hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use server credentials for monitor permissions checks

Browse Source 
When the monitor performs permission checks, it should use the `monuser`
and `monpw` credentials if they are defined.
This commit is contained in:
Markus Mäkelä
2016-12-16 18:02:07 +02:00
parent d457f9cd03
commit f69c8ccd0c
1 changed files with 8 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
server/core/monitor.c
View File

@ -681,25 +681,13 @@ bool check_monitor_permissions(MONITOR* monitor, const char* query)
for (MONITOR_SERVERS *mondb = monitor->databases; mondb; mondb = mondb->next) for (MONITOR_SERVERS *mondb = monitor->databases; mondb; mondb = mondb->next)
{ {
MYSQL *mysql = mysql_init(NULL); if (mon_connect_to_db(monitor, mondb) != MONITOR_CONN_OK)
if (mysql == NULL)
{
MXS_ERROR("[%s] Error: MySQL connection initialization failed.", __FUNCTION__);
break;
}
mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, &cnf->auth_read_timeout);
mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, &cnf->auth_conn_timeout);
mysql_options(mysql, MYSQL_OPT_WRITE_TIMEOUT, &cnf->auth_write_timeout);
if (mxs_mysql_real_connect(mysql, mondb->server, user, dpasswd) == NULL)
{ {
MXS_ERROR("[%s] Failed to connect to server '%s' (%s:%d) when" MXS_ERROR("[%s] Failed to connect to server '%s' (%s:%d) when"
" checking monitor user credentials and permissions: %s", " checking monitor user credentials and permissions: %s",
monitor->name, mondb->server->unique_name, mondb->server->name, monitor->name, mondb->server->unique_name, mondb->server->name,
mondb->server->port, mysql_error(mysql)); mondb->server->port, mysql_error(mondb->con));
switch (mysql_errno(mysql)) switch (mysql_errno(mondb->con))
{ {
case ER_ACCESS_DENIED_ERROR: case ER_ACCESS_DENIED_ERROR:
case ER_DBACCESS_DENIED_ERROR: case ER_DBACCESS_DENIED_ERROR:
@ -710,9 +698,9 @@ bool check_monitor_permissions(MONITOR* monitor, const char* query)
break; break;
} }
} }
else if (mysql_query(mysql, query) != 0) else if (mysql_query(mondb->con, query) != 0)
{ {
switch (mysql_errno(mysql)) switch (mysql_errno(mondb->con))
{ {
case ER_TABLEACCESS_DENIED_ERROR: case ER_TABLEACCESS_DENIED_ERROR:
case ER_COLUMNACCESS_DENIED_ERROR: case ER_COLUMNACCESS_DENIED_ERROR:
@ -728,23 +716,22 @@ bool check_monitor_permissions(MONITOR* monitor, const char* query)
} }
MXS_ERROR("[%s] Failed to execute query '%s' with user '%s'. MySQL error message: %s", MXS_ERROR("[%s] Failed to execute query '%s' with user '%s'. MySQL error message: %s",
monitor->name, query, user, mysql_error(mysql)); monitor->name, query, user, mysql_error(mondb->con));
} }
else else
{ {
rval = true; rval = true;
MYSQL_RES *res = mysql_use_result(mysql); MYSQL_RES *res = mysql_use_result(mondb->con);
if (res == NULL) if (res == NULL)
{ {
MXS_ERROR("[%s] Result retrieval failed when checking monitor permissions: %s", MXS_ERROR("[%s] Result retrieval failed when checking monitor permissions: %s",
monitor->name, mysql_error(mysql)); monitor->name, mysql_error(mondb->con));
} }
else else
{ {
mysql_free_result(res); mysql_free_result(res);
} }
} }
mysql_close(mysql);
} }
MXS_FREE(dpasswd); MXS_FREE(dpasswd);