hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.1' into 2.2

Browse Source
This commit is contained in:
Markus Mäkelä 2018-01-19 11:47:13 +02:00
commit 05402208a5
6 changed files with 63 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
BUILD/build_rpm_local.sh
View File

@ -18,11 +18,11 @@ then
ctest --output-on-failure || exit 1
fi
if [ $remove_strip == "yes" ] ; then
sudo rm -rf /usr/bin/strip
sudo touch /usr/bin/strip
sudo chmod a+x /usr/bin/strip
fi
# Never strip binaries
sudo rm -rf /usr/bin/strip
sudo touch /usr/bin/strip
sudo chmod a+x /usr/bin/strip
sudo make package
res=$?
if [ $res != 0 ] ; then

13
Documentation/Authenticators/MySQL-Authenticator.md
View File

@ -67,3 +67,16 @@ injected into the list of users.
```
authenticator_options=inject_service_user=false
```
### `lower_case_table_names`
Enable case-insensitive identifier matching for authentication. This parameter
is disabled by default.
The parameter functions exactly as the MariaDB Server system variable
[lower_case_table_names](https://mariadb.com/kb/en/library/server-system-variables/#lower_case_table_names).
This makes the matching done by the authenticator on database names to be
case-insensitive by converting all names into their lowercase form.
**Note:** The identifier names are converted using an ASCII-only function. This
means that non-ASCII characters will retain their case-sensitivity.

51
server/core/gateway.cc
View File

@ -1398,15 +1398,15 @@ int main(int argc, char **argv)
char* cnf_file_arg = NULL; /*< conf filename from cmd-line arg */
THREAD log_flush_thr;
char* tmp_path;
char* tmp_var;
int option_index;
int *syslog_enabled = &config_get_global_options()->syslog; /** Log to syslog */
int *maxlog_enabled = &config_get_global_options()->maxlog; /** Log with MaxScale */
int *log_to_shm = &config_get_global_options()->log_to_shm; /** Log to shared memory */
MXS_CONFIG* cnf = config_get_global_options();
ss_dassert(cnf);
int *syslog_enabled = &cnf->syslog; /** Log to syslog */
int *maxlog_enabled = &cnf->maxlog; /** Log with MaxScale */
int *log_to_shm = &cnf->log_to_shm; /** Log to shared memory */
ssize_t log_flush_timeout_ms = 0;
sigset_t sigpipe_mask;
sigset_t saved_mask;
bool config_check = false;
bool to_stdout = false;
void (*exitfunp[4])(void) = { mxs_log_finish, cleanup_process_datadir, write_footer, NULL };
int numlocks = 0;
@ -1415,7 +1415,6 @@ int main(int argc, char **argv)
const char* specified_user = NULL;
config_set_global_defaults();
MXS_CONFIG* cnf = config_get_global_options();
ss_dassert(cnf);
maxscale_reset_starttime();
@ -1719,7 +1718,7 @@ int main(int argc, char **argv)
goto return_main;
case 'c':
config_check = true;
cnf->config_check = true;
break;
case 'p':
@ -1753,7 +1752,7 @@ int main(int argc, char **argv)
goto return_main;
}
if (config_check)
if (cnf->config_check)
{
daemon_mode = false;
to_stdout = true;
@ -1918,7 +1917,7 @@ int main(int argc, char **argv)
{
bool succp;
if (mkdir(get_logdir(), 0777) != 0 && errno != EEXIST)
if (!cnf->config_check && mkdir(get_logdir(), 0777) != 0 && errno != EEXIST)
{
fprintf(stderr,
"Error: Cannot create log directory: %s\n",
@ -1965,19 +1964,23 @@ int main(int argc, char **argv)
MXS_NOTICE("Commit: %s", MAXSCALE_COMMIT);
#endif
/*
* Set the data directory. We use a unique directory name to avoid conflicts
* if multiple instances of MaxScale are being run on the same machine.
*/
if (create_datadir(get_datadir(), datadir))
if (!cnf->config_check)
{
set_process_datadir(datadir);
}
else
{
MXS_ERROR("Cannot create data directory '%s': %d %s\n",
datadir, errno, mxs_strerror(errno));
goto return_main;
/*
* Set the data directory. We use a unique directory name to avoid conflicts
* if multiple instances of MaxScale are being run on the same machine.
*/
if (create_datadir(get_datadir(), datadir))
{
set_process_datadir(datadir);
}
else
{
char errbuf[MXS_STRERROR_BUFLEN];
MXS_ERROR("Cannot create data directory '%s': %d %s\n",
datadir, errno, strerror_r(errno, errbuf, sizeof(errbuf)));
goto return_main;
}
}
if (!daemon_mode)
@ -2027,9 +2030,7 @@ int main(int argc, char **argv)
goto return_main;
}
cnf->config_check = config_check;
if (!config_check)
if (!cnf->config_check)
{
/** Check if a MaxScale process is already running */
if (pid_file_exists())
@ -2130,7 +2131,7 @@ int main(int argc, char **argv)
goto return_main;
}
if (config_check)
if (cnf->config_check)
{
MXS_NOTICE("Configuration was successfully verified.");
rc = MAXSCALE_SHUTDOWN;

11
server/modules/authenticator/MySQLAuth/dbusers.c
View File

@ -184,7 +184,10 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
uint8_t *scramble, size_t scramble_len)
{
sqlite3 *handle = get_handle(instance);
size_t len = sizeof(mysqlauth_validate_user_query) + strlen(session->user) * 2 +
const char* validate_query = instance->lower_case_table_names ?
mysqlauth_validate_user_query_lower :
mysqlauth_validate_user_query;
size_t len = strlen(validate_query) + 1 + strlen(session->user) * 2 +
strlen(session->db) * 2 + MYSQL_HOST_MAXLEN + session->auth_token_len * 4 + 1;
char sql[len + 1];
int rval = MXS_AUTH_FAILED;
@ -196,7 +199,7 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
}
else
{
sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
sprintf(sql, validate_query, session->user, dcb->remote,
dcb->remote, session->db, session->db);
}
@ -212,7 +215,7 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
if (!res.ok && strchr(dcb->remote, ':') && strchr(dcb->remote, '.'))
{
const char *ipv4 = strrchr(dcb->remote, ':') + 1;
sprintf(sql, mysqlauth_validate_user_query, session->user, ipv4, ipv4,
sprintf(sql, validate_query, session->user, ipv4, ipv4,
session->db, session->db);
if (sqlite3_exec(handle, sql, auth_cb, &res, &err) != SQLITE_OK)
@ -231,7 +234,7 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
char client_hostname[MYSQL_HOST_MAXLEN] = "";
get_hostname(dcb, client_hostname, sizeof(client_hostname) - 1);
sprintf(sql, mysqlauth_validate_user_query, session->user, client_hostname,
sprintf(sql, validate_query, session->user, client_hostname,
client_hostname, session->db, session->db);
if (sqlite3_exec(handle, sql, auth_cb, &res, &err) != SQLITE_OK)

5
server/modules/authenticator/MySQLAuth/mysql_auth.c
View File

@ -179,6 +179,7 @@ static void* mysql_auth_init(char **options)
instance->inject_service_user = true;
instance->skip_auth = false;
instance->check_permissions = true;
instance->lower_case_table_names = false;
for (int i = 0; options[i]; i++)
{
@ -204,6 +205,10 @@ static void* mysql_auth_init(char **options)
{
instance->skip_auth = config_truth_value(value);
}
else if (strcmp(options[i], "lower_case_table_names") == 0)
{
instance->lower_case_table_names = config_truth_value(value);
}
else
{
MXS_ERROR("Unknown authenticator option: %s", options[i]);

7
server/modules/authenticator/MySQLAuth/mysql_auth.h
View File

@ -66,6 +66,12 @@ static const char mysqlauth_validate_user_query[] =
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" LIMIT 1";
/** Query that checks if there's a grant for the user being authenticated */
static const char mysqlauth_validate_user_query_lower[] =
"SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR LOWER('%s') LIKE LOWER(db))"
" LIMIT 1";
/** Query that only checks if there's a matching user */
static const char mysqlauth_skip_auth_query[] =
"SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
@ -111,6 +117,7 @@ typedef struct mysql_auth
bool inject_service_user; /**< Inject the service user into the list of users */
bool skip_auth; /**< Authentication will always be successful */
bool check_permissions;
bool lower_case_table_names; /**< Disable database case-sensitivity */
} MYSQL_AUTH;
/**