Commit Graph

323 Commits

Author SHA1 Message Date
eeb3cc436e Remove wildcard domain name matching
This was buggy with the current user database implementation. Need
to think of some other way to implement this feature.
2017-02-01 19:30:42 +02:00
b23649409f Add comment to GSSAPI insert string
The comment explain why the last two values have no quotes.
2017-01-30 22:41:37 +02:00
5972d87fba Add missing principal name verification to GSSAPIAuth
The authenticator module did not compare the username with the principal
name that was given by the GSSAPI server.
2017-01-28 10:09:34 +02:00
1f9b18e3bc Split secrets.h to public and core + miscellaneous cleanup
Also, changed some function names to this_style from thisStyle. More of
this in later commits.
2017-01-27 15:33:52 +02:00
7d51864402 Clean config.h some more
Moved some typedefs to router.h and server.h, changed a few
constants to these enums. Renamed some types in config.h to
remove "Gateway".

There are still some functions in the public header which are
only used in core, but they seem to fit the theme of public functions
so were not moved.
2017-01-25 16:05:51 +02:00
286f44ac80 Fix cdc add_user false error message
The success check was inverted for the adding of a user.
2017-01-25 11:11:42 +02:00
641896872e Rename GW_AUTHENTICATOR and GW_BITMASK + cleanup 2017-01-24 10:03:36 +02:00
72aebbdbb3 Add missing include file 2017-01-23 15:29:23 +02:00
468411250d Fix old header names in modules
Some of the modules still used the gw_authenticator.h name.
2017-01-20 16:57:04 +02:00
6e38276a20 Rename files, removing "gw"-prefix
Also gwdirs.h.in -> paths.h.in
2017-01-20 12:55:52 +02:00
4869fd98eb Format authenticator modules
Formatted authenticator modules with Astyle.
2017-01-17 14:47:50 +02:00
5b92a1f467 Remove explicit module name from log messages
The module name doesn't need to be logged as MXS_MODULE_NAME will be
automatically added as a prefix to all messages logged by the module.
2017-01-17 12:51:08 +02:00
936f8c438f Add support for wildcards in hostnames
MXS-391. The user hosts in the SQL backends can now contain wildcard
addresses (e.g.basicuser@%.com or someuser@myhost_.org). Authenticating
these types of users is rather heavy since it requires looking
up the client host name.
2017-01-16 16:10:44 +02:00
2cabcea211 Add definitions of MXS_MODULE_NAME to all modules
All modules now declare a name for the module. This is name is added as a
prefix to all messages logged by a module. The prefix should help
determine which part of the system logs a message.
2017-01-16 11:28:34 +02:00
1b8742781b MXS-804 Handle hosts of form ip/netmask
Previously, these were discarded. This patch adds a function to
"merge" the mask to the ip so that it's in the form which
normalize_hostname expects (using % as wildcard). Only simple masks
with 255:s and 0:s are accepted. Any other combinations may leave
the hostname in a garbled state which will cause it to be discarded
later.
2017-01-09 10:05:35 +02:00
a2a38f952a Add [process|thread] [init|finish] functions to modules
The MXS_MODULDE object now contains optinal pointers for functions
to be called att process and thread startup and shutdown. Since the
functions were added to the end, strictly speaking, all structures
would not have needed to have been modified, but better to be
explicit. In a subsequent change, these will be called.

C++ does not support flexible arrays, so for the time being C++
modules are restricted to 10 parameters. Better approach is to
factor out the parameters to a separate array and then just store
a pointer to that array in MXS_MODULE.
2017-01-05 14:44:02 +02:00
2e074f4eb4 Introduce common SQLite header
The header declares the missing v2 handle closing function for older
versions of SQLite.
2017-01-05 09:58:11 +02:00
c96bd64aa8 Rename MODULE_INFO to MXS_MODULE
The MODULE_INFO is now the main object which is used by modules to convey
information to the MaxScale core. The MXS_MODULE name is more apt as it
now contains the actual module definition.

The old MODULES structure was moved into load_utils.c as an internal
implementation and was renamed so that it is not confused with the new
MODULE structure.
2017-01-03 18:01:14 +02:00
b00e0328d5 Create a macro for module declarations
The modules are now declared with a common macro. This allows future
additions to the module loading process while also making the loaded
symbol name a constant.
2017-01-03 18:01:13 +02:00
ae0577c695 Move module object inside MODULE_INFO
This allows modules to only expose one entry point with a consistent
signature. In the future, this could be used to implement declarations of
module parameters.
2017-01-03 18:01:13 +02:00
6c53999c97 Combine ModuleInit and GetModuleObject
The two functions can be combined into one as both are called only
once. This removes the need for the explicit ModuleInit function.
2017-01-03 18:01:13 +02:00
7df29aa1ec Move version entry point into MODULE_INFO
The MODULE_INFO can easily hold the version information of the
module. This removes the need for a explicit version entry point.
2017-01-03 18:01:13 +02:00
25c3c33134 Added user creation command to CDCPlainAuth
Users for the CDC protocol can be created through the new `add_user`
module command.
2016-12-23 15:41:48 +02:00
b9b3bfaa78 Use configured principal name
The default principal name was used instead of the configured one.
2016-12-22 17:55:05 +02:00
8f86a596fa Add missing linkage to NullAuthAllow
The module did not link against the MySQLCommon library.
2016-12-06 20:27:51 +02:00
4ae85dc754 Merge branch '2.0' into develop 2016-12-05 21:19:59 +02:00
b2e11d41d5 MXS-536: Add option to MySQLAuth that skips authentication
Disabling authentication in MaxScale allows creation of users which act
like wildcard users but require that the connection is made through
MaxScale.
2016-12-02 14:28:58 +02:00
1d9d325a01 MXS-1026: Prevent crash with NullAuth
The authenticator module will not crash but backend authentication will
always fail.
2016-12-02 14:26:43 +02:00
1707684992 Move all authenticators into separate subdirectories 2016-12-01 15:43:22 +02:00
dd63253261 Fix internal test suite failures
The server test used the wrong name.

MySQL users test loaded multiple modules in one function call and wasn't
appropriate for an internal test suite test as it requires a working
installation.

The cache filter didn't set the library paths before trying to load
modules.

The binlogrouter was missing a NULL check which caused a crash.
2016-11-24 15:22:55 +02:00
9e4ee0323d Merge branch '2.0' into develop 2016-11-21 12:23:30 +02:00
de4ea067cf Fix for MXS-968
This commit adds a free() to null_auth_free_client_data, which plugs
the memory leak in maxinfo.

Also, this commit fixes some segfaults when multiple threads are
running status_row() or variable_row(). The functions use
statically allocated index variables, which often go out-of-bounds
in concurrent use. This fix changes the indexes to thread-specific
variables, with allocating and deallocating. This does seem to slow
the functions down somewhat.
2016-11-18 18:57:57 +02:00
3c15b58891 Merge branch '2.0' into develop-2.0-merge 2016-11-15 00:09:24 +02:00
b51af51365 Allow monitors and services to start without servers
MaxScale can now start without any defined monitors. This allows the core
services to be configured beforehand. With the changes to dynamic
modifications to servers, automatic scaling of slaves is possible.
2016-11-10 15:15:10 +02:00
8778e0c81e Make Users const correct 2016-11-03 09:35:49 +02:00
3c26ea16e2 Add and use FindSQLite.cmake
Added a find_package module for SQLite development libraries.
2016-10-28 12:49:18 +03:00
7e822aed4d MXS-862: Add SQLite based authentication checks
The authentication checks make sure that a user has all the required
grants to access the database. This prevents the creation of unnecessary
backend connections reducing the overall load on the database.

Doing preliminary authentication in MaxScale enables the creation of more
informative error messages.
2016-10-25 13:44:47 +03:00
3915b4e7c7 Exclude MXS_DEBUG in release builds
Now, MXS_DEBUG turns into a nop in release builds.
2016-10-24 14:00:51 +03:00
0a9662c528 Log authentication failures on warning instead of info level
Logging authentication failures on warning level seems more appropriate
and makes them easier to spot.
2016-10-21 18:33:35 +03:00
aa20385347 Log cached credentials path
Logging the path to the cached credentials should help to the user if
stale cache files are used.
2016-10-21 18:33:35 +03:00
a4a7e806d0 Always replace MySQL users in MySQLAuth
Doing the checksum matching after memory is allocated and all the work is
done is not very efficient. A simpler solution is to always replace the
users when we reload them.

Replacing the users every time the service users are reloaded will not
cause a degradation in performance because the previous implementation
already does all the extra work but then just discards it.

A faster solution would be to first query the server and request some sort
of a checksum based on the result set the users query would
create. Currently, this can be done inside a stored procedure but it is
not very convenient for the average user. Another option would be to
generate a long string with GROUP_CONCAT but it is highly likely that some
internal buffer limit is hit before the complete value is calculated.
2016-10-21 18:33:35 +03:00
8f55cfbc16 Fix cache_dir path handling in MySQLAuth
The path that was given as the option for the cache directory wasn't
properly checked for terminating forward slashes. Due to this, the cache
file was created with the wrong name.
2016-10-21 18:33:35 +03:00
4e07c3313c Move dbusers.c out of the core
The dbusers.c was a MySQL protocol specific file which was used directly
by some of the modules.

Added a new return value for the loadusers authenticator entry point which
allows fatal failures to occur when users are loaded. Currently this is
only taken into notice when the service is first started. If a listener
later returns a fatal error, it is only logged but the service stays in
operation.

Moved the MySQLAuth authenticator sources and the tests that relate to
this module into a subdirectory in the authenticator
directory. Eventually, all authenticators could have a subdirectory of
their own.
2016-10-21 18:33:35 +03:00
fe689504b0 Move service user injection into MySQL authenticator
The MySQL authenticator now injects the service user into the list of
allowed users if loading of database users fails. This allows the removal
of common code in the binlogrouter and maxinfo modules.
2016-10-21 18:33:35 +03:00
d938f0e72f Add custom cache directory for MySQLAuth
The MySQLAuth authenticator can now store the cached credentials in a
custom location. This is intended for the binlogrouter, which currently
uses a different location for the user cache.

The MySQL authentication modules now have their own document in the
Authenticators directory. Right now this document only describes the
general details of the MySQL authentication and the new option.
2016-10-20 09:26:54 +03:00
891ce2d0e7 MXS-862: Move client information extraction to client protocol
The client protocol module now extracts the information that is relevant
for all modules. Currently this information consists of the client
capabilities, character set, username and default database.
2016-10-18 14:23:43 +03:00
c0ad2936a4 MXS-862: Implement loadusers entry point
The GSSAPI client side authenticator now loads a list of users that are,
for the time being, logged at info level. The next step is to store this
information in the listener's user hashtable.
2016-10-18 14:23:43 +03:00
f0cf391c18 include/maxscale/gw.h removed.
In a subsequent change, the includes of server/core/*.c will be
cleaned up, and if there is a common set of include files, needed
by most, then a server/core/maxscale/core.h that includes those
will be introduced.
2016-10-17 12:17:09 +03:00
571919264f MXS-862: Make packet sequence handling automatic
Made the packet sequence number handling automatic so that it always uses
the correct one.

All functions now have documentation in them. Cleaned up code and added
comments to GSSAPI code.
2016-10-14 18:25:38 +03:00
1a978be6b6 Cleanup header files
- All now include maxscale/cdefs.h as the very first file.
- MXS_[BEGIN|END]_DECLS added to all C-headers.
  Strictly speaking not necessary for private headers, but
  does not hurt either.
- Include guards moved to the very top of the file.
- #pragma once added.
2016-10-14 11:54:37 +03:00