A MySQL Proxy with Dynamic Redirection.
It extract the “username” and “db” from the first client packet.
Then it asprintf(“%s.sql.example.net”) and connect to this backend, and thus forwards between the client and the backend.
pmake re [proxy_port=3307] && ./flex_mysql_proxy
You have to have an /etc/flex_mysql_proxy/scripts/proxy.lua:
function get_backend_from_username(username, db)
return db..“.sql.example.net”, “3306”
end
This script should return the backend IP, or whatever is supported by getaddrinfo() like a hostname.
It listen on the port 3307 by default.
I am not a magician. This could not work with “mysql_native_password” authentication due to the challenge-response (there is some sort of a scramble).
You have to use “—enable-cleartext-plugin” which means that the backend is allowed to re-request the password in plain text.
It works:
- with plaintext authentication (https://github.com/folays/mysql_auth_flex)
- could work for PAM & co
- could work with minimal modifications where we can discard and not considering the first backend packet (no challenge to be forcibly answered)
folays@phenix:~$ mysql -h 127.0.0.1 --port 3307--user=username --enable-cleartext-plugin --password=password