hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1451: Calculate password even with skip_authentication=true

Browse Source 
The result of the authentication should be ignored but the scramble that
is calculated as a side-effect still needs to be stored. This can be done
by altering the SQL used to get the matching row to only match on the
username, not the network address.

Also expanded the test case to cover the use of bad credentials.
This commit is contained in:
Markus Mäkelä
2017-09-25 14:47:12 +03:00
parent 6601f15ff8
commit 2079bba49c
4 changed files with 29 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/modules/authenticator/MySQLAuth/dbusers.c
View File

@ -182,17 +182,25 @@ static int auth_cb(void *data, int columns, char** rows, char** row_names)
return 0;
}
int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
uint8_t *scramble, size_t scramble_len)
{
sqlite3 *handle = instance->handle;
size_t len = sizeof(mysqlauth_validate_user_query) + strlen(session->user) * 2 +
strlen(session->db) * 2 + MYSQL_HOST_MAXLEN + session->auth_token_len * 4 + 1;
char sql[len + 1];
int rval = MXS_AUTH_FAILED;
char *err;
sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
dcb->remote, session->db, session->db);
if (instance->skip_auth)
{
sprintf(sql, mysqlauth_skip_auth_query, session->user, session->db, session->db);
}
else
{
sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
dcb->remote, session->db, session->db);
}
struct user_query_result res = {};