Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 0d6fb7a3eb0a9754348ec15be14a017a1c84df0f^! / .
commit0d6fb7a3eb0a9754348ec15be14a017a1c84df0f[log] [tgz]
authorFatih Acar <facar@scaleway.com>Mon Sep 26 17:27:11 2022 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Mon Oct 03 15:31:22 2022 +0200
tree481c2c73a3044d0899bb5d46b64a825913c9e720
parentdd4a2a69dcb9be001a9299eb65caa96ad6e950e0 [diff]
BUG/MINOR: checks: update pgsql regex on auth packet

This patch adds support to the following authentication methods:

- AUTH_REQ_GSS (7)
- AUTH_REQ_SSPI (9)
- AUTH_REQ_SASL (10)

Note that since AUTH_REQ_SASL allows multiple authentication mechanisms
such as SCRAM-SHA-256 or SCRAM-SHA-256-PLUS, the auth payload length may
vary since the method is sent in plaintext. In order to allow this, the
regex now matches any payload length.

This partially fixes Github issue #1508 since user authentication is
still broken but should restore pre-2.2 behavior.

This should be backported up to 2.2.

Signed-off-by: Fatih Acar <facar@scaleway.com>

diff --git a/reg-tests/checks/pgsql-check.vtc b/reg-tests/checks/pgsql-check.vtc
index 417932e..2c9c65b 100644
--- a/reg-tests/checks/pgsql-check.vtc
+++ b/reg-tests/checks/pgsql-check.vtc

@@ -23,6 +23,11 @@
   send "Not a PostgreSQL response"
 } -start
 
+server s4 {
+  recv 23
+  sendhex "52000000170000000A534352414D2D5348412D3235360000"
+} -start
+
 syslog S1 -level notice {
     recv
     expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"PostgreSQL server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
@@ -38,6 +43,10 @@
     expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 wrong status.+info: \"PostgreSQL unknown error\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
 } -start
 
+syslog S4 -level notice {
+    recv
+    expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv succeeded, reason: Layer7 check passed.+info: \"PostgreSQL server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
+} -start
 
 haproxy h1 -conf {
     defaults
@@ -64,6 +73,12 @@
         option pgsql-check user postgres
         server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1
 
+    backend be4
+        log ${S4_addr}:${S4_port} daemon
+        option log-health-checks
+        option pgsql-check user postgres
+        server srv ${s4_addr}:${s4_port} check inter 1s rise 1 fall 1
+
     listen pgsql1
         bind "fd@${pgsql}"
         tcp-request inspect-delay 100ms
@@ -75,3 +90,4 @@
 syslog S1 -wait
 syslog S2 -wait
 syslog S3 -wait
+syslog S4 -wait

diff --git a/src/tcpcheck.c b/src/tcpcheck.c
index 5ef1c69..366a8d0 100644
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c

@@ -4517,7 +4517,7 @@
 	chk->index = 2;
 	LIST_APPEND(&rs->rules, &chk->list);
 
-	chk = parse_tcpcheck_expect((char *[]){"tcp-check", "expect", "rbinary", "^52000000(08|0A|0C)000000(00|02|03|04|05|06)",
+	chk = parse_tcpcheck_expect((char *[]){"tcp-check", "expect", "rbinary", "^52000000[A-Z0-9]{2}000000(00|02|03|04|05|06|07|09|0A)",
 				               "min-recv", "9",
 				               "error-status", "L7STS",
 				               "on-success", "PostgreSQL server is ok",