diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 976e150f4..18c5bf87b 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -544,17 +544,9 @@ Enable HTTP admin interface authentication using HTTP Basic Access authentication. This is not a secure method of authentication but it does add a small layer of security. This option is disabled by default. -#### `admin_user` - -The HTTP admin interface username. This is the username which is used when -_admin_auth_ is enabled. The default user for the HTTP admin interface is -`admin`. - -#### `admin_password` - -The HTTP admin interface password. This is the which which is used when -_admin_auth_ is enabled. The default password for the HTTP admin interface is -`mariadb`. +The admin interface authentication uses the same user as MaxAdmin network +interface. This means that new users can be added with both MaxAdmin and the +REST API. The default credentials for the interface are `admin:mariadb`. #### `admin_ssl_key` diff --git a/include/maxscale/config.h b/include/maxscale/config.h index d1d664121..2bb06b426 100644 --- a/include/maxscale/config.h +++ b/include/maxscale/config.h @@ -193,8 +193,6 @@ typedef struct bool skip_permission_checks; /**< Skip service and monitor permission checks */ char qc_name[PATH_MAX]; /**< The name of the query classifier to load */ char* qc_args; /**< Arguments for the query classifier */ - char admin_user[MAX_ADMIN_USER_LEN]; /**< Admin interface user */ - char admin_password[MAX_ADMIN_PW_LEN]; /**< Admin interface password */ char admin_host[MAX_ADMIN_HOST_LEN]; /**< Admin interface host */ uint16_t admin_port; /**< Admin interface port */ bool admin_auth; /**< Admin interface authentication */ diff --git a/server/core/admin.cc b/server/core/admin.cc index 2ff66894a..7b48913d8 100644 --- a/server/core/admin.cc +++ b/server/core/admin.cc @@ -33,6 +33,7 @@ #include #include #include +#include #include "maxscale/resource.hh" @@ -152,24 +153,25 @@ void close_client(void *cls, bool do_auth(MHD_Connection *connection) { - const char *admin_user = config_get_global_options()->admin_user; - const char *admin_pw = config_get_global_options()->admin_password; bool admin_auth = config_get_global_options()->admin_auth; char* pw = NULL; char* user = MHD_basic_auth_get_username_password(connection, &pw); bool rval = true; - if (admin_auth && (!user || !pw || strcmp(user, admin_user) || strcmp(pw, admin_pw))) + if (admin_auth) { - rval = false; - static char error_resp[] = "Access denied\r\n"; - MHD_Response *resp = - MHD_create_response_from_buffer(sizeof(error_resp) - 1, error_resp, - MHD_RESPMEM_PERSISTENT); + if (!user || !pw || !admin_verify_inet_user(user, pw)) + { + rval = false; + static char error_resp[] = "{\"errors\": [ { \"detail\": \"Access denied\" } ] }"; + MHD_Response *resp = + MHD_create_response_from_buffer(sizeof(error_resp) - 1, error_resp, + MHD_RESPMEM_PERSISTENT); - MHD_queue_basic_auth_fail_response(connection, "maxscale", resp); - MHD_destroy_response(resp); + MHD_queue_basic_auth_fail_response(connection, "maxscale", resp); + MHD_destroy_response(resp); + } } return rval; diff --git a/server/core/config.cc b/server/core/config.cc index 6f8e444aa..16220f548 100644 --- a/server/core/config.cc +++ b/server/core/config.cc @@ -1524,14 +1524,6 @@ handle_global_item(const char *name, const char *value) MXS_FREE(v); } } - else if (strcmp(name, CN_ADMIN_USER) == 0) - { - strcpy(gateway.admin_user, value); - } - else if (strcmp(name, CN_ADMIN_PASSWORD) == 0) - { - strcpy(gateway.admin_password, value); - } else if (strcmp(name, CN_ADMIN_PORT) == 0) { gateway.admin_port = atoi(value); @@ -1784,8 +1776,6 @@ global_defaults() gateway.admin_auth = false; gateway.admin_enabled = true; strcpy(gateway.admin_host, DEFAULT_ADMIN_HOST); - strcpy(gateway.admin_user, INET_DEFAULT_USERNAME); - strcpy(gateway.admin_password, INET_DEFAULT_PASSWORD); gateway.admin_ssl_key[0] = '\0'; gateway.admin_ssl_cert[0] = '\0'; gateway.admin_ssl_ca_cert[0] = '\0';