hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1758 Support anonymous user with proxy grant for PAM

Browse Source 
This allows using user group mapping with PAM authenticator.
This commit is contained in:
Esa Korhonen
2018-04-19 16:14:32 +03:00
parent 68a89f0a25
commit cb0ac44e1f
3 changed files with 85 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
View File

@ -238,14 +238,25 @@ void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session
") ORDER BY authentication_string;";
MXS_DEBUG("PAM services search sql: '%s'.", services_query.c_str());
char *err;
if (sqlite3_exec(m_dbhandle, services_query.c_str(), user_services_cb,
services_out, &err) != SQLITE_OK)
if (sqlite3_exec(m_dbhandle, services_query.c_str(), user_services_cb, services_out, &err) != SQLITE_OK)
{
MXS_ERROR("Failed to execute query: '%s'", err);
sqlite3_free(err);
}
MXS_DEBUG("User '%s' matched %lu rows in %s db.", session->user,
services_out->size(), m_instance.m_tablename.c_str());
if (services_out->empty())
{
// No service found for user with correct username & password. Check if anonymous user exists.
const string anon_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename +
" WHERE " + FIELD_USER + " = '' AND " + FIELD_HOST + " = '%';";
if (sqlite3_exec(m_dbhandle, anon_query.c_str(), user_services_cb, services_out, &err) != SQLITE_OK)
{
MXS_ERROR("Failed to execute query: '%s'", err);
sqlite3_free(err);
}
}
}
/**