74634abc80
MXS-1662 Move PAM authentication function into maxbase
...
The same code can be used for REST-API authentication.
2019-04-09 14:41:40 +03:00
afe41c38ed
Merge branch '2.3' into develop
2019-02-20 10:33:14 +02:00
48a6ab503e
MXS-2292 PAM authenticator detects anonymous users with defined hosts
...
This allows anonymous user mapping from well-defined hosts.
2019-02-19 10:40:23 +02:00
1fed465fdb
MXS-2246 Remove duplicate info in SERVICE and Service
...
Both of them contained fields for the service and router names.
Now the names are in SERVICE and they must be accessed via member
function.
2019-02-14 15:24:10 +02:00
3b55893a20
Combine maxscale/buffer.h with maxscale/buffer.hh
2019-01-17 12:37:40 +02:00
684ec3288b
Rename and cleanup authenticator.h
2019-01-14 15:07:33 +02:00
f0f9c21d1c
Merge branch '2.3' into develop
2019-01-07 10:54:42 +02:00
40485d746c
MXS-2220 Change server name to constant string
2019-01-03 12:13:15 +02:00
26da72a41f
Merge branch '2.2' into 2.3
2019-01-03 09:23:16 +02:00
04dd05b262
MXS-2231: Move TLS handshake code into MariaDBClient
...
The code is now in the correct place and TLS connections with all
authenticators should now work.
2019-01-02 19:29:41 +02:00
c0c9a9858d
MXS-2197 Rename maxscale/log.h to maxscale/log.hh
...
In files either include maxscale/log.hh or remove include entirelly
as maxscale/ccdefs.hh includes it.
2018-12-10 12:58:17 +02:00
9f721f725e
MXS-2205 Convert maxscale/protocol/mysql.h to .hh
2018-12-05 11:12:20 +02:00
ad12ff6d06
MXS-2196: Rename dcb.h to dcb.hh
2018-12-04 11:50:43 +02:00
a10b6c2e89
MXS-2196: Take Listener into use
2018-12-04 11:39:52 +02:00
39f668ff3c
MXS-2196: Rename SERV_LISTENER to Listener
2018-12-04 11:39:52 +02:00
d9ae298102
MXS-2205 Combine maxscale/server.h with maxscale/server.hh
...
The server-struct is still used in several .h-files.
2018-12-03 16:47:27 +02:00
3e5818fcb6
MXS-2205 Convert mysql_utils.h to .hh
2018-12-03 14:05:21 +02:00
77585bdb8c
MXS-2197: Make config.h and service.h C++ headers
...
This is the first step into converting the other headers into C++.
2018-11-30 12:15:57 +02:00
75ea1b6ea1
Fix formatting of new(std::nothrow)
...
The code previously formatted everything as `new( std::nothrow)`.
2018-10-04 21:50:44 +03:00
71ffef5708
Partially revert 4ba011266843857bbd3201e5b925a47e88e1808f
...
Add back leading operator enforcement.
2018-09-20 15:57:30 +03:00
d11c78ad80
Format all sources with Uncrustify
...
Formatted all sources and manually tuned some files to make the code look
neater.
2018-09-10 13:22:49 +03:00
c447e5cf15
Uncrustify maxscale
...
See script directory for method. The script to run in the top level
MaxScale directory is called maxscale-uncrustify.sh, which uses
another script, list-src, from the same directory (so you need to set
your PATH). The uncrustify version was 0.66.
2018-09-09 22:26:19 +03:00
3f53eddbde
MXS-2020 Replace ss[_info]_dassert with mxb_assert[_message]
2018-08-22 11:34:59 +03:00
24ab3c099c
Move top of the file "#pragma once" to after the following comment (swap them). If the comment is a BPL update it to the latest one
2018-08-21 13:13:15 +03:00
cf0aeed516
MXS-2014 Rename log_manager.h to log.h
...
There's nothing resembling a manager anymore.
2018-08-17 10:59:37 +03:00
f14380243b
Rename cppdefs.hh to ccdefs.hh
...
For obvious reasons; the c++ suffix is .cc and not .cpp
2018-08-10 07:50:18 +03:00
b20decfe1c
MXS-1929: Output const strings from serviceGetUser
...
The values aren't meant to be modified by the caller.
2018-08-06 21:20:29 +03:00
00c107e051
Resolve authenticator symbols at compile time
...
Resolving the symbols at compile time prevents runtime problems.
2018-07-31 09:41:13 +03:00
cc0299aee6
Update change date of 2.3
2018-06-25 10:07:52 +03:00
d0c74b5c8f
MXS-421 Log event in case of authentication failure
...
- CDC authenticator
- MySQL authenticator
- PAM authenticator
2018-06-18 11:32:50 +03:00
4b988d99a1
Print error descriptions when a PAM function fails
2018-05-14 12:35:54 +03:00
eba6c0c596
MXS-1842 Compile all authenticators as C++
...
Minimal changes, only what is needed to compile.
2018-05-03 10:07:43 +03:00
5d010ff712
Cleanup SERVER struct
...
Removed one unused field. Rearranged others, clarified comments.
2018-04-27 10:48:56 +03:00
cb0ac44e1f
MXS-1758 Support anonymous user with proxy grant for PAM
...
This allows using user group mapping with PAM authenticator.
2018-04-24 15:22:01 +03:00
aa260cf6cf
MXS-1716 Reduce the amount of duplicate elements in users db for PAM
...
The database-level query now only takes rows with either a global
select privileges or non-null database privileges. The table-level
query only accepts non-null databases and no global privileges,
as users with global select are added by the previous section.
2018-03-19 15:09:36 +02:00
04666b4b31
MXS-1716 Add diagnostic functions to PAM Authenticator
...
The functions print the user information. Normal version just prints
user@host, the json-version prints the whole array.
2018-03-19 11:02:14 +02:00
e918810a4f
MXS-1604: PAMAuth Use "mysql" as default service name, fix authentication data updating
...
If a user has an empty service name, use "mysql" as default.
Authentication data was only updated inside get_pam_user_services() if no service
was found. It was possible that the PAM service changed but the old service
would be used for authenticating, causing a false negative.
Now, the auth data is updated outside the function if authentication fails for
any reason. The new service data is compared to the old and if equal, password
check is not attempted again. This gives a false negative only if user password
has changed after the previous attempt.
Also, fixed some comments.
2018-01-26 11:00:04 +02:00
f6f34ad7e5
Fix debug build failure on CentOS 6
...
The build failed due to a comparison between signed and unsigned integers.
2018-01-15 16:14:50 +02:00
c45a8abc20
Use SQLITE_OPEN_NOMUTEX for session specific sqlite3 handles in PAM auth
2018-01-04 10:55:52 +02:00
224f918845
MXS-1592 Make all modules lowercase
...
Make all modules lowercase and make module loading case
insensitive. Further, make command invocation case insensitive,
as far as the module name is conserned.
2018-01-03 14:57:18 +02:00
895d950da0
Format all source files with Astyle
...
Formatted all source files Astyle.
2017-09-28 07:04:21 +03:00
3936c71e11
Add missing includes
2017-09-19 15:46:13 +03:00
2784858495
A few PAM cleanups
...
Print header found message only if libraries also found.
Change header guards to pragma once.
Check return value of store_client_password().
2017-08-16 13:47:29 +03:00
7ba0533cc8
Authenticator API extract-entrypoint returns bool
...
Extraction either succeeds or fails, it does not need to return
defined integer values.
2017-08-09 17:28:58 +03:00
ed05d24a9a
Move SSL-code in mysql_auth.c and pam_client_session.cc to
...
a separate function in ssl.cc
Removes some duplicate code.
2017-08-07 12:22:59 +03:00
8ef8ee6600
Add client-to-MaxScale SSL support to PAM authenticator
...
Only client-side SSL is supported for now.
2017-08-07 12:22:59 +03:00
7488129afc
PAM code cleanup & refactor
...
Divided functionality into classes, fixed comments +
various other cleanup. BackenAuth no longer increments
sequence on sending password. SQLite busy timeout shortened
to 1 second.
2017-08-07 12:22:59 +03:00
f916b74c2e
Add first version of PAM authenticator plugin
...
This includes the client and backend authenticators. Currently,
only a simple password-based scheme with the SQL-client "dialog" plugin
is supported. In this mode, the server sends the first PAM message
with the AuthSwitchRequest packet and the client responds with the
password. No further authentication messages are supported. If the
connection is not encrypted, the password is sent in plaintext. The
client password is used as is for logging in to backends.
2017-08-07 12:22:59 +03:00
