diff --git a/server/core/config.c b/server/core/config.c index 0dfc980dc..48ade63ea 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -34,6 +34,7 @@ * 29/05/14 Mark Riddoch Addition of filter definition * 23/05/14 Massimiliano Pinto Added automatic set of maxscale-id: first listening ipv4_raw + port + pid * 28/05/14 Massimiliano Pinto Added detect_replication_lag parameter + * 09/09/14 Massimiliano Pinto Added localhost_match_any parameter * * @endverbatim */ @@ -276,6 +277,9 @@ int error_count = 0; char *version_string = config_get_value(obj->parameters, "version_string"); + char *allow_localhost_match_any = + config_get_value(obj->parameters, "localhost_match_any"); + if (obj->element == NULL) /*< if module load failed */ { LOGIF(LE, (skygw_log_write_flush( @@ -310,6 +314,11 @@ int error_count = 0; if (weightby) serviceWeightBy(obj->element, weightby); + if (allow_localhost_match_any) + serviceEnableLocalhostMatchAny( + obj->element, + config_truth_value(allow_localhost_match_any)); + if (!auth) auth = config_get_value(obj->parameters, "auth"); @@ -998,6 +1007,7 @@ SERVER *server; char* max_slave_conn_str; char* max_slave_rlag_str; char *version_string; + char *allow_localhost_match_any; enable_root_user = config_get_value(obj->parameters, "enable_root_user"); @@ -1008,6 +1018,8 @@ SERVER *server; version_string = config_get_value(obj->parameters, "version_string"); + allow_localhost_match_any = config_get_value(obj->parameters, "localhost_match_any"); + if (version_string) { if (service->version_string) { free(service->version_string); @@ -1021,6 +1033,11 @@ SERVER *server; auth); if (enable_root_user) serviceEnableRootUser(service, atoi(enable_root_user)); + + if (allow_localhost_match_any) + serviceEnableLocalhostMatchAny( + service, + atoi(allow_localhost_match_any)); /** Read, validate and set max_slave_connections */ max_slave_conn_str = @@ -1105,6 +1122,8 @@ SERVER *server; enable_root_user = config_get_value(obj->parameters, "enable_root_user"); + allow_localhost_match_any = + config_get_value(obj->parameters, "localhost_match_any"); user = config_get_value(obj->parameters, "user"); @@ -1120,6 +1139,11 @@ SERVER *server; auth); if (enable_root_user) serviceEnableRootUser(service, atoi(enable_root_user)); + + if (allow_localhost_match_any) + serviceEnableLocalhostMatchAny( + service, + atoi(allow_localhost_match_any)); } } } @@ -1325,6 +1349,7 @@ static char *service_params[] = "user", "passwd", "enable_root_user", + "localhost_match_any", "max_slave_connections", "max_slave_replication_lag", "version_string", diff --git a/server/core/service.c b/server/core/service.c index 1b79db346..4c98a5a5c 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -31,6 +31,7 @@ * 07/05/14 Massimiliano Pinto Added: version_string initialized to NULL * 23/05/14 Mark Riddoch Addition of service validation call * 29/05/14 Mark Riddoch Filter API implementation + * 09/09/14 Massimiliano Pinto Added service option for localhost authentication * * @endverbatim */ @@ -108,6 +109,7 @@ SERVICE *service; service->credentials.name = NULL; service->credentials.authdata = NULL; service->enable_root = 0; + service->localhost_match_any = 0; service->routerOptions = NULL; service->databases = NULL; service->svc_config_param = NULL; @@ -1171,3 +1173,23 @@ serviceGetWeightingParameter(SERVICE *service) { return service->weightby; } + +/** + * Enable/Disable localhost authentication match criteria + * associated with this service. + * + * @param service The service we are setting the data for + * @param action 1 for enable, 0 for disable access + * @return 0 on failure + */ + +int +serviceEnableLocalhostMatchAny(SERVICE *service, int action) +{ + if (action != 0 && action != 1) + return 0; + + service->localhost_match_any = action; + + return 1; +} diff --git a/server/include/service.h b/server/include/service.h index cd13d411b..43077c511 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -44,6 +44,7 @@ * struct * 29/05/14 Mark Riddoch Filter API mechanism * 26/06/14 Mark Riddoch Added WeightBy support + * 09/09/14 Massimiliano Pinto Added service option for localhost authentication * * @endverbatim */ @@ -122,6 +123,7 @@ typedef struct service { SERVICE_STATS stats; /**< The service statistics */ struct users *users; /**< The user data for this service */ int enable_root; /**< Allow root user access */ + int localhost_match_any; /**< Match localhost against wildcard */ CONFIG_PARAMETER* svc_config_param; /*< list of config params and values */ int svc_config_version; /*< Version number of configuration */ diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c index f9c0ebdea..3d7779da6 100644 --- a/server/modules/protocol/mysql_common.c +++ b/server/modules/protocol/mysql_common.c @@ -26,6 +26,11 @@ * 04/09/2013 Massimiliano Pinto Added dcb NULL assert in mysql_send_custom_error * 12/09/2013 Massimiliano Pinto Added checks in gw_decode_mysql_server_handshake and gw_read_backend_handshake * 10/02/2014 Massimiliano Pinto Added MySQL Authentication with user@host + * 10/09/2014 Massimiliano Pinto Added MySQL Authentication option enabling localhost match with any host (wildcard %) + * Backend server configuration may differ so default is 0, don't match and an explicit + * localhost entry should be added for the selected user in the backends. + * Setting to 1 allow localhost (127.0.0.1 or socket) to match the any host grant via + * user@% * */ @@ -1345,7 +1350,7 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password, * The check for localhost is 127.0.0.1 (IPv4 only) */ - if (key.ipv4.sin_addr.s_addr == 0x0100007F) { + if ((key.ipv4.sin_addr.s_addr == 0x0100007F) && !dcb->service->localhost_match_any) { /* Skip the wildcard check and return 1 */ LOGIF(LD, (skygw_log_write_flush(