- Since the capabilities are a bitmask, it is better if an unsigned
integral type is used.
- Since the function is part of an ABI, it is better if an explicit
size is used.
- 64-bits so that there also is room for independent filter
capabilities.
The MySQLAuth authenticator can now store the cached credentials in a
custom location. This is intended for the binlogrouter, which currently
uses a different location for the user cache.
The MySQL authentication modules now have their own document in the
Authenticators directory. Right now this document only describes the
general details of the MySQL authentication and the new option.
Added find_package module for CMake which locates the Jansson libraries
and headers. This will make dependency checking easier and prevents build
failures due to missing dependencies.
The maxavro requires some special libraries which aren't always
available. For this reason, the maxavro library shouldn't be build unless
all libraries are available.
The client protocol module now extracts the information that is relevant
for all modules. Currently this information consists of the client
capabilities, character set, username and default database.
The GSSAPI client side authenticator now loads a list of users that are,
for the time being, logged at info level. The next step is to store this
information in the listener's user hashtable.
In a subsequent change, the includes of server/core/*.c will be
cleaned up, and if there is a common set of include files, needed
by most, then a server/core/maxscale/core.h that includes those
will be introduced.
MAX_BUFFER_SIZE, which is used for limiting the amount of the data
read from a socket renamed to MXS_MAX_NW_READ_BUFFER_SIZE and moved
from gw.h to limits.h.
Consider removing altogether. Difficult to justify since non-blocking
reads are used and the amount of available data is known.
When a master server is set into read-only mode, it can be treated as an
always up-to-date slave. This gives us a somewhat graceful way to prevent
writes to a master.
Usually setting the master into read-only mode is done before a change in
the replication topology to prevent stray writes arriving on the
master. MaxScale should respect the read-only mode and not send any writes
to a server that's in read-only mode.
Gw.h contained a fair amount of obsolete function declarations,
duplicate declarations of functions declared in utils.h and
declarations of functions that conceptually are similar to those
in utils.h.
The obsolete and duplicate ones were removed and all but one of
the remaining moved to utils.h. Correspondingly the implementation
was moved from gw_utils.c to utils.c.
The one remaining function - gw_daemonize() - is not really worthy
of a file of its own, so that is to be moved to gateway.c after which
gw_utils.c can be removed.
Gw.h still contains defines that are duplicated in
maxscale/protocol/mysql.h. The ones in gw.h are to be removed. It
appears that the entire gw.h will disappear.
The general purpose stuff in skygw_utils.h was moved to utils.h
and the corresponding implementation from skygw_utils.cc to utils.c.
Includes updated accordingly.
Skygw_utils.h is now only used by log_manager and by mlist, which
is only used by log_manager. Consequently, skygw_utils.h was moved
to server/maxscale.
Utils.h needs a separate overhaul.
Made the packet sequence number handling automatic so that it always uses
the correct one.
All functions now have documentation in them. Cleaned up code and added
comments to GSSAPI code.
- STRERROR_BUFLEN moved to cdefs.h and renamed to MXS_STRERROR_BUFLEN.
Better would be to provide a 'const char* mxs_strerror(int errno)'
that would have a thread specific buffer for the error message.
- MIN and MAX also moved to defs.h as MXS_MIN and MXS_MAX.
- Now only mlist.h of the headers depend upon skygw_utils.h.
- All now include maxscale/cdefs.h as the very first file.
- MXS_[BEGIN|END]_DECLS added to all C-headers.
Strictly speaking not necessary for private headers, but
does not hurt either.
- Include guards moved to the very top of the file.
- #pragma once added.
The purpose of this file is to provide a header that *must* be included
first (that is, also before any system headers) by all other headers. On
the one hand this file provides a place where compilation environment
dependent things can be defined, and, on the other hand, a place where
things can be redefined globally, should that be necessary for whatever
reason. It further provides a place where constants applicable across
the line can be defined.
Duplicate declarations of functions declared in maxscale/users.h
and maxscale/gw.h removed and corresponding includes added instead.
Unimplemented declaration removed.
Further cleanup will be needed to ensure that functions etc. are
declared in the right place.
Added FindGSSAPI.cmake which allows the modules to be built only if the
libraries are found.
The log manager header was not included by the GSSAPI modules.
- Headers now to be included as <maxscale/xyz.h>
- First step, no cleanup of headers has been made. Only moving
from one place to another + necessary modifications.
Authenticators now have a similar mechanism to the `router_options`
parameter which enables configurable authentication.
The authenticators also have a new initialize entry point which is similar
to the createInstance entry point of the filters and routers. The value of
`authenticator_options` is passed as a parameter to this function. The
return vaulue of the `initialize` entry point is passed to the `create`
entry point.
The GSSAPI backend authentication is based on tokens. The server first
sends the service principal name which is used for token generation. The
client then retrieves a token from the GSSAPI server which it sends to the
backend server. If the server can verify the authenticity of the token,
authentication is successful.
This module can be used with both GSSAPIAuth and MySQLAuth modules.
Moving the sending of the final OK packet of the authentication process to
the client protocol plugin makes the authentication plugins simpler.
By reading the client's sequence and incrementing that by one, the client
protocol module will always send the correct sequence byte in the final OK
packet.
The first message exchange between the server and the client will almost
always contain the same data. If the server is going to change
authentication methods, it will send an AuthSwitchRequest packet instead
of the OK/ERR packet that it would normally send. Only after this point
the authenticator modules actually need to do something.
In the case of the default 'mysql_native_password' plugin, the only thing
that the plugin needs to do is to check whether the server responded with
an OK packet.
The MySQLCommon library contains functions used by both the protocol and
authenticator modules. The contents of the modutil.c file could also be
moved to this file if the functions in that file are only used by modules
and not the core.
Initial implementation of the client side GSSAPI authenticator. The
current version successfully authenticates clients using the same style as
the MariaDB GSSAPI plugin does. Currently, it is not possible to acutally
use the plugin as the backend server would require the matchig GSSAPI
plugin.
Also added skeleton code for the backend GSSAPI authenticator. It only
implements the required entry points and sends the client auth packet to
the backend.
The create and destroy entry points allow authenticators to store data in
the DCB. This data is not shared by other DCBs related to the same
session.
The plugin_name entry point wasn't really useful as the plugins would
still need to send a AuthSwitchRequest packet if they wanted to change the
authentication mechanism.
The COM_QUIT packets should be sent to the backends if persistent
connections aren't used. This allows for a controlled shutdown of the
connections on both ends even if the client closes the connection before
all backends have authenticated.
