Return correct value for failed db authentication

The unknown database error was never triggered as all authentication errors returned MXS_AUTH_FAILED.
2017-01-30 17:01:16 +02:00 · 2017-01-30 17:01:16 +02:00 · a3a2a24c97
commit a3a2a24c97
parent b2c018a986
3 changed files with 30 additions and 19 deletions
--- a/server/modules/authenticator/MySQLAuth/dbusers.c
+++ b/server/modules/authenticator/MySQLAuth/dbusers.c
@ -218,13 +218,13 @@ static int auth_cb(void *data, int columns, char** rows, char** row_names)
    return 0;
 }

-bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
-                         uint8_t *scramble, size_t scramble_len)
+int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
+                        uint8_t *scramble, size_t scramble_len)
 {
    size_t len = sizeof(mysqlauth_validate_user_query) + strlen(session->user) * 2 +
                 strlen(session->db) * 2 + MYSQL_HOST_MAXLEN + session->auth_token_len * 4 + 1;
    char sql[len + 1];
-    bool rval = false;
+    int rval = MXS_AUTH_FAILED;
    char *err;

    sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
@ -259,18 +259,25 @@ bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
    if (res.ok)
    {
        /** Found a matching row */
-        if (session->auth_token_len)
-        {
-            /** If authentication fails, this will trigger the right
-             * error message with `Using password : YES` */
-            session->client_sha1[0] = '_';
-        }

        if (check_password(res.output, session->auth_token, session->auth_token_len,
                           scramble, scramble_len, session->client_sha1))
        {
            /** Password is OK, check that the database exists */
-            rval = check_database(handle, session->db);
+            if (check_database(handle, session->db))
+            {
+                rval = MXS_AUTH_SUCCEEDED;
+            }
+            else
+            {
+                rval = MXS_AUTH_FAILED_DB;
+            }
+        }
+        else if (session->auth_token_len)
+        {
+            /** If authentication fails, this will trigger the right
+             * error message with `Using password : YES` */
+            session->client_sha1[0] = '_';
        }
    }

--- a/server/modules/authenticator/MySQLAuth/mysql_auth.c
+++ b/server/modules/authenticator/MySQLAuth/mysql_auth.c
@ -268,17 +268,19 @@ mysql_auth_authenticate(DCB *dcb)

        MYSQL_AUTH *instance = (MYSQL_AUTH*)dcb->listener->auth_instance;

-        bool is_ok = validate_mysql_user(instance->handle, dcb, client_data,
-                                         protocol->scramble, sizeof(protocol->scramble));
+        auth_ret = validate_mysql_user(instance->handle, dcb, client_data,
+                                       protocol->scramble, sizeof(protocol->scramble));

-        if (!is_ok && !instance->skip_auth && service_refresh_users(dcb->service) == 0)
+        if (auth_ret != MXS_AUTH_SUCCEEDED &&
+            !instance->skip_auth &&
+            service_refresh_users(dcb->service) == 0)
        {
-            is_ok = validate_mysql_user(instance->handle, dcb, client_data,
-                                        protocol->scramble, sizeof(protocol->scramble));
+            auth_ret = validate_mysql_user(instance->handle, dcb, client_data,
+                                           protocol->scramble, sizeof(protocol->scramble));
        }

        /* on successful authentication, set user into dcb field */
-        if (is_ok || instance->skip_auth)
+        if (auth_ret == MXS_AUTH_SUCCEEDED || instance->skip_auth)
        {
            auth_ret = MXS_AUTH_SUCCEEDED;
            dcb->user = MXS_STRDUP_A(client_data->user);
@ -616,8 +618,9 @@ int mysql_auth_reauthenticate(DCB *dcb, const char *user,
    temp.auth_token_len = token_len;

    MYSQL_AUTH *instance = (MYSQL_AUTH*)dcb->listener->auth_instance;
+    int rc = validate_mysql_user(instance->handle, dcb, &temp, scramble, scramble_len);

-    if (validate_mysql_user(instance->handle, dcb, &temp, scramble, scramble_len))
+    if (rc == MXS_AUTH_SUCCEEDED)
    {
        memcpy(output_token, temp.client_sha1, output_token_len);
        rval = 0;
--- a/server/modules/authenticator/MySQLAuth/mysql_auth.h
+++ b/server/modules/authenticator/MySQLAuth/mysql_auth.h
@ -29,6 +29,7 @@
 #include <stdint.h>
 #include <arpa/inet.h>

+#include <maxscale/authenticator.h>
 #include <maxscale/dcb.h>
 #include <maxscale/buffer.h>
 #include <maxscale/service.h>
@ -185,9 +186,9 @@ int replace_mysql_users(SERV_LISTENER *listener);
 * @param scramble     The scramble sent to the client in the initial handshake
 * @param scramble_len Length of @c scramble
 *
- * @return True if the user has access to the database
+ * @return MXS_AUTH_SUCCEEDED if the user has access to the database
 */
-bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
+int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
                         uint8_t *scramble, size_t scramble_len);

 MXS_END_DECLS