Also check IPv6 mapped IPv4 addresses as IPv4

If a client connects from an IPv4 address, but the listener listens on an IPv6 address, the client IP will be a IPv6 mapped IPv4 address e.g. ::ffff:127.0.0.1. A grant for an IPv4 address should still match an IPv6 mapped IPv4 address.
2017-04-04 14:46:33 +03:00 · 2017-04-04 14:46:33 +03:00 · 872f69b681
commit 872f69b681
parent 9f14f3659f
1 changed files with 14 additions and 0 deletions
--- a/server/modules/authenticator/MySQLAuth/dbusers.c
+++ b/server/modules/authenticator/MySQLAuth/dbusers.c
@ -202,6 +202,20 @@ int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
        sqlite3_free(err);
    }

+    /** Check for IPv6 mapped IPv4 address */
+    if (!res.ok && strchr(dcb->remote, ':') && strchr(dcb->remote, '.'))
+    {
+        const char *ipv4 = strrchr(dcb->remote, ':') + 1;
+        sprintf(sql, mysqlauth_validate_user_query, session->user, ipv4, ipv4,
+                session->db, session->db);
+
+        if (sqlite3_exec(handle, sql, auth_cb, &res, &err) != SQLITE_OK)
+        {
+            MXS_ERROR("Failed to execute auth query: %s", err);
+            sqlite3_free(err);
+        }
+    }
+
    if (!res.ok)
    {
        /**