hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1220: Add /users/ resource

Browse Source 
The /users/ resource shows all user accounts that can be used with
MaxScale. This resource is further split into two resource collections,
/users/inet and /users/unix, which contain the network users and Linux
accounts respectively.
This commit is contained in:
Markus Mäkelä
2017-05-19 14:29:02 +03:00
parent 7fc2d25cf2
commit ead9059eeb
9 changed files with 181 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
include/maxscale/adminusers.h.in
View File

@ -33,6 +33,14 @@ MXS_BEGIN_DECLS
static const char INET_DEFAULT_USERNAME[] = "admin";
static const char INET_DEFAULT_PASSWORD[] = "mariadb";
/** User types */
enum user_type
{
USER_TYPE_ALL, // Type that matches all users
USER_TYPE_INET, // Network users
USER_TYPE_UNIX // Linux accounts
};
/*
* MySQL session specific data
*
@ -49,16 +57,39 @@ typedef struct admin_session
#endif
} ADMIN_session;
extern const char *admin_enable_linux_account(const char *uname);
extern const char *admin_disable_linux_account(const char *uname);
extern bool admin_linux_account_enabled(const char *uname);
void admin_users_init();
extern const char *admin_add_inet_user(const char *uname, const char *password);
extern const char *admin_remove_inet_user(const char *uname, const char *password);
extern bool admin_inet_user_exists(const char *uname);
const char* admin_enable_linux_account(const char *uname);
const char* admin_disable_linux_account(const char *uname);
bool admin_linux_account_enabled(const char *uname);
extern bool admin_verify_inet_user(const char *uname, const char *password);
const char* admin_add_inet_user(const char *uname, const char *password);
const char* admin_remove_inet_user(const char *uname, const char *password);
bool admin_inet_user_exists(const char *uname);
bool admin_verify_inet_user(const char *uname, const char *password);
extern void dcb_PrintAdminUsers(DCB *dcb);
/**
* @brief Convert all admin users to JSON
*
* @param host Hostname of this server
* @param type USER_TYPE_INET for networks users, USER_TYPE_UNIX for unix accounts
* or USER_TYPE_ALL for all users
*
* @return Collection of users resources
*/
json_t* admin_all_users_to_json(const char* host, enum user_type type);
/**
* @brief Convert an admin user into JSON
*
* @param host Hostname of this server
* @param user Username to convert
* @param type The type of user, either USER_TYPE_INET or USER_TYPE_UNIX
*
* @return The user converted to JSON
*/
json_t* admin_user_to_json(const char* host, const char* user, enum user_type type);
void dcb_PrintAdminUsers(DCB *dcb);
MXS_END_DECLS

4
include/maxscale/config.h
View File

@ -39,6 +39,7 @@ MXS_BEGIN_DECLS
/** JSON Pointers to key parts of JSON objects */
#define MXS_JSON_PTR_DATA "/data"
#define MXS_JSON_PTR_ID "/data/id"
#define MXS_JSON_PTR_TYPE "/data/type"
#define MXS_JSON_PTR_PARAMETERS "/data/attributes/parameters"
/** Pointers to relation lists */
@ -95,6 +96,7 @@ extern const char CN_FILTERS[];
extern const char CN_FILTER[];
extern const char CN_GATEWAY[];
extern const char CN_ID[];
extern const char CN_INET[];
extern const char CN_LISTENER[];
extern const char CN_LISTENERS[];
extern const char CN_LOCALHOST_MATCH_WILDCARD_HOST[];
@ -143,7 +145,9 @@ extern const char CN_SSL_VERSION[];
extern const char CN_STRIP_DB_ESC[];
extern const char CN_THREADS[];
extern const char CN_TYPE[];
extern const char CN_UNIX[];
extern const char CN_USER[];
extern const char CN_USERS[];
extern const char CN_VERSION_STRING[];
extern const char CN_WEIGHTBY[];

1
include/maxscale/json_api.h
View File

@ -32,6 +32,7 @@ MXS_BEGIN_DECLS
#define MXS_JSON_API_LOGS "/maxscale/logs/"
#define MXS_JSON_API_TASKS "/maxscale/tasks/"
#define MXS_JSON_API_MODULES "/maxscale/modules/"
#define MXS_JSON_API_USERS "/users/"
/**
* @brief Create a JSON object

105
server/core/adminusers.cc
View File

@ -11,24 +11,26 @@
* Public License.
*/
#include <maxscale/cdefs.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <crypt.h>
#include <sys/stat.h>
#include <string>
#include <maxscale/users.h>
#include <maxscale/adminusers.h>
#include <maxscale/log_manager.h>
#include <maxscale/paths.h>
#include <sys/stat.h>
#include <maxscale/json_api.h>
/**
* @file adminusers.c - Administration user account management
*/
static void initialise();
static USERS *loadLinuxUsers();
static USERS *loadInetUsers();
@ -42,7 +44,6 @@ static bool admin_search_user(USERS *users, const char *uname);
static USERS *linux_users = NULL;
static USERS *inet_users = NULL;
static int admin_init = 0;
static const char *ADMIN_ERR_NOMEM = "Out of memory";
static const char *ADMIN_ERR_FILEOPEN = "Unable to create password file";
@ -65,15 +66,8 @@ static const char INET_USERS_FILE_NAME[] = "passwd";
/**
* Admin Users initialisation
*/
static void
initialise()
void admin_users_init()
{
if (admin_init)
{
return;
}
admin_init = 1;
linux_users = loadLinuxUsers();
inet_users = loadInetUsers();
}
@ -331,6 +325,78 @@ void dcb_print_users(DCB *dcb, const char* heading, USERS *users)
dcb_printf(dcb, "%s", "\n");
}
static json_t* admin_user_json_data(const char* host, const char* user, enum user_type user_type)
{
ss_dassert(user_type != USER_TYPE_ALL);
const char* type = user_type == USER_TYPE_INET ? CN_INET : CN_UNIX;
json_t* entry = json_object();
json_object_set_new(entry, CN_ID, json_string(user));
json_object_set_new(entry, CN_TYPE, json_string(type));
std::string self = MXS_JSON_API_USERS;
self += type;
json_object_set_new(entry, CN_RELATIONSHIPS, mxs_json_self_link(host, self.c_str(), user));
return entry;
}
static void user_types_to_json(USERS* users, json_t* arr, const char* host, enum user_type type)
{
const char* user;
HASHITERATOR *iter = hashtable_iterator(users->data);
while ((user = (const char*)hashtable_next(iter)))
{
json_array_append_new(arr, admin_user_json_data(host, user, type));
}
hashtable_iterator_free(iter);
}
static std::string path_from_type(enum user_type type)
{
std::string path = MXS_JSON_API_USERS;
if (type == USER_TYPE_INET)
{
path += CN_INET;
}
else if (type == USER_TYPE_UNIX)
{
path += CN_UNIX;
}
return path;
}
json_t* admin_user_to_json(const char* host, const char* user, enum user_type type)
{
std::string path = path_from_type(type);
path += "/";
path += user;
return mxs_json_resource(host, path.c_str(), admin_user_json_data(host, user, type));
}
json_t* admin_all_users_to_json(const char* host, enum user_type type)
{
json_t* arr = json_array();
std::string path = path_from_type(type);
if (inet_users && (type == USER_TYPE_ALL || type == USER_TYPE_INET))
{
user_types_to_json(inet_users, arr, host, USER_TYPE_INET);
}
if (linux_users && (type == USER_TYPE_ALL || type == USER_TYPE_UNIX))
{
user_types_to_json(linux_users, arr, host, USER_TYPE_UNIX);
}
return mxs_json_resource(host, path.c_str(), arr);
}
/**
* Load the admin users
*
@ -345,7 +411,6 @@ loadUsers(const char *fname)
char uname[80];
int added_users = 0;
initialise();
snprintf(path, sizeof(path), "%s/%s", get_datadir(), fname);
if ((fp = fopen(path, "r")) == NULL)
{
@ -423,8 +488,6 @@ static USERS *loadInetUsers()
*/
const char *admin_enable_linux_account(const char *uname)
{
initialise();
return admin_add_user(&linux_users, LINUX_USERS_FILE_NAME, uname, NULL);
}
@ -437,8 +500,6 @@ const char *admin_enable_linux_account(const char *uname)
*/
const char* admin_disable_linux_account(const char* uname)
{
initialise();
return admin_remove_user(linux_users, LINUX_USERS_FILE_NAME, uname, NULL);
}
@ -451,8 +512,6 @@ const char* admin_disable_linux_account(const char* uname)
*/
bool admin_linux_account_enabled(const char *uname)
{
initialise();
bool rv = false;
if (strcmp(uname, DEFAULT_ADMIN_USER) == 0)
@ -477,8 +536,6 @@ bool admin_linux_account_enabled(const char *uname)
*/
const char *admin_add_inet_user(const char *uname, const char* password)
{
initialise();
struct crypt_data cdata;
cdata.initialized = 0;
char *cpassword = crypt_r(password, ADMIN_SALT, &cdata);
@ -496,8 +553,6 @@ const char *admin_add_inet_user(const char *uname, const char* password)
*/
const char* admin_remove_inet_user(const char* uname, const char *password)
{
initialise();
return admin_remove_user(inet_users, INET_USERS_FILE_NAME, uname, password);
}
@ -510,8 +565,6 @@ const char* admin_remove_inet_user(const char* uname, const char *password)
*/
bool admin_inet_user_exists(const char *uname)
{
initialise();
bool rv = false;
if (inet_users)
@ -535,8 +588,6 @@ admin_verify_inet_user(const char *username, const char *password)
{
bool rv = false;
initialise();
if (inet_users)
{
const char* pw = users_fetch(inet_users, (char*)username); // TODO: Make users const-correct.

3
server/core/config.cc
View File

@ -82,6 +82,7 @@ const char CN_FILTERS[] = "filters";
const char CN_FILTER[] = "filter";
const char CN_GATEWAY[] = "gateway";
const char CN_ID[] = "id";
const char CN_INET[] = "inet";
const char CN_LISTENER[] = "listener";
const char CN_LISTENERS[] = "listeners";
const char CN_LOCALHOST_MATCH_WILDCARD_HOST[] = "localhost_match_wildcard_host";
@ -130,7 +131,9 @@ const char CN_SSL_VERSION[] = "ssl_version";
const char CN_STRIP_DB_ESC[] = "strip_db_esc";
const char CN_THREADS[] = "threads";
const char CN_TYPE[] = "type";
const char CN_UNIX[] = "unix";
const char CN_USER[] = "user";
const char CN_USERS[] = "users";
const char CN_VERSION_STRING[] = "version_string";
const char CN_WEIGHTBY[] = "weightby";

4
server/core/gateway.cc
View File

@ -36,6 +36,7 @@
#include <sys/wait.h>
#include <maxscale/alloc.h>
#include <maxscale/adminusers.h>
#include <maxscale/dcb.h>
#include <maxscale/housekeeper.h>
#include <maxscale/log_manager.h>
@ -1882,6 +1883,9 @@ int main(int argc, char **argv)
dcb_global_init();
/** Load the admin users */
admin_users_init();
/* Initialize the internal query classifier. The plugin will be initialized
* via the module initialization below.
*/

10
server/core/json_api.cc
View File

@ -137,9 +137,19 @@ json_t* mxs_json_self_link(const char* host, const char* path, const char* id)
json_t* links = json_object();
string self = host;
if (path[0] != '/')
{
self += "/";
}
self += path;
if (self[self.length() - 1] != '/')
{
self += "/";
}
self += id;
json_object_set_new(links, CN_SELF, json_string(self.c_str()));

38
server/core/resource.cc
View File

@ -22,6 +22,7 @@
#include <maxscale/json_api.h>
#include <maxscale/housekeeper.h>
#include <maxscale/http.hh>
#include <maxscale/adminusers.h>
#include "maxscale/httprequest.hh"
#include "maxscale/httpresponse.hh"
@ -156,7 +157,9 @@ bool Resource::matching_variable_path(const string& path, const string& target)
(path == ":server" && server_find_by_unique_name(target.c_str())) ||
(path == ":filter" && filter_def_find(target.c_str())) ||
(path == ":monitor" && monitor_find(target.c_str())) ||
(path == ":module" && get_module(target.c_str(), NULL)))
(path == ":module" && get_module(target.c_str(), NULL)) ||
(path == ":inetuser" && admin_inet_user_exists(target.c_str())) ||
(path == ":unixuser" && admin_linux_account_enabled(target.c_str())))
{
rval = true;
}
@ -482,6 +485,33 @@ HttpResponse cb_module(const HttpRequest& request)
return HttpResponse(MHD_HTTP_OK, module_to_json(module, request.host()));
}
HttpResponse cb_all_users(const HttpRequest& request)
{
return HttpResponse(MHD_HTTP_OK, admin_all_users_to_json(request.host(), USER_TYPE_ALL));
}
HttpResponse cb_all_inet_users(const HttpRequest& request)
{
return HttpResponse(MHD_HTTP_OK, admin_all_users_to_json(request.host(), USER_TYPE_INET));
}
HttpResponse cb_all_unix_users(const HttpRequest& request)
{
return HttpResponse(MHD_HTTP_OK, admin_all_users_to_json(request.host(), USER_TYPE_UNIX));
}
HttpResponse cb_inet_user(const HttpRequest& request)
{
string user = request.uri_part(2);
return HttpResponse(MHD_HTTP_OK, admin_user_to_json(request.host(), user.c_str(), USER_TYPE_INET));
}
HttpResponse cb_unix_user(const HttpRequest& request)
{
string user = request.uri_part(2);
return HttpResponse(MHD_HTTP_OK, admin_user_to_json(request.host(), user.c_str(), USER_TYPE_UNIX));
}
HttpResponse cb_send_ok(const HttpRequest& request)
{
return HttpResponse(MHD_HTTP_OK);
@ -526,6 +556,12 @@ public:
m_get.push_back(SResource(new Resource(cb_all_modules, 2, "maxscale", "modules")));
m_get.push_back(SResource(new Resource(cb_module, 3, "maxscale", "modules", ":module")));
m_get.push_back(SResource(new Resource(cb_all_users, 1, "users")));
m_get.push_back(SResource(new Resource(cb_all_inet_users, 2, "users", "inet")));
m_get.push_back(SResource(new Resource(cb_all_unix_users, 2, "users", "unix")));
m_get.push_back(SResource(new Resource(cb_inet_user, 3, "users", "inet", ":inetuser")));
m_get.push_back(SResource(new Resource(cb_unix_user, 3, "users", "unix", ":unixuser")));
/** Create new resources */
m_post.push_back(SResource(new Resource(cb_flush, 3, "maxscale", "logs", "flush")));
m_post.push_back(SResource(new Resource(cb_create_server, 1, "servers")));

3
server/core/test/rest-api/test/schema_validation.js
View File

@ -14,6 +14,9 @@ describe("Resource Collections", function() {
"/maxscale/threads",
"/maxscale/modules",
"/maxscale/tasks",
"/users",
"/users/inet",
"/users/unix",
]
tests.forEach(function(endpoint) {