The diagnostics_json call could access the std::unordered_map at the same
time it was being updated by the monitoring thread. This leads to
undefined behavior which in the case of MXS-3059 manifested as a segfault.
The call to gwbuf_length will fail if the pointed to buffer isn't the head
of the chain. To prevent this, the length is calculated before the buffer
is appended.
Also fixed the use of gwbuf_append. The return value should be assigned
and the code shouldn't reply on the value passed to the function being
correct.
The code used a null GWBUF with gwbuf_append which causes a crash. The
return value of the function that used it was also not correctly handled
and would be mistaken for a different error.
If the protocol routes a COM_QUIT packet to the backend, it must not
generate a packet when it is shutting down. This could cause unexpected
write errors if the backend server managed to close the socket before the
write was done.
By deferring the closing of a DCB until the protocol tells that it's in a
stable state, we avoid closing the connection mid-authentication. This
makes sure that all connections have reached a stable state before they
are closed which in turn prevents the connections from counting towards
aborted connects (or failed authentications like it did with the old fix).
If a DCB is expecting a response from the server, it must not be placed
into the connection pool. This prevents the case where unexpected
responses would be delivered to DCBs taken out of the connection pool.
The shutdown signal handlers were installed before the workers were
initialized and weren't removed before the workers were deleted. This
would lead to a debug assertion and an eventual crash when a SIGTERM
signal was received outside of the expected scope.
The proper way to do this is to install the handlers only after the system
is up and running and to disable them as soon as the shutdown process
starts.
This mostly happened with the mxs621_unreadable_cnf test as it seemed to
receive a SIGTERM during the execution of the at-exit handlers.
In some cases the dbfwfilter is too strict and SQL that would not match a
rule is blocked due to it not being fully parsed. To allow a more lenient
mode of operation, the requirement for full parsing must be made
configurable.
When a fake handshake response is generated for a connection that hasn't
received the server's handshake, the client's SHA1 would be used with a
static scramble. This, in theory, would weaken the authentication to some
extend so to completely prevent this, a null password is used. This
removes any possibility of the password being exposed.
The endpoint reloads the database users. This can also be used in the
future to refresh encrypted credentials when they are no longer loaded
every time an encrypted password is used.
A few global parameters weren't included in the list of parameters. A few
non-parameter values that were in the parameter object were moved out into
the attributes object. Sorted the parameter alphabetically.
The test doesn't work properly if the maxscale user doesn't exist and the
key file permissions cannot be given to it. The test should use the
current user as the owner of the file but it turned out that the -u option
is broken.
Extended the test case to make sure the same password with the same
encryption key results in the same hash.
This allows the set of servers used by the service to also participate in
the cache value resolution. This will prevent the most obvious of problems
but any abstractions of the servers will prevent this from working.
The parameter is now optional and uses the correct file. If defined, it
defines the CA certificate that would be used to verify client
certificate. Client certificate verification doesn't seem to currently
work as that requires a custom verification callback that interfaces with
GnuTLS.
Session commands did not trigger a reconnection process which caused
sessions to be closed in cases where recovery was possible.
Added a test case that verifies the patch fixes the problem.
If the session command could not be routed, the log message should contain
the actual command that was routed. This makes failure analysis much
easier.
If a limit on the replication lag is configured, servers with unmeasured
replication lag should not be used. The code in question did use them even
when a limit was set as the value used for undefined lag was -1 which
always measured lower than the limit.
