Merge branch '2.3' into develop

2019-01-24 17:00:51 +02:00 · 2019-01-24 17:00:51 +02:00 · efb8dd9c06
commit efb8dd9c06
parent f559bf3d95 0f26a8bed6
3 changed files with 61 additions and 6 deletions
--- a/Documentation/Authenticators/PAM-Authenticator.md
+++ b/Documentation/Authenticators/PAM-Authenticator.md
@ -47,6 +47,30 @@ auth            required        pam_unix.so
 account         required        pam_unix.so
 ```

+## Anonymous user mapping
+
+The MaxScale PAM authenticator supports a limited version of
+[user mapping](https://mariadb.com/kb/en/library/user-and-group-mapping-with-pam/).
+Anonymous mapping is enabled in MaxScale if the following user exists:
+- Empty username and wildcard host (`''@'%'`)
+- `plugin = 'pam'`
+- Proxy grant is on (The query `SHOW GRANTS FOR ''@'%';` returns `GRANT PROXY ON ...`
+
+When the authenticator detects such a user, anonymous account mapping is enabled.
+To verify this, search the MaxScale log for "Anonymous PAM user with proxy grant
+found. User account mapping enabled." When mapping is on, the PAM authenticator
+does not require client accounts to exist in the `mysql.user`-table received from
+the backend. It will simply authenticate the client to the local machine with
+the username and password supplied. The PAM service used for authentication is
+read from the `authentication_string`-field of the anonymous user. If authentication
+was successful, MaxScale then uses the username and password to log to the backends.
+
+Anonymous mapping is only attempted if the client username is not found in the
+`mysql.user`-table as explained in [Configuration](#configuration). This means,
+that if a user is found and the authentication fails, anonymous authentication
+is not attempted even when it could use a different PAM service with a different
+outcome.
+
 ## Implementation details and limitations

 The PAM general authentication scheme is difficult for a proxy such as MaxScale.
--- a/script/maxscale_generate_support_info.py
+++ b/script/maxscale_generate_support_info.py
@ -88,6 +88,13 @@ def main(argv):
        print(format_str.format(file_name))
        output_file.writestr(file_name, contents)

+    # Run some commands to gather general system info.
+    contents = get_system_info()
+    if len(contents) > 0:
+        file_name = "system_info.txt"
+        print(format_str.format(file_name))
+        output_file.writestr(file_name, contents)
+
    output_file.close()


@ -197,5 +204,29 @@ def read_core_file():
    return core_file_contents


+def get_system_info():
+    commands = ["cat /etc/os-release", "lscpu", "cat /proc/meminfo"]
+    total_output = ""
+    for command in commands:
+        try:
+            output_bytes = subprocess.check_output(command, shell=True, stderr=subprocess.PIPE)
+        except subprocess.CalledProcessError as e:
+            # If a command fails, try the next one. It may work.
+            message = "Error gathering system info: command \"{}\" returned {}".format(
+                command, e.returncode)
+            total_output += command + "\n" + message + "\n"
+            print(message)
+        except IOError as e:
+            message = "Error gathering system info: command \"{}\" could not be ran: {}".format(
+                command, e.strerror)
+            total_output += command + "\n" + message + "\n"
+            print(message)
+        else:
+            if len(output_bytes) > 0:
+                total_output += command + "\n" + output_bytes.decode("utf-8") + "\n"
+
+    return total_output
+
+
 if __name__ == "__main__":
    main(sys.argv)
--- a/server/maxscale.cnf.template
+++ b/server/maxscale.cnf.template
@ -1,10 +1,10 @@
 # MaxScale documentation:
-# https://mariadb.com/kb/en/mariadb-enterprise/mariadb-maxscale-22/
+# https://mariadb.com/kb/en/mariadb-enterprise/mariadb-maxscale-23/

 # Global parameters
 #
 # Complete list of configuration options:
-# https://mariadb.com/kb/en/mariadb-enterprise/mariadb-maxscale-22-mariadb-maxscale-configuration-usage-scenarios/
+# https://mariadb.com/kb/en/mariadb-maxscale-23-mariadb-maxscale-configuration-usage-scenarios/

 [maxscale]
 threads=auto
@ -25,7 +25,7 @@ protocol=MariaDBBackend
 #
 # This will keep MaxScale aware of the state of the servers.
 # MariaDB Monitor documentation:
-# https://mariadb.com/kb/en/mariadb-enterprise/mariadb-maxscale-22-mariadb-monitor/
+# https://mariadb.com/kb/en/mariadb-maxscale-23-mariadb-monitor/

 [MariaDB-Monitor]
 type=monitor
@ -42,7 +42,7 @@ monitor_interval=2000
 #

 # ReadConnRoute documentation:
-# https://mariadb.com/kb/en/mariadb-enterprise/mariadb-maxscale-22-readconnroute/
+# https://mariadb.com/kb/en/mariadb-maxscale-23-readconnroute/

 [Read-Only-Service]
 type=service
@ -53,7 +53,7 @@ password=mypwd
 router_options=slave

 # ReadWriteSplit documentation:
-# https://mariadb.com/kb/en/mariadb-enterprise/mariadb-maxscale-22-readwritesplit/
+# https://mariadb.com/kb/en/mariadb-maxscale-23-readwritesplit/

 [Read-Write-Service]
 type=service
@ -64,7 +64,7 @@ password=mypwd

 # This service enables the use of the MaxAdmin interface
 # MaxScale administration guide:
-# https://mariadb.com/kb/en/mariadb-enterprise/mariadb-maxscale-22-maxadmin-admin-interface/
+# https://mariadb.com/kb/en/mariadb-maxscale-23-maxadmin-admin-interface/

 [MaxAdmin-Service]
 type=service