Merge branch '2.1' into 2.2
This commit is contained in:
Markus Mäkelä
@ -184,7 +184,10 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
|
||||
uint8_t *scramble, size_t scramble_len)
|
||||
{
|
||||
sqlite3 *handle = get_handle(instance);
|
||||
size_t len = sizeof(mysqlauth_validate_user_query) + strlen(session->user) * 2 +
|
||||
const char* validate_query = instance->lower_case_table_names ?
|
||||
mysqlauth_validate_user_query_lower :
|
||||
mysqlauth_validate_user_query;
|
||||
size_t len = strlen(validate_query) + 1 + strlen(session->user) * 2 +
|
||||
strlen(session->db) * 2 + MYSQL_HOST_MAXLEN + session->auth_token_len * 4 + 1;
|
||||
char sql[len + 1];
|
||||
int rval = MXS_AUTH_FAILED;
|
||||
@ -196,7 +199,7 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
|
||||
}
|
||||
else
|
||||
{
|
||||
sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
|
||||
sprintf(sql, validate_query, session->user, dcb->remote,
|
||||
dcb->remote, session->db, session->db);
|
||||
}
|
||||
|
||||
@ -212,7 +215,7 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
|
||||
if (!res.ok && strchr(dcb->remote, ':') && strchr(dcb->remote, '.'))
|
||||
{
|
||||
const char *ipv4 = strrchr(dcb->remote, ':') + 1;
|
||||
sprintf(sql, mysqlauth_validate_user_query, session->user, ipv4, ipv4,
|
||||
sprintf(sql, validate_query, session->user, ipv4, ipv4,
|
||||
session->db, session->db);
|
||||
|
||||
if (sqlite3_exec(handle, sql, auth_cb, &res, &err) != SQLITE_OK)
|
||||
@ -231,7 +234,7 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
|
||||
char client_hostname[MYSQL_HOST_MAXLEN] = "";
|
||||
get_hostname(dcb, client_hostname, sizeof(client_hostname) - 1);
|
||||
|
||||
sprintf(sql, mysqlauth_validate_user_query, session->user, client_hostname,
|
||||
sprintf(sql, validate_query, session->user, client_hostname,
|
||||
client_hostname, session->db, session->db);
|
||||
|
||||
if (sqlite3_exec(handle, sql, auth_cb, &res, &err) != SQLITE_OK)
|
||||
|
||||
@ -179,6 +179,7 @@ static void* mysql_auth_init(char **options)
|
||||
instance->inject_service_user = true;
|
||||
instance->skip_auth = false;
|
||||
instance->check_permissions = true;
|
||||
instance->lower_case_table_names = false;
|
||||
|
||||
for (int i = 0; options[i]; i++)
|
||||
{
|
||||
@ -204,6 +205,10 @@ static void* mysql_auth_init(char **options)
|
||||
{
|
||||
instance->skip_auth = config_truth_value(value);
|
||||
}
|
||||
else if (strcmp(options[i], "lower_case_table_names") == 0)
|
||||
{
|
||||
instance->lower_case_table_names = config_truth_value(value);
|
||||
}
|
||||
else
|
||||
{
|
||||
MXS_ERROR("Unknown authenticator option: %s", options[i]);
|
||||
|
||||
@ -66,6 +66,12 @@ static const char mysqlauth_validate_user_query[] =
|
||||
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
|
||||
" LIMIT 1";
|
||||
|
||||
/** Query that checks if there's a grant for the user being authenticated */
|
||||
static const char mysqlauth_validate_user_query_lower[] =
|
||||
"SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
|
||||
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR LOWER('%s') LIKE LOWER(db))"
|
||||
" LIMIT 1";
|
||||
|
||||
/** Query that only checks if there's a matching user */
|
||||
static const char mysqlauth_skip_auth_query[] =
|
||||
"SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
|
||||
@ -111,6 +117,7 @@ typedef struct mysql_auth
|
||||
bool inject_service_user; /**< Inject the service user into the list of users */
|
||||
bool skip_auth; /**< Authentication will always be successful */
|
||||
bool check_permissions;
|
||||
bool lower_case_table_names; /**< Disable database case-sensitivity */
|
||||
} MYSQL_AUTH;
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user