Merge branch '2.2' into develop

server/modules/protocol/MySQL/mariadbclient/mysql_client.cc

@@ -594,24 +594,30 @@ static void store_client_information(DCB *dcb, GWBUF *buffer)
         const char* username = (const char*)data + MYSQL_AUTH_PACKET_BASE_SIZE;
         int userlen = get_zstr_len(username, len - MYSQL_AUTH_PACKET_BASE_SIZE);
 
-        if (userlen != -1 && (int)sizeof(ses->user) > userlen)
+        if (userlen != -1)
         {
-            strcpy(ses->user, username);
-        }
-
-        if (proto->client_capabilities & GW_MYSQL_CAPABILITIES_CONNECT_WITH_DB)
-        {
-            /** Client is connecting with a default database */
-            uint8_t authlen = data[MYSQL_AUTH_PACKET_BASE_SIZE + userlen];
-            size_t dboffset = MYSQL_AUTH_PACKET_BASE_SIZE + userlen + authlen + 1;
-
-            if (dboffset < len)
+            if ((int)sizeof(ses->user) > userlen)
             {
-                int dblen = get_zstr_len((const char*)data + dboffset, len - dboffset);
+                strcpy(ses->user, username);
+            }
 
-                if (dblen != -1 && (int)sizeof(ses->db) < dblen)
+            // Include the null terminator in the user length
+            userlen++;
+
+            if (proto->client_capabilities & GW_MYSQL_CAPABILITIES_CONNECT_WITH_DB)
+            {
+                /** Client is connecting with a default database */
+                uint8_t authlen = data[MYSQL_AUTH_PACKET_BASE_SIZE + userlen];
+                size_t dboffset = MYSQL_AUTH_PACKET_BASE_SIZE + userlen + authlen + 1;
+
+                if (dboffset < len)
                 {
-                    strcpy(ses->db, (const char*)data + dboffset);
+                    int dblen = get_zstr_len((const char*)data + dboffset, len - dboffset);
+
+                    if (dblen != -1 && (int)sizeof(ses->db) > dblen)
+                    {
+                        strcpy(ses->db, (const char*)data + dboffset);
+                    }
                 }
             }
         }
@@ -1569,19 +1575,35 @@ static bool reauthenticate_client(MXS_SESSION* session, GWBUF* packetbuf)
     if (session->client_dcb->authfunc.reauthenticate)
     {
         MySQLProtocol* proto = (MySQLProtocol*)session->client_dcb->protocol;
-        MYSQL_session* data = (MYSQL_session*)session->client_dcb->data;
-        uint8_t client_sha1[MYSQL_SCRAMBLE_LEN] = {};
         uint8_t payload[gwbuf_length(packetbuf) - MYSQL_HEADER_LEN];
         gwbuf_copy_data(packetbuf, MYSQL_HEADER_LEN, sizeof(payload), payload);
 
+        // Will contains extra data but the username is null-terminated
+        char user[gwbuf_length(proto->stored_query) - MYSQL_HEADER_LEN - 1];
+        gwbuf_copy_data(proto->stored_query, MYSQL_HEADER_LEN + 1,
+                        sizeof(user), (uint8_t*)user);
+
+        // Copy the new username to the session data
+        MYSQL_session* data = (MYSQL_session*)session->client_dcb->data;
+        strcpy(data->user, user);
+
         int rc = session->client_dcb->authfunc.reauthenticate(session->client_dcb, data->user,
                                                               payload, sizeof(payload),
                                                               proto->scramble, sizeof(proto->scramble),
-                                                              client_sha1, sizeof(client_sha1));
+                                                              data->client_sha1, sizeof(data->client_sha1));
 
-        if (!(rval = rc == MXS_AUTH_SUCCEEDED))
+        if (rc == MXS_AUTH_SUCCEEDED)
+        {
+            // Re-authentication successful, route the original COM_CHANGE_USER
+            rval = true;
+        }
+        else
         {
             /**
+             * Authentication failed. To prevent the COM_CHANGE_USER from reaching
+             * the backend servers (and possibly causing problems) the client
+             * connection will be closed.
+             *
              * First packet is COM_CHANGE_USER, the second is AuthSwitchRequest,
              * third is the response and the fourth is the following error.
              */
@@ -1712,14 +1734,34 @@ static int route_by_statement(MXS_SESSION* session, uint64_t capabilities, GWBUF
             {
                 changed_user = true;
                 send_auth_switch_request_packet(session->client_dcb);
+
+                // Store the original COM_CHANGE_USER for later
+                proto->stored_query = packetbuf;
+                packetbuf = NULL;
+            }
+            else if (proto->changing_user)
+            {
+                proto->changing_user = false;
+                bool ok = reauthenticate_client(session, packetbuf);
+                gwbuf_free(packetbuf);
+                packetbuf = proto->stored_query;
+                proto->stored_query = NULL;
+
+                if (ok)
+                {
+                    // Authentication was successful, route the original COM_CHANGE_USER
+                    rc = 1;
+                }
+                else
+                {
+                    // Authentication failed, close the connection
+                    rc = 0;
+                    gwbuf_free(packetbuf);
+                    packetbuf = NULL;
+                }
             }
 
-            if (proto->changing_user)
-            {
-                rc = reauthenticate_client(session, packetbuf) ? 1 : 0;
-                gwbuf_free(packetbuf);
-            }
-            else
+            if (packetbuf)
             {
                 /** Route query */
                 rc = MXS_SESSION_ROUTE_QUERY(session, packetbuf);