If the executed subprocess prefixes its output with either `error:`,
`warning:` or `info:`, the message will be logged on the appropriate
level. If no prefix is provided, the message is logged on the notice
level.
If the session id is known, it will be logged together with all
messages. If present, the session id appears, enclosed in paranthesis,
right after the message category. E.g.
2017-08-30 12:20:49 warning: (4711) [masking] The rule ...
The `add user` and `enable account` commands create fully privileged
administrative users like they did in 2.1. This makes the addition of
read-only users backwards compatible.
Updated and expanded the documentation on administrative interface
users. Added entries into the release notes as well as the upgrading
document about relevant changes between 2.1 and 2.2.
The users are now stored as an array of JSON objects. Legacy users are
automatically upgraded once they are loaded and a backup of the original
users file is created.
Removed the password parameter from the `remove user` maxadmin command as
well as all of the relevant functions. Requiring that an administrator
knows the password of the account to be deleted is not a sound requirement
now that, at least in theory, two types of accounts can be created.
Disabling the tee filter at runtime is desirable for cases where the
branched service is not always needed. Migrations and pre-production
setups are one where changes to the branched service are expected and
splitting the queries would result in an error.
A function type rule matches a query if the query uses a function defined
in the rule. This is the desired behavior for blacklist mode operation
with `action=block`.
When in whitelist mode, all queries must match a rule to be allowed
through. For function type rules, this fact is problematic as queries that
don't use functions are blocked. The desired behavior is to allow the use
of certain functions while preventing the use of others.
The allowed set of functions should always contain the "empty set" (no
functions are used) when the filter is in whitelist mode.
The tee filter was missing the match/exclude functionality that was in the
previous implementation. The filter was upgraded to use PCRE2 regular
expressions instead of POSIX regular expressions.
Documented that the match/exclude patterns should use PCRE2 syntax.
All whitespace in object names is now converted to a compacted format with
whitespace replaced with hyphens. If a conversion takes place, a warning
is logged.
Converted some of the tests into C++ as they directly include .cc files.
Change to modutil_extract_SQL(), add pcre2_data to filter session.
The pattern is now jit-compiled for maximum speed. Move general
pcre2 error printing to a function and macro. Add instance-level
statistics so the filter always prints diagnostic info. Add a mention
of PCRE2 to release notes.
They are not particularly useful, they surely are not used
and impose a small cost for every event extracted from the
poll sets.
This commit only removes the maxadmin commands, subsequent
commits will remove the actual code.
