hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added error message to users when trying to connect to a MaxScale service that only allows SSL connections.

Browse Source
This commit is contained in:
Markus Makela
2015-06-02 06:39:51 +03:00
parent 76655e7136
commit 6e01757455
4 changed files with 33 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/modules/include/mysql_client_server_protocol.h
View File

@ -91,6 +91,10 @@
#define COM_QUIT_PACKET_SIZE (4+1) #define COM_QUIT_PACKET_SIZE (4+1)
struct dcb; struct dcb;
#define MYSQL_FAILED_AUTH 1
#define MYSQL_FAILED_AUTH_DB 2
#define MYSQL_FAILED_AUTH_SSL 3
typedef enum { typedef enum {
MYSQL_ALLOC, MYSQL_ALLOC,
MYSQL_PENDING_CONNECT, MYSQL_PENDING_CONNECT,

4
server/modules/protocol/mysql_backend.c
View File

@ -72,7 +72,7 @@ static void backend_set_delayqueue(DCB *dcb, GWBUF *queue);
static int gw_change_user(DCB *backend_dcb, SERVER *server, SESSION *in_session, GWBUF *queue); static int gw_change_user(DCB *backend_dcb, SERVER *server, SESSION *in_session, GWBUF *queue);
static GWBUF* process_response_data (DCB* dcb, GWBUF* readbuf, int nbytes_to_process); static GWBUF* process_response_data (DCB* dcb, GWBUF* readbuf, int nbytes_to_process);
extern char* create_auth_failed_msg( GWBUF* readbuf, char* hostaddr, uint8_t* sha1); extern char* create_auth_failed_msg( GWBUF* readbuf, char* hostaddr, uint8_t* sha1);
extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db); extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db,int);
static bool sescmd_response_complete(DCB* dcb); static bool sescmd_response_complete(DCB* dcb);
@ -1433,7 +1433,7 @@ static int gw_change_user(
message = create_auth_fail_str(username, message = create_auth_fail_str(username,
backend->session->client->remote, backend->session->client->remote,
password_set, password_set,
""); "",auth_ret);
if (message == NULL) if (message == NULL)
{ {
LOGIF(LE, (skygw_log_write_flush( LOGIF(LE, (skygw_log_write_flush(

27
server/modules/protocol/mysql_client.c
View File

@ -78,7 +78,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue);
static int route_by_statement(SESSION *, GWBUF **); static int route_by_statement(SESSION *, GWBUF **);
extern char* get_username_from_auth(char* ptr, uint8_t* data); extern char* get_username_from_auth(char* ptr, uint8_t* data);
extern int check_db_name_after_auth(DCB *, char *, int); extern int check_db_name_after_auth(DCB *, char *, int);
extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db); extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db,int);
int do_ssl_accept(MySQLProtocol* protocol); int do_ssl_accept(MySQLProtocol* protocol);
@ -450,7 +450,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
/* Detect now if there are enough bytes to continue */ /* Detect now if there are enough bytes to continue */
if (client_auth_packet_size < (4 + 4 + 4 + 1 + 23)) if (client_auth_packet_size < (4 + 4 + 4 + 1 + 23))
{ {
return 1; return MYSQL_FAILED_AUTH;
} }
memcpy(&protocol->client_capabilities, client_auth_packet + 4, 4); memcpy(&protocol->client_capabilities, client_auth_packet + 4, 4);
@ -476,7 +476,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
protocol->owner_dcb->user, protocol->owner_dcb->user,
protocol->owner_dcb->remote, protocol->owner_dcb->remote,
protocol->owner_dcb->service->name))); protocol->owner_dcb->service->name)));
return 1; return MYSQL_FAILED_AUTH_SSL;
} }
if(LOG_IS_ENABLED(LT) && ssl) if(LOG_IS_ENABLED(LT) && ssl)
@ -495,7 +495,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
if(do_ssl_accept(protocol) < 0) if(do_ssl_accept(protocol) < 0)
{ {
return 1; return MYSQL_FAILED_AUTH;
} }
else else
{ {
@ -509,7 +509,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
if (username == NULL) if (username == NULL)
{ {
return 1; return MYSQL_FAILED_AUTH;
} }
/* get charset */ /* get charset */
@ -902,7 +902,7 @@ int gw_read_client_event(
fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user, fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
dcb->remote, dcb->remote,
(char*)((MYSQL_session *)dcb->data)->client_sha1, (char*)((MYSQL_session *)dcb->data)->client_sha1,
(char*)((MYSQL_session *)dcb->data)->db); (char*)((MYSQL_session *)dcb->data)->db,auth_val);
modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str); modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str);
} }
if (fail_str) if (fail_str)
@ -996,14 +996,21 @@ int gw_read_client_event(
snprintf(fail_str, message_len, "Unknown database '%s'", snprintf(fail_str, message_len, "Unknown database '%s'",
(char*)((MYSQL_session *)dcb->data)->db); (char*)((MYSQL_session *)dcb->data)->db);
modutil_send_mysql_err_packet(dcb, 2, 0, 1049, "42000", fail_str); modutil_send_mysql_err_packet(dcb, 3, 0, 1049, "42000", fail_str);
} else { }else if(auth_val == 3){
/** Send error 1045 to client */ /** Send error 1045 to client */
fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user, fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
dcb->remote, dcb->remote,
(char*)((MYSQL_session *)dcb->data)->client_sha1, (char*)((MYSQL_session *)dcb->data)->client_sha1,
(char*)((MYSQL_session *)dcb->data)->db); (char*)((MYSQL_session *)dcb->data)->db,auth_val);
modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str); modutil_send_mysql_err_packet(dcb, 3, 0, 1045, "28000", fail_str);
}else {
/** Send error 1045 to client */
fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
dcb->remote,
(char*)((MYSQL_session *)dcb->data)->client_sha1,
(char*)((MYSQL_session *)dcb->data)->db,auth_val);
modutil_send_mysql_err_packet(dcb, 3, 0, 1045, "28000", fail_str);
} }
if (fail_str) if (fail_str)
free(fail_str); free(fail_str);

11
server/modules/protocol/mysql_common.c
View File

@ -2199,7 +2199,8 @@ char *create_auth_fail_str(
char *username, char *username,
char *hostaddr, char *hostaddr,
char *sha1, char *sha1,
char *db) char *db,
int errcode)
{ {
char* errstr; char* errstr;
const char* ferrstr; const char* ferrstr;
@ -2214,6 +2215,10 @@ char *create_auth_fail_str(
{ {
ferrstr = "Access denied for user '%s'@'%s' (using password: %s) to database '%s'"; ferrstr = "Access denied for user '%s'@'%s' (using password: %s) to database '%s'";
} }
else if(errcode == MYSQL_FAILED_AUTH_SSL)
{
ferrstr = "Access without SSL denied";
}
else else
{ {
ferrstr = "Access denied for user '%s'@'%s' (using password: %s)"; ferrstr = "Access denied for user '%s'@'%s' (using password: %s)";
@ -2233,6 +2238,10 @@ char *create_auth_fail_str(
{ {
sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"), db); sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"), db);
} }
else if(errcode == MYSQL_FAILED_AUTH_SSL)
{
sprintf(errstr, ferrstr);
}
else else
{ {
sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES")); sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"));