From cff90ffee8cb9892332a8a1be2b39572a73985f3 Mon Sep 17 00:00:00 2001
From: Markus Makela <markus.makela@mariadb.com>
Date: Mon, 24 Oct 2016 11:04:26 +0300
Subject: [PATCH] Fix HTTPD protocol authentication

The HTTPD protocol mistakenly assumed that the `authenticator` parameter
of a listener would be NULL if the default authenticator is used.

Recent changes modified it so that the value is never NULL and
`NullAuthDeny` would be used for protocols which did not implement the
auth_default entry point.
---
 server/core/service.c                 | 2 +-
 server/modules/protocol/HTTPD/httpd.c | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/server/core/service.c b/server/core/service.c
index ceaeac0cb..96792230a 100644
--- a/server/core/service.c
+++ b/server/core/service.c
@@ -272,7 +272,7 @@ serviceStartPort(SERVICE *service, SERV_LISTENER *port)
 
     memcpy(&(port->listener->func), funcs, sizeof(GWPROTOCOL));
 
-    const char *authenticator_name = "NullAuth";
+    const char *authenticator_name = "NullAuthDeny";
 
     if (port->authenticator)
     {
diff --git a/server/modules/protocol/HTTPD/httpd.c b/server/modules/protocol/HTTPD/httpd.c
index fc8220ec1..3393c0ec0 100644
--- a/server/modules/protocol/HTTPD/httpd.c
+++ b/server/modules/protocol/HTTPD/httpd.c
@@ -215,9 +215,10 @@ static int httpd_read_event(DCB* dcb)
         }
     }
 
-    /** If listener->authenticator is NULL, it means we're using the default
-     * authenticator and we don't need to check the user credentials. */
-    bool auth_ok = dcb->listener->authenticator == 0;
+    /** If listener->authenticator is the default authenticator, it means that
+     * we don't need to check the user credentials. All other authenticators
+     * cause a 401 Unauthorized to be returned on the first try. */
+    bool auth_ok = strcmp(httpd_default_auth(), dcb->listener->authenticator) == 0;
 
     /**
      * Get the request headers
@@ -254,7 +255,7 @@ static int httpd_read_event(DCB* dcb)
                     /** The freeing entry point is called automatically when
                      * the client DCB is closed */
                     dcb->authfunc.extract(dcb, auth_data);
-                    auth_ok = dcb->authfunc.authenticate(dcb) == 0;
+                    auth_ok = dcb->authfunc.authenticate(dcb) == MXS_AUTH_SUCCEEDED;
                     gwbuf_free(auth_data);
                 }
             }