hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1762: Compare client IP when choosing a connection

Browse Source 
When the connection pool is inspected, both the client username and IP
must match. This causes the pool to be partitioned by username and IP,
prevening unintentional sharing of connections between different users.
This commit is contained in:
Markus Mäkelä
2018-04-08 20:34:41 +03:00
parent d07d9d59df
commit cddf132d23
3 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/maxscale/server.h
View File

@ -283,7 +283,7 @@ extern void server_transfer_status(SERVER *dest_server, const SERVER *source_ser
extern void server_add_mon_user(SERVER *server, const char *user, const char *passwd); extern void server_add_mon_user(SERVER *server, const char *user, const char *passwd);
extern const char *server_get_parameter(const SERVER *server, char *name); extern const char *server_get_parameter(const SERVER *server, char *name);
extern void server_update_credentials(SERVER *server, const char *user, const char *passwd); extern void server_update_credentials(SERVER *server, const char *user, const char *passwd);
extern DCB *server_get_persistent(SERVER *server, const char *user, const char *protocol, int id); extern DCB* server_get_persistent(SERVER *server, const char *user, const char* ip, const char *protocol, int id);
extern void server_update_address(SERVER *server, const char *address); extern void server_update_address(SERVER *server, const char *address);
extern void server_update_port(SERVER *server, unsigned short port); extern void server_update_port(SERVER *server, unsigned short port);
extern unsigned int server_map_status(const char *str); extern unsigned int server_map_status(const char *str);

8
server/core/dcb.c
View File

@ -617,7 +617,8 @@ dcb_connect(SERVER *server, MXS_SESSION *session, const char *protocol)
{ {
MXS_DEBUG("%lu [dcb_connect] Looking for persistent connection DCB " MXS_DEBUG("%lu [dcb_connect] Looking for persistent connection DCB "
"user %s protocol %s\n", pthread_self(), user, protocol); "user %s protocol %s\n", pthread_self(), user, protocol);
dcb = server_get_persistent(server, user, protocol, session->client_dcb->thread.id); dcb = server_get_persistent(server, user, session->client_dcb->remote,
protocol, session->client_dcb->thread.id);
if (dcb) if (dcb)
{ {
/** /**
@ -664,6 +665,11 @@ dcb_connect(SERVER *server, MXS_SESSION *session, const char *protocol)
memcpy(&(dcb->func), funcs, sizeof(MXS_PROTOCOL)); memcpy(&(dcb->func), funcs, sizeof(MXS_PROTOCOL));
dcb->protoname = MXS_STRDUP_A(protocol); dcb->protoname = MXS_STRDUP_A(protocol);
if (session->client_dcb->remote)
{
dcb->remote = MXS_STRDUP_A(session->client_dcb->remote);
}
const char *authenticator = server->authenticator ? const char *authenticator = server->authenticator ?
server->authenticator : dcb->func.auth_default ? server->authenticator : dcb->func.auth_default ?
dcb->func.auth_default() : "NullAuthDeny"; dcb->func.auth_default() : "NullAuthDeny";

10
server/core/server.c
View File

@ -207,10 +207,13 @@ server_free(SERVER *tofreeserver)
* *
* @param server The server to set the name on * @param server The server to set the name on
* @param user The name of the user needing the connection * @param user The name of the user needing the connection
* @param ip Client IP address
* @param protocol The name of the protocol needed for the connection * @param protocol The name of the protocol needed for the connection
* @param id Thread ID
*
* @return A DCB or NULL if no connection is found
*/ */
DCB * DCB* server_get_persistent(SERVER *server, const char *user, const char* ip, const char *protocol, int id)
server_get_persistent(SERVER *server, const char *user, const char *protocol, int id)
{ {
DCB *dcb, *previous = NULL; DCB *dcb, *previous = NULL;
@ -224,9 +227,12 @@ server_get_persistent(SERVER *server, const char *user, const char *protocol, in
{ {
if (dcb->user if (dcb->user
&& dcb->protoname && dcb->protoname
&& dcb->remote
&& ip
&& !dcb-> dcb_errhandle_called && !dcb-> dcb_errhandle_called
&& !(dcb->flags & DCBF_HUNG) && !(dcb->flags & DCBF_HUNG)
&& 0 == strcmp(dcb->user, user) && 0 == strcmp(dcb->user, user)
&& 0 == strcmp(dcb->remote, ip)
&& 0 == strcmp(dcb->protoname, protocol)) && 0 == strcmp(dcb->protoname, protocol))
{ {
if (NULL == previous) if (NULL == previous)