Before checking whether a particular regex matches a statement
we check with one general one whether it at all is possible that
a statement might match.
Since most statements will not be transaction related it makes
sense to first check whether it at all is possible that the
statement might be transaction related.
A class capble of detecting statements that change the transaction
state and autocommit mode. The detection is done using regexes.
There is still some expanding and optimization to be done.
A class capble of detecting statements that change the transaction
state and autocommit mode.
There are still some expansion and optimization to be done.
Transaction boundaries can now be detected using regexes.
All else being equal, it gives a 10% performance improvement
compared to qc-based detection.
In a subsequent change, mysql_client.c will be modified to use
qc_get_trx_type_mask() instead of qc_get_type_mask().
Currently the use of regex matching is turned on using an
environment variable. That will change.
The process and thread initialization/finalization of the query
classifier plugins is handled using the process and thread
initialization/finalization functions in the module object.
However, the top-level query classifier will also need to perform
process and thread initialization when transaction boundaries are
detected using regular expressions.
The connector plugin directory can now be controlled with the
`connector_plugindir` argument and configuration option. This should allow
the connector to use the system plugins if the versions are binary
compatible.
Replaced calls to mysql_options to mysql_optionsv as the former is
deprecated in Connector-C 3.0 and the latter is supported in Connector-C
2.3.
The client protocol module can resolve whether a password was used based
on the information the authenticators gather before authentication is
done. It uses the authentication token length as the basis on which it
makes the decision.
The users were deleted before each individual server was queried. This
caused authentication to fail if the authentication data was loaded from
multiple servers.
The client connection and the server listener sockets used largely similar
code. Combining them allows for simpler protocol code.
Cleaned up parts of the DCB listener creation and moved the parsing of the
network binding configuration to a higher level.
The socket creation code in mysql_backend.c wasn't MySQL specific and it
could be used for all non-blocking network connections. Thus, it makes
sense to move it to a common file where other protocol modules can use
it.
The address resolution code now uses `getaddrinfo` to resolve all
addresses instead of manually handling wildcard hosts. This allows the
same code to be used for all addresses.
Both the listeners and servers now support IPv6 addresses.
The namedserverfilter does not yet use the new structures and needs to be
fixed in a following commit.
Thread-safe version of strerror; thread local buffer used for storing
the message. The performance penalty of a thread local buffer is not
likely to be significant, since this is only called in an error
situation that anyway is likely to interrupt the normal processing.
The SQLite database is now always created on disk. This will remove the
need to dump the database users from the in-memory database to the
persisted on-disk database.
This change will also make the authentication compatible with older SQLite
implementations which lack the URI-based database strings found in newer
versions.
The authenticators should have a similar way to print diagnostic
information as filter and routers do. This allows the authenticators to
print the users in their own format.
In the future, all the diagnostic entry points should be changed so that
they return a structure that contains the information in a standard
form. This information can then be formatted in different ways by other
modules.
MariaDB and others match grants first by exact hostname/IP and then by
wildcard. If there are no exact matches, the wildcard grant should be
picked. This can be tested by having different passwords for localhost and
remote address.
The SQLite based authentication should first check for an exact match and
then only after that should it try to match the hostname to a wildcard
grant.
The get_users function now combines the functionality of the old get_users
and get_all_users. This removes large parts of similar code.
Removed the listener resources as MySQLAuth was the only one that used it.
The user data is now stored inside a SQLite3 database. By storing the data
inside a database, we remove the restriction that the previous hashtable
based implementation had.
Currently the only situation where a user needs to be authenticated after
the initial authentication is when a COM_CHANGE_USER is being
executed. This was previously handled by directly calling a function in
the MySQLAuth authenticator.
The new entry in the API of the authenticators is very specific to MySQL
and should be reviewed once other protocols are added.
