aherman
/
proxysql
mirror of https://github.com/sysown/proxysql
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Second large commit to support LDAP

Browse Source 
Functions add() and lookup() in MySQL_LDAP_Authentication have support for backend_username.
Added mysql_ldap_mapping table.
Created Admin::init_ldap() to be called after LDAP initialization.
Added better LDAP caching.
LOAD LDAP MAPPING TO RUNTIME cleans part of the cache (association to backend user).
All queries will have a comment "proxysql-ldap-user=%s" to track original user
pull/1847/head
René Cannaò 8 years ago
parent d96108123d
commit 47bf5faff7
10 changed files with 229 additions and 21 deletions
Show Stats Download Patch File Download Diff File

1
deps/Makefile vendored
Unescape View File

@ -85,6 +85,7 @@ jemalloc/jemalloc/lib/libjemalloc.a:
cd jemalloc && tar -jxf jemalloc-4.3.1.tar.bz2
cd jemalloc/jemalloc && patch src/jemalloc.c < ../issue823.patch
cd jemalloc/jemalloc && ./configure ${MYJEOPT}
# cd jemalloc/jemalloc && sed -i -e 's/-O3 /-O3 -fPIC /' Makefile
cd jemalloc/jemalloc && CC=${CC} CXX=${CXX} ${MAKE}
jemalloc: jemalloc/jemalloc/lib/libjemalloc.a

8
include/MySQL_LDAP_Authentication.hpp
Unescape View File

@ -61,11 +61,11 @@ class MySQL_LDAP_Authentication {
public:
MySQL_LDAP_Authentication() {};
virtual ~MySQL_LDAP_Authentication() {};
virtual bool add(char *username, char *password, enum cred_username_type usertype, bool use_ssl, int default_hostgroup, char *default_schema, bool schema_locked, bool transaction_persistent, bool fast_forward, int max_connections) {return false;};
virtual bool add(char *username, char *backend_username, char *password, enum cred_username_type usertype, bool use_ssl, int default_hostgroup, char *default_schema, bool schema_locked, bool transaction_persistent, bool fast_forward, int max_connections) {return false;};
virtual bool del(char *username, enum cred_username_type usertype, bool set_lock=true) {return false;};
virtual bool reset() {return false;};
virtual void print_version() {};
virtual char * lookup(void *ldap_ctx, char *username, char *pass, enum cred_username_type usertype, bool *use_ssl, int *default_hostgroup, char **default_schema, bool *schema_locked, bool *transaction_persistent, bool *fast_forward, int *max_connections, void **sha1_pass) {return NULL;};
virtual char * lookup(void *ldap_ctx, char *username, char *pass, enum cred_username_type usertype, bool *use_ssl, int *default_hostgroup, char **default_schema, bool *schema_locked, bool *transaction_persistent, bool *fast_forward, int *max_connections, void **sha1_pass, char **backend_username) {return NULL;};
//virtual int dump_all_users(account_details_t ***, bool _complete=true) {return 0;};
virtual int increase_frontend_user_connections(char *username, int *mc=NULL) {return 0;};
virtual void decrease_frontend_user_connections(char *username) {};
@ -83,6 +83,10 @@ class MySQL_LDAP_Authentication {
virtual char * get_variable(char *name) {return NULL;};
virtual bool set_variable(char *name, char *value) {return false;};
virtual int password_matches(char *u, char *pass) {return 0;}; // 0 = not match , 1 = matches , 2 = not present
virtual void load_mysql_ldap_mapping(SQLite3_result *result) {};
virtual SQLite3_result * dump_table_mysql_ldap_mapping() { return NULL; };
virtual uint64_t get_ldap_mapping_runtime_checksum() { return 0; };
virtual SQLite3_result * SQL3_getStats() { return NULL; }
};
typedef MySQL_LDAP_Authentication * create_MySQL_LDAP_Authentication_t();

1
include/MySQL_Session.h
Unescape View File

@ -113,6 +113,7 @@ class MySQL_Session
bool handler_again___status_CHANGING_AUTOCOMMIT(int *);
void init();
void reset();
void add_ldap_comment_to_pkt(PtrSize_t *);
//this pointer is always initialized inside handler().
// it is an attempt to start simplifying the complexing of handler()

1
include/mysql_connection.h
Unescape View File

@ -24,6 +24,7 @@ class MySQL_Connection_userinfo {
char *password;
char *schemaname;
char *sha1_pass;
char *fe_username;
MySQL_Connection_userinfo();
~MySQL_Connection_userinfo();
void set(char *, char *, char *, char *);

3
include/proxysql_admin.h
Unescape View File

@ -133,6 +133,7 @@ class ProxySQL_Admin {
void __delete_inactive_users(enum cred_username_type usertype);
void add_admin_users();
void __refresh_users();
void __add_active_users_ldap();
void flush_mysql_variables___runtime_to_database(SQLite3DB *db, bool replace, bool del, bool onlyifempty, bool runtime=false);
void flush_mysql_variables___database_to_runtime(SQLite3DB *db, bool replace);
@ -194,6 +195,7 @@ class ProxySQL_Admin {
int pipefd[2];
void print_version();
bool init();
void init_ldap();
bool get_read_only() { return variables.admin_read_only; }
bool set_read_only(bool ro) { variables.admin_read_only=ro; return variables.admin_read_only; }
bool has_variable(const char *name);
@ -283,6 +285,7 @@ class ProxySQL_Admin {
void init_ldap_variables();
void load_ldap_variables_to_runtime() { flush_ldap_variables___database_to_runtime(admindb, true); }
void save_ldap_variables_from_runtime() { flush_ldap_variables___runtime_to_database(admindb, true, true, false); }
void save_mysql_ldap_mapping_runtime_to_database(bool);
// SQLite Server
void init_sqliteserver_variables();

39
lib/MySQL_Protocol.cpp
Unescape View File

@ -1455,8 +1455,8 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned
int default_hostgroup=-1;
char *default_schema=NULL;
bool schema_locked;
bool transaction_persistent;
bool fast_forward;
bool transaction_persistent = true;
bool fast_forward = false;
int max_connections;
enum proxysql_session_type session_type = (*myds)->sess->session_type;
if (session_type == PROXYSQL_SESSION_CLICKHOUSE) {
@ -1502,8 +1502,9 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned
// try LDAP
if (auth_plugin_id==2) {
if (GloMyLdapAuth) {
char *backend_username = NULL;
(*myds)->sess->ldap_ctx = GloMyLdapAuth->ldap_ctx_init();
password = GloMyLdapAuth->lookup((*myds)->sess->ldap_ctx, (char *)user, (char *)pass, USERNAME_FRONTEND, &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, &transaction_persistent, &fast_forward, &max_connections, &sha1_pass);
password = GloMyLdapAuth->lookup((*myds)->sess->ldap_ctx, (char *)user, (char *)pass, USERNAME_FRONTEND, &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, &transaction_persistent, &fast_forward, &max_connections, &sha1_pass, &backend_username);
if (password) {
(*myds)->sess->default_hostgroup=default_hostgroup;
(*myds)->sess->default_schema=default_schema; // just the pointer is passed
@ -1512,7 +1513,30 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned
(*myds)->sess->session_fast_forward=fast_forward;
(*myds)->sess->user_max_connections=max_connections;
if (strncmp(password,(char *)pass,strlen(password))==0) {
ret=true;
if (backend_username) {
free(password);
password=NULL;
password=GloMyAuth->lookup(backend_username, USERNAME_BACKEND, &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, &transaction_persistent, &fast_forward, &max_connections, &sha1_pass);
if (password) {
(*myds)->sess->default_hostgroup=default_hostgroup;
(*myds)->sess->default_schema=default_schema; // just the pointer is passed
(*myds)->sess->schema_locked=schema_locked;
(*myds)->sess->transaction_persistent=transaction_persistent;
(*myds)->sess->session_fast_forward=fast_forward;
(*myds)->sess->user_max_connections=max_connections;
userinfo->set(backend_username, NULL, NULL, NULL);
if (sha1_pass==NULL) {
// currently proxysql doesn't know any sha1_pass for that specific user, let's set it!
GloMyAuth->set_SHA1((char *)userinfo->username, USERNAME_FRONTEND,reply);
}
if (userinfo->sha1_pass) free(userinfo->sha1_pass);
userinfo->sha1_pass=sha1_pass_hex(reply);
userinfo->fe_username=strdup((const char *)user);
ret=true;
}
} else {
ret=true;
}
}
}
}
@ -1625,14 +1649,17 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned
(*myds)->myconn->options.max_allowed_pkt=max_pkt;
(*myds)->DSS=STATE_CLIENT_HANDSHAKE;
userinfo->username=strdup((const char *)user);
if (!userinfo->username) // if set already, ignore
userinfo->username=strdup((const char *)user);
userinfo->password=strdup((const char *)password);
if (db) userinfo->set_schemaname(db,strlen(db));
} else {
// we always duplicate username and password, or crashes happen
userinfo->username=strdup((const char *)user);
if (!userinfo->username) // if set already, ignore
userinfo->username=strdup((const char *)user);
if (pass_len) userinfo->password=strdup((const char *)"");
}
userinfo->set(NULL,NULL,NULL,NULL); // just to call compute_hash()
__exit_process_pkt_handshake_response:
if (password) {

31
lib/MySQL_Session.cpp
Unescape View File

@ -2262,6 +2262,11 @@ __get_pkts_from_client:
proxy_debug(PROXY_DEBUG_MYSQL_COM, 5, "Received query to be processed with MariaDB Client library\n");
mybe->server_myds->killed_at=0;
if (GloMyLdapAuth) {
if (session_type==PROXYSQL_SESSION_MYSQL) {
add_ldap_comment_to_pkt(&pkt);
}
}
mybe->server_myds->mysql_real_query.init(&pkt);
client_myds->setDSS_STATE_QUERY_SENT_NET();
} else {
@ -4722,3 +4727,29 @@ void MySQL_Session::create_new_session_and_reset_connection(MySQL_Data_Stream *_
delete new_sess;
}
}
void MySQL_Session::add_ldap_comment_to_pkt(PtrSize_t *_pkt) {
if (GloMyLdapAuth==NULL)
return;
if (ldap_ctx==NULL)
return;
if (client_myds==NULL || client_myds->myconn==NULL || client_myds->myconn->userinfo==NULL)
return;
if (client_myds->myconn->userinfo->fe_username==NULL)
return;
char *fe=client_myds->myconn->userinfo->fe_username;
char *a = (char *)"/* proxysql-ldap-user=%s */ ";
char *b = (char *)malloc(strlen(a)+strlen(fe));
sprintf(b,a,fe);
PtrSize_t _new_pkt;
_new_pkt.ptr = malloc(strlen(b) + _pkt->size);
memcpy(_new_pkt.ptr , _pkt->ptr, 5);
unsigned char *_c=(unsigned char *)_new_pkt.ptr;
_c+=5;
memcpy(_c,b,strlen(b));
_c+=strlen(b);
memcpy(_c, (char *)_pkt->ptr+5, _pkt->size-5);
l_free(_pkt->size,_pkt->ptr);
_pkt->size = _pkt->size + strlen(b);
_pkt->ptr = _new_pkt.ptr;
}

154
lib/ProxySQL_Admin.cpp
Unescape View File

@ -208,10 +208,10 @@ static int http_handler(void *cls, struct MHD_Connection *connection, const char
#define ADMIN_SQLITE_RUNTIME_MYSQL_USERS "CREATE TABLE runtime_mysql_users (username VARCHAR NOT NULL , password VARCHAR , active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1 , use_ssl INT CHECK (use_ssl IN (0,1)) NOT NULL DEFAULT 0 , default_hostgroup INT NOT NULL DEFAULT 0 , default_schema VARCHAR , schema_locked INT CHECK (schema_locked IN (0,1)) NOT NULL DEFAULT 0 , transaction_persistent INT CHECK (transaction_persistent IN (0,1)) NOT NULL DEFAULT 1 , fast_forward INT CHECK (fast_forward IN (0,1)) NOT NULL DEFAULT 0 , backend INT CHECK (backend IN (0,1)) NOT NULL DEFAULT 1 , frontend INT CHECK (frontend IN (0,1)) NOT NULL DEFAULT 1 , max_connections INT CHECK (max_connections >=0) NOT NULL DEFAULT 10000 , comment VARCHAR NOT NULL DEFAULT '' , PRIMARY KEY (username, backend) , UNIQUE (username, frontend))"
#define ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING_V2_0_0 "CREATE TABLE mysql_ldap_mapping (priority INTEGER PRIMARY KEY NOT NULL , frontend_entity VARCHAR NOT NULL , backend_entity VARCHAR NOT NULL , comment VARCHAR , UNIQUE (frontend_entity))"
#define ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING_V2_0_0 "CREATE TABLE mysql_ldap_mapping (priority INTEGER CHECK (priority >= 1 AND priority <= 1000000) PRIMARY KEY , frontend_entity VARCHAR NOT NULL , backend_entity VARCHAR NOT NULL , comment VARCHAR NOT NULL DEFAULT '' , UNIQUE (frontend_entity))"
#define ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING_V2_0_0
#define ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_LDAP_MAPPING "CREATE TABLE runtime_mysql_ldap_mapping (priority INTEGER PRIMARY KEY NOT NULL , frontend_entity VARCHAR NOT NULL , backend_entity VARCHAR NOT NULL , comment VARCHAR , UNIQUE (frontend_entity))"
#define ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_LDAP_MAPPING "CREATE TABLE runtime_mysql_ldap_mapping (priority INTEGER PRIMARY KEY NOT NULL , frontend_entity VARCHAR NOT NULL , backend_entity VARCHAR NOT NULL , comment VARCHAR NOT NULL DEFAULT '' , UNIQUE (frontend_entity))"
#define ADMIN_SQLITE_RUNTIME_CHECKSUMS_VALUES "CREATE TABLE runtime_checksums_values (name VARCHAR NOT NULL , version INT NOT NULL , epoch INT NOT NULL , checksum VARCHAR NOT NULL , PRIMARY KEY (name))"
@ -2006,6 +2006,7 @@ void ProxySQL_Admin::GenericRefreshStatistics(const char *query_no_space, unsign
bool runtime_scheduler=false;
bool runtime_mysql_users=false;
bool runtime_mysql_ldap_mapping=false;
bool runtime_mysql_servers=false;
bool runtime_mysql_query_rules=false;
bool runtime_mysql_query_rules_fast_routing=false;
@ -2089,6 +2090,11 @@ void ProxySQL_Admin::GenericRefreshStatistics(const char *query_no_space, unsign
if (strstr(query_no_space,"runtime_mysql_users")) {
runtime_mysql_users=true; refresh=true;
}
if (GloMyLdapAuth) {
if (strstr(query_no_space,"runtime_mysql_ldap_mapping")) {
runtime_mysql_ldap_mapping=true; refresh=true;
}
}
if (strstr(query_no_space,"runtime_mysql_query_rules")) {
runtime_mysql_query_rules=true; refresh=true;
}
@ -2194,6 +2200,9 @@ void ProxySQL_Admin::GenericRefreshStatistics(const char *query_no_space, unsign
if (runtime_mysql_users) {
save_mysql_users_runtime_to_database(true);
}
if (runtime_mysql_ldap_mapping) {
save_mysql_ldap_mapping_runtime_to_database(true);
}
if (runtime_mysql_query_rules) {
save_mysql_query_rules_from_runtime(true);
}
@ -3619,6 +3628,18 @@ void ProxySQL_Admin::print_version() {
fprintf(stderr,"Standard ProxySQL Admin rev. %s -- %s -- %s\n", PROXYSQL_ADMIN_VERSION, __FILE__, __TIMESTAMP__);
};
void ProxySQL_Admin::init_ldap() {
if (GloMyLdapAuth) {
insert_into_tables_defs(tables_defs_admin,"mysql_ldap_mapping", ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING);
insert_into_tables_defs(tables_defs_admin,"runtime_mysql_ldap_mapping", ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_LDAP_MAPPING);
insert_into_tables_defs(tables_defs_config,"mysql_ldap_mapping", ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING);
if (variables.hash_passwords==true) {
proxy_info("Impossible to set admin-hash_passwords=true when LDAP is enabled. Reverting to false\n");
variables.hash_passwords=false;
}
}
}
bool ProxySQL_Admin::init() {
cpu_timer cpt;
@ -3714,10 +3735,6 @@ bool ProxySQL_Admin::init() {
}
#endif /* PROXYSQLCLICKHOUSE */
if (GloMyLdapAuth) {
insert_into_tables_defs(tables_defs_admin,"mysql_ldap_mapping", ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING);
}
insert_into_tables_defs(tables_defs_config,"mysql_servers", ADMIN_SQLITE_TABLE_MYSQL_SERVERS);
insert_into_tables_defs(tables_defs_config,"mysql_users", ADMIN_SQLITE_TABLE_MYSQL_USERS);
insert_into_tables_defs(tables_defs_config,"mysql_replication_hostgroups", ADMIN_SQLITE_TABLE_MYSQL_REPLICATION_HOSTGROUPS);
@ -3739,10 +3756,6 @@ bool ProxySQL_Admin::init() {
}
#endif /* PROXYSQLCLICKHOUSE */
if (GloMyLdapAuth) {
insert_into_tables_defs(tables_defs_config,"mysql_ldap_mapping", ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING);
}
insert_into_tables_defs(tables_defs_stats,"stats_mysql_query_rules", STATS_SQLITE_TABLE_MYSQL_QUERY_RULES);
insert_into_tables_defs(tables_defs_stats,"stats_mysql_commands_counters", STATS_SQLITE_TABLE_MYSQL_COMMANDS_COUNTERS);
insert_into_tables_defs(tables_defs_stats,"stats_mysql_processlist", STATS_SQLITE_TABLE_MYSQL_PROCESSLIST);
@ -3852,7 +3865,6 @@ bool ProxySQL_Admin::init() {
flush_clickhouse_variables___database_to_runtime(admindb,true);
#endif /* PROXYSQLCLICKHOUSE */
flush_sqliteserver_variables___database_to_runtime(admindb,true);
flush_ldap_variables___database_to_runtime(admindb,true);
if (GloVars.__cmd_proxysql_admin_socket) {
set_variable((char *)"mysql_ifaces",GloVars.__cmd_proxysql_admin_socket);
@ -3902,6 +3914,8 @@ void ProxySQL_Admin::init_ldap_variables() {
flush_ldap_variables___runtime_to_database(configdb, false, false, false);
flush_ldap_variables___runtime_to_database(admindb, false, true, false);
flush_ldap_variables___database_to_runtime(admindb,true);
check_and_build_standard_tables(admindb, tables_defs_admin);
check_and_build_standard_tables(configdb, tables_defs_config);
}
void ProxySQL_Admin::admin_shutdown() {
@ -5148,6 +5162,10 @@ bool ProxySQL_Admin::set_variable(char *name, char *value) { // this is the pub
if (!strcasecmp(name,"hash_passwords")) {
if (strcasecmp(value,"true")==0 || strcasecmp(value,"1")==0) {
variables.hash_passwords=true;
if (GloMyLdapAuth) {
proxy_info("Impossible to set admin-hash_passwords=true when LDAP is enabled. Reverting to false\n");
variables.hash_passwords=false;
}
return true;
}
if (strcasecmp(value,"false")==0 || strcasecmp(value,"0")==0) {
@ -5538,6 +5556,25 @@ void ProxySQL_Admin::stats___mysql_global() {
resultset=NULL;
}
if (GloMyLdapAuth) {
resultset=GloMyLdapAuth->SQL3_getStats();
if (resultset) {
for (std::vector<SQLite3_row *>::iterator it = resultset->rows.begin() ; it != resultset->rows.end(); ++it) {
SQLite3_row *r=*it;
int arg_len=0;
for (int i=0; i<2; i++) {
arg_len+=strlen(r->fields[i]);
}
char *query=(char *)malloc(strlen(a)+arg_len+32);
sprintf(query,a,r->fields[0],r->fields[1]);
statsdb->execute(query);
free(query);
}
delete resultset;
resultset=NULL;
}
}
statsdb->execute("COMMIT");
}
@ -6309,7 +6346,7 @@ void ProxySQL_Admin::flush_mysql_users__from_memory_to_disk() {
admindb->execute("INSERT INTO disk.mysql_users SELECT * FROM main.mysql_users");
if (GloMyLdapAuth) {
admindb->execute("DELETE FROM disk.mysql_ldap_mapping");
admindb->execute("INSERT INTO dick.mysql_ldap_mapping SELECT * FROM main.mysql_ldap_mapping");
admindb->execute("INSERT INTO disk.mysql_ldap_mapping SELECT * FROM main.mysql_ldap_mapping");
}
admindb->execute("PRAGMA foreign_keys = ON");
admindb->wrunlock();
@ -6470,6 +6507,9 @@ void ProxySQL_Admin::__refresh_users() {
__add_active_users(USERNAME_BACKEND);
__add_active_users(USERNAME_FRONTEND);
// }
if (GloMyLdapAuth) {
__add_active_users_ldap();
}
GloMyAuth->remove_inactives(USERNAME_BACKEND);
GloMyAuth->remove_inactives(USERNAME_FRONTEND);
uint64_t hash1 = 0;
@ -6479,6 +6519,9 @@ void ProxySQL_Admin::__refresh_users() {
if (calculate_checksum) {
hash1 = GloMyAuth->get_runtime_checksum();
//uint64_t hash1 = hashB + hashF; // overflow allowed
if (GloMyLdapAuth) {
hash1 += GloMyLdapAuth->get_ldap_mapping_runtime_checksum();
}
uint32_t d32[2];
char buf[20];
memcpy(&d32, &hash1, sizeof(hash1));
@ -6569,6 +6612,27 @@ void ProxySQL_Admin::__delete_inactive_clickhouse_users() {
}
#endif /* PROXYSQLCLICKHOUSE */
void ProxySQL_Admin::__add_active_users_ldap() {
if (GloMyLdapAuth==NULL)
return;
char *error=NULL;
int cols=0;
int affected_rows=0;
SQLite3_result *resultset=NULL;
char *query=(char *)"SELECT priority, frontend_entity, backend_entity, comment FROM mysql_ldap_mapping ORDER BY priority";
proxy_debug(PROXY_DEBUG_ADMIN, 4, "%s\n", query);
admindb->execute_statement(query, &error , &cols , &affected_rows , &resultset);
if (error) {
proxy_error("Error on %s : %s\n", query, error);
} else {
GloMyLdapAuth->load_mysql_ldap_mapping(resultset);
}
if (resultset) delete resultset;
resultset=NULL;
}
#define ADDUSER_STMT_RAW
void ProxySQL_Admin::__add_active_users(enum cred_username_type usertype, char *__user, uint64_t *hash1) {
char *error=NULL;
@ -6974,6 +7038,72 @@ void ProxySQL_Admin::save_mysql_users_runtime_to_database(bool _runtime) {
free(ads);
}
void ProxySQL_Admin::save_mysql_ldap_mapping_runtime_to_database(bool _runtime) {
if (GloMyLdapAuth==NULL) {
return;
}
char *query=NULL;
SQLite3_result *resultset=NULL;
if (_runtime) {
query=(char *)"DELETE FROM main.runtime_mysql_ldap_mapping";
} else {
query=(char *)"DELETE FROM main.mysql_ldap_mapping";
}
proxy_debug(PROXY_DEBUG_ADMIN, 4, "%s\n", query);
admindb->execute(query);
resultset=GloMyLdapAuth->dump_table_mysql_ldap_mapping();
if (resultset) {
int rc;
sqlite3_stmt *statement1=NULL;
sqlite3_stmt *statement8=NULL;
sqlite3 *mydb3=admindb->get_db();
char *query1=NULL;
char *query8=NULL;
if (_runtime) {
query1=(char *)"INSERT INTO runtime_mysql_ldap_mapping VALUES (?1, ?2, ?3, ?4)";
query8=(char *)"INSERT INTO runtime_mysql_ldap_mapping VALUES (?1, ?2, ?3, ?4), (?5, ?6, ?7, ?8), (?9, ?10, ?11, ?12), (?13, ?14, ?15, ?16), (?17, ?18, ?19, ?20), (?21, ?22, ?23, ?24), (?25, ?26, ?27, ?28), (?29, ?30, ?31, ?32)";
} else {
query1=(char *)"INSERT INTO mysql_ldap_mapping VALUES (?1, ?2, ?3, ?4)";
query8=(char *)"INSERT INTO mysql_ldap_mapping VALUES (?1, ?2, ?3, ?4), (?5, ?6, ?7, ?8), (?9, ?10, ?11, ?12), (?13, ?14, ?15, ?16), (?17, ?18, ?19, ?20), (?21, ?22, ?23, ?24), (?25, ?26, ?27, ?28), (?29, ?30, ?31, ?32)";
}
rc=sqlite3_prepare_v2(mydb3, query1, -1, &statement1, 0);
assert(rc==SQLITE_OK);
rc=sqlite3_prepare_v2(mydb3, query8, -1, &statement8, 0);
assert(rc==SQLITE_OK);
int row_idx=0;
int max_bulk_row_idx=resultset->rows_count/8;
max_bulk_row_idx=max_bulk_row_idx*8;
for (std::vector<SQLite3_row *>::iterator it = resultset->rows.begin() ; it != resultset->rows.end(); ++it) {
SQLite3_row *r1=*it;
int idx=row_idx%8;
if (row_idx<max_bulk_row_idx) { // bulk
rc=sqlite3_bind_int64(statement8, (idx*7)+1, atoi(r1->fields[0])); assert(rc==SQLITE_OK);
rc=sqlite3_bind_text(statement8, (idx*7)+2, r1->fields[1], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK);
rc=sqlite3_bind_text(statement8, (idx*7)+3, r1->fields[2], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK);
rc=sqlite3_bind_text(statement8, (idx*7)+4, r1->fields[3], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK);
if (idx==7) {
SAFE_SQLITE3_STEP2(statement8);
rc=sqlite3_clear_bindings(statement8); assert(rc==SQLITE_OK);
rc=sqlite3_reset(statement8); assert(rc==SQLITE_OK);
}
} else { // single row
rc=sqlite3_bind_int64(statement1, 1, atoi(r1->fields[0])); assert(rc==SQLITE_OK);
rc=sqlite3_bind_text(statement1, 2, r1->fields[1], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK);
rc=sqlite3_bind_text(statement1, 3, r1->fields[2], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK);
rc=sqlite3_bind_text(statement1, 4, r1->fields[3], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK);
SAFE_SQLITE3_STEP2(statement1);
rc=sqlite3_clear_bindings(statement1); assert(rc==SQLITE_OK);
rc=sqlite3_reset(statement1); assert(rc==SQLITE_OK);
}
row_idx++;
}
sqlite3_finalize(statement1);
sqlite3_finalize(statement8);
}
if(resultset) delete resultset;
resultset=NULL;
}
#ifdef PROXYSQLCLICKHOUSE
void ProxySQL_Admin::save_clickhouse_users_runtime_to_database(bool _runtime) {
char *query=NULL;

2
lib/mysql_connection.cpp
Unescape View File

@ -39,11 +39,13 @@ MySQL_Connection_userinfo::MySQL_Connection_userinfo() {
password=NULL;
sha1_pass=NULL;
schemaname=NULL;
fe_username=NULL;
hash=0;
}
MySQL_Connection_userinfo::~MySQL_Connection_userinfo() {
if (username) free(username);
if (fe_username) free(fe_username);
if (password) free(password);
if (sha1_pass) free(sha1_pass);
if (schemaname) free(schemaname);

10
src/main.cpp
Unescape View File

@ -459,7 +459,10 @@ int ssl_mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days) {
}
void ProxySQL_Main_init_SSL_module() {
SSL_library_init();
int rc = SSL_library_init();
if (rc==0) {
proxy_error("%s\n", SSL_alert_desc_string_long(rc));
}
init_locks();
SSL_METHOD *ssl_method;
OpenSSL_add_all_algorithms();
@ -700,6 +703,7 @@ void ProxySQL_Main_process_global_variables(int argc, const char **argv) {
if (rc==true) {
GloVars.errorlog = strdup(errorlog_path.c_str());
}
}
if (root.exists("ldap_auth_plugin")==true) {
string ldap_auth_plugin;
bool rc;
@ -1075,6 +1079,10 @@ static void LoadPlugins() {
exit(EXIT_FAILURE);
} else {
GloMyLdapAuth = create_MySQL_LDAP_Authentication();
if (GloMyLdapAuth) {
GloAdmin->init_ldap();
GloAdmin->load_ldap_variables_to_runtime();
}
}
}
}

Write Preview
Loading…
Cancel
Save