Skip to content

Commit 5ef5364

Browse files
mohitkhullarmohitkhullar
committed
c
Signed-off-by: mohitkhullar <[email protected]>
1 parent 025f497 commit 5ef5364

File tree

1 file changed

+22
-56
lines changed

1 file changed

+22
-56
lines changed

db/db_access.c

Lines changed: 22 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,19 @@ void get_client_origin(char *out, size_t outlen, struct sqlclntstate *clnt) {
7171
clnt->conninfo.pid);
7272
}
7373

74+
static void report_access_denied(const char *action, const char *table, const char *user, int bdberr, errstat_t *err) {
75+
char msg[1024];
76+
if (bdberr)
77+
snprintf(msg, sizeof(msg), "%s access denied to table %s for user %s bdberr=%d", action, table, user, bdberr);
78+
else
79+
snprintf(msg, sizeof(msg), "%s access denied to table %s for user %s", action, table, user);
80+
logmsg(LOGMSG_INFO, "%s\n", msg);
81+
if (err) {
82+
errstat_set_rc(err, SQLITE_ACCESS);
83+
errstat_set_str(err, msg);
84+
}
85+
}
86+
7487
int gbl_fdb_auth_error = 0;
7588

7689
/* If user password does not match this function
@@ -261,11 +274,7 @@ int access_control_check_sql_write(struct BtCursor *pCur,
261274
if ((authdata = get_authdata(clnt)) != NULL)
262275
clnt->authdata = authdata;
263276
char client_info[1024];
264-
snprintf(client_info, sizeof(client_info),
265-
"%s:origin:%s:pid:%d",
266-
clnt->argv0 ? clnt->argv0 : "?",
267-
clnt->origin ? clnt->origin: "?",
268-
clnt->conninfo.pid);
277+
get_client_origin(client_info, sizeof(client_info), clnt);
269278
if (!clnt->authdata && clnt->secure && !gbl_allow_anon_id_for_spmux) {
270279
return reject_anon_id(clnt);
271280
}
@@ -274,12 +283,7 @@ int access_control_check_sql_write(struct BtCursor *pCur,
274283
clnt->argv0 ? clnt->argv0 : "???", clnt->conninfo.pid, clnt->conninfo.node);
275284
} else if (externalComdb2AuthenticateUserWrite(clnt->authdata, table_name, client_info)) {
276285
ATOMIC_ADD64(gbl_num_auth_denied, 1);
277-
char msg[1024];
278-
snprintf(msg, sizeof(msg), "Write access denied to table %s for user %s",
279-
table_name, clnt->externalAuthUser ? clnt->externalAuthUser : "");
280-
logmsg(LOGMSG_INFO, "%s\n", msg);
281-
errstat_set_rc(&thd->clnt->osql.xerr, SQLITE_ACCESS);
282-
errstat_set_str(&thd->clnt->osql.xerr, msg);
286+
report_access_denied("Write", table_name, clnt->externalAuthUser ? clnt->externalAuthUser : "", 0, &thd->clnt->osql.xerr);
283287
return SQLITE_ABORT;
284288
}
285289
}
@@ -291,14 +295,7 @@ int access_control_check_sql_write(struct BtCursor *pCur,
291295
pCur->db->tablename, ACCESS_WRITE, &bdberr);
292296
if (rc != 0) {
293297
ATOMIC_ADD64(gbl_num_auth_denied, 1);
294-
char msg[1024];
295-
snprintf(msg, sizeof(msg),
296-
"Write access denied to %s for user %s bdberr=%d",
297-
table_name, thd->clnt->current_user.name, bdberr);
298-
logmsg(LOGMSG_INFO, "%s\n", msg);
299-
errstat_set_rc(&thd->clnt->osql.xerr, SQLITE_ACCESS);
300-
errstat_set_str(&thd->clnt->osql.xerr, msg);
301-
298+
report_access_denied("Write", table_name, thd->clnt->current_user.name, bdberr, &thd->clnt->osql.xerr);
302299
return SQLITE_ABORT;
303300
}
304301
}
@@ -344,24 +341,15 @@ int access_control_check_sql_read(struct BtCursor *pCur, struct sql_thread *thd,
344341
if ((authdata = get_authdata(clnt)) != NULL)
345342
clnt->authdata = authdata;
346343
char client_info[1024];
347-
snprintf(client_info, sizeof(client_info),
348-
"%s:origin:%s:pid:%d",
349-
clnt->argv0 ? clnt->argv0 : "?",
350-
clnt->origin ? clnt->origin: "?",
351-
clnt->conninfo.pid);
344+
get_client_origin(client_info, sizeof(client_info), clnt);
352345
if (!clnt->authdata && clnt->secure && !gbl_allow_anon_id_for_spmux)
353346
return reject_anon_id(clnt);
354347
if (gbl_externalauth_warn && !clnt->authdata) {
355348
logmsg(LOGMSG_INFO, "Client %s pid:%d mach:%d is missing authentication data\n",
356349
clnt->argv0 ? clnt->argv0 : "???", clnt->conninfo.pid, clnt->conninfo.node);
357350
} else if (externalComdb2AuthenticateUserRead(clnt->authdata, table_name, client_info)) {
358351
ATOMIC_ADD64(gbl_num_auth_denied, 1);
359-
char msg[1024];
360-
snprintf(msg, sizeof(msg), "Read access denied to table %s for user %s",
361-
table_name, clnt->externalAuthUser ? clnt->externalAuthUser : "");
362-
logmsg(LOGMSG_INFO, "%s\n", msg);
363-
errstat_set_rc(&thd->clnt->osql.xerr, SQLITE_ACCESS);
364-
errstat_set_str(&thd->clnt->osql.xerr, msg);
352+
report_access_denied("Read", table_name, clnt->externalAuthUser ? clnt->externalAuthUser : "", 0, &thd->clnt->osql.xerr);
365353
return SQLITE_ABORT;
366354
}
367355
}
@@ -371,14 +359,7 @@ int access_control_check_sql_read(struct BtCursor *pCur, struct sql_thread *thd,
371359
pCur->db->tablename, ACCESS_READ, &bdberr);
372360
if (rc != 0) {
373361
ATOMIC_ADD64(gbl_num_auth_denied, 1);
374-
char msg[1024];
375-
snprintf(msg, sizeof(msg),
376-
"Read access denied to %s for user %s bdberr=%d",
377-
table_name, thd->clnt->current_user.name, bdberr);
378-
logmsg(LOGMSG_INFO, "%s\n", msg);
379-
errstat_set_rc(&thd->clnt->osql.xerr, SQLITE_ACCESS);
380-
errstat_set_str(&thd->clnt->osql.xerr, msg);
381-
362+
report_access_denied("Read", table_name, thd->clnt->current_user.name, bdberr, &thd->clnt->osql.xerr);
382363
return SQLITE_ABORT;
383364
}
384365
}
@@ -467,24 +448,15 @@ int comdb2_check_vtab_access(sqlite3 *db, sqlite3_module *module)
467448
&& !clnt->current_user.bypass_auth /* not analyze */) {
468449
clnt->authdata = get_authdata(clnt);
469450
char client_info[1024];
470-
snprintf(client_info, sizeof(client_info),
471-
"%s:origin:%s:pid:%d",
472-
clnt->argv0 ? clnt->argv0 : "?",
473-
clnt->origin ? clnt->origin: "?",
474-
clnt->conninfo.pid);
451+
get_client_origin(client_info, sizeof(client_info), clnt);
475452
if (!clnt->authdata && clnt->secure && !gbl_allow_anon_id_for_spmux)
476453
return reject_anon_id(clnt);
477454
if (gbl_externalauth_warn && !clnt->authdata) {
478455
logmsg(LOGMSG_INFO, "Client %s pid:%d mach:%d is missing authentication data\n",
479456
clnt->argv0 ? clnt->argv0 : "???", clnt->conninfo.pid, clnt->conninfo.node);
480457
} else if (externalComdb2AuthenticateUserRead(clnt->authdata, mod->zName, client_info)) {
481458
ATOMIC_ADD64(gbl_num_auth_denied, 1);
482-
char msg[1024];
483-
snprintf(msg, sizeof(msg), "Read access denied to table %s for user %s",
484-
mod->zName, clnt->externalAuthUser ? clnt->externalAuthUser : "");
485-
logmsg(LOGMSG_INFO, "%s\n", msg);
486-
errstat_set_rc(&thd->clnt->osql.xerr, SQLITE_ACCESS);
487-
errstat_set_str(&thd->clnt->osql.xerr, msg);
459+
report_access_denied("Read", mod->zName, clnt->externalAuthUser ? clnt->externalAuthUser : "", 0, &thd->clnt->osql.xerr);
488460
return SQLITE_ABORT;
489461
}
490462
return SQLITE_OK;
@@ -493,13 +465,7 @@ int comdb2_check_vtab_access(sqlite3 *db, sqlite3_module *module)
493465
thedb->bdb_env, thd->clnt->current_user.name,
494466
(char *)mod->zName, ACCESS_READ, &bdberr);
495467
if (rc != 0) {
496-
char msg[1024];
497-
snprintf(msg, sizeof(msg),
498-
"Read access denied to %s for user %s bdberr=%d",
499-
mod->zName, thd->clnt->current_user.name, bdberr);
500-
logmsg(LOGMSG_INFO, "%s\n", msg);
501-
errstat_set_rc(&thd->clnt->osql.xerr, SQLITE_ACCESS);
502-
errstat_set_str(&thd->clnt->osql.xerr, msg);
468+
report_access_denied("Read", mod->zName, thd->clnt->current_user.name, bdberr, &thd->clnt->osql.xerr);
503469
return SQLITE_AUTH;
504470
}
505471
return SQLITE_OK;

0 commit comments

Comments
 (0)