From 94aecf4ada6c5983769d3751d96f37eea48bb5d3 Mon Sep 17 00:00:00 2001 From: Johan Wikman Date: Tue, 30 Aug 2016 15:37:46 +0300 Subject: [PATCH] Prepare for local/remote admin users Local admins are the ones accessing MaxScale on the same host over a Unix domain socket, and who are strongly identified), and optional remote admins are the ones accessing MaxScale potentially over a tcp socket (potentially over the network), and who are weakly identified. These are completely separate and a different set of functions will be needed for managing them. This initial change merely renames the functions. --- server/core/adminusers.c | 41 +++++++++---------- server/core/test/testadminusers.c | 41 ++++++++++--------- server/include/adminusers.h.in | 10 ++--- server/modules/authenticator/max_admin_auth.c | 2 +- server/modules/protocol/telnetd.c | 2 +- server/modules/routing/debugcmd.c | 12 +++--- 6 files changed, 53 insertions(+), 55 deletions(-) diff --git a/server/core/adminusers.c b/server/core/adminusers.c index 0c5dd9f64..38be3f133 100644 --- a/server/core/adminusers.c +++ b/server/core/adminusers.c @@ -85,8 +85,8 @@ initialise() * @param password Password to verify * @return Non-zero if the username/password combination is valid */ -int -admin_verify(char *username, char *password) +bool +admin_remote_verify(const char *username, const char *password) { char *pw; @@ -95,23 +95,23 @@ admin_verify(char *username, char *password) { if (strcmp(username, "admin") == 0 && strcmp(password, "mariadb") == 0) { - return 1; + return true; } } else { - if ((pw = users_fetch(users, username)) == NULL) + if ((pw = users_fetch(users, (char*)username)) == NULL) // TODO: Make users const-correct. { - return 0; + return false; } struct crypt_data cdata; cdata.initialized = 0; if (strcmp(pw, crypt_r(password, ADMIN_SALT, &cdata)) == 0) { - return 1; + return true; } } - return 0; + return false; } @@ -184,11 +184,10 @@ loadUsers() /** * Add user * - * @param uname Name of the new user - * @return NULL on success or an error string on failure + * @param uname Name of the new user + * @return NULL on success or an error string on failure */ -char * -admin_add_user(char *uname) +const char *admin_local_add_user(const char *uname) { FILE *fp; char fname[PATH_MAX], *home; @@ -219,11 +218,11 @@ admin_add_user(char *uname) } fclose(fp); } - if (users_fetch(users, uname) != NULL) + if (users_fetch(users, (char*)uname) != NULL) // TODO: Make users const correct. { return ADMIN_ERR_DUPLICATE; } - users_add(users, uname, ""); + users_add(users, (char*)uname, ""); // TODO: Make users const correct. if ((fp = fopen(fname, "a")) == NULL) { MXS_ERROR("Unable to append to password file %s.", fname); @@ -241,8 +240,7 @@ admin_add_user(char *uname) * @param uname Name of the new user * @return NULL on success or an error string on failure */ -char* admin_remove_user( - char* uname) +const char* admin_local_remove_user(const char* uname) { FILE* fp; FILE* fp_tmp; @@ -260,14 +258,14 @@ char* admin_remove_user( return ADMIN_ERR_DELROOT; } - if (!admin_search_user(uname)) + if (!admin_local_search_user(uname)) { MXS_ERROR("Couldn't find user %s. Removing user failed.", uname); return ADMIN_ERR_USERNOTFOUND; } /** Remove user from in-memory structure */ - users_delete(users, uname); + users_delete(users, (char*)uname); // TODO: Make users const correct. /** * Open passwd file and remove user from the file. @@ -393,10 +391,9 @@ char* admin_remove_user( * Check for existance of the user * * @param user The user name to test - * @return Non-zero if the user exists + * @return True if the user exists */ -int -admin_search_user(char *user) +bool admin_local_search_user(const char *user) { initialise(); @@ -404,11 +401,11 @@ admin_search_user(char *user) if (strcmp(user, DEFAULT_ADMIN_USER) == 0) { - rv = 1; + rv = true; } else if (users) { - rv = (users_fetch(users, user) != NULL); + rv = (users_fetch(users, (char*)user) != NULL); // TODO: Make users const correct. } return rv; diff --git a/server/core/test/testadminusers.c b/server/core/test/testadminusers.c index 2275b51ef..508c580fa 100644 --- a/server/core/test/testadminusers.c +++ b/server/core/test/testadminusers.c @@ -49,12 +49,12 @@ static int test1() { - if (admin_verify("admin", "mariadb") == 0) + if (admin_remote_verify("admin", "mariadb") == 0) { fprintf(stderr, "admin_verify: test 1.1 (default user) failed.\n"); return 1; } - if (admin_verify("bad", "user")) + if (admin_remote_verify("bad", "user")) { fprintf(stderr, "admin_verify: test 1.2 (wrong user) failed.\n"); return 1; @@ -73,15 +73,15 @@ test1() static int test2() { - char *err; + const char *err; - if ((err = admin_add_user("user0")) != NULL) + if ((err = admin_local_add_user("user0")) != NULL) { fprintf(stderr, "admin_add_user: test 2.1 (add user) failed, %s.\n", err); return 1; } - if (admin_add_user("user0") == NULL) + if (admin_local_add_user("user0") == NULL) { fprintf(stderr, "admin_add_user: test 2.2 (add user) failed, duplicate.\n"); @@ -89,7 +89,7 @@ test2() } /* Deleting the last user is not forbidden so we expect this to succeed */ - if ((err = admin_remove_user("user0")) != NULL) + if ((err = admin_local_remove_user("user0")) != NULL) { fprintf(stderr, "admin_remove_user: test 2.3 (add user) failed, %s.\n", err); @@ -97,7 +97,7 @@ test2() } /* Add the user back, for test5. */ - if ((err = admin_add_user("user0")) != NULL) + if ((err = admin_local_add_user("user0")) != NULL) { fprintf(stderr, "admin_add_user: test 2.4 (add user) failed, %s.\n", err); @@ -119,37 +119,37 @@ test2() static int test3() { - char *err; + const char *err; - if ((err = admin_add_user("user1")) != NULL) + if ((err = admin_local_add_user("user1")) != NULL) { fprintf(stderr, "admin_add_user: test 3.1 (add user) failed, %s.\n", err); return 1; } - if (admin_search_user("user1") == 0) + if (admin_local_search_user("user1") == 0) { fprintf(stderr, "admin_search_user: test 3.2 (search user) failed.\n"); return 1; } - if (admin_search_user("user2") != 0) + if (admin_local_search_user("user2") != 0) { fprintf(stderr, "admin_search_user: test 3.3 (search user) failed, unexpeted user found.\n"); return 1; } - if ((err = admin_remove_user("user1")) != NULL) + if ((err = admin_local_remove_user("user1")) != NULL) { fprintf(stderr, "admin_remove_user: test 3.4 (add user) failed, %s.\n", err); return 1; } - if (admin_search_user("user1")) + if (admin_local_search_user("user1")) { fprintf(stderr, "admin_search_user: test 3.5 (search user) failed - user was deleted.\n"); @@ -172,13 +172,14 @@ test3() static int test4() { - char *err, user[40], passwd[40]; + const char *err; + char user[40], passwd[40]; int i, n_users = 50; for (i = 1; i < n_users; i++) { sprintf(user, "user%d", i); - if ((err = admin_add_user(user)) != NULL) + if ((err = admin_local_add_user(user)) != NULL) { fprintf(stderr, "admin_add_user: test 4.1 (add user) failed, %s.\n", err); @@ -189,7 +190,7 @@ test4() for (i = 1; i < n_users; i++) { sprintf(user, "user%d", i); - if (admin_search_user(user) == 0) + if (admin_local_search_user(user) == 0) { fprintf(stderr, "admin_search_user: test 4.2 (search user) failed.\n"); @@ -200,7 +201,7 @@ test4() for (i = 1; i < n_users; i++) { sprintf(user, "user%d", i); - if ((err = admin_remove_user(user)) != NULL) + if ((err = admin_local_remove_user(user)) != NULL) { fprintf(stderr, "admin_remove_user: test 4.3 (add user) failed, %s.\n", err); @@ -220,16 +221,16 @@ test4() static int test5() { - char *err; + const char *err; - if ((err = admin_add_user("user")) != NULL) + if ((err = admin_local_add_user("user")) != NULL) { fprintf(stderr, "admin_add_user: test 5.1 (add user) failed, %s.\n", err); return 1; } - if ((err = admin_remove_user("user0")) != NULL) + if ((err = admin_local_remove_user("user0")) != NULL) { fprintf(stderr, "admin_remove_user: test 5.2 (add user) failed, %s.\n", err); diff --git a/server/include/adminusers.h.in b/server/include/adminusers.h.in index ea0268950..5cb692873 100644 --- a/server/include/adminusers.h.in +++ b/server/include/adminusers.h.in @@ -51,12 +51,12 @@ typedef struct admin_session #endif } ADMIN_session; -extern int admin_verify(char *, char *); -extern char *admin_add_user(char *); -extern int admin_search_user(char *); -extern void dcb_PrintAdminUsers(DCB *dcb); +extern const char *admin_local_add_user(const char *uname); +extern const char *admin_local_remove_user(const char *uname); +extern bool admin_local_search_user(const char *uname); -char* admin_remove_user(char* uname); +extern bool admin_remote_verify(const char *uname, const char *password); +extern void dcb_PrintAdminUsers(DCB *dcb); #endif diff --git a/server/modules/authenticator/max_admin_auth.c b/server/modules/authenticator/max_admin_auth.c index c90d77c65..f081e9837 100644 --- a/server/modules/authenticator/max_admin_auth.c +++ b/server/modules/authenticator/max_admin_auth.c @@ -142,7 +142,7 @@ max_admin_auth_set_protocol_data(DCB *dcb, GWBUF *buf) dcb->data = (void *)session_data; /* Check for existance of the user */ - if (admin_search_user(session_data->user)) + if (admin_local_search_user(session_data->user)) { session_data->validated = true; return 0; diff --git a/server/modules/protocol/telnetd.c b/server/modules/protocol/telnetd.c index 0dc1fbab9..38e91c330 100644 --- a/server/modules/protocol/telnetd.c +++ b/server/modules/protocol/telnetd.c @@ -202,7 +202,7 @@ static int telnetd_read_event(DCB* dcb) { *t = 0; } - if (admin_verify(telnetd->username, password)) + if (admin_remote_verify(telnetd->username, password)) { telnetd_echo(dcb, 1); telnetd->state = TELNETD_STATE_DATA; diff --git a/server/modules/routing/debugcmd.c b/server/modules/routing/debugcmd.c index 035e3b837..04e8ef5a7 100644 --- a/server/modules/routing/debugcmd.c +++ b/server/modules/routing/debugcmd.c @@ -1282,15 +1282,15 @@ reload_config(DCB *dcb) static void telnetdAddUser(DCB *dcb, char *user) { - char *err; + const char *err; - if (admin_search_user(user)) + if (admin_local_search_user(user)) { dcb_printf(dcb, "User %s already exists.\n", user); return; } - if ((err = admin_add_user(user)) == NULL) + if ((err = admin_local_add_user(user)) == NULL) { dcb_printf(dcb, "User %s has been successfully added.\n", user); } @@ -1311,15 +1311,15 @@ static void telnetdRemoveUser( DCB* dcb, char* user) { - char* err; + const char* err; - if (!admin_search_user(user)) + if (!admin_local_search_user(user)) { dcb_printf(dcb, "User %s doesn't exist.\n", user); return; } - if ((err = admin_remove_user(user)) == NULL) + if ((err = admin_local_remove_user(user)) == NULL) { dcb_printf(dcb, "User %s has been successfully removed.\n", user); }