Added an option for optimization of wildcard grants to individual grants. The default behavior now checks first for specific grants to a database the wildcard grants.

2015-04-15 06:51:52 +03:00
parent 786f34cf49
commit d16e4fe134
5 changed files with 62 additions and 7 deletions
--- a/server/core/config.c
+++ b/server/core/config.c
@ -309,6 +309,7 @@ int			error_count = 0;
 				char *enable_root_user;
 				char *connection_timeout;
 				char *auth_all_servers;
+				char *optimize_wildcard;
 				char *strip_db_esc;
 				char *weightby;
 				char *version_string;
@ -330,9 +331,14 @@ int			error_count = 0;
 						obj->parameters,
 						"connection_timeout");

-				auth_all_servers = 
+				optimize_wildcard =
 					config_get_value(
 						obj->parameters, 
+						"optimize_wildcard");
+
+				auth_all_servers =
+					config_get_value(
+						obj->parameters,
 						"auth_all_servers");

 				strip_db_esc = 
@ -407,6 +413,10 @@ int			error_count = 0;
 					serviceAuthAllServers(obj->element, 
 						config_truth_value(auth_all_servers));

+				if(optimize_wildcard)
+					serviceOptimizeWildcard(obj->element,
+						config_truth_value(optimize_wildcard));
+
 				if(strip_db_esc)
 					serviceStripDbEsc(obj->element, 
 						config_truth_value(strip_db_esc));
@ -1426,6 +1436,7 @@ SERVER			*server;
 					char *connection_timeout;

 					char* auth_all_servers;
+					char* optimize_wildcard;
 					char* strip_db_esc;
 					char* max_slave_conn_str;
 					char* max_slave_rlag_str;
@ -1441,6 +1452,7 @@ SERVER			*server;
 								"passwd");
                    
 					auth_all_servers = config_get_value(obj->parameters, "auth_all_servers");
+					optimize_wildcard = config_get_value(obj->parameters, "optimize_wildcard");
 					strip_db_esc = config_get_value(obj->parameters, "strip_db_esc");
 					version_string = config_get_value(obj->parameters, "version_string");
 					allow_localhost_match_wildcard_host = config_get_value(obj->parameters, "localhost_match_wildcard_host");
@ -1464,9 +1476,11 @@ SERVER			*server;


                                                if(auth_all_servers)
-                                                    serviceAuthAllServers(service, atoi(auth_all_servers));
+                                                    serviceAuthAllServers(service, config_truth_value(auth_all_servers));
+						if(optimize_wildcard)
+                                                    serviceOptimizeWildcard(service, config_truth_value(optimize_wildcard));
 						if(strip_db_esc)
-                                                    serviceStripDbEsc(service, atoi(strip_db_esc));
+                                                    serviceStripDbEsc(service, config_truth_value(strip_db_esc));

 						if (allow_localhost_match_wildcard_host)
 							serviceEnableLocalhostMatchWildcardHost(
@ -1575,6 +1589,7 @@ SERVER			*server;
 					char *connection_timeout;
 					char *allow_localhost_match_wildcard_host;
 					char *auth_all_servers;
+					char *optimize_wildcard;
 					char *strip_db_esc;

 					enable_root_user = 
@ -1587,6 +1602,9 @@ SERVER			*server;
 					auth_all_servers = 
                                                config_get_value(obj->parameters, 
                                                                 "auth_all_servers");
+					optimize_wildcard =
+                                                config_get_value(obj->parameters,
+                                                                 "optimize_wildcard");
 					strip_db_esc = 
                                                config_get_value(obj->parameters, 
                                                                 "strip_db_esc");
@ -1837,6 +1855,7 @@ static char *service_params[] =
                "enable_root_user",
                "connection_timeout",
                "auth_all_servers",
+		"optimize_wildcard",
                "strip_db_esc",
                "localhost_match_wildcard_host",
                "max_slave_connections",
--- a/server/core/dbusers.c
+++ b/server/core/dbusers.c
@ -970,7 +970,7 @@ getAllUsers(SERVICE *service, USERS *users)
 			}
 		    }

-		    if(havedb && wildcard_db_grant(dbnm))
+		    if(service->optimize_wildcard && havedb && wildcard_db_grant(dbnm))
 		    {
 			rc = add_wildcard_users(users, row[0], row[1], password, row[4], dbnm, service->resources);
 			skygw_log_write(LOGFILE_DEBUG|LOGFILE_TRACE,"%s: Converted '%s' to %d individual database grants.",service->name,dbnm,rc);
@ -1454,7 +1454,7 @@ getUsers(SERVICE *service, USERS *users)
 		if (db_grants) {
 			/* we have dbgrants, store them */

-		    if(wildcard_db_grant(row[5]))
+		    if(service->optimize_wildcard && wildcard_db_grant(row[5]))
 		    {
 			rc = add_wildcard_users(users, row[0], row[1], password, row[4], row[5], service->resources);
 			skygw_log_write(LOGFILE_DEBUG|LOGFILE_TRACE,"%s: Converted '%s' to %d individual database grants.",service->name,row[5],rc);
--- a/server/core/service.c
+++ b/server/core/service.c
@ -823,7 +823,7 @@ serviceEnableRootUser(SERVICE *service, int action)
 * Enable/Disable loading the user data from only one server or all of them
 *
 * @param service	The service we are setting the data for
- * @param action	1 for root enable, 0 for disable access
+ * @param action	1 for all servers, 0 for single server
 * @return		0 on failure
 */

@ -838,6 +838,28 @@ serviceAuthAllServers(SERVICE *service, int action)
 	return 1;
 }

+/**
+ * Enable/Disable optimization of wildcard database grats
+ *
+ * @param service	The service we are setting the data for
+ * @param action	1 for optimized, 0 for normal grants
+ * @return		0 on failure
+ */
+
+int
+serviceOptimizeWildcard(SERVICE *service, int action)
+{
+	if (action != 0 && action != 1)
+		return 0;
+
+	service->optimize_wildcard = action;
+	if(action)
+	{
+	    LOGIF(LM,(skygw_log_write(LOGFILE_MESSAGE,"[%s] Optimizing wildcard database grants.",service->name)));
+	}
+	return 1;
+}
+
 /**
 * Whether to strip escape characters from the name of the database the client
 * is connecting to.
--- a/server/include/service.h
+++ b/server/include/service.h
@ -141,6 +141,7 @@ typedef struct service {
        bool            strip_db_esc;      /*< Remove the '\' characters from database names
                                            * when querying them from the server. MySQL Workbench seems
                                            * to escape at least the underscore character. */
+        bool optimize_wildcard;             /*< Convert wildcard grants to individual database grants */
 	SPINLOCK
 			users_table_spin;	/**< The spinlock for users data refresh */
 	SERVICE_REFRESH_RATE
@ -184,6 +185,7 @@ extern	char	*serviceGetWeightingParameter(SERVICE *);
 extern	int	serviceEnableLocalhostMatchWildcardHost(SERVICE *, int);
 int serviceStripDbEsc(SERVICE* service, int action);
 int serviceAuthAllServers(SERVICE *service, int action);
+int serviceOptimizeWildcard(SERVICE *service, int action);
 extern	void	service_update(SERVICE *, char *, char *, char *);
 extern	int	service_refresh_users(SERVICE *);
 extern	void	printService(SERVICE *);
--- a/server/modules/protocol/mysql_common.c
+++ b/server/modules/protocol/mysql_common.c
@ -1524,7 +1524,19 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
 					dcb->remote)));

 			user_password = mysql_users_fetch(service->users, &key);
-     
+
+			if (user_password)
+			{
+			    break;
+			}
+
+			/** See if ANYDB == Y */
+			if(key.resource)
+			{
+			    key.resource = NULL;
+			    continue;
+			}
+
 			if (!user_password) {
 				/*
 				 * user@% not found.