Commit Graph

99 Commits

Author SHA1 Message Date
a8bfbbe254 2.4.17 Update change date 2021-03-08 09:03:02 +02:00
0224f24077 2.4.16 Update Change Date 2021-02-16 14:59:00 +02:00
c5bcf7a8b1 2.4.15 Update change date 2021-01-18 15:30:30 +02:00
df36ef86d0 2.4.14 Update Change Date 2020-11-16 14:23:26 +02:00
faaf7f483e 2.4.13 Update Change Date 2020-10-14 09:15:46 +03:00
babcda3eca 2.4.12 Update Change Date 2020-08-24 09:42:48 +03:00
fc9c9fcd77 2.4.11 Update change date 2020-07-07 10:01:38 +03:00
098ffde13c Remove obsolete debug assert from PamAuth
Would be always hit in debug mode.
2020-06-05 19:04:44 +03:00
5ebae9be90 Merge branch '2.3' into 2.4 2020-06-05 09:36:24 +03:00
aa11c960b1 2.3.20 Update change date 2020-06-05 09:31:45 +03:00
d3d7054639 Merge branch '2.3' into 2.4 2020-04-24 16:09:20 +03:00
f527a8f2e6 2.3.19 Update Change Date 2020-04-23 14:23:57 +03:00
d0ab797938 Merge branch '2.3' into 2.4 2020-03-12 10:33:57 +02:00
e0cd6adb26 Update change date for 2.3.18 2020-03-10 10:45:47 +02:00
8b763fb88b Merge branch '2.3' into 2.4 2020-02-12 08:27:48 +02:00
cfb3f79b54 Update 2.3.17 Change Date 2020-02-10 15:28:38 +02:00
a7e0142224 Merge branch '2.3' into 2.4 2020-01-15 11:29:37 +02:00
790d90f229 Update 2.3.16 Change Date 2020-01-15 11:08:51 +02:00
a9a2b753c0 Update 2.4.5 change date 2019-12-18 13:25:03 +02:00
f6731a898d Update change date 2019-11-13 08:37:17 +02:00
fdfbf3e133 Update 2.4.3 change date 2019-11-05 12:21:00 +02:00
861e27eb00 Merge branch '2.3' into 2.4 2019-10-29 14:04:31 +02:00
df6c56e7ca Update 2.3.13 Change Date 2019-10-29 12:51:31 +02:00
6edbd52324 MXS-2642 Do not re-test a pam-service for a given user
Because of how the user-data was read, the same service name could be
found multiple times if the user-search query matched multiple rows. Now
the service names are read to a set, which ignores duplicates. The same
service may be attempted again if the authentication fails and user-data
is fetched again.
2019-09-04 17:31:10 +03:00
45ed3e085f Merge branch '2.3' into 2.4 2019-08-14 17:40:30 +03:00
72ce2d2bc1 MXS-2633 Fix PAM authentication support with server version 10.4
The new server pam plugin does not always send the first password prompt with the
AuthSwitchRequest-packet. In this case the server expects the client (MaxScale) to
just send the password immediately. MaxScale now checks the length of the packet,
sending the password if the packet is short. This works with both old and new server
versions.
2019-08-13 17:15:45 +03:00
0996b9217a MXS-2544 Check roles in PAM authenticator
Also re-adds anonymous user support.
2019-07-16 11:36:11 +03:00
d0e18b165a MXS-2544 Use separate sqlite tables for user authentication data
The data is now split into three tables similar to the server.
2019-07-16 10:59:15 +03:00
f752f139ba MXS-2544 Add utility class for handling SQLite
Preparation and cleanup for adding more data to handle user roles in PAM
authenticator.
2019-07-16 10:58:47 +03:00
e45dcb6d8a Merge branch '2.3' into 2.4 2019-07-05 10:39:03 +03:00
edbbafc2e9 MXS-2502 Fix access denied when connecting to 'information_schema' 2019-07-05 10:37:31 +03:00
5dca53f877 Merge branch '2.4.0' into 2.4 2019-06-28 17:58:01 +03:00
3b39d42d3b Merge branch '2.3' into 2.4 2019-06-27 18:56:25 +03:00
166d26ff13 Avoid using SQLITE_OPEN_URI
Centos6 uses a very old version of SQLite without support for URI filenames.
PAM authenticator must use a file-based database.

Commit cherry-picked to 2.4.0 from 2.3.
2019-06-27 15:18:49 +03:00
d8790fa3e7 Merge branch '2.2' into 2.3 2019-06-27 14:20:42 +03:00
b4289224de Avoid using SQLITE_OPEN_URI
Centos6 uses a very old version of SQLite without support for URI filenames.
PAM authenticator must use a file-based database.
2019-06-27 13:59:05 +03:00
0ba779d5a2 Update 2.4.0 Change Date 2019-06-25 10:11:55 +03:00
2ab9aa9a94 Update 2.4.0 Change Date 2019-06-25 09:19:55 +03:00
cf866a6a57 Merge branch '2.2' into 2.3 2019-06-14 10:49:51 +03:00
acfaae9d46 MXS-2480 Use in-memory-database in PAM authenticator
This was already fixed in develop, but the fix is both small and useful
so should be backported.
2019-06-13 17:47:08 +03:00
4efa9dbeea Remove maxscale/alloc.h
The remaining contents were moved to maxbase/alloc.h.
2019-06-10 14:11:25 +03:00
3b60bf00e1 Merge branch '2.3' into develop 2019-05-29 18:41:50 +03:00
442d8bed9a MXS-2479 Add username and host to PAM authenticator log messages 2019-05-29 17:32:27 +03:00
3af66f3309 MXS-2483: Take SSLProvider into use
Servers and listeners now have a SSLProvider member variable that is used
for all SSL related tasks.
2019-05-24 15:33:17 +03:00
8a4b58d52c MXS-2483: Move SSL configuration into SSLConfig
This way the configuration information can be accessed without the
SSLContext.
2019-05-24 15:33:17 +03:00
bed28db3fd Merge branch '2.3' into develop 2019-05-24 13:55:47 +03:00
a1697e2aa6 MXS-2479 PAMBackendAuth is more tolerant of extra messages.
The authenticator can now receive additional questions from the server even
after the original password-query.
2019-05-24 11:31:55 +03:00
3b8e28392e MXS-2483: Make server SSL private
The old server_ssl member is now renamed and private. The ssl_context and
set_ssl_context methods provide access to it.
2019-05-24 10:05:42 +03:00
bd8aa64547 MXS-2479 Accept additional messages in PAM authenticator
Plugins may send additional messages during authentication. These messages
often contain notifications such as password expiration dates. Both the client
and backend side authenticators now handle such messages. The messages are not
sent to the user, only the log. The requirement that only "Password: " is queried
still stands.
2019-05-23 14:14:25 +03:00
004e8e638f MXS-2480 Fix creating of the in memory sqlite3 databases in PAMAuth
SQLITE_OPEN_URI flag was missing causing the databases to be created in
disk instead of in memory. Also added info level log message from created
database in clustrixmonitor.
2019-05-20 09:11:58 +03:00