlterUser() throws Exception { sql = "create user 'test'@'10.1.1.1' identified by 'abc'"; stmt = UtFrameUtils.parseStmtWithNewParser(sql, ctx); DDLStmtExecutor.execute(stmt, ctx); - Assert.assertNull(manager.checkPassword( + Assert.assertThrows(AuthenticationException.class, () -> AuthenticationHandler.authenticate(ctx, testUser.getUser(), testUser.getHost(), scramble, seed)); Assert.assertTrue(manager.doesUserExist(testUserWithIp)); @@ -349,12 +357,12 @@ public void testDropAlterUser() throws Exception { stmt = UtFrameUtils.parseStmtWithNewParser(sql, ctx); DDLStmtExecutor.execute(stmt, ctx); Assert.assertEquals(testUser, - manager.checkPassword(testUser.getUser(), testUser.getHost(), scramble, seed)); + AuthenticationHandler.authenticate(ctx, testUser.getUser(), testUser.getHost(), scramble, seed)); Assert.assertTrue(manager.doesUserExist(testUser)); StatementBase dropStmt = UtFrameUtils.parseStmtWithNewParser("drop user test", ctx); DDLStmtExecutor.execute(dropStmt, ctx); - Assert.assertNull(manager.checkPassword( + Assert.assertThrows(AuthenticationException.class, () -> AuthenticationHandler.authenticate(ctx, testUser.getUser(), testUser.getHost(), scramble, seed)); Assert.assertFalse(manager.doesUserExist(testUser)); @@ -487,14 +495,14 @@ public void testDropAlterPersist() throws Exception { CreateUserStmt createStmt = (CreateUserStmt) UtFrameUtils.parseStmtWithNewParser(sql, ctx); masterManager.createUser(createStmt); Assert.assertTrue(masterManager.doesUserExist(testUser)); - Assert.assertEquals(testUser, masterManager.checkPassword( + Assert.assertEquals(testUser, AuthenticationHandler.authenticate(ctx, testUser.getUser(), "10.1.1.1", new byte[0], null)); // 3. alter user sql = "alter user test identified by 'abc'"; AlterUserStmt alterUserStmt = (AlterUserStmt) UtFrameUtils.parseStmtWithNewParser(sql, ctx); masterManager.alterUser(alterUserStmt.getUserIdentity(), alterUserStmt.getAuthenticationInfo(), null); - Assert.assertEquals(testUser, masterManager.checkPassword( + Assert.assertEquals(testUser, AuthenticationHandler.authenticate(ctx, testUser.getUser(), "10.1.1.1", scramble, seed)); // 3.1 update user property @@ -529,14 +537,13 @@ public void testDropAlterPersist() throws Exception { createInfo.getUserIdentity(), createInfo.getAuthenticationInfo(), createInfo.getUserProperty(), createInfo.getUserPrivilegeCollection(), createInfo.getPluginId(), createInfo.getPluginVersion()); Assert.assertTrue(followerManager.doesUserExist(testUser)); - Assert.assertEquals(testUser, followerManager.checkPassword( - testUser.getUser(), "10.1.1.1", new byte[0], null)); + + Assert.assertEquals(testUser, followerManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.1").getKey()); // 7.2 replay alter user AlterUserInfo alterInfo = (AlterUserInfo) UtFrameUtils.PseudoJournalReplayer.replayNextJournal(OperationType.OP_ALTER_USER_V2); followerManager.replayAlterUser(alterInfo.getUserIdentity(), alterInfo.getAuthenticationInfo(), null); - Assert.assertEquals(testUser, followerManager.checkPassword( - testUser.getUser(), "10.1.1.1", scramble, seed)); + Assert.assertEquals(testUser, followerManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.1").getKey()); // 7.2.1 replay update user property UserPropertyInfo userPropertyInfo = (UserPropertyInfo) UtFrameUtils.PseudoJournalReplayer.replayNextJournal(OperationType.OP_UPDATE_USER_PROP_V3); @@ -554,8 +561,7 @@ public void testDropAlterPersist() throws Exception { alterManager.loadV2(alterImage.getMetaBlockReader()); Assert.assertTrue(alterManager.doesUserExist(testUser)); - Assert.assertEquals(testUser, alterManager.checkPassword( - testUser.getUser(), "10.1.1.1", scramble, seed)); + Assert.assertEquals(testUser, alterManager.getBestMatchedUserIdentity(testUser.getUser(), "10.1.1.1").getKey()); Assert.assertTrue(alterManager.doesUserExist(UserIdentity.ROOT)); // 9. verify final image @@ -578,7 +584,8 @@ public void testUserWithHost() throws Exception { "create user user_with_host@['host01'] identified by 'abc'", ctx), ctx); Assert.assertTrue(manager.doesUserExist(testUserWithHost)); Assert.assertEquals(new HashSet(Arrays.asList("host01")), manager.getAllHostnames()); - Assert.assertNull(manager.checkPassword("user_with_host", "10.1.1.1", scramble, seed)); + Assert.assertThrows(AuthenticationException.class, () -> + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.1", scramble, seed)); // update host -> ip list Map> hostToIpList = new HashMap<>(); @@ -586,9 +593,12 @@ public void testUserWithHost() throws Exception { manager.setHostnameToIpSet(hostToIpList); // check login - Assert.assertNull(manager.checkPassword("user_with_host", "10.1.1.1", scramble, seed)); - Assert.assertEquals(testUserWithHost, manager.checkPassword("user_with_host", "10.1.1.2", scramble, seed)); - Assert.assertNull(manager.checkPassword("user_with_host", "10.1.1.3", scramble, seed)); + Assert.assertThrows(AuthenticationException.class, () -> + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.1", scramble, seed)); + Assert.assertEquals(testUserWithHost, + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.2", scramble, seed)); + Assert.assertThrows(AuthenticationException.class, () -> + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.3", scramble, seed)); // update host -> ip list hostToIpList = new HashMap<>(); @@ -597,9 +607,12 @@ public void testUserWithHost() throws Exception { manager.setHostnameToIpSet(hostToIpList); // check login - Assert.assertEquals(testUserWithHost, manager.checkPassword("user_with_host", "10.1.1.1", scramble, seed)); - Assert.assertEquals(testUserWithHost, manager.checkPassword("user_with_host", "10.1.1.2", scramble, seed)); - Assert.assertNull(manager.checkPassword("user_with_host", "10.1.1.3", scramble, seed)); + Assert.assertEquals(testUserWithHost, + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.1", scramble, seed)); + Assert.assertEquals(testUserWithHost, + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.2", scramble, seed)); + Assert.assertThrows(AuthenticationException.class, () -> + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.3", scramble, seed)); // create a user with ip DDLStmtExecutor.execute(UtFrameUtils.parseStmtWithNewParser( @@ -609,7 +622,8 @@ public void testUserWithHost() throws Exception { Assert.assertTrue(manager.doesUserExist(testUserWithIp)); // login matches ip - Assert.assertEquals(testUserWithIp, manager.checkPassword("user_with_host", "10.1.1.1", scramble, seed)); + Assert.assertEquals(testUserWithIp, + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.1", scramble, seed)); // create a user with % DDLStmtExecutor.execute(UtFrameUtils.parseStmtWithNewParser( @@ -620,13 +634,17 @@ public void testUserWithHost() throws Exception { Assert.assertTrue(manager.doesUserExist(testUserWithIp)); Assert.assertTrue(manager.doesUserExist(testUserWithAll)); - Assert.assertNull(manager.checkPassword("user_with_host", "10.1.1.1", scramble2, seed)); - Assert.assertNull(manager.checkPassword("user_with_host", "10.1.1.2", scramble2, seed)); + Assert.assertThrows(AuthenticationException.class, () -> + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.1", scramble2, seed)); + Assert.assertThrows(AuthenticationException.class, () -> + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.2", scramble2, seed)); DDLStmtExecutor.execute(UtFrameUtils.parseStmtWithNewParser( "alter user user_with_host@'%' identified by 'abc'", ctx), ctx); - Assert.assertEquals(testUserWithIp, manager.checkPassword("user_with_host", "10.1.1.1", scramble, seed)); - Assert.assertEquals(testUserWithHost, manager.checkPassword("user_with_host", "10.1.1.2", scramble, seed)); + Assert.assertEquals(testUserWithIp, + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.1", scramble, seed)); + Assert.assertEquals(testUserWithHost, + AuthenticationHandler.authenticate(ctx, "user_with_host", "10.1.1.2", scramble, seed)); } @Test @@ -723,7 +741,6 @@ public void testIsRoleInSession() throws Exception { Assert.assertFalse(ScalarOperatorFunctions.isRoleInSession( ConstantOperator.createVarchar("test_in_role_r3")).getBoolean()); - sql = "select is_role_in_session(v1) from (select 1 as v1) t"; try { stmt = (CreateUserStmt) UtFrameUtils.parseStmtWithNewParser(sql, ctx); diff --git a/fe/fe-core/src/test/java/com/starrocks/authentication/AuthenticationProviderFactoryTest.java b/fe/fe-core/src/test/java/com/starrocks/authentication/AuthenticationProviderFactoryTest.java deleted file mode 100644 index 30d75b1738240..0000000000000 --- a/fe/fe-core/src/test/java/com/starrocks/authentication/AuthenticationProviderFactoryTest.java +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2021-present StarRocks, Inc. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - - -package com.starrocks.authentication; - -import com.starrocks.sql.ast.UserAuthOption; -import com.starrocks.sql.ast.UserIdentity; -import org.junit.Assert; -import org.junit.Test; - -public class AuthenticationProviderFactoryTest { - @Test - public void testNormal() throws Exception { - AuthenticationProvider fakeProvider = new AuthenticationProvider() { - @Override - public UserAuthenticationInfo analyzeAuthOption(UserIdentity userIdentity, UserAuthOption userAuthOption) - throws AuthenticationException { - return null; - } - - @Override - public void authenticate(String user, String host, byte[] password, byte[] randomString, - UserAuthenticationInfo authenticationInfo) throws AuthenticationException { - - } - }; - String fakeName = "fake"; - - AuthenticationProviderFactory.installPlugin(fakeName, fakeProvider); - AuthenticationProviderFactory.create(fakeName); - - // install multiple times will success - AuthenticationProviderFactory.installPlugin(fakeName, fakeProvider); - AuthenticationProviderFactory.create(fakeName); - - AuthenticationProviderFactory.uninstallPlugin(fakeName); - try { - AuthenticationProviderFactory.create(fakeName); - Assert.fail(); - } catch (AuthenticationException e) { - Assert.assertTrue(e.getMessage().contains("Cannot find " + fakeName + " from")); - } - AuthenticationProviderFactory.uninstallPlugin(fakeName); - - } -} diff --git a/fe/fe-core/src/test/java/com/starrocks/qe/ConnectSchedulerTest.java b/fe/fe-core/src/test/java/com/starrocks/qe/ConnectSchedulerTest.java index d8de66b450d44..00c32d51da470 100644 --- a/fe/fe-core/src/test/java/com/starrocks/qe/ConnectSchedulerTest.java +++ b/fe/fe-core/src/test/java/com/starrocks/qe/ConnectSchedulerTest.java @@ -37,7 +37,6 @@ import com.starrocks.analysis.AccessTestUtil; import com.starrocks.mysql.MysqlChannel; import com.starrocks.mysql.MysqlProto; -import com.starrocks.mysql.NegotiateState; import mockit.Expectations; import mockit.Mocked; import org.junit.Assert; @@ -64,11 +63,6 @@ public void setUp() throws Exception { minTimes = 0; result = "192.168.1.1"; - // mock negotiate - MysqlProto.negotiate((ConnectContext) any); - minTimes = 0; - result = new MysqlProto.NegotiateResult(null, NegotiateState.OK); - MysqlProto.sendResponsePacket((ConnectContext) any); minTimes = 0; }