Added service user to mysql_users
Added service user to mysql_users
[MaxInfo]
type=service
router=maxinfo
user=monitor
passwd=EBD2F49C3B375812A8CDEBA632ED8BBC
This commit is contained in:
MassimilianoPinto
parent
54ee63cade
commit
4701604965
@ -7,11 +7,15 @@ The plugin is capable of returning data in one of two ways, either as MySQL resu
|
||||
|
||||
The plugin is configured in the MaxScale.cnf plugin in much the same way as any other router service is configured, there needs to be a service section in the configuration file and also listeners defined for that service. The service does not however require any backend servers to be associated with it, or any monitors.
|
||||
|
||||
The service entry merely needs to define the service name, the type as service and the router module to load.
|
||||
The service entry needs to define the service name, the type as service and the router module to load.
|
||||
The specified user, with the password (plain or encrypted via maxpassword utility) is allowed to connect via MySQL protocol.
|
||||
Currently the user can connect to maxinfo from any remote IP and to localhost as well.
|
||||
|
||||
[MaxInfo]
|
||||
type=service
|
||||
router=maxinfo
|
||||
user=monitor
|
||||
passwd=EBD2F49C3B375812A8CDEBA632ED8BBC
|
||||
|
||||
The listener section defines the protocol, port and other information needed to create a listener for the service. To listen on a port using the MySQL protocol a section as shown below should be added to the configuration file.
|
||||
|
||||
@ -44,9 +48,9 @@ As with any other listeners within MaxScale the listeners can be bound to a part
|
||||
|
||||
The maxinfo supports a small subset of SQL statements in addition to the MySQL status and ping requests. These may be used for simple monitoring of MaxScale.
|
||||
|
||||
% mysqladmin -hmaxscale.mariadb.com -P9003 -umonitor ping
|
||||
% mysqladmin -hmaxscale.mariadb.com -P9003 -umonitor -pxyz ping
|
||||
mysqld is alive
|
||||
% mysqladmin -hmaxscale.mariadb.com -P9003 -umonitor status
|
||||
% mysqladmin -hmaxscale.mariadb.com -P9003 -umonitor -pxyz status
|
||||
Uptime: 72 Threads: 1 Sessions: 11
|
||||
%
|
||||
|
||||
|
||||
@ -42,6 +42,7 @@
|
||||
#include <poll.h>
|
||||
#include <skygw_utils.h>
|
||||
#include <log_manager.h>
|
||||
#include <secrets.h>
|
||||
|
||||
/** Defined in log_manager.cc */
|
||||
extern int lm_enabled_logfiles_bitmask;
|
||||
@ -235,3 +236,30 @@ int gw_getsockerrno(
|
||||
return_eno:
|
||||
return eno;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a HEX(SHA1(SHA1(password)))
|
||||
*
|
||||
* @param password The password to encrypt
|
||||
* @return The new allocated encrypted password, that the caller must free
|
||||
*
|
||||
*/
|
||||
char *create_hex_sha1_sha1_passwd(char *passwd) {
|
||||
uint8_t hash1[SHA_DIGEST_LENGTH]="";
|
||||
uint8_t hash2[SHA_DIGEST_LENGTH]="";
|
||||
char *hexpasswd=NULL;
|
||||
|
||||
if ((hexpasswd = (char *)calloc(SHA_DIGEST_LENGTH * 2 + 1, 1)) == NULL)
|
||||
return NULL;
|
||||
|
||||
/* hash1 is SHA1(real_password) */
|
||||
gw_sha1_str((uint8_t *)passwd, strlen(passwd), hash1);
|
||||
|
||||
/* hash2 is the SHA1(input data), where input_data = SHA1(real_password) */
|
||||
gw_sha1_str(hash1, SHA_DIGEST_LENGTH, hash2);
|
||||
|
||||
/* dbpass is the HEX form of SHA1(SHA1(real_password)) */
|
||||
gw_bin2hex(hexpasswd, hash2, SHA_DIGEST_LENGTH);
|
||||
|
||||
return hexpasswd;
|
||||
}
|
||||
|
||||
@ -23,8 +23,9 @@
|
||||
* @verbatim
|
||||
* Revision History
|
||||
*
|
||||
* Date Who Description
|
||||
* 16/02/15 Mark Riddoch Initial implementation
|
||||
* Date Who Description
|
||||
* 16/02/15 Mark Riddoch Initial implementation
|
||||
* 27/02/15 Massimiliano Pinto Added maxinfo_add_mysql_user
|
||||
*
|
||||
* @endverbatim
|
||||
*/
|
||||
@ -50,6 +51,9 @@
|
||||
#include <resultset.h>
|
||||
#include <version.h>
|
||||
#include <resultset.h>
|
||||
#include <secrets.h>
|
||||
#include <users.h>
|
||||
#include <dbusers.h>
|
||||
|
||||
|
||||
MODULE_INFO info = {
|
||||
@ -64,12 +68,15 @@ extern int lm_enabled_logfiles_bitmask;
|
||||
extern size_t log_ses_count[];
|
||||
extern __thread log_info_t tls_log_info;
|
||||
|
||||
extern char *create_hex_sha1_sha1_passwd(char *passwd);
|
||||
|
||||
static char *version_str = "V1.0.0";
|
||||
|
||||
static int maxinfo_statistics(INFO_INSTANCE *, INFO_SESSION *, GWBUF *);
|
||||
static int maxinfo_ping(INFO_INSTANCE *, INFO_SESSION *, GWBUF *);
|
||||
static int maxinfo_execute_query(INFO_INSTANCE *, INFO_SESSION *, char *);
|
||||
static int handle_url(INFO_INSTANCE *instance, INFO_SESSION *router_session, GWBUF *queue);
|
||||
static int maxinfo_add_mysql_user(SERVICE *service);
|
||||
|
||||
|
||||
/* The router entry points */
|
||||
@ -189,18 +196,11 @@ int i;
|
||||
spinlock_release(&instlock);
|
||||
|
||||
/*
|
||||
* The following adds users to the service.
|
||||
* At some point this must be replaced with proper user management,
|
||||
* one option migh tbe to use the admin users having we only have
|
||||
* the crypt'd version of these. This means we can not creat the
|
||||
* SHA1 of the raw password. Another mechansim is going to be
|
||||
* required to support these users.
|
||||
* As a temporary measure we will allow the user monitor with no
|
||||
* The following add the service user to service->users via mysql_users_alloc()
|
||||
* password to be used.
|
||||
*/
|
||||
service->users = (void *)mysql_users_alloc();
|
||||
(void)add_mysql_users_with_host_ipv4(service->users, "monitor", "%", "", "Y", "");
|
||||
(void)add_mysql_users_with_host_ipv4(service->users, "monitor", "localhost", "", "Y", "");
|
||||
|
||||
maxinfo_add_mysql_user(service);
|
||||
|
||||
return (ROUTER *)inst;
|
||||
}
|
||||
@ -746,3 +746,58 @@ RESULTSET *set;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add the service user to the service->users
|
||||
* via mysql_users_alloc and add_mysql_users_with_host_ipv4
|
||||
* User is added for '%' and 'localhost' hosts
|
||||
*
|
||||
* @param service The service for this router
|
||||
* @return 0 on success, 1 on failure
|
||||
*/
|
||||
static int
|
||||
maxinfo_add_mysql_user(SERVICE *service) {
|
||||
char *dpwd = NULL;
|
||||
char *newpasswd = NULL;
|
||||
char *service_user = NULL;
|
||||
char *service_passwd = NULL;
|
||||
|
||||
if (serviceGetUser(service, &service_user, &service_passwd) == 0) {
|
||||
LOGIF(LE, (skygw_log_write_flush(LOGFILE_ERROR,
|
||||
"maxinfo: failed to get service user details")));
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
dpwd = decryptPassword(service->credentials.authdata);
|
||||
|
||||
if (!dpwd) {
|
||||
LOGIF(LE, (skygw_log_write_flush(LOGFILE_ERROR,
|
||||
"maxinfo: decrypt password failed for service user %s",
|
||||
service_user)));
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
service->users = (void *)mysql_users_alloc();
|
||||
|
||||
newpasswd = create_hex_sha1_sha1_passwd(dpwd);
|
||||
|
||||
if (!newpasswd) {
|
||||
LOGIF(LE, (skygw_log_write_flush(LOGFILE_ERROR,
|
||||
"maxinfo: create hex_sha1_sha1_password failed for service user %s",
|
||||
service_user)));
|
||||
users_free(service->users);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* add service user for % and localhost */
|
||||
(void)add_mysql_users_with_host_ipv4(service->users, service->credentials.name, "%", newpasswd, "Y", "");
|
||||
(void)add_mysql_users_with_host_ipv4(service->users, service->credentials.name, "localhost", newpasswd, "Y", "");
|
||||
|
||||
free(newpasswd);
|
||||
free(dpwd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user