Code cleanup
Code cleanup
This commit is contained in:
@ -1348,119 +1348,119 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
|
|||||||
key.user,
|
key.user,
|
||||||
dcb->remote)));
|
dcb->remote)));
|
||||||
|
|
||||||
/* look for user@current_host now */
|
/* look for user@current_ipv4 now */
|
||||||
user_password = mysql_users_fetch(service->users, &key);
|
user_password = mysql_users_fetch(service->users, &key);
|
||||||
|
|
||||||
if (!user_password) {
|
if (!user_password) {
|
||||||
/* The user is not authenticated @ current host */
|
/* The user is not authenticated @ current IPv4 */
|
||||||
|
|
||||||
/* 1) Check for localhost first.
|
while (1) {
|
||||||
* The check for localhost is 127.0.0.1 (IPv4 only)
|
/*
|
||||||
*/
|
* (1) Check for localhost first: 127.0.0.1 (IPv4 only)
|
||||||
|
|
||||||
if ((key.ipv4.sin_addr.s_addr == 0x0100007F) && !dcb->service->localhost_match_wildcard_host) {
|
|
||||||
/* Skip the wildcard check and return 1 */
|
|
||||||
LOGIF(LE,
|
|
||||||
(skygw_log_write_flush(
|
|
||||||
LOGFILE_ERROR,
|
|
||||||
"%lu [MySQL Client Auth], user [%s@%s] not found, please try with 'localhost_match_wildcard_host=1' in service definition",
|
|
||||||
pthread_self(),
|
|
||||||
key.user,
|
|
||||||
dcb->remote)));
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* 2) try class C,B,A
|
|
||||||
*/
|
|
||||||
|
|
||||||
// Class C
|
|
||||||
key.ipv4.sin_addr.s_addr &= 0x00FFFFFF;
|
|
||||||
|
|
||||||
user_password = mysql_users_fetch(service->users, &key);
|
|
||||||
|
|
||||||
if (user_password) {
|
|
||||||
if (strlen(user_password))
|
|
||||||
gw_hex2bin(gateway_password, user_password, SHA_DIGEST_LENGTH * 2);
|
|
||||||
|
|
||||||
fprintf(stderr, "+++ Matched Class C for %s\n", dcb->remote);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Class B
|
|
||||||
key.ipv4.sin_addr.s_addr &= 0x0000FFFF;
|
|
||||||
|
|
||||||
user_password = mysql_users_fetch(service->users, &key);
|
|
||||||
|
|
||||||
if (user_password) {
|
|
||||||
if (strlen(user_password))
|
|
||||||
gw_hex2bin(gateway_password, user_password, SHA_DIGEST_LENGTH * 2);
|
|
||||||
|
|
||||||
fprintf(stderr, "++ Matched Class B for %s\n", dcb->remote);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Class A
|
|
||||||
key.ipv4.sin_addr.s_addr &= 0x000000FF;
|
|
||||||
|
|
||||||
user_password = mysql_users_fetch(service->users, &key);
|
|
||||||
|
|
||||||
if (user_password) {
|
|
||||||
if (strlen(user_password))
|
|
||||||
gw_hex2bin(gateway_password, user_password, SHA_DIGEST_LENGTH * 2);
|
|
||||||
|
|
||||||
fprintf(stderr, "+ Matched Class A for %s\n", dcb->remote);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* 3) Continue and check for wildcard host, user@%
|
|
||||||
* Return 1 if no match
|
|
||||||
*/
|
|
||||||
|
|
||||||
memset(&key.ipv4, 0, sizeof(struct sockaddr_in));
|
|
||||||
|
|
||||||
LOGIF(LD,
|
|
||||||
(skygw_log_write_flush(
|
|
||||||
LOGFILE_DEBUG,
|
|
||||||
"%lu [MySQL Client Auth], checking user [%s@%s] with wildcard host [%%]",
|
|
||||||
pthread_self(),
|
|
||||||
key.user,
|
|
||||||
dcb->remote)));
|
|
||||||
|
|
||||||
user_password = mysql_users_fetch(service->users, &key);
|
|
||||||
|
|
||||||
if (!user_password) {
|
|
||||||
/* the user@% was not found.
|
|
||||||
* Return 1
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if ((key.ipv4.sin_addr.s_addr == 0x0100007F) && !dcb->service->localhost_match_wildcard_host) {
|
||||||
|
/* Skip the wildcard check and return 1 */
|
||||||
|
LOGIF(LE,
|
||||||
|
(skygw_log_write_flush(
|
||||||
|
LOGFILE_ERROR,
|
||||||
|
"%lu [MySQL Client Auth], user [%s@%s] not found, please try with 'localhost_match_wildcard_host=1' in service definition",
|
||||||
|
pthread_self(),
|
||||||
|
key.user,
|
||||||
|
dcb->remote)));
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* (2) check for possible IPv4 class C,B,A networks
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Class C check */
|
||||||
|
key.ipv4.sin_addr.s_addr &= 0x00FFFFFF;
|
||||||
|
|
||||||
|
user_password = mysql_users_fetch(service->users, &key);
|
||||||
|
|
||||||
|
if (user_password) {
|
||||||
|
fprintf(stderr, "+++ Matched Class C for %s\n", dcb->remote);
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Class B check */
|
||||||
|
key.ipv4.sin_addr.s_addr &= 0x0000FFFF;
|
||||||
|
|
||||||
|
user_password = mysql_users_fetch(service->users, &key);
|
||||||
|
|
||||||
|
if (user_password) {
|
||||||
|
fprintf(stderr, "++ Matched Class B for %s\n", dcb->remote);
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Class A check */
|
||||||
|
key.ipv4.sin_addr.s_addr &= 0x000000FF;
|
||||||
|
|
||||||
|
user_password = mysql_users_fetch(service->users, &key);
|
||||||
|
|
||||||
|
if (user_password) {
|
||||||
|
fprintf(stderr, "+ Matched Class A for %s\n", dcb->remote);
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* (3) Continue check for wildcard host, user@%
|
||||||
|
*/
|
||||||
|
|
||||||
|
memset(&key.ipv4, 0, sizeof(struct sockaddr_in));
|
||||||
|
|
||||||
LOGIF(LD,
|
LOGIF(LD,
|
||||||
(skygw_log_write_flush(
|
(skygw_log_write_flush(
|
||||||
LOGFILE_DEBUG,
|
LOGFILE_DEBUG,
|
||||||
"%lu [MySQL Client Auth], user [%s@%s] not existent",
|
"%lu [MySQL Client Auth], checking user [%s@%s] with wildcard host [%%]",
|
||||||
pthread_self(),
|
pthread_self(),
|
||||||
key.user,
|
key.user,
|
||||||
dcb->remote)));
|
dcb->remote)));
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
fprintf(stderr, "%% Matched ANY for %s\n", dcb->remote);
|
user_password = mysql_users_fetch(service->users, &key);
|
||||||
|
|
||||||
|
if (!user_password) {
|
||||||
|
/*
|
||||||
|
* the user@% has not been found.
|
||||||
|
*/
|
||||||
|
|
||||||
|
LOGIF(LD,
|
||||||
|
(skygw_log_write_flush(
|
||||||
|
LOGFILE_DEBUG,
|
||||||
|
"%lu [MySQL Client Auth], user [%s@%s] not existent",
|
||||||
|
pthread_self(),
|
||||||
|
key.user,
|
||||||
|
dcb->remote)));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
fprintf(stderr, "%% Matched ANY for %s\n", dcb->remote);
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* user@host found: now check the password
|
/* If user@host has been found we get the the password in binary format*/
|
||||||
*
|
if (user_password) {
|
||||||
* Convert the hex data (40 bytes) to binary (20 bytes).
|
/*
|
||||||
* The gateway_password represents the SHA1(SHA1(real_password)).
|
* Convert the hex data (40 bytes) to binary (20 bytes).
|
||||||
* Please note: the real_password is unknown and SHA1(real_password) is unknown as well
|
* The gateway_password represents the SHA1(SHA1(real_password)).
|
||||||
*/
|
* Please note: the real_password is unknown and SHA1(real_password) is unknown as well
|
||||||
|
*/
|
||||||
|
|
||||||
if (strlen(user_password))
|
if (strlen(user_password))
|
||||||
gw_hex2bin(gateway_password, user_password, SHA_DIGEST_LENGTH * 2);
|
gw_hex2bin(gateway_password, user_password, SHA_DIGEST_LENGTH * 2);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
} else {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Reference in New Issue
Block a user