hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format authenticator and protocol modules

Browse Source
This commit is contained in:
Markus Mäkelä
2019-05-09 10:47:55 +03:00
parent 0d13e694e4
commit 6625c1296b
22 changed files with 609 additions and 610 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/modules/authenticator/MySQLAuth/mysql_auth.cc
View File

@ -301,7 +301,7 @@ static GWBUF* gen_auth_switch_request_packet(MySQLProtocol* proto, MYSQL_session
bufdata += GW_MYSQL_SCRAMBLE_SIZE; bufdata += GW_MYSQL_SCRAMBLE_SIZE;
*bufdata = '\0'; *bufdata = '\0';
return buffer; return buffer;
}; }
/** /**
* @brief Authenticates a MySQL user who is a client to MaxScale. * @brief Authenticates a MySQL user who is a client to MaxScale.
* *
@ -448,8 +448,8 @@ static bool mysql_auth_set_protocol_data(DCB* dcb, GWBUF* buf)
* contain required data. If the buffer is unexpectedly large (likely an erroneous or malicious client), * contain required data. If the buffer is unexpectedly large (likely an erroneous or malicious client),
* discard the packet as parsing it may cause overflow. The limit is just a guess, but it seems the * discard the packet as parsing it may cause overflow. The limit is just a guess, but it seems the
* packets from most plugins are < 100 bytes. */ * packets from most plugins are < 100 bytes. */
if ((!client_data->auth_switch_sent && if ((!client_data->auth_switch_sent
(client_auth_packet_size >= MYSQL_AUTH_PACKET_BASE_SIZE && client_auth_packet_size < 1028)) && (client_auth_packet_size >= MYSQL_AUTH_PACKET_BASE_SIZE && client_auth_packet_size < 1028))
// If the client is replying to an AuthSwitchRequest, the length is predetermined. // If the client is replying to an AuthSwitchRequest, the length is predetermined.
|| (client_data->auth_switch_sent || (client_data->auth_switch_sent
&& (client_auth_packet_size == MYSQL_HEADER_LEN + MYSQL_SCRAMBLE_LEN))) && (client_auth_packet_size == MYSQL_HEADER_LEN + MYSQL_SCRAMBLE_LEN)))
@ -461,8 +461,6 @@ static bool mysql_auth_set_protocol_data(DCB* dcb, GWBUF* buf)
/* Packet is not big enough */ /* Packet is not big enough */
return false; return false;
} }
} }
/** /**
@ -497,7 +495,7 @@ static bool read_zstr(const uint8_t* client_auth_packet, size_t client_auth_pack
{ {
return false; return false;
} }
}; }
/** /**
* @brief Transfer detailed data from the authentication request to the DCB. * @brief Transfer detailed data from the authentication request to the DCB.
@ -558,8 +556,8 @@ static bool mysql_auth_set_client_data(MYSQL_session* client_data,
client_data->auth_token_len = client_auth_packet[packet_length_used]; client_data->auth_token_len = client_auth_packet[packet_length_used];
packet_length_used++; packet_length_used++;
if (client_auth_packet_size < if (client_auth_packet_size
(packet_length_used + client_data->auth_token_len)) < (packet_length_used + client_data->auth_token_len))
{ {
/* Packet was too small to contain authentication token */ /* Packet was too small to contain authentication token */
return false; return false;

3
server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
View File

@ -74,7 +74,6 @@ int user_services_cb(void* data, int columns, char** column_vals, char** column_
} }
return 0; return 0;
} }
} }
PamClientSession::PamClientSession(sqlite3* dbhandle, const PamInstance& instance) PamClientSession::PamClientSession(sqlite3* dbhandle, const PamInstance& instance)
@ -152,7 +151,7 @@ void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session
// Check if a matching anonymous user exists. // Check if a matching anonymous user exists.
const string anon_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename const string anon_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename
+ " WHERE " + FIELD_USER + " = ''" + " WHERE " + FIELD_USER + " = ''"
+ " AND '" + dcb->remote + "' LIKE " + FIELD_HOST + + " AND '" + dcb->remote + "' LIKE " + FIELD_HOST
+ " AND " + FIELD_PROXY + " = '1' ORDER BY authentication_string;"; + " AND " + FIELD_PROXY + " = '1' ORDER BY authentication_string;";
MXS_DEBUG("PAM proxy user services search sql: '%s'.", anon_query.c_str()); MXS_DEBUG("PAM proxy user services search sql: '%s'.", anon_query.c_str());

4
server/modules/authenticator/PAM/PAMAuth/pam_client_session.hh
View File

@ -33,7 +33,9 @@ public:
bool extract(DCB* dcb, GWBUF* read_buffer); bool extract(DCB* dcb, GWBUF* read_buffer);
private: private:
PamClientSession(sqlite3* dbhandle, const PamInstance& instance); PamClientSession(sqlite3* dbhandle, const PamInstance& instance);
void get_pam_user_services(const DCB* dcb, const MYSQL_session* session, StringVector* services_out); void get_pam_user_services(const DCB* dcb,
const MYSQL_session* session,
StringVector* services_out);
maxscale::Buffer create_auth_change_packet() const; maxscale::Buffer create_auth_change_packet() const;
pam_auth_state m_state; /**< Authentication state*/ pam_auth_state m_state; /**< Authentication state*/