hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix empty password detection

Browse Source 
If a user was defined without a password, the authentication would fail.
This commit is contained in:
Markus Mäkelä
2017-02-13 12:59:06 +02:00
parent d25d0e9c4e
commit 5eed48942f
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/modules/authenticator/MySQLAuth/dbusers.c
View File

@ -160,6 +160,11 @@ static bool check_database(sqlite3 *handle, const char *database)
return rval;
}
static bool no_password_required(const char *result, size_t tok_len)
{
return *result == '\0' && tok_len == 0;
}
/** Used to detect empty result sets */
struct user_query_result
{
@ -218,7 +223,8 @@ int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
{
/** Found a matching row */
if (check_password(res.output, session->auth_token, session->auth_token_len,
if (no_password_required(res.output, session->auth_token_len) ||
check_password(res.output, session->auth_token, session->auth_token_len,
scramble, scramble_len, session->client_sha1))
{
/** Password is OK, check that the database exists */