a9b0a5550c
It's now possible to use both a Unix domain socket and host/port when connecting with MaxAdmin to MaxScale. By default MaxAdmin will attempt to use the default Unix domain socket, but if host and/or port has been specified, then an inet socket will be used. maxscaled will authenticate the connection attempt differently depending on whether a Unix domain socket is used or not. If a Unix domain socket is used, then the Linux user id will be used for the authorization, otherwise the 1.4.3 username/password handshake will be performed. adminusers has now been extended so that there is one set of functions for local users (connecting locally over a Unix socket) and one set of functions for remote users (connecting locally or remotely over an Inet socket). The local users are stored in the new .../maxscale-users and the remote users in .../passwd. That is, the old users of a 1.4 installation will work as such in 2.0. One difference is that there will be *no* default remote user. That is, remote users will always have to be added manually using a local user. The implementation is shared; the local and remote alternatives use common functions to which the hashtable and filename to be used are forwarded. The commands "[add|remove] user" behave now exactly like they did in 1.4.3, and also all existing users work out of the box. In addition there is now the commands "[enable|disable] account" using which Linux accounts can be enabled for MaxAdmin usage.
67 lines
1.8 KiB
C
67 lines
1.8 KiB
C
#ifndef _ADMINUSERS_H
|
|
#define _ADMINUSERS_H
|
|
/*
|
|
* Copyright (c) 2016 MariaDB Corporation Ab
|
|
*
|
|
* Use of this software is governed by the Business Source License included
|
|
* in the LICENSE.TXT file and at www.mariadb.com/bsl.
|
|
*
|
|
* Change Date: 2019-01-01
|
|
*
|
|
* On the date above, in accordance with the Business Source License, use
|
|
* of this software will be governed by version 2 or later of the General
|
|
* Public License.
|
|
*/
|
|
|
|
/**
|
|
* @file adminusers.h - Administration users support routines
|
|
*
|
|
* @verbatim
|
|
* Revision History
|
|
*
|
|
* Date Who Description
|
|
* 18/07/13 Mark Riddoch Initial implementation
|
|
*
|
|
* @endverbatim
|
|
*/
|
|
#include <dcb.h>
|
|
|
|
#define ADMIN_SALT "$1$MXS"
|
|
|
|
/* Max length of fields in for admin users */
|
|
#define ADMIN_USER_MAXLEN 128
|
|
#define ADMIN_PASSWORD_MAXLEN 128
|
|
|
|
/** Default user for the administrative interface */
|
|
#define DEFAULT_ADMIN_USER "@DEFAULT_ADMIN_USER@"
|
|
|
|
/*
|
|
* MySQL session specific data
|
|
*
|
|
*/
|
|
typedef struct admin_session
|
|
{
|
|
#if defined(SS_DEBUG)
|
|
skygw_chk_t adminses_chk_top;
|
|
#endif
|
|
char user[ADMIN_USER_MAXLEN + 1]; /*< username */
|
|
bool validated; /* Was user validated? */
|
|
#if defined(SS_DEBUG)
|
|
skygw_chk_t adminses_chk_tail;
|
|
#endif
|
|
} ADMIN_session;
|
|
|
|
extern const char *admin_enable_linux_account(const char *uname);
|
|
extern const char *admin_disable_linux_account(const char *uname);
|
|
extern bool admin_linux_account_enabled(const char *uname);
|
|
|
|
extern const char *admin_add_inet_user(const char *uname, const char *password);
|
|
extern const char *admin_remove_inet_user(const char *uname, const char *password);
|
|
extern bool admin_inet_user_exists(const char *uname);
|
|
|
|
extern bool admin_verify_inet_user(const char *uname, const char *password);
|
|
|
|
extern void dcb_PrintAdminUsers(DCB *dcb);
|
|
|
|
#endif
|