From cddf132d23972aadc13279fb6a4c78a3b501e9b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Sun, 8 Apr 2018 20:34:41 +0300 Subject: [PATCH 1/2] MXS-1762: Compare client IP when choosing a connection When the connection pool is inspected, both the client username and IP must match. This causes the pool to be partitioned by username and IP, prevening unintentional sharing of connections between different users. --- include/maxscale/server.h | 2 +- server/core/dcb.c | 8 +++++++- server/core/server.c | 16 +++++++++++----- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/maxscale/server.h b/include/maxscale/server.h index 0ecdac470..ad2c3b01a 100644 --- a/include/maxscale/server.h +++ b/include/maxscale/server.h @@ -283,7 +283,7 @@ extern void server_transfer_status(SERVER *dest_server, const SERVER *source_ser extern void server_add_mon_user(SERVER *server, const char *user, const char *passwd); extern const char *server_get_parameter(const SERVER *server, char *name); extern void server_update_credentials(SERVER *server, const char *user, const char *passwd); -extern DCB *server_get_persistent(SERVER *server, const char *user, const char *protocol, int id); +extern DCB* server_get_persistent(SERVER *server, const char *user, const char* ip, const char *protocol, int id); extern void server_update_address(SERVER *server, const char *address); extern void server_update_port(SERVER *server, unsigned short port); extern unsigned int server_map_status(const char *str); diff --git a/server/core/dcb.c b/server/core/dcb.c index 83737a300..8305ef223 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -617,7 +617,8 @@ dcb_connect(SERVER *server, MXS_SESSION *session, const char *protocol) { MXS_DEBUG("%lu [dcb_connect] Looking for persistent connection DCB " "user %s protocol %s\n", pthread_self(), user, protocol); - dcb = server_get_persistent(server, user, protocol, session->client_dcb->thread.id); + dcb = server_get_persistent(server, user, session->client_dcb->remote, + protocol, session->client_dcb->thread.id); if (dcb) { /** @@ -664,6 +665,11 @@ dcb_connect(SERVER *server, MXS_SESSION *session, const char *protocol) memcpy(&(dcb->func), funcs, sizeof(MXS_PROTOCOL)); dcb->protoname = MXS_STRDUP_A(protocol); + if (session->client_dcb->remote) + { + dcb->remote = MXS_STRDUP_A(session->client_dcb->remote); + } + const char *authenticator = server->authenticator ? server->authenticator : dcb->func.auth_default ? dcb->func.auth_default() : "NullAuthDeny"; diff --git a/server/core/server.c b/server/core/server.c index d6db003de..d31a7e8ea 100644 --- a/server/core/server.c +++ b/server/core/server.c @@ -205,12 +205,15 @@ server_free(SERVER *tofreeserver) /** * Get a DCB from the persistent connection pool, if possible * - * @param server The server to set the name on - * @param user The name of the user needing the connection - * @param protocol The name of the protocol needed for the connection + * @param server The server to set the name on + * @param user The name of the user needing the connection + * @param ip Client IP address + * @param protocol The name of the protocol needed for the connection + * @param id Thread ID + * + * @return A DCB or NULL if no connection is found */ -DCB * -server_get_persistent(SERVER *server, const char *user, const char *protocol, int id) +DCB* server_get_persistent(SERVER *server, const char *user, const char* ip, const char *protocol, int id) { DCB *dcb, *previous = NULL; @@ -224,9 +227,12 @@ server_get_persistent(SERVER *server, const char *user, const char *protocol, in { if (dcb->user && dcb->protoname + && dcb->remote + && ip && !dcb-> dcb_errhandle_called && !(dcb->flags & DCBF_HUNG) && 0 == strcmp(dcb->user, user) + && 0 == strcmp(dcb->remote, ip) && 0 == strcmp(dcb->protoname, protocol)) { if (NULL == previous) From 099219fa0fc1e8ab6ec94a9578a0a2025cdc0670 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Mon, 9 Apr 2018 13:28:24 +0300 Subject: [PATCH 2/2] MXS-1767: Fix value assignment in ss_dassert The value was updated for debug builds but not for release builds. This caused debug builds to fail if special flags were requested. --- server/modules/protocol/MySQL/MySQLClient/mysql_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/modules/protocol/MySQL/MySQLClient/mysql_client.c b/server/modules/protocol/MySQL/MySQLClient/mysql_client.c index cce68dd21..dcaff503d 100644 --- a/server/modules/protocol/MySQL/MySQLClient/mysql_client.c +++ b/server/modules/protocol/MySQL/MySQLClient/mysql_client.c @@ -343,8 +343,8 @@ int MySQLSendHandshake(DCB* dcb) mysql_server_capabilities_one[1] = (uint8_t)(GW_MYSQL_CAPABILITIES_SERVER >> 8); // Check that we match the old values - ss_dassert(mysql_server_capabilities_one[0] = 0xff); - ss_dassert(mysql_server_capabilities_one[1] = 0xf7); + ss_dassert(mysql_server_capabilities_one[0] == 0xff); + ss_dassert(mysql_server_capabilities_one[1] == 0xf7); if (is_maria) {