hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format authenticator and protocol modules

Browse Source
This commit is contained in:
Markus Mäkelä
2019-05-09 10:47:55 +03:00
parent 0d13e694e4
commit 6625c1296b
22 changed files with 609 additions and 610 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
server/modules/authenticator/PAM/PAMAuth/pam_auth.cc
View File

@ -158,41 +158,41 @@ extern "C"
/**
* Module handle entry point
*/
MXS_MODULE* MXS_CREATE_MODULE()
MXS_MODULE* MXS_CREATE_MODULE()
{
static MXS_AUTHENTICATOR MyObject =
{
static MXS_AUTHENTICATOR MyObject =
{
pam_auth_init, /* Initialize authenticator */
pam_auth_alloc, /* Allocate authenticator data */
pam_auth_extract, /* Extract data into structure */
pam_auth_connectssl, /* Check if client supports SSL */
pam_auth_authenticate, /* Authenticate user credentials */
pam_auth_free_data, /* Free the client data held in DCB */
pam_auth_free, /* Free authenticator data */
pam_auth_load_users, /* Load database users */
pam_auth_diagnostic, /* Default user diagnostic */
pam_auth_diagnostic_json, /* Default user diagnostic */
NULL /* No user reauthentication */
};
pam_auth_init, /* Initialize authenticator */
pam_auth_alloc, /* Allocate authenticator data */
pam_auth_extract, /* Extract data into structure */
pam_auth_connectssl, /* Check if client supports SSL */
pam_auth_authenticate, /* Authenticate user credentials */
pam_auth_free_data, /* Free the client data held in DCB */
pam_auth_free, /* Free authenticator data */
pam_auth_load_users, /* Load database users */
pam_auth_diagnostic, /* Default user diagnostic */
pam_auth_diagnostic_json, /* Default user diagnostic */
NULL /* No user reauthentication */
};
static MXS_MODULE info =
static MXS_MODULE info =
{
MXS_MODULE_API_AUTHENTICATOR,
MXS_MODULE_GA,
MXS_AUTHENTICATOR_VERSION,
"PAM authenticator",
"V1.0.0",
MXS_NO_MODULE_CAPABILITIES,
&MyObject,
NULL, /* Process init. */
NULL, /* Process finish. */
NULL, /* Thread init. */
NULL, /* Thread finish. */
{
MXS_MODULE_API_AUTHENTICATOR,
MXS_MODULE_GA,
MXS_AUTHENTICATOR_VERSION,
"PAM authenticator",
"V1.0.0",
MXS_NO_MODULE_CAPABILITIES,
&MyObject,
NULL, /* Process init. */
NULL, /* Process finish. */
NULL, /* Thread init. */
NULL, /* Thread finish. */
{
{MXS_END_MODULE_PARAMS}
}
};
{MXS_END_MODULE_PARAMS}
}
};
return &info;
}
return &info;
}
}

7
server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
View File

@ -74,7 +74,6 @@ int user_services_cb(void* data, int columns, char** column_vals, char** column_
}
return 0;
}
}
PamClientSession::PamClientSession(sqlite3* dbhandle, const PamInstance& instance)
@ -137,8 +136,8 @@ void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session
}
auto word_entry = [](size_t num) -> const char* {
return (num == 1) ? "entry" : "entries";
};
return (num == 1) ? "entry" : "entries";
};
if (!services_out->empty())
{
@ -152,7 +151,7 @@ void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session
// Check if a matching anonymous user exists.
const string anon_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename
+ " WHERE " + FIELD_USER + " = ''"
+ " AND '" + dcb->remote + "' LIKE " + FIELD_HOST +
+ " AND '" + dcb->remote + "' LIKE " + FIELD_HOST
+ " AND " + FIELD_PROXY + " = '1' ORDER BY authentication_string;";
MXS_DEBUG("PAM proxy user services search sql: '%s'.", anon_query.c_str());

4
server/modules/authenticator/PAM/PAMAuth/pam_client_session.hh
View File

@ -33,7 +33,9 @@ public:
bool extract(DCB* dcb, GWBUF* read_buffer);
private:
PamClientSession(sqlite3* dbhandle, const PamInstance& instance);
void get_pam_user_services(const DCB* dcb, const MYSQL_session* session, StringVector* services_out);
void get_pam_user_services(const DCB* dcb,
const MYSQL_session* session,
StringVector* services_out);
maxscale::Buffer create_auth_change_packet() const;
pam_auth_state m_state; /**< Authentication state*/

20
server/modules/authenticator/PAM/PAMAuth/pam_instance.cc
View File

@ -242,10 +242,10 @@ int PamInstance::load_users(SERVICE* service)
MYSQL_ROW row;
while ((row = mysql_fetch_row(res)))
{
add_pam_user(row[0], row[1], // user, host
row[2], row[3] && strcasecmp(row[3], "Y") == 0, // db, anydb
row[4], // pam service
false); // not a proxy
add_pam_user(row[0], row[1], // user, host
row[2], row[3] && strcasecmp(row[3], "Y") == 0,// db, anydb
row[4], // pam service
false); // not a proxy
}
mysql_free_result(res);
}
@ -357,13 +357,13 @@ bool PamInstance::fetch_anon_proxy_users(SERVER* server, MYSQL* conn)
if (!anon_users_info.empty())
{
MXS_INFO("Found %lu anonymous PAM user(s). Checking them for proxy grants.",
anon_users_info.size());
MXS_INFO("Found %lu anonymous PAM user(s). Checking them for proxy grants.",
anon_users_info.size());
}
for (const auto& elem : anon_users_info)
{
string query = "SHOW GRANTS FOR ''@'" + elem.first + "';";
string query = "SHOW GRANTS FOR ''@'" + elem.first + "';";
// Check that the anon user has a proxy grant.
if (mysql_query(conn, query.c_str()))
{
@ -381,9 +381,9 @@ bool PamInstance::fetch_anon_proxy_users(SERVER* server, MYSQL* conn)
{
if (row[0] && strncmp(row[0], GRANT_PROXY, sizeof(GRANT_PROXY) - 1) == 0)
{
add_pam_user("", elem.first.c_str(), // user, host
NULL, false, // Unused
elem.second.c_str(), true); // service, proxy
add_pam_user("", elem.first.c_str(), // user, host
NULL, false, // Unused
elem.second.c_str(), true);// service, proxy
break;
}
}

66
server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_auth.cc
View File

@ -75,41 +75,41 @@ extern "C"
/**
* Module handle entry point
*/
MXS_MODULE* MXS_CREATE_MODULE()
MXS_MODULE* MXS_CREATE_MODULE()
{
static MXS_AUTHENTICATOR MyObject =
{
static MXS_AUTHENTICATOR MyObject =
{
NULL, /* No initialize entry point */
pam_backend_auth_alloc, /* Allocate authenticator data */
pam_backend_auth_extract, /* Extract data into structure */
pam_backend_auth_connectssl, /* Check if client supports SSL */
pam_backend_auth_authenticate, /* Authenticate user credentials */
NULL, /* Client plugin will free shared data */
pam_backend_auth_free, /* Free authenticator data */
NULL, /* Load users from backend databases */
NULL, /* No diagnostic */
NULL,
NULL /* No user reauthentication */
};
NULL, /* No initialize entry point */
pam_backend_auth_alloc, /* Allocate authenticator data */
pam_backend_auth_extract, /* Extract data into structure */
pam_backend_auth_connectssl, /* Check if client supports SSL */
pam_backend_auth_authenticate, /* Authenticate user credentials */
NULL, /* Client plugin will free shared data */
pam_backend_auth_free, /* Free authenticator data */
NULL, /* Load users from backend databases */
NULL, /* No diagnostic */
NULL,
NULL /* No user reauthentication */
};
static MXS_MODULE info =
static MXS_MODULE info =
{
MXS_MODULE_API_AUTHENTICATOR,
MXS_MODULE_ALPHA_RELEASE,
MXS_AUTHENTICATOR_VERSION,
"PAM backend authenticator",
"V1.0.0",
MXS_NO_MODULE_CAPABILITIES,
&MyObject,
NULL, /* Process init. */
NULL, /* Process finish. */
NULL, /* Thread init. */
NULL, /* Thread finish. */
{
MXS_MODULE_API_AUTHENTICATOR,
MXS_MODULE_ALPHA_RELEASE,
MXS_AUTHENTICATOR_VERSION,
"PAM backend authenticator",
"V1.0.0",
MXS_NO_MODULE_CAPABILITIES,
&MyObject,
NULL, /* Process init. */
NULL, /* Process finish. */
NULL, /* Thread init. */
NULL, /* Thread finish. */
{
{MXS_END_MODULE_PARAMS}
}
};
{MXS_END_MODULE_PARAMS}
}
};
return &info;
}
return &info;
}
}