hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prepare for local/remote admin users

Browse Source 
Local admins are the ones accessing MaxScale on the same host
over a Unix domain socket, and who are strongly identified), and
optional remote admins are the ones accessing MaxScale potentially
over a tcp socket (potentially over the network), and who are
weakly identified.

These are completely separate and a different set of functions
will be needed for managing them. This initial change merely
renames the functions.
This commit is contained in:
Johan Wikman 2016-08-30 15:37:46 +03:00
parent e54cc95a20
commit 94aecf4ada
6 changed files with 53 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
server/core/adminusers.c
View File

@ -85,8 +85,8 @@ initialise()
* @param password Password to verify
* @return Non-zero if the username/password combination is valid
*/
int
admin_verify(char *username, char *password)
bool
admin_remote_verify(const char *username, const char *password)
{
char *pw;
@ -95,23 +95,23 @@ admin_verify(char *username, char *password)
{
if (strcmp(username, "admin") == 0 && strcmp(password, "mariadb") == 0)
{
return 1;
return true;
}
}
else
{
if ((pw = users_fetch(users, username)) == NULL)
if ((pw = users_fetch(users, (char*)username)) == NULL) // TODO: Make users const-correct.
{
return 0;
return false;
}
struct crypt_data cdata;
cdata.initialized = 0;
if (strcmp(pw, crypt_r(password, ADMIN_SALT, &cdata)) == 0)
{
return 1;
return true;
}
}
return 0;
return false;
}
@ -184,11 +184,10 @@ loadUsers()
/**
* Add user
*
* @param uname Name of the new user
* @return NULL on success or an error string on failure
* @param uname Name of the new user
* @return NULL on success or an error string on failure
*/
char *
admin_add_user(char *uname)
const char *admin_local_add_user(const char *uname)
{
FILE *fp;
char fname[PATH_MAX], *home;
@ -219,11 +218,11 @@ admin_add_user(char *uname)
}
fclose(fp);
}
if (users_fetch(users, uname) != NULL)
if (users_fetch(users, (char*)uname) != NULL) // TODO: Make users const correct.
{
return ADMIN_ERR_DUPLICATE;
}
users_add(users, uname, "");
users_add(users, (char*)uname, ""); // TODO: Make users const correct.
if ((fp = fopen(fname, "a")) == NULL)
{
MXS_ERROR("Unable to append to password file %s.", fname);
@ -241,8 +240,7 @@ admin_add_user(char *uname)
* @param uname Name of the new user
* @return NULL on success or an error string on failure
*/
char* admin_remove_user(
char* uname)
const char* admin_local_remove_user(const char* uname)
{
FILE* fp;
FILE* fp_tmp;
@ -260,14 +258,14 @@ char* admin_remove_user(
return ADMIN_ERR_DELROOT;
}
if (!admin_search_user(uname))
if (!admin_local_search_user(uname))
{
MXS_ERROR("Couldn't find user %s. Removing user failed.", uname);
return ADMIN_ERR_USERNOTFOUND;
}
/** Remove user from in-memory structure */
users_delete(users, uname);
users_delete(users, (char*)uname); // TODO: Make users const correct.
/**
* Open passwd file and remove user from the file.
@ -393,10 +391,9 @@ char* admin_remove_user(
* Check for existance of the user
*
* @param user The user name to test
* @return Non-zero if the user exists
* @return True if the user exists
*/
int
admin_search_user(char *user)
bool admin_local_search_user(const char *user)
{
initialise();
@ -404,11 +401,11 @@ admin_search_user(char *user)
if (strcmp(user, DEFAULT_ADMIN_USER) == 0)
{
rv = 1;
rv = true;
}
else if (users)
{
rv = (users_fetch(users, user) != NULL);
rv = (users_fetch(users, (char*)user) != NULL); // TODO: Make users const correct.
}
return rv;

41
server/core/test/testadminusers.c
View File

@ -49,12 +49,12 @@
static int
test1()
{
if (admin_verify("admin", "mariadb") == 0)
if (admin_remote_verify("admin", "mariadb") == 0)
{
fprintf(stderr, "admin_verify: test 1.1 (default user) failed.\n");
return 1;
}
if (admin_verify("bad", "user"))
if (admin_remote_verify("bad", "user"))
{
fprintf(stderr, "admin_verify: test 1.2 (wrong user) failed.\n");
return 1;
@ -73,15 +73,15 @@ test1()
static int
test2()
{
char *err;
const char *err;
if ((err = admin_add_user("user0")) != NULL)
if ((err = admin_local_add_user("user0")) != NULL)
{
fprintf(stderr, "admin_add_user: test 2.1 (add user) failed, %s.\n", err);
return 1;
}
if (admin_add_user("user0") == NULL)
if (admin_local_add_user("user0") == NULL)
{
fprintf(stderr, "admin_add_user: test 2.2 (add user) failed, duplicate.\n");
@ -89,7 +89,7 @@ test2()
}
/* Deleting the last user is not forbidden so we expect this to succeed */
if ((err = admin_remove_user("user0")) != NULL)
if ((err = admin_local_remove_user("user0")) != NULL)
{
fprintf(stderr, "admin_remove_user: test 2.3 (add user) failed, %s.\n", err);
@ -97,7 +97,7 @@ test2()
}
/* Add the user back, for test5. */
if ((err = admin_add_user("user0")) != NULL)
if ((err = admin_local_add_user("user0")) != NULL)
{
fprintf(stderr, "admin_add_user: test 2.4 (add user) failed, %s.\n", err);
@ -119,37 +119,37 @@ test2()
static int
test3()
{
char *err;
const char *err;
if ((err = admin_add_user("user1")) != NULL)
if ((err = admin_local_add_user("user1")) != NULL)
{
fprintf(stderr, "admin_add_user: test 3.1 (add user) failed, %s.\n", err);
return 1;
}
if (admin_search_user("user1") == 0)
if (admin_local_search_user("user1") == 0)
{
fprintf(stderr, "admin_search_user: test 3.2 (search user) failed.\n");
return 1;
}
if (admin_search_user("user2") != 0)
if (admin_local_search_user("user2") != 0)
{
fprintf(stderr, "admin_search_user: test 3.3 (search user) failed, unexpeted user found.\n");
return 1;
}
if ((err = admin_remove_user("user1")) != NULL)
if ((err = admin_local_remove_user("user1")) != NULL)
{
fprintf(stderr, "admin_remove_user: test 3.4 (add user) failed, %s.\n", err);
return 1;
}
if (admin_search_user("user1"))
if (admin_local_search_user("user1"))
{
fprintf(stderr, "admin_search_user: test 3.5 (search user) failed - user was deleted.\n");
@ -172,13 +172,14 @@ test3()
static int
test4()
{
char *err, user[40], passwd[40];
const char *err;
char user[40], passwd[40];
int i, n_users = 50;
for (i = 1; i < n_users; i++)
{
sprintf(user, "user%d", i);
if ((err = admin_add_user(user)) != NULL)
if ((err = admin_local_add_user(user)) != NULL)
{
fprintf(stderr, "admin_add_user: test 4.1 (add user) failed, %s.\n", err);
@ -189,7 +190,7 @@ test4()
for (i = 1; i < n_users; i++)
{
sprintf(user, "user%d", i);
if (admin_search_user(user) == 0)
if (admin_local_search_user(user) == 0)
{
fprintf(stderr, "admin_search_user: test 4.2 (search user) failed.\n");
@ -200,7 +201,7 @@ test4()
for (i = 1; i < n_users; i++)
{
sprintf(user, "user%d", i);
if ((err = admin_remove_user(user)) != NULL)
if ((err = admin_local_remove_user(user)) != NULL)
{
fprintf(stderr, "admin_remove_user: test 4.3 (add user) failed, %s.\n", err);
@ -220,16 +221,16 @@ test4()
static int
test5()
{
char *err;
const char *err;
if ((err = admin_add_user("user")) != NULL)
if ((err = admin_local_add_user("user")) != NULL)
{
fprintf(stderr, "admin_add_user: test 5.1 (add user) failed, %s.\n", err);
return 1;
}
if ((err = admin_remove_user("user0")) != NULL)
if ((err = admin_local_remove_user("user0")) != NULL)
{
fprintf(stderr, "admin_remove_user: test 5.2 (add user) failed, %s.\n", err);

10
server/include/adminusers.h.in
View File

@ -51,12 +51,12 @@ typedef struct admin_session
#endif
} ADMIN_session;
extern int admin_verify(char *, char *);
extern char *admin_add_user(char *);
extern int admin_search_user(char *);
extern void dcb_PrintAdminUsers(DCB *dcb);
extern const char *admin_local_add_user(const char *uname);
extern const char *admin_local_remove_user(const char *uname);
extern bool admin_local_search_user(const char *uname);
char* admin_remove_user(char* uname);
extern bool admin_remote_verify(const char *uname, const char *password);
extern void dcb_PrintAdminUsers(DCB *dcb);
#endif

2
server/modules/authenticator/max_admin_auth.c
View File

@ -142,7 +142,7 @@ max_admin_auth_set_protocol_data(DCB *dcb, GWBUF *buf)
dcb->data = (void *)session_data;
/* Check for existance of the user */
if (admin_search_user(session_data->user))
if (admin_local_search_user(session_data->user))
{
session_data->validated = true;
return 0;

2
server/modules/protocol/telnetd.c
View File

@ -202,7 +202,7 @@ static int telnetd_read_event(DCB* dcb)
{
*t = 0;
}
if (admin_verify(telnetd->username, password))
if (admin_remote_verify(telnetd->username, password))
{
telnetd_echo(dcb, 1);
telnetd->state = TELNETD_STATE_DATA;

12
server/modules/routing/debugcmd.c
View File

@ -1282,15 +1282,15 @@ reload_config(DCB *dcb)
static void
telnetdAddUser(DCB *dcb, char *user)
{
char *err;
const char *err;
if (admin_search_user(user))
if (admin_local_search_user(user))
{
dcb_printf(dcb, "User %s already exists.\n", user);
return;
}
if ((err = admin_add_user(user)) == NULL)
if ((err = admin_local_add_user(user)) == NULL)
{
dcb_printf(dcb, "User %s has been successfully added.\n", user);
}
@ -1311,15 +1311,15 @@ static void telnetdRemoveUser(
DCB* dcb,
char* user)
{
char* err;
const char* err;
if (!admin_search_user(user))
if (!admin_local_search_user(user))
{
dcb_printf(dcb, "User %s doesn't exist.\n", user);
return;
}
if ((err = admin_remove_user(user)) == NULL)
if ((err = admin_local_remove_user(user)) == NULL)
{
dcb_printf(dcb, "User %s has been successfully removed.\n", user);
}