New service parameter localhost_match_any
New service parameter ‘localhost_match_any’ allows localhost matching the wildcard host. Default value is 0, don’t match. It may be changed if backend servers don’t have the anonymous user ‘’@localhost
This commit is contained in:
MassimilianoPinto
@ -34,6 +34,7 @@
|
|||||||
* 29/05/14 Mark Riddoch Addition of filter definition
|
* 29/05/14 Mark Riddoch Addition of filter definition
|
||||||
* 23/05/14 Massimiliano Pinto Added automatic set of maxscale-id: first listening ipv4_raw + port + pid
|
* 23/05/14 Massimiliano Pinto Added automatic set of maxscale-id: first listening ipv4_raw + port + pid
|
||||||
* 28/05/14 Massimiliano Pinto Added detect_replication_lag parameter
|
* 28/05/14 Massimiliano Pinto Added detect_replication_lag parameter
|
||||||
|
* 09/09/14 Massimiliano Pinto Added localhost_match_any parameter
|
||||||
*
|
*
|
||||||
* @endverbatim
|
* @endverbatim
|
||||||
*/
|
*/
|
||||||
@ -276,6 +277,9 @@ int error_count = 0;
|
|||||||
|
|
||||||
char *version_string = config_get_value(obj->parameters, "version_string");
|
char *version_string = config_get_value(obj->parameters, "version_string");
|
||||||
|
|
||||||
|
char *allow_localhost_match_any =
|
||||||
|
config_get_value(obj->parameters, "localhost_match_any");
|
||||||
|
|
||||||
if (obj->element == NULL) /*< if module load failed */
|
if (obj->element == NULL) /*< if module load failed */
|
||||||
{
|
{
|
||||||
LOGIF(LE, (skygw_log_write_flush(
|
LOGIF(LE, (skygw_log_write_flush(
|
||||||
@ -310,6 +314,11 @@ int error_count = 0;
|
|||||||
if (weightby)
|
if (weightby)
|
||||||
serviceWeightBy(obj->element, weightby);
|
serviceWeightBy(obj->element, weightby);
|
||||||
|
|
||||||
|
if (allow_localhost_match_any)
|
||||||
|
serviceEnableLocalhostMatchAny(
|
||||||
|
obj->element,
|
||||||
|
config_truth_value(allow_localhost_match_any));
|
||||||
|
|
||||||
if (!auth)
|
if (!auth)
|
||||||
auth = config_get_value(obj->parameters,
|
auth = config_get_value(obj->parameters,
|
||||||
"auth");
|
"auth");
|
||||||
@ -998,6 +1007,7 @@ SERVER *server;
|
|||||||
char* max_slave_conn_str;
|
char* max_slave_conn_str;
|
||||||
char* max_slave_rlag_str;
|
char* max_slave_rlag_str;
|
||||||
char *version_string;
|
char *version_string;
|
||||||
|
char *allow_localhost_match_any;
|
||||||
|
|
||||||
enable_root_user = config_get_value(obj->parameters, "enable_root_user");
|
enable_root_user = config_get_value(obj->parameters, "enable_root_user");
|
||||||
|
|
||||||
@ -1008,6 +1018,8 @@ SERVER *server;
|
|||||||
|
|
||||||
version_string = config_get_value(obj->parameters, "version_string");
|
version_string = config_get_value(obj->parameters, "version_string");
|
||||||
|
|
||||||
|
allow_localhost_match_any = config_get_value(obj->parameters, "localhost_match_any");
|
||||||
|
|
||||||
if (version_string) {
|
if (version_string) {
|
||||||
if (service->version_string) {
|
if (service->version_string) {
|
||||||
free(service->version_string);
|
free(service->version_string);
|
||||||
@ -1021,6 +1033,11 @@ SERVER *server;
|
|||||||
auth);
|
auth);
|
||||||
if (enable_root_user)
|
if (enable_root_user)
|
||||||
serviceEnableRootUser(service, atoi(enable_root_user));
|
serviceEnableRootUser(service, atoi(enable_root_user));
|
||||||
|
|
||||||
|
if (allow_localhost_match_any)
|
||||||
|
serviceEnableLocalhostMatchAny(
|
||||||
|
service,
|
||||||
|
atoi(allow_localhost_match_any));
|
||||||
|
|
||||||
/** Read, validate and set max_slave_connections */
|
/** Read, validate and set max_slave_connections */
|
||||||
max_slave_conn_str =
|
max_slave_conn_str =
|
||||||
@ -1105,6 +1122,8 @@ SERVER *server;
|
|||||||
enable_root_user =
|
enable_root_user =
|
||||||
config_get_value(obj->parameters,
|
config_get_value(obj->parameters,
|
||||||
"enable_root_user");
|
"enable_root_user");
|
||||||
|
allow_localhost_match_any =
|
||||||
|
config_get_value(obj->parameters, "localhost_match_any");
|
||||||
|
|
||||||
user = config_get_value(obj->parameters,
|
user = config_get_value(obj->parameters,
|
||||||
"user");
|
"user");
|
||||||
@ -1120,6 +1139,11 @@ SERVER *server;
|
|||||||
auth);
|
auth);
|
||||||
if (enable_root_user)
|
if (enable_root_user)
|
||||||
serviceEnableRootUser(service, atoi(enable_root_user));
|
serviceEnableRootUser(service, atoi(enable_root_user));
|
||||||
|
|
||||||
|
if (allow_localhost_match_any)
|
||||||
|
serviceEnableLocalhostMatchAny(
|
||||||
|
service,
|
||||||
|
atoi(allow_localhost_match_any));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1325,6 +1349,7 @@ static char *service_params[] =
|
|||||||
"user",
|
"user",
|
||||||
"passwd",
|
"passwd",
|
||||||
"enable_root_user",
|
"enable_root_user",
|
||||||
|
"localhost_match_any",
|
||||||
"max_slave_connections",
|
"max_slave_connections",
|
||||||
"max_slave_replication_lag",
|
"max_slave_replication_lag",
|
||||||
"version_string",
|
"version_string",
|
||||||
|
|||||||
@ -31,6 +31,7 @@
|
|||||||
* 07/05/14 Massimiliano Pinto Added: version_string initialized to NULL
|
* 07/05/14 Massimiliano Pinto Added: version_string initialized to NULL
|
||||||
* 23/05/14 Mark Riddoch Addition of service validation call
|
* 23/05/14 Mark Riddoch Addition of service validation call
|
||||||
* 29/05/14 Mark Riddoch Filter API implementation
|
* 29/05/14 Mark Riddoch Filter API implementation
|
||||||
|
* 09/09/14 Massimiliano Pinto Added service option for localhost authentication
|
||||||
*
|
*
|
||||||
* @endverbatim
|
* @endverbatim
|
||||||
*/
|
*/
|
||||||
@ -108,6 +109,7 @@ SERVICE *service;
|
|||||||
service->credentials.name = NULL;
|
service->credentials.name = NULL;
|
||||||
service->credentials.authdata = NULL;
|
service->credentials.authdata = NULL;
|
||||||
service->enable_root = 0;
|
service->enable_root = 0;
|
||||||
|
service->localhost_match_any = 0;
|
||||||
service->routerOptions = NULL;
|
service->routerOptions = NULL;
|
||||||
service->databases = NULL;
|
service->databases = NULL;
|
||||||
service->svc_config_param = NULL;
|
service->svc_config_param = NULL;
|
||||||
@ -1171,3 +1173,23 @@ serviceGetWeightingParameter(SERVICE *service)
|
|||||||
{
|
{
|
||||||
return service->weightby;
|
return service->weightby;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enable/Disable localhost authentication match criteria
|
||||||
|
* associated with this service.
|
||||||
|
*
|
||||||
|
* @param service The service we are setting the data for
|
||||||
|
* @param action 1 for enable, 0 for disable access
|
||||||
|
* @return 0 on failure
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
serviceEnableLocalhostMatchAny(SERVICE *service, int action)
|
||||||
|
{
|
||||||
|
if (action != 0 && action != 1)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
service->localhost_match_any = action;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|||||||
@ -44,6 +44,7 @@
|
|||||||
* struct
|
* struct
|
||||||
* 29/05/14 Mark Riddoch Filter API mechanism
|
* 29/05/14 Mark Riddoch Filter API mechanism
|
||||||
* 26/06/14 Mark Riddoch Added WeightBy support
|
* 26/06/14 Mark Riddoch Added WeightBy support
|
||||||
|
* 09/09/14 Massimiliano Pinto Added service option for localhost authentication
|
||||||
*
|
*
|
||||||
* @endverbatim
|
* @endverbatim
|
||||||
*/
|
*/
|
||||||
@ -122,6 +123,7 @@ typedef struct service {
|
|||||||
SERVICE_STATS stats; /**< The service statistics */
|
SERVICE_STATS stats; /**< The service statistics */
|
||||||
struct users *users; /**< The user data for this service */
|
struct users *users; /**< The user data for this service */
|
||||||
int enable_root; /**< Allow root user access */
|
int enable_root; /**< Allow root user access */
|
||||||
|
int localhost_match_any; /**< Match localhost against wildcard */
|
||||||
CONFIG_PARAMETER*
|
CONFIG_PARAMETER*
|
||||||
svc_config_param; /*< list of config params and values */
|
svc_config_param; /*< list of config params and values */
|
||||||
int svc_config_version; /*< Version number of configuration */
|
int svc_config_version; /*< Version number of configuration */
|
||||||
|
|||||||
@ -26,6 +26,11 @@
|
|||||||
* 04/09/2013 Massimiliano Pinto Added dcb NULL assert in mysql_send_custom_error
|
* 04/09/2013 Massimiliano Pinto Added dcb NULL assert in mysql_send_custom_error
|
||||||
* 12/09/2013 Massimiliano Pinto Added checks in gw_decode_mysql_server_handshake and gw_read_backend_handshake
|
* 12/09/2013 Massimiliano Pinto Added checks in gw_decode_mysql_server_handshake and gw_read_backend_handshake
|
||||||
* 10/02/2014 Massimiliano Pinto Added MySQL Authentication with user@host
|
* 10/02/2014 Massimiliano Pinto Added MySQL Authentication with user@host
|
||||||
|
* 10/09/2014 Massimiliano Pinto Added MySQL Authentication option enabling localhost match with any host (wildcard %)
|
||||||
|
* Backend server configuration may differ so default is 0, don't match and an explicit
|
||||||
|
* localhost entry should be added for the selected user in the backends.
|
||||||
|
* Setting to 1 allow localhost (127.0.0.1 or socket) to match the any host grant via
|
||||||
|
* user@%
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -1345,7 +1350,7 @@ int gw_find_mysql_user_password_sha1(char *username, uint8_t *gateway_password,
|
|||||||
* The check for localhost is 127.0.0.1 (IPv4 only)
|
* The check for localhost is 127.0.0.1 (IPv4 only)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (key.ipv4.sin_addr.s_addr == 0x0100007F) {
|
if ((key.ipv4.sin_addr.s_addr == 0x0100007F) && !dcb->service->localhost_match_any) {
|
||||||
/* Skip the wildcard check and return 1 */
|
/* Skip the wildcard check and return 1 */
|
||||||
LOGIF(LD,
|
LOGIF(LD,
|
||||||
(skygw_log_write_flush(
|
(skygw_log_write_flush(
|
||||||
|
|||||||
Reference in New Issue
Block a user