auth with cas

2025-07-20 05:39:42 +02:00 · 2019-08-09 13:44:03 +08:00 · 2019-08-09 13:44:03 +08:00 · 8c2df6178d
commit 8c2df6178d
parent 8c99977fc9
150 changed files with 43682 additions and 24175 deletions
--- a/vendor/github.com/go-sql-driver/mysql/dsn.go
+++ b/vendor/github.com/go-sql-driver/mysql/dsn.go
@ -14,7 +14,6 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
-	"math/big"
 	"net"
 	"net/url"
 	"sort"
@ -73,26 +72,6 @@ func NewConfig() *Config {
 	}
 }

-func (cfg *Config) Clone() *Config {
-	cp := *cfg
-	if cp.tls != nil {
-		cp.tls = cfg.tls.Clone()
-	}
-	if len(cp.Params) > 0 {
-		cp.Params = make(map[string]string, len(cfg.Params))
-		for k, v := range cfg.Params {
-			cp.Params[k] = v
-		}
-	}
-	if cfg.pubKey != nil {
-		cp.pubKey = &rsa.PublicKey{
-			N: new(big.Int).Set(cfg.pubKey.N),
-			E: cfg.pubKey.E,
-		}
-	}
-	return &cp
-}
-
 func (cfg *Config) normalize() error {
 	if cfg.InterpolateParams && unsafeCollations[cfg.Collation] {
 		return errInvalidDSNUnsafeCollation
@ -113,35 +92,17 @@ func (cfg *Config) normalize() error {
 		default:
 			return errors.New("default addr for network '" + cfg.Net + "' unknown")
 		}
+
 	} else if cfg.Net == "tcp" {
 		cfg.Addr = ensureHavePort(cfg.Addr)
 	}

-	switch cfg.TLSConfig {
-	case "false", "":
-		// don't set anything
-	case "true":
-		cfg.tls = &tls.Config{}
-	case "skip-verify", "preferred":
-		cfg.tls = &tls.Config{InsecureSkipVerify: true}
-	default:
-		cfg.tls = getTLSConfigClone(cfg.TLSConfig)
-		if cfg.tls == nil {
-			return errors.New("invalid value / unknown config name: " + cfg.TLSConfig)
-		}
-	}
-
-	if cfg.tls != nil && cfg.tls.ServerName == "" && !cfg.tls.InsecureSkipVerify {
-		host, _, err := net.SplitHostPort(cfg.Addr)
-		if err == nil {
-			cfg.tls.ServerName = host
-		}
-	}
-
-	if cfg.ServerPubKey != "" {
-		cfg.pubKey = getServerPubKey(cfg.ServerPubKey)
-		if cfg.pubKey == nil {
-			return errors.New("invalid value / unknown server pub key name: " + cfg.ServerPubKey)
+	if cfg.tls != nil {
+		if cfg.tls.ServerName == "" && !cfg.tls.InsecureSkipVerify {
+			host, _, err := net.SplitHostPort(cfg.Addr)
+			if err == nil {
+				cfg.tls.ServerName = host
+			}
 		}
 	}

@ -570,7 +531,13 @@ func parseDSNParams(cfg *Config, params string) (err error) {
 			if err != nil {
 				return fmt.Errorf("invalid value for server pub key name: %v", err)
 			}
-			cfg.ServerPubKey = name
+
+			if pubKey := getServerPubKey(name); pubKey != nil {
+				cfg.ServerPubKey = name
+				cfg.pubKey = pubKey
+			} else {
+				return errors.New("invalid value / unknown server pub key name: " + name)
+			}

 		// Strict mode
 		case "strict":
@ -589,17 +556,25 @@ func parseDSNParams(cfg *Config, params string) (err error) {
 			if isBool {
 				if boolValue {
 					cfg.TLSConfig = "true"
+					cfg.tls = &tls.Config{}
 				} else {
 					cfg.TLSConfig = "false"
 				}
-			} else if vl := strings.ToLower(value); vl == "skip-verify" || vl == "preferred" {
+			} else if vl := strings.ToLower(value); vl == "skip-verify" {
 				cfg.TLSConfig = vl
+				cfg.tls = &tls.Config{InsecureSkipVerify: true}
 			} else {
 				name, err := url.QueryUnescape(value)
 				if err != nil {
 					return fmt.Errorf("invalid value for TLS config name: %v", err)
 				}
-				cfg.TLSConfig = name
+
+				if tlsConfig := getTLSConfigClone(name); tlsConfig != nil {
+					cfg.TLSConfig = name
+					cfg.tls = tlsConfig
+				} else {
+					return errors.New("invalid value / unknown config name: " + name)
+				}
 			}

 		// I/O write Timeout