Make service and monitor permissions checks optional

MaxScale shouldn't require the service and monitor user checks. It makes sense to disable the checks to speed up the startup process when the user knows that the permissions are OK.
2016-09-13 21:22:36 +03:00
parent ff7634113b
commit e01b4a33fd
5 changed files with 22 additions and 1 deletions
--- a/Documentation/Getting-Started/Configuration-Guide.md
+++ b/Documentation/Getting-Started/Configuration-Guide.md
@ -113,6 +113,15 @@ Enable or disable the high precision timestamps in logfiles. Enabling this adds
 ms_timestamp=1
 ```

+#### `skip_permission_checks`
+
+Skip service and monitor user permission checks. This is useful when
+you know the permissions are OK and you want to speed up the startup
+process.
+
+It is recommended to leave the permission checks on so that any
+missing privileges are detected when maxscale is starting up.
+
 #### `syslog`
 Enable or disable the logging of messages to *syslog*.

--- a/server/core/config.c
+++ b/server/core/config.c
@ -957,6 +957,10 @@ handle_global_item(const char *name, const char *value)
    {
        mxs_log_set_highprecision_enabled(config_truth_value((char*)value));
    }
+    else if (strcmp(name, "skip_permission_checks") == 0)
+    {
+        gateway.skip_permission_checks = config_truth_value((char*)value);
+    }
    else if (strcmp(name, "auth_connect_timeout") == 0)
    {
        char* endptr;
@ -1301,6 +1305,7 @@ global_defaults()
    gateway.auth_conn_timeout = DEFAULT_AUTH_CONNECT_TIMEOUT;
    gateway.auth_read_timeout = DEFAULT_AUTH_READ_TIMEOUT;
    gateway.auth_write_timeout = DEFAULT_AUTH_WRITE_TIMEOUT;
+    gateway.skip_permission_checks = false;
    if (version_string != NULL)
    {
        gateway.version_string = MXS_STRDUP_A(version_string);
--- a/server/core/dbusers.c
+++ b/server/core/dbusers.c
@ -2689,7 +2689,8 @@ static bool check_server_permissions(SERVICE *service, SERVER* server,
 */
 bool check_service_permissions(SERVICE* service)
 {
-    if (is_internal_service(service->routerModule))
+    if (is_internal_service(service->routerModule) ||
+        config_get_global_options()->skip_permission_checks)
    {
        return true;
    }
--- a/server/core/monitor.c
+++ b/server/core/monitor.c
@ -543,6 +543,11 @@ bool check_monitor_permissions(MONITOR* monitor, const char* query)
        return false;
    }

+    if (config_get_global_options()->skip_permission_checks)
+    {
+        return true;
+    }
+
    char *user = monitor->user;
    char *dpasswd = decryptPassword(monitor->password);
    GATEWAY_CONF* cnf = config_get_global_options();
--- a/server/include/maxconfig.h
+++ b/server/include/maxconfig.h
@ -121,6 +121,7 @@ typedef struct
    unsigned int  auth_conn_timeout;                   /**< Connection timeout for the user authentication */
    unsigned int  auth_read_timeout;                   /**< Read timeout for the user authentication */
    unsigned int  auth_write_timeout;                  /**< Write timeout for the user authentication */
+    bool          skip_permission_checks;              /**< Skip service and monitor permission checks */
    char          qc_name[PATH_MAX];                   /**< The name of the query classifier to load */
    char*         qc_args;                             /**< Arguments for the query classifier */
 } GATEWAY_CONF;