From f7892843b5a716236e426f9f8402740054ec7f88 Mon Sep 17 00:00:00 2001
From: Johan Wikman <johan.wikman@mariadb.com>
Date: Tue, 17 Jan 2017 14:56:13 +0200
Subject: [PATCH] Handle prepared named statements in firewall filter

Binary prepared statements need to be addressed separately.
---
 server/modules/filter/dbfwfilter/dbfwfilter.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/server/modules/filter/dbfwfilter/dbfwfilter.c b/server/modules/filter/dbfwfilter/dbfwfilter.c
index 72e581bb5..49731cab3 100644
--- a/server/modules/filter/dbfwfilter/dbfwfilter.c
+++ b/server/modules/filter/dbfwfilter/dbfwfilter.c
@@ -2350,11 +2350,10 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
         rval = dcb->func.write(dcb, err);
     }
     else if (qc_query_is_type(type, QUERY_TYPE_PREPARE_STMT) ||
-             qc_query_is_type(type, QUERY_TYPE_PREPARE_NAMED_STMT) ||
              modutil_is_SQL_prepare(queue))
     {
         GWBUF* err = gen_dummy_error(my_session, "This filter does not support "
-                                     "prepared statements.");
+                                     "binary prepared statements.");
         gwbuf_free(queue);
         MXS_FREE(my_session->errmsg);
         my_session->errmsg = NULL;
@@ -2362,6 +2361,14 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
     }
     else
     {
+        GWBUF* analyzed_queue = queue;
+
+        if (qc_query_is_type(type, QUERY_TYPE_PREPARE_NAMED_STMT))
+        {
+            analyzed_queue = qc_get_preparable_stmt(queue);
+            ss_dassert(analyzed_queue);
+        }
+
         DBFW_USER *user = find_user_data(thr_users, dcb->user, dcb->remote);
         bool query_ok = false;
 
@@ -2370,9 +2377,9 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
             bool match = false;
             char* rname = NULL;
 
-            if (check_match_any(my_instance, my_session, queue, user, &rname) ||
-                check_match_all(my_instance, my_session, queue, user, false, &rname) ||
-                check_match_all(my_instance, my_session, queue, user, true, &rname))
+            if (check_match_any(my_instance, my_session, analyzed_queue, user, &rname) ||
+                check_match_all(my_instance, my_session, analyzed_queue, user, false, &rname) ||
+                check_match_all(my_instance, my_session, analyzed_queue, user, true, &rname))
             {
                 match = true;
             }
@@ -2407,7 +2414,7 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
             {
                 char *sql;
                 int len;
-                if (modutil_extract_SQL(queue, &sql, &len))
+                if (modutil_extract_SQL(analyzed_queue, &sql, &len))
                 {
                     len = MXS_MIN(len, FW_MAX_SQL_LEN);
                     if (match && my_instance->log_match & FW_LOG_MATCH)