BUG/MINOR: checks: update pgsql regex on auth packet

This patch adds support to the following authentication methods: - AUTH_REQ_GSS (7) - AUTH_REQ_SSPI (9) - AUTH_REQ_SASL (10) Note that since AUTH_REQ_SASL allows multiple authentication mechanisms such as SCRAM-SHA-256 or SCRAM-SHA-256-PLUS, the auth payload length may vary since the method is sent in plaintext. In order to allow this, the regex now matches any payload length. This partially fixes Github issue #1508 since user authentication is still broken but should restore pre-2.2 behavior. This should be backported up to 2.2. Signed-off-by: Fatih Acar <facar@scaleway.com>
2022-09-26 17:27:11 +02:00 · 2022-09-26 17:27:11 +02:00 · 0d6fb7a3eb
commit 0d6fb7a3eb
parent dd4a2a69dc
2 changed files with 17 additions and 1 deletions
--- a/reg-tests/checks/pgsql-check.vtc
+++ b/reg-tests/checks/pgsql-check.vtc
@ -23,6 +23,11 @@ server s3 {
  send "Not a PostgreSQL response"
 } -start

+server s4 {
+  recv 23
+  sendhex "52000000170000000A534352414D2D5348412D3235360000"
+} -start
+
 syslog S1 -level notice {
    recv
    expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"PostgreSQL server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
@ -38,6 +43,10 @@ syslog S3 -level notice {
    expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 wrong status.+info: \"PostgreSQL unknown error\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
 } -start

+syslog S4 -level notice {
+    recv
+    expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv succeeded, reason: Layer7 check passed.+info: \"PostgreSQL server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
+} -start

 haproxy h1 -conf {
    defaults
@ -64,6 +73,12 @@ haproxy h1 -conf {
        option pgsql-check user postgres
        server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1

+    backend be4
+        log ${S4_addr}:${S4_port} daemon
+        option log-health-checks
+        option pgsql-check user postgres
+        server srv ${s4_addr}:${s4_port} check inter 1s rise 1 fall 1
+
    listen pgsql1
        bind "fd@${pgsql}"
        tcp-request inspect-delay 100ms
@ -75,3 +90,4 @@ haproxy h1 -conf {
 syslog S1 -wait
 syslog S2 -wait
 syslog S3 -wait
+syslog S4 -wait
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@ -4517,7 +4517,7 @@ int proxy_parse_pgsql_check_opt(char **args, int cur_arg, struct proxy *curpx, c
 	chk->index = 2;
 	LIST_APPEND(&rs->rules, &chk->list);

-	chk = parse_tcpcheck_expect((char *[]){"tcp-check", "expect", "rbinary", "^52000000(08|0A|0C)000000(00|02|03|04|05|06)",
+	chk = parse_tcpcheck_expect((char *[]){"tcp-check", "expect", "rbinary", "^52000000[A-Z0-9]{2}000000(00|02|03|04|05|06|07|09|0A)",
 				               "min-recv", "9",
 				               "error-status", "L7STS",
 				               "on-success", "PostgreSQL server is ok",