Merge branch '2.2' into 2.3

2019-01-03 09:21:47 +02:00
parent 35d31801bb 8f0e4a3034
commit 26da72a41f
14 changed files with 235 additions and 148 deletions
--- a/server/modules/authenticator/MySQLAuth/dbusers.cc
+++ b/server/modules/authenticator/MySQLAuth/dbusers.cc
@ -162,7 +162,8 @@ static char* get_users_query(const char* server_version, int version, bool inclu
 {
    if (is_mariadb)     // 10.1.1 or newer, supports default roles
    {
-        return version >= 100202 ?
+        // Require 10.2.15 due to MDEV-15840 and MDEV-15556
+        return version >= 100215 ?
               get_mariadb_102_users_query(include_root) :
               get_mariadb_users_query(include_root);
    }
--- a/server/modules/authenticator/MySQLAuth/mysql_auth.cc
+++ b/server/modules/authenticator/MySQLAuth/mysql_auth.cc
@ -285,9 +285,9 @@ static bool is_localhost_address(struct sockaddr_storage* addr)
 */
 static int mysql_auth_authenticate(DCB* dcb)
 {
-    int auth_ret = ssl_authenticate_check_status(dcb);
+    int auth_ret = MXS_AUTH_SSL_COMPLETE;
    MYSQL_session* client_data = (MYSQL_session*)dcb->data;
-    if (auth_ret == MXS_AUTH_SSL_COMPLETE && *client_data->user)
+    if (*client_data->user)
    {
        MXS_DEBUG("Receiving connection from '%s' to database '%s'.",
                  client_data->user,
--- a/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
+++ b/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
@ -332,9 +332,9 @@ Buffer PamClientSession::create_auth_change_packet() const

 int PamClientSession::authenticate(DCB* dcb)
 {
-    int rval = ssl_authenticate_check_status(dcb);
+    int rval = MXS_AUTH_SSL_COMPLETE;
    MYSQL_session* ses = static_cast<MYSQL_session*>(dcb->data);
-    if (rval == MXS_AUTH_SSL_COMPLETE && *ses->user)
+    if (*ses->user)
    {
        rval = MXS_AUTH_FAILED;
        if (m_state == PAM_AUTH_INIT)
--- a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc
+++ b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc
@ -225,10 +225,9 @@ std::string get_version_string(SERVICE* service)
    }

    // Older applications don't understand versions other than 5 and cause strange problems
-    const char prefix[] = "5.5.5-";
-
-    if (strncmp(rval.c_str(), prefix, sizeof(prefix) - 1) != 0)
+    if (rval[0] != '5')
    {
+        const char prefix[] = "5.5.5-";
        rval = prefix + rval;
    }

@ -735,7 +734,13 @@ static int gw_read_do_authentication(DCB* dcb, GWBUF* read_buffer, int nbytes_re
    int auth_val = MXS_AUTH_FAILED;
    if (dcb->authfunc.extract(dcb, read_buffer))
    {
-        auth_val = dcb->authfunc.authenticate(dcb);
+        auth_val = ssl_authenticate_check_status(dcb);
+
+        if (auth_val == MXS_AUTH_SSL_COMPLETE)
+        {
+            // TLS connection phase complete
+            auth_val = dcb->authfunc.authenticate(dcb);
+        }
    }
    else
    {