From 6068850b181e5af1451a6668a227eb97212965e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Thu, 25 Jan 2018 17:47:24 +0200 Subject: [PATCH] MXS-1627: Only load users that use default auth plugin The list of users that is used for authentication shoudl only consist of users that do not use an explicit authentication plugin. This way authentication fails before any connections to the backend servers are done. --- server/modules/authenticator/MySQLAuth/dbusers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/modules/authenticator/MySQLAuth/dbusers.c b/server/modules/authenticator/MySQLAuth/dbusers.c index c1981272b..09f056a0a 100644 --- a/server/modules/authenticator/MySQLAuth/dbusers.c +++ b/server/modules/authenticator/MySQLAuth/dbusers.c @@ -44,11 +44,11 @@ #define NEW_LOAD_DBUSERS_QUERY "SELECT u.user, u.host, d.db, u.select_priv, u.%s \ FROM mysql.user AS u LEFT JOIN mysql.db AS d \ - ON (u.user = d.user AND u.host = d.host) %s \ + ON (u.user = d.user AND u.host = d.host) WHERE u.plugin = '' %s \ UNION \ SELECT u.user, u.host, t.db, u.select_priv, u.%s \ FROM mysql.user AS u LEFT JOIN mysql.tables_priv AS t \ - ON (u.user = t.user AND u.host = t.host) %s" + ON (u.user = t.user AND u.host = t.host) WHERE u.plugin = '' %s" static int get_users(SERV_LISTENER *listener, bool skip_local); static MYSQL *gw_mysql_init(void); @@ -59,7 +59,7 @@ static bool get_hostname(DCB *dcb, char *client_hostname, size_t size); static char* get_new_users_query(const char *server_version, bool include_root) { const char* password = strstr(server_version, "5.7.") ? MYSQL57_PASSWORD : MYSQL_PASSWORD; - const char *with_root = include_root ? "" : "WHERE u.user NOT IN ('root')"; + const char *with_root = include_root ? "" : " AND u.user NOT IN ('root')"; size_t n_bytes = snprintf(NULL, 0, NEW_LOAD_DBUSERS_QUERY, password, with_root, password, with_root); char *rval = MXS_MALLOC(n_bytes + 1);