hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New service parameter localhost_match_any

Browse Source 
New service parameter ‘localhost_match_any’ allows localhost matching
the wildcard host.

Default value is 0, don’t match.
It may be changed if backend servers don’t have the anonymous user
‘’@localhost
This commit is contained in:
MassimilianoPinto 2014-09-10 17:12:25 +02:00
parent 344fcfa9ea
commit f15815c6bb
4 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
server/core/config.c
View File

@ -34,6 +34,7 @@
* 29/05/14 Mark Riddoch Addition of filter definition
* 23/05/14 Massimiliano Pinto Added automatic set of maxscale-id: first listening ipv4_raw + port + pid
* 28/05/14 Massimiliano Pinto Added detect_replication_lag parameter
* 09/09/14 Massimiliano Pinto Added localhost_match_any parameter
*
* @endverbatim
*/
@ -276,6 +277,9 @@ int error_count = 0;
char *version_string = config_get_value(obj->parameters, "version_string");
char *allow_localhost_match_any =
config_get_value(obj->parameters, "localhost_match_any");
if (obj->element == NULL) /*< if module load failed */
{
LOGIF(LE, (skygw_log_write_flush(
@ -310,6 +314,11 @@ int error_count = 0;
if (weightby)
serviceWeightBy(obj->element, weightby);
if (allow_localhost_match_any)
serviceEnableLocalhostMatchAny(
obj->element,
config_truth_value(allow_localhost_match_any));
if (!auth)
auth = config_get_value(obj->parameters,
"auth");
@ -998,6 +1007,7 @@ SERVER *server;
char* max_slave_conn_str;
char* max_slave_rlag_str;
char *version_string;
char *allow_localhost_match_any;
enable_root_user = config_get_value(obj->parameters, "enable_root_user");
@ -1008,6 +1018,8 @@ SERVER *server;
version_string = config_get_value(obj->parameters, "version_string");
allow_localhost_match_any = config_get_value(obj->parameters, "localhost_match_any");
if (version_string) {
if (service->version_string) {
free(service->version_string);
@ -1021,6 +1033,11 @@ SERVER *server;
auth);
if (enable_root_user)
serviceEnableRootUser(service, atoi(enable_root_user));
if (allow_localhost_match_any)
serviceEnableLocalhostMatchAny(
service,
atoi(allow_localhost_match_any));
/** Read, validate and set max_slave_connections */
max_slave_conn_str =
@ -1105,6 +1122,8 @@ SERVER *server;
enable_root_user =
config_get_value(obj->parameters,
"enable_root_user");
allow_localhost_match_any =
config_get_value(obj->parameters, "localhost_match_any");
user = config_get_value(obj->parameters,
"user");
@ -1120,6 +1139,11 @@ SERVER *server;
auth);
if (enable_root_user)
serviceEnableRootUser(service, atoi(enable_root_user));
if (allow_localhost_match_any)
serviceEnableLocalhostMatchAny(
service,
atoi(allow_localhost_match_any));
}
}
}
@ -1325,6 +1349,7 @@ static char *service_params[] =
"user",
"passwd",
"enable_root_user",
"localhost_match_any",
"max_slave_connections",
"max_slave_replication_lag",
"version_string",

22
server/core/service.c
View File

@ -31,6 +31,7 @@
* 07/05/14 Massimiliano Pinto Added: version_string initialized to NULL
* 23/05/14 Mark Riddoch Addition of service validation call
* 29/05/14 Mark Riddoch Filter API implementation
* 09/09/14 Massimiliano Pinto Added service option for localhost authentication
*
* @endverbatim
*/
@ -108,6 +109,7 @@ SERVICE *service;
service->credentials.name = NULL;
service->credentials.authdata = NULL;
service->enable_root = 0;
service->localhost_match_any = 0;
service->routerOptions = NULL;
service->databases = NULL;
service->svc_config_param = NULL;
@ -1171,3 +1173,23 @@ serviceGetWeightingParameter(SERVICE *service)
{
return service->weightby;
}
/**
* Enable/Disable localhost authentication match criteria
* associated with this service.
*
* @param service The service we are setting the data for
* @param action 1 for enable, 0 for disable access
* @return 0 on failure
*/
int
serviceEnableLocalhostMatchAny(SERVICE *service, int action)
{
if (action != 0 && action != 1)
return 0;
service->localhost_match_any = action;
return 1;
}

2
server/include/service.h
View File

@ -44,6 +44,7 @@
* struct
* 29/05/14 Mark Riddoch Filter API mechanism
* 26/06/14 Mark Riddoch Added WeightBy support
* 09/09/14 Massimiliano Pinto Added service option for localhost authentication
*
* @endverbatim
*/
@ -122,6 +123,7 @@ typedef struct service {
SERVICE_STATS stats; /**< The service statistics */
struct users *users; /**< The user data for this service */
int enable_root; /**< Allow root user access */
int localhost_match_any; /**< Match localhost against wildcard */
CONFIG_PARAMETER*
svc_config_param; /*< list of config params and values */
int svc_config_version; /*< Version number of configuration */

7
server/modules/protocol/mysql_common.c
View File

@ -26,6 +26,11 @@
* 04/09/2013 Massimiliano Pinto Added dcb NULL assert in mysql_send_custom_error
* 12/09/2013 Massimiliano Pinto Added checks in gw_decode_mysql_server_handshake and gw_read_backend_handshake
* 10/02/2014 Massimiliano Pinto Added MySQL Authentication with user@host
* 10/09/2014 Massimiliano Pinto Added MySQL Authentication option enabling localhost match with any host (wildcard %)
* Backend server configuration may differ so default is 0, don't match and an explicit
* localhost entry should be added for the selected user in the backends.
* Setting to 1 allow localhost (127.0.0.1 or socket) to match the any host grant via
* user@%
*
*/
@ -1345,7 +1350,7 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
* The check for localhost is 127.0.0.1 (IPv4 only)
*/
if (key.ipv4.sin_addr.s_addr == 0x0100007F) {
if ((key.ipv4.sin_addr.s_addr == 0x0100007F) && !dcb->service->localhost_match_any) {
/* Skip the wildcard check and return 1 */
LOGIF(LD,
(skygw_log_write_flush(