Commit Graph

9475 Commits

Author SHA1 Message Date
a4975edbba MXS-1389: Fix rule reloading and query parsing requirements
Reloading of rules now properly uses the current rule file if no argument
was provided. The rule version counter also used atomic operations for the
sake of correctness.

The rule parsing is now only required for DML type statements that should
be fully parsed.
2017-09-08 09:31:38 +03:00
26f0c08522 MXS-1389: Allow mandatory commands to pass
All commands that are deemed mandatory must be allowed to pass through the
filter.
2017-09-08 09:31:38 +03:00
f0a9866a87 MXS-1389: Fix fwf test SQL
The SQL executed by the test that was expected to pass wasn't correct
SQL. It appears that a CAST from an INTEGER to a TEXT value is not
possible.
2017-09-08 09:31:38 +03:00
a08179afcb MXS-1346: make value comparisons case-insensitive
All values for columns, function and function_usage rules should be
compared in a case-insensitive way.
2017-09-08 09:31:38 +03:00
40582c38fb MXS-1389: Fix fwf test rules
The new tests now use the correct syntax for the rule files.
2017-09-08 09:31:38 +03:00
a041bfcb5f Make the fwf test less verbose
The test was very verbose which made spotting the failure cases harder.
2017-09-08 09:31:38 +03:00
9ed0524699 MXS-1346: Fix at_times time period calculcation
The time period matched for one extra second.
2017-09-08 09:31:38 +03:00
68baf582c8 Deprecate deny and allow in dbfwfilter rules
The `deny` and `allow` tokens are replaced with `match` which better
describes the action. Use of the old tokens causes a warning to be logged.
2017-09-08 09:31:38 +03:00
11bf5d2412 MXS-1389: Add tests for function use with columns
The test checks that only the functions that aren't allowed are blocked.
2017-09-08 09:31:38 +03:00
7272d9401d MXS-1346: Fix the at_times rule
The rule used the values from the QuerySpeed struct instead of the values
in the rule itself.
2017-09-08 09:31:38 +03:00
b9698f15e7 MXS-1346: Clear value stack when a new rule is created
The values on the stack are cleared when a new rule is created.
2017-09-08 09:31:37 +03:00
1fcf4ef59a MXS-1346: Allow combination of function and columns rules
The `function` type rule can now be combined with the `columns` type rule
to form a new rule which matches if specific columns use specific
functions.
2017-09-08 09:31:37 +03:00
a955e4a623 MXS-1346: Only parse text queries
Only text format queries (COM_QUERY, COM_STMT_PREPARE) can be parsed by
the query classifier.

Also fixed invalid use of a NULL value in a string constructor.
2017-09-08 09:31:37 +03:00
2ccdd93d44 MXS-1346: Fix rule handling
The call to update_rules is needed before each query to make sure that the
rules are up to date.

The check whether the rule was active was inverted.
2017-09-08 09:31:37 +03:00
6067c21c1b MXS-1346: Use the filter template in dbfwfilter
The dbfwfilter now uses the MaxScale filter template. Also fixed up some
of the filter template documentation.
2017-09-08 09:31:37 +03:00
fc1435d0c2 MXS-1346: Hide DbfwSession internals
The DbfwSession now only exposes the necessary methods with the exception
of the DOWNSTREAM and UPSTREAM structures. These will be handled when the
session implements the filter template.
2017-09-08 09:31:37 +03:00
dc7b25d0fe MXS-1346: Make Dbfw a proper class
The Dbfw class now only exposes the necessary methods which are required.
2017-09-08 09:31:37 +03:00
cf2e8d8b34 MXS-1346: Add DbfwSession method implementations
Added the implementation of the DbfwSession methods.
2017-09-08 09:31:36 +03:00
f5401c5244 MXS-1346: Rename dbfwfilter instance and session
Renamed the structures to C++ naming style and added initial declarations
for DbfwSession methods.

The DbfwSession methods are not yet fully implemented which is why parts
of the class are still public. The intention is to use the filter template
when the session class is sufficiently refactored.
2017-09-08 09:31:36 +03:00
fa6f155d29 MXS-1346: Make Rule methods const
Most of the methods can be const functions.
2017-09-08 09:31:36 +03:00
3648b5e702 MXS-1346: Clean up dbfwfilter.cc
Remove redundant code, move assignments to struct constructors, organize
variable declarations, use standard library functions.
2017-09-08 09:31:36 +03:00
4c4ea94319 MXS-1346: Clean up unused code
Removed the rule type enum and replaced it with a string description of
the type. Moved the rule type and name strings as private to the Rule
class. Replaced the need_full_parsing of the base class with a simple
constant.

Removed the unused array of rule names as well and the STRLINK structure
and the functions that use it.
2017-09-08 09:31:36 +03:00
594956178d MXS-1346: Implement LimitQueriesRule::matches_query
Moved the code into the LimitQueriesRule class and cleaned it up. Renamed
the QUERYSPEED struct and added simple constructor.
2017-09-08 09:31:36 +03:00
890f860650 MXS-1346: Refactor column, function and function usage rules
The rule matching implementations are now done in the ColumnsRule,
FunctionRule and FunctionUsageRule classes. The query_matches function now
also takes the session as its first parameter to relay session related
information to the rule. This will be needed by the LimitQueriesRule
class.
2017-09-08 09:31:36 +03:00
eb884aeb6e MXS-1346: Rename users.cc to user.cc
user.cc better describes the contents of the file as it defines the User
class.
2017-09-08 09:31:36 +03:00
1d11a12dcf MXS-1346: Move matching implementation into classes
Added the implementations of the query_matches method for the RegexRule,
WhereClauseRule and WildCardRule classes and moved the query matching code
into these functions.
2017-09-08 09:31:36 +03:00
f5d7919dbb MXS-1346: Add classes for all rule types
Added class declarations for all rule types. The matching functionality
for each class still needs to be implemented.
2017-09-08 09:31:36 +03:00
c55c46ac0c MXS-1346: Move rule matching into the User class
The User class now only exposes the `match` method which can be used to
check if any of the rules for a user match a query. Further cleanup is
required once individual rule classes have been implemented.
2017-09-08 09:31:36 +03:00
f7b978b2a2 MXS-1346: Make User more like a class
The User class now handles the appending of the rules by itself and it
also provides a method for accessing the name instead of exposing the name
itself.

The rules matching is still done externally to the User class and moving
it into the User class depends on other changes being made first.
2017-09-08 09:31:36 +03:00
ee88ae67f8 MXS-1346: Make dbfwfilter objects non-copyable
The User and Rule classes should not be copied.
2017-09-08 09:31:35 +03:00
eee32a4e21 MXS-1346: Split dbfwfilter declarations into multiple headers
The core declarations of the dbfwfilter are in dbfwfilter.hh, the rules in
rules.hh and the users in users.hh. The implementation of the rules is in
rules.cc.
2017-09-08 09:31:35 +03:00
0d8284f82e MXS-1346: Make permission rules a class
The default rule is of the type that always matches any query and the Rule
base class should reflect this.
2017-09-08 09:31:35 +03:00
b7f922bf6d MXS-1346: Move query parsing and query type matching into Rule
The Rule base class now checks whether the query needs to be fully parsed
and if the type of the query matches the rule.

Also added a base rule matching method that should be extended by the rule
types to do their matching. Currently no rule type uses it.
2017-09-08 09:31:35 +03:00
824962d59a MXS-1346: Use std::unordered_map for storing user definitions
The users are now stored in a unordered_map which removes the need for the
use of HASHTABLE. Altered all functions to use a shared_ptr of a User
instead of a raw pointer. Made parsing of rules exception-safe.
2017-09-08 09:31:35 +03:00
17e7097b00 MXS-1346: Store the rules of a user in a RuleList
Removed the RULEBOOK struct and replaced it with a RuleList container.
2017-09-08 09:31:35 +03:00
adc7b033e1 MXS-1346: Refactor DBFW_USER
Renamed DBFW_USER to User, added constructors and destructors and changed
use of char* to std::string.
2017-09-08 09:31:35 +03:00
da406d9749 MXS-1346: Store rules in a list
The rules are now stored in a list instead of a linked list of
rules. Parts of the code still use raw pointers to the Rule class instead
of shared pointers.
2017-09-08 09:31:35 +03:00
ddecc1f8c8 MXS-1346: Group thread-local variables
The thread-local variables are now grouped in a single struct.
2017-09-08 09:31:35 +03:00
6d1074e0dd MXS-1346: Rename RULE struct
Renamed to struct Rule and added constructor.
2017-09-08 09:31:35 +03:00
f2f281c9f1 MXS-1346: Simplify value lists
All value lists in the dbfwfilter rule grammar followed the same general
rules; they allowed virtually all types to be given. The minor differences
aren't large enough to warrant use of multiple list types.
2017-09-08 09:31:35 +03:00
d3893f2e83 MXS-1346: Refactor dbfwfilter user template creation
The user templates now use ValueList instead of STRLINK to store the
string values and they are stored as a list of shared pointers.

Minor cleanups to the user creation related grammar rules.
2017-09-08 09:31:35 +03:00
f28ba678ac MXS-1346: Refactor dbfwfilter rule creation
The rules are now created when all the information has been gathered. This
way of parsing is better suited to parsing objects and allows the
dbfwfilter rules to be eventually refactored into C++ classes.

The current code still uses structs to define the rules but it makes the
migration to classes easier.
2017-09-08 09:31:35 +03:00
4a4f4baba6 MXS-1346: Convert rule name to std::string
The rule name is now a std::string.
2017-09-08 09:31:35 +03:00
41b12cf7c8 MXS-1346: Use a different style for grammar files
The BISON files now use a different style for declaring non-terminal
symbols.
2017-09-08 09:31:35 +03:00
1e90b3623b MXS-1346: Disallow convoluted rule names
The rule names could have punctuation in them which caused unnecessary
complexity. Keeping the identifiers simple makes it easier to process.
2017-09-08 09:31:35 +03:00
b9302f11cc MXS-1346: Minor cleanup of grammar rules
Cleaned up the grammar rules by splitting long lines at roughly 80
characters and removed the redundant code for the columnlist type.
2017-09-08 09:31:35 +03:00
a1d4f25392 Remove erroneous include 2017-09-07 16:56:19 +03:00
cae0e658fb Handle failures in dcb_connect properly
When something fails inside dcb_connect we rewind the situation
properly, without calling any of the close functions intended for
shutting down a properly created DCB. That way they can be simplified
and once the reference counting is taken into use it is sufficient to
call dcb_dec_ref(dcb) instead of dcb_free_all_memory().
2017-09-07 16:03:17 +03:00
9da1439b0e Rename session_link_dcb to session_link_backend_dcb
Reduce risk for confusion.
2017-09-07 15:51:48 +03:00
80815e0f54 Change session_link_dcb to void
The function attempted to detect use of freed memory, which is a
futile excersize.
2017-09-07 15:04:35 +03:00