From b53decb72b3aac4c41a8d8ba6053303007f1c94f Mon Sep 17 00:00:00 2001
From: Markus Makela <markus.makela@mariadb.com>
Date: Sun, 3 May 2015 09:36:00 +0300
Subject: [PATCH] Fix to MXS-75: https://mariadb.atlassian.net/browse/MXS-75
 COUNT(*) is no longer denied by wildcard rules.

---
 server/modules/filter/dbfwfilter.c | 65 +++++++++++++++++-------------
 1 file changed, 36 insertions(+), 29 deletions(-)

diff --git a/server/modules/filter/dbfwfilter.c b/server/modules/filter/dbfwfilter.c
index 607a749c2..8fffcdf93 100644
--- a/server/modules/filter/dbfwfilter.c
+++ b/server/modules/filter/dbfwfilter.c
@@ -1724,29 +1724,36 @@ bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue
 			
         case RT_COLUMN:
 		   
-            if(is_sql && is_real){
-
-                strln = (STRLINK*)rulelist->rule->data;			
+            if(is_sql && is_real)
+	    {
                 where = skygw_get_affected_fields(queue);
-
                 if(where != NULL){
+		    char* saveptr;
+		    char* tok = strtok_r(where," ",&saveptr);
+		    while(tok)
+		    {
+			strln = (STRLINK*)rulelist->rule->data;
+			while(strln)
+			{
+			    if(strcasecmp(tok,strln->value) == 0)
+			    {
+				matches = true;
 
-                    while(strln){
-                        if(strstr(where,strln->value)){
-
-                            matches = true;
-
-                            if(!rulelist->rule->allow){
-                                sprintf(emsg,"Permission denied to column '%s'.",strln->value);
-                                skygw_log_write(LOGFILE_TRACE, "dbfwfilter: rule '%s': query targets forbidden column: %s",rulelist->rule->name,strln->value);
-                                msg = strdup(emsg);
-                                goto queryresolved;
-                            }else{
-                                break;
-                            }
-                        }
-                        strln = strln->next;
-                    }
+				if(!rulelist->rule->allow)
+				{
+				    sprintf(emsg,"Permission denied to column '%s'.",strln->value);
+				    skygw_log_write(LOGFILE_TRACE, "dbfwfilter: rule '%s': query targets forbidden column: %s",rulelist->rule->name,strln->value);
+				    msg = strdup(emsg);
+				    goto queryresolved;
+				}
+				else
+				    break;
+			    }
+			    strln = strln->next;
+			}
+			tok = strtok_r(NULL,",",&saveptr);
+		    }
+		    free(where);
                 }
             }
 			
@@ -1761,16 +1768,16 @@ bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue
 						
                 if(where != NULL){
                     strptr = where;
-                }else{
-                    strptr = query;
-                }
-                if(strchr(strptr,'*')){
 
-                    matches = true;
-                    msg = strdup("Usage of wildcard denied.");
-                    skygw_log_write(LOGFILE_TRACE, "dbfwfilter: rule '%s': query contains a wildcard.",rulelist->rule->name);
-                    goto queryresolved;
-                }
+		    if(strchr(strptr,'*')){
+
+			matches = true;
+			msg = strdup("Usage of wildcard denied.");
+			skygw_log_write(LOGFILE_TRACE, "dbfwfilter: rule '%s': query contains a wildcard.",rulelist->rule->name);
+			goto queryresolved;
+		    }
+		    free(where);
+		}
             }
 			
             break;