Commit Graph

157 Commits

Author SHA1 Message Date
d3d7054639 Merge branch '2.3' into 2.4 2020-04-24 16:09:20 +03:00
f527a8f2e6 2.3.19 Update Change Date 2020-04-23 14:23:57 +03:00
291d2e987f Improve charset selection
The charset sent in the handshake is now done with the following
priorities:

* First Master server
* Last Slave server
* First Running server or Down server whose charset is known

The change is that server in the Down state to which we've successfully
connected to can also be used as the charset source. This, in addition
with an "empty" default charset, helps avoid the use of the default latin1
charset unless absolutely necessary.
2020-03-12 11:03:04 +02:00
d0ab797938 Merge branch '2.3' into 2.4 2020-03-12 10:33:57 +02:00
e0cd6adb26 Update change date for 2.3.18 2020-03-10 10:45:47 +02:00
8b763fb88b Merge branch '2.3' into 2.4 2020-02-12 08:27:48 +02:00
cfb3f79b54 Update 2.3.17 Change Date 2020-02-10 15:28:38 +02:00
a7e0142224 Merge branch '2.3' into 2.4 2020-01-15 11:29:37 +02:00
790d90f229 Update 2.3.16 Change Date 2020-01-15 11:08:51 +02:00
6306519e5e MXS-2710: Move client_count handling inside Session
By incrementing the counters when the session is created, we know that the
counter will always be decremented correctly. This does cause the listener
session to be counted as an actual session but this is already present in
the statistics calculations and is something we have to live with in 2.3
This change also makes it possible to overshoot the connection count
limitation as the session creation is delayed until authentication
fails. Both of these problems are fixed in 2.4.
2020-01-07 10:40:40 +02:00
a9a2b753c0 Update 2.4.5 change date 2019-12-18 13:25:03 +02:00
f6731a898d Update change date 2019-11-13 08:37:17 +02:00
fdfbf3e133 Update 2.4.3 change date 2019-11-05 12:21:00 +02:00
861e27eb00 Merge branch '2.3' into 2.4 2019-10-29 14:04:31 +02:00
df6c56e7ca Update 2.3.13 Change Date 2019-10-29 12:51:31 +02:00
428bc5740b MXS-2645 Decrement service client count also when authentication fails
The client count was incremented before authentication was complete, and
should be decremented if it fails. Otherwise service connection limit can
be easily reached.
2019-10-04 15:11:09 +03:00
2d9d9356c9 Merge branch '2.3' into 2.4 2019-10-04 12:56:52 +03:00
869effc352 MXS-2707: Retain commands that respond
Only commands that return a response should to be retained. Otherwise the
bookkeeping of m_current_query will be wrong.
2019-10-03 22:17:44 +03:00
a9b01ff4cc Merge branch '2.3' into 2.4 2019-07-28 21:43:58 +03:00
918a2964d5 MXS-2592 Add configuration for session specific in-memory log
When enabled each session will write log messages in the in-memory log.
If session ends in error this log is written to the actual log in disk.
2019-07-28 20:56:22 +03:00
3e85500491 Merge branch '2.3' into 2.4 2019-07-02 08:38:15 +03:00
40f35618ad MXS-2562: Fix out-of-order error during COM_CHANGE_USER
If an error is generated while a COM_CHANGE_USER is being done, it would
always use the sequence number 1. To properly handle this case and send
the correct sequence number, the COM_CHANGE_USER progress needs to be
tracked at the session level.

The information needs to be shared between the backend and client
protocols as the final OK to the COM_CHANGE_USER, with the sequence number
3, is the one that the backend server returns. Only after this response
has been received and routed to the client can the COM_CHANGE_USER
processing stop.
2019-06-28 20:25:31 +03:00
74d15cee09 MXS-2562: Always send errors with sequence number 1
As is explained in MDEV-19893:

   Client reads from socket, gets the packet from 1. with seqno=0, which
   it does not expect, since seqno is supposed to be incremented. Client
   complains, throws tantrums and exceptions.

To cater for clients that do not expect out-of-bound messages
(i.e. server-initiated packets with seqno 0), all messages generated by
MaxScale should use at least sequence number 1.
2019-06-28 20:25:31 +03:00
0ba779d5a2 Update 2.4.0 Change Date 2019-06-25 10:11:55 +03:00
8311dba654 Send the OK outside the KILL functions
By sending the OK for the KILL commands outside the function, they can be
used to kill connections that do not expect responses.
2019-06-13 16:44:26 +03:00
1f46f1bfca Merge branch '2.3' into develop 2019-06-12 12:24:07 +03:00
bb92d61a1b Fix KILL command packet boundary detection
If a packet with a KILL query was followed with another packet in the same
network buffer, the code wouldn't work as it expected to receive only one
packet at a time.
2019-06-12 12:20:26 +03:00
4efa9dbeea Remove maxscale/alloc.h
The remaining contents were moved to maxbase/alloc.h.
2019-06-10 14:11:25 +03:00
44d1b821c3 Merge branch '2.3' into develop 2019-06-03 13:54:55 +03:00
c219187a1e Merge branch '2.2' into 2.3 2019-06-03 13:27:57 +03:00
d68f66fede MXS-2538: Send master charset in the handshake packet
By iterating over the servers and sending the master's charset we are
guaranteed a "known good" charset. This also solves the problem where a
deactivated server reference would be used as the charset and server
version source.
2019-05-31 23:01:18 +03:00
e9c652555d MXS-2538: Fix hang on unknown KILL
Unknown KILL commands are now forwarded as-is to the routers.
2019-05-31 14:01:16 +03:00
3af66f3309 MXS-2483: Take SSLProvider into use
Servers and listeners now have a SSLProvider member variable that is used
for all SSL related tasks.
2019-05-24 15:33:17 +03:00
5b55864b06 MXS-2483: Store listener SSLContext in unique_ptr
Also removed some unnecessary checks for session->listener: The Session
constructor takes the listener as an argument.
2019-05-24 10:05:43 +03:00
397fc97d07 Only count actual failures as auth failures
If the authentication process fails due to an inability to start a
session, it should not be counted towards the number of failed
authentication attempts.
2019-05-24 10:05:15 +03:00
76399200f4 Fix assertion on client SSL read
When SSL is enabled, the protocol seems to get zero byte reads which
result in a null GWBUF being passed to gwbuf_length.
2019-05-20 15:46:52 +03:00
1197bd40db MXS-2483: Move unwanted SSL code to mysql_client.cc
The code was only used by mysql_client.cc and should therefore be located
in it.
2019-05-20 15:45:18 +03:00
4ed8726ccf Fix merge bug 2019-05-14 14:01:16 +03:00
c09617cd82 Merge branch '2.3' into develop 2019-05-14 12:33:50 +03:00
22a9e20f1f MXS-1957 Change the default authenticators to MariaDB aliases
Using MySQLAuth or MySQLBackendAuth causes warning to be logged.
2019-05-13 15:35:09 +03:00
b10fc196a1 Fix maxinfo/maxadmin debug assertion
Both services could write to a DCB from a worker that doesn't own it.
2019-05-10 11:23:10 +03:00
6caa8e55b0 MXS-2414: Send error when host is blocked
If a connection attempt is not accepted due to the host being blocked, the
protocol can now return an error message that is sent to the client. Only
mariadb_client implements this as it is the only one who calls the auth
failure methods in the first place.
2019-04-30 14:49:35 +03:00
cf86b0cb7e MXS-2414: Prototype connection attempt throttling
The RateLimit class stores authentication failure data mapped by the
client IP addresses. The authentication failures are limited
per thread. The limits are still hard-coded and at least the number of
failures should be made configurable.

The simplest, most maintainable and acceptably efficient implementation
for DDoS protection is a thread-local unordered_map. The unwanted
side-effect of "scaling" of the number of allowed authentication failures
is unlikely to be problematic in most use-cases.

As the blocking of a host is only temporary, the behavior differs from the
one in the MariaDB server. This allows the number of failures to be set to
a much lower value negating some of the problems caused by the relatively
simple implementation.
2019-04-30 14:49:35 +03:00
c643f9bc8d Merge branch '2.3' into develop 2019-04-12 13:23:49 +03:00
05515cca16 MXS-2259: Limit size of client reads
Given the assumption that queries are rarely 16MB long and that
realistically the only time that happens is during a large dump of data,
we can limit the size of a single read to at most one MariaDB/MySQL packet
at a time. This change allows the network throttling to engage a lot
sooner and reduces the maximum overshoot of throtting to 16MB.
2019-04-05 22:48:16 +03:00
db97c3343d MXS-1951: Move worker selection into Listener
The worker to which the client DCB is assigned to is now chosen by the
Listener. This makes the protocol code simpler which is always a good
thing.
2019-03-28 16:34:12 +02:00
2f634264dc Merge branch '2.3' into develop 2019-03-22 13:39:52 +02:00
fadbdc7514 Merge branch '2.2' into 2.3 2019-03-22 12:11:24 +02:00
9236ace077 MXS-2355 If client is using the wrong authenticator, attempt a switch
Some SQL clients may default to a different authentication plugin than
"mysql_native_password". Since this is the only one supported by MySQL-
authenticator, the client is instructed to swap its plugin.
2019-03-21 17:07:09 +02:00
1c3a5bda83 Merge branch '2.3' into develop 2019-03-11 12:29:56 +02:00