hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.1' into develop

Browse Source
This commit is contained in:
Markus Mäkelä 2017-03-14 10:45:25 +02:00
commit 8c7618035b
7 changed files with 86 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Documentation/About/Limitations.md
View File

@ -20,13 +20,6 @@ different backend authentication module is not supported.
### Limitations in the MySQL authenticator (MySQLAuth)
* MariaDB MaxScale supports authentication that uses wildcard matching in
hostnames in the `mysql.user` table of the backend database. For IP address
entries either `%` or `_`-wildcards are accepted, they should not be mixed in
the same entry. For text addresses both wildcards can be mixed.
* Wildcards in text-form hostnames are not supported.
* MySQL old style passwords are not supported. MySQL versions 4.1 and newer use a
new authentication protocol which does not support pre-4.1 style passwords.

52
Documentation/Release-Notes/MaxScale-2.1.2-Release-Notes.md Normal file
View File

@ -0,0 +1,52 @@
# MariaDB MaxScale 2.1.2 Release Notes
Release 2.1.2 is a Beta release.
This document describes the changes in release 2.1.2, when compared to
release [2.1.1](MaxScale-2.1.1-Release-Notes.md).
If you are upgrading from release 2.0, please also read the following
release notes:
[2.1.1](./MaxScale-2.1.1-Release-Notes.md)
[2.1.0](./MaxScale-2.1.0-Release-Notes.md)
For any problems you encounter, please consider submitting a bug
report at [Jira](https://jira.mariadb.org).
## Changed Features
### Improved Wildcard Matching
The MySQLAuth module now supports all types of wildcards for both IP addresses
as well as hostnames.
## New Features
### IPv6 Support
MaxScale now supports IPv6 connections on both the client and backend side as
well as being able to listen on IPv6 addresses.
## Bug fixes
[Here is a list of bugs fixed since the release of MaxScale 2.1.1.](https://jira.mariadb.org/issues/?jql=project%20%3D%20MXS%20AND%20issuetype%20%3D%20Bug%20AND%20resolution%20in%20(Fixed%2C%20Done)%20AND%20fixVersion%20%3D%202.1.2%20AND%20fixVersion%20NOT%20IN%20(2.1.1))
## Known Issues and Limitations
There are some limitations and known issues within this version of MaxScale.
For more information, please refer to the [Limitations](../About/Limitations.md) document.
## Packaging
RPM and Debian packages are provided for the Linux distributions supported
by MariaDB Enterprise.
Packages can be downloaded [here](https://mariadb.com/resources/downloads).
## Source Code
The source code of MaxScale is tagged at GitHub with a tag, which is identical
with the version of MaxScale. For instance, the tag of version X.Y.Z of MaxScale
is X.Y.Z. Further, *master* always refers to the latest released non-beta version.
The source code is available [here](https://github.com/mariadb-corporation/MaxScale).

2
include/maxscale/protocol/mysql.h
View File

@ -407,7 +407,7 @@ bool protocol_get_response_status (MySQLProtocol* p, int* npackets, ssize_t* nby
void protocol_set_response_status (MySQLProtocol* p, int npackets, ssize_t nbytes);
void protocol_archive_srv_command(MySQLProtocol* p);
char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db, int);
char* create_auth_fail_str(char *username, char *hostaddr, bool password, char *db, int);
void init_response_status (
GWBUF* buf,

6
server/modules/authenticator/MySQLAuth/dbusers.c
View File

@ -238,12 +238,6 @@ int validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
rval = MXS_AUTH_FAILED_DB;
}
}
else if (session->auth_token_len)
{
/** If authentication fails, this will trigger the right
* error message with `Using password : YES` */
session->client_sha1[0] = '_';
}
}
return rval;

2
server/modules/protocol/MySQL/MySQLBackend/mysql_backend.c
View File

@ -1355,7 +1355,7 @@ static int gw_change_user(DCB *backend,
message = create_auth_fail_str(username,
backend->session->client_dcb->remote,
password_set,
"",
false,
auth_ret);
if (message == NULL)
{

68
server/modules/protocol/MySQL/MySQLClient/mysql_client.c
View File

@ -83,7 +83,6 @@ static void mysql_client_auth_error_handling(DCB *dcb, int auth_val, int packet_
static int gw_read_do_authentication(DCB *dcb, GWBUF *read_buffer, int nbytes_read);
static int gw_read_normal_data(DCB *dcb, GWBUF *read_buffer, int nbytes_read);
static int gw_read_finish_processing(DCB *dcb, GWBUF *read_buffer, uint64_t capabilities);
extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db, int);
static bool ensure_complete_packet(DCB *dcb, GWBUF **read_buffer, int nbytes_read);
static void gw_process_one_new_client(DCB *client_dcb);
@ -1047,86 +1046,67 @@ mysql_client_auth_error_handling(DCB *dcb, int auth_val, int packet_number)
{
int message_len;
char *fail_str = NULL;
MYSQL_session *session = (MYSQL_session*)dcb->data;
switch (auth_val)
{
case MXS_AUTH_NO_SESSION:
MXS_DEBUG("%lu [gw_read_client_event] session "
"creation failed. fd %d, "
"state = MYSQL_AUTH_NO_SESSION.",
pthread_self(),
dcb->fd);
MXS_DEBUG("%lu [gw_read_client_event] session creation failed. fd %d, "
"state = MYSQL_AUTH_NO_SESSION.", pthread_self(), dcb->fd);
/** Send ERR 1045 to client */
mysql_send_auth_error(dcb,
packet_number,
0,
"failed to create new session");
mysql_send_auth_error(dcb, packet_number, 0, "failed to create new session");
break;
case MXS_AUTH_FAILED_DB:
MXS_DEBUG("%lu [gw_read_client_event] database "
"specified was not valid. fd %d, "
"state = MYSQL_FAILED_AUTH_DB.",
pthread_self(),
dcb->fd);
MXS_DEBUG("%lu [gw_read_client_event] database specified was not valid. fd %d, "
"state = MYSQL_FAILED_AUTH_DB.", pthread_self(), dcb->fd);
/** Send error 1049 to client */
message_len = 25 + MYSQL_DATABASE_MAXLEN;
fail_str = MXS_CALLOC(1, message_len + 1);
MXS_ABORT_IF_NULL(fail_str);
snprintf(fail_str, message_len, "Unknown database '%s'",
(char*)((MYSQL_session *)dcb->data)->db);
snprintf(fail_str, message_len, "Unknown database '%s'", session->db);
modutil_send_mysql_err_packet(dcb, packet_number, 0, 1049, "42000", fail_str);
break;
case MXS_AUTH_FAILED_SSL:
MXS_DEBUG("%lu [gw_read_client_event] client is "
"not SSL capable for SSL listener. fd %d, "
"state = MYSQL_FAILED_AUTH_SSL.",
pthread_self(),
dcb->fd);
"state = MYSQL_FAILED_AUTH_SSL.", pthread_self(), dcb->fd);
/** Send ERR 1045 to client */
mysql_send_auth_error(dcb,
packet_number,
0,
"Access without SSL denied");
mysql_send_auth_error(dcb, packet_number, 0, "Access without SSL denied");
break;
case MXS_AUTH_SSL_INCOMPLETE:
MXS_DEBUG("%lu [gw_read_client_event] unable to "
"complete SSL authentication. fd %d, "
"state = MYSQL_AUTH_SSL_INCOMPLETE.",
pthread_self(),
dcb->fd);
"state = MYSQL_AUTH_SSL_INCOMPLETE.", pthread_self(), dcb->fd);
/** Send ERR 1045 to client */
mysql_send_auth_error(dcb,
packet_number,
0,
mysql_send_auth_error(dcb, packet_number, 0,
"failed to complete SSL authentication");
break;
case MXS_AUTH_FAILED:
MXS_DEBUG("%lu [gw_read_client_event] authentication failed. fd %d, "
"state = MYSQL_FAILED_AUTH.",
pthread_self(),
dcb->fd);
"state = MYSQL_FAILED_AUTH.", pthread_self(), dcb->fd);
/** Send error 1045 to client */
fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
dcb->remote,
(char*)((MYSQL_session *)dcb->data)->client_sha1,
(char*)((MYSQL_session *)dcb->data)->db, auth_val);
fail_str = create_auth_fail_str(session->user, dcb->remote,
session->auth_token_len > 0,
session->db, auth_val);
modutil_send_mysql_err_packet(dcb, packet_number, 0, 1045, "28000", fail_str);
break;
default:
MXS_DEBUG("%lu [gw_read_client_event] authentication failed. fd %d, "
"state unrecognized.",
pthread_self(),
dcb->fd);
"state unrecognized.", pthread_self(), dcb->fd);
/** Send error 1045 to client */
fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
dcb->remote,
(char*)((MYSQL_session *)dcb->data)->client_sha1,
(char*)((MYSQL_session *)dcb->data)->db, auth_val);
fail_str = create_auth_fail_str(session->user, dcb->remote,
session->auth_token_len > 0,
session->db, auth_val);
modutil_send_mysql_err_packet(dcb, packet_number, 0, 1045, "28000", fail_str);
}
MXS_FREE(fail_str);

15
server/modules/protocol/MySQL/mysql_common.c
View File

@ -925,16 +925,17 @@ char* create_auth_failed_msg(GWBUF*readbuf,
/**
* Create a message error string to send via MySQL ERR packet.
*
* @param username the MySQL user
* @param hostaddr the client IP
* @param sha1 authentication scramble data
* @param db the MySQL db to connect to
* @param username The MySQL user
* @param hostaddr The client IP
* @param password If client provided a password
* @param db The default database the client requested
* @param errcode Authentication error code
*
* @return Pointer to the allocated string or NULL on failure
*/
char *create_auth_fail_str(char *username,
char *hostaddr,
char *sha1,
bool password,
char *db,
int errcode)
{
@ -974,7 +975,7 @@ char *create_auth_fail_str(char *username,
if (db_len > 0)
{
sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"), db);
sprintf(errstr, ferrstr, username, hostaddr, password ? "YES": "NO", db);
}
else if (errcode == MXS_AUTH_FAILED_SSL)
{
@ -982,7 +983,7 @@ char *create_auth_fail_str(char *username,
}
else
{
sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"));
sprintf(errstr, ferrstr, username, hostaddr, password ? "YES" : "NO");
}
retblock: