Enable/disable root user in services

Added support for enable/disable root user, this is currently used in
MySQL authentication

server/core/config.c

@@ -22,10 +22,11 @@
  * @verbatim
  * Revision History
  *
- * Date		Who		Description
+ * Date		Who			Description
- * 21/06/13	Mark Riddoch	Initial implementation
+ * 21/06/13	Mark Riddoch		Initial implementation
- * 08/07/13	Mark Riddoch	Addition on monitor module support
+ * 08/07/13	Mark Riddoch		Addition on monitor module support
- * 23/07/13	Mark Riddoch	Addition on default monitor password
+ * 23/07/13	Mark Riddoch		Addition on default monitor password
+ * 06/02/14	Massimiliano Pinto	Added support for enable/disable root user in services
  *
  * @endverbatim
  */
@@ -197,6 +198,12 @@ int			error_count = 0;
                                         config_get_value(obj->parameters, "user");
 				char *auth =
                                         config_get_value(obj->parameters, "passwd");
+				char *enable_root_user =
+					config_get_value(obj->parameters, "enable_root_user");
+
+				if (enable_root_user)
+					serviceEnableRootUser(obj->element, atoi(enable_root_user));
+
 				if (!auth)
 					auth = config_get_value(obj->parameters, "auth");
 
@@ -587,21 +594,31 @@ SERVER			*server;
 				{
                                         char *user;
 					char *auth;
+					char *enable_root_user;
+
+					enable_root_user = config_get_value(obj->parameters, "enable_root_user");
 
                                         user = config_get_value(obj->parameters,
                                                                 "user");
 					auth = config_get_value(obj->parameters,
                                                                 "passwd");
-					if (user && auth)
+					if (user && auth) {
 						service_update(service, router,
                                                                user,
                                                                auth);
+						if (enable_root_user)
+							serviceEnableRootUser(service, atoi(enable_root_user));
+					}
+
 					obj->element = service;
 				}
 				else
 				{
                                         char *user;
 					char *auth;
+					char *enable_root_user;
+
+					enable_root_user = config_get_value(obj->parameters, "enable_root_user");
 
                                         user = config_get_value(obj->parameters,
                                                                 "user");
@@ -615,6 +632,8 @@ SERVER			*server;
 						serviceSetUser(obj->element,
                                                                user,
                                                                auth);
+						if (enable_root_user)
+							serviceEnableRootUser(service, atoi(enable_root_user));
                                         }
 				}
 			}

server/core/dbusers.c

@@ -25,6 +25,7 @@
  * Date		Who			Description
  * 24/06/2013	Massimiliano Pinto	Initial implementation
  * 08/08/2013	Massimiliano Pinto	Fixed bug for invalid memory access in row[1]+1 when row[1] is ""
+ * 06/02/2014	Massimiliano Pinto	Mysql user root selected based on configuration flag
  *
  * @endverbatim
  */
@@ -39,6 +40,9 @@
 #include <log_manager.h>
 #include <secrets.h>
 
+#define USERS_QUERY_NO_ROOT " WHERE user NOT IN ('root')"
+#define LOAD_MYSQL_USERS_QUERY "SELECT user, password FROM mysql.user"
+
 extern int lm_enabled_logfiles_bitmask;
 
 static int getUsers(SERVICE *service, struct users *users);
@@ -101,7 +105,13 @@ getUsers(SERVICE *service, struct users *users)
 	char	   *dpwd;
 	int        total_users = 0;
 	SERVER	   *server;
-    
+	char *users_query; 
+
+	if(service->enable_root)
+		users_query = LOAD_MYSQL_USERS_QUERY;
+	else
+		users_query = LOAD_MYSQL_USERS_QUERY USERS_QUERY_NO_ROOT;
+	
 	serviceGetUser(service, &service_user, &service_passwd);
 	/** multi-thread environment requires that thread init succeeds. */
 	if (mysql_thread_init()) {
@@ -159,7 +169,7 @@ getUsers(SERVICE *service, struct users *users)
 		return -1;
 	}
 
-	if (mysql_query(con, "SELECT user, password FROM mysql.user")) {
+	if (mysql_query(con, users_query)) {
 		LOGIF(LE, (skygw_log_write_flush(
                         LOGFILE_ERROR,
                         "Error : Loading users for service %s encountered "

server/core/service.c

@@ -25,6 +25,7 @@
  * Date		Who			Description
  * 18/06/13	Mark Riddoch		Initial implementation
  * 24/06/13	Massimiliano Pinto	Added: Loading users from mysql backend in serviceStart
+ * 06/02/14	Massimiliano Pinto	Added: serviceEnableRootUser routine
  * @endverbatim
  */
 #include <stdio.h>
@@ -78,6 +79,7 @@ SERVICE 	*service;
 	service->credentials.name = NULL;
 	service->credentials.authdata = NULL;
 	service->users = users_alloc();
+	service->enable_root = 0;
 	service->routerOptions = NULL;
 	service->databases = NULL;
 	spinlock_init(&service->spin);
@@ -496,7 +498,7 @@ serviceSetUser(SERVICE *service, char *user, char *auth)
  * @param service	The service we are setting the data for
  * @param user		The user name to use for connections
  * @param auth		The authentication data we need, e.g. MySQL SHA1 password
- * @return	0 on failure
+ * @return		0 on failure
  */
 int
 serviceGetUser(SERVICE *service, char **user, char **auth)
@@ -508,6 +510,26 @@ serviceGetUser(SERVICE *service, char **user, char **auth)
 	return 1;
 }
 
+/**
+ * Enable/Disable root user for this service
+ * associated with this service.
+ *
+ * @param service	The service we are setting the data for
+ * @param action	1 for root enable, 0 for disable access
+ * @return		0 on failure
+ */
+
+int
+serviceEnableRootUser(SERVICE *service, int action)
+{
+	if (action != 0 && action != 1)
+		return 0;
+
+	service->enable_root = action;
+
+	return 1;
+}
+
 /**
  * Return a named service
  *

server/include/service.h

@@ -31,11 +31,12 @@
  * @verbatim
  * Revision History
  *
- * Date		Who		Description
+ * Date		Who			Description
- * 14/06/13	Mark Riddoch	Initial implementation
+ * 14/06/13	Mark Riddoch		Initial implementation
- * 18/06/13	Mark Riddoch	Addition of statistics and function
+ * 18/06/13	Mark Riddoch		Addition of statistics and function
- * 				prototypes
+ * 					prototypes
- * 23/06/13	Mark Riddoch	Added service user and users
+ * 23/06/13	Mark Riddoch		Added service user and users
+ * 06/02/14	Massimiliano Pinto	Added service flag for root user access
  *
  * @endverbatim
  */
@@ -101,6 +102,7 @@ typedef struct service {
 	SPINLOCK	spin;		/**< The service spinlock */
 	SERVICE_STATS	stats;		/**< The service statistics */
 	struct users	*users;		/**< The user data for this service */
+	int		enable_root;	/**< Allow root user  access */
 	struct service	*next;		/**< The next service in the linked list */
 } SERVICE;
 
@@ -123,6 +125,7 @@ extern	int	serviceStop(SERVICE *);
 extern	int	serviceRestart(SERVICE *);
 extern	int	serviceSetUser(SERVICE *, char *, char *);
 extern	int	serviceGetUser(SERVICE *, char **, char **);
+extern	int	serviceEnableRootUser(SERVICE *, int );
 extern	void	service_update(SERVICE *, char *, char *, char *);
 extern	void	printService(SERVICE *);
 extern	void	printAllServices();

server/modules/protocol/mysql_common.c

@@ -1101,10 +1101,6 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
         SERVICE *service = NULL;
         char *user_password = NULL;
 
-        if (strcmp(username , "root") == 0) {
-                return 1;
-        }
-
         service = (SERVICE *) ((DCB *)repository)->service;
 
         user_password = (char *)users_fetch(service->users, username);