Fix to MXS-75: https://mariadb.atlassian.net/browse/MXS-75

COUNT(*) is no longer denied by wildcard rules.
2015-05-03 09:36:00 +03:00
parent d545150ceb
commit b53decb72b
1 changed files with 36 additions and 29 deletions
--- a/server/modules/filter/dbfwfilter.c
+++ b/server/modules/filter/dbfwfilter.c
@ -1724,29 +1724,36 @@ bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue
        case RT_COLUMN:
-            if(is_sql && is_real){
+            if(is_sql && is_real)
-
+	    {
                strln = (STRLINK*)rulelist->rule->data;			
                where = skygw_get_affected_fields(queue);
                if(where != NULL){
 		    char* saveptr;
 		    char* tok = strtok_r(where," ",&saveptr);
 		    while(tok)
 		    {
 			strln = (STRLINK*)rulelist->rule->data;
 			while(strln)
 			{
 			    if(strcasecmp(tok,strln->value) == 0)
 			    {
 				matches = true;
-                    while(strln){
+				if(!rulelist->rule->allow)
-                        if(strstr(where,strln->value)){
+				{
-
+				    sprintf(emsg,"Permission denied to column '%s'.",strln->value);
-                            matches = true;
+				    skygw_log_write(LOGFILE_TRACE, "dbfwfilter: rule '%s': query targets forbidden column: %s",rulelist->rule->name,strln->value);
-
+				    msg = strdup(emsg);
-                            if(!rulelist->rule->allow){
+				    goto queryresolved;
-                                sprintf(emsg,"Permission denied to column '%s'.",strln->value);
+				}
-                                skygw_log_write(LOGFILE_TRACE, "dbfwfilter: rule '%s': query targets forbidden column: %s",rulelist->rule->name,strln->value);
+				else
-                                msg = strdup(emsg);
+				    break;
-                                goto queryresolved;
+			    }
-                            }else{
+			    strln = strln->next;
-                                break;
+			}
-                            }
+			tok = strtok_r(NULL,",",&saveptr);
-                        }
+		    }
-                        strln = strln->next;
+		    free(where);
                    }
                }
            }
@ -1761,16 +1768,16 @@ bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue
                if(where != NULL){
                    strptr = where;
                }else{
                    strptr = query;
                }
                if(strchr(strptr,'*')){
-                    matches = true;
+		    if(strchr(strptr,'*')){
-                    msg = strdup("Usage of wildcard denied.");
+
-                    skygw_log_write(LOGFILE_TRACE, "dbfwfilter: rule '%s': query contains a wildcard.",rulelist->rule->name);
+			matches = true;
-                    goto queryresolved;
+			msg = strdup("Usage of wildcard denied.");
-                }
+			skygw_log_write(LOGFILE_TRACE, "dbfwfilter: rule '%s': query contains a wildcard.",rulelist->rule->name);
 			goto queryresolved;
 		    }
 		    free(where);
 		}
            }
            break;