hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MySQL Authentication with wildcards in hosts

Browse Source 
MySQL Authentication:

Added support for wildcards in hosts:

a.b.c.%
a.b.%.%
a.%.%.%
This commit is contained in:
MassimilianoPinto
2014-10-03 17:26:41 +02:00
parent 48489234be
commit dbe078f358
6 changed files with 260 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

224
server/core/dbusers.c
View File

@ -28,8 +28,9 @@
* 06/02/2014 Massimiliano Pinto Mysql user root selected based on configuration flag * 06/02/2014 Massimiliano Pinto Mysql user root selected based on configuration flag
* 26/02/2014 Massimiliano Pinto Addd: replace_mysql_users() routine may replace users' table based on a checksum * 26/02/2014 Massimiliano Pinto Addd: replace_mysql_users() routine may replace users' table based on a checksum
* 28/02/2014 Massimiliano Pinto Added Mysql user@host authentication * 28/02/2014 Massimiliano Pinto Added Mysql user@host authentication
* 29/07/2014 Massimiliano Pinto Added Mysql user@host authentication with wildcard in IPv4 hosts: * 29/09/2014 Massimiliano Pinto Added Mysql user@host authentication with wildcard in IPv4 hosts:
* x.y.z.%, x.y.%.%, x.%.%.% * x.y.z.%, x.y.%.%, x.%.%.%
* 03/10/14 Massimiliano Pinto Added netmask to user@host authentication for wildcard in IPv4 hosts
* *
* @endverbatim * @endverbatim
*/ */
@ -52,13 +53,14 @@
extern int lm_enabled_logfiles_bitmask; extern int lm_enabled_logfiles_bitmask;
static int getUsers(SERVICE *service, struct users *users); static int getUsers(SERVICE *service, USERS *users);
static int uh_cmpfun( void* v1, void* v2); static int uh_cmpfun( void* v1, void* v2);
static void *uh_keydup(void* key); static void *uh_keydup(void* key);
static void uh_keyfree( void* key); static void uh_keyfree( void* key);
static int uh_hfun( void* key); static int uh_hfun( void* key);
char *mysql_users_fetch(USERS *users, MYSQL_USER_HOST *key); char *mysql_users_fetch(USERS *users, MYSQL_USER_HOST *key);
char *mysql_format_user_entry(void *data); char *mysql_format_user_entry(void *data);
int add_mysql_users_with_host_ipv4(USERS *users, char *user, char *host, char *passwd);
/** /**
* Load the user/passwd form mysql.user table into the service users' hashtable * Load the user/passwd form mysql.user table into the service users' hashtable
@ -84,7 +86,7 @@ int
reload_mysql_users(SERVICE *service) reload_mysql_users(SERVICE *service)
{ {
int i; int i;
struct users *newusers, *oldusers; USERS *newusers, *oldusers;
if ((newusers = mysql_users_alloc()) == NULL) if ((newusers = mysql_users_alloc()) == NULL)
return 0; return 0;
@ -110,7 +112,7 @@ int
replace_mysql_users(SERVICE *service) replace_mysql_users(SERVICE *service)
{ {
int i; int i;
struct users *newusers, *oldusers; USERS *newusers, *oldusers;
if ((newusers = mysql_users_alloc()) == NULL) if ((newusers = mysql_users_alloc()) == NULL)
return -1; return -1;
@ -150,6 +152,92 @@ struct users *newusers, *oldusers;
return i; return i;
} }
/**
* Add a new MySQL user with host, password and netmask into the service users table
*
* The netmask values are:
* 0 for any, 32 for single IPv4
* 24 for a class C from a.b.c.%, 16 for a Class B from a.b.%.% and 8 for a Class A from a.%.%.%
*
* @param users The users table
* @param user The user name
* @param host The host to add, with possible wildcards
* @param passwd The sha1(sha1(passoword)) to add
* @return 1 on success, 0 on failure
*/
int add_mysql_users_with_host_ipv4(USERS *users, char *user, char *host, char *passwd) {
struct sockaddr_in serv_addr;
MYSQL_USER_HOST key;
char ret_ip[INET_ADDRSTRLEN + 1]="";
int found_range=0;
int found_any=0;
int ret = 0;
/* prepare the user@host data struct */
memset(&serv_addr, 0, sizeof(serv_addr));
memset(&key, 0, sizeof(key));
/* set user */
key.user = strdup(user);
if(key.user == NULL) {
return ret;
}
/* handle ANY, Class C,B,A */
/* ANY */
if (strcmp(host, "%") == 0) {
strcpy(ret_ip, "0.0.0.0");
found_any = 1;
} else {
char *tmp;
strcpy(ret_ip, host);
tmp = ret_ip+strlen(ret_ip)-1;
/* start from Class C */
while(*tmp) {
if (*tmp == '%') {
/* set only the last IPv4 byte to 1
* avoiding setipadress() failure
* for Class C address
*/
found_range++;
if (found_range == 1)
*tmp = '1';
else
*tmp = '0';
}
tmp--;
}
}
/* fill IPv4 data struct */
if (setipaddress(&serv_addr.sin_addr, ret_ip)) {
/* copy IPv4 data into key.ipv4 */
memcpy(&key.ipv4, &serv_addr, sizeof(serv_addr));
if (found_range) {
/* let's zero the last IP byte: a.b.c.0 we set above to 1*/
key.ipv4.sin_addr.s_addr &= 0x00FFFFFF;
key.netmask = 32 - (found_range * 8);
} else {
key.netmask = 32 - (found_any * 32);
}
/* add user@host as key and passwd as value in the MySQL users hash table */
if (mysql_users_add(users, &key, passwd))
ret = 1;
}
free(key.user);
return ret;
}
/** /**
* Load the user/passwd form mysql.user table into the service users' hashtable * Load the user/passwd form mysql.user table into the service users' hashtable
* environment. * environment.
@ -159,7 +247,7 @@ struct users *newusers, *oldusers;
* @return -1 on any error or the number of users inserted (0 means no users at all) * @return -1 on any error or the number of users inserted (0 means no users at all)
*/ */
static int static int
getUsers(SERVICE *service, struct users *users) getUsers(SERVICE *service, USERS *users)
{ {
MYSQL *con = NULL; MYSQL *con = NULL;
MYSQL_ROW row; MYSQL_ROW row;
@ -175,8 +263,6 @@ getUsers(SERVICE *service, struct users *users)
char *users_data = NULL; char *users_data = NULL;
int nusers = 0; int nusers = 0;
int users_data_row_len = MYSQL_USER_MAXLEN + MYSQL_HOST_MAXLEN + MYSQL_PASSWORD_LEN; int users_data_row_len = MYSQL_USER_MAXLEN + MYSQL_HOST_MAXLEN + MYSQL_PASSWORD_LEN;
struct sockaddr_in serv_addr;
MYSQL_USER_HOST key;
/* enable_root for MySQL protocol module means load the root user credentials from backend databases */ /* enable_root for MySQL protocol module means load the root user credentials from backend databases */
if(service->enable_root) { if(service->enable_root) {
@ -313,97 +399,26 @@ getUsers(SERVICE *service, struct users *users)
* added to hashtable. * added to hashtable.
*/ */
char ret_ip[INET_ADDRSTRLEN + 1]=""; int rc = 0;
const char *rc;
int found_range=0;
int found_any=0;
/* prepare the user@host data struct */ rc = add_mysql_users_with_host_ipv4(users, row[0], row[1], strlen(row[2]) ? row[2]+1 : row[2]);
memset(&serv_addr, 0, sizeof(serv_addr));
memset(&key, 0, sizeof(key));
/* set user */ if (rc == 1) {
key.user = strdup(row[0]); LOGIF(LD, (skygw_log_write_flush(
LOGFILE_DEBUG,
if(key.user == NULL) { "%lu [mysql_users_add()] Added user %s@%s",
LOGIF(LE, (skygw_log_write_flush(
LOGFILE_ERROR,
"%lu [getUsers()] strdup() failed for user %s",
pthread_self(), pthread_self(),
row[0]))); row[0],
row[1])));
continue; /* Append data in the memory area for SHA1 digest */
} strncat(users_data, row[3], users_data_row_len);
/* handle ANY, Class C,B,A */ total_users++;
/* if host == '%', 0 serv_addrkeeps its 0 */
if (strcmp(row[1], "%") == 0) {
strcpy(ret_ip, "0.0.0.0");
found_any = 1;
} else { } else {
char *tmp;
strcpy(ret_ip, row[1]);
tmp = ret_ip+strlen(ret_ip)-1;
while(*tmp) {
if (*tmp == '%') {
/* set last byte only to 1
* avoiding setipadress failure
* for Class C address
*/
found_range++;
if (found_range == 1)
*tmp = '1';
else
*tmp = '0';
}
tmp--;
}
}
if (setipaddress(&serv_addr.sin_addr, ret_ip)) {
memcpy(&key.ipv4, &serv_addr, sizeof(serv_addr));
if (found_range) {
/* let's zero the last IP byte: a.b.c.0 we set above to 1*/
key.ipv4.sin_addr.s_addr &= 0x00FFFFFF;
}
rc = inet_ntop(AF_INET, &(key.ipv4).sin_addr, ret_ip, INET_ADDRSTRLEN);
/* add user@host as key and passwd as value in the MySQL users hash table */
if (mysql_users_add(users, &key, strlen(row[2]) ? row[2]+1 : row[2])) {
LOGIF(LD, (skygw_log_write_flush(
LOGFILE_DEBUG,
"%lu [mysql_users_add()] Added user %s@%s(%s)",
pthread_self(),
row[0],
row[1],
rc == NULL ? "NULL" : ret_ip)));
/* Append data in the memory area for SHA1 digest */
strncat(users_data, row[3], users_data_row_len);
total_users++;
} else {
LOGIF(LE, (skygw_log_write_flush(
LOGFILE_ERROR,
"%lu [mysql_users_add()] Failed adding user %s@%s(%s)",
pthread_self(),
row[0],
row[1],
rc == NULL ? "NULL" : ret_ip)));
}
free(key.user);
} else {
/* setipaddress() failed, skip user add and log this*/
LOGIF(LE, (skygw_log_write_flush( LOGIF(LE, (skygw_log_write_flush(
LOGFILE_ERROR, LOGFILE_ERROR,
"%lu [getUsers()] setipaddress failed: user %s@%s not added", "%lu [mysql_users_add()] Failed adding user %s@%s",
pthread_self(), pthread_self(),
row[0], row[0],
row[1]))); row[1])));
@ -511,7 +526,7 @@ static int uh_hfun( void* key) {
* Currently only IPv4 addresses are supported * Currently only IPv4 addresses are supported
* *
* @param key1 The key value, i.e. username@host (IPv4) * @param key1 The key value, i.e. username@host (IPv4)
* @param key1 The key value, i.e. username@host (IPv4) * @param key2 The key value, i.e. username@host (IPv4)
* @return The compare value * @return The compare value
*/ */
@ -522,7 +537,7 @@ static int uh_cmpfun( void* v1, void* v2) {
if (v1 == NULL || v2 == NULL || hu1 == NULL || hu2 == NULL || hu1->user == NULL || hu2->user == NULL) if (v1 == NULL || v2 == NULL || hu1 == NULL || hu2 == NULL || hu1->user == NULL || hu2->user == NULL)
return 0; return 0;
if (strcmp(hu1->user, hu2->user) == 0 && (hu1->ipv4.sin_addr.s_addr == hu2->ipv4.sin_addr.s_addr)) { if (strcmp(hu1->user, hu2->user) == 0 && (hu1->ipv4.sin_addr.s_addr == hu2->ipv4.sin_addr.s_addr) && (hu1->netmask >= hu2->netmask)) {
return 0; return 0;
} else { } else {
return 1; return 1;
@ -549,6 +564,7 @@ static void *uh_keydup(void* key) {
return NULL; return NULL;
memcpy(&rval->ipv4, &current_key->ipv4, sizeof(struct sockaddr_in)); memcpy(&rval->ipv4, &current_key->ipv4, sizeof(struct sockaddr_in));
memcpy(&rval->netmask, &current_key->netmask, sizeof(int));
return (void *) rval; return (void *) rval;
} }
@ -597,19 +613,25 @@ char *mysql_format_user_entry(void *data)
if (mysql_user == NULL) if (mysql_user == NULL)
return NULL; return NULL;
if (entry->ipv4.sin_addr.s_addr == INADDR_ANY) { if (entry->ipv4.sin_addr.s_addr == INADDR_ANY && entry->netmask == 0) {
snprintf(mysql_user, mysql_user_len, "%s@%%", entry->user); snprintf(mysql_user, mysql_user_len-1, "%s@%%", entry->user);
} else if ( (entry->ipv4.sin_addr.s_addr & 0xFF000000) == 0) { } else if ( (entry->ipv4.sin_addr.s_addr & 0xFF000000) == 0 && entry->netmask == 24) {
snprintf(mysql_user, mysql_user_len, "%s@%i.%i.%i.%%", entry->user, entry->ipv4.sin_addr.s_addr & 0x000000FF, (entry->ipv4.sin_addr.s_addr & 0x0000FF00) / (256), (entry->ipv4.sin_addr.s_addr & 0x00FF0000) / (256 * 256)); snprintf(mysql_user, mysql_user_len-1, "%s@%i.%i.%i.%%", entry->user, entry->ipv4.sin_addr.s_addr & 0x000000FF, (entry->ipv4.sin_addr.s_addr & 0x0000FF00) / (256), (entry->ipv4.sin_addr.s_addr & 0x00FF0000) / (256 * 256));
} else if ( (entry->ipv4.sin_addr.s_addr & 0xFFFF0000) == 0) { } else if ( (entry->ipv4.sin_addr.s_addr & 0xFFFF0000) == 0 && entry->netmask == 16) {
snprintf(mysql_user, mysql_user_len, "%s@%i.%i.%%.%%", entry->user, entry->ipv4.sin_addr.s_addr & 0x000000FF, (entry->ipv4.sin_addr.s_addr & 0x0000FF00) / (256)); snprintf(mysql_user, mysql_user_len-1, "%s@%i.%i.%%.%%", entry->user, entry->ipv4.sin_addr.s_addr & 0x000000FF, (entry->ipv4.sin_addr.s_addr & 0x0000FF00) / (256));
} else if ( (entry->ipv4.sin_addr.s_addr & 0xFFFFFF00) == 0) { } else if ( (entry->ipv4.sin_addr.s_addr & 0xFFFFFF00) == 0 && entry->netmask == 8) {
snprintf(mysql_user, mysql_user_len, "%s@%i.%%.%%.%%", entry->user, entry->ipv4.sin_addr.s_addr & 0x000000FF); snprintf(mysql_user, mysql_user_len-1, "%s@%i.%%.%%.%%", entry->user, entry->ipv4.sin_addr.s_addr & 0x000000FF);
} else { } else if (entry->netmask == 32) {
strncpy(mysql_user, entry->user, MYSQL_USER_MAXLEN); strncpy(mysql_user, entry->user, MYSQL_USER_MAXLEN);
strcat(mysql_user, "@"); strcat(mysql_user, "@");
inet_ntop(AF_INET, &(entry->ipv4).sin_addr, mysql_user+strlen(mysql_user), INET_ADDRSTRLEN); inet_ntop(AF_INET, &(entry->ipv4).sin_addr, mysql_user+strlen(mysql_user), INET_ADDRSTRLEN);
} else {
snprintf(mysql_user, MYSQL_USER_MAXLEN-6, "warn: %s", entry->user);
strcat(mysql_user, "@");
inet_ntop(AF_INET, &(entry->ipv4).sin_addr, mysql_user+strlen(mysql_user), INET_ADDRSTRLEN);
} }
return mysql_user; return mysql_user;
} }

3
server/core/test/CMakeLists.txt
View File

@ -1,11 +1,14 @@
add_executable(test_mysql_users test_mysql_users.c)
add_executable(test_hash testhash.c) add_executable(test_hash testhash.c)
add_executable(test_spinlock testspinlock.c) add_executable(test_spinlock testspinlock.c)
add_executable(test_filter testfilter.c) add_executable(test_filter testfilter.c)
add_executable(test_adminusers testadminusers.c) add_executable(test_adminusers testadminusers.c)
target_link_libraries(test_mysql_users fullcore MySQLClient)
target_link_libraries(test_hash fullcore) target_link_libraries(test_hash fullcore)
target_link_libraries(test_spinlock fullcore) target_link_libraries(test_spinlock fullcore)
target_link_libraries(test_filter fullcore) target_link_libraries(test_filter fullcore)
target_link_libraries(test_adminusers fullcore) target_link_libraries(test_adminusers fullcore)
add_test(testMySQLUsers test_mysql_users)
add_test(TestHash test_hash) add_test(TestHash test_hash)
add_test(TestSpinlock test_spinlock) add_test(TestSpinlock test_spinlock)
add_test(TestFilter test_filter) add_test(TestFilter test_filter)

32
server/core/test/makefile.mysql_users
View File

@ -1,32 +0,0 @@
# cleantests - clean local and subdirectories' tests
# buildtests - build all local and subdirectories' tests
# runtests - run all local tests
# testall - clean, build and run local and subdirectories' tests
include ../../../build_gateway.inc
include ../../../makefile.inc
CC=cc
DEBUG=Y
cleantests:
- $(DEL) *.o
- $(DEL) test_mysql_users
- $(DEL) *~
testall: cleantests buildtests runtests
buildtests :
$(CC) $(CFLAGS) \
-I$(ROOT_PATH)/server/include \
-I$(ROOT_PATH)/utils \
-I$(ROOT_PATH)/log_manager \
test_mysql_users.c ../secrets.o ../service.o ../gwbitmask.o ../load_utils.o ../session.o ../poll.o ../dcb.o ../utils.o ../buffer.o ../gw_utils.o ../hashtable.o ../atomic.o ../spinlock.o ../users.o ../dbusers.o ../../../utils/skygw_utils.o ../../../log_manager/log_manager.o -o test_mysql_users -L$(EMBEDDED_LIB) -lmysqlclient -lpthread -lssl -lz -lm -lcrypt -lcrypto -ldl -laio -lrt -lstdc++
runtests:
@echo ""
@echo "-------------------------------"
@echo $(shell date)
@echo "Test MaxScale core"
@echo "-------------------------------"
@echo ""
@echo "MaxSclale Load MySQL users"
@./test_mysql_users

117
server/core/test/test_mysql_users.c
View File

@ -24,6 +24,7 @@
* Date Who Description * Date Who Description
* 14/02/2014 Massimiliano Pinto Initial implementation * 14/02/2014 Massimiliano Pinto Initial implementation
* 17/02/2014 Massimiliano Pinto Added check ipv4 * 17/02/2014 Massimiliano Pinto Added check ipv4
* 03/10/2014 Massimiliano Pinto Added check for wildcard hosts
* *
* @endverbatim * @endverbatim
*/ */
@ -153,6 +154,62 @@ int set_and_get_single_mysql_users(char *username, char *hostname, char *passwor
return 0; return 0;
} }
int set_and_get_mysql_users_wildcards(char *username, char *hostname, char *password, char *from) {
USERS *mysql_users;
int ret;
struct sockaddr_in client_addr;
DCB *dcb;
SERVICE *service;
dcb = dcb_alloc(DCB_ROLE_INTERNAL);
if (dcb == NULL) {
fprintf(stderr, "dcb_alloc() failed\n");
return 1;
}
if ((service = (SERVICE *)calloc(1, sizeof(SERVICE))) == NULL) {
fprintf(stderr, "service_alloc() failed\n");
return 1;
}
memset(&client_addr, 0, sizeof(client_addr));
if (hostname) {
if(!setipaddress(&client_addr.sin_addr, from)) {
fprintf(stderr, "setipaddress failed for host [%s]\n", from);
return 1;
}
}
/* client IPv4 in raw data*/
memcpy(&dcb->ipv4, (struct sockaddr_in *)&client_addr, sizeof(struct sockaddr_in));
dcb->service = service;
mysql_users = mysql_users_alloc();
service->users = mysql_users;
// the routine returns 1 on success
ret = add_mysql_users_with_host_ipv4(mysql_users, username, hostname, password);
if (!ret) {
fprintf(stderr, "add_mysql_users_with_host_ipv4 passed(%s@%s, %s) FAILED\n", username, hostname, password);
return 1;
} else {
char db_passwd[100]="";
dcb->remote=strdup(from);
//fprintf(stderr, "add_mysql_users_with_host_ipv4 passed(%s@%s, %s) OK\n", username, hostname, password);
fprintf(stderr, "Checking '%s' @ '%s' against (%s@%s)\n", username, from, username, hostname);
// returns 0 on success
ret = gw_find_mysql_user_password_sha1(username, db_passwd, dcb);
}
return ret;
}
int main() { int main() {
int ret; int ret;
@ -166,6 +223,7 @@ int main() {
fprintf(stderr, "%s\n", asctime(localtime(&t))); fprintf(stderr, "%s\n", asctime(localtime(&t)));
fprintf(stderr, ">>> Started MySQL load, set & get users@host\n"); fprintf(stderr, ">>> Started MySQL load, set & get users@host\n");
ret = set_and_get_single_mysql_users("pippo", "localhost", "xyz"); ret = set_and_get_single_mysql_users("pippo", "localhost", "xyz");
assert(ret == 0); assert(ret == 0);
ret = set_and_get_single_mysql_users("pippo", "127.0.0.2", "xyz"); ret = set_and_get_single_mysql_users("pippo", "127.0.0.2", "xyz");
@ -193,15 +251,72 @@ int main() {
char user[129] = ""; char user[129] = "";
snprintf(user, 128, "user_%i", k); snprintf(user, 128, "user_%i", k);
ret = set_and_get_single_mysql_users_ipv4(user, i, "JJcd"); ret = set_and_get_single_mysql_users_ipv4(user, i, "JJcd");
assert(ret == 0);
k++; k++;
} }
ret = set_and_get_mysql_users_wildcards("pippo", "%", "one", "127.0.0.1");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
ret = set_and_get_mysql_users_wildcards("pippo", "%", "", "127.0.0.1");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
ret = set_and_get_mysql_users_wildcards("pippo", "%", "two", "192.168.2.2");
if (!ret) fprintf(stderr, "\t-- Expecting ok\n");
assert(ret == 0);
ret = set_and_get_mysql_users_wildcards("pippo", "192.168.1.%", "foo", "192.168.2.2");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
ret = set_and_get_mysql_users_wildcards("pippo", "192.168.%.%", "foo", "192.168.2.2");
if (!ret) fprintf(stderr, "\t-- Expecting ok\n");
assert(ret == 0);
ret = set_and_get_mysql_users_wildcards("pippo", "192.%.%.%", "foo", "192.68.0.2");
if (!ret) fprintf(stderr, "\t-- Expecting ok\n");
assert(ret == 0);
ret = set_and_get_mysql_users_wildcards("pippo", "192.%.%.%", "foo", "192.0.0.2");
if (!ret) fprintf(stderr, "\t-- Expecting ok\n");
assert(ret == 0);
ret = set_and_get_mysql_users_wildcards("pippo", "192.0.%.%", "foo", "192.2.0.2");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
ret = set_and_get_mysql_users_wildcards("pippo", "192.0.0.1", "foo", "192.0.0.2");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
ret = set_and_get_mysql_users_wildcards("pippo", "192.0.%.%", "foo", "192.1.0.2");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
ret = set_and_get_mysql_users_wildcards("pippo", "192.0.0.%", "foo", "192.3.2.1");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
ret = set_and_get_mysql_users_wildcards("pippo", "192.0.%.%", "foo", "192.3.2.1");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
ret = set_and_get_mysql_users_wildcards("pippo", "192.%.%.%", "foo", "192.3.2.1");
if (!ret) fprintf(stderr, "\t-- Expecting ok\n");
assert(ret == 0);
ret = set_and_get_mysql_users_wildcards("pippo", "192.0.0.%", "foo", "192.134.0.2");
if (ret) fprintf(stderr, "\t-- Expecting no match\n");
assert(ret == 1);
fprintf(stderr, "----------------\n"); fprintf(stderr, "----------------\n");
fprintf(stderr, "<<< Test completed\n"); fprintf(stderr, "<<< Test completed\n");
time(&t); time(&t);
fprintf(stderr, "%s\n", asctime(localtime(&t))); fprintf(stderr, "%s\n", asctime(localtime(&t)));
return ret; return 0;
} }

3
server/include/dbusers.h
View File

@ -32,6 +32,7 @@
* 25/06/13 Mark Riddoch Initial implementation * 25/06/13 Mark Riddoch Initial implementation
* 25/02/13 Massimiliano Pinto Added users table refresh rate default values * 25/02/13 Massimiliano Pinto Added users table refresh rate default values
* 28/02/14 Massimiliano Pinto Added MySQL user and host data structure * 28/02/14 Massimiliano Pinto Added MySQL user and host data structure
* 03/10/14 Massimiliano Pinto Added netmask to MySQL user and host data structure
* *
* @endverbatim * @endverbatim
*/ */
@ -52,11 +53,13 @@
typedef struct mysql_user_host_key { typedef struct mysql_user_host_key {
char *user; char *user;
struct sockaddr_in ipv4; struct sockaddr_in ipv4;
int netmask;
} MYSQL_USER_HOST; } MYSQL_USER_HOST;
extern int load_mysql_users(SERVICE *service); extern int load_mysql_users(SERVICE *service);
extern int reload_mysql_users(SERVICE *service); extern int reload_mysql_users(SERVICE *service);
extern int mysql_users_add(USERS *users, MYSQL_USER_HOST *key, char *auth); extern int mysql_users_add(USERS *users, MYSQL_USER_HOST *key, char *auth);
extern int add_mysql_users_with_host_ipv4(USERS *users, char *user, char *host, char *passwd);
extern USERS *mysql_users_alloc(); extern USERS *mysql_users_alloc();
extern char *mysql_users_fetch(USERS *users, MYSQL_USER_HOST *key); extern char *mysql_users_fetch(USERS *users, MYSQL_USER_HOST *key);
extern int replace_mysql_users(SERVICE *service); extern int replace_mysql_users(SERVICE *service);

34
server/modules/protocol/mysql_common.c
View File

@ -31,8 +31,9 @@
* localhost entry should be added for the selected user in the backends. * localhost entry should be added for the selected user in the backends.
* Setting to 1 allow localhost (127.0.0.1 or socket) to match the any host grant via * Setting to 1 allow localhost (127.0.0.1 or socket) to match the any host grant via
* user@% * user@%
* 29/07/2014 Massimiliano Pinto Added Mysql user@host authentication with wildcard in IPv4 hosts: * 29/09/2014 Massimiliano Pinto Added Mysql user@host authentication with wildcard in IPv4 hosts:
* x.y.z.%, x.y.%.%, x.%.%.% * x.y.z.%, x.y.%.%, x.%.%.%
* 03/10/2014 Massimiliano Pinto Added netmask for wildcard in IPv4 hosts.
* *
*/ */
@ -1315,7 +1316,7 @@ int gw_check_mysql_scramble_data(DCB *dcb, uint8_t *token, unsigned int token_le
/** /**
* gw_find_mysql_user_password_sha1 * gw_find_mysql_user_password_sha1
* *
* The routine fetches look for an user int he MaxScale users' table * The routine fetches look for an user int the MaxScale users' table
* The users' table is dcb->service->users or a different one specified with void *repository * The users' table is dcb->service->users or a different one specified with void *repository
* *
* If found the HEX password, representing sha1(sha1(password)), is converted in binary data and * If found the HEX password, representing sha1(sha1(password)), is converted in binary data and
@ -1339,6 +1340,7 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
key.user = username; key.user = username;
memcpy(&key.ipv4, client, sizeof(struct sockaddr_in)); memcpy(&key.ipv4, client, sizeof(struct sockaddr_in));
key.netmask = 32;
LOGIF(LD, LOGIF(LD,
(skygw_log_write_flush( (skygw_log_write_flush(
@ -1378,34 +1380,31 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
/* Class C check */ /* Class C check */
key.ipv4.sin_addr.s_addr &= 0x00FFFFFF; key.ipv4.sin_addr.s_addr &= 0x00FFFFFF;
key.netmask -= 8;
user_password = mysql_users_fetch(service->users, &key); user_password = mysql_users_fetch(service->users, &key);
if (user_password) { if (user_password) {
fprintf(stderr, "+++ Matched Class C for %s\n", dcb->remote);
break; break;
} }
/* Class B check */ /* Class B check */
key.ipv4.sin_addr.s_addr &= 0x0000FFFF; key.ipv4.sin_addr.s_addr &= 0x0000FFFF;
key.netmask -= 8;
user_password = mysql_users_fetch(service->users, &key); user_password = mysql_users_fetch(service->users, &key);
if (user_password) { if (user_password) {
fprintf(stderr, "++ Matched Class B for %s\n", dcb->remote);
break; break;
} }
/* Class A check */ /* Class A check */
key.ipv4.sin_addr.s_addr &= 0x000000FF; key.ipv4.sin_addr.s_addr &= 0x000000FF;
key.netmask -= 8;
user_password = mysql_users_fetch(service->users, &key); user_password = mysql_users_fetch(service->users, &key);
if (user_password) { if (user_password) {
fprintf(stderr, "+ Matched Class A for %s\n", dcb->remote);
break; break;
} }
@ -1414,6 +1413,7 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
*/ */
memset(&key.ipv4, 0, sizeof(struct sockaddr_in)); memset(&key.ipv4, 0, sizeof(struct sockaddr_in));
key.netmask = 0;
LOGIF(LD, LOGIF(LD,
(skygw_log_write_flush( (skygw_log_write_flush(
@ -1440,8 +1440,6 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
break; break;
} }
fprintf(stderr, "%% Matched ANY for %s\n", dcb->remote);
break; break;
} }
} }
@ -1703,11 +1701,9 @@ void protocol_archive_srv_command(
s1 = &p->protocol_command; s1 = &p->protocol_command;
LOGIF(LD, (skygw_log_write( LOGIF(LT, (skygw_log_write(
LOGFILE_DEBUG, LOGFILE_TRACE,
"%lu [protocol_archive_srv_command] Move command %s from fd %d " "Move command %s from fd %d to command history.",
"to command history.",
pthread_self(),
STRPACKETTYPE(s1->scom_cmd), STRPACKETTYPE(s1->scom_cmd),
p->owner_dcb->fd))); p->owner_dcb->fd)));
@ -1779,8 +1775,8 @@ void protocol_add_srv_command(
p->protocol_command.scom_next = server_command_init(NULL, cmd); p->protocol_command.scom_next = server_command_init(NULL, cmd);
} }
LOGIF(LD, (skygw_log_write( LOGIF(LT, (skygw_log_write(
LOGFILE_DEBUG, LOGFILE_TRACE,
"Added command %s to fd %d.", "Added command %s to fd %d.",
STRPACKETTYPE(cmd), STRPACKETTYPE(cmd),
p->owner_dcb->fd))); p->owner_dcb->fd)));
@ -1790,8 +1786,8 @@ void protocol_add_srv_command(
while (c != NULL && c->scom_cmd != MYSQL_COM_UNDEFINED) while (c != NULL && c->scom_cmd != MYSQL_COM_UNDEFINED)
{ {
LOGIF(LD, (skygw_log_write( LOGIF(LT, (skygw_log_write(
LOGFILE_DEBUG, LOGFILE_TRACE,
"fd %d : %d %s", "fd %d : %d %s",
p->owner_dcb->fd, p->owner_dcb->fd,
c->scom_cmd, c->scom_cmd,