hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Partially revert 4ba011266843857bbd3201e5b925a47e88e1808f

Browse Source 
Add back leading operator enforcement.
This commit is contained in:
Markus Mäkelä
2018-09-20 15:26:51 +03:00
parent d8d0b1a29c
commit 71ffef5708
95 changed files with 1395 additions and 1392 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc
View File

@ -259,8 +259,8 @@ static int cdc_auth_authenticate(DCB* dcb)
MXS_DEBUG("Receiving connection from '%s'",
client_data->user);
auth_ret
= cdc_auth_check(dcb, protocol, client_data->user, client_data->auth_data, client_data->flags);
auth_ret =
cdc_auth_check(dcb, protocol, client_data->user, client_data->auth_data, client_data->flags);
/* On failed authentication try to reload users and authenticate again */
if (CDC_STATE_AUTH_OK != auth_ret && cdc_replace_users(dcb->listener) == MXS_AUTH_LOADUSERS_OK)

36
server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc
View File

@ -33,15 +33,15 @@
*/
/** Query that gets all users that authenticate via the gssapi plugin */
const char* gssapi_users_query
= "SELECT u.user, u.host, d.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.db AS d "
"ON (u.user = d.user AND u.host = d.host) WHERE u.plugin = 'gssapi' "
"UNION "
"SELECT u.user, u.host, t.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.tables_priv AS t "
"ON (u.user = t.user AND u.host = t.host) WHERE u.plugin = 'gssapi' "
"ORDER BY user";
const char* gssapi_users_query =
"SELECT u.user, u.host, d.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.db AS d "
"ON (u.user = d.user AND u.host = d.host) WHERE u.plugin = 'gssapi' "
"UNION "
"SELECT u.user, u.host, t.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.tables_priv AS t "
"ON (u.user = t.user AND u.host = t.host) WHERE u.plugin = 'gssapi' "
"ORDER BY user";
#define GSSAPI_USERS_QUERY_NUM_FIELDS 5
@ -56,15 +56,15 @@ const char* gssapi_users_query
#define GSSAPI_TABLE_NAME "gssapi_users"
/** CREATE TABLE statement for the in-memory table */
const char create_sql[]
= "CREATE TABLE IF NOT EXISTS " GSSAPI_TABLE_NAME
"(user varchar(255), host varchar(255), db varchar(255), anydb boolean, princ text)";
const char create_sql[] =
"CREATE TABLE IF NOT EXISTS " GSSAPI_TABLE_NAME
"(user varchar(255), host varchar(255), db varchar(255), anydb boolean, princ text)";
/** The query that is executed when a user is authenticated */
static const char gssapi_auth_query[]
= "SELECT * FROM " GSSAPI_TABLE_NAME
" WHERE user = '%s' AND '%s' LIKE host AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" AND ('%s' = '%s' OR princ = '%s') LIMIT 1";
static const char gssapi_auth_query[] =
"SELECT * FROM " GSSAPI_TABLE_NAME
" WHERE user = '%s' AND '%s' LIKE host AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" AND ('%s' = '%s' OR princ = '%s') LIMIT 1";
/** Delete query used to clean up the database before loading new users */
static const char delete_query[] = "DELETE FROM " GSSAPI_TABLE_NAME;
@ -75,8 +75,8 @@ static const char delete_query[] = "DELETE FROM " GSSAPI_TABLE_NAME;
* Note that the last two values are strings that can be NULL and thus they have
* no quoted around them. The quotes for strings are added in add_gssapi_user().
*/
static const char insert_sql_pattern[]
= "INSERT INTO " GSSAPI_TABLE_NAME " VALUES ('%s', '%s', %s, %s, %s)";
static const char insert_sql_pattern[] =
"INSERT INTO " GSSAPI_TABLE_NAME " VALUES ('%s', '%s', %s, %s, %s)";
/** Used for NULL value creation in the INSERT query */
static const char null_token[] = "NULL";

6
server/modules/authenticator/GSSAPI/GSSAPIBackendAuth/gssapi_backend_auth.cc
View File

@ -160,9 +160,9 @@ bool extract_principal_name(DCB* dcb, GWBUF* buffer)
* means that the server is not secure. */
MXS_ERROR("Server '%s' returned an unexpected authentication response.%s",
dcb->server->name,
databuf[0] == MYSQL_REPLY_OK
? " Authentication was complete before it even started, "
"anonymous users might not be disabled." : "");
databuf[0] == MYSQL_REPLY_OK ?
" Authentication was complete before it even started, "
"anonymous users might not be disabled." : "");
return false;
}

20
server/modules/authenticator/MySQLAuth/dbusers.cc
View File

@ -157,14 +157,14 @@ static char* get_users_query(const char* server_version, int version, bool inclu
{
if (is_mariadb) // 10.1.1 or newer, supports default roles
{
return version >= 100202
? get_mariadb_102_users_query(include_root)
: get_mariadb_users_query(include_root);
return version >= 100202 ?
get_mariadb_102_users_query(include_root) :
get_mariadb_users_query(include_root);
}
// Either an older MariaDB version or a MySQL variant, use the legacy query
const char* password = strstr(server_version, "5.7.") || strstr(server_version, "8.0.")
? MYSQL57_PASSWORD : MYSQL_PASSWORD;
const char* password = strstr(server_version, "5.7.") || strstr(server_version, "8.0.") ?
MYSQL57_PASSWORD : MYSQL_PASSWORD;
const char* with_root = include_root ? "" : " AND u.user NOT IN ('root')";
size_t n_bytes = snprintf(NULL, 0, NEW_LOAD_DBUSERS_QUERY, password, with_root, password, with_root);
@ -297,9 +297,9 @@ int validate_mysql_user(MYSQL_AUTH* instance,
size_t scramble_len)
{
sqlite3* handle = get_handle(instance);
const char* validate_query = instance->lower_case_table_names
? mysqlauth_validate_user_query_lower
: mysqlauth_validate_user_query;
const char* validate_query = instance->lower_case_table_names ?
mysqlauth_validate_user_query_lower :
mysqlauth_validate_user_query;
size_t len = strlen(validate_query) + 1 + strlen(session->user) * 2
+ strlen(session->db) * 2 + MYSQL_HOST_MAXLEN + session->auth_token_len * 4 + 1;
char sql[len + 1];
@ -686,8 +686,8 @@ static bool check_server_permissions(SERVICE* service,
}
const char* format = "SELECT user, host, %s, Select_priv FROM mysql.user limit 1";
const char* query_pw = strstr(server->version_string, "5.7.")
? MYSQL57_PASSWORD : MYSQL_PASSWORD;
const char* query_pw = strstr(server->version_string, "5.7.") ?
MYSQL57_PASSWORD : MYSQL_PASSWORD;
char query[strlen(format) + strlen(query_pw) + 1];
bool rval = true;
sprintf(query, format, query_pw);

54
server/modules/authenticator/MySQLAuth/mysql_auth.h
View File

@ -49,38 +49,38 @@ static const char DBUSERS_FILE[] = "dbusers.db";
#define MYSQLAUTH_DATABASES_TABLE_NAME "mysqlauth_databases"
/** CREATE TABLE statement for the in-memory users table */
static const char users_create_sql[]
= "CREATE TABLE IF NOT EXISTS " MYSQLAUTH_USERS_TABLE_NAME
"(user varchar(255), host varchar(255), db varchar(255), anydb boolean, password text)";
static const char users_create_sql[] =
"CREATE TABLE IF NOT EXISTS " MYSQLAUTH_USERS_TABLE_NAME
"(user varchar(255), host varchar(255), db varchar(255), anydb boolean, password text)";
/** CREATE TABLE statement for the in-memory databases table */
static const char databases_create_sql[]
= "CREATE TABLE IF NOT EXISTS " MYSQLAUTH_DATABASES_TABLE_NAME "(db varchar(255))";
static const char databases_create_sql[] =
"CREATE TABLE IF NOT EXISTS " MYSQLAUTH_DATABASES_TABLE_NAME "(db varchar(255))";
/** PRAGMA configuration options for SQLite */
static const char pragma_sql[] = "PRAGMA JOURNAL_MODE=NONE";
/** Query that checks if there's a grant for the user being authenticated */
static const char mysqlauth_validate_user_query[]
= "SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" LIMIT 1";
static const char mysqlauth_validate_user_query[] =
"SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" LIMIT 1";
/** Query that checks if there's a grant for the user being authenticated */
static const char mysqlauth_validate_user_query_lower[]
= "SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR LOWER('%s') LIKE LOWER(db))"
" LIMIT 1";
static const char mysqlauth_validate_user_query_lower[] =
"SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
" WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR LOWER('%s') LIKE LOWER(db))"
" LIMIT 1";
/** Query that only checks if there's a matching user */
static const char mysqlauth_skip_auth_query[]
= "SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
" WHERE user = '%s' AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" LIMIT 1";
static const char mysqlauth_skip_auth_query[] =
"SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
" WHERE user = '%s' AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
" LIMIT 1";
/** Query that checks that the database exists */
static const char mysqlauth_validate_database_query[]
= "SELECT * FROM " MYSQLAUTH_DATABASES_TABLE_NAME " WHERE db = '%s' LIMIT 1";
static const char mysqlauth_validate_database_query[] =
"SELECT * FROM " MYSQLAUTH_DATABASES_TABLE_NAME " WHERE db = '%s' LIMIT 1";
/** Delete query used to clean up the database before loading new users */
static const char delete_users_query[] = "DELETE FROM " MYSQLAUTH_USERS_TABLE_NAME;
@ -89,18 +89,18 @@ static const char delete_users_query[] = "DELETE FROM " MYSQLAUTH_USERS_TABLE_NA
static const char delete_databases_query[] = "DELETE FROM " MYSQLAUTH_DATABASES_TABLE_NAME;
/** The insert query template which adds users to the mysqlauth_users table */
static const char insert_user_query[]
= "INSERT OR REPLACE INTO " MYSQLAUTH_USERS_TABLE_NAME " VALUES ('%s', '%s', %s, %s, %s)";
static const char insert_user_query[] =
"INSERT OR REPLACE INTO " MYSQLAUTH_USERS_TABLE_NAME " VALUES ('%s', '%s', %s, %s, %s)";
/** The insert query template which adds the databases to the table */
static const char insert_database_query[]
= "INSERT OR REPLACE INTO " MYSQLAUTH_DATABASES_TABLE_NAME " VALUES ('%s')";
static const char insert_database_query[] =
"INSERT OR REPLACE INTO " MYSQLAUTH_DATABASES_TABLE_NAME " VALUES ('%s')";
static const char dump_users_query[]
= "SELECT user, host, db, anydb, password FROM " MYSQLAUTH_USERS_TABLE_NAME;
static const char dump_users_query[] =
"SELECT user, host, db, anydb, password FROM " MYSQLAUTH_USERS_TABLE_NAME;
static const char dump_databases_query[]
= "SELECT db FROM " MYSQLAUTH_DATABASES_TABLE_NAME;
static const char dump_databases_query[] =
"SELECT db FROM " MYSQLAUTH_DATABASES_TABLE_NAME;
/** Used for NULL value creation in the INSERT query */
static const char null_token[] = "NULL";

22
server/modules/authenticator/PAM/PAMAuth/pam_instance.cc
View File

@ -109,8 +109,8 @@ void PamInstance::add_pam_user(const char* user,
* Note that 'db' and 'pam_service' are strings that can be NULL and thus they have
* no quotes around them. The quotes for strings are added in this function.
*/
const string insert_sql_template
= "INSERT INTO " + m_tablename + " VALUES ('%s', '%s', %s, '%s', %s)";
const string insert_sql_template =
"INSERT INTO " + m_tablename + " VALUES ('%s', '%s', %s, '%s', %s)";
/** Used for NULL value creation in the INSERT query */
const char NULL_TOKEN[] = "NULL";
@ -180,15 +180,15 @@ void PamInstance::delete_old_users()
int PamInstance::load_users(SERVICE* service)
{
/** Query that gets all users that authenticate via the pam plugin */
const char PAM_USERS_QUERY[]
= "SELECT u.user, u.host, d.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.db AS d ON (u.user = d.user AND u.host = d.host) WHERE "
"(u.plugin = 'pam' AND (d.db IS NOT NULL OR u.select_priv = 'Y')) "
"UNION "
"SELECT u.user, u.host, t.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.tables_priv AS t ON (u.user = t.user AND u.host = t.host) WHERE "
"(u.plugin = 'pam' AND t.db IS NOT NULL AND u.select_priv = 'N') "
"ORDER BY user";
const char PAM_USERS_QUERY[] =
"SELECT u.user, u.host, d.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.db AS d ON (u.user = d.user AND u.host = d.host) WHERE "
"(u.plugin = 'pam' AND (d.db IS NOT NULL OR u.select_priv = 'Y')) "
"UNION "
"SELECT u.user, u.host, t.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.tables_priv AS t ON (u.user = t.user AND u.host = t.host) WHERE "
"(u.plugin = 'pam' AND t.db IS NOT NULL AND u.select_priv = 'N') "
"ORDER BY user";
#if defined (SS_DEBUG)
const unsigned int PAM_USERS_QUERY_NUM_FIELDS = 5;
#endif

6
server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_session.cc
View File

@ -49,9 +49,9 @@ bool check_auth_switch_request(DCB* dcb, GWBUF* buffer)
&& data[MYSQL_HEADER_LEN + 1] == MYSQL_REPLY_OK;
MXS_ERROR("Server '%s' returned an unexpected authentication response.%s",
dcb->server->name,
was_ok_packet
? " Authentication was complete before it even started, "
"anonymous users might not be disabled." : "");
was_ok_packet ?
" Authentication was complete before it even started, "
"anonymous users might not be disabled." : "");
return false;
}
unsigned int buflen = gwbuf_length(buffer);