Passed attributes as param to LDAP auth

Removed ldap_ctx as ldap context is managed in the plugin itself
5 years ago · df19d16f14
parent e14accd78b
commit df19d16f14
4 changed files with 26 additions and 84 deletions
--- a/include/MySQL_LDAP_Authentication.hpp
+++ b/include/MySQL_LDAP_Authentication.hpp
@ -1,81 +1,24 @@
 #ifndef CLASS_MYSQL_LDAP_AUTHENTICATION_H
 #define CLASS_MYSQL_LDAP_AUTHENTICATION_H

-/*
-#include "proxysql.h"
-#include "cpp.h"
-
-#ifndef LDAP_ACCOUNT_DETAILS_T
-#define LDAP_ACCOUNT_DETAILS_T
-typedef struct _ldap_account_details_t {
-	char *username;
-	char *password;
-	void *sha1_pass;
-	bool use_ssl;
-	int default_hostgroup;
-	char *default_schema;
-	bool schema_locked;
-	bool transaction_persistent;
-//	bool fast_forward;
-//	int max_connections;
-//	int num_connections_used;
-//	bool __frontend;	// this is used only during the dump
-//	bool __backend;	// this is used only during the dump
-//	bool __active;
-	unsigned long long inserted_at;
-	char *ad_group;
-} ldap_account_details_t;
-
-typedef std::map<uint64_t, ldap_account_details_t *> umap_auth;
-#endif // LDAP_ACCOUNT_DETAILS_T
-
-#ifdef DEBUG
-#define DEB "_DEBUG"
-#else
-#define DEB ""
-#endif // DEBUG
-#define MYSQL_LDAP_AUTHENTICATION_VERSION "1.0.0000" DEB
-
-
-class PtrArray;
-
-#ifndef CREDS_GROUPS_T
-#define CREDS_GROUPS_T
-typedef struct _creds_group_t {
-	pthread_rwlock_t lock;
-	umap_auth bt_map;
-	PtrArray *cred_array;
-} creds_group_t;
-#endif // CREDS_GROUPS_T
-*/
-
-
 class MySQL_LDAP_Authentication {
-/*
-	private:
-//	creds_group_t creds_backends;
-	creds_group_t creds_frontends;
-	bool _reset(enum cred_username_type usertype);
-//	uint64_t _get_runtime_checksum(enum cred_username_type usertype);
-*/
-	public:
+public:
 	MySQL_LDAP_Authentication() {};
 	virtual ~MySQL_LDAP_Authentication() {};
 	virtual bool add(char *username, char *backend_username, char *password, enum cred_username_type usertype, bool use_ssl, int default_hostgroup, char *default_schema, bool schema_locked, bool transaction_persistent, bool fast_forward, int max_connections) {return false;};
 	virtual bool del(char *username, enum cred_username_type usertype, bool set_lock=true) {return false;};
 	virtual bool reset() {return false;};
 	virtual void print_version() {};
-	virtual char * lookup(void *ldap_ctx, char *username, char *pass, enum cred_username_type usertype, bool *use_ssl, int *default_hostgroup, char **default_schema, bool *schema_locked, bool *transaction_persistent, bool *fast_forward, int *max_connections, void **sha1_pass, char **backend_username) {return NULL;};
-	//virtual int dump_all_users(account_details_t ***, bool _complete=true) {return 0;};
+	virtual char * lookup(char *username, char *pass, 
+			enum cred_username_type usertype, bool *use_ssl, int *default_hostgroup, 
+			char **default_schema, bool *schema_locked, bool *transaction_persistent, 
+			bool *fast_forward, int *max_connections, void **sha1_pass, char **attributes,
+			char **backend_username) {return NULL;};
 	virtual int increase_frontend_user_connections(char *username, int *mc=NULL) {return 0;};
 	virtual void decrease_frontend_user_connections(char *username) {};
 	virtual void set_all_inactive(enum cred_username_type usertype) {};
 	virtual void remove_inactives(enum cred_username_type usertype) {};
 	virtual bool set_SHA1(char *username, enum cred_username_type usertype, void *sha_pass) {return false;};
-//	unsigned int memory_usage();
-//	uint64_t get_runtime_checksum();
-	virtual void * ldap_ctx_init() {return NULL;};
-	virtual void ldap_ctx_free(void *) {};
 	virtual char **get_variables_list() {return NULL;}
 	virtual bool has_variable(const char *name) {return false;};
 	virtual void wrlock() {};
--- a/include/MySQL_Session.h
+++ b/include/MySQL_Session.h
@ -239,7 +239,7 @@ class MySQL_Session

 	Session_Regex **match_regexes;

-	void *ldap_ctx;
+	bool use_ldap_auth;

 	// this variable is relevant only if status == SETTING_VARIABLE
 	enum variable_name changing_variable_idx;
--- a/lib/MySQL_Protocol.cpp
+++ b/lib/MySQL_Protocol.cpp
@ -1734,26 +1734,26 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned
 #ifdef DEBUG
 	if (dump_pkt) { __dump_pkt(__func__,pkt,len); }
 #endif
-	bool ret=false;
+	bool ret = false;
 	unsigned int charset;
 	uint32_t  capabilities = 0;
 	uint32_t  max_pkt;
 	uint32_t  pass_len;
-	unsigned char *user=NULL;
-	char *db=NULL;
+	unsigned char *user = NULL;
+	char *db = NULL;
 	char *db_tmp = NULL;
 	unsigned char *pass = NULL;
 	MySQL_Connection *myconn = NULL;
-	char *password=NULL;
-	bool use_ssl=false;
-	bool _ret_use_ssl=false;
+	char *password = NULL;
+	bool use_ssl = false;
+	bool _ret_use_ssl = false;
 	unsigned char *auth_plugin = NULL;
 	int auth_plugin_id = 0;

 	char reply[SHA_DIGEST_LENGTH+1];
 	reply[SHA_DIGEST_LENGTH]='\0';
 	int default_hostgroup=-1;
-	char *default_schema=NULL;
+	char *default_schema = NULL;
 	char *attributes = NULL;
 	bool schema_locked;
 	bool transaction_persistent = true;
@ -2076,8 +2076,10 @@ __do_auth:
 					}
 #endif // debug
 					char *backend_username = NULL;
-					(*myds)->sess->ldap_ctx = GloMyLdapAuth->ldap_ctx_init();
-					password = GloMyLdapAuth->lookup((*myds)->sess->ldap_ctx, (char *)user, (char *)pass, USERNAME_FRONTEND, &_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, &transaction_persistent, &fast_forward, &max_connections, &sha1_pass, &backend_username);
+					(*myds)->sess->use_ldap_auth = true;
+					password = GloMyLdapAuth->lookup((char *) user, (char *) pass, USERNAME_FRONTEND, 
+						&_ret_use_ssl, &default_hostgroup, &default_schema, &schema_locked, 
+						&transaction_persistent, &fast_forward, &max_connections, &sha1_pass, &attributes, &backend_username);
 					if (password) {
 #ifdef DEBUG
 						char *tmp_pass=strdup(password);
@ -2090,7 +2092,7 @@ __do_auth:
 #endif // debug
 						(*myds)->sess->default_hostgroup=default_hostgroup;
 						(*myds)->sess->default_schema=default_schema; // just the pointer is passed
-						(*myds)->sess->user_attributes = attributes; // just the pointer is passed , but for now not available in LDAP
+						(*myds)->sess->user_attributes = attributes; // just the pointer is passed, LDAP returns empty string
 #ifdef DEBUG
 						debug_spiffe_id(user,attributes, __LINE__, __func__);
 #endif
--- a/lib/MySQL_Session.cpp
+++ b/lib/MySQL_Session.cpp
@ -504,7 +504,7 @@ MySQL_Session::MySQL_Session() {
 	last_insert_id=0; // #1093

 	last_HG_affected_rows = -1; // #1421 : advanced support for LAST_INSERT_ID()
-	ldap_ctx = NULL;
+	use_ldap_auth = false;
 }

 void MySQL_Session::init() {
@ -588,6 +588,7 @@ MySQL_Session::~MySQL_Session() {
 	}
 	if (user_attributes) {
 		free(user_attributes);
+		user_attributes = NULL;
 	}
 	proxy_debug(PROXY_DEBUG_NET,1,"Thread=%p, Session=%p -- Shutdown Session %p\n" , this->thread, this, this);
 	delete command_counters;
@ -601,10 +602,6 @@ MySQL_Session::~MySQL_Session() {
 		__sync_sub_and_fetch(&GloMTH->status_variables.mirror_sessions_current,1);
 		GloMTH->status_variables.p_gauge_array[p_th_gauge::mirror_concurrency]->Decrement();
 	}
-	if (ldap_ctx) {
-		GloMyLdapAuth->ldap_ctx_free(ldap_ctx);
-		ldap_ctx = NULL;
-	}
 }


@ -2016,7 +2013,7 @@ bool MySQL_Session::handler_again___status_SETTING_LDAP_USER_VARIABLE(int *_rc)
 	enum session_status st=status;

 	if (
-		(GloMyLdapAuth==NULL) || (ldap_ctx==NULL)
+		(GloMyLdapAuth==NULL) || (use_ldap_auth==false)
 		||
 		(client_myds==NULL || client_myds->myconn==NULL || client_myds->myconn->userinfo==NULL)
 	) { // nothing to do
@ -4391,7 +4388,7 @@ handler_again:
 							if (handler_again___verify_init_connect()) {
 								goto handler_again;
 							}
-							if (ldap_ctx) {
+							if (use_ldap_auth) {
 								if (handler_again___verify_ldap_user_variable()) {
 									goto handler_again;
 								}
@ -4929,7 +4926,7 @@ void MySQL_Session::handler___status_CONNECTING_CLIENT___STATE_SERVER_HANDSHAKE(
 //#endif // TEST_AURORA || TEST_GALERA || TEST_GROUPREP
 					case PROXYSQL_SESSION_MYSQL:
 						proxy_debug(PROXY_DEBUG_MYSQL_CONNECTION,8,"Session=%p , DS=%p , session_type=PROXYSQL_SESSION_MYSQL\n", this, client_myds);
-						if (ldap_ctx==NULL) {
+						if (use_ldap_auth == false) {
 							free_users=GloMyAuth->increase_frontend_user_connections(client_myds->myconn->userinfo->username, &used_users);
 						} else {
 							free_users=GloMyLdapAuth->increase_frontend_user_connections(client_myds->myconn->userinfo->username, &used_users);
@ -6205,7 +6202,7 @@ void MySQL_Session::handler___status_WAITING_CLIENT_DATA___STATE_SLEEP___MYSQL_C
 		reset();
 		init();
 		if (client_authenticated) {
-			if (ldap_ctx==NULL) {
+			if (use_ldap_auth == false) {
 				GloMyAuth->decrease_frontend_user_connections(client_myds->myconn->userinfo->username);
 			} else {
 				GloMyLdapAuth->decrease_frontend_user_connections(client_myds->myconn->userinfo->username);
@ -6948,7 +6945,7 @@ bool MySQL_Session::handle_command_query_kill(PtrSize_t *pkt) {
 void MySQL_Session::add_ldap_comment_to_pkt(PtrSize_t *_pkt) {
 	if (GloMyLdapAuth==NULL)
 		return;
-	if (ldap_ctx==NULL)
+	if (use_ldap_auth == false)
 		return;
 	if (client_myds==NULL || client_myds->myconn==NULL || client_myds->myconn->userinfo==NULL)
 		return;