hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only refresh users on failed authentication

Browse Source 
When backend authentication failed due to errors other than wrong
credentials, the users were unconditionally reloaded. This caused a spike
of activity whenever authentication failed for other reasons.

Also fixed the test that checks for this to look for the correct error
message.
This commit is contained in:
Markus Mäkelä
2017-12-01 06:01:18 +02:00
parent 96d9c47016
commit 0506669738
2 changed files with 11 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
maxscale-system-test/crash_out_of_files.cpp
View File

@ -44,7 +44,7 @@ int main(int argc, char *argv[])
Test->repl->close_connections(); Test->repl->close_connections();
Test->stop_timeout(); Test->stop_timeout();
Test->check_log_err((char *) "refresh rate limit exceeded", false); Test->check_log_err((char *) "Refresh rate limit exceeded", false);
Test->check_maxscale_alive(); Test->check_maxscale_alive();
int rval = Test->global_result; int rval = Test->global_result;
delete Test; delete Test;

22
server/modules/protocol/MySQL/MySQLBackend/mysql_backend.c
View File

@ -329,7 +329,7 @@ bool is_error_response(GWBUF *buffer)
* @param dcb Backend DCB where authentication failed * @param dcb Backend DCB where authentication failed
* @param buffer Buffer containing the response from the backend * @param buffer Buffer containing the response from the backend
*/ */
void log_error_response(DCB *dcb, GWBUF *buffer) static void handle_error_response(DCB *dcb, GWBUF *buffer)
{ {
uint8_t *data = (uint8_t*)GWBUF_DATA(buffer); uint8_t *data = (uint8_t*)GWBUF_DATA(buffer);
size_t len = MYSQL_GET_PAYLOAD_LEN(data); size_t len = MYSQL_GET_PAYLOAD_LEN(data);
@ -354,6 +354,13 @@ void log_error_response(DCB *dcb, GWBUF *buffer)
server_set_status(dcb->server, SERVER_MAINT); server_set_status(dcb->server, SERVER_MAINT);
} }
else if (errcode == ER_ACCESS_DENIED_ERROR ||
errcode == ER_DBACCESS_DENIED_ERROR ||
errcode == ER_ACCESS_DENIED_NO_PASSWORD_ERROR)
{
// Authentication failed, reload users
service_refresh_users(dcb->service);
}
} }
/** /**
@ -474,7 +481,7 @@ gw_read_backend_event(DCB *dcb)
{ {
/** The server responded with an error */ /** The server responded with an error */
proto->protocol_auth_state = MXS_AUTH_STATE_FAILED; proto->protocol_auth_state = MXS_AUTH_STATE_FAILED;
log_error_response(dcb, readbuf); handle_error_response(dcb, readbuf);
} }
if (proto->protocol_auth_state == MXS_AUTH_STATE_CONNECTED) if (proto->protocol_auth_state == MXS_AUTH_STATE_CONNECTED)
@ -541,15 +548,6 @@ gw_reply_on_error(DCB *dcb, mxs_auth_state_t state)
MXS_SESSION *session = dcb->session; MXS_SESSION *session = dcb->session;
CHK_SESSION(session); CHK_SESSION(session);
/* Only reload the users table if authentication failed and the
* client session is not stopping. It is possible that authentication
* fails because the client has closed the connection before all
* backends have done authentication. */
if (state == MXS_AUTH_STATE_FAILED && session->state != SESSION_STATE_STOPPING)
{
service_refresh_users(session->service);
}
GWBUF* errbuf = mysql_create_custom_error(1, 0, "Authentication with backend " GWBUF* errbuf = mysql_create_custom_error(1, 0, "Authentication with backend "
"failed. Session will be closed."); "failed. Session will be closed.");
@ -809,7 +807,7 @@ gw_read_and_write(DCB *dcb)
{ {
/** The COM_CHANGE USER failed, generate a fake hangup event to /** The COM_CHANGE USER failed, generate a fake hangup event to
* close the DCB and send an error to the client. */ * close the DCB and send an error to the client. */
log_error_response(dcb, reply); handle_error_response(dcb, reply);
} }
else else
{ {