Commit Graph

5423 Commits

Author SHA1 Message Date
aa11c960b1 2.3.20 Update change date 2020-06-05 09:31:45 +03:00
cb8b4546cb Don't use client SHA1 for fake responses
When a fake handshake response is generated for a connection that hasn't
received the server's handshake, the client's SHA1 would be used with a
static scramble. This, in theory, would weaken the authentication to some
extend so to completely prevent this, a null password is used. This
removes any possibility of the password being exposed.
2020-06-02 10:17:40 +03:00
f527a8f2e6 2.3.19 Update Change Date 2020-04-23 14:23:57 +03:00
e0cd6adb26 Update change date for 2.3.18 2020-03-10 10:45:47 +02:00
67fee60f80 Fix Auth Error server status
The mon_ping_or_connect_to_db resets the MYSQL handle which caused the
loss of the error message. Returning a new enumeration value for
authentication errors solves this problem.
2020-03-02 16:32:35 +02:00
e180c20055 MXS-2899: Update charset only when successful
By updating the server charset only when we successfully query it, the
charset will not change due to network connectivity problems.
2020-02-27 14:18:51 +02:00
919686f7ad Merge branch '2.3.17' into 2.3 2020-02-12 08:22:59 +02:00
fd875cbf6d Remove faulty debug assertion
The use of the server state is not transactional across multiple uses of
the function. This means that any assertions on the target state can fail
if the monitor updates the state between target selection and the
assertion.
2020-02-11 22:34:39 +02:00
c18f9c6bd7 MXS-2883: Handle AuthSwitchRequest packets
The backend didn't expect AuthSwitchRequest packets in response to the
handshake response packets. This is allowed by the protocol and appears to
happen with at least MySQL 8.0.
2020-02-10 15:35:47 +02:00
cfb3f79b54 Update 2.3.17 Change Date 2020-02-10 15:28:38 +02:00
ef769573e4 MXS-2880 Fix typo in json output
"seconds_behing_master" -> "seconds_behind_master"
2020-02-10 12:59:30 +02:00
a0affe1bb7 MXS-2784: Use SQL to fetch default character set
The Connector-C was changed to always return only the client's charset,
not the actual charset that the connection ends up using. To cope with
this, the code has to use SQL to join the default character set name to
the default collation for it which can be used to extract the numeric ID
of the charset.
2020-01-24 10:51:15 +02:00
4641dc208f Fix sescmd debug assert
The assertion will not hold for COM_CHANGE_USER. This prevents the debug
assertion but the actual backend code should also be changed.
2020-01-23 18:38:05 +02:00
6dd4a04c5d cherry-pick: MXS-2803: Write all buffered data
Since the queued queries will never be inspected after the COM_CHANGE_USER
completes, they should all be written instead of only the first packet.
2020-01-23 18:38:05 +02:00
c04d6748d3 Fix debug assertion on inconsistent sescmd result
The slave backend would be closed twice if it would both respond with a
different result and be closed due to a hangup before the master
responded.

Added a test case that reproduced the problem.
2020-01-23 18:38:05 +02:00
e2976a6689 MXS-2843: Remove password hash from log_info output 2020-01-21 09:27:08 +02:00
790d90f229 Update 2.3.16 Change Date 2020-01-15 11:08:51 +02:00
a65220165a Fix use of gw_get_shared_session_auth_info
If the client DCB of the session was passed into the function, it was
possible that the session pointer for it was already set to null. The
session pointer of an open DCB is never null but a client DCB's session
pointer can be null if accessed via the MXS_SESSION object.
2020-01-13 19:28:45 +02:00
6306519e5e MXS-2710: Move client_count handling inside Session
By incrementing the counters when the session is created, we know that the
counter will always be decremented correctly. This does cause the listener
session to be counted as an actual session but this is already present in
the statistics calculations and is something we have to live with in 2.3
This change also makes it possible to overshoot the connection count
limitation as the session creation is delayed until authentication
fails. Both of these problems are fixed in 2.4.
2020-01-07 10:40:40 +02:00
aa83bc24ae MXS-2820: Log default database on auth failure
The default database was not exposed in the warning that was logged when
authentication failed. The authentication uses the username, host and the
default database to find the user entry and the lack of the default
database made it hard to know for sure which user entry a client should've
matched against.
2020-01-02 12:00:10 +02:00
964207cbea MXS-2820: Return correct value on wrong password 2020-01-02 11:34:47 +02:00
484ff06795 MXS-619: Send fake response for unconnected DCBs
This causes the connection failure to be counted as an authentication
failure instead of a connection error. The former never causes the host to
be blocked which effectively solves the problem for most cases. The only
case where this would not work is where the network buffer for a backend
DCB is full right after the connection is created.
2019-12-19 14:21:27 +02:00
a73b183555 MXS-2813: Mask password values in output
The password values are now masked with asterisks. This tells whether a
password is set or not but it does not expose any information about the
password itself.
2019-12-19 09:56:00 +02:00
b0a1eddb6c Store ignored error information
The errors that are ignored by readwritesplit are now stored as the
current close reason in the Backend. This allows the information about the
error to be retained and it can be used later in the error handler to
display the true reason why the connection was closed.
2019-12-17 13:48:51 +02:00
e057c751cd Improve handleError error messages
The hangup and error handlers now have unique messages. Although the
behavior in the handlers is practically the same in both cases, the cause
of the error is not the same.

If a socket error is present, it is added to the error message. If an
error is present, it should clearly show the reason why the TCP socket was
closed.

The is_fake_event boolean helps distinguish fake events from real
ones. This makes figuring out the real source of hangup events easier.
2019-12-13 10:50:04 +02:00
e673c3eab0 MXS-2788 Use case-insensitive string comparisons
When names are matched in rules and in resultsets, case insensitive
matching must be used.
2019-12-05 13:44:18 +02:00
374d5b28d1 MXS-2759: Optimize user loading query
The SQL for the second recursive CTE table can be optimized by adding a
where condition on the recursive part that rules out users that are not
roles. The functionality remains the same as only roles can be granted to
users.
2019-11-29 16:16:34 +02:00
5c4ac03c07 Log a message in readconnroute's handleError
This way there's trace that something unexpected happened and that the
session closed unexpectedly.
2019-11-08 13:44:21 +02:00
df6c56e7ca Update 2.3.13 Change Date 2019-10-29 12:51:31 +02:00
ac5b5d527a MXS-2610: Prevent watchdog timeouts in avrorouter
The file processing can take a very long time and as it is done on a
routing worker, the workaround needs to be used.
2019-10-29 11:33:10 +02:00
446a3fac15 MXS-2720: Fix service session count
The number of sessions wasn't always incremented but it was always
decremented. This happened primarily when authentication failed. By making
the management of the counters a part of the object lifecycle, this
problem goes away.
2019-10-29 09:26:41 +02:00
64cae223f0 MXS-2721: Check that LocalClient creation succeeds
The creation can fail if a network socket cannot be opened and connected
to the host in question.
2019-10-29 09:26:41 +02:00
428bc5740b MXS-2645 Decrement service client count also when authentication fails
The client count was incremented before authentication was complete, and
should be decremented if it fails. Otherwise service connection limit can
be easily reached.
2019-10-04 15:11:09 +03:00
869effc352 MXS-2707: Retain commands that respond
Only commands that return a response should to be retained. Otherwise the
bookkeeping of m_current_query will be wrong.
2019-10-03 22:17:44 +03:00
fcc7642328 MXS-2694: Add support for COM_BINLOG_DUMP
The resultset processing now understands COM_BINLOG_DUMP and treats it as
a never-ending resultset.
2019-09-24 21:41:24 +03:00
f46f873dc1 Add verbose backend status helper
This allows the same verbose information to be logged in the cases where
it is of use. Mostly this information can be used to figure out why a
certain session was closed.
2019-09-19 13:41:49 +03:00
fd0c156655 MXS-2564: Reconnect only when necessary
By doing the reconnection only when a new query arrives, we prevent the
excessive reconnecting that is done when a server's actual and monitored
states are in conflict.
2019-09-19 13:41:49 +03:00
40d05e8278 Report more details when the master is unavailable
By dumping the connection state we'll know when the connection was opened
and closed and the reason why it was closed.
2019-09-19 12:55:31 +03:00
00feb61b23 MXS-2652 Do not clear maintenance flag when a server goes down
The set of flags to clear should be well-defined.
2019-09-06 09:43:32 +03:00
6edbd52324 MXS-2642 Do not re-test a pam-service for a given user
Because of how the user-data was read, the same service name could be
found multiple times if the user-search query matched multiple rows. Now
the service names are read to a set, which ignores duplicates. The same
service may be attempted again if the authentication fails and user-data
is fetched again.
2019-09-04 17:31:10 +03:00
7a1abc26d8 MXS-2631 Fix the ignoring of the system tables 2019-08-29 01:00:49 +03:00
72ce2d2bc1 MXS-2633 Fix PAM authentication support with server version 10.4
The new server pam plugin does not always send the first password prompt with the
AuthSwitchRequest-packet. In this case the server expects the client (MaxScale) to
just send the password immediately. MaxScale now checks the length of the packet,
sending the password if the packet is short. This works with both old and new server
versions.
2019-08-13 17:15:45 +03:00
1748e6599d MXS-2609: Fix session command mixup on master failure
If a master failed during an ongoing session command history replay, it
would be treated as if a normal session command failed which would result
in the already executed session command being re-executed on all servers
at the wrong logical position.

To fix this, the history replay must be distinguished from normal session
command execution. When a connection replaying the history fails, the
query routing simply needs to be attempted again.
2019-08-09 01:54:09 +03:00
8bc4e42f2d Fix query queuing on session command execution
If session command execution during server reconnection caused a query to
be queued, the query would be put on the tail end of the queue. This would
cause queries to be reordered if the queue wasn't empty. The correct thing
to do would be to put the next pending query back at the front of the
queue.
2019-08-09 01:54:09 +03:00
bb6f9213d4 Fix debug assert on master reconnection
If a master reconnection occurred after the session command history was
disabled due to the limit being exceeded, a debug assertion would be hit
in prepare_target. This assert makes sure that a connection can be safely
created to the server which means that in release mode builds the session
state would be inconsistent on the new master.

As this is an unrecoverable situation, the session should stop immediately
even if delayed_retry is enabled. Currently the session will continue
until the delayed retry timeout is hit. This happens due to the fact that
the delayed retry mechanism handles all errors in a similar way.
2019-08-09 01:54:09 +03:00
9f6efef67a MXS-2576: Update states atomically in csmon
This prevents false transient states from occurring.
2019-08-09 01:54:09 +03:00
fd72332ea4 Improve master failure error message
The message will now always contain the server name.
2019-08-05 12:48:19 +03:00
110bc32b25 MXS-2621 Fix broken authorization SQL 2019-08-02 09:48:14 +03:00
c592328ea2 MXS-2613 Access correct argument
The cache show-command accessed the wrong argument. That is why

    [maxadmin|maxctrl] call command cache show TheCache

did not work.
2019-07-30 12:29:01 +03:00
dda02b45ee MXS-2520: Do master replacement if it's possible
This allows a new master to be chosen regardless of the target server
type.
2019-07-29 10:26:30 +03:00