The adminusers test did not properly initialize all subsystems in
MaxScale. The polling and DCB tests weren't updated with the changes to
the DCB closing.
dcb_readq_append()
dcb_readq_prepend()
dcb_readq_set()
dcb_readq_has()
dcb_readq_release()
dcb_readq_get()
dcb_readq_length()
No code but for DCB code itself should directly manipulate the
internals of a DCB. Thesse functions will be taken into use in
protocol modules.
Before each event handler is called, it is checked whether the
dcb has been closed. If it has been, then the event handler is
not called.
The check has to be made before each event handler, because any
event handler can close the dcb.
The original process should use _exit if the forking of the child process
is successful. This makes sure that the exit handlers are called only when
the daemon process exits.
The workers need to be destroyed only after services have been
to ensure that they are around in case the destruction of services
involves the closing of dcbs.
If the current worker id is -1, we do not insist that the dcb
is closed by the owning thread. That will happen only for dcbs
that are created before the workers have been started and hence
it is also ok to close them after the workers have exited.
The automatic reconnection feature of the Connector-C was not
enabled. Enabling it should reduce the amount of false positives that the
monitors pick up.
If the session id is known, it will be logged together with all
messages. If present, the session id appears, enclosed in paranthesis,
right after the message category. E.g.
2017-08-30 12:20:49 warning: (4711) [masking] The rule ...
Conceptually this is a cherry-pick of commit
67efd1daeabbc398b8a8fbc0cd02c2af26e4cb6c (2.2), but too much has
changed to actually be able to cherry-pick that commit.
If a dcb being closed is the dcb for which events are currently being
processed, the dcb is not closed immediately but only after all events
have been delivered.
If the session id is known, it will be logged together with all
messages. If present, the session id appears, enclosed in paranthesis,
right after the message category. E.g.
2017-08-30 12:20:49 warning: (4711) [masking] The rule ...
This will be used by a subsequent `session_get_current()` and
`session_get_current_id()` for obtaining the current SESSION and
session id, respectively. The latter of those will be used by the
logging mechanism for logging the session id in conjunction with
messages.
When dcb_close() is called, the DCB is only marked for closing
and the actual closing takes place only after all event handlers
have been called. That way, the state of the DCB will not change
during event processing but only after.
From a handler perspective this should now be just like it was
when the zombie queue was present.
TODO: There are far too many state variables or variables akin to
state variables - dcb_role, state, persistentstart, n_close -
in DCB. A cleanup is warranted.
As COM_QUIT would terminate the connection, there's no need to initiate
the session reset process. Also make sure all buffers are empty before
putting the DCB into the pool.
Added extra debug assertions for parts of the code that are related to the
COM_CHANGE_USER processing.
The function that printed all sessions assumed that all client DCBs had
valid, non-dummy sessions. It is possible that a client with a dummy
session is the list. These sessions should be ignored.
The EOF packet calculation function in modutil.cc didn't handle the case
where the payload exceeded maximum packet size and could mistake binary
data for a ERR packet.
The state of a multi-packet payload is now exposed by the
modutil_count_signal_packets function. This allows proper handling of
large multi-packet payloads.
Added minor improvements to mxs1110_16mb to handle testing of this change.
As each client/server connection will be handled by a specific
thread, all closing activity can take place directly when the
connection is closed and not later when the zombie queue is
processed.
In a subsequent commit the zombie queue will be removed.
The default users are now inserted into the admin users files if no
existing files are found. This removes the hard-coded checks for admin
user names and simplifies the admin user logic.
The default interface for the admin interface is the IPv6 address '::'
which corresponds to the IPv4 address '0.0.0.0'. If the system doesn't
support IPv6, then an attempt to bind on IPv4 should be made.
When a session is being closed in a controlled manner, i.e. a COM_QUIT is
received from the client, it is possible to deduce from this fact that the
backend connections are very likely to be idle. This can be used as an
additional qualification that must be met by all connections before they
can be candidates for connection pooling.
This assumption will not hold with batched and asynchronous queries. In
this case it is possible that the COM_QUIT is received from the client
before even the first result from the backend is read. For this to work,
the protocol module would need to track the number and state of expected
responses.
Removing the last admin account is now forbidden. This should prevent most
cases where users could lock themselves out of the administrative
interface.
This change does allow a non-root network user to be the last admin
account. In practice this does not prevent the root user from gaining
access to maxadmin. Access can be gained by removing the users file and
restarting MaxScale or by editing the users file by hand.
The type of the created user can now be specified with the --type option.
Expanded tests that cover the user creation. Also added a test case that
checks that basic users are only allowed to read through the REST API.
MaxAdmin can now create basic users for both network and UNIX domain
socket use. Currently the basic and admin types have the same permissions
in maxadmin but for the REST API, only admin accounts can modify MaxScale.
The users are now stored as an array of JSON objects. Legacy users are
automatically upgraded once they are loaded and a backup of the original
users file is created.
Removed the password parameter from the `remove user` maxadmin command as
well as all of the relevant functions. Requiring that an administrator
knows the password of the account to be deleted is not a sound requirement
now that, at least in theory, two types of accounts can be created.
Added a utility function for checking if an admin user has been
created. Removed unused promote and demote commands which can be replaced
with a call to remove and add.
The users can now be dumped and loaded as JSON objects. This allows easier
parsing and handling of users while still retaining the possibility to
manually edit the output. Added tests for dumping and loading the JSON
form users.
Also fixed a deadlock in Users::remove() where the same lock was acquired
twice and a faulty test case where failed authentication was expected to
work.
The type of the user being created is defined at creation time. This
allows the creation of basic users.
Although the users can be created internally, they cannot yet be created
via maxadmin or the REST API.
The Users class now performs locking when a method is called. This will
prevent concurrent access to the internal map of users.
Added missing const versions of SpinLockGuard.
