hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added configuration options for different SSL modes.

Browse Source
This commit is contained in:
Markus Makela
2015-05-28 16:33:51 +03:00
parent 16d6bd6d2c
commit 3d6259cb00
4 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/core/config.c
View File

@ -345,6 +345,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL);
char *weightby; char *weightby;
char *version_string; char *version_string;
char *subservices; char *subservices;
char* ssl;
bool is_rwsplit = false; bool is_rwsplit = false;
bool is_schemarouter = false; bool is_schemarouter = false;
char *allow_localhost_match_wildcard_host; char *allow_localhost_match_wildcard_host;
@ -353,6 +354,8 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL);
user = config_get_value(obj->parameters, "user"); user = config_get_value(obj->parameters, "user");
auth = config_get_value(obj->parameters, "passwd"); auth = config_get_value(obj->parameters, "passwd");
subservices = config_get_value(obj->parameters, "subservices"); subservices = config_get_value(obj->parameters, "subservices");
ssl = config_get_value(obj->parameters, "ssl");
enable_root_user = config_get_value( enable_root_user = config_get_value(
obj->parameters, obj->parameters,
"enable_root_user"); "enable_root_user");
@ -444,6 +447,10 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL);
config_get_value(obj->parameters, config_get_value(obj->parameters,
"max_slave_replication_lag"); "max_slave_replication_lag");
if(ssl)
if(serviceSetSSL(obj->element,ssl) != 0)
skygw_log_write(LE,"Error: Unknown parameter for service '%s': %s",obj->object,ssl);
if (enable_root_user) if (enable_root_user)
serviceEnableRootUser( serviceEnableRootUser(
obj->element, obj->element,

20
server/core/service.c
View File

@ -136,7 +136,7 @@ SERVICE *service;
service->routerModule = strdup(router); service->routerModule = strdup(router);
service->users_from_all = false; service->users_from_all = false;
service->resources = NULL; service->resources = NULL;
service->ssl_mode = SSL_REQUIRED; service->ssl_mode = SSL_DISABLED;
if (service->name == NULL || service->routerModule == NULL) if (service->name == NULL || service->routerModule == NULL)
{ {
@ -858,12 +858,20 @@ serviceOptimizeWildcard(SERVICE *service, int action)
/** Enable or disable the service SSL capability*/ /** Enable or disable the service SSL capability*/
int int
serviceSetSSL(SERVICE *service, int action) serviceSetSSL(SERVICE *service, char* action)
{ {
if(action) int rval = 0;
if(strcasecmp(action,"required") == 0)
service->ssl_mode = SSL_REQUIRED; service->ssl_mode = SSL_REQUIRED;
else else if(strcasecmp(action,"enabled") == 0)
service->ssl_mode = SSL_ENABLED;
else if(strcasecmp(action,"disabled") == 0)
service->ssl_mode = SSL_DISABLED; service->ssl_mode = SSL_DISABLED;
else
rval = -1;
return rval;
} }
/** /**
@ -1029,6 +1037,8 @@ int i;
printf("\tUsers data: %p\n", (void *)service->users); printf("\tUsers data: %p\n", (void *)service->users);
printf("\tTotal connections: %d\n", service->stats.n_sessions); printf("\tTotal connections: %d\n", service->stats.n_sessions);
printf("\tCurrently connected: %d\n", service->stats.n_current); printf("\tCurrently connected: %d\n", service->stats.n_current);
printf("\tSSL: %s\n", service->ssl_mode == SSL_DISABLED ? "Disabled":
(service->ssl_mode == SSL_ENABLED ? "Enabled":"Required"));
} }
/** /**
@ -1138,6 +1148,8 @@ int i;
service->stats.n_sessions); service->stats.n_sessions);
dcb_printf(dcb, "\tCurrently connected: %d\n", dcb_printf(dcb, "\tCurrently connected: %d\n",
service->stats.n_current); service->stats.n_current);
dcb_printf(dcb,"\tSSL: %s\n", service->ssl_mode == SSL_DISABLED ? "Disabled":
(service->ssl_mode == SSL_ENABLED ? "Enabled":"Required"));
} }
/** /**

1
server/include/service.h
View File

@ -185,6 +185,7 @@ extern int serviceRestart(SERVICE *);
extern int serviceSetUser(SERVICE *, char *, char *); extern int serviceSetUser(SERVICE *, char *, char *);
extern int serviceGetUser(SERVICE *, char **, char **); extern int serviceGetUser(SERVICE *, char **, char **);
extern void serviceSetFilters(SERVICE *, char *); extern void serviceSetFilters(SERVICE *, char *);
extern int serviceSetSSL(SERVICE *service, char* action);
extern int serviceEnableRootUser(SERVICE *, int ); extern int serviceEnableRootUser(SERVICE *, int );
extern int serviceSetTimeout(SERVICE *, int ); extern int serviceSetTimeout(SERVICE *, int );
extern void serviceWeightBy(SERVICE *, char *); extern void serviceWeightBy(SERVICE *, char *);

12
server/modules/protocol/mysql_client.c
View File

@ -466,9 +466,21 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
/** Client didn't requested SSL when SSL mode was required*/ /** Client didn't requested SSL when SSL mode was required*/
if(!ssl && protocol->owner_dcb->service->ssl_mode == SSL_REQUIRED) if(!ssl && protocol->owner_dcb->service->ssl_mode == SSL_REQUIRED)
{ {
LOGIF(LT,(skygw_log_write(LT,"User %s@%s connected to service '%s' without SSL when SSL was required.",
protocol->owner_dcb->user,
protocol->owner_dcb->remote,
protocol->owner_dcb->service->name)));
return 1; return 1;
} }
if(LOG_IS_ENABLED(LT))
{
skygw_log_write(LT,"User %s@%s connected to service '%s' with SSL.",
protocol->owner_dcb->user,
protocol->owner_dcb->remote,
protocol->owner_dcb->service->name);
}
username = get_username_from_auth(username, client_auth_packet); username = get_username_from_auth(username, client_auth_packet);
if (username == NULL) if (username == NULL)