Added error message to users when trying to connect to a MaxScale service that only allows SSL connections.
This commit is contained in:
Markus Makela
parent
76655e7136
commit
6e01757455
@ -91,6 +91,10 @@
|
||||
#define COM_QUIT_PACKET_SIZE (4+1)
|
||||
struct dcb;
|
||||
|
||||
#define MYSQL_FAILED_AUTH 1
|
||||
#define MYSQL_FAILED_AUTH_DB 2
|
||||
#define MYSQL_FAILED_AUTH_SSL 3
|
||||
|
||||
typedef enum {
|
||||
MYSQL_ALLOC,
|
||||
MYSQL_PENDING_CONNECT,
|
||||
|
||||
@ -72,7 +72,7 @@ static void backend_set_delayqueue(DCB *dcb, GWBUF *queue);
|
||||
static int gw_change_user(DCB *backend_dcb, SERVER *server, SESSION *in_session, GWBUF *queue);
|
||||
static GWBUF* process_response_data (DCB* dcb, GWBUF* readbuf, int nbytes_to_process);
|
||||
extern char* create_auth_failed_msg( GWBUF* readbuf, char* hostaddr, uint8_t* sha1);
|
||||
extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db);
|
||||
extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db,int);
|
||||
static bool sescmd_response_complete(DCB* dcb);
|
||||
|
||||
|
||||
@ -1433,7 +1433,7 @@ static int gw_change_user(
|
||||
message = create_auth_fail_str(username,
|
||||
backend->session->client->remote,
|
||||
password_set,
|
||||
"");
|
||||
"",auth_ret);
|
||||
if (message == NULL)
|
||||
{
|
||||
LOGIF(LE, (skygw_log_write_flush(
|
||||
|
||||
@ -78,7 +78,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue);
|
||||
static int route_by_statement(SESSION *, GWBUF **);
|
||||
extern char* get_username_from_auth(char* ptr, uint8_t* data);
|
||||
extern int check_db_name_after_auth(DCB *, char *, int);
|
||||
extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db);
|
||||
extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db,int);
|
||||
|
||||
int do_ssl_accept(MySQLProtocol* protocol);
|
||||
|
||||
@ -450,7 +450,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
|
||||
/* Detect now if there are enough bytes to continue */
|
||||
if (client_auth_packet_size < (4 + 4 + 4 + 1 + 23))
|
||||
{
|
||||
return 1;
|
||||
return MYSQL_FAILED_AUTH;
|
||||
}
|
||||
|
||||
memcpy(&protocol->client_capabilities, client_auth_packet + 4, 4);
|
||||
@ -476,7 +476,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
|
||||
protocol->owner_dcb->user,
|
||||
protocol->owner_dcb->remote,
|
||||
protocol->owner_dcb->service->name)));
|
||||
return 1;
|
||||
return MYSQL_FAILED_AUTH_SSL;
|
||||
}
|
||||
|
||||
if(LOG_IS_ENABLED(LT) && ssl)
|
||||
@ -495,7 +495,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
|
||||
|
||||
if(do_ssl_accept(protocol) < 0)
|
||||
{
|
||||
return 1;
|
||||
return MYSQL_FAILED_AUTH;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -509,7 +509,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
|
||||
|
||||
if (username == NULL)
|
||||
{
|
||||
return 1;
|
||||
return MYSQL_FAILED_AUTH;
|
||||
}
|
||||
|
||||
/* get charset */
|
||||
@ -902,7 +902,7 @@ int gw_read_client_event(
|
||||
fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
|
||||
dcb->remote,
|
||||
(char*)((MYSQL_session *)dcb->data)->client_sha1,
|
||||
(char*)((MYSQL_session *)dcb->data)->db);
|
||||
(char*)((MYSQL_session *)dcb->data)->db,auth_val);
|
||||
modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str);
|
||||
}
|
||||
if (fail_str)
|
||||
@ -996,14 +996,21 @@ int gw_read_client_event(
|
||||
snprintf(fail_str, message_len, "Unknown database '%s'",
|
||||
(char*)((MYSQL_session *)dcb->data)->db);
|
||||
|
||||
modutil_send_mysql_err_packet(dcb, 2, 0, 1049, "42000", fail_str);
|
||||
} else {
|
||||
modutil_send_mysql_err_packet(dcb, 3, 0, 1049, "42000", fail_str);
|
||||
}else if(auth_val == 3){
|
||||
/** Send error 1045 to client */
|
||||
fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
|
||||
dcb->remote,
|
||||
(char*)((MYSQL_session *)dcb->data)->client_sha1,
|
||||
(char*)((MYSQL_session *)dcb->data)->db);
|
||||
modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str);
|
||||
(char*)((MYSQL_session *)dcb->data)->db,auth_val);
|
||||
modutil_send_mysql_err_packet(dcb, 3, 0, 1045, "28000", fail_str);
|
||||
}else {
|
||||
/** Send error 1045 to client */
|
||||
fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
|
||||
dcb->remote,
|
||||
(char*)((MYSQL_session *)dcb->data)->client_sha1,
|
||||
(char*)((MYSQL_session *)dcb->data)->db,auth_val);
|
||||
modutil_send_mysql_err_packet(dcb, 3, 0, 1045, "28000", fail_str);
|
||||
}
|
||||
if (fail_str)
|
||||
free(fail_str);
|
||||
|
||||
@ -2199,7 +2199,8 @@ char *create_auth_fail_str(
|
||||
char *username,
|
||||
char *hostaddr,
|
||||
char *sha1,
|
||||
char *db)
|
||||
char *db,
|
||||
int errcode)
|
||||
{
|
||||
char* errstr;
|
||||
const char* ferrstr;
|
||||
@ -2214,6 +2215,10 @@ char *create_auth_fail_str(
|
||||
{
|
||||
ferrstr = "Access denied for user '%s'@'%s' (using password: %s) to database '%s'";
|
||||
}
|
||||
else if(errcode == MYSQL_FAILED_AUTH_SSL)
|
||||
{
|
||||
ferrstr = "Access without SSL denied";
|
||||
}
|
||||
else
|
||||
{
|
||||
ferrstr = "Access denied for user '%s'@'%s' (using password: %s)";
|
||||
@ -2233,6 +2238,10 @@ char *create_auth_fail_str(
|
||||
{
|
||||
sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"), db);
|
||||
}
|
||||
else if(errcode == MYSQL_FAILED_AUTH_SSL)
|
||||
{
|
||||
sprintf(errstr, ferrstr);
|
||||
}
|
||||
else
|
||||
{
|
||||
sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"));
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user