From 65033313a7b02b937b91df9015cb051b2208e82e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Tue, 20 Mar 2018 14:25:51 +0200 Subject: [PATCH 1/7] MXS-1701: Fix build instructions Corrected the documentation on building from source and fixed a missing variable check for the luafilter. --- .../Building-MaxScale-from-Source-Code.md | 6 +++--- cmake/defaults.cmake | 2 +- .../modules/filter/luafilter/CMakeLists.txt | 20 ++++++++++--------- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md b/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md index 952f98dd0..ce947c970 100644 --- a/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md +++ b/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md @@ -42,7 +42,7 @@ sudo apt-get install git build-essential libssl-dev ncurses-dev bison flex \ git clone https://github.com/mariadb-corporation/MaxScale mkdir build cd build -cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr +cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_CDC=N -DBUILD_MAXCTRL=N -DBUILD_LUA=N make sudo make install sudo ./postinst @@ -96,10 +96,10 @@ The next step is to configure MariaDB MaxScale. You only need to execute the fol command to configure the build. ``` -cmake ../MaxScale -DBUILD_TESTS=Y +cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_CDC=N -DBUILD_MAXCTRL=N -DBUILD_LUA=N ``` -This will install MariaDB MaxScale into `/usr/local/` and build the tests. The tests and +This will install MariaDB MaxScale into `/usr/` and build the tests. The tests and other parts of the installation can be controlled via CMake arguments. Here is a small table with the names of the most common parameters and what diff --git a/cmake/defaults.cmake b/cmake/defaults.cmake index 12cdff8a2..548b1674a 100644 --- a/cmake/defaults.cmake +++ b/cmake/defaults.cmake @@ -31,7 +31,7 @@ set(BUILD_MMMON TRUE CACHE BOOL "Build multimaster monitor") set(BUILD_MAXCTRL TRUE CACHE BOOL "Build MaxCtrl") # Build Luafilter -set(BUILD_LUAFILTER FALSE CACHE BOOL "Build Luafilter") +set(BUILD_LUAFILTER TRUE CACHE BOOL "Build Luafilter") # Use gcov build flags set(GCOV FALSE CACHE BOOL "Use gcov build flags") diff --git a/server/modules/filter/luafilter/CMakeLists.txt b/server/modules/filter/luafilter/CMakeLists.txt index bda0c2c53..70993a027 100644 --- a/server/modules/filter/luafilter/CMakeLists.txt +++ b/server/modules/filter/luafilter/CMakeLists.txt @@ -1,10 +1,12 @@ -find_package(Lua) -if(LUA_FOUND) - include_directories(${LUA_INCLUDE_DIR}) - add_library(luafilter SHARED luafilter.c) - set_target_properties(luafilter PROPERTIES VERSION "1.0.0") - target_link_libraries(luafilter maxscale-common ${LUA_LIBRARIES}) - install_module(luafilter experimental) -else() - message(STATUS "Lua was not found, luafilter will not be built.") +if (BUILD_LUAFILTER) + find_package(Lua) + if(LUA_FOUND) + include_directories(${LUA_INCLUDE_DIR}) + add_library(luafilter SHARED luafilter.c) + set_target_properties(luafilter PROPERTIES VERSION "1.0.0") + target_link_libraries(luafilter maxscale-common ${LUA_LIBRARIES}) + install_module(luafilter experimental) + else() + message(STATUS "Lua was not found, luafilter will not be built.") + endif() endif() From 17c26164ceaa376b880d33bfd8bc4e499085f474 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Wed, 21 Mar 2018 14:57:15 +0200 Subject: [PATCH 2/7] MXS-1701: Refer to the build scripts Instead of keeping the same information in two places, the build instructions can simply refer to the actual build script used to prepare the MaxScale builds. This makes the build process easier. --- .../Building-MaxScale-from-Source-Code.md | 147 +++--------------- 1 file changed, 18 insertions(+), 129 deletions(-) diff --git a/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md b/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md index ce947c970..be7621fab 100644 --- a/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md +++ b/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md @@ -12,95 +12,32 @@ requirements are as follows: * libuuid * GNUTLS +This is the minimum set of requirements that must be met to build the MaxScale +core package. + ## Quickstart -This installs MaxScale as if it was installed from a package. - -### Install dependencies - -CentOS 7: - -``` -sudo yum install git gcc gcc-c++ ncurses-devel bison flex glibc-devel cmake \ - libgcc perl make libtool openssl openssl-devel pcre-devel \ - tcl tcl-devel systemtap-sdt-devel libuuid libuuid-devel sqlite sqlite-devel \ - gnutls-devel libgcrypt-devel -``` - -Ubuntu 16.04: - -``` -sudo apt-get update -sudo apt-get install git build-essential libssl-dev ncurses-dev bison flex \ - cmake perl libtool libpcre3-dev tcl tcl-dev uuid \ - uuid-dev libsqlite3-dev gnutls-dev libgcrypt20-dev -``` - -### Build and Install MaxScale +This installs MaxScale as if it was installed from a package. Install `git` before running the following commands. ``` git clone https://github.com/mariadb-corporation/MaxScale mkdir build cd build -cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_CDC=N -DBUILD_MAXCTRL=N -DBUILD_LUA=N +../MaxScale/BUILD/install_build_deps.sh +cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr make sudo make install sudo ./postinst ``` -## Required packages +## Required Packages -### Required packages on CentOS/RHEL systems +For a definitive list of packages, consult the +[install_build_deps.sh](../../BUILD/install_build_deps.sh) script. -The following packages are required on CentOS/RHEL 7. Older releases may require -other packages in addition to these. +## Configuring the Build -``` -git gcc gcc-c++ ncurses-devel bison flex glibc-devel cmake libgcc perl make \ -libtool openssl openssl-devel pcre-devel tcl tcl-devel \ -systemtap-sdt-devel libuuid libuuid-devel sqlite sqlite-devel -gnutls-devel libgcrypt-devel -``` - -### Required packages on Ubuntu and Debian systems - -The following packages are required on Ubuntu 16.04. Different releases may -require other packages in addition to these. - -``` -git build-essential libssl-dev ncurses-dev bison flex cmake perl libtool \ - libpcre3-dev tlc tcl-dev uuid uuid-dev sqlite3-dev -libgnutls30 libgcrypt20 -``` - -## Preparing the MariaDB MaxScale build - -Clone the MariaDB MaxScale repository from GitHub. - -``` -git clone https://github.com/mariadb-corporation/MaxScale -``` - -Create a separate build directory where you can safely build MariaDB MaxScale -without altering the source code. Change the working directory to the -directory we just created. - -``` -mkdir build -cd build -``` - -## Configuring the build - -The next step is to configure MariaDB MaxScale. You only need to execute the following -command to configure the build. - -``` -cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_CDC=N -DBUILD_MAXCTRL=N -DBUILD_LUA=N -``` - -This will install MariaDB MaxScale into `/usr/` and build the tests. The tests and -other parts of the installation can be controlled via CMake arguments. +The tests and other parts of the build can be controlled via CMake arguments. Here is a small table with the names of the most common parameters and what they control. These should all be given as parameters to the -D switch in @@ -118,15 +55,10 @@ _NAME_=_VALUE_ format (e.g. `-DBUILD_TESTS=Y`). **Note**: You can look into [defaults.cmake](../../cmake/defaults.cmake) for a list of the CMake variables. -## Building MariaDB MaxScale +## `make test` and Other Useful Targets -Once the configuration is complete, you can compile, test and install MariaDB MaxScale. - -``` -make -make test -sudo make install -``` +To run the MaxScale unit test suite, configure the build with `-DBUILD_TESTS=Y`, +compile and then run the `make test` command. Other useful targets for Make are `documentation`, which generates the Doxygen documentation, and `uninstall` which uninstall MariaDB MaxScale binaries after an install. @@ -138,53 +70,10 @@ and `uninstall` which uninstall MariaDB MaxScale binaries after an install. # Building MariaDB MaxScale packages -In addition to the packages needed to build MariaDB MaxScale, you will need the -packaging libraries for your system and CMake version 2.8.12 or later. - -### CentOS/RHEL systems - -``` -sudo yum install rpm-build -``` - -### Ubuntu and Debian systems - -``` -sudo apt-get install dpkg-dev -``` - -Next step is to clone the MariaDB MaxScale repository from GitHub. If you already -cloned it when building MariaDB MaxScale, this step can be skipped. - -``` -git clone https://github.com/mariadb-corporation/MaxScale -``` - -Create a packaging directory and change the working directory to the -directory we just created. - -``` -mkdir packaging -cd packaging -``` - -Configure the build, giving it the same arguments we gave in the previous -section with a few changes. The only new thing is the `-DPACKAGE=Y` argument -which allows us to build packages. The `-DCMAKE_INSTALL_PREFIX` was removed since -we aren't installing MariaDB MaxScale, only packaging it. - -``` -cmake ../MaxScale -DPACKAGE=Y -``` - -Next step is to build the package. - -``` -make -make package -``` - -This will create a RPM/DEB package. +If you wish to build packages, just add `-DPACKAGE=Y` to the CMake invocation +and build the package with `make package` instead of installing MaxScale with +`make install`. This process will create a RPM/DEB package depending on your +system. To build a tarball, add `-DTARBALL=Y` to the cmake invokation. This will create a _maxscale-x.y.z.tar.gz_ file where _x.y.z_ is the version number. From 48e2b50e6892c5a7fc5a6935b24d264055861224 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Wed, 21 Mar 2018 17:00:01 +0200 Subject: [PATCH 3/7] MXS-1731: Persist only non-empty values When the service configurations are persisted, they need to be valid. This means that no empty values are written into the file. --- server/core/service.cc | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/server/core/service.cc b/server/core/service.cc index 622a0742c..f4727865a 100644 --- a/server/core/service.cc +++ b/server/core/service.cc @@ -2392,11 +2392,19 @@ static bool create_service_config(const SERVICE *service, const char *filename) dprintf(file, "%s=%s\n", CN_STRIP_DB_ESC, service->strip_db_esc ? "true" : "false"); dprintf(file, "%s=%s\n", CN_LOCALHOST_MATCH_WILDCARD_HOST, service->localhost_match_wildcard_host ? "true" : "false"); - dprintf(file, "%s=%s\n", CN_VERSION_STRING, service->version_string); - dprintf(file, "%s=%s\n", CN_WEIGHTBY, service->weightby); dprintf(file, "%s=%s\n", CN_LOG_AUTH_WARNINGS, service->log_auth_warnings ? "true" : "false"); dprintf(file, "%s=%s\n", CN_RETRY_ON_FAILURE, service->retry_start ? "true" : "false"); + if (*service->version_string) + { + dprintf(file, "%s=%s\n", CN_VERSION_STRING, service->version_string); + } + + if (*service->weightby) + { + dprintf(file, "%s=%s\n", CN_WEIGHTBY, service->weightby); + } + if (service->dbref) { dprintf(file, "%s=", CN_SERVERS); From 7be6f52d4a206dc9e926415413c9947209d9c78f Mon Sep 17 00:00:00 2001 From: Johan Wikman Date: Wed, 21 Mar 2018 20:06:44 +0200 Subject: [PATCH 4/7] MXS-1733 Add test for revealing the problem --- .../masking_mysqltest/masking_rules.json | 9 +++++++++ .../masking_mysqltest/r/masking_mxs1733.result | 11 +++++++++++ .../masking_mysqltest/t/masking_mxs1733.test | 17 +++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 maxscale-system-test/masking/masking_mysqltest/r/masking_mxs1733.result create mode 100644 maxscale-system-test/masking/masking_mysqltest/t/masking_mxs1733.test diff --git a/maxscale-system-test/masking/masking_mysqltest/masking_rules.json b/maxscale-system-test/masking/masking_mysqltest/masking_rules.json index 6b7dd4964..17f6c5b67 100644 --- a/maxscale-system-test/masking/masking_mysqltest/masking_rules.json +++ b/maxscale-system-test/masking/masking_mysqltest/masking_rules.json @@ -39,6 +39,15 @@ "value": "01234-BCD", "fill": "X#@" } + }, + { + "replace": { + "table": "masking_mxs1733", + "column": "email" + }, + "with": { + "fill": "*" + } } ] } diff --git a/maxscale-system-test/masking/masking_mysqltest/r/masking_mxs1733.result b/maxscale-system-test/masking/masking_mysqltest/r/masking_mxs1733.result new file mode 100644 index 000000000..b4f053eaa --- /dev/null +++ b/maxscale-system-test/masking/masking_mysqltest/r/masking_mxs1733.result @@ -0,0 +1,11 @@ +drop database if exists maskingdb; +create database maskingdb; +use maskingdb; +create table masking_mxs1733 (email TEXT); +insert into masking_mxs1733 values ("john@example.com"); +select * from masking_mxs1733; +email +**************** +select * from masking_mxs1733 UNION select * from masking_mxs1733; +email +**************** diff --git a/maxscale-system-test/masking/masking_mysqltest/t/masking_mxs1733.test b/maxscale-system-test/masking/masking_mysqltest/t/masking_mxs1733.test new file mode 100644 index 000000000..acb4b6d97 --- /dev/null +++ b/maxscale-system-test/masking/masking_mysqltest/t/masking_mxs1733.test @@ -0,0 +1,17 @@ +# +# MXS-1733 +# +# See ../masking_rules.json + +--disable_warnings +drop database if exists maskingdb; +--enable_warnings + +create database maskingdb; +use maskingdb; + +create table masking_mxs1733 (email TEXT); +insert into masking_mxs1733 values ("john@example.com"); + +select * from masking_mxs1733; +select * from masking_mxs1733 UNION select * from masking_mxs1733; From 033ef59c0174ef4085ace29e0aaac277dba4b2a8 Mon Sep 17 00:00:00 2001 From: Johan Wikman Date: Wed, 21 Mar 2018 20:15:44 +0200 Subject: [PATCH 5/7] MXS-1733 Match empty values If a table/database rule has been provided then if the resultset does not contain table/database names, then we consider it a match (subject to the column obviously). Otherwise a rule like { "replace": { "table": "info", "column": "email" }, "with": { "fill": "*" } } could be bypassed with a statement like SELECT * FROM info UNION SELECT * from info as the resultset in that case will not indicate that the column emain is from info, which it will if the statement is SELECT * FROM info; --- server/modules/filter/masking/maskingrules.cc | 12 ++++++++++-- server/modules/filter/masking/mysql.hh | 8 ++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/server/modules/filter/masking/maskingrules.cc b/server/modules/filter/masking/maskingrules.cc index 5a56a0051..42ecdad13 100644 --- a/server/modules/filter/masking/maskingrules.cc +++ b/server/modules/filter/masking/maskingrules.cc @@ -1071,10 +1071,18 @@ bool MaskingRules::Rule::matches(const ComQueryResponse::ColumnDef& column_def, const char* zUser, const char* zHost) const { + const LEncString& table = column_def.org_table(); + const LEncString& database = column_def.schema(); + + // If the resultset does not contain table and database names, as will + // be the case in e.g. "SELECT * FROM table UNION SELECT * FROM table", + // we consider it a match if a table or database have been provided. + // Otherwise it would be easy to bypass a table/database rule. + bool match = (m_column == column_def.org_name()) && - (m_table.empty() || (m_table == column_def.org_table())) && - (m_database.empty() || (m_database == column_def.schema())); + (m_table.empty() || table.empty() || (m_table == table)) && + (m_database.empty() || database.empty() || (m_database == database)); if (match) { diff --git a/server/modules/filter/masking/mysql.hh b/server/modules/filter/masking/mysql.hh index a15df7133..47654e458 100644 --- a/server/modules/filter/masking/mysql.hh +++ b/server/modules/filter/masking/mysql.hh @@ -284,6 +284,14 @@ public: return m_length; } + /** + * @return True if the string is empty, false otherwise. + */ + bool empty() const + { + return m_length == 0; + } + /** * Compare for equality. * From d948fb2dfcaf2bcde940ee349aa46108f71d5d91 Mon Sep 17 00:00:00 2001 From: Johan Wikman Date: Wed, 21 Mar 2018 20:35:17 +0200 Subject: [PATCH 6/7] MXS-1733 Add documentation --- Documentation/Filters/Masking.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/Documentation/Filters/Masking.md b/Documentation/Filters/Masking.md index 6c9cea40c..90df5f52b 100644 --- a/Documentation/Filters/Masking.md +++ b/Documentation/Filters/Masking.md @@ -197,6 +197,31 @@ specified name. ``` +**NOTE** If a rule contains a table/database then if the resultset +does _not_ contain table/database information, it will always be +considered a match if the column matches. For instance, given the +rule above, if there is a table `person2`, also containing an `ssn` +field, then a query like +``` +SELECT ssn FROM person2; +``` +will not return masked values, but a query like +``` +SELECT ssn FROM person UNION SELECT ssn FROM person2; +``` +will _only_ return masked values, even if the `ssn` values from +`person2` in principle should not be masked. The same effect is +observed even with a non-sensical query like +``` +SELECT ssn FROM person2 UNION SELECT ssn FROM person2; +``` +even if nothing from `person2` should be masked. The reason is that +as the resultset contains no table information, the values must be +masked if the column name matches, as otherwise the masking could +easily be circumvented with a query like +``` +SELECT ssn FROM person UNION SELECT ssn FROM person; +``` The optional key `match` makes partial replacement of the original value possible: only the matched part would be replaced From 3af53642331388733961cc5c05792addf58ebc7c Mon Sep 17 00:00:00 2001 From: Johan Wikman Date: Wed, 21 Mar 2018 20:44:29 +0200 Subject: [PATCH 7/7] Add 2.2.4 release notes --- .../MaxScale-2.2.4-Release-Notes.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 Documentation/Release-Notes/MaxScale-2.2.4-Release-Notes.md diff --git a/Documentation/Release-Notes/MaxScale-2.2.4-Release-Notes.md b/Documentation/Release-Notes/MaxScale-2.2.4-Release-Notes.md new file mode 100644 index 000000000..199b6e7ae --- /dev/null +++ b/Documentation/Release-Notes/MaxScale-2.2.4-Release-Notes.md @@ -0,0 +1,44 @@ +# MariaDB MaxScale 2.2.4 Release Notes -- 2018-03 + +Release 2.2.4 is a GA release. + +This document describes the changes in release 2.2.4, when compared to +release 2.2.3. + +For any problems you encounter, please consider submitting a bug +report at [Jira](https://jira.mariadb.org). + +## Changed Features + +### Masking is stricter + +If a masking rule specifies the table/database in addition to the column +name, then if a resultset does not contain table/database information, it +is considered a match if the column name matches. Please consult the +[documentation](../Filters/Masking.md) for details. + +## Dropped Features + +## New Features + +## Bug fixes + +## Known Issues and Limitations + +There are some limitations and known issues within this version of MaxScale. +For more information, please refer to the [Limitations](../About/Limitations.md) document. + +## Packaging + +RPM and Debian packages are provided for the Linux distributions supported +by MariaDB Enterprise. + +Packages can be downloaded [here](https://mariadb.com/resources/downloads). + +## Source Code + +The source code of MaxScale is tagged at GitHub with a tag, which is identical +with the version of MaxScale. For instance, the tag of version X.Y.Z of MaxScale +is X.Y.Z. Further, *master* always refers to the latest released non-beta version. + +The source code is available [here](https://github.com/mariadb-corporation/MaxScale).