From e01b4a33fdc1ae3cf6faac789ed4746ea0a0086c Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 13 Sep 2016 21:22:36 +0300 Subject: [PATCH] Make service and monitor permissions checks optional MaxScale shouldn't require the service and monitor user checks. It makes sense to disable the checks to speed up the startup process when the user knows that the permissions are OK. --- Documentation/Getting-Started/Configuration-Guide.md | 9 +++++++++ server/core/config.c | 5 +++++ server/core/dbusers.c | 3 ++- server/core/monitor.c | 5 +++++ server/include/maxconfig.h | 1 + 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 33ea2ab46..a4e863282 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -113,6 +113,15 @@ Enable or disable the high precision timestamps in logfiles. Enabling this adds ms_timestamp=1 ``` +#### `skip_permission_checks` + +Skip service and monitor user permission checks. This is useful when +you know the permissions are OK and you want to speed up the startup +process. + +It is recommended to leave the permission checks on so that any +missing privileges are detected when maxscale is starting up. + #### `syslog` Enable or disable the logging of messages to *syslog*. diff --git a/server/core/config.c b/server/core/config.c index b1cbb41e8..baaec3596 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -957,6 +957,10 @@ handle_global_item(const char *name, const char *value) { mxs_log_set_highprecision_enabled(config_truth_value((char*)value)); } + else if (strcmp(name, "skip_permission_checks") == 0) + { + gateway.skip_permission_checks = config_truth_value((char*)value); + } else if (strcmp(name, "auth_connect_timeout") == 0) { char* endptr; @@ -1301,6 +1305,7 @@ global_defaults() gateway.auth_conn_timeout = DEFAULT_AUTH_CONNECT_TIMEOUT; gateway.auth_read_timeout = DEFAULT_AUTH_READ_TIMEOUT; gateway.auth_write_timeout = DEFAULT_AUTH_WRITE_TIMEOUT; + gateway.skip_permission_checks = false; if (version_string != NULL) { gateway.version_string = MXS_STRDUP_A(version_string); diff --git a/server/core/dbusers.c b/server/core/dbusers.c index d49a9698e..7927e1a90 100644 --- a/server/core/dbusers.c +++ b/server/core/dbusers.c @@ -2689,7 +2689,8 @@ static bool check_server_permissions(SERVICE *service, SERVER* server, */ bool check_service_permissions(SERVICE* service) { - if (is_internal_service(service->routerModule)) + if (is_internal_service(service->routerModule) || + config_get_global_options()->skip_permission_checks) { return true; } diff --git a/server/core/monitor.c b/server/core/monitor.c index 3741c3071..e2143b319 100644 --- a/server/core/monitor.c +++ b/server/core/monitor.c @@ -543,6 +543,11 @@ bool check_monitor_permissions(MONITOR* monitor, const char* query) return false; } + if (config_get_global_options()->skip_permission_checks) + { + return true; + } + char *user = monitor->user; char *dpasswd = decryptPassword(monitor->password); GATEWAY_CONF* cnf = config_get_global_options(); diff --git a/server/include/maxconfig.h b/server/include/maxconfig.h index 2e7970657..684af2376 100644 --- a/server/include/maxconfig.h +++ b/server/include/maxconfig.h @@ -121,6 +121,7 @@ typedef struct unsigned int auth_conn_timeout; /**< Connection timeout for the user authentication */ unsigned int auth_read_timeout; /**< Read timeout for the user authentication */ unsigned int auth_write_timeout; /**< Write timeout for the user authentication */ + bool skip_permission_checks; /**< Skip service and monitor permission checks */ char qc_name[PATH_MAX]; /**< The name of the query classifier to load */ char* qc_args; /**< Arguments for the query classifier */ } GATEWAY_CONF;