The class is intended to be inherited by objects that need an SSL context
and a configuration. In practice this will be servers and listeners.
The SSLContext is stored in a rworker_local shared_ptr that makes it
possible to update safely. As the copying is always done behind a lock the
cached local value always holds a valid SSLContext instance for the
duration of all function calls.
Using the pImpl idiom, the routingworker.hh header is not exposed in the
ssl.hh header. This allows the SSLProvider class to be inherited more
easily.
As server relationships are unordered, sorting them guarantees a certain
order. This fixes the MaxCtrl cluster diff test failure.
Also formatted monitor.cc sources: the indentation seems to be off.
Since listeners cannot be reconfigured, we can accept this limitation and
impose it on the servers as well. This keeps the behavior consistent and
removes the need to resolve the deletion issue (for the time being).
If the authentication process fails due to an inability to start a
session, it should not be counted towards the number of failed
authentication attempts.
Plugins may send additional messages during authentication. These messages
often contain notifications such as password expiration dates. Both the client
and backend side authenticators now handle such messages. The messages are not
sent to the user, only the log. The requirement that only "Password: " is queried
still stands.
Backend should use empty() instead of length() to see if the buffer is
empty. The length of a buffer should always be valid to call, even on
empty buffers.
Changed getter function return values to std::string, converted
MXS_CONFIG_PARAMETER::set_from_list to take std::strings instead of const
char pointers.
SSLContext is now used everywhere except the binlogrouter which still
allocates the contexts itself. Fixing the binlogrouter's misuse of
internal structures is a rather large undertaking and for this reason the
SSLContext will be taken into use there in a separate commit.
If gtid of master is unknown (as is typical when master is down when MaxScale
starts) the domain id is guessed from the slaves instead. This is usually
safe.
All GWBUF macros that address a single link in a chain are now
simple wrappers for equivalent gwbuf_link-functions.
Next step is to drop the macros and replace their use with calls
to the functions.
SQLITE_OPEN_URI flag was missing causing the databases to be created in
disk instead of in memory. Also added info level log message from created
database in clustrixmonitor.
A GWBUF given to any gwbuf-function:
- Must not be NULL. Exceptions are gwbuf_free() and gwbuf_append(),
in analogy with free() and realloc() respectively.
- Must be the head of a chain.
- Must be owned by the calling thread.
Although not made unambiguously clear, it is *ONLY* allowed to
manipulate GWBUFs that are the first link of a GWBUF chain (that
may consist of just one link).
With this change, in debug mode the tail pointer of intermediate
links is invalidated so that an attempt to use an intermediate
link is likely to cause a crash.
If a client requests an unknown binary protocol prepared statement handle,
a custom error shows the actual ID used instead of the "empty" ID of 0
that the backend sends.
