diff --git a/include/MySQL_LDAP_Authentication.hpp b/include/MySQL_LDAP_Authentication.hpp index 3d155a857..b4aea1dde 100644 --- a/include/MySQL_LDAP_Authentication.hpp +++ b/include/MySQL_LDAP_Authentication.hpp @@ -1,92 +1,31 @@ #ifndef CLASS_MYSQL_LDAP_AUTHENTICATION_H #define CLASS_MYSQL_LDAP_AUTHENTICATION_H -/* -#include "proxysql.h" -#include "cpp.h" - -#ifndef LDAP_ACCOUNT_DETAILS_T -#define LDAP_ACCOUNT_DETAILS_T -typedef struct _ldap_account_details_t { - char *username; - char *password; - void *sha1_pass; - bool use_ssl; - int default_hostgroup; - char *default_schema; - bool schema_locked; - bool transaction_persistent; -// bool fast_forward; -// int max_connections; -// int num_connections_used; -// bool __frontend; // this is used only during the dump -// bool __backend; // this is used only during the dump -// bool __active; - unsigned long long inserted_at; - char *ad_group; -} ldap_account_details_t; - -typedef std::map umap_auth; -#endif // LDAP_ACCOUNT_DETAILS_T - -#ifdef DEBUG -#define DEB "_DEBUG" -#else -#define DEB "" -#endif // DEBUG -#define MYSQL_LDAP_AUTHENTICATION_VERSION "1.0.0000" DEB - - -class PtrArray; - -#ifndef CREDS_GROUPS_T -#define CREDS_GROUPS_T -typedef struct _creds_group_t { - pthread_rwlock_t lock; - umap_auth bt_map; - PtrArray *cred_array; -} creds_group_t; -#endif // CREDS_GROUPS_T -*/ - - class MySQL_LDAP_Authentication { -/* - private: -// creds_group_t creds_backends; - creds_group_t creds_frontends; - bool _reset(enum cred_username_type usertype); -// uint64_t _get_runtime_checksum(enum cred_username_type usertype); -*/ - public: - MySQL_LDAP_Authentication() {}; - virtual ~MySQL_LDAP_Authentication() {}; - virtual bool add(char *username, char *backend_username, char *password, enum cred_username_type usertype, bool use_ssl, int default_hostgroup, char *default_schema, bool schema_locked, bool transaction_persistent, bool fast_forward, int max_connections) {return false;}; - virtual bool del(char *username, enum cred_username_type usertype, bool set_lock=true) {return false;}; - virtual bool reset() {return false;}; - virtual void print_version() {}; - virtual char * lookup(void *ldap_ctx, char *username, char *pass, enum cred_username_type usertype, bool *use_ssl, int *default_hostgroup, char **default_schema, bool *schema_locked, bool *transaction_persistent, bool *fast_forward, int *max_connections, void **sha1_pass, char **backend_username) {return NULL;}; - //virtual int dump_all_users(account_details_t ***, bool _complete=true) {return 0;}; - virtual int increase_frontend_user_connections(char *username, int *mc=NULL) {return 0;}; +public: + virtual char * lookup(char *username, char *pass, + enum cred_username_type usertype, bool *use_ssl, int *default_hostgroup, + char **default_schema, bool *schema_locked, bool *transaction_persistent, + bool *fast_forward, int *max_connections, void **sha1_pass, char **attributes, + char **backend_username) {return NULL;}; + + virtual int increase_frontend_user_connections(char *username, int *max_connections = NULL) { return 0; }; virtual void decrease_frontend_user_connections(char *username) {}; - virtual void set_all_inactive(enum cred_username_type usertype) {}; - virtual void remove_inactives(enum cred_username_type usertype) {}; - virtual bool set_SHA1(char *username, enum cred_username_type usertype, void *sha_pass) {return false;}; -// unsigned int memory_usage(); -// uint64_t get_runtime_checksum(); - virtual void * ldap_ctx_init() {return NULL;}; - virtual void ldap_ctx_free(void *) {}; - virtual char **get_variables_list() {return NULL;} - virtual bool has_variable(const char *name) {return false;}; + virtual void wrlock() {}; virtual void wrunlock() {}; + + virtual char **get_variables_list() {return NULL;} + virtual bool has_variable(const char *name) {return false;}; virtual char * get_variable(char *name) {return NULL;}; virtual bool set_variable(char *name, char *value) {return false;}; - virtual int password_matches(char *u, char *pass) {return 0;}; // 0 = not match , 1 = matches , 2 = not present + virtual void load_mysql_ldap_mapping(SQLite3_result *result) {}; virtual SQLite3_result * dump_table_mysql_ldap_mapping() { return NULL; }; virtual uint64_t get_ldap_mapping_runtime_checksum() { return 0; }; virtual SQLite3_result * SQL3_getStats() { return NULL; } + + virtual void print_version() {}; }; typedef MySQL_LDAP_Authentication * create_MySQL_LDAP_Authentication_t(); diff --git a/include/MySQL_Session.h b/include/MySQL_Session.h index 5ff381e6f..3c2ada851 100644 --- a/include/MySQL_Session.h +++ b/include/MySQL_Session.h @@ -249,7 +249,7 @@ class MySQL_Session Session_Regex **match_regexes; - void *ldap_ctx; + bool use_ldap_auth; // this variable is relevant only if status == SETTING_VARIABLE enum variable_name changing_variable_idx; diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index c795ca14b..054d1e6cd 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -1501,26 +1501,26 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned #ifdef DEBUG if (dump_pkt) { __dump_pkt(__func__,pkt,len); } #endif - bool ret=false; + bool ret = false; unsigned int charset; uint32_t capabilities = 0; uint32_t max_pkt; uint32_t pass_len; - unsigned char *user=NULL; - char *db=NULL; + unsigned char *user = NULL; + char *db = NULL; char *db_tmp = NULL; unsigned char *pass = NULL; MySQL_Connection *myconn = NULL; - char *password=NULL; - bool use_ssl=false; - bool _ret_use_ssl=false; + char *password = NULL; + bool use_ssl = false; + bool _ret_use_ssl = false; unsigned char *auth_plugin = NULL; int auth_plugin_id = 0; char reply[SHA_DIGEST_LENGTH+1]; reply[SHA_DIGEST_LENGTH]='\0'; int default_hostgroup=-1; - char *default_schema=NULL; + char *default_schema = NULL; char *attributes = NULL; bool schema_locked; bool transaction_persistent = true; @@ -1811,7 +1811,7 @@ __do_auth: (*myds)->sess->session_fast_forward=fast_forward; (*myds)->sess->user_max_connections=max_connections; } - if (password==NULL) { + if (password == NULL) { // this is a workaround for bug #603 if ( ((*myds)->sess->session_type == PROXYSQL_SESSION_ADMIN) @@ -1854,8 +1854,10 @@ __do_auth: } #endif // debug char *backend_username = NULL; - (*myds)->sess->ldap_ctx = GloMyLdapAuth->ldap_ctx_init(); - password = GloMyLdapAuth->lookup((*myds)->sess->ldap_ctx, (char *)user, (char *)pass, USERNAME_FRONTEND, &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, &transaction_persistent, &fast_forward, &max_connections, &sha1_pass, &backend_username); + (*myds)->sess->use_ldap_auth = true; + password = GloMyLdapAuth->lookup((char *) user, (char *) pass, USERNAME_FRONTEND, + &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, + &transaction_persistent, &fast_forward, &max_connections, &sha1_pass, &attributes, &backend_username); if (password) { #ifdef DEBUG char *tmp_pass=strdup(password); @@ -1868,7 +1870,7 @@ __do_auth: #endif // debug (*myds)->sess->default_hostgroup=default_hostgroup; (*myds)->sess->default_schema=default_schema; // just the pointer is passed - (*myds)->sess->user_attributes = attributes; // just the pointer is passed , but for now not available in LDAP + (*myds)->sess->user_attributes = attributes; // just the pointer is passed, LDAP returns empty string #ifdef DEBUG debug_spiffe_id(user,attributes, __LINE__, __func__); #endif @@ -1876,7 +1878,7 @@ __do_auth: (*myds)->sess->transaction_persistent=transaction_persistent; (*myds)->sess->session_fast_forward=fast_forward; (*myds)->sess->user_max_connections=max_connections; - if (strncmp(password,(char *)pass,strlen(password))==0) { + if (strcmp(password, (char *) pass) == 0) { if (backend_username) { free(password); password=NULL; @@ -1935,8 +1937,8 @@ __do_auth: ret=true; } } else { // mysql_clear_password - if (strncmp(password,(char *)pass,strlen(password))==0) { - ret=true; + if (strcmp(password, (char *) pass) == 0) { + ret = true; } } } else { diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp index 38384ad0d..7e040b7b0 100644 --- a/lib/MySQL_Session.cpp +++ b/lib/MySQL_Session.cpp @@ -504,7 +504,7 @@ MySQL_Session::MySQL_Session() { last_insert_id=0; // #1093 last_HG_affected_rows = -1; // #1421 : advanced support for LAST_INSERT_ID() - ldap_ctx = NULL; + use_ldap_auth = false; } void MySQL_Session::init() { @@ -588,6 +588,7 @@ MySQL_Session::~MySQL_Session() { } if (user_attributes) { free(user_attributes); + user_attributes = NULL; } proxy_debug(PROXY_DEBUG_NET,1,"Thread=%p, Session=%p -- Shutdown Session %p\n" , this->thread, this, this); delete command_counters; @@ -601,10 +602,6 @@ MySQL_Session::~MySQL_Session() { __sync_sub_and_fetch(&GloMTH->status_variables.mirror_sessions_current,1); GloMTH->status_variables.p_gauge_array[p_th_gauge::mirror_concurrency]->Decrement(); } - if (ldap_ctx) { - GloMyLdapAuth->ldap_ctx_free(ldap_ctx); - ldap_ctx = NULL; - } } @@ -2033,7 +2030,7 @@ bool MySQL_Session::handler_again___status_SETTING_LDAP_USER_VARIABLE(int *_rc) enum session_status st=status; if ( - (GloMyLdapAuth==NULL) || (ldap_ctx==NULL) + (GloMyLdapAuth==NULL) || (use_ldap_auth==false) || (client_myds==NULL || client_myds->myconn==NULL || client_myds->myconn->userinfo==NULL) ) { // nothing to do @@ -4375,7 +4372,7 @@ handler_again: if (handler_again___verify_init_connect()) { goto handler_again; } - if (ldap_ctx) { + if (use_ldap_auth) { if (handler_again___verify_ldap_user_variable()) { goto handler_again; } @@ -4897,10 +4894,10 @@ void MySQL_Session::handler___status_CONNECTING_CLIENT___STATE_SERVER_HANDSHAKE( //#endif // TEST_AURORA || TEST_GALERA || TEST_GROUPREP case PROXYSQL_SESSION_MYSQL: proxy_debug(PROXY_DEBUG_MYSQL_CONNECTION,8,"Session=%p , DS=%p , session_type=PROXYSQL_SESSION_MYSQL\n", this, client_myds); - if (ldap_ctx==NULL) { - free_users=GloMyAuth->increase_frontend_user_connections(client_myds->myconn->userinfo->username, &used_users); + if (use_ldap_auth == false) { + free_users = GloMyAuth->increase_frontend_user_connections(client_myds->myconn->userinfo->username, &used_users); } else { - free_users=GloMyLdapAuth->increase_frontend_user_connections(client_myds->myconn->userinfo->username, &used_users); + free_users = GloMyLdapAuth->increase_frontend_user_connections(client_myds->myconn->userinfo->fe_username, &used_users); } break; #ifdef PROXYSQLCLICKHOUSE @@ -6181,10 +6178,10 @@ void MySQL_Session::handler___status_WAITING_CLIENT_DATA___STATE_SLEEP___MYSQL_C reset(); init(); if (client_authenticated) { - if (ldap_ctx==NULL) { + if (use_ldap_auth == false) { GloMyAuth->decrease_frontend_user_connections(client_myds->myconn->userinfo->username); } else { - GloMyLdapAuth->decrease_frontend_user_connections(client_myds->myconn->userinfo->username); + GloMyLdapAuth->decrease_frontend_user_connections(client_myds->myconn->userinfo->fe_username); } } client_authenticated=false; @@ -6924,7 +6921,7 @@ bool MySQL_Session::handle_command_query_kill(PtrSize_t *pkt) { void MySQL_Session::add_ldap_comment_to_pkt(PtrSize_t *_pkt) { if (GloMyLdapAuth==NULL) return; - if (ldap_ctx==NULL) + if (use_ldap_auth == false) return; if (client_myds==NULL || client_myds->myconn==NULL || client_myds->myconn->userinfo==NULL) return;