MXS-2773: Make host blocking an optional feature

In cases where servers are known to be down on startup, this feature does more harm than good. Disabling it in these cases would be preferable but due to how the parameter is used, it is not possible.
2019-11-28 17:43:57 +02:00
parent 09e6d9eeae
commit ab8393939b
4 changed files with 27 additions and 14 deletions
--- a/server/core/config.cc
+++ b/server/core/config.cc
@ -2768,7 +2768,7 @@ static int handle_global_item(const char* name, const char* value)
    {
        char* endptr;
        int intval = strtol(value, &endptr, 0);
-        if (*endptr == '\0' && intval > 0)
+        if (*endptr == '\0' && intval >= 0)
        {
            gateway.max_auth_errors_until_block = intval;
        }
--- a/server/core/config_runtime.cc
+++ b/server/core/config_runtime.cc
@ -928,8 +928,9 @@ bool runtime_alter_maxscale(const char* name, const char* value)
    }
    else if (key == CN_MAX_AUTH_ERRORS_UNTIL_BLOCK)
    {
-        if (int intval = get_positive_int(value))
+        if (is_valid_integer(value))
        {
+            int intval = atoi(value);
            MXS_NOTICE("Updated '%s' from %d to %d",
                       CN_MAX_AUTH_ERRORS_UNTIL_BLOCK,
                       cnf.max_auth_errors_until_block,
--- a/server/core/listener.cc
+++ b/server/core/listener.cc
@ -65,27 +65,38 @@ public:
     */
    bool mark_auth_as_failed(const std::string& remote)
    {
-        auto& u = m_failures[remote];
-        u.last_failure = Clock::now();
-        return ++u.failures == config_get_global_options()->max_auth_errors_until_block;
+        bool rval = false;
+
+        if (int limit = config_get_global_options()->max_auth_errors_until_block)
+        {
+            auto& u = m_failures[remote];
+            u.last_failure = Clock::now();
+            rval = ++u.failures == limit;
+        }
+
+        return rval;
    }

    bool is_blocked(const std::string& remote)
    {
        bool rval = false;
-        auto it = m_failures.find(remote);

-        if (it != m_failures.end())
+        if (int limit = config_get_global_options()->max_auth_errors_until_block)
        {
-            auto& u = it->second;
+            auto it = m_failures.find(remote);

-            if (Clock::now() - u.last_failure > seconds(BLOCK_TIME))
+            if (it != m_failures.end())
            {
-                u.last_failure = Clock::now();
-                u.failures = 0;
-            }
+                auto& u = it->second;

-            rval = u.failures >= config_get_global_options()->max_auth_errors_until_block;
+                if (Clock::now() - u.last_failure > seconds(BLOCK_TIME))
+                {
+                    u.last_failure = Clock::now();
+                    u.failures = 0;
+                }
+
+                rval = u.failures >= limit;
+            }
        }

        return rval;