Make service and monitor permissions checks optional

MaxScale shouldn't require the service and monitor user checks. It makes sense to disable the checks to speed up the startup process when the user knows that the permissions are OK.
2016-09-13 21:22:36 +03:00
parent ff7634113b
commit e01b4a33fd
5 changed files with 22 additions and 1 deletions
--- a/server/core/config.c
+++ b/server/core/config.c
@ -957,6 +957,10 @@ handle_global_item(const char *name, const char *value)
    {
        mxs_log_set_highprecision_enabled(config_truth_value((char*)value));
    }
+    else if (strcmp(name, "skip_permission_checks") == 0)
+    {
+        gateway.skip_permission_checks = config_truth_value((char*)value);
+    }
    else if (strcmp(name, "auth_connect_timeout") == 0)
    {
        char* endptr;
@ -1301,6 +1305,7 @@ global_defaults()
    gateway.auth_conn_timeout = DEFAULT_AUTH_CONNECT_TIMEOUT;
    gateway.auth_read_timeout = DEFAULT_AUTH_READ_TIMEOUT;
    gateway.auth_write_timeout = DEFAULT_AUTH_WRITE_TIMEOUT;
+    gateway.skip_permission_checks = false;
    if (version_string != NULL)
    {
        gateway.version_string = MXS_STRDUP_A(version_string);
--- a/server/core/dbusers.c
+++ b/server/core/dbusers.c
@ -2689,7 +2689,8 @@ static bool check_server_permissions(SERVICE *service, SERVER* server,
 */
 bool check_service_permissions(SERVICE* service)
 {
-    if (is_internal_service(service->routerModule))
+    if (is_internal_service(service->routerModule) ||
+        config_get_global_options()->skip_permission_checks)
    {
        return true;
    }
--- a/server/core/monitor.c
+++ b/server/core/monitor.c
@ -543,6 +543,11 @@ bool check_monitor_permissions(MONITOR* monitor, const char* query)
        return false;
    }

+    if (config_get_global_options()->skip_permission_checks)
+    {
+        return true;
+    }
+
    char *user = monitor->user;
    char *dpasswd = decryptPassword(monitor->password);
    GATEWAY_CONF* cnf = config_get_global_options();
--- a/server/include/maxconfig.h
+++ b/server/include/maxconfig.h
@ -121,6 +121,7 @@ typedef struct
    unsigned int  auth_conn_timeout;                   /**< Connection timeout for the user authentication */
    unsigned int  auth_read_timeout;                   /**< Read timeout for the user authentication */
    unsigned int  auth_write_timeout;                  /**< Write timeout for the user authentication */
+    bool          skip_permission_checks;              /**< Skip service and monitor permission checks */
    char          qc_name[PATH_MAX];                   /**< The name of the query classifier to load */
    char*         qc_args;                             /**< Arguments for the query classifier */
 } GATEWAY_CONF;