Made service permission checks less strict.
This commit is contained in:
Markus Makela
@ -2397,14 +2397,18 @@ bool check_service_permissions(SERVICE* service)
|
|||||||
if(mysql_real_connect(mysql,server->server->name,user,dpasswd,NULL,server->server->port,NULL,0) == NULL)
|
if(mysql_real_connect(mysql,server->server->name,user,dpasswd,NULL,server->server->port,NULL,0) == NULL)
|
||||||
{
|
{
|
||||||
skygw_log_write(LE,"%s: Error: Failed to connect to server %s(%s:%d) when"
|
skygw_log_write(LE,"%s: Error: Failed to connect to server %s(%s:%d) when"
|
||||||
" checking authentication user credentials and permissions.",
|
" checking authentication user credentials and permissions: %d %s",
|
||||||
service->name,
|
service->name,
|
||||||
server->server->unique_name,
|
server->server->unique_name,
|
||||||
server->server->name,
|
server->server->name,
|
||||||
server->server->port);
|
server->server->port,
|
||||||
|
mysql_errno(mysql),
|
||||||
|
mysql_error(mysql));
|
||||||
mysql_close(mysql);
|
mysql_close(mysql);
|
||||||
free(dpasswd);
|
free(dpasswd);
|
||||||
return false;
|
|
||||||
|
/** We don't know enough about user permissions */
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(mysql_query(mysql,"SELECT user, host, password,Select_priv FROM mysql.user limit 1") != 0)
|
if(mysql_query(mysql,"SELECT user, host, password,Select_priv FROM mysql.user limit 1") != 0)
|
||||||
@ -2414,6 +2418,7 @@ bool check_service_permissions(SERVICE* service)
|
|||||||
skygw_log_write(LE,"%s: Error: User '%s' is missing SELECT privileges"
|
skygw_log_write(LE,"%s: Error: User '%s' is missing SELECT privileges"
|
||||||
" on mysql.user table. MySQL error message: %s",
|
" on mysql.user table. MySQL error message: %s",
|
||||||
service->name,user,mysql_error(mysql));
|
service->name,user,mysql_error(mysql));
|
||||||
|
rval = false;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -2421,7 +2426,6 @@ bool check_service_permissions(SERVICE* service)
|
|||||||
" MySQL error message: %s",
|
" MySQL error message: %s",
|
||||||
service->name,mysql_error(mysql));
|
service->name,mysql_error(mysql));
|
||||||
}
|
}
|
||||||
rval = false;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -2432,9 +2436,8 @@ bool check_service_permissions(SERVICE* service)
|
|||||||
service->name,mysql_error(mysql));
|
service->name,mysql_error(mysql));
|
||||||
mysql_close(mysql);
|
mysql_close(mysql);
|
||||||
free(dpasswd);
|
free(dpasswd);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
mysql_free_result(res);
|
mysql_free_result(res);
|
||||||
}
|
}
|
||||||
if(mysql_query(mysql,"SELECT user, host, db FROM mysql.db limit 1") != 0)
|
if(mysql_query(mysql,"SELECT user, host, db FROM mysql.db limit 1") != 0)
|
||||||
@ -2443,13 +2446,13 @@ bool check_service_permissions(SERVICE* service)
|
|||||||
{
|
{
|
||||||
skygw_log_write(LE,"%s: Error: User '%s' is missing SELECT privileges on mysql.db table. MySQL error message: %s",
|
skygw_log_write(LE,"%s: Error: User '%s' is missing SELECT privileges on mysql.db table. MySQL error message: %s",
|
||||||
service->name,user,mysql_error(mysql));
|
service->name,user,mysql_error(mysql));
|
||||||
|
rval = false;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
skygw_log_write(LE,"%s: Error: Failed to query from mysql.db table. MySQL error message: %s",
|
skygw_log_write(LE,"%s: Error: Failed to query from mysql.db table. MySQL error message: %s",
|
||||||
service->name,mysql_error(mysql));
|
service->name,mysql_error(mysql));
|
||||||
}
|
}
|
||||||
rval = false;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -2457,7 +2460,6 @@ bool check_service_permissions(SERVICE* service)
|
|||||||
{
|
{
|
||||||
skygw_log_write(LE,"%s: Error: Result retrieval failed when checking for permissions to the mysql.db table: %s",
|
skygw_log_write(LE,"%s: Error: Result retrieval failed when checking for permissions to the mysql.db table: %s",
|
||||||
service->name,mysql_error(mysql));
|
service->name,mysql_error(mysql));
|
||||||
rval = false;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
@ -235,11 +235,11 @@ GWPROTOCOL *funcs;
|
|||||||
{
|
{
|
||||||
LOGIF(LE, (skygw_log_write_flush(
|
LOGIF(LE, (skygw_log_write_flush(
|
||||||
LOGFILE_ERROR,
|
LOGFILE_ERROR,
|
||||||
"Error : Unable to load users from %s:%d for "
|
"Error : Unable to load users for "
|
||||||
"service %s.",
|
"service %s listening at %s:%d.",
|
||||||
|
service->name,
|
||||||
(port->address == NULL ? "0.0.0.0" : port->address),
|
(port->address == NULL ? "0.0.0.0" : port->address),
|
||||||
port->port,
|
port->port)));
|
||||||
service->name)));
|
|
||||||
|
|
||||||
{
|
{
|
||||||
/* Try loading authentication data from file cache */
|
/* Try loading authentication data from file cache */
|
||||||
|
|||||||
Reference in New Issue
Block a user