*: remove more about tidb/parser/mysql

.golangci.yaml

@@ -22,6 +22,10 @@ issues:
       linters:
         - gosec
       text: "G402:"
+    - path: pkg/proxy/net/auth.go
+      linters:
+        - gosec
+      text: "G101:"
 
 linters:
   enable:

pkg/proxy/backend/authenticator.go

@@ -42,7 +42,7 @@ type Authenticator struct {
 	user              string
 	attrs             map[string]string
 	salt              []byte
-	capability        uint32 // client capability
+	capability        pnet.Capability
 	collation         uint8
 	proxyProtocol     bool
 	requireBackendTLS bool
@@ -125,7 +125,7 @@ func (auth *Authenticator) handshakeFirstTime(logger *zap.Logger, cctx ConnConte
 	}
 	if commonCaps := frontendCapability & requiredFrontendCaps; commonCaps != requiredFrontendCaps {
 		logger.Error("require frontend capabilities", zap.Stringer("common", commonCaps), zap.Stringer("required", requiredFrontendCaps))
-		if writeErr := clientIO.WriteErrPacket(mysql.NewErr(mysql.ErrNotSupportedAuthMode)); writeErr != nil {
+		if writeErr := clientIO.WriteErrPacket(mysql.ErrNotSupportedAuthMode); writeErr != nil {
 			return writeErr
 		}
 		return errors.Wrapf(ErrCapabilityNegotiation, "require %s from frontend", requiredFrontendCaps&^commonCaps)
@@ -134,12 +134,12 @@ func (auth *Authenticator) handshakeFirstTime(logger *zap.Logger, cctx ConnConte
 	if frontendCapability^commonCaps != 0 {
 		logger.Debug("frontend send capabilities unsupported by proxy", zap.Stringer("common", commonCaps), zap.Stringer("frontend", frontendCapability^commonCaps), zap.Stringer("proxy", proxyCapability^commonCaps))
 	}
-	auth.capability = commonCaps.Uint32()
-	if auth.capability&mysql.ClientPluginAuth == 0 {
+	auth.capability = commonCaps
+	if auth.capability&pnet.ClientPluginAuth == 0 {
 		logger.Warn("frontend may not support plugin auth", zap.Stringer("capability", commonCaps))
 		// Some clients (e.g. node/mysql) support ClientAuthPlugin but don't have the capability set correctly.
 		// Always set it to ensure capability.
-		auth.capability |= mysql.ClientPluginAuth
+		auth.capability |= pnet.ClientPluginAuth
 	}
 
 	if isSSL {
@@ -267,7 +267,7 @@ func (auth *Authenticator) handshakeSecondTime(logger *zap.Logger, clientIO, bac
 
 	if err = auth.writeAuthHandshake(
 		backendIO, backendTLSConfig, backendCapability,
-		mysql.AuthTiDBSessionToken, hack.Slice(sessionToken), mysql.ClientPluginAuth,
+		pnet.AuthTiDBSessionToken, hack.Slice(sessionToken), pnet.ClientPluginAuth,
 	); err != nil {
 		return err
 	}
@@ -293,7 +293,7 @@ func (auth *Authenticator) writeAuthHandshake(
 	backendCapability pnet.Capability,
 	authPlugin string,
 	authData []byte,
-	authCap uint32,
+	authCap pnet.Capability,
 ) error {
 	// Always handshake with SSL enabled and enable auth_plugin.
 	resp := &pnet.HandshakeResp{
@@ -307,7 +307,7 @@ func (auth *Authenticator) writeAuthHandshake(
 	}
 
 	if len(resp.Attrs) > 0 {
-		resp.Capability |= mysql.ClientConnectAtts
+		resp.Capability |= pnet.ClientConnectAttrs
 	}
 
 	var pkt []byte
@@ -322,7 +322,7 @@ func (auth *Authenticator) writeAuthHandshake(
 		enableTLS = pnet.Capability(auth.capability)&pnet.ClientSSL != 0 && backendCapability&pnet.ClientSSL != 0 && backendTLSConfig != nil
 	}
 	if enableTLS {
-		resp.Capability |= mysql.ClientSSL
+		resp.Capability |= pnet.ClientSSL
 		pkt = pnet.MakeHandshakeResponse(resp)
 		// write SSL Packet
 		if err := backendIO.WritePacket(pkt[:32], true); err != nil {
@@ -339,7 +339,7 @@ func (auth *Authenticator) writeAuthHandshake(
 			return err
 		}
 	} else {
-		resp.Capability &= ^mysql.ClientSSL
+		resp.Capability &= ^pnet.ClientSSL
 		pkt = pnet.MakeHandshakeResponse(resp)
 	}
 

pkg/proxy/backend/backend_conn_mgr.go

@@ -291,11 +291,11 @@ func (mgr *BackendConnManager) ExecuteCmd(ctx context.Context, request []byte) (
 			val := binary.LittleEndian.Uint16(request[1:])
 			switch val {
 			case 0:
-				mgr.authenticator.capability |= mysql.ClientMultiStatements
-				mgr.cmdProcessor.capability |= mysql.ClientMultiStatements
+				mgr.authenticator.capability |= pnet.ClientMultiStatements
+				mgr.cmdProcessor.capability |= pnet.ClientMultiStatements
 			case 1:
-				mgr.authenticator.capability &^= mysql.ClientMultiStatements
-				mgr.cmdProcessor.capability &^= mysql.ClientMultiStatements
+				mgr.authenticator.capability &^= pnet.ClientMultiStatements
+				mgr.cmdProcessor.capability &^= pnet.ClientMultiStatements
 			default:
 				err = errors.Errorf("unrecognized set_option value:%d", val)
 				return

pkg/proxy/backend/cmd_processor.go

@@ -22,7 +22,7 @@ const (
 type CmdProcessor struct {
 	// Each prepared statement has an independent status.
 	preparedStmtStatus map[int]uint32
-	capability         uint32
+	capability         pnet.Capability
 	// Only includes in_trans or quit status.
 	serverStatus uint32
 }

pkg/proxy/backend/cmd_processor_exec.go

@@ -81,7 +81,7 @@ func (cp *CmdProcessor) forwardCommand(clientIO, backendIO *pnet.PacketIO, reque
 	case mysql.ErrHeader:
 		return cp.handleErrorPacket(response)
 	case mysql.EOFHeader:
-		if cp.capability&mysql.ClientDeprecateEOF == 0 {
+		if cp.capability&pnet.ClientDeprecateEOF == 0 {
 			cp.handleEOFPacket(request, response)
 		} else {
 			cp.handleOKPacket(request, response)
@@ -111,7 +111,7 @@ func (cp *CmdProcessor) forwardUntilResultEnd(clientIO, backendIO *pnet.PacketIO
 			}
 			return 0, cp.handleErrorPacket(response)
 		}
-		if cp.capability&mysql.ClientDeprecateEOF == 0 {
+		if cp.capability&pnet.ClientDeprecateEOF == 0 {
 			if pnet.IsEOFPacket(response) {
 				return cp.handleEOFPacket(request, response), clientIO.Flush()
 			}
@@ -136,7 +136,7 @@ func (cp *CmdProcessor) forwardPrepareCmd(clientIO, backendIO *pnet.PacketIO) er
 		numColumns := binary.LittleEndian.Uint16(response[5:])
 		numParams := binary.LittleEndian.Uint16(response[7:])
 		expectedPackets := int(numColumns) + int(numParams)
-		if cp.capability&mysql.ClientDeprecateEOF == 0 {
+		if cp.capability&pnet.ClientDeprecateEOF == 0 {
 			if numColumns > 0 {
 				expectedPackets++
 			}
@@ -235,7 +235,7 @@ func (cp *CmdProcessor) forwardLoadInFile(clientIO, backendIO *pnet.PacketIO, re
 }
 
 func (cp *CmdProcessor) forwardResultSet(clientIO, backendIO *pnet.PacketIO, request []byte) (uint16, error) {
-	if cp.capability&mysql.ClientDeprecateEOF == 0 {
+	if cp.capability&pnet.ClientDeprecateEOF == 0 {
 		var response []byte
 		// read columns
 		for {

pkg/proxy/backend/cmd_processor_query.go

@@ -69,7 +69,7 @@ func (cp *CmdProcessor) readResultColumns(packetIO *pnet.PacketIO, result *gomys
 
 	for {
 		if fieldIndex == len(result.Fields) {
-			if cp.capability&mysql.ClientDeprecateEOF == 0 {
+			if cp.capability&pnet.ClientDeprecateEOF == 0 {
 				if data, err = packetIO.ReadPacket(); err != nil {
 					return err
 				}
@@ -102,7 +102,7 @@ func (cp *CmdProcessor) readResultRows(packetIO *pnet.PacketIO, result *gomysql.
 		if data, err = packetIO.ReadPacket(); err != nil {
 			return err
 		}
-		if cp.capability&mysql.ClientDeprecateEOF == 0 {
+		if cp.capability&pnet.ClientDeprecateEOF == 0 {
 			if pnet.IsEOFPacket(data) {
 				result.Status = binary.LittleEndian.Uint16(data[3:])
 				break

pkg/proxy/backend/mock_backend_test.go

@@ -33,7 +33,7 @@ func newBackendConfig() *backendConfig {
 	return &backendConfig{
 		capability:    defaultTestBackendCapability,
 		salt:          mockSalt,
-		authPlugin:    mysql.AuthCachingSha2Password,
+		authPlugin:    pnet.AuthCachingSha2Password,
 		authSucceed:   true,
 		loops:         1,
 		stmtNum:       1,
@@ -117,11 +117,11 @@ func (mb *mockBackend) verifyPassword(packetIO *pnet.PacketIO, resp *pnet.Handsh
 		}
 	}
 	if mb.authSucceed {
-		if err := packetIO.WriteOKPacket(mb.status, mysql.OKHeader); err != nil {
+		if err := packetIO.WriteOKPacket(mb.status, pnet.OKHeader); err != nil {
 			return err
 		}
 	} else {
-		if err := packetIO.WriteErrPacket(mysql.NewErr(mysql.ErrAccessDenied)); err != nil {
+		if err := packetIO.WriteErrPacket(mysql.ErrAccessDenied); err != nil {
 			return err
 		}
 	}
@@ -150,7 +150,7 @@ func (mb *mockBackend) respondOnce(packetIO *pnet.PacketIO) error {
 	case responseTypeOK:
 		return mb.respondOK(packetIO)
 	case responseTypeErr:
-		return packetIO.WriteErrPacket(mysql.NewErr(mysql.ErrUnknown))
+		return packetIO.WriteErrPacket(mysql.ErrUnknown)
 	case responseTypeResultSet:
 		if pnet.Command(pkt[0]) == pnet.ComQuery && string(pkt[1:]) == sqlQueryState {
 			return mb.respondSessionStates(packetIO)
@@ -171,15 +171,15 @@ func (mb *mockBackend) respondOnce(packetIO *pnet.PacketIO) error {
 		if _, err := packetIO.ReadPacket(); err != nil {
 			return err
 		}
-		return packetIO.WriteOKPacket(mb.status, mysql.OKHeader)
+		return packetIO.WriteOKPacket(mb.status, pnet.OKHeader)
 	case responseTypePrepareOK:
 		return mb.respondPrepare(packetIO)
 	case responseTypeRow:
 		return mb.respondRows(packetIO)
 	case responseTypeNone:
 		return nil
 	}
-	return packetIO.WriteErrPacket(mysql.NewErr(mysql.ErrUnknown))
+	return packetIO.WriteErrPacket(mysql.ErrUnknown)
 }
 
 func (mb *mockBackend) respondOK(packetIO *pnet.PacketIO) error {
@@ -190,7 +190,7 @@ func (mb *mockBackend) respondOK(packetIO *pnet.PacketIO) error {
 		} else {
 			status &= ^mysql.ServerMoreResultsExists
 		}
-		if err := packetIO.WriteOKPacket(status, mysql.OKHeader); err != nil {
+		if err := packetIO.WriteOKPacket(status, pnet.OKHeader); err != nil {
 			return err
 		}
 	}
@@ -209,7 +209,7 @@ func (mb *mockBackend) respondColumns(packetIO *pnet.PacketIO) error {
 
 func (mb *mockBackend) writeResultEndPacket(packetIO *pnet.PacketIO, status uint16) error {
 	if mb.capability&pnet.ClientDeprecateEOF > 0 {
-		return packetIO.WriteOKPacket(status, mysql.EOFHeader)
+		return packetIO.WriteOKPacket(status, pnet.EOFHeader)
 	}
 	return packetIO.WriteEOFPacket(status)
 }
@@ -312,7 +312,7 @@ func (mb *mockBackend) respondLoadFile(packetIO *pnet.PacketIO) error {
 				break
 			}
 		}
-		if err := packetIO.WriteOKPacket(status, mysql.OKHeader); err != nil {
+		if err := packetIO.WriteOKPacket(status, pnet.OKHeader); err != nil {
 			return err
 		}
 	}

pkg/proxy/backend/mock_client_test.go

@@ -78,7 +78,7 @@ func (mc *mockClient) authenticate(packetIO *pnet.PacketIO) error {
 		AuthPlugin: mc.authPlugin,
 		Attrs:      mc.attrs,
 		AuthData:   mc.authData,
-		Capability: mc.capability.Uint32(),
+		Capability: mc.capability,
 		Collation:  mc.collation,
 	}
 	pkt = pnet.MakeHandshakeResponse(resp)

pkg/proxy/backend/mock_proxy_test.go

@@ -54,7 +54,7 @@ func newMockProxy(t *testing.T, cfg *proxyConfig) *mockProxy {
 			CheckBackendInterval: cfg.checkBackendInterval,
 		}),
 	}
-	mp.cmdProcessor.capability = cfg.capability.Uint32()
+	mp.cmdProcessor.capability = cfg.capability
 	return mp
 }
 

pkg/proxy/net/auth.go

@@ -0,0 +1,14 @@
+// Copyright 2023 PingCAP, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+package net
+
+const (
+	AuthNativePassword      = "mysql_native_password"
+	AuthCachingSha2Password = "caching_sha2_password"
+	AuthTiDBSM3Password     = "tidb_sm3_password"
+	AuthMySQLClearPassword  = "mysql_clear_password"
+	AuthSocket              = "auth_socket"
+	AuthTiDBSessionToken    = "tidb_session_token"
+	AuthTiDBAuthToken       = "tidb_auth_token"
+)

pkg/proxy/net/header.go

@@ -0,0 +1,30 @@
+// Copyright 2023 PingCAP, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+package net
+
+type Header byte
+
+// Header information.
+const (
+	OKHeader          Header = 0x00
+	ErrHeader         Header = 0xff
+	EOFHeader         Header = 0xfe
+	AuthSwitchHeader  Header = 0xfe
+	LocalInFileHeader Header = 0xfb
+)
+
+var headerStrings = map[Header]string{
+	OKHeader:          "OK",
+	ErrHeader:         "ERR",
+	EOFHeader:         "EOF/AuthSwitch",
+	LocalInFileHeader: "LOCAL_IN_FILE",
+}
+
+func (f Header) Byte() byte {
+	return byte(f)
+}
+
+func (f Header) String() string {
+	return headerStrings[f]
+}