hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,466 Commits 1 Branch 0 Tags
1c508cd413eaffd6ec4f0a0c246bb7f0e140a3e1
Commit Graph

13 Commits

Author SHA1 Message Date
Johan Wikman
cc0299aee6 Update change date of 2.3 2018-06-25 10:07:52 +03:00
Johan Wikman
d0c74b5c8f MXS-421 Log event in case of authentication failure 
- CDC authenticator
- MySQL authenticator
- PAM authenticator
 2018-06-18 11:32:50 +03:00
Esa Korhonen
4b988d99a1 Print error descriptions when a PAM function fails 2018-05-14 12:35:54 +03:00
Esa Korhonen
cb0ac44e1f MXS-1758 Support anonymous user with proxy grant for PAM 
This allows using user group mapping with PAM authenticator.
 2018-04-24 15:22:01 +03:00
Esa Korhonen
04666b4b31 MXS-1716 Add diagnostic functions to PAM Authenticator 
The functions print the user information. Normal version just prints
user@host, the json-version prints the whole array.
 2018-03-19 11:02:14 +02:00
Esa Korhonen
e918810a4f MXS-1604: PAMAuth Use "mysql" as default service name, fix authentication data updating 
If a user has an empty service name, use "mysql" as default.

Authentication data was only updated inside get_pam_user_services() if no service
was found. It was possible that the PAM service changed but the old service
would be used for authenticating, causing a false negative.

Now, the auth data is updated outside the function if authentication fails for
any reason. The new service data is compared to the old and if equal, password
check is not attempted again. This gives a false negative only if user password
has changed after the previous attempt.

Also, fixed some comments.
 2018-01-26 11:00:04 +02:00
Esa Korhonen
c45a8abc20 Use SQLITE_OPEN_NOMUTEX for session specific sqlite3 handles in PAM auth 2018-01-04 10:55:52 +02:00
Markus Mäkelä
895d950da0 Format all source files with Astyle 
Formatted all source files Astyle.
 2017-09-28 07:04:21 +03:00
Esa Korhonen
2784858495 A few PAM cleanups 
Print header found message only if libraries also found.
Change header guards to pragma once.
Check return value of store_client_password().
 2017-08-16 13:47:29 +03:00
Esa Korhonen
7ba0533cc8 Authenticator API extract-entrypoint returns bool 
Extraction either succeeds or fails, it does not need to return
defined integer values.
 2017-08-09 17:28:58 +03:00
Esa Korhonen
ed05d24a9a Move SSL-code in mysql_auth.c and pam_client_session.cc to 
a separate function in ssl.cc

Removes some duplicate code.
 2017-08-07 12:22:59 +03:00
Esa Korhonen
8ef8ee6600 Add client-to-MaxScale SSL support to PAM authenticator 
Only client-side SSL is supported for now.
 2017-08-07 12:22:59 +03:00
Esa Korhonen
7488129afc PAM code cleanup & refactor 
Divided functionality into classes, fixed comments +
various other cleanup. BackenAuth no longer increments
sequence on sending password. SQLite busy timeout shortened
to 1 second.
 2017-08-07 12:22:59 +03:00