Format authenticator and protocol modules
This commit is contained in:
Markus Mäkelä
@ -158,41 +158,41 @@ extern "C"
|
||||
/**
|
||||
* Module handle entry point
|
||||
*/
|
||||
MXS_MODULE* MXS_CREATE_MODULE()
|
||||
MXS_MODULE* MXS_CREATE_MODULE()
|
||||
{
|
||||
static MXS_AUTHENTICATOR MyObject =
|
||||
{
|
||||
static MXS_AUTHENTICATOR MyObject =
|
||||
{
|
||||
pam_auth_init, /* Initialize authenticator */
|
||||
pam_auth_alloc, /* Allocate authenticator data */
|
||||
pam_auth_extract, /* Extract data into structure */
|
||||
pam_auth_connectssl, /* Check if client supports SSL */
|
||||
pam_auth_authenticate, /* Authenticate user credentials */
|
||||
pam_auth_free_data, /* Free the client data held in DCB */
|
||||
pam_auth_free, /* Free authenticator data */
|
||||
pam_auth_load_users, /* Load database users */
|
||||
pam_auth_diagnostic, /* Default user diagnostic */
|
||||
pam_auth_diagnostic_json, /* Default user diagnostic */
|
||||
NULL /* No user reauthentication */
|
||||
};
|
||||
pam_auth_init, /* Initialize authenticator */
|
||||
pam_auth_alloc, /* Allocate authenticator data */
|
||||
pam_auth_extract, /* Extract data into structure */
|
||||
pam_auth_connectssl, /* Check if client supports SSL */
|
||||
pam_auth_authenticate, /* Authenticate user credentials */
|
||||
pam_auth_free_data, /* Free the client data held in DCB */
|
||||
pam_auth_free, /* Free authenticator data */
|
||||
pam_auth_load_users, /* Load database users */
|
||||
pam_auth_diagnostic, /* Default user diagnostic */
|
||||
pam_auth_diagnostic_json, /* Default user diagnostic */
|
||||
NULL /* No user reauthentication */
|
||||
};
|
||||
|
||||
static MXS_MODULE info =
|
||||
static MXS_MODULE info =
|
||||
{
|
||||
MXS_MODULE_API_AUTHENTICATOR,
|
||||
MXS_MODULE_GA,
|
||||
MXS_AUTHENTICATOR_VERSION,
|
||||
"PAM authenticator",
|
||||
"V1.0.0",
|
||||
MXS_NO_MODULE_CAPABILITIES,
|
||||
&MyObject,
|
||||
NULL, /* Process init. */
|
||||
NULL, /* Process finish. */
|
||||
NULL, /* Thread init. */
|
||||
NULL, /* Thread finish. */
|
||||
{
|
||||
MXS_MODULE_API_AUTHENTICATOR,
|
||||
MXS_MODULE_GA,
|
||||
MXS_AUTHENTICATOR_VERSION,
|
||||
"PAM authenticator",
|
||||
"V1.0.0",
|
||||
MXS_NO_MODULE_CAPABILITIES,
|
||||
&MyObject,
|
||||
NULL, /* Process init. */
|
||||
NULL, /* Process finish. */
|
||||
NULL, /* Thread init. */
|
||||
NULL, /* Thread finish. */
|
||||
{
|
||||
{MXS_END_MODULE_PARAMS}
|
||||
}
|
||||
};
|
||||
{MXS_END_MODULE_PARAMS}
|
||||
}
|
||||
};
|
||||
|
||||
return &info;
|
||||
}
|
||||
return &info;
|
||||
}
|
||||
}
|
||||
|
||||
@ -74,7 +74,6 @@ int user_services_cb(void* data, int columns, char** column_vals, char** column_
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
PamClientSession::PamClientSession(sqlite3* dbhandle, const PamInstance& instance)
|
||||
@ -137,8 +136,8 @@ void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session
|
||||
}
|
||||
|
||||
auto word_entry = [](size_t num) -> const char* {
|
||||
return (num == 1) ? "entry" : "entries";
|
||||
};
|
||||
return (num == 1) ? "entry" : "entries";
|
||||
};
|
||||
|
||||
if (!services_out->empty())
|
||||
{
|
||||
@ -152,7 +151,7 @@ void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session
|
||||
// Check if a matching anonymous user exists.
|
||||
const string anon_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename
|
||||
+ " WHERE " + FIELD_USER + " = ''"
|
||||
+ " AND '" + dcb->remote + "' LIKE " + FIELD_HOST +
|
||||
+ " AND '" + dcb->remote + "' LIKE " + FIELD_HOST
|
||||
+ " AND " + FIELD_PROXY + " = '1' ORDER BY authentication_string;";
|
||||
MXS_DEBUG("PAM proxy user services search sql: '%s'.", anon_query.c_str());
|
||||
|
||||
|
||||
@ -33,7 +33,9 @@ public:
|
||||
bool extract(DCB* dcb, GWBUF* read_buffer);
|
||||
private:
|
||||
PamClientSession(sqlite3* dbhandle, const PamInstance& instance);
|
||||
void get_pam_user_services(const DCB* dcb, const MYSQL_session* session, StringVector* services_out);
|
||||
void get_pam_user_services(const DCB* dcb,
|
||||
const MYSQL_session* session,
|
||||
StringVector* services_out);
|
||||
maxscale::Buffer create_auth_change_packet() const;
|
||||
|
||||
pam_auth_state m_state; /**< Authentication state*/
|
||||
|
||||
@ -242,10 +242,10 @@ int PamInstance::load_users(SERVICE* service)
|
||||
MYSQL_ROW row;
|
||||
while ((row = mysql_fetch_row(res)))
|
||||
{
|
||||
add_pam_user(row[0], row[1], // user, host
|
||||
row[2], row[3] && strcasecmp(row[3], "Y") == 0, // db, anydb
|
||||
row[4], // pam service
|
||||
false); // not a proxy
|
||||
add_pam_user(row[0], row[1], // user, host
|
||||
row[2], row[3] && strcasecmp(row[3], "Y") == 0,// db, anydb
|
||||
row[4], // pam service
|
||||
false); // not a proxy
|
||||
}
|
||||
mysql_free_result(res);
|
||||
}
|
||||
@ -357,13 +357,13 @@ bool PamInstance::fetch_anon_proxy_users(SERVER* server, MYSQL* conn)
|
||||
|
||||
if (!anon_users_info.empty())
|
||||
{
|
||||
MXS_INFO("Found %lu anonymous PAM user(s). Checking them for proxy grants.",
|
||||
anon_users_info.size());
|
||||
MXS_INFO("Found %lu anonymous PAM user(s). Checking them for proxy grants.",
|
||||
anon_users_info.size());
|
||||
}
|
||||
|
||||
for (const auto& elem : anon_users_info)
|
||||
{
|
||||
string query = "SHOW GRANTS FOR ''@'" + elem.first + "';";
|
||||
string query = "SHOW GRANTS FOR ''@'" + elem.first + "';";
|
||||
// Check that the anon user has a proxy grant.
|
||||
if (mysql_query(conn, query.c_str()))
|
||||
{
|
||||
@ -381,9 +381,9 @@ bool PamInstance::fetch_anon_proxy_users(SERVER* server, MYSQL* conn)
|
||||
{
|
||||
if (row[0] && strncmp(row[0], GRANT_PROXY, sizeof(GRANT_PROXY) - 1) == 0)
|
||||
{
|
||||
add_pam_user("", elem.first.c_str(), // user, host
|
||||
NULL, false, // Unused
|
||||
elem.second.c_str(), true); // service, proxy
|
||||
add_pam_user("", elem.first.c_str(), // user, host
|
||||
NULL, false, // Unused
|
||||
elem.second.c_str(), true);// service, proxy
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user