diff --git a/include/maxscale/service.h b/include/maxscale/service.h index 1611ff75d..8bc339c08 100644 --- a/include/maxscale/service.h +++ b/include/maxscale/service.h @@ -222,7 +222,7 @@ bool serviceStartListener(SERVICE *service, const char *name); bool serviceAddBackend(SERVICE *service, SERVER *server); // Used by authenticators -int serviceGetUser(SERVICE *service, char **user, char **auth); +void serviceGetUser(SERVICE *service, const char **user, const char **auth); // Used by routers const char* serviceGetWeightingParameter(SERVICE *service); diff --git a/server/core/service.cc b/server/core/service.cc index cc8703000..c89bcb897 100644 --- a/server/core/service.cc +++ b/server/core/service.cc @@ -1008,21 +1008,18 @@ bool serviceHasBackend(Service *service, SERVER *server) } /** - * Get the service user that is used to log in to the backebd servers + * Get the service user that is used to log in to the backend servers * associated with this service. * * @param service The service we are setting the data for * @param user The user name to use for connections * @param auth The authentication data we need, e.g. MySQL SHA1 password - * @return 0 on failure */ -int -serviceGetUser(SERVICE *svc, char **user, char **auth) +void serviceGetUser(SERVICE *svc, const char **user, const char **auth) { Service* service = static_cast(svc); *user = service->credentials.name; *auth = service->credentials.authdata; - return 1; } /** diff --git a/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc b/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc index fd2cb5ada..3f8c4bec9 100644 --- a/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc +++ b/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc @@ -432,18 +432,11 @@ cdc_set_service_user(SERV_LISTENER *listener) SERVICE *service = listener->service; char *dpwd = NULL; char *newpasswd = NULL; - char *service_user = NULL; - char *service_passwd = NULL; + const char *service_user = NULL; + const char *service_passwd = NULL; - if (serviceGetUser(service, &service_user, &service_passwd) == 0) - { - MXS_ERROR("failed to get service user details for service %s", - service->name); - - return 1; - } - - dpwd = decrypt_password(service->credentials.authdata); + serviceGetUser(service, &service_user, &service_passwd); + dpwd = decrypt_password(service_passwd); if (!dpwd) { @@ -466,7 +459,10 @@ cdc_set_service_user(SERV_LISTENER *listener) } /* add service user */ - (void)users_add(listener->users, service->credentials.name, newpasswd, USER_ACCOUNT_ADMIN); + const char* user; + const char* password; + serviceGetUser(service, &user, &password); + users_add(listener->users, user, newpasswd, USER_ACCOUNT_ADMIN); MXS_FREE(newpasswd); MXS_FREE(dpwd); diff --git a/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc b/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc index 7981113fb..63f4e222e 100644 --- a/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc +++ b/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc @@ -599,11 +599,14 @@ static void add_gssapi_user(sqlite3 *handle, const char *user, const char *host, */ int gssapi_auth_load_users(SERV_LISTENER *listener) { - char *user, *pw; + const char* user; + const char* password; int rval = MXS_AUTH_LOADUSERS_ERROR; GSSAPI_INSTANCE *inst = (GSSAPI_INSTANCE*)listener->auth_instance; + serviceGetUser(listener->service, &user, &password); + char* pw; - if (serviceGetUser(listener->service, &user, &pw) && (pw = decrypt_password(pw))) + if ((pw = decrypt_password(password))) { bool no_active_servers = true; diff --git a/server/modules/authenticator/HTTPAuth/http_auth.cc b/server/modules/authenticator/HTTPAuth/http_auth.cc index 939791b84..2780f2089 100644 --- a/server/modules/authenticator/HTTPAuth/http_auth.cc +++ b/server/modules/authenticator/HTTPAuth/http_auth.cc @@ -108,9 +108,11 @@ http_auth_authenticate(DCB *dcb) { int rval = 1; HTTP_AUTH *ses = (HTTP_AUTH*)dcb->data; - char *user, *pw; - serviceGetUser(dcb->service, &user, &pw); - pw = decrypt_password(pw); + const char* user; + const char* password; + + serviceGetUser(dcb->service, &user, &password); + char* pw = decrypt_password(password); if (ses && strcmp(ses->user, user) == 0 && strcmp(ses->pw, pw) == 0) { diff --git a/server/modules/authenticator/MySQLAuth/dbusers.cc b/server/modules/authenticator/MySQLAuth/dbusers.cc index f0966894d..72fe987a7 100644 --- a/server/modules/authenticator/MySQLAuth/dbusers.cc +++ b/server/modules/authenticator/MySQLAuth/dbusers.cc @@ -727,14 +727,10 @@ bool check_service_permissions(SERVICE* service) return true; } - char *user, *password; + const char* user; + const char* password; - if (serviceGetUser(service, &user, &password) == 0) - { - MXS_ERROR("[%s] Service is missing the user credentials for authentication.", - service->name); - return false; - } + serviceGetUser(service, &user, &password); char *dpasswd = decrypt_password(password); bool rval = false; @@ -919,14 +915,11 @@ int get_users_from_server(MYSQL *con, SERVER_REF *server_ref, SERVICE *service, */ static int get_users(SERV_LISTENER *listener, bool skip_local) { - char *service_user = NULL; - char *service_passwd = NULL; + const char *service_user = NULL; + const char *service_passwd = NULL; SERVICE *service = listener->service; - if (serviceGetUser(service, &service_user, &service_passwd) == 0) - { - return -1; - } + serviceGetUser(service, &service_user, &service_passwd); char *dpwd = decrypt_password(service_passwd); diff --git a/server/modules/authenticator/MySQLAuth/mysql_auth.cc b/server/modules/authenticator/MySQLAuth/mysql_auth.cc index 4dd536753..ae3304882 100644 --- a/server/modules/authenticator/MySQLAuth/mysql_auth.cc +++ b/server/modules/authenticator/MySQLAuth/mysql_auth.cc @@ -540,37 +540,32 @@ mysql_auth_free_client_data(DCB *dcb) */ static bool add_service_user(SERV_LISTENER *port) { - char *user = NULL; - char *pw = NULL; + const char *user = NULL; + const char *password = NULL; bool rval = false; - if (serviceGetUser(port->service, &user, &pw)) + serviceGetUser(port->service, &user, &password); + + char* pw; + + if ((pw = decrypt_password(password))) { - pw = decrypt_password(pw); + char *newpw = create_hex_sha1_sha1_passwd(pw); - if (pw) + if (newpw) { - char *newpw = create_hex_sha1_sha1_passwd(pw); - - if (newpw) - { - MYSQL_AUTH *inst = (MYSQL_AUTH*)port->auth_instance; - sqlite3* handle = get_handle(inst); - add_mysql_user(handle, user, "%", "", "Y", newpw); - add_mysql_user(handle, user, "localhost", "", "Y", newpw); - MXS_FREE(newpw); - rval = true; - } - MXS_FREE(pw); - } - else - { - MXS_ERROR("[%s] Failed to decrypt service user password.", port->service->name); + MYSQL_AUTH *inst = (MYSQL_AUTH*)port->auth_instance; + sqlite3* handle = get_handle(inst); + add_mysql_user(handle, user, "%", "", "Y", newpw); + add_mysql_user(handle, user, "localhost", "", "Y", newpw); + MXS_FREE(newpw); + rval = true; } + MXS_FREE(pw); } else { - MXS_ERROR("[%s] Failed to retrieve service credentials.", port->service->name); + MXS_ERROR("[%s] Failed to decrypt service user password.", port->service->name); } return rval; diff --git a/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc b/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc index 78d45dab7..fc543deea 100644 --- a/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc +++ b/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc @@ -185,10 +185,13 @@ int PamInstance::load_users(SERVICE* service) const unsigned int PAM_USERS_QUERY_NUM_FIELDS = 5; #endif - char *user, *pw; + const char* user; + const char* password; + serviceGetUser(service, &user, &password); int rval = MXS_AUTH_LOADUSERS_ERROR; + char* pw; - if (serviceGetUser(service, &user, &pw) && (pw = decrypt_password(pw))) + if ((pw = decrypt_password(password))) { for (SERVER_REF *servers = service->dbref; servers; servers = servers->next) { diff --git a/server/modules/routing/binlogrouter/blr.cc b/server/modules/routing/binlogrouter/blr.cc index df883ecc3..8a9b5fd12 100644 --- a/server/modules/routing/binlogrouter/blr.cc +++ b/server/modules/routing/binlogrouter/blr.cc @@ -240,9 +240,11 @@ static MXS_ROUTER* createInstance(SERVICE *service, MXS_CONFIG_PARAMETER* params uuid_t defuuid; int rc = 0; char task_name[BLRM_TASK_NAME_LEN + 1] = ""; + const char* user; + const char* password; + serviceGetUser(service, &user, &password); - if (!service->credentials.name[0] || - !service->credentials.authdata[0]) + if (!user[0] || !password[0]) { MXS_ERROR("%s: Error: Service is missing user credentials." " Add the missing username or passwd parameter to the service.", @@ -287,8 +289,8 @@ static MXS_ROUTER* createInstance(SERVICE *service, MXS_CONFIG_PARAMETER* params inst->master = NULL; inst->client = NULL; - inst->user = MXS_STRDUP_A(service->credentials.name); - inst->password = MXS_STRDUP_A(service->credentials.authdata); + inst->user = MXS_STRDUP_A(user); + inst->password = MXS_STRDUP_A(password); inst->retry_count = 0; inst->m_errno = 0; inst->m_errmsg = NULL; diff --git a/server/modules/routing/binlogrouter/test/testbinlog.cc b/server/modules/routing/binlogrouter/test/testbinlog.cc index fa0e43464..e89610f29 100644 --- a/server/modules/routing/binlogrouter/test/testbinlog.cc +++ b/server/modules/routing/binlogrouter/test/testbinlog.cc @@ -167,10 +167,12 @@ int main(int argc, char **argv) return 1; } - + const char* user; + const char* password; + serviceGetUser(service, &user, &password); inst->service = service; - inst->user = MXS_STRDUP_A(service->credentials.name); - inst->password = MXS_STRDUP_A(service->credentials.authdata); + inst->user = MXS_STRDUP_A(user); + inst->password = MXS_STRDUP_A(password); MXS_NOTICE("testbinlog v1.0");