diff --git a/server/core/config.c b/server/core/config.c index b67376751..1ba2bcbf4 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -35,6 +35,7 @@ * 23/05/14 Massimiliano Pinto Added automatic set of maxscale-id: first listening ipv4_raw + port + pid * 28/05/14 Massimiliano Pinto Added detect_replication_lag parameter * 28/08/14 Massimiliano Pinto Added detect_stale_master parameter + * 09/09/14 Massimiliano Pinto Added localhost_match_wildcard_host parameter * 12/09/14 Mark Riddoch Addition of checks on servers list and * internal router suppression of messages * @@ -291,6 +292,9 @@ int error_count = 0; is_rwsplit = true; } + char *allow_localhost_match_wildcard_host = + config_get_value(obj->parameters, "localhost_match_wildcard_host"); + if (obj->element == NULL) /*< if module load failed */ { LOGIF(LE, (skygw_log_write_flush( @@ -325,6 +329,11 @@ int error_count = 0; if (weightby) serviceWeightBy(obj->element, weightby); + if (allow_localhost_match_wildcard_host) + serviceEnableLocalhostMatchWildcardHost( + obj->element, + config_truth_value(allow_localhost_match_wildcard_host)); + if (!auth) auth = config_get_value(obj->parameters, "auth"); @@ -1191,6 +1200,7 @@ SERVER *server; char* max_slave_conn_str; char* max_slave_rlag_str; char *version_string; + char *allow_localhost_match_wildcard_host; enable_root_user = config_get_value(obj->parameters, "enable_root_user"); @@ -1201,6 +1211,8 @@ SERVER *server; version_string = config_get_value(obj->parameters, "version_string"); + allow_localhost_match_wildcard_host = config_get_value(obj->parameters, "localhost_match_wildcard_host"); + if (version_string) { if (service->version_string) { free(service->version_string); @@ -1214,6 +1226,11 @@ SERVER *server; auth); if (enable_root_user) serviceEnableRootUser(service, atoi(enable_root_user)); + + if (allow_localhost_match_wildcard_host) + serviceEnableLocalhostMatchWildcardHost( + service, + atoi(allow_localhost_match_wildcard_host)); /** Read, validate and set max_slave_connections */ max_slave_conn_str = @@ -1308,10 +1325,13 @@ SERVER *server; char *user; char *auth; char *enable_root_user; + char *allow_localhost_match_wildcard_host; enable_root_user = config_get_value(obj->parameters, "enable_root_user"); + allow_localhost_match_wildcard_host = + config_get_value(obj->parameters, "localhost_match_wildcard_host"); user = config_get_value(obj->parameters, "user"); @@ -1327,6 +1347,11 @@ SERVER *server; auth); if (enable_root_user) serviceEnableRootUser(service, atoi(enable_root_user)); + + if (allow_localhost_match_wildcard_host) + serviceEnableLocalhostMatchWildcardHost( + service, + atoi(allow_localhost_match_wildcard_host)); } } } @@ -1544,6 +1569,7 @@ static char *service_params[] = "user", "passwd", "enable_root_user", + "localhost_match_wildcard_host", "max_slave_connections", "max_slave_replication_lag", "use_sql_variables_in", /*< rwsplit only */ diff --git a/server/core/service.c b/server/core/service.c index 69b446b09..a5e08f937 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -31,6 +31,7 @@ * 07/05/14 Massimiliano Pinto Added: version_string initialized to NULL * 23/05/14 Mark Riddoch Addition of service validation call * 29/05/14 Mark Riddoch Filter API implementation + * 09/09/14 Massimiliano Pinto Added service option for localhost authentication * * @endverbatim */ @@ -128,6 +129,7 @@ SERVICE *service; service->credentials.name = NULL; service->credentials.authdata = NULL; service->enable_root = 0; + service->localhost_match_wildcard_host = 0; service->routerOptions = NULL; service->databases = NULL; service->svc_config_param = NULL; @@ -1288,3 +1290,23 @@ serviceGetWeightingParameter(SERVICE *service) { return service->weightby; } + +/** + * Enable/Disable localhost authentication match criteria + * associated with this service. + * + * @param service The service we are setting the data for + * @param action 1 for enable, 0 for disable access + * @return 0 on failure + */ + +int +serviceEnableLocalhostMatchWildcardHost(SERVICE *service, int action) +{ + if (action != 0 && action != 1) + return 0; + + service->localhost_match_wildcard_host = action; + + return 1; +} diff --git a/server/include/service.h b/server/include/service.h index abedaec7c..139a08056 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -44,6 +44,7 @@ * struct * 29/05/14 Mark Riddoch Filter API mechanism * 26/06/14 Mark Riddoch Added WeightBy support + * 09/09/14 Massimiliano Pinto Added service option for localhost authentication * * @endverbatim */ @@ -122,6 +123,7 @@ typedef struct service { SERVICE_STATS stats; /**< The service statistics */ struct users *users; /**< The user data for this service */ int enable_root; /**< Allow root user access */ + int localhost_match_wildcard_host; /**< Match localhost against wildcard */ CONFIG_PARAMETER* svc_config_param; /*< list of config params and values */ int svc_config_version; /*< Version number of configuration */ @@ -161,6 +163,7 @@ extern void serviceSetFilters(SERVICE *, char *); extern int serviceEnableRootUser(SERVICE *, int ); extern void serviceWeightBy(SERVICE *, char *); extern char *serviceGetWeightingParameter(SERVICE *); +extern int serviceEnableLocalhostMatchWildcardHost(SERVICE *, int); extern void service_update(SERVICE *, char *, char *, char *); extern int service_refresh_users(SERVICE *); extern void printService(SERVICE *); diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 3c8a70bd9..c106ac420 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -42,6 +42,7 @@ #include #include #include +#include MODULE_INFO info = { MODULE_API_PROTOCOL, diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c index f9c0ebdea..2473cc6ce 100644 --- a/server/modules/protocol/mysql_common.c +++ b/server/modules/protocol/mysql_common.c @@ -26,6 +26,11 @@ * 04/09/2013 Massimiliano Pinto Added dcb NULL assert in mysql_send_custom_error * 12/09/2013 Massimiliano Pinto Added checks in gw_decode_mysql_server_handshake and gw_read_backend_handshake * 10/02/2014 Massimiliano Pinto Added MySQL Authentication with user@host + * 10/09/2014 Massimiliano Pinto Added MySQL Authentication option enabling localhost match with any host (wildcard %) + * Backend server configuration may differ so default is 0, don't match and an explicit + * localhost entry should be added for the selected user in the backends. + * Setting to 1 allow localhost (127.0.0.1 or socket) to match the any host grant via + * user@% * */ @@ -1345,12 +1350,12 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password, * The check for localhost is 127.0.0.1 (IPv4 only) */ - if (key.ipv4.sin_addr.s_addr == 0x0100007F) { + if ((key.ipv4.sin_addr.s_addr == 0x0100007F) && !dcb->service->localhost_match_wildcard_host) { /* Skip the wildcard check and return 1 */ - LOGIF(LD, + LOGIF(LE, (skygw_log_write_flush( - LOGFILE_DEBUG, - "%lu [MySQL Client Auth], user [%s@%s] not existent", + LOGFILE_ERROR, + "%lu [MySQL Client Auth], user [%s@%s] not found, please try with 'localhost_match_wildcard_host=1' in service definition", pthread_self(), key.user, dcb->remote))); @@ -1694,8 +1699,6 @@ void protocol_add_srv_command( MySQLProtocol* p, mysql_server_cmd_t cmd) { - server_command_t* c; - spinlock_acquire(&p->protocol_lock); if (p->protocol_state != MYSQL_PROTOCOL_ACTIVE)