If normal authentication fails and a PAM service is defined, PAM authentication
is attempted. Separate services can be set for read-only users and admin-level
users.
By passing the raw password deeper into the authentication code, it can be
used to verify the user can access some systems. Right now, this is not
required by the simple salted password comparison done in MaxScale.
Removing the last admin account is now forbidden. This should prevent most
cases where users could lock themselves out of the administrative
interface.
This change does allow a non-root network user to be the last admin
account. In practice this does not prevent the root user from gaining
access to maxadmin. Access can be gained by removing the users file and
restarting MaxScale or by editing the users file by hand.
MaxAdmin can now create basic users for both network and UNIX domain
socket use. Currently the basic and admin types have the same permissions
in maxadmin but for the REST API, only admin accounts can modify MaxScale.
The users are now stored as an array of JSON objects. Legacy users are
automatically upgraded once they are loaded and a backup of the original
users file is created.
Removed the password parameter from the `remove user` maxadmin command as
well as all of the relevant functions. Requiring that an administrator
knows the password of the account to be deleted is not a sound requirement
now that, at least in theory, two types of accounts can be created.
The /users/ resource shows all user accounts that can be used with
MaxScale. This resource is further split into two resource collections,
/users/inet and /users/unix, which contain the network users and Linux
accounts respectively.
The admin interface now supports Basic Access authentication. This is not
a secure method of authentication and it should not be used without
unencrypted connections.
Made the admin interface port, authentication, username and password
configurable.
- All now include maxscale/cdefs.h as the very first file.
- MXS_[BEGIN|END]_DECLS added to all C-headers.
Strictly speaking not necessary for private headers, but
does not hurt either.
- Include guards moved to the very top of the file.
- #pragma once added.
- Headers now to be included as <maxscale/xyz.h>
- First step, no cleanup of headers has been made. Only moving
from one place to another + necessary modifications.
