Only refresh users on failed authentication
When backend authentication failed due to errors other than wrong credentials, the users were unconditionally reloaded. This caused a spike of activity whenever authentication failed for other reasons. Also fixed the test that checks for this to look for the correct error message.
This commit is contained in:
@ -44,7 +44,7 @@ int main(int argc, char *argv[])
|
|||||||
Test->repl->close_connections();
|
Test->repl->close_connections();
|
||||||
Test->stop_timeout();
|
Test->stop_timeout();
|
||||||
|
|
||||||
Test->check_log_err((char *) "refresh rate limit exceeded", false);
|
Test->check_log_err((char *) "Refresh rate limit exceeded", false);
|
||||||
Test->check_maxscale_alive();
|
Test->check_maxscale_alive();
|
||||||
int rval = Test->global_result;
|
int rval = Test->global_result;
|
||||||
delete Test;
|
delete Test;
|
||||||
|
@ -329,7 +329,7 @@ bool is_error_response(GWBUF *buffer)
|
|||||||
* @param dcb Backend DCB where authentication failed
|
* @param dcb Backend DCB where authentication failed
|
||||||
* @param buffer Buffer containing the response from the backend
|
* @param buffer Buffer containing the response from the backend
|
||||||
*/
|
*/
|
||||||
void log_error_response(DCB *dcb, GWBUF *buffer)
|
static void handle_error_response(DCB *dcb, GWBUF *buffer)
|
||||||
{
|
{
|
||||||
uint8_t *data = (uint8_t*)GWBUF_DATA(buffer);
|
uint8_t *data = (uint8_t*)GWBUF_DATA(buffer);
|
||||||
size_t len = MYSQL_GET_PAYLOAD_LEN(data);
|
size_t len = MYSQL_GET_PAYLOAD_LEN(data);
|
||||||
@ -354,6 +354,13 @@ void log_error_response(DCB *dcb, GWBUF *buffer)
|
|||||||
|
|
||||||
server_set_status(dcb->server, SERVER_MAINT);
|
server_set_status(dcb->server, SERVER_MAINT);
|
||||||
}
|
}
|
||||||
|
else if (errcode == ER_ACCESS_DENIED_ERROR ||
|
||||||
|
errcode == ER_DBACCESS_DENIED_ERROR ||
|
||||||
|
errcode == ER_ACCESS_DENIED_NO_PASSWORD_ERROR)
|
||||||
|
{
|
||||||
|
// Authentication failed, reload users
|
||||||
|
service_refresh_users(dcb->service);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -474,7 +481,7 @@ gw_read_backend_event(DCB *dcb)
|
|||||||
{
|
{
|
||||||
/** The server responded with an error */
|
/** The server responded with an error */
|
||||||
proto->protocol_auth_state = MXS_AUTH_STATE_FAILED;
|
proto->protocol_auth_state = MXS_AUTH_STATE_FAILED;
|
||||||
log_error_response(dcb, readbuf);
|
handle_error_response(dcb, readbuf);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (proto->protocol_auth_state == MXS_AUTH_STATE_CONNECTED)
|
if (proto->protocol_auth_state == MXS_AUTH_STATE_CONNECTED)
|
||||||
@ -541,15 +548,6 @@ gw_reply_on_error(DCB *dcb, mxs_auth_state_t state)
|
|||||||
MXS_SESSION *session = dcb->session;
|
MXS_SESSION *session = dcb->session;
|
||||||
CHK_SESSION(session);
|
CHK_SESSION(session);
|
||||||
|
|
||||||
/* Only reload the users table if authentication failed and the
|
|
||||||
* client session is not stopping. It is possible that authentication
|
|
||||||
* fails because the client has closed the connection before all
|
|
||||||
* backends have done authentication. */
|
|
||||||
if (state == MXS_AUTH_STATE_FAILED && session->state != SESSION_STATE_STOPPING)
|
|
||||||
{
|
|
||||||
service_refresh_users(session->service);
|
|
||||||
}
|
|
||||||
|
|
||||||
GWBUF* errbuf = mysql_create_custom_error(1, 0, "Authentication with backend "
|
GWBUF* errbuf = mysql_create_custom_error(1, 0, "Authentication with backend "
|
||||||
"failed. Session will be closed.");
|
"failed. Session will be closed.");
|
||||||
|
|
||||||
@ -809,7 +807,7 @@ gw_read_and_write(DCB *dcb)
|
|||||||
{
|
{
|
||||||
/** The COM_CHANGE USER failed, generate a fake hangup event to
|
/** The COM_CHANGE USER failed, generate a fake hangup event to
|
||||||
* close the DCB and send an error to the client. */
|
* close the DCB and send an error to the client. */
|
||||||
log_error_response(dcb, reply);
|
handle_error_response(dcb, reply);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
Reference in New Issue
Block a user