hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Return correct value for failed db authentication

Browse Source 
The unknown database error was never triggered as all authentication
errors returned MXS_AUTH_FAILED.
This commit is contained in:
Markus Mäkelä
2017-01-30 17:01:16 +02:00
parent 11c3e6ac91
commit 70061e6323
3 changed files with 30 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
server/modules/authenticator/MySQLAuth/dbusers.c
View File

@ -218,13 +218,13 @@ static int auth_cb(void *data, int columns, char** rows, char** row_names)
return 0; return 0;
} }
bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session, int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
uint8_t *scramble, size_t scramble_len) uint8_t *scramble, size_t scramble_len)
{ {
size_t len = sizeof(mysqlauth_validate_user_query) + strlen(session->user) * 2 + size_t len = sizeof(mysqlauth_validate_user_query) + strlen(session->user) * 2 +
strlen(session->db) * 2 + MYSQL_HOST_MAXLEN + session->auth_token_len * 4 + 1; strlen(session->db) * 2 + MYSQL_HOST_MAXLEN + session->auth_token_len * 4 + 1;
char sql[len + 1]; char sql[len + 1];
bool rval = false; int rval = MXS_AUTH_FAILED;
char *err; char *err;
sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote, sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
@ -259,18 +259,25 @@ bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
if (res.ok) if (res.ok)
{ {
/** Found a matching row */ /** Found a matching row */
if (session->auth_token_len)
{
/** If authentication fails, this will trigger the right
* error message with `Using password : YES` */
session->client_sha1[0] = '_';
}
if (check_password(res.output, session->auth_token, session->auth_token_len, if (check_password(res.output, session->auth_token, session->auth_token_len,
scramble, scramble_len, session->client_sha1)) scramble, scramble_len, session->client_sha1))
{ {
/** Password is OK, check that the database exists */ /** Password is OK, check that the database exists */
rval = check_database(handle, session->db); if (check_database(handle, session->db))
{
rval = MXS_AUTH_SUCCEEDED;
}
else
{
rval = MXS_AUTH_FAILED_DB;
}
}
else if (session->auth_token_len)
{
/** If authentication fails, this will trigger the right
* error message with `Using password : YES` */
session->client_sha1[0] = '_';
} }
} }

17
server/modules/authenticator/MySQLAuth/mysql_auth.c
View File

@ -268,17 +268,19 @@ mysql_auth_authenticate(DCB *dcb)
MYSQL_AUTH *instance = (MYSQL_AUTH*)dcb->listener->auth_instance; MYSQL_AUTH *instance = (MYSQL_AUTH*)dcb->listener->auth_instance;
bool is_ok = validate_mysql_user(instance->handle, dcb, client_data, auth_ret = validate_mysql_user(instance->handle, dcb, client_data,
protocol->scramble, sizeof(protocol->scramble)); protocol->scramble, sizeof(protocol->scramble));
if (!is_ok && !instance->skip_auth && service_refresh_users(dcb->service) == 0) if (auth_ret != MXS_AUTH_SUCCEEDED &&
!instance->skip_auth &&
service_refresh_users(dcb->service) == 0)
{ {
is_ok = validate_mysql_user(instance->handle, dcb, client_data, auth_ret = validate_mysql_user(instance->handle, dcb, client_data,
protocol->scramble, sizeof(protocol->scramble)); protocol->scramble, sizeof(protocol->scramble));
} }
/* on successful authentication, set user into dcb field */ /* on successful authentication, set user into dcb field */
if (is_ok || instance->skip_auth) if (auth_ret == MXS_AUTH_SUCCEEDED || instance->skip_auth)
{ {
auth_ret = MXS_AUTH_SUCCEEDED; auth_ret = MXS_AUTH_SUCCEEDED;
dcb->user = MXS_STRDUP_A(client_data->user); dcb->user = MXS_STRDUP_A(client_data->user);
@ -616,8 +618,9 @@ int mysql_auth_reauthenticate(DCB *dcb, const char *user,
temp.auth_token_len = token_len; temp.auth_token_len = token_len;
MYSQL_AUTH *instance = (MYSQL_AUTH*)dcb->listener->auth_instance; MYSQL_AUTH *instance = (MYSQL_AUTH*)dcb->listener->auth_instance;
int rc = validate_mysql_user(instance->handle, dcb, &temp, scramble, scramble_len);
if (validate_mysql_user(instance->handle, dcb, &temp, scramble, scramble_len)) if (rc == MXS_AUTH_SUCCEEDED)
{ {
memcpy(output_token, temp.client_sha1, output_token_len); memcpy(output_token, temp.client_sha1, output_token_len);
rval = 0; rval = 0;

5
server/modules/authenticator/MySQLAuth/mysql_auth.h
View File

@ -29,6 +29,7 @@
#include <stdint.h> #include <stdint.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <maxscale/authenticator.h>
#include <maxscale/dcb.h> #include <maxscale/dcb.h>
#include <maxscale/buffer.h> #include <maxscale/buffer.h>
#include <maxscale/service.h> #include <maxscale/service.h>
@ -185,9 +186,9 @@ int replace_mysql_users(SERV_LISTENER *listener);
* @param scramble The scramble sent to the client in the initial handshake * @param scramble The scramble sent to the client in the initial handshake
* @param scramble_len Length of @c scramble * @param scramble_len Length of @c scramble
* *
* @return True if the user has access to the database * @return MXS_AUTH_SUCCEEDED if the user has access to the database
*/ */
bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session, int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
uint8_t *scramble, size_t scramble_len); uint8_t *scramble, size_t scramble_len);
MXS_END_DECLS MXS_END_DECLS