hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.2' into develop

Browse Source
This commit is contained in:
Johan Wikman
2018-03-26 10:03:20 +03:00
parent a350de1275 3af5364233
commit cf547b9532
11 changed files with 163 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Documentation/Filters/Masking.md
View File

@ -197,6 +197,31 @@ specified name.
``` ```
**NOTE** If a rule contains a table/database then if the resultset
does _not_ contain table/database information, it will always be
considered a match if the column matches. For instance, given the
rule above, if there is a table `person2`, also containing an `ssn`
field, then a query like
```
SELECT ssn FROM person2;
```
will not return masked values, but a query like
```
SELECT ssn FROM person UNION SELECT ssn FROM person2;
```
will _only_ return masked values, even if the `ssn` values from
`person2` in principle should not be masked. The same effect is
observed even with a non-sensical query like
```
SELECT ssn FROM person2 UNION SELECT ssn FROM person2;
```
even if nothing from `person2` should be masked. The reason is that
as the resultset contains no table information, the values must be
masked if the column name matches, as otherwise the masking could
easily be circumvented with a query like
```
SELECT ssn FROM person UNION SELECT ssn FROM person;
```
The optional key `match` makes partial replacement of the original The optional key `match` makes partial replacement of the original
value possible: only the matched part would be replaced value possible: only the matched part would be replaced

145
Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md
View File

@ -12,95 +12,32 @@ requirements are as follows:
* libuuid * libuuid
* GNUTLS * GNUTLS
This is the minimum set of requirements that must be met to build the MaxScale
core package.
## Quickstart ## Quickstart
This installs MaxScale as if it was installed from a package. This installs MaxScale as if it was installed from a package. Install `git` before running the following commands.
### Install dependencies
CentOS 7:
```
sudo yum install git gcc gcc-c++ ncurses-devel bison flex glibc-devel cmake \
libgcc perl make libtool openssl openssl-devel pcre-devel \
tcl tcl-devel systemtap-sdt-devel libuuid libuuid-devel sqlite sqlite-devel \
gnutls-devel libgcrypt-devel
```
Ubuntu 16.04:
```
sudo apt-get update
sudo apt-get install git build-essential libssl-dev ncurses-dev bison flex \
cmake perl libtool libpcre3-dev tcl tcl-dev uuid \
uuid-dev libsqlite3-dev gnutls-dev libgcrypt20-dev
```
### Build and Install MaxScale
``` ```
git clone https://github.com/mariadb-corporation/MaxScale git clone https://github.com/mariadb-corporation/MaxScale
mkdir build mkdir build
cd build cd build
../MaxScale/BUILD/install_build_deps.sh
cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr
make make
sudo make install sudo make install
sudo ./postinst sudo ./postinst
``` ```
## Required packages ## Required Packages
### Required packages on CentOS/RHEL systems For a definitive list of packages, consult the
[install_build_deps.sh](../../BUILD/install_build_deps.sh) script.
The following packages are required on CentOS/RHEL 7. Older releases may require ## Configuring the Build
other packages in addition to these.
``` The tests and other parts of the build can be controlled via CMake arguments.
git gcc gcc-c++ ncurses-devel bison flex glibc-devel cmake libgcc perl make \
libtool openssl openssl-devel pcre-devel tcl tcl-devel \
systemtap-sdt-devel libuuid libuuid-devel sqlite sqlite-devel
gnutls-devel libgcrypt-devel
```
### Required packages on Ubuntu and Debian systems
The following packages are required on Ubuntu 16.04. Different releases may
require other packages in addition to these.
```
git build-essential libssl-dev ncurses-dev bison flex cmake perl libtool \
libpcre3-dev tlc tcl-dev uuid uuid-dev sqlite3-dev
libgnutls30 libgcrypt20
```
## Preparing the MariaDB MaxScale build
Clone the MariaDB MaxScale repository from GitHub.
```
git clone https://github.com/mariadb-corporation/MaxScale
```
Create a separate build directory where you can safely build MariaDB MaxScale
without altering the source code. Change the working directory to the
directory we just created.
```
mkdir build
cd build
```
## Configuring the build
The next step is to configure MariaDB MaxScale. You only need to execute the following
command to configure the build.
```
cmake ../MaxScale -DBUILD_TESTS=Y
```
This will install MariaDB MaxScale into `/usr/local/` and build the tests. The tests and
other parts of the installation can be controlled via CMake arguments.
Here is a small table with the names of the most common parameters and what Here is a small table with the names of the most common parameters and what
they control. These should all be given as parameters to the -D switch in they control. These should all be given as parameters to the -D switch in
@ -118,15 +55,10 @@ _NAME_=_VALUE_ format (e.g. `-DBUILD_TESTS=Y`).
**Note**: You can look into [defaults.cmake](../../cmake/defaults.cmake) for a **Note**: You can look into [defaults.cmake](../../cmake/defaults.cmake) for a
list of the CMake variables. list of the CMake variables.
## Building MariaDB MaxScale ## `make test` and Other Useful Targets
Once the configuration is complete, you can compile, test and install MariaDB MaxScale. To run the MaxScale unit test suite, configure the build with `-DBUILD_TESTS=Y`,
compile and then run the `make test` command.
```
make
make test
sudo make install
```
Other useful targets for Make are `documentation`, which generates the Doxygen documentation, Other useful targets for Make are `documentation`, which generates the Doxygen documentation,
and `uninstall` which uninstall MariaDB MaxScale binaries after an install. and `uninstall` which uninstall MariaDB MaxScale binaries after an install.
@ -138,53 +70,10 @@ and `uninstall` which uninstall MariaDB MaxScale binaries after an install.
# Building MariaDB MaxScale packages # Building MariaDB MaxScale packages
In addition to the packages needed to build MariaDB MaxScale, you will need the If you wish to build packages, just add `-DPACKAGE=Y` to the CMake invocation
packaging libraries for your system and CMake version 2.8.12 or later. and build the package with `make package` instead of installing MaxScale with
`make install`. This process will create a RPM/DEB package depending on your
### CentOS/RHEL systems system.
```
sudo yum install rpm-build
```
### Ubuntu and Debian systems
```
sudo apt-get install dpkg-dev
```
Next step is to clone the MariaDB MaxScale repository from GitHub. If you already
cloned it when building MariaDB MaxScale, this step can be skipped.
```
git clone https://github.com/mariadb-corporation/MaxScale
```
Create a packaging directory and change the working directory to the
directory we just created.
```
mkdir packaging
cd packaging
```
Configure the build, giving it the same arguments we gave in the previous
section with a few changes. The only new thing is the `-DPACKAGE=Y` argument
which allows us to build packages. The `-DCMAKE_INSTALL_PREFIX` was removed since
we aren't installing MariaDB MaxScale, only packaging it.
```
cmake ../MaxScale -DPACKAGE=Y
```
Next step is to build the package.
```
make
make package
```
This will create a RPM/DEB package.
To build a tarball, add `-DTARBALL=Y` to the cmake invokation. This will create To build a tarball, add `-DTARBALL=Y` to the cmake invokation. This will create
a _maxscale-x.y.z.tar.gz_ file where _x.y.z_ is the version number. a _maxscale-x.y.z.tar.gz_ file where _x.y.z_ is the version number.

44
Documentation/Release-Notes/MaxScale-2.2.4-Release-Notes.md Normal file
View File

@ -0,0 +1,44 @@
# MariaDB MaxScale 2.2.4 Release Notes -- 2018-03
Release 2.2.4 is a GA release.
This document describes the changes in release 2.2.4, when compared to
release 2.2.3.
For any problems you encounter, please consider submitting a bug
report at [Jira](https://jira.mariadb.org).
## Changed Features
### Masking is stricter
If a masking rule specifies the table/database in addition to the column
name, then if a resultset does not contain table/database information, it
is considered a match if the column name matches. Please consult the
[documentation](../Filters/Masking.md) for details.
## Dropped Features
## New Features
## Bug fixes
## Known Issues and Limitations
There are some limitations and known issues within this version of MaxScale.
For more information, please refer to the [Limitations](../About/Limitations.md) document.
## Packaging
RPM and Debian packages are provided for the Linux distributions supported
by MariaDB Enterprise.
Packages can be downloaded [here](https://mariadb.com/resources/downloads).
## Source Code
The source code of MaxScale is tagged at GitHub with a tag, which is identical
with the version of MaxScale. For instance, the tag of version X.Y.Z of MaxScale
is X.Y.Z. Further, *master* always refers to the latest released non-beta version.
The source code is available [here](https://github.com/mariadb-corporation/MaxScale).

2
cmake/defaults.cmake
View File

@ -31,7 +31,7 @@ set(BUILD_MMMON TRUE CACHE BOOL "Build multimaster monitor")
set(BUILD_MAXCTRL TRUE CACHE BOOL "Build MaxCtrl") set(BUILD_MAXCTRL TRUE CACHE BOOL "Build MaxCtrl")
# Build Luafilter # Build Luafilter
set(BUILD_LUAFILTER FALSE CACHE BOOL "Build Luafilter") set(BUILD_LUAFILTER TRUE CACHE BOOL "Build Luafilter")
# Use gcov build flags # Use gcov build flags
set(GCOV FALSE CACHE BOOL "Use gcov build flags") set(GCOV FALSE CACHE BOOL "Use gcov build flags")

9
maxscale-system-test/masking/masking_mysqltest/masking_rules.json
View File

@ -39,6 +39,15 @@
"value": "01234-BCD", "value": "01234-BCD",
"fill": "X#@" "fill": "X#@"
} }
},
{
"replace": {
"table": "masking_mxs1733",
"column": "email"
},
"with": {
"fill": "*"
}
} }
] ]
} }

11
maxscale-system-test/masking/masking_mysqltest/r/masking_mxs1733.result Normal file
View File

@ -0,0 +1,11 @@
drop database if exists maskingdb;
create database maskingdb;
use maskingdb;
create table masking_mxs1733 (email TEXT);
insert into masking_mxs1733 values ("john@example.com");
select * from masking_mxs1733;
email
****************
select * from masking_mxs1733 UNION select * from masking_mxs1733;
email
****************

17
maxscale-system-test/masking/masking_mysqltest/t/masking_mxs1733.test Normal file
View File

@ -0,0 +1,17 @@
#
# MXS-1733
#
# See ../masking_rules.json
--disable_warnings
drop database if exists maskingdb;
--enable_warnings
create database maskingdb;
use maskingdb;
create table masking_mxs1733 (email TEXT);
insert into masking_mxs1733 values ("john@example.com");
select * from masking_mxs1733;
select * from masking_mxs1733 UNION select * from masking_mxs1733;

12
server/core/service.cc
View File

@ -2392,11 +2392,19 @@ static bool create_service_config(const SERVICE *service, const char *filename)
dprintf(file, "%s=%s\n", CN_STRIP_DB_ESC, service->strip_db_esc ? "true" : "false"); dprintf(file, "%s=%s\n", CN_STRIP_DB_ESC, service->strip_db_esc ? "true" : "false");
dprintf(file, "%s=%s\n", CN_LOCALHOST_MATCH_WILDCARD_HOST, dprintf(file, "%s=%s\n", CN_LOCALHOST_MATCH_WILDCARD_HOST,
service->localhost_match_wildcard_host ? "true" : "false"); service->localhost_match_wildcard_host ? "true" : "false");
dprintf(file, "%s=%s\n", CN_VERSION_STRING, service->version_string);
dprintf(file, "%s=%s\n", CN_WEIGHTBY, service->weightby);
dprintf(file, "%s=%s\n", CN_LOG_AUTH_WARNINGS, service->log_auth_warnings ? "true" : "false"); dprintf(file, "%s=%s\n", CN_LOG_AUTH_WARNINGS, service->log_auth_warnings ? "true" : "false");
dprintf(file, "%s=%s\n", CN_RETRY_ON_FAILURE, service->retry_start ? "true" : "false"); dprintf(file, "%s=%s\n", CN_RETRY_ON_FAILURE, service->retry_start ? "true" : "false");
if (*service->version_string)
{
dprintf(file, "%s=%s\n", CN_VERSION_STRING, service->version_string);
}
if (*service->weightby)
{
dprintf(file, "%s=%s\n", CN_WEIGHTBY, service->weightby);
}
if (service->dbref) if (service->dbref)
{ {
dprintf(file, "%s=", CN_SERVERS); dprintf(file, "%s=", CN_SERVERS);

8
server/modules/filter/luafilter/CMakeLists.txt
View File

@ -1,10 +1,12 @@
find_package(Lua) if (BUILD_LUAFILTER)
if(LUA_FOUND) find_package(Lua)
if(LUA_FOUND)
include_directories(${LUA_INCLUDE_DIR}) include_directories(${LUA_INCLUDE_DIR})
add_library(luafilter SHARED luafilter.c) add_library(luafilter SHARED luafilter.c)
set_target_properties(luafilter PROPERTIES VERSION "1.0.0") set_target_properties(luafilter PROPERTIES VERSION "1.0.0")
target_link_libraries(luafilter maxscale-common ${LUA_LIBRARIES}) target_link_libraries(luafilter maxscale-common ${LUA_LIBRARIES})
install_module(luafilter experimental) install_module(luafilter experimental)
else() else()
message(STATUS "Lua was not found, luafilter will not be built.") message(STATUS "Lua was not found, luafilter will not be built.")
endif()
endif() endif()

12
server/modules/filter/masking/maskingrules.cc
View File

@ -1071,10 +1071,18 @@ bool MaskingRules::Rule::matches(const ComQueryResponse::ColumnDef& column_def,
const char* zUser, const char* zUser,
const char* zHost) const const char* zHost) const
{ {
const LEncString& table = column_def.org_table();
const LEncString& database = column_def.schema();
// If the resultset does not contain table and database names, as will
// be the case in e.g. "SELECT * FROM table UNION SELECT * FROM table",
// we consider it a match if a table or database have been provided.
// Otherwise it would be easy to bypass a table/database rule.
bool match = bool match =
(m_column == column_def.org_name()) && (m_column == column_def.org_name()) &&
(m_table.empty() || (m_table == column_def.org_table())) && (m_table.empty() || table.empty() || (m_table == table)) &&
(m_database.empty() || (m_database == column_def.schema())); (m_database.empty() || database.empty() || (m_database == database));
if (match) if (match)
{ {

8
server/modules/filter/masking/mysql.hh
View File

@ -284,6 +284,14 @@ public:
return m_length; return m_length;
} }
/**
* @return True if the string is empty, false otherwise.
*/
bool empty() const
{
return m_length == 0;
}
/** /**
* Compare for equality. * Compare for equality.
* *