Added find_package module for CMake which locates the Jansson libraries
and headers. This will make dependency checking easier and prevents build
failures due to missing dependencies.
The client protocol module now extracts the information that is relevant
for all modules. Currently this information consists of the client
capabilities, character set, username and default database.
The GSSAPI client side authenticator now loads a list of users that are,
for the time being, logged at info level. The next step is to store this
information in the listener's user hashtable.
In a subsequent change, the includes of server/core/*.c will be
cleaned up, and if there is a common set of include files, needed
by most, then a server/core/maxscale/core.h that includes those
will be introduced.
MAX_BUFFER_SIZE, which is used for limiting the amount of the data
read from a socket renamed to MXS_MAX_NW_READ_BUFFER_SIZE and moved
from gw.h to limits.h.
Consider removing altogether. Difficult to justify since non-blocking
reads are used and the amount of available data is known.
When a master server is set into read-only mode, it can be treated as an
always up-to-date slave. This gives us a somewhat graceful way to prevent
writes to a master.
Usually setting the master into read-only mode is done before a change in
the replication topology to prevent stray writes arriving on the
master. MaxScale should respect the read-only mode and not send any writes
to a server that's in read-only mode.
When the readwritesplit can't locate the master server when it's checking
the list of available servers, it logs an error if the original master
reference isn't in a valid state. This error should only be logged if the
server is in use but in an unexpected state.
The general purpose stuff in skygw_utils.h was moved to utils.h
and the corresponding implementation from skygw_utils.cc to utils.c.
Includes updated accordingly.
Skygw_utils.h is now only used by log_manager and by mlist, which
is only used by log_manager. Consequently, skygw_utils.h was moved
to server/maxscale.
Utils.h needs a separate overhaul.
Made the packet sequence number handling automatic so that it always uses
the correct one.
All functions now have documentation in them. Cleaned up code and added
comments to GSSAPI code.
- STRERROR_BUFLEN moved to cdefs.h and renamed to MXS_STRERROR_BUFLEN.
Better would be to provide a 'const char* mxs_strerror(int errno)'
that would have a thread specific buffer for the error message.
- MIN and MAX also moved to defs.h as MXS_MIN and MXS_MAX.
- Now only mlist.h of the headers depend upon skygw_utils.h.
When a hole is detected while receiving events an ignorable event is
written in maxscale binlog. Such event is not sent ti slave servers.
Maxbinlogcheck can now check encrypted binlog files without decrypting
them
- All now include maxscale/cdefs.h as the very first file.
- MXS_[BEGIN|END]_DECLS added to all C-headers.
Strictly speaking not necessary for private headers, but
does not hurt either.
- Include guards moved to the very top of the file.
- #pragma once added.
Duplicate declarations of functions declared in maxscale/users.h
and maxscale/gw.h removed and corresponding includes added instead.
Unimplemented declaration removed.
Further cleanup will be needed to ensure that functions etc. are
declared in the right place.
Added FindGSSAPI.cmake which allows the modules to be built only if the
libraries are found.
The log manager header was not included by the GSSAPI modules.
- Headers now to be included as <maxscale/xyz.h>
- First step, no cleanup of headers has been made. Only moving
from one place to another + necessary modifications.
Authenticators now have a similar mechanism to the `router_options`
parameter which enables configurable authentication.
The authenticators also have a new initialize entry point which is similar
to the createInstance entry point of the filters and routers. The value of
`authenticator_options` is passed as a parameter to this function. The
return vaulue of the `initialize` entry point is passed to the `create`
entry point.
The GSSAPI backend authentication is based on tokens. The server first
sends the service principal name which is used for token generation. The
client then retrieves a token from the GSSAPI server which it sends to the
backend server. If the server can verify the authenticity of the token,
authentication is successful.
This module can be used with both GSSAPIAuth and MySQLAuth modules.
Moving the sending of the final OK packet of the authentication process to
the client protocol plugin makes the authentication plugins simpler.
By reading the client's sequence and incrementing that by one, the client
protocol module will always send the correct sequence byte in the final OK
packet.
The first message exchange between the server and the client will almost
always contain the same data. If the server is going to change
authentication methods, it will send an AuthSwitchRequest packet instead
of the OK/ERR packet that it would normally send. Only after this point
the authenticator modules actually need to do something.
In the case of the default 'mysql_native_password' plugin, the only thing
that the plugin needs to do is to check whether the server responded with
an OK packet.
The MySQLCommon library contains functions used by both the protocol and
authenticator modules. The contents of the modutil.c file could also be
moved to this file if the functions in that file are only used by modules
and not the core.
Initial implementation of the client side GSSAPI authenticator. The
current version successfully authenticates clients using the same style as
the MariaDB GSSAPI plugin does. Currently, it is not possible to acutally
use the plugin as the backend server would require the matchig GSSAPI
plugin.
Also added skeleton code for the backend GSSAPI authenticator. It only
implements the required entry points and sends the client auth packet to
the backend.
The create and destroy entry points allow authenticators to store data in
the DCB. This data is not shared by other DCBs related to the same
session.
The plugin_name entry point wasn't really useful as the plugins would
still need to send a AuthSwitchRequest packet if they wanted to change the
authentication mechanism.
The COM_QUIT packets should be sent to the backends if persistent
connections aren't used. This allows for a controlled shutdown of the
connections on both ends even if the client closes the connection before
all backends have authenticated.
The authentication for backend connections is now done in the
MySQLBackendAuth module. This is also the default authentication module
for backend connections created by MySQLBackend.
The backend responses are now read in one place and the functions just
read the data. The protocol level will now handle the packet gathering
process and the authentication part just inspects the data.
Backend connections now load authenticators when they are being
connected. In the future, this enables the use of authentication modules
for backend connection.
The DCB error messages now log the type of the DCB and the remote address
in addition to the system error message. The file descriptor and memory
address are no longer printed in the error message as they are not useful
to the end user. The fd and address are now logged at debug level with a
more verbose error message.
