diff --git a/deps/Makefile b/deps/Makefile index a474a35eb..27292c6dd 100644 --- a/deps/Makefile +++ b/deps/Makefile @@ -85,6 +85,7 @@ jemalloc/jemalloc/lib/libjemalloc.a: cd jemalloc && tar -jxf jemalloc-4.3.1.tar.bz2 cd jemalloc/jemalloc && patch src/jemalloc.c < ../issue823.patch cd jemalloc/jemalloc && ./configure ${MYJEOPT} +# cd jemalloc/jemalloc && sed -i -e 's/-O3 /-O3 -fPIC /' Makefile cd jemalloc/jemalloc && CC=${CC} CXX=${CXX} ${MAKE} jemalloc: jemalloc/jemalloc/lib/libjemalloc.a diff --git a/include/MySQL_LDAP_Authentication.hpp b/include/MySQL_LDAP_Authentication.hpp index cfc028a3e..3d155a857 100644 --- a/include/MySQL_LDAP_Authentication.hpp +++ b/include/MySQL_LDAP_Authentication.hpp @@ -61,11 +61,11 @@ class MySQL_LDAP_Authentication { public: MySQL_LDAP_Authentication() {}; virtual ~MySQL_LDAP_Authentication() {}; - virtual bool add(char *username, char *password, enum cred_username_type usertype, bool use_ssl, int default_hostgroup, char *default_schema, bool schema_locked, bool transaction_persistent, bool fast_forward, int max_connections) {return false;}; + virtual bool add(char *username, char *backend_username, char *password, enum cred_username_type usertype, bool use_ssl, int default_hostgroup, char *default_schema, bool schema_locked, bool transaction_persistent, bool fast_forward, int max_connections) {return false;}; virtual bool del(char *username, enum cred_username_type usertype, bool set_lock=true) {return false;}; virtual bool reset() {return false;}; virtual void print_version() {}; - virtual char * lookup(void *ldap_ctx, char *username, char *pass, enum cred_username_type usertype, bool *use_ssl, int *default_hostgroup, char **default_schema, bool *schema_locked, bool *transaction_persistent, bool *fast_forward, int *max_connections, void **sha1_pass) {return NULL;}; + virtual char * lookup(void *ldap_ctx, char *username, char *pass, enum cred_username_type usertype, bool *use_ssl, int *default_hostgroup, char **default_schema, bool *schema_locked, bool *transaction_persistent, bool *fast_forward, int *max_connections, void **sha1_pass, char **backend_username) {return NULL;}; //virtual int dump_all_users(account_details_t ***, bool _complete=true) {return 0;}; virtual int increase_frontend_user_connections(char *username, int *mc=NULL) {return 0;}; virtual void decrease_frontend_user_connections(char *username) {}; @@ -83,6 +83,10 @@ class MySQL_LDAP_Authentication { virtual char * get_variable(char *name) {return NULL;}; virtual bool set_variable(char *name, char *value) {return false;}; virtual int password_matches(char *u, char *pass) {return 0;}; // 0 = not match , 1 = matches , 2 = not present + virtual void load_mysql_ldap_mapping(SQLite3_result *result) {}; + virtual SQLite3_result * dump_table_mysql_ldap_mapping() { return NULL; }; + virtual uint64_t get_ldap_mapping_runtime_checksum() { return 0; }; + virtual SQLite3_result * SQL3_getStats() { return NULL; } }; typedef MySQL_LDAP_Authentication * create_MySQL_LDAP_Authentication_t(); diff --git a/include/MySQL_Session.h b/include/MySQL_Session.h index 78f41c9a6..485e31de4 100644 --- a/include/MySQL_Session.h +++ b/include/MySQL_Session.h @@ -113,6 +113,7 @@ class MySQL_Session bool handler_again___status_CHANGING_AUTOCOMMIT(int *); void init(); void reset(); + void add_ldap_comment_to_pkt(PtrSize_t *); //this pointer is always initialized inside handler(). // it is an attempt to start simplifying the complexing of handler() diff --git a/include/mysql_connection.h b/include/mysql_connection.h index f8397fb53..a0b9c4bd9 100644 --- a/include/mysql_connection.h +++ b/include/mysql_connection.h @@ -24,6 +24,7 @@ class MySQL_Connection_userinfo { char *password; char *schemaname; char *sha1_pass; + char *fe_username; MySQL_Connection_userinfo(); ~MySQL_Connection_userinfo(); void set(char *, char *, char *, char *); diff --git a/include/proxysql_admin.h b/include/proxysql_admin.h index 24c6d876c..501fed15c 100644 --- a/include/proxysql_admin.h +++ b/include/proxysql_admin.h @@ -133,6 +133,7 @@ class ProxySQL_Admin { void __delete_inactive_users(enum cred_username_type usertype); void add_admin_users(); void __refresh_users(); + void __add_active_users_ldap(); void flush_mysql_variables___runtime_to_database(SQLite3DB *db, bool replace, bool del, bool onlyifempty, bool runtime=false); void flush_mysql_variables___database_to_runtime(SQLite3DB *db, bool replace); @@ -194,6 +195,7 @@ class ProxySQL_Admin { int pipefd[2]; void print_version(); bool init(); + void init_ldap(); bool get_read_only() { return variables.admin_read_only; } bool set_read_only(bool ro) { variables.admin_read_only=ro; return variables.admin_read_only; } bool has_variable(const char *name); @@ -283,6 +285,7 @@ class ProxySQL_Admin { void init_ldap_variables(); void load_ldap_variables_to_runtime() { flush_ldap_variables___database_to_runtime(admindb, true); } void save_ldap_variables_from_runtime() { flush_ldap_variables___runtime_to_database(admindb, true, true, false); } + void save_mysql_ldap_mapping_runtime_to_database(bool); // SQLite Server void init_sqliteserver_variables(); diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index c85167469..9dc639a12 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -1455,8 +1455,8 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned int default_hostgroup=-1; char *default_schema=NULL; bool schema_locked; - bool transaction_persistent; - bool fast_forward; + bool transaction_persistent = true; + bool fast_forward = false; int max_connections; enum proxysql_session_type session_type = (*myds)->sess->session_type; if (session_type == PROXYSQL_SESSION_CLICKHOUSE) { @@ -1502,8 +1502,9 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned // try LDAP if (auth_plugin_id==2) { if (GloMyLdapAuth) { + char *backend_username = NULL; (*myds)->sess->ldap_ctx = GloMyLdapAuth->ldap_ctx_init(); - password = GloMyLdapAuth->lookup((*myds)->sess->ldap_ctx, (char *)user, (char *)pass, USERNAME_FRONTEND, &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, &transaction_persistent, &fast_forward, &max_connections, &sha1_pass); + password = GloMyLdapAuth->lookup((*myds)->sess->ldap_ctx, (char *)user, (char *)pass, USERNAME_FRONTEND, &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, &transaction_persistent, &fast_forward, &max_connections, &sha1_pass, &backend_username); if (password) { (*myds)->sess->default_hostgroup=default_hostgroup; (*myds)->sess->default_schema=default_schema; // just the pointer is passed @@ -1512,7 +1513,30 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned (*myds)->sess->session_fast_forward=fast_forward; (*myds)->sess->user_max_connections=max_connections; if (strncmp(password,(char *)pass,strlen(password))==0) { - ret=true; + if (backend_username) { + free(password); + password=NULL; + password=GloMyAuth->lookup(backend_username, USERNAME_BACKEND, &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, &transaction_persistent, &fast_forward, &max_connections, &sha1_pass); + if (password) { + (*myds)->sess->default_hostgroup=default_hostgroup; + (*myds)->sess->default_schema=default_schema; // just the pointer is passed + (*myds)->sess->schema_locked=schema_locked; + (*myds)->sess->transaction_persistent=transaction_persistent; + (*myds)->sess->session_fast_forward=fast_forward; + (*myds)->sess->user_max_connections=max_connections; + userinfo->set(backend_username, NULL, NULL, NULL); + if (sha1_pass==NULL) { + // currently proxysql doesn't know any sha1_pass for that specific user, let's set it! + GloMyAuth->set_SHA1((char *)userinfo->username, USERNAME_FRONTEND,reply); + } + if (userinfo->sha1_pass) free(userinfo->sha1_pass); + userinfo->sha1_pass=sha1_pass_hex(reply); + userinfo->fe_username=strdup((const char *)user); + ret=true; + } + } else { + ret=true; + } } } } @@ -1625,14 +1649,17 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned (*myds)->myconn->options.max_allowed_pkt=max_pkt; (*myds)->DSS=STATE_CLIENT_HANDSHAKE; - userinfo->username=strdup((const char *)user); + if (!userinfo->username) // if set already, ignore + userinfo->username=strdup((const char *)user); userinfo->password=strdup((const char *)password); if (db) userinfo->set_schemaname(db,strlen(db)); } else { // we always duplicate username and password, or crashes happen - userinfo->username=strdup((const char *)user); + if (!userinfo->username) // if set already, ignore + userinfo->username=strdup((const char *)user); if (pass_len) userinfo->password=strdup((const char *)""); } + userinfo->set(NULL,NULL,NULL,NULL); // just to call compute_hash() __exit_process_pkt_handshake_response: if (password) { diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp index f24193ecf..7c4981465 100644 --- a/lib/MySQL_Session.cpp +++ b/lib/MySQL_Session.cpp @@ -2262,6 +2262,11 @@ __get_pkts_from_client: proxy_debug(PROXY_DEBUG_MYSQL_COM, 5, "Received query to be processed with MariaDB Client library\n"); mybe->server_myds->killed_at=0; + if (GloMyLdapAuth) { + if (session_type==PROXYSQL_SESSION_MYSQL) { + add_ldap_comment_to_pkt(&pkt); + } + } mybe->server_myds->mysql_real_query.init(&pkt); client_myds->setDSS_STATE_QUERY_SENT_NET(); } else { @@ -4722,3 +4727,29 @@ void MySQL_Session::create_new_session_and_reset_connection(MySQL_Data_Stream *_ delete new_sess; } } + +void MySQL_Session::add_ldap_comment_to_pkt(PtrSize_t *_pkt) { + if (GloMyLdapAuth==NULL) + return; + if (ldap_ctx==NULL) + return; + if (client_myds==NULL || client_myds->myconn==NULL || client_myds->myconn->userinfo==NULL) + return; + if (client_myds->myconn->userinfo->fe_username==NULL) + return; + char *fe=client_myds->myconn->userinfo->fe_username; + char *a = (char *)"/* proxysql-ldap-user=%s */ "; + char *b = (char *)malloc(strlen(a)+strlen(fe)); + sprintf(b,a,fe); + PtrSize_t _new_pkt; + _new_pkt.ptr = malloc(strlen(b) + _pkt->size); + memcpy(_new_pkt.ptr , _pkt->ptr, 5); + unsigned char *_c=(unsigned char *)_new_pkt.ptr; + _c+=5; + memcpy(_c,b,strlen(b)); + _c+=strlen(b); + memcpy(_c, (char *)_pkt->ptr+5, _pkt->size-5); + l_free(_pkt->size,_pkt->ptr); + _pkt->size = _pkt->size + strlen(b); + _pkt->ptr = _new_pkt.ptr; +} diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index 6f73f10dc..fdaa057db 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -208,10 +208,10 @@ static int http_handler(void *cls, struct MHD_Connection *connection, const char #define ADMIN_SQLITE_RUNTIME_MYSQL_USERS "CREATE TABLE runtime_mysql_users (username VARCHAR NOT NULL , password VARCHAR , active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1 , use_ssl INT CHECK (use_ssl IN (0,1)) NOT NULL DEFAULT 0 , default_hostgroup INT NOT NULL DEFAULT 0 , default_schema VARCHAR , schema_locked INT CHECK (schema_locked IN (0,1)) NOT NULL DEFAULT 0 , transaction_persistent INT CHECK (transaction_persistent IN (0,1)) NOT NULL DEFAULT 1 , fast_forward INT CHECK (fast_forward IN (0,1)) NOT NULL DEFAULT 0 , backend INT CHECK (backend IN (0,1)) NOT NULL DEFAULT 1 , frontend INT CHECK (frontend IN (0,1)) NOT NULL DEFAULT 1 , max_connections INT CHECK (max_connections >=0) NOT NULL DEFAULT 10000 , comment VARCHAR NOT NULL DEFAULT '' , PRIMARY KEY (username, backend) , UNIQUE (username, frontend))" -#define ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING_V2_0_0 "CREATE TABLE mysql_ldap_mapping (priority INTEGER PRIMARY KEY NOT NULL , frontend_entity VARCHAR NOT NULL , backend_entity VARCHAR NOT NULL , comment VARCHAR , UNIQUE (frontend_entity))" +#define ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING_V2_0_0 "CREATE TABLE mysql_ldap_mapping (priority INTEGER CHECK (priority >= 1 AND priority <= 1000000) PRIMARY KEY , frontend_entity VARCHAR NOT NULL , backend_entity VARCHAR NOT NULL , comment VARCHAR NOT NULL DEFAULT '' , UNIQUE (frontend_entity))" #define ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING_V2_0_0 -#define ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_LDAP_MAPPING "CREATE TABLE runtime_mysql_ldap_mapping (priority INTEGER PRIMARY KEY NOT NULL , frontend_entity VARCHAR NOT NULL , backend_entity VARCHAR NOT NULL , comment VARCHAR , UNIQUE (frontend_entity))" +#define ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_LDAP_MAPPING "CREATE TABLE runtime_mysql_ldap_mapping (priority INTEGER PRIMARY KEY NOT NULL , frontend_entity VARCHAR NOT NULL , backend_entity VARCHAR NOT NULL , comment VARCHAR NOT NULL DEFAULT '' , UNIQUE (frontend_entity))" #define ADMIN_SQLITE_RUNTIME_CHECKSUMS_VALUES "CREATE TABLE runtime_checksums_values (name VARCHAR NOT NULL , version INT NOT NULL , epoch INT NOT NULL , checksum VARCHAR NOT NULL , PRIMARY KEY (name))" @@ -2006,6 +2006,7 @@ void ProxySQL_Admin::GenericRefreshStatistics(const char *query_no_space, unsign bool runtime_scheduler=false; bool runtime_mysql_users=false; + bool runtime_mysql_ldap_mapping=false; bool runtime_mysql_servers=false; bool runtime_mysql_query_rules=false; bool runtime_mysql_query_rules_fast_routing=false; @@ -2089,6 +2090,11 @@ void ProxySQL_Admin::GenericRefreshStatistics(const char *query_no_space, unsign if (strstr(query_no_space,"runtime_mysql_users")) { runtime_mysql_users=true; refresh=true; } + if (GloMyLdapAuth) { + if (strstr(query_no_space,"runtime_mysql_ldap_mapping")) { + runtime_mysql_ldap_mapping=true; refresh=true; + } + } if (strstr(query_no_space,"runtime_mysql_query_rules")) { runtime_mysql_query_rules=true; refresh=true; } @@ -2194,6 +2200,9 @@ void ProxySQL_Admin::GenericRefreshStatistics(const char *query_no_space, unsign if (runtime_mysql_users) { save_mysql_users_runtime_to_database(true); } + if (runtime_mysql_ldap_mapping) { + save_mysql_ldap_mapping_runtime_to_database(true); + } if (runtime_mysql_query_rules) { save_mysql_query_rules_from_runtime(true); } @@ -3619,6 +3628,18 @@ void ProxySQL_Admin::print_version() { fprintf(stderr,"Standard ProxySQL Admin rev. %s -- %s -- %s\n", PROXYSQL_ADMIN_VERSION, __FILE__, __TIMESTAMP__); }; +void ProxySQL_Admin::init_ldap() { + if (GloMyLdapAuth) { + insert_into_tables_defs(tables_defs_admin,"mysql_ldap_mapping", ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING); + insert_into_tables_defs(tables_defs_admin,"runtime_mysql_ldap_mapping", ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_LDAP_MAPPING); + insert_into_tables_defs(tables_defs_config,"mysql_ldap_mapping", ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING); + if (variables.hash_passwords==true) { + proxy_info("Impossible to set admin-hash_passwords=true when LDAP is enabled. Reverting to false\n"); + variables.hash_passwords=false; + } + } +} + bool ProxySQL_Admin::init() { cpu_timer cpt; @@ -3714,10 +3735,6 @@ bool ProxySQL_Admin::init() { } #endif /* PROXYSQLCLICKHOUSE */ - if (GloMyLdapAuth) { - insert_into_tables_defs(tables_defs_admin,"mysql_ldap_mapping", ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING); - } - insert_into_tables_defs(tables_defs_config,"mysql_servers", ADMIN_SQLITE_TABLE_MYSQL_SERVERS); insert_into_tables_defs(tables_defs_config,"mysql_users", ADMIN_SQLITE_TABLE_MYSQL_USERS); insert_into_tables_defs(tables_defs_config,"mysql_replication_hostgroups", ADMIN_SQLITE_TABLE_MYSQL_REPLICATION_HOSTGROUPS); @@ -3739,10 +3756,6 @@ bool ProxySQL_Admin::init() { } #endif /* PROXYSQLCLICKHOUSE */ - if (GloMyLdapAuth) { - insert_into_tables_defs(tables_defs_config,"mysql_ldap_mapping", ADMIN_SQLITE_TABLE_MYSQL_LDAP_MAPPING); - } - insert_into_tables_defs(tables_defs_stats,"stats_mysql_query_rules", STATS_SQLITE_TABLE_MYSQL_QUERY_RULES); insert_into_tables_defs(tables_defs_stats,"stats_mysql_commands_counters", STATS_SQLITE_TABLE_MYSQL_COMMANDS_COUNTERS); insert_into_tables_defs(tables_defs_stats,"stats_mysql_processlist", STATS_SQLITE_TABLE_MYSQL_PROCESSLIST); @@ -3852,7 +3865,6 @@ bool ProxySQL_Admin::init() { flush_clickhouse_variables___database_to_runtime(admindb,true); #endif /* PROXYSQLCLICKHOUSE */ flush_sqliteserver_variables___database_to_runtime(admindb,true); - flush_ldap_variables___database_to_runtime(admindb,true); if (GloVars.__cmd_proxysql_admin_socket) { set_variable((char *)"mysql_ifaces",GloVars.__cmd_proxysql_admin_socket); @@ -3902,6 +3914,8 @@ void ProxySQL_Admin::init_ldap_variables() { flush_ldap_variables___runtime_to_database(configdb, false, false, false); flush_ldap_variables___runtime_to_database(admindb, false, true, false); flush_ldap_variables___database_to_runtime(admindb,true); + check_and_build_standard_tables(admindb, tables_defs_admin); + check_and_build_standard_tables(configdb, tables_defs_config); } void ProxySQL_Admin::admin_shutdown() { @@ -5148,6 +5162,10 @@ bool ProxySQL_Admin::set_variable(char *name, char *value) { // this is the pub if (!strcasecmp(name,"hash_passwords")) { if (strcasecmp(value,"true")==0 || strcasecmp(value,"1")==0) { variables.hash_passwords=true; + if (GloMyLdapAuth) { + proxy_info("Impossible to set admin-hash_passwords=true when LDAP is enabled. Reverting to false\n"); + variables.hash_passwords=false; + } return true; } if (strcasecmp(value,"false")==0 || strcasecmp(value,"0")==0) { @@ -5538,6 +5556,25 @@ void ProxySQL_Admin::stats___mysql_global() { resultset=NULL; } + if (GloMyLdapAuth) { + resultset=GloMyLdapAuth->SQL3_getStats(); + if (resultset) { + for (std::vector::iterator it = resultset->rows.begin() ; it != resultset->rows.end(); ++it) { + SQLite3_row *r=*it; + int arg_len=0; + for (int i=0; i<2; i++) { + arg_len+=strlen(r->fields[i]); + } + char *query=(char *)malloc(strlen(a)+arg_len+32); + sprintf(query,a,r->fields[0],r->fields[1]); + statsdb->execute(query); + free(query); + } + delete resultset; + resultset=NULL; + } + } + statsdb->execute("COMMIT"); } @@ -6309,7 +6346,7 @@ void ProxySQL_Admin::flush_mysql_users__from_memory_to_disk() { admindb->execute("INSERT INTO disk.mysql_users SELECT * FROM main.mysql_users"); if (GloMyLdapAuth) { admindb->execute("DELETE FROM disk.mysql_ldap_mapping"); - admindb->execute("INSERT INTO dick.mysql_ldap_mapping SELECT * FROM main.mysql_ldap_mapping"); + admindb->execute("INSERT INTO disk.mysql_ldap_mapping SELECT * FROM main.mysql_ldap_mapping"); } admindb->execute("PRAGMA foreign_keys = ON"); admindb->wrunlock(); @@ -6470,6 +6507,9 @@ void ProxySQL_Admin::__refresh_users() { __add_active_users(USERNAME_BACKEND); __add_active_users(USERNAME_FRONTEND); // } + if (GloMyLdapAuth) { + __add_active_users_ldap(); + } GloMyAuth->remove_inactives(USERNAME_BACKEND); GloMyAuth->remove_inactives(USERNAME_FRONTEND); uint64_t hash1 = 0; @@ -6479,6 +6519,9 @@ void ProxySQL_Admin::__refresh_users() { if (calculate_checksum) { hash1 = GloMyAuth->get_runtime_checksum(); //uint64_t hash1 = hashB + hashF; // overflow allowed + if (GloMyLdapAuth) { + hash1 += GloMyLdapAuth->get_ldap_mapping_runtime_checksum(); + } uint32_t d32[2]; char buf[20]; memcpy(&d32, &hash1, sizeof(hash1)); @@ -6569,6 +6612,27 @@ void ProxySQL_Admin::__delete_inactive_clickhouse_users() { } #endif /* PROXYSQLCLICKHOUSE */ +void ProxySQL_Admin::__add_active_users_ldap() { + if (GloMyLdapAuth==NULL) + return; + char *error=NULL; + int cols=0; + int affected_rows=0; + SQLite3_result *resultset=NULL; + char *query=(char *)"SELECT priority, frontend_entity, backend_entity, comment FROM mysql_ldap_mapping ORDER BY priority"; + proxy_debug(PROXY_DEBUG_ADMIN, 4, "%s\n", query); + admindb->execute_statement(query, &error , &cols , &affected_rows , &resultset); + if (error) { + proxy_error("Error on %s : %s\n", query, error); + } else { + GloMyLdapAuth->load_mysql_ldap_mapping(resultset); + } + if (resultset) delete resultset; + resultset=NULL; +} + + + #define ADDUSER_STMT_RAW void ProxySQL_Admin::__add_active_users(enum cred_username_type usertype, char *__user, uint64_t *hash1) { char *error=NULL; @@ -6974,6 +7038,72 @@ void ProxySQL_Admin::save_mysql_users_runtime_to_database(bool _runtime) { free(ads); } +void ProxySQL_Admin::save_mysql_ldap_mapping_runtime_to_database(bool _runtime) { + if (GloMyLdapAuth==NULL) { + return; + } + char *query=NULL; + SQLite3_result *resultset=NULL; + if (_runtime) { + query=(char *)"DELETE FROM main.runtime_mysql_ldap_mapping"; + } else { + query=(char *)"DELETE FROM main.mysql_ldap_mapping"; + } + proxy_debug(PROXY_DEBUG_ADMIN, 4, "%s\n", query); + admindb->execute(query); + resultset=GloMyLdapAuth->dump_table_mysql_ldap_mapping(); + if (resultset) { + int rc; + sqlite3_stmt *statement1=NULL; + sqlite3_stmt *statement8=NULL; + sqlite3 *mydb3=admindb->get_db(); + char *query1=NULL; + char *query8=NULL; + if (_runtime) { + query1=(char *)"INSERT INTO runtime_mysql_ldap_mapping VALUES (?1, ?2, ?3, ?4)"; + query8=(char *)"INSERT INTO runtime_mysql_ldap_mapping VALUES (?1, ?2, ?3, ?4), (?5, ?6, ?7, ?8), (?9, ?10, ?11, ?12), (?13, ?14, ?15, ?16), (?17, ?18, ?19, ?20), (?21, ?22, ?23, ?24), (?25, ?26, ?27, ?28), (?29, ?30, ?31, ?32)"; + } else { + query1=(char *)"INSERT INTO mysql_ldap_mapping VALUES (?1, ?2, ?3, ?4)"; + query8=(char *)"INSERT INTO mysql_ldap_mapping VALUES (?1, ?2, ?3, ?4), (?5, ?6, ?7, ?8), (?9, ?10, ?11, ?12), (?13, ?14, ?15, ?16), (?17, ?18, ?19, ?20), (?21, ?22, ?23, ?24), (?25, ?26, ?27, ?28), (?29, ?30, ?31, ?32)"; + } + rc=sqlite3_prepare_v2(mydb3, query1, -1, &statement1, 0); + assert(rc==SQLITE_OK); + rc=sqlite3_prepare_v2(mydb3, query8, -1, &statement8, 0); + assert(rc==SQLITE_OK); + int row_idx=0; + int max_bulk_row_idx=resultset->rows_count/8; + max_bulk_row_idx=max_bulk_row_idx*8; + for (std::vector::iterator it = resultset->rows.begin() ; it != resultset->rows.end(); ++it) { + SQLite3_row *r1=*it; + int idx=row_idx%8; + if (row_idxfields[0])); assert(rc==SQLITE_OK); + rc=sqlite3_bind_text(statement8, (idx*7)+2, r1->fields[1], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK); + rc=sqlite3_bind_text(statement8, (idx*7)+3, r1->fields[2], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK); + rc=sqlite3_bind_text(statement8, (idx*7)+4, r1->fields[3], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK); + if (idx==7) { + SAFE_SQLITE3_STEP2(statement8); + rc=sqlite3_clear_bindings(statement8); assert(rc==SQLITE_OK); + rc=sqlite3_reset(statement8); assert(rc==SQLITE_OK); + } + } else { // single row + rc=sqlite3_bind_int64(statement1, 1, atoi(r1->fields[0])); assert(rc==SQLITE_OK); + rc=sqlite3_bind_text(statement1, 2, r1->fields[1], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK); + rc=sqlite3_bind_text(statement1, 3, r1->fields[2], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK); + rc=sqlite3_bind_text(statement1, 4, r1->fields[3], -1, SQLITE_TRANSIENT); assert(rc==SQLITE_OK); + SAFE_SQLITE3_STEP2(statement1); + rc=sqlite3_clear_bindings(statement1); assert(rc==SQLITE_OK); + rc=sqlite3_reset(statement1); assert(rc==SQLITE_OK); + } + row_idx++; + } + sqlite3_finalize(statement1); + sqlite3_finalize(statement8); + } + if(resultset) delete resultset; + resultset=NULL; +} + #ifdef PROXYSQLCLICKHOUSE void ProxySQL_Admin::save_clickhouse_users_runtime_to_database(bool _runtime) { char *query=NULL; diff --git a/lib/mysql_connection.cpp b/lib/mysql_connection.cpp index c259a57e0..1203ba66a 100644 --- a/lib/mysql_connection.cpp +++ b/lib/mysql_connection.cpp @@ -39,11 +39,13 @@ MySQL_Connection_userinfo::MySQL_Connection_userinfo() { password=NULL; sha1_pass=NULL; schemaname=NULL; + fe_username=NULL; hash=0; } MySQL_Connection_userinfo::~MySQL_Connection_userinfo() { if (username) free(username); + if (fe_username) free(fe_username); if (password) free(password); if (sha1_pass) free(sha1_pass); if (schemaname) free(schemaname); diff --git a/src/main.cpp b/src/main.cpp index 63b9710f2..8a74fed1a 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -459,7 +459,10 @@ int ssl_mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days) { } void ProxySQL_Main_init_SSL_module() { - SSL_library_init(); + int rc = SSL_library_init(); + if (rc==0) { + proxy_error("%s\n", SSL_alert_desc_string_long(rc)); + } init_locks(); SSL_METHOD *ssl_method; OpenSSL_add_all_algorithms(); @@ -700,6 +703,7 @@ void ProxySQL_Main_process_global_variables(int argc, const char **argv) { if (rc==true) { GloVars.errorlog = strdup(errorlog_path.c_str()); } + } if (root.exists("ldap_auth_plugin")==true) { string ldap_auth_plugin; bool rc; @@ -1075,6 +1079,10 @@ static void LoadPlugins() { exit(EXIT_FAILURE); } else { GloMyLdapAuth = create_MySQL_LDAP_Authentication(); + if (GloMyLdapAuth) { + GloAdmin->init_ldap(); + GloAdmin->load_ldap_variables_to_runtime(); + } } } }