hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Uncrustify maxscale

Browse Source 
See script directory for method. The script to run in the top level
MaxScale directory is called maxscale-uncrustify.sh, which uses
another script, list-src, from the same directory (so you need to set
your PATH). The uncrustify version was 0.66.
This commit is contained in:
Niclas Antti
2018-09-09 22:26:19 +03:00
parent fa7ec95069
commit c447e5cf15
849 changed files with 35002 additions and 27238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
server/modules/authenticator/PAM/PAMAuth/pam_auth.cc
View File

@ -10,7 +10,7 @@
* of this software will be governed by version 2 or later of the General
* Public License.
*/
#include"pam_auth.hh"
#include "pam_auth.hh"
#include <string>
#include <maxscale/authenticator.h>
@ -35,7 +35,7 @@ const int NUM_FIELDS = 5;
*
* @return Authenticator instance, or NULL on error
*/
static void* pam_auth_init(char **options)
static void* pam_auth_init(char** options)
{
return PamInstance::create(options);
}
@ -47,7 +47,7 @@ static void* pam_auth_init(char **options)
*
* @return Authenticator session
*/
static void* pam_auth_alloc(void *instance)
static void* pam_auth_alloc(void* instance)
{
PamInstance* inst = static_cast<PamInstance*>(instance);
return PamClientSession::create(*inst);
@ -58,7 +58,7 @@ static void* pam_auth_alloc(void *instance)
*
* @param data PAM session
*/
static void pam_auth_free(void *data)
static void pam_auth_free(void* data)
{
delete static_cast<PamClientSession*>(data);
}
@ -72,9 +72,9 @@ static void pam_auth_free(void *data)
* @return True if authentication can continue, false if
* authentication failed
*/
static bool pam_auth_extract(DCB *dcb, GWBUF *read_buffer)
static bool pam_auth_extract(DCB* dcb, GWBUF* read_buffer)
{
PamClientSession *pses = static_cast<PamClientSession*>(dcb->authenticator_data);
PamClientSession* pses = static_cast<PamClientSession*>(dcb->authenticator_data);
return pses->extract(dcb, read_buffer);
}
@ -85,9 +85,9 @@ static bool pam_auth_extract(DCB *dcb, GWBUF *read_buffer)
*
* @return True if client supports SSL
*/
static bool pam_auth_connectssl(DCB *dcb)
static bool pam_auth_connectssl(DCB* dcb)
{
MySQLProtocol *protocol = (MySQLProtocol*)dcb->protocol;
MySQLProtocol* protocol = (MySQLProtocol*)dcb->protocol;
return protocol->client_capabilities & GW_MYSQL_CAPABILITIES_SSL;
}
@ -100,7 +100,7 @@ static bool pam_auth_connectssl(DCB *dcb)
* if authentication was successfully completed. MXS_AUTH_FAILED if authentication
* has failed.
*/
static int pam_auth_authenticate(DCB *dcb)
static int pam_auth_authenticate(DCB* dcb)
{
PamClientSession* pses = static_cast<PamClientSession*>(dcb->authenticator_data);
return pses->authenticate(dcb);
@ -113,11 +113,11 @@ static int pam_auth_authenticate(DCB *dcb)
*
* @param dcb DCB to free data from
*/
static void pam_auth_free_data(DCB *dcb)
static void pam_auth_free_data(DCB* dcb)
{
if (dcb->data)
{
MYSQL_session *ses = (MYSQL_session *)dcb->data;
MYSQL_session* ses = (MYSQL_session*)dcb->data;
MXS_FREE(ses->auth_token);
MXS_FREE(ses);
dcb->data = NULL;
@ -134,21 +134,21 @@ static void pam_auth_free_data(DCB *dcb)
*
* @return MXS_AUTH_LOADUSERS_OK on success, MXS_AUTH_LOADUSERS_ERROR on error
*/
static int pam_auth_load_users(SERV_LISTENER *listener)
static int pam_auth_load_users(SERV_LISTENER* listener)
{
PamInstance *inst = static_cast<PamInstance*>(listener->auth_instance);
PamInstance* inst = static_cast<PamInstance*>(listener->auth_instance);
return inst->load_users(listener->service);
}
static void pam_auth_diagnostic(DCB *dcb, SERV_LISTENER *listener)
static void pam_auth_diagnostic(DCB* dcb, SERV_LISTENER* listener)
{
PamInstance *inst = static_cast<PamInstance*>(listener->auth_instance);
PamInstance* inst = static_cast<PamInstance*>(listener->auth_instance);
inst->diagnostic(dcb);
}
static json_t* pam_auth_diagnostic_json(const SERV_LISTENER *listener)
static json_t* pam_auth_diagnostic_json(const SERV_LISTENER* listener)
{
PamInstance *inst = static_cast<PamInstance*>(listener->auth_instance);
PamInstance* inst = static_cast<PamInstance*>(listener->auth_instance);
return inst->diagnostic_json();
}
@ -157,40 +157,39 @@ extern "C"
/**
* Module handle entry point
*/
MXS_MODULE* MXS_CREATE_MODULE()
{
static MXS_AUTHENTICATOR MyObject =
MXS_MODULE* MXS_CREATE_MODULE()
{
pam_auth_init, /* Initialize authenticator */
pam_auth_alloc, /* Allocate authenticator data */
pam_auth_extract, /* Extract data into structure */
pam_auth_connectssl, /* Check if client supports SSL */
pam_auth_authenticate, /* Authenticate user credentials */
pam_auth_free_data, /* Free the client data held in DCB */
pam_auth_free, /* Free authenticator data */
pam_auth_load_users, /* Load database users */
pam_auth_diagnostic, /* Default user diagnostic */
pam_auth_diagnostic_json, /* Default user diagnostic */
NULL /* No user reauthentication */
};
static MXS_AUTHENTICATOR MyObject =
{
pam_auth_init, /* Initialize authenticator */
pam_auth_alloc, /* Allocate authenticator data */
pam_auth_extract, /* Extract data into structure */
pam_auth_connectssl, /* Check if client supports SSL */
pam_auth_authenticate, /* Authenticate user credentials */
pam_auth_free_data, /* Free the client data held in DCB */
pam_auth_free, /* Free authenticator data */
pam_auth_load_users, /* Load database users */
pam_auth_diagnostic, /* Default user diagnostic */
pam_auth_diagnostic_json, /* Default user diagnostic */
NULL /* No user reauthentication */
};
static MXS_MODULE info =
{
MXS_MODULE_API_AUTHENTICATOR,
MXS_MODULE_GA,
MXS_AUTHENTICATOR_VERSION,
"PAM authenticator",
"V1.0.0",
MXS_NO_MODULE_CAPABILITIES,
&MyObject,
NULL, /* Process init. */
NULL, /* Process finish. */
NULL, /* Thread init. */
NULL, /* Thread finish. */
{ { MXS_END_MODULE_PARAMS} }
};
return &info;
}
static MXS_MODULE info =
{
MXS_MODULE_API_AUTHENTICATOR,
MXS_MODULE_GA,
MXS_AUTHENTICATOR_VERSION,
"PAM authenticator",
"V1.0.0",
MXS_NO_MODULE_CAPABILITIES,
&MyObject,
NULL, /* Process init. */
NULL, /* Process finish. */
NULL, /* Thread init. */
NULL, /* Thread finish. */
{{MXS_END_MODULE_PARAMS}}
};
return &info;
}
}

4
server/modules/authenticator/PAM/PAMAuth/pam_auth.hh
View File

@ -10,7 +10,7 @@
* of this software will be governed by version 2 or later of the General
* Public License.
*/
#pragma once
#pragma once
/*
* Common definitions and includes for PAM client authenticator
@ -32,4 +32,4 @@ extern const string FIELD_HOST;
extern const string FIELD_DB;
extern const string FIELD_ANYDB;
extern const string FIELD_AUTHSTR;
extern const int NUM_FIELDS;
extern const int NUM_FIELDS;

99
server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
View File

@ -30,7 +30,7 @@ namespace
*
* @return True on success, false if memory allocation failed
*/
bool store_client_password(DCB *dcb, GWBUF *buffer)
bool store_client_password(DCB* dcb, GWBUF* buffer)
{
bool rval = false;
uint8_t header[MYSQL_HEADER_LEN];
@ -38,8 +38,8 @@ bool store_client_password(DCB *dcb, GWBUF *buffer)
if (gwbuf_copy_data(buffer, 0, MYSQL_HEADER_LEN, header) == MYSQL_HEADER_LEN)
{
size_t plen = gw_mysql_get_byte3(header);
MYSQL_session *ses = (MYSQL_session*)dcb->data;
ses->auth_token = (uint8_t *)MXS_CALLOC(plen, sizeof(uint8_t));
MYSQL_session* ses = (MYSQL_session*)dcb->data;
ses->auth_token = (uint8_t*)MXS_CALLOC(plen, sizeof(uint8_t));
if (ses->auth_token)
{
ses->auth_token_len = gwbuf_copy_data(buffer, MYSQL_HEADER_LEN, plen, ses->auth_token);
@ -59,7 +59,7 @@ bool store_client_password(DCB *dcb, GWBUF *buffer)
* @param column_names Column names
* @return Always 0
*/
int user_services_cb(void *data, int columns, char** column_vals, char** column_names)
int user_services_cb(void* data, int columns, char** column_vals, char** column_names)
{
mxb_assert(columns == 1);
PamClientSession::StringVector* results = static_cast<PamClientSession::StringVector*>(data);
@ -78,14 +78,14 @@ int user_services_cb(void *data, int columns, char** column_vals, char** column_
/** Used by the PAM conversation function */
struct ConversationData
{
DCB* m_client;
int m_counter;
DCB* m_client;
int m_counter;
string m_password;
ConversationData(DCB* client, int counter, const string& password)
: m_client(client),
m_counter(counter),
m_password(password)
: m_client(client)
, m_counter(counter)
, m_password(password)
{
}
};
@ -97,8 +97,10 @@ struct ConversationData
* http://www.linux-pam.org/Linux-PAM-html/adg-interface-of-app-expected.html#adg-pam_conv
* for more information.
*/
int conversation_func(int num_msg, const struct pam_message **msg,
struct pam_response **resp_out, void *appdata_ptr)
int conversation_func(int num_msg,
const struct pam_message** msg,
struct pam_response** resp_out,
void* appdata_ptr)
{
MXS_DEBUG("Entering PAM conversation function.");
int rval = PAM_CONV_ERR;
@ -106,16 +108,18 @@ int conversation_func(int num_msg, const struct pam_message **msg,
if (data->m_counter > 1)
{
MXS_ERROR("Multiple calls to conversation function for client '%s'. %s",
data->m_client->user, GENERAL_ERRMSG);
data->m_client->user,
GENERAL_ERRMSG);
}
else if (num_msg == 1)
{
pam_message first = *msg[0];
if ((first.msg_style != PAM_PROMPT_ECHO_OFF && first.msg_style != PAM_PROMPT_ECHO_ON) ||
PASSWORD != first.msg)
if ((first.msg_style != PAM_PROMPT_ECHO_OFF && first.msg_style != PAM_PROMPT_ECHO_ON)
|| PASSWORD != first.msg)
{
MXS_ERROR("Unexpected PAM message: type='%d', contents='%s'",
first.msg_style, first.msg);
first.msg_style,
first.msg);
}
else
{
@ -132,7 +136,8 @@ int conversation_func(int num_msg, const struct pam_message **msg,
else
{
MXS_ERROR("Conversation function received '%d' messages from API. Only "
"singular messages are supported.", num_msg);
"singular messages are supported.",
num_msg);
}
data->m_counter++;
return rval;
@ -167,16 +172,22 @@ bool validate_pam_password(const string& user, const string& password, const str
authenticated = true;
MXS_DEBUG("pam_authenticate returned success.");
break;
case PAM_USER_UNKNOWN:
case PAM_AUTH_ERR:
// Normal failure, username or password was wrong.
MXS_LOG_EVENT(maxscale::event::AUTHENTICATION_FAILURE,
PAM_AUTH_ERR_MSG, user.c_str(), pam_strerror(pam_handle, pam_status));
PAM_AUTH_ERR_MSG,
user.c_str(),
pam_strerror(pam_handle, pam_status));
break;
default:
// More exotic error
MXS_LOG_EVENT(maxscale::event::AUTHENTICATION_FAILURE,
PAM_AUTH_ERR_MSG, user.c_str(), pam_strerror(pam_handle, pam_status));
PAM_AUTH_ERR_MSG,
user.c_str(),
pam_strerror(pam_handle, pam_status));
break;
}
}
@ -193,6 +204,7 @@ bool validate_pam_password(const string& user, const string& password, const str
case PAM_SUCCESS:
account_ok = true;
break;
default:
// Credentials have already been checked to be ok, so this is again a bit of an exotic error.
MXS_ERROR(PAM_ACC_ERR_MSG, user.c_str(), pam_strerror(pam_handle, pam_status));
@ -202,18 +214,17 @@ bool validate_pam_password(const string& user, const string& password, const str
pam_end(pam_handle, pam_status);
return account_ok;
}
}
PamClientSession::PamClientSession(sqlite3* dbhandle, const PamInstance& instance)
: m_state(PAM_AUTH_INIT),
m_sequence(0),
m_dbhandle(dbhandle),
m_instance(instance)
: m_state(PAM_AUTH_INIT)
, m_sequence(0)
, m_dbhandle(dbhandle)
, m_instance(instance)
{
}
PamClientSession:: ~PamClientSession()
PamClientSession::~PamClientSession()
{
sqlite3_close_v2(m_dbhandle);
}
@ -222,7 +233,7 @@ PamClientSession* PamClientSession::create(const PamInstance& inst)
{
// This handle is only used from one thread, can define no_mutex.
sqlite3* dbhandle = NULL;
int db_flags = SQLITE_OPEN_READONLY | SQLITE_OPEN_SHAREDCACHE | SQLITE_OPEN_NOMUTEX;
int db_flags = SQLITE_OPEN_READONLY | SQLITE_OPEN_SHAREDCACHE | SQLITE_OPEN_NOMUTEX;
if (sqlite3_open_v2(inst.m_dbname.c_str(), &dbhandle, db_flags, NULL) == SQLITE_OK)
{
sqlite3_busy_timeout(dbhandle, 1000);
@ -232,7 +243,7 @@ PamClientSession* PamClientSession::create(const PamInstance& inst)
MXS_ERROR("Failed to open SQLite3 handle.");
}
PamClientSession* rval = NULL;
if (!dbhandle || (rval = new (std::nothrow) PamClientSession(dbhandle, inst)) == NULL)
if (!dbhandle || (rval = new( std::nothrow) PamClientSession(dbhandle, inst)) == NULL)
{
sqlite3_close_v2(dbhandle);
}
@ -246,29 +257,32 @@ PamClientSession* PamClientSession::create(const PamInstance& inst)
* @param session MySQL session
* @param services_out Output for services
*/
void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session* session,
void PamClientSession::get_pam_user_services(const DCB* dcb,
const MYSQL_session* session,
StringVector* services_out)
{
string services_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename +
" WHERE " + FIELD_USER + " = '" + session->user + "' AND '" + dcb->remote +
"' LIKE " + FIELD_HOST + " AND (" + FIELD_ANYDB + " = '1' OR '" + session->db +
"' = '' OR '" + session->db + "' LIKE " + FIELD_DB +
") ORDER BY authentication_string;";
string services_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename
+ " WHERE " + FIELD_USER + " = '" + session->user + "' AND '" + dcb->remote
+ "' LIKE " + FIELD_HOST + " AND (" + FIELD_ANYDB + " = '1' OR '" + session->db
+ "' = '' OR '" + session->db + "' LIKE " + FIELD_DB
+ ") ORDER BY authentication_string;";
MXS_DEBUG("PAM services search sql: '%s'.", services_query.c_str());
char *err;
char* err;
if (sqlite3_exec(m_dbhandle, services_query.c_str(), user_services_cb, services_out, &err) != SQLITE_OK)
{
MXS_ERROR("Failed to execute query: '%s'", err);
sqlite3_free(err);
}
MXS_DEBUG("User '%s' matched %lu rows in %s db.", session->user,
services_out->size(), m_instance.m_tablename.c_str());
MXS_DEBUG("User '%s' matched %lu rows in %s db.",
session->user,
services_out->size(),
m_instance.m_tablename.c_str());
if (services_out->empty())
{
// No service found for user with correct username & password. Check if anonymous user exists.
const string anon_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename +
" WHERE " + FIELD_USER + " = '' AND " + FIELD_HOST + " = '%';";
const string anon_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename
+ " WHERE " + FIELD_USER + " = '' AND " + FIELD_HOST + " = '%';";
if (sqlite3_exec(m_dbhandle, anon_query.c_str(), user_services_cb, services_out, &err) != SQLITE_OK)
{
MXS_ERROR("Failed to execute query: '%s'", err);
@ -286,7 +300,8 @@ void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session
* This obviously only works with the basic password authentication scheme.
*
* @return Allocated packet
* @see https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchRequest
* @see
*https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchRequest
*/
Buffer PamClientSession::create_auth_change_packet() const
{
@ -305,11 +320,11 @@ Buffer PamClientSession::create_auth_change_packet() const
gw_mysql_set_byte3(pData, plen);
pData += 3;
*pData++ = m_sequence;
*pData++ = 0xfe; // AuthSwitchRequest command
*pData++ = 0xfe; // AuthSwitchRequest command
memcpy(pData, DIALOG.c_str(), DIALOG_SIZE); // Plugin name
pData += DIALOG_SIZE;
*pData++ = DIALOG_ECHO_DISABLED;
memcpy(pData, PASSWORD.c_str(), PASSWORD.length()); // First message
memcpy(pData, PASSWORD.c_str(), PASSWORD.length()); // First message
Buffer buffer(bufdata, buflen);
return buffer;
@ -318,7 +333,7 @@ Buffer PamClientSession::create_auth_change_packet() const
int PamClientSession::authenticate(DCB* dcb)
{
int rval = ssl_authenticate_check_status(dcb);
MYSQL_session *ses = static_cast<MYSQL_session*>(dcb->data);
MYSQL_session* ses = static_cast<MYSQL_session*>(dcb->data);
if (rval == MXS_AUTH_SSL_COMPLETE && *ses->user)
{
rval = MXS_AUTH_FAILED;
@ -391,7 +406,7 @@ int PamClientSession::authenticate(DCB* dcb)
return rval;
}
bool PamClientSession::extract(DCB *dcb, GWBUF *buffer)
bool PamClientSession::extract(DCB* dcb, GWBUF* buffer)
{
gwbuf_copy_data(buffer, MYSQL_SEQ_OFFSET, 1, &m_sequence);
m_sequence++;

19
server/modules/authenticator/PAM/PAMAuth/pam_client_session.hh
View File

@ -10,7 +10,7 @@
* of this software will be governed by version 2 or later of the General
* Public License.
*/
#pragma once
#pragma once
#include "pam_auth.hh"
#include <stdint.h>
@ -29,18 +29,17 @@ public:
typedef std::vector<std::string> StringVector;
static PamClientSession* create(const PamInstance& inst);
~PamClientSession();
int authenticate(DCB* client);
bool extract(DCB *dcb, GWBUF *read_buffer);
int authenticate(DCB* client);
bool extract(DCB* dcb, GWBUF* read_buffer);
private:
PamClientSession(sqlite3* dbhandle, const PamInstance& instance);
void get_pam_user_services(const DCB* dcb, const MYSQL_session* session,
void get_pam_user_services(const DCB* dcb,
const MYSQL_session* session,
StringVector* services_out);
maxscale::Buffer create_auth_change_packet() const;
pam_auth_state m_state; /**< Authentication state*/
uint8_t m_sequence; /**< The next packet seqence number */
sqlite3* const m_dbhandle; /**< SQLite3 database handle */
const PamInstance& m_instance; /**< Authenticator instance */
pam_auth_state m_state; /**< Authentication state*/
uint8_t m_sequence; /**< The next packet seqence number */
sqlite3* const m_dbhandle; /**< SQLite3 database handle */
const PamInstance& m_instance; /**< Authenticator instance */
};

102
server/modules/authenticator/PAM/PAMAuth/pam_instance.cc
View File

@ -21,7 +21,7 @@
#include <maxscale/mysql_utils.h>
#define DEFAULT_PAM_DATABASE_NAME "file:pam.db?mode=memory&cache=shared"
#define DEFAULT_PAM_TABLE_NAME "pam_users"
#define DEFAULT_PAM_TABLE_NAME "pam_users"
using std::string;
/**
@ -30,17 +30,17 @@ using std::string;
* @param options Listener options
* @return New client authenticator instance or NULL on error
*/
PamInstance* PamInstance::create(char **options)
PamInstance* PamInstance::create(char** options)
{
/** Name of the in-memory database */
const string pam_db_name = DEFAULT_PAM_DATABASE_NAME;
/** The table name where we store the users */
const string pam_table_name = DEFAULT_PAM_TABLE_NAME;
/** CREATE TABLE statement for the in-memory table */
const string create_sql = string("CREATE TABLE IF NOT EXISTS ") + pam_table_name +
" (" + FIELD_USER + " varchar(255), " + FIELD_HOST + " varchar(255), " +
FIELD_DB + " varchar(255), " + FIELD_ANYDB + " boolean, " +
FIELD_AUTHSTR + " text);";
const string create_sql = string("CREATE TABLE IF NOT EXISTS ") + pam_table_name
+ " (" + FIELD_USER + " varchar(255), " + FIELD_HOST + " varchar(255), "
+ FIELD_DB + " varchar(255), " + FIELD_ANYDB + " boolean, "
+ FIELD_AUTHSTR + " text);";
if (sqlite3_threadsafe() == 0)
{
MXS_WARNING("SQLite3 was compiled with thread safety off. May cause "
@ -49,15 +49,15 @@ PamInstance* PamInstance::create(char **options)
bool error = false;
/* This handle may be used from multiple threads, set full mutex. */
sqlite3* dbhandle = NULL;
int db_flags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE |
SQLITE_OPEN_SHAREDCACHE | SQLITE_OPEN_FULLMUTEX;
int db_flags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE
| SQLITE_OPEN_SHAREDCACHE | SQLITE_OPEN_FULLMUTEX;
if (sqlite3_open_v2(pam_db_name.c_str(), &dbhandle, db_flags, NULL) != SQLITE_OK)
{
MXS_ERROR("Failed to open SQLite3 handle.");
error = true;
}
char *err;
char* err;
if (!error && sqlite3_exec(dbhandle, create_sql.c_str(), NULL, NULL, &err) != SQLITE_OK)
{
MXS_ERROR("Failed to create database: '%s'", err);
@ -65,9 +65,9 @@ PamInstance* PamInstance::create(char **options)
error = true;
}
PamInstance *instance = NULL;
if (!error &&
((instance = new (std::nothrow) PamInstance(dbhandle, pam_db_name, pam_table_name)) == NULL))
PamInstance* instance = NULL;
if (!error
&& ((instance = new( std::nothrow) PamInstance(dbhandle, pam_db_name, pam_table_name)) == NULL))
{
sqlite3_close_v2(dbhandle);
}
@ -97,8 +97,11 @@ PamInstance::PamInstance(sqlite3* dbhandle, const string& dbname, const string&
* @param anydb Global access to databases
* @param pam_service The PAM service used
*/
void PamInstance::add_pam_user(const char *user, const char *host,
const char *db, bool anydb, const char *pam_service)
void PamInstance::add_pam_user(const char* user,
const char* host,
const char* db,
bool anydb,
const char* pam_service)
{
/**
* The insert query template which adds users to the pam_users table.
@ -106,8 +109,8 @@ void PamInstance::add_pam_user(const char *user, const char *host,
* Note that 'db' and 'pam_service' are strings that can be NULL and thus they have
* no quotes around them. The quotes for strings are added in this function.
*/
const string insert_sql_template =
"INSERT INTO " + m_tablename + " VALUES ('%s', '%s', %s, '%s', %s)";
const string insert_sql_template
= "INSERT INTO " + m_tablename + " VALUES ('%s', '%s', %s, '%s', %s)";
/** Used for NULL value creation in the INSERT query */
const char NULL_TOKEN[] = "NULL";
@ -132,14 +135,19 @@ void PamInstance::add_pam_user(const char *user, const char *host,
service_str = NULL_TOKEN;
}
size_t len = insert_sql_template.length() + strlen(user) + strlen(host) + db_str.length() +
service_str.length() + 1;
size_t len = insert_sql_template.length() + strlen(user) + strlen(host) + db_str.length()
+ service_str.length() + 1;
char insert_sql[len + 1];
sprintf(insert_sql, insert_sql_template.c_str(), user, host, db_str.c_str(),
anydb ? "1" : "0", service_str.c_str());
sprintf(insert_sql,
insert_sql_template.c_str(),
user,
host,
db_str.c_str(),
anydb ? "1" : "0",
service_str.c_str());
char *err;
char* err;
if (sqlite3_exec(m_dbhandle, insert_sql, NULL, NULL, &err) != SQLITE_OK)
{
MXS_ERROR("Failed to insert user: %s", err);
@ -154,7 +162,7 @@ void PamInstance::delete_old_users()
{
/** Delete query used to clean up the database before loading new users */
const string delete_query = "DELETE FROM " + m_tablename;
char *err;
char* err;
if (sqlite3_exec(m_dbhandle, delete_query.c_str(), NULL, NULL, &err) != SQLITE_OK)
{
MXS_ERROR("Failed to delete old users: %s", err);
@ -172,17 +180,17 @@ void PamInstance::delete_old_users()
int PamInstance::load_users(SERVICE* service)
{
/** Query that gets all users that authenticate via the pam plugin */
const char PAM_USERS_QUERY[] =
"SELECT u.user, u.host, d.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.db AS d ON (u.user = d.user AND u.host = d.host) WHERE "
"(u.plugin = 'pam' AND (d.db IS NOT NULL OR u.select_priv = 'Y')) "
"UNION "
"SELECT u.user, u.host, t.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.tables_priv AS t ON (u.user = t.user AND u.host = t.host) WHERE "
"(u.plugin = 'pam' AND t.db IS NOT NULL AND u.select_priv = 'N') "
"ORDER BY user";
#if defined(SS_DEBUG)
const unsigned int PAM_USERS_QUERY_NUM_FIELDS = 5;
const char PAM_USERS_QUERY[]
= "SELECT u.user, u.host, d.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.db AS d ON (u.user = d.user AND u.host = d.host) WHERE "
"(u.plugin = 'pam' AND (d.db IS NOT NULL OR u.select_priv = 'Y')) "
"UNION "
"SELECT u.user, u.host, t.db, u.select_priv, u.authentication_string FROM "
"mysql.user AS u LEFT JOIN mysql.tables_priv AS t ON (u.user = t.user AND u.host = t.host) WHERE "
"(u.plugin = 'pam' AND t.db IS NOT NULL AND u.select_priv = 'N') "
"ORDER BY user";
#if defined (SS_DEBUG)
const unsigned int PAM_USERS_QUERY_NUM_FIELDS = 5;
#endif
const char* user;
@ -193,29 +201,33 @@ int PamInstance::load_users(SERVICE* service)
if ((pw = decrypt_password(password)))
{
for (SERVER_REF *servers = service->dbref; servers; servers = servers->next)
for (SERVER_REF* servers = service->dbref; servers; servers = servers->next)
{
MYSQL *mysql = mysql_init(NULL);
MYSQL* mysql = mysql_init(NULL);
if (mxs_mysql_real_connect(mysql, servers->server, user, pw))
{
if (mysql_query(mysql, PAM_USERS_QUERY))
{
MXS_ERROR("Failed to query server '%s' for PAM users: '%s'.",
servers->server->name, mysql_error(mysql));
servers->server->name,
mysql_error(mysql));
}
else
{
MYSQL_RES *res = mysql_store_result(mysql);
MYSQL_RES* res = mysql_store_result(mysql);
delete_old_users();
if (res)
{
mxb_assert(mysql_num_fields(res) == PAM_USERS_QUERY_NUM_FIELDS);
MXS_NOTICE("Loaded %llu users for service %s.", mysql_num_rows(res),
MXS_NOTICE("Loaded %llu users for service %s.",
mysql_num_rows(res),
service->name);
MYSQL_ROW row;
while ((row = mysql_fetch_row(res)))
{
add_pam_user(row[0], row[1], row[2],
add_pam_user(row[0],
row[1],
row[2],
row[3] && strcasecmp(row[3], "Y") == 0,
row[4]);
}
@ -267,7 +279,7 @@ void PamInstance::diagnostic(DCB* dcb)
json_decref(array);
}
static int diag_cb_json(void *data, int columns, char **row, char **field_names)
static int diag_cb_json(void* data, int columns, char** row, char** field_names)
{
mxb_assert(columns == NUM_FIELDS);
json_t* obj = json_object();
@ -283,7 +295,7 @@ static int diag_cb_json(void *data, int columns, char **row, char **field_names)
json_t* PamInstance::diagnostic_json()
{
json_t* rval = json_array();
char *err;
char* err;
string select = "SELECT * FROM " + m_tablename + ";";
if (sqlite3_exec(m_dbhandle, select.c_str(), diag_cb_json, rval, &err) != SQLITE_OK)
{
@ -308,12 +320,13 @@ bool PamInstance::query_anon_proxy_user(SERVER* server, MYSQL* conn)
if (mysql_query(conn, ANON_USER_QUERY))
{
MXS_ERROR("Failed to query server '%s' for the anonymous PAM user: '%s'.",
server->name, mysql_error(conn));
server->name,
mysql_error(conn));
success = false;
}
else
{
MYSQL_RES *res = mysql_store_result(conn);
MYSQL_RES* res = mysql_store_result(conn);
if (res)
{
MYSQL_ROW row = mysql_fetch_row(res);
@ -334,7 +347,8 @@ bool PamInstance::query_anon_proxy_user(SERVER* server, MYSQL* conn)
if (mysql_query(conn, ANON_GRANT_QUERY))
{
MXS_ERROR("Failed to query server '%s' for the grants of the anonymous PAM user: '%s'.",
server->name, mysql_error(conn));
server->name,
mysql_error(conn));
success = false;
}
else

23
server/modules/authenticator/PAM/PAMAuth/pam_instance.hh
View File

@ -10,7 +10,7 @@
* of this software will be governed by version 2 or later of the General
* Public License.
*/
#pragma once
#pragma once
#include "pam_auth.hh"
#include <string>
@ -23,22 +23,23 @@ class PamInstance
PamInstance(const PamInstance& orig);
PamInstance& operator=(const PamInstance&);
public:
static PamInstance* create(char **options);
static PamInstance* create(char** options);
~PamInstance();
int load_users(SERVICE* service);
void diagnostic(DCB* dcb);
int load_users(SERVICE* service);
void diagnostic(DCB* dcb);
json_t* diagnostic_json();
const std::string m_dbname; /**< Name of the in-memory database */
const std::string m_tablename; /**< The table where users are stored */
const std::string m_dbname; /**< Name of the in-memory database */
const std::string m_tablename; /**< The table where users are stored */
private:
PamInstance(sqlite3* dbhandle, const std::string& m_dbname, const std::string& tablename);
void add_pam_user(const char *user, const char *host, const char *db, bool anydb,
const char *pam_service);
void add_pam_user(const char* user,
const char* host,
const char* db,
bool anydb,
const char* pam_service);
void delete_old_users();
bool query_anon_proxy_user(SERVER* server, MYSQL* conn);
sqlite3 * const m_dbhandle; /**< SQLite3 database handle */
sqlite3* const m_dbhandle; /**< SQLite3 database handle */
};