/** * Add the service user to the service->users * via mysql_users_alloc and add_mysql_users_with_host_ipv4 * User is added for '%' and 'localhost' hosts * * @param service The service for this router * @return 0 on success, 1 on failure */ static int maxinfo_add_mysql_user(SERVICE *service) { char *dpwd = NULL; char *newpasswd = NULL; char *service_user = NULL; char *service_passwd = NULL; if (serviceGetUser(service, &service_user, &service_passwd) == 0) { MXS_ERROR("maxinfo: failed to get service user details"); return 1; } dpwd = decryptPassword(service->credentials.authdata); if (!dpwd) { MXS_ERROR("maxinfo: decrypt password failed for service user %s", service_user); return 1; } service->users = (void *)mysql_users_alloc(); newpasswd = create_hex_sha1_sha1_passwd(dpwd); if (!newpasswd) { MXS_ERROR("maxinfo: create hex_sha1_sha1_password failed for service user %s", service_user); users_free(service->users); service->users = NULL; return 1; } /* add service user for % and localhost */ (void)add_mysql_users_with_host_ipv4(service->users, service->credentials.name, "%", newpasswd, "Y", ""); (void)add_mysql_users_with_host_ipv4(service->users, service->credentials.name, "localhost", newpasswd, "Y", ""); free(newpasswd); free(dpwd); return 0; }
/** * Load the user/passwd form mysql.user table into the service users' hashtable * environment. * * @param service The current service * @param users The users table into which to load the users * @return -1 on any error or the number of users inserted (0 means no users at all) */ static int getUsers(SERVICE *service, struct users *users) { MYSQL *con = NULL; MYSQL_ROW row; MYSQL_RES *result = NULL; int num_fields = 0; char *service_user = NULL; char *service_passwd = NULL; char *dpwd; int total_users = 0; SERVER *server; char *users_query; unsigned char hash[SHA_DIGEST_LENGTH]=""; char *users_data = NULL; int nusers = 0; int users_data_row_len = MYSQL_USER_MAXLEN + MYSQL_HOST_MAXLEN + MYSQL_PASSWORD_LEN; struct sockaddr_in serv_addr; MYSQL_USER_HOST key; /* enable_root for MySQL protocol module means load the root user credentials from backend databases */ if(service->enable_root) { users_query = LOAD_MYSQL_USERS_QUERY " ORDER BY HOST DESC"; } else { users_query = LOAD_MYSQL_USERS_QUERY USERS_QUERY_NO_ROOT " ORDER BY HOST DESC"; } serviceGetUser(service, &service_user, &service_passwd); /** multi-thread environment requires that thread init succeeds. */ if (mysql_thread_init()) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : mysql_thread_init failed."))); return -1; } con = mysql_init(NULL); if (con == NULL) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : mysql_init: %s", mysql_error(con)))); return -1; } if (mysql_options(con, MYSQL_OPT_USE_REMOTE_CONNECTION, NULL)) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : failed to set external connection. " "It is needed for backend server connections. " "Exiting."))); return -1; } /* * Attempt to connect to each database in the service in turn until * we find one that we can connect to or until we run out of databases * to try */ server = service->databases; dpwd = decryptPassword(service_passwd); while (server != NULL && mysql_real_connect(con, server->name, service_user, dpwd, NULL, server->port, NULL, 0) == NULL) { server = server->nextdb; } free(dpwd); if (server == NULL) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : Unable to get user data from backend database " "for service %s. Missing server information.", service->name))); mysql_close(con); return -1; } if (mysql_query(con, MYSQL_USERS_COUNT)) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : Loading users for service %s encountered " "error: %s.", service->name, mysql_error(con)))); mysql_close(con); return -1; } result = mysql_store_result(con); if (result == NULL) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : Loading users for service %s encountered " "error: %s.", service->name, mysql_error(con)))); mysql_close(con); return -1; } num_fields = mysql_num_fields(result); row = mysql_fetch_row(result); nusers = atoi(row[0]); mysql_free_result(result); if (!nusers) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : Counting users for service %s returned 0", service->name))); mysql_close(con); return -1; } if (mysql_query(con, users_query)) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : Loading users for service %s encountered " "error: %s.", service->name, mysql_error(con)))); mysql_close(con); return -1; } result = mysql_store_result(con); if (result == NULL) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : Loading users for service %s encountered " "error: %s.", service->name, mysql_error(con)))); mysql_close(con); return -1; } num_fields = mysql_num_fields(result); users_data = (char *)malloc(nusers * (users_data_row_len * sizeof(char)) + 1); if(users_data == NULL) return -1; while ((row = mysql_fetch_row(result))) { /** * Four fields should be returned. * user and passwd+1 (escaping the first byte that is '*') are * added to hashtable. */ char ret_ip[INET_ADDRSTRLEN + 1]=""; const char *rc; /* prepare the user@host data struct */ memset(&serv_addr, 0, sizeof(serv_addr)); memset(&key, 0, sizeof(key)); /* if host == '%', 0 is passed */ if (setipaddress(&serv_addr.sin_addr, strcmp(row[1], "%") ? row[1] : "0.0.0.0")) { key.user = strdup(row[0]); if(key.user == NULL) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "%lu [getUsers()] strdup() failed for user %s", pthread_self(), row[0]))); continue; } memcpy(&key.ipv4, &serv_addr, sizeof(serv_addr)); rc = inet_ntop(AF_INET, &(serv_addr).sin_addr, ret_ip, INET_ADDRSTRLEN); /* add user@host as key and passwd as value in the MySQL users hash table */ if (mysql_users_add(users, &key, strlen(row[2]) ? row[2]+1 : row[2])) { LOGIF(LD, (skygw_log_write_flush( LOGFILE_DEBUG, "%lu [mysql_users_add()] Added user %s@%s(%s)", pthread_self(), row[0], row[1], rc == NULL ? "NULL" : ret_ip))); /* Append data in the memory area for SHA1 digest */ strncat(users_data, row[3], users_data_row_len); total_users++; } else { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "%lu [mysql_users_add()] Failed adding user %s@%s(%s)", pthread_self(), row[0], row[1], rc == NULL ? "NULL" : ret_ip))); continue; } } else { /* setipaddress() failed, skip user add and log this*/ LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "%lu [getUsers()] setipaddress failed: user %s@%s not added", pthread_self(), row[0], row[1]))); } } /* compute SHA1 digest for users' data */ SHA1((const unsigned char *) users_data, strlen(users_data), hash); memcpy(users->cksum, hash, SHA_DIGEST_LENGTH); free(users_data); mysql_free_result(result); mysql_close(con); mysql_thread_end(); return total_users; }