From 8affc8c17b99846fb77c05542fb953bf0c5e4d42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?= Date: Fri, 10 Jun 2022 16:50:49 +0200 Subject: [PATCH 1/4] Fail when no 'backend_username' is found for the provided 'ldap_user' --- lib/MySQL_Protocol.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index 26e66cb0d..1742ea9b2 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -2038,7 +2038,8 @@ __do_auth: proxy_error("Unable to load credentials for backend user %s , associated to LDAP user %s\n", backend_username, user); } } else { - ret=true; + proxy_error("Unable to find backend user associated to LDAP user '%s'\n", user); + ret=false; } } } From 958316df315e03a64a24df6ba3a27aeea6589847 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?= Date: Fri, 10 Jun 2022 16:51:57 +0200 Subject: [PATCH 2/4] Check that plugin module is initialized before calling 'has_variable' --- lib/ProxySQL_Admin.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index 17aaaf223..c1a7804ae 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -1733,12 +1733,12 @@ bool is_valid_global_variable(const char *var_name) { return true; } else if (strlen(var_name) > 6 && !strncmp(var_name, "admin-", 6) && SPA->has_variable(var_name + 6)) { return true; - } else if (strlen(var_name) > 5 && !strncmp(var_name, "ldap-", 5) && GloMyLdapAuth->has_variable(var_name + 5)) { + } else if (strlen(var_name) > 5 && !strncmp(var_name, "ldap-", 5) && GloMyLdapAuth && GloMyLdapAuth->has_variable(var_name + 5)) { return true; - } else if (strlen(var_name) > 13 && !strncmp(var_name, "sqliteserver-", 13) && GloSQLite3Server->has_variable(var_name + 13)) { + } else if (strlen(var_name) > 13 && !strncmp(var_name, "sqliteserver-", 13) && GloSQLite3Server && GloSQLite3Server->has_variable(var_name + 13)) { return true; #ifdef PROXYSQLCLICKHOUSE - } else if (strlen(var_name) > 11 && !strncmp(var_name, "clickhouse-", 11) && GloClickHouseServer->has_variable(var_name + 11)) { + } else if (strlen(var_name) > 11 && !strncmp(var_name, "clickhouse-", 11) && GloClickHouseServer && GloClickHouseServer->has_variable(var_name + 11)) { return true; #endif /* PROXYSQLCLICKHOUSE */ } else { From ea7868d59b52ae29ed453b762f8788a7e7efb16c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?= Date: Fri, 10 Jun 2022 16:53:37 +0200 Subject: [PATCH 3/4] Fix buffer overrun when computing 'SQLite3DB' plugin SHA1 --- lib/sqlite3db.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/sqlite3db.cpp b/lib/sqlite3db.cpp index d97ccf485..e839ef211 100644 --- a/lib/sqlite3db.cpp +++ b/lib/sqlite3db.cpp @@ -730,7 +730,7 @@ void SQLite3DB::LoadPlugin(const char *plugin_name) { SHA1(fb, statbuf.st_size, temp); memset(binary_sha1_sqlite3, 0, SHA_DIGEST_LENGTH*2+1); char buf[SHA_DIGEST_LENGTH*2]; - for (int i=0; i < SHA_DIGEST_LENGTH; i++) { + for (int i=0; i < SHA_DIGEST_LENGTH - 1; i++) { sprintf((char*)&(buf[i*2]), "%02x", temp[i]); } memcpy(binary_sha1_sqlite3, buf, SHA_DIGEST_LENGTH*2); From 96de2329d7fa3ca1585797638d78dc5801adff62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?= Date: Thu, 1 Sep 2022 11:23:43 +0200 Subject: [PATCH 4/4] Fix behavior for 'ldap-max_db_connections' failing to decrease current used connections --- lib/MySQL_Session.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp index b10caeb03..c5be72dba 100644 --- a/lib/MySQL_Session.cpp +++ b/lib/MySQL_Session.cpp @@ -641,7 +641,11 @@ MySQL_Session::~MySQL_Session() { break; #endif /* PROXYSQLCLICKHOUSE */ default: - GloMyAuth->decrease_frontend_user_connections(client_myds->myconn->userinfo->username); + if (use_ldap_auth == false) { + GloMyAuth->decrease_frontend_user_connections(client_myds->myconn->userinfo->username); + } else { + GloMyLdapAuth->decrease_frontend_user_connections(client_myds->myconn->userinfo->fe_username); + } break; } }