hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.1' into 2.2

Browse Source
This commit is contained in:
Markus Mäkelä
2017-09-26 14:29:14 +03:00
parent 118da6c645 df4f3cb302
commit 2633ad2fe4
13 changed files with 391 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/modules/authenticator/MySQLAuth/dbusers.c
View File

@ -182,17 +182,25 @@ static int auth_cb(void *data, int columns, char** rows, char** row_names)
return 0;
}
int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
uint8_t *scramble, size_t scramble_len)
{
sqlite3 *handle = instance->handle;
size_t len = sizeof(mysqlauth_validate_user_query) + strlen(session->user) * 2 +
strlen(session->db) * 2 + MYSQL_HOST_MAXLEN + session->auth_token_len * 4 + 1;
char sql[len + 1];
int rval = MXS_AUTH_FAILED;
char *err;
sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
dcb->remote, session->db, session->db);
if (instance->skip_auth)
{
sprintf(sql, mysqlauth_skip_auth_query, session->user, session->db, session->db);
}
else
{
sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
dcb->remote, session->db, session->db);
}
struct user_query_result res = {};

9
server/modules/authenticator/MySQLAuth/mysql_auth.c
View File

@ -304,19 +304,18 @@ mysql_auth_authenticate(DCB *dcb)
MYSQL_AUTH *instance = (MYSQL_AUTH*)dcb->listener->auth_instance;
MySQLProtocol *protocol = DCB_PROTOCOL(dcb, MySQLProtocol);
auth_ret = validate_mysql_user(instance->handle, dcb, client_data,
auth_ret = validate_mysql_user(instance, dcb, client_data,
protocol->scramble, sizeof(protocol->scramble));
if (auth_ret != MXS_AUTH_SUCCEEDED &&
!instance->skip_auth &&
service_refresh_users(dcb->service) == 0)
{
auth_ret = validate_mysql_user(instance->handle, dcb, client_data,
auth_ret = validate_mysql_user(instance, dcb, client_data,
protocol->scramble, sizeof(protocol->scramble));
}
/* on successful authentication, set user into dcb field */
if (auth_ret == MXS_AUTH_SUCCEEDED || instance->skip_auth)
if (auth_ret == MXS_AUTH_SUCCEEDED)
{
auth_ret = MXS_AUTH_SUCCEEDED;
dcb->user = MXS_STRDUP_A(client_data->user);
@ -638,7 +637,7 @@ int mysql_auth_reauthenticate(DCB *dcb, const char *user,
temp.auth_token_len = token_len;
MYSQL_AUTH *instance = (MYSQL_AUTH*)dcb->listener->auth_instance;
int rc = validate_mysql_user(instance->handle, dcb, &temp, scramble, scramble_len);
int rc = validate_mysql_user(instance, dcb, &temp, scramble, scramble_len);
if (rc == MXS_AUTH_SUCCEEDED)
{

12
server/modules/authenticator/MySQLAuth/mysql_auth.h
View File

@ -66,6 +66,12 @@ static const char mysqlauth_validate_user_query[] =
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" LIMIT 1";
/** Query that only checks if there's a matching user */
static const char mysqlauth_skip_auth_query[] =
"SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
" WHERE user = '%s' AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" LIMIT 1";
/** Query that checks that the database exists */
static const char mysqlauth_validate_database_query[] =
"SELECT * FROM " MYSQLAUTH_DATABASES_TABLE_NAME " WHERE db = '%s' LIMIT 1";
@ -181,7 +187,7 @@ int replace_mysql_users(SERV_LISTENER *listener, bool skip_local);
/**
* @brief Verify the user has access to the database
*
* @param handle SQLite handle to MySQLAuth user database
* @param instance MySQLAuth instance
* @param dcb Client DCB
* @param session Shared MySQL session
* @param scramble The scramble sent to the client in the initial handshake
@ -189,7 +195,7 @@ int replace_mysql_users(SERV_LISTENER *listener, bool skip_local);
*
* @return MXS_AUTH_SUCCEEDED if the user has access to the database
*/
int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
uint8_t *scramble, size_t scramble_len);
int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
uint8_t *scramble, size_t scramble_len);
MXS_END_DECLS