Commit Graph

185 Commits

Author SHA1 Message Date
fbce38878b Turn server status macros to functions 2018-07-25 11:19:47 +03:00
bfd3d2975d Merge branch '2.2' into develop 2018-07-06 14:56:19 +03:00
f44d305a46 MXS-1949: Fix user injection warning
If a service has no active servers and users are injected, a warning would
be logged. This is a misleading warning if the service has no servers and
should only be logged if the failure to load any users is an unexpected
situation.
2018-07-05 12:49:46 +03:00
2e88ce4132 Merge branch '2.2' into develop 2018-07-04 22:01:01 +03:00
3f9a204116 Log unknown users and wrong passwords separately
If authentication fails due to a wrong password, a different error message
is logged. This should help resolve problems with user management.
2018-07-04 13:51:09 +03:00
44ef4912e8 Merge branch '2.2' into develop 2018-07-03 21:13:41 +03:00
ed068f4d93 Expand authentication failure log message
If the authentication failure was due to a missing database, this extra
information can be logged. This will help cases where users are using
databases that do not exist.
2018-07-03 02:08:24 +03:00
cc0299aee6 Update change date of 2.3 2018-06-25 10:07:52 +03:00
75ddfe4c14 Merge branch '2.2' into develop 2018-06-21 14:02:00 +03:00
0f61c4b6a4 MXS-872: Also check that mysql.user.default_role exists
The column is used so it should be checked that it exists. Also
altered the SQL to use statements that do not return resultsets.
2018-06-21 14:00:29 +03:00
396f5d96c2 Merge branch '2.2' into develop 2018-06-20 14:43:03 +03:00
14e03613a0 MXS-872: Use the new query only when privileges are OK
If the service user does not have adequate grants to the mysql tables, the
legacy query is used. This prevents an upgrade failure when the user was
lacking the new privileges.
2018-06-20 14:41:56 +03:00
6278f27ab6 Merge branch '2.2' into develop 2018-06-20 10:26:29 +03:00
b018781764 MXS-872: Add support for roles
The users query for the MySQLAuth now handles users with default roles.
2018-06-19 12:52:00 +03:00
d0c74b5c8f MXS-421 Log event in case of authentication failure
- CDC authenticator
- MySQL authenticator
- PAM authenticator
2018-06-18 11:32:50 +03:00
1c9e03ec9c Merge commit '18f51eba795f70c35faa2c6767bfda72213e8aae' into develop 2018-06-15 14:40:22 +03:00
18f51eba79 Disable SQLite journal
The SQLite journal is not needed since the databases are created in-memory
and are thread-specific.
2018-06-15 11:16:27 +03:00
2e8c19f6be Merge branch '2.2' into develop 2018-05-21 10:06:20 +03:00
7af9a500ac MXS-1853: Treat MySQL 8.0 as 5.7 in authenticators
Using the MySQL 5.7 syntax is required to get the authenticators to work
with 8.0.
2018-05-21 09:50:44 +03:00
7e9062f20f Merge branch '2.2' into develop 2018-05-16 09:31:13 +03:00
521cce7c17 Refresh users on failed reauthentication
If the reauthentication of a client that is performing a COM_CHANGE_USER
fails, the users need to be reloaded. Without the reloading, the
reauthentication will fail if new users were added after the last loading
of users.
2018-05-15 10:15:32 +03:00
75eded4b89 Merge branch '2.2' into develop 2018-05-14 11:24:09 +03:00
ec4569497e Merge branch '2.1' into 2.2 2018-05-14 10:14:16 +03:00
7d784001df MXS-1628: Respond with correct error to malformed packets
If the client sent a malformed authentication response packet, MaxScale
would interpret that as failed authentication.
2018-05-10 22:24:39 +03:00
eba6c0c596 MXS-1842 Compile all authenticators as C++
Minimal changes, only what is needed to compile.
2018-05-03 10:07:43 +03:00
5d010ff712 Cleanup SERVER struct
Removed one unused field. Rearranged others, clarified comments.
2018-04-27 10:48:56 +03:00
b36f6faa7e MXS-1754 Reintroduce maxscale::Worker
Worker is now the base class of all workers. It has a message
queue and can be run in a thread of its own, or in the calling
thread. Worker can not be used as such, but a concrete worker
class must be derived from it. Currently there is only one
concrete class RoutingWorker.

There is some overlapping in functionality between Worker and
RoutingWorker, as there is e.g. a need for broadcasting a
message to all routing workers, but not to other workers.

Currently other workers can not be created as the array for
holding the pointers to the workers is exactly as large as
there will be RoutingWorkers. That will be changed so that
the maximum number of threads is hardwired to some ridiculous
value such as 128. That's the first step in the path towards
a situation where the number of worker threads can be changed
at runtime.
2018-04-16 14:53:08 +03:00
2bdac88b0b MXS-1738 Copy AF_UNIX data from listener to client dcb
We need to copy some data from a AF_UNIX based listener dcb
to the accepted client dcb, to prevent assertion violation in
dcb_get_port(). Further, to be able to log the path in the case
of an authentication error we need to copy that as well.
2018-03-26 10:06:42 +03:00
39dff20a0a Use correct callback function in MySQLAuth
The JSON diagnostics function used the non-JSON version of the callback.
2018-03-20 13:07:27 +02:00
633b08ed0d MXS-1717 Show which listener users are coming from
Earlier, if a service had multiple listeners you would have had

   MaxScale> show dbusers MyService
   User names: alice@% ...
   User names: bob@% ...

That is, no indication of which listener is reporting what. With
this commit the result will be

   User names (MyListener1): alice@% ...
   User names (MyListener2): bob@% ...

Further, the diagnostics function of an authenticator is now expected
to write the list of users to the provided DCB, without performing any
other formatting. The formatting (printing "User names" and appending
a line-feed) is now handled by the handler for the MaxAdmin command
"show dbusers".
2018-03-13 10:25:42 +02:00
8bfb4f231a Merge branch '2.1' into 2.2 2018-03-06 10:38:01 +02:00
f066ba8753 MXS-1693: Accept 'mysql_native_password' as plugin name
When the authenticator loads users, it should also accept users who have
explicitly defined 'mysql_native_password' as their authentication plugin.
2018-03-05 13:58:09 +02:00
e5934dfb11 Expand SHOW DATABASES warning message
The message now states the impliciations of missing permissions. If the
MaxScale user does not have the permissions to view all databases, it will
only see its own databases.
2018-03-05 13:58:09 +02:00
39d3c42c94 Merge branch '2.1' into 2.2 2018-03-01 17:52:42 +02:00
03eb30fbc6 Check SHOW DATABASES privilege on startup
MySQLAuth requires the SHOW DATABASES privilege to see all the databases
so it should be checked that the current user has the permission. A
missing permission will cause errors that are hard to resolve.
2018-02-22 10:06:29 +02:00
e346968e0e Merge branch '2.1' into 2.2 2018-02-10 08:28:11 +02:00
816983691a MXS-1660 Turn client hostname lookup failure into a warning
This is used only in case of everything else fails and this lookup
is not unlikely to fail if the client comes from some machine on
an internal network.
2018-02-09 12:03:13 +02:00
3dfb972d87 Merge branch '2.1' into 2.2 2018-01-30 16:28:11 +02:00
6410b4f19a MXS-1633 Turn off collecting of sqlite3 memstats
According to customer reports collecting the statistics has a significant
impact on the performance. As we don't need that information we can just
as well turn off that.

Further, since maxscale-common now links to the sqlite3-library, no
module needs to do that explicitly.
2018-01-30 13:58:37 +02:00
6068850b18 MXS-1627: Only load users that use default auth plugin
The list of users that is used for authentication shoudl only consist of
users that do not use an explicit authentication plugin. This way
authentication fails before any connections to the backend servers are
done.
2018-01-29 13:10:19 +02:00
05402208a5 Merge branch '2.1' into 2.2 2018-01-19 11:47:13 +02:00
5273cbada6 MXS-1600: Add case-insensitive matching to MySQLAuth
The authenticator now supports similar identifier matching as the MariaDB
server. The lower_case_table_names parameter explains its intended use
(case-insensitive identifier matching):
https://mariadb.com/kb/en/library/server-system-variables/#lower_case_table_names
2018-01-16 13:51:22 +02:00
224f918845 MXS-1592 Make all modules lowercase
Make all modules lowercase and make module loading case
insensitive. Further, make command invocation case insensitive,
as far as the module name is conserned.
2018-01-03 14:57:18 +02:00
8d15256d70 MXS-1539: Add asynchronous authenticator capability
The new ACAP_TYPE_ASYNC capability allows the authenticator to tell the
core that all entry points for it support asynchronous usage.
2018-01-03 08:56:41 +02:00
0f015e6341 Don't log errors for unknown hostnames
When a client connects to MaxScale and authentication fails, an error
about hostname resolution is logged. This happens because the
authentication first tries to resolve the address as an IP address, then
an IPv6-mapped-IPv4 address and finally as a hostname. If users have not
been loaded, the authentication is guaranteed to fail on the first attempt
due to the lazy loading of users.
2017-12-21 10:48:08 +02:00
2008d08cfc Add hostname to lookup error message
This should help detect what is the hostname that causes the problem.
2017-12-21 10:48:06 +02:00
eda700e785 Don't use sqlite3_errstr
The function is not defined in older versions.
2017-12-05 13:49:00 +02:00
c03ce7ac7f Use correct database name for SQLite
The :memory: database was misspelled as :memory without the trailing
colon. This caused an actual on-disk database to be created instead of an
in-memory one.
2017-12-05 09:43:06 +02:00
4194c1c558 MXS-1539: Preliminary implementation of thread-local user cache
The thread-local user cache removes most of the cross-thread communication
from the user authentication at the cost of increased memory use and extra
network usage when users are loaded.
2017-12-05 09:43:05 +02:00
513220805b MXS-1539: Remove useless handles
The client handle was never used.
2017-12-05 09:43:05 +02:00