hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prepare for local/remote admin users

Browse Source 
Local admins are the ones accessing MaxScale on the same host
over a Unix domain socket, and who are strongly identified), and
optional remote admins are the ones accessing MaxScale potentially
over a tcp socket (potentially over the network), and who are
weakly identified.

These are completely separate and a different set of functions
will be needed for managing them. This initial change merely
renames the functions.
This commit is contained in:
Johan Wikman
2016-08-30 15:37:46 +03:00
parent e54cc95a20
commit 94aecf4ada
6 changed files with 53 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
server/core/adminusers.c
View File

@ -85,8 +85,8 @@ initialise()
* @param password Password to verify * @param password Password to verify
* @return Non-zero if the username/password combination is valid * @return Non-zero if the username/password combination is valid
*/ */
int bool
admin_verify(char *username, char *password) admin_remote_verify(const char *username, const char *password)
{ {
char *pw; char *pw;
@ -95,23 +95,23 @@ admin_verify(char *username, char *password)
{ {
if (strcmp(username, "admin") == 0 && strcmp(password, "mariadb") == 0) if (strcmp(username, "admin") == 0 && strcmp(password, "mariadb") == 0)
{ {
return 1; return true;
} }
} }
else else
{ {
if ((pw = users_fetch(users, username)) == NULL) if ((pw = users_fetch(users, (char*)username)) == NULL) // TODO: Make users const-correct.
{ {
return 0; return false;
} }
struct crypt_data cdata; struct crypt_data cdata;
cdata.initialized = 0; cdata.initialized = 0;
if (strcmp(pw, crypt_r(password, ADMIN_SALT, &cdata)) == 0) if (strcmp(pw, crypt_r(password, ADMIN_SALT, &cdata)) == 0)
{ {
return 1; return true;
} }
} }
return 0; return false;
} }
@ -187,8 +187,7 @@ loadUsers()
* @param uname Name of the new user * @param uname Name of the new user
* @return NULL on success or an error string on failure * @return NULL on success or an error string on failure
*/ */
char * const char *admin_local_add_user(const char *uname)
admin_add_user(char *uname)
{ {
FILE *fp; FILE *fp;
char fname[PATH_MAX], *home; char fname[PATH_MAX], *home;
@ -219,11 +218,11 @@ admin_add_user(char *uname)
} }
fclose(fp); fclose(fp);
} }
if (users_fetch(users, uname) != NULL) if (users_fetch(users, (char*)uname) != NULL) // TODO: Make users const correct.
{ {
return ADMIN_ERR_DUPLICATE; return ADMIN_ERR_DUPLICATE;
} }
users_add(users, uname, ""); users_add(users, (char*)uname, ""); // TODO: Make users const correct.
if ((fp = fopen(fname, "a")) == NULL) if ((fp = fopen(fname, "a")) == NULL)
{ {
MXS_ERROR("Unable to append to password file %s.", fname); MXS_ERROR("Unable to append to password file %s.", fname);
@ -241,8 +240,7 @@ admin_add_user(char *uname)
* @param uname Name of the new user * @param uname Name of the new user
* @return NULL on success or an error string on failure * @return NULL on success or an error string on failure
*/ */
char* admin_remove_user( const char* admin_local_remove_user(const char* uname)
char* uname)
{ {
FILE* fp; FILE* fp;
FILE* fp_tmp; FILE* fp_tmp;
@ -260,14 +258,14 @@ char* admin_remove_user(
return ADMIN_ERR_DELROOT; return ADMIN_ERR_DELROOT;
} }
if (!admin_search_user(uname)) if (!admin_local_search_user(uname))
{ {
MXS_ERROR("Couldn't find user %s. Removing user failed.", uname); MXS_ERROR("Couldn't find user %s. Removing user failed.", uname);
return ADMIN_ERR_USERNOTFOUND; return ADMIN_ERR_USERNOTFOUND;
} }
/** Remove user from in-memory structure */ /** Remove user from in-memory structure */
users_delete(users, uname); users_delete(users, (char*)uname); // TODO: Make users const correct.
/** /**
* Open passwd file and remove user from the file. * Open passwd file and remove user from the file.
@ -393,10 +391,9 @@ char* admin_remove_user(
* Check for existance of the user * Check for existance of the user
* *
* @param user The user name to test * @param user The user name to test
* @return Non-zero if the user exists * @return True if the user exists
*/ */
int bool admin_local_search_user(const char *user)
admin_search_user(char *user)
{ {
initialise(); initialise();
@ -404,11 +401,11 @@ admin_search_user(char *user)
if (strcmp(user, DEFAULT_ADMIN_USER) == 0) if (strcmp(user, DEFAULT_ADMIN_USER) == 0)
{ {
rv = 1; rv = true;
} }
else if (users) else if (users)
{ {
rv = (users_fetch(users, user) != NULL); rv = (users_fetch(users, (char*)user) != NULL); // TODO: Make users const correct.
} }
return rv; return rv;

41
server/core/test/testadminusers.c
View File

@ -49,12 +49,12 @@
static int static int
test1() test1()
{ {
if (admin_verify("admin", "mariadb") == 0) if (admin_remote_verify("admin", "mariadb") == 0)
{ {
fprintf(stderr, "admin_verify: test 1.1 (default user) failed.\n"); fprintf(stderr, "admin_verify: test 1.1 (default user) failed.\n");
return 1; return 1;
} }
if (admin_verify("bad", "user")) if (admin_remote_verify("bad", "user"))
{ {
fprintf(stderr, "admin_verify: test 1.2 (wrong user) failed.\n"); fprintf(stderr, "admin_verify: test 1.2 (wrong user) failed.\n");
return 1; return 1;
@ -73,15 +73,15 @@ test1()
static int static int
test2() test2()
{ {
char *err; const char *err;
if ((err = admin_add_user("user0")) != NULL) if ((err = admin_local_add_user("user0")) != NULL)
{ {
fprintf(stderr, "admin_add_user: test 2.1 (add user) failed, %s.\n", err); fprintf(stderr, "admin_add_user: test 2.1 (add user) failed, %s.\n", err);
return 1; return 1;
} }
if (admin_add_user("user0") == NULL) if (admin_local_add_user("user0") == NULL)
{ {
fprintf(stderr, "admin_add_user: test 2.2 (add user) failed, duplicate.\n"); fprintf(stderr, "admin_add_user: test 2.2 (add user) failed, duplicate.\n");
@ -89,7 +89,7 @@ test2()
} }
/* Deleting the last user is not forbidden so we expect this to succeed */ /* Deleting the last user is not forbidden so we expect this to succeed */
if ((err = admin_remove_user("user0")) != NULL) if ((err = admin_local_remove_user("user0")) != NULL)
{ {
fprintf(stderr, "admin_remove_user: test 2.3 (add user) failed, %s.\n", err); fprintf(stderr, "admin_remove_user: test 2.3 (add user) failed, %s.\n", err);
@ -97,7 +97,7 @@ test2()
} }
/* Add the user back, for test5. */ /* Add the user back, for test5. */
if ((err = admin_add_user("user0")) != NULL) if ((err = admin_local_add_user("user0")) != NULL)
{ {
fprintf(stderr, "admin_add_user: test 2.4 (add user) failed, %s.\n", err); fprintf(stderr, "admin_add_user: test 2.4 (add user) failed, %s.\n", err);
@ -119,37 +119,37 @@ test2()
static int static int
test3() test3()
{ {
char *err; const char *err;
if ((err = admin_add_user("user1")) != NULL) if ((err = admin_local_add_user("user1")) != NULL)
{ {
fprintf(stderr, "admin_add_user: test 3.1 (add user) failed, %s.\n", err); fprintf(stderr, "admin_add_user: test 3.1 (add user) failed, %s.\n", err);
return 1; return 1;
} }
if (admin_search_user("user1") == 0) if (admin_local_search_user("user1") == 0)
{ {
fprintf(stderr, "admin_search_user: test 3.2 (search user) failed.\n"); fprintf(stderr, "admin_search_user: test 3.2 (search user) failed.\n");
return 1; return 1;
} }
if (admin_search_user("user2") != 0) if (admin_local_search_user("user2") != 0)
{ {
fprintf(stderr, "admin_search_user: test 3.3 (search user) failed, unexpeted user found.\n"); fprintf(stderr, "admin_search_user: test 3.3 (search user) failed, unexpeted user found.\n");
return 1; return 1;
} }
if ((err = admin_remove_user("user1")) != NULL) if ((err = admin_local_remove_user("user1")) != NULL)
{ {
fprintf(stderr, "admin_remove_user: test 3.4 (add user) failed, %s.\n", err); fprintf(stderr, "admin_remove_user: test 3.4 (add user) failed, %s.\n", err);
return 1; return 1;
} }
if (admin_search_user("user1")) if (admin_local_search_user("user1"))
{ {
fprintf(stderr, "admin_search_user: test 3.5 (search user) failed - user was deleted.\n"); fprintf(stderr, "admin_search_user: test 3.5 (search user) failed - user was deleted.\n");
@ -172,13 +172,14 @@ test3()
static int static int
test4() test4()
{ {
char *err, user[40], passwd[40]; const char *err;
char user[40], passwd[40];
int i, n_users = 50; int i, n_users = 50;
for (i = 1; i < n_users; i++) for (i = 1; i < n_users; i++)
{ {
sprintf(user, "user%d", i); sprintf(user, "user%d", i);
if ((err = admin_add_user(user)) != NULL) if ((err = admin_local_add_user(user)) != NULL)
{ {
fprintf(stderr, "admin_add_user: test 4.1 (add user) failed, %s.\n", err); fprintf(stderr, "admin_add_user: test 4.1 (add user) failed, %s.\n", err);
@ -189,7 +190,7 @@ test4()
for (i = 1; i < n_users; i++) for (i = 1; i < n_users; i++)
{ {
sprintf(user, "user%d", i); sprintf(user, "user%d", i);
if (admin_search_user(user) == 0) if (admin_local_search_user(user) == 0)
{ {
fprintf(stderr, "admin_search_user: test 4.2 (search user) failed.\n"); fprintf(stderr, "admin_search_user: test 4.2 (search user) failed.\n");
@ -200,7 +201,7 @@ test4()
for (i = 1; i < n_users; i++) for (i = 1; i < n_users; i++)
{ {
sprintf(user, "user%d", i); sprintf(user, "user%d", i);
if ((err = admin_remove_user(user)) != NULL) if ((err = admin_local_remove_user(user)) != NULL)
{ {
fprintf(stderr, "admin_remove_user: test 4.3 (add user) failed, %s.\n", err); fprintf(stderr, "admin_remove_user: test 4.3 (add user) failed, %s.\n", err);
@ -220,16 +221,16 @@ test4()
static int static int
test5() test5()
{ {
char *err; const char *err;
if ((err = admin_add_user("user")) != NULL) if ((err = admin_local_add_user("user")) != NULL)
{ {
fprintf(stderr, "admin_add_user: test 5.1 (add user) failed, %s.\n", err); fprintf(stderr, "admin_add_user: test 5.1 (add user) failed, %s.\n", err);
return 1; return 1;
} }
if ((err = admin_remove_user("user0")) != NULL) if ((err = admin_local_remove_user("user0")) != NULL)
{ {
fprintf(stderr, "admin_remove_user: test 5.2 (add user) failed, %s.\n", err); fprintf(stderr, "admin_remove_user: test 5.2 (add user) failed, %s.\n", err);

12
server/include/adminusers.h.in
View File

@ -51,12 +51,12 @@ typedef struct admin_session
#endif #endif
} ADMIN_session; } ADMIN_session;
extern int admin_verify(char *, char *); extern const char *admin_local_add_user(const char *uname);
extern char *admin_add_user(char *); extern const char *admin_local_remove_user(const char *uname);
extern int admin_search_user(char *); extern bool admin_local_search_user(const char *uname);
extern bool admin_remote_verify(const char *uname, const char *password);
extern void dcb_PrintAdminUsers(DCB *dcb); extern void dcb_PrintAdminUsers(DCB *dcb);
char* admin_remove_user(char* uname);
#endif #endif

2
server/modules/authenticator/max_admin_auth.c
View File

@ -142,7 +142,7 @@ max_admin_auth_set_protocol_data(DCB *dcb, GWBUF *buf)
dcb->data = (void *)session_data; dcb->data = (void *)session_data;
/* Check for existance of the user */ /* Check for existance of the user */
if (admin_search_user(session_data->user)) if (admin_local_search_user(session_data->user))
{ {
session_data->validated = true; session_data->validated = true;
return 0; return 0;

2
server/modules/protocol/telnetd.c
View File

@ -202,7 +202,7 @@ static int telnetd_read_event(DCB* dcb)
{ {
*t = 0; *t = 0;
} }
if (admin_verify(telnetd->username, password)) if (admin_remote_verify(telnetd->username, password))
{ {
telnetd_echo(dcb, 1); telnetd_echo(dcb, 1);
telnetd->state = TELNETD_STATE_DATA; telnetd->state = TELNETD_STATE_DATA;

12
server/modules/routing/debugcmd.c
View File

@ -1282,15 +1282,15 @@ reload_config(DCB *dcb)
static void static void
telnetdAddUser(DCB *dcb, char *user) telnetdAddUser(DCB *dcb, char *user)
{ {
char *err; const char *err;
if (admin_search_user(user)) if (admin_local_search_user(user))
{ {
dcb_printf(dcb, "User %s already exists.\n", user); dcb_printf(dcb, "User %s already exists.\n", user);
return; return;
} }
if ((err = admin_add_user(user)) == NULL) if ((err = admin_local_add_user(user)) == NULL)
{ {
dcb_printf(dcb, "User %s has been successfully added.\n", user); dcb_printf(dcb, "User %s has been successfully added.\n", user);
} }
@ -1311,15 +1311,15 @@ static void telnetdRemoveUser(
DCB* dcb, DCB* dcb,
char* user) char* user)
{ {
char* err; const char* err;
if (!admin_search_user(user)) if (!admin_local_search_user(user))
{ {
dcb_printf(dcb, "User %s doesn't exist.\n", user); dcb_printf(dcb, "User %s doesn't exist.\n", user);
return; return;
} }
if ((err = admin_remove_user(user)) == NULL) if ((err = admin_local_remove_user(user)) == NULL)
{ {
dcb_printf(dcb, "User %s has been successfully removed.\n", user); dcb_printf(dcb, "User %s has been successfully removed.\n", user);
} }