hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,974 Commits 1 Branch 0 Tags
ebbd806c6adc16c931645cbbafdafc2de99ffb69
Commit Graph

351 Commits

Author SHA1 Message Date
Esa Korhonen
45ed3e085f Merge branch '2.3' into 2.4 2019-08-14 17:40:30 +03:00
Esa Korhonen
72ce2d2bc1 MXS-2633 Fix PAM authentication support with server version 10.4 
The new server pam plugin does not always send the first password prompt with the
AuthSwitchRequest-packet. In this case the server expects the client (MaxScale) to
just send the password immediately. MaxScale now checks the length of the packet,
sending the password if the packet is short. This works with both old and new server
versions.
 2019-08-13 17:15:45 +03:00
Johan Wikman
01427e32ec Merge branch '2.3' into 2.4 2019-08-02 10:03:34 +03:00
Johan Wikman
110bc32b25 MXS-2621 Fix broken authorization SQL 2019-08-02 09:48:14 +03:00
Markus Mäkelä
2e70e2bc93 Merge branch '2.3' into 2.4 2019-07-18 12:49:00 +03:00
Markus Mäkelä
f8ee11cf55 MXS-2606: Sort servers before loading users 
By sorting the servers in descending order based on their role we make
sure that the users are loaded from a master if one is available.
 2019-07-17 14:42:32 +03:00
Markus Mäkelä
f139991a2c MXS-2559: Log source of loaded users 
MySQLAuth now logs the server where the users were loaded from. As only
the initial loading of users causes a log message, it is still possible
for the source server to change without any indication of it.
 2019-07-17 10:23:48 +03:00
Esa Korhonen
0996b9217a MXS-2544 Check roles in PAM authenticator 
Also re-adds anonymous user support.
 2019-07-16 11:36:11 +03:00
Esa Korhonen
d0e18b165a MXS-2544 Use separate sqlite tables for user authentication data 
The data is now split into three tables similar to the server.
 2019-07-16 10:59:15 +03:00
Esa Korhonen
f752f139ba MXS-2544 Add utility class for handling SQLite 
Preparation and cleanup for adding more data to handle user roles in PAM
authenticator.
 2019-07-16 10:58:47 +03:00
Marko
e45dcb6d8a Merge branch '2.3' into 2.4 2019-07-05 10:39:03 +03:00
Marko
edbbafc2e9 MXS-2502 Fix access denied when connecting to 'information_schema' 2019-07-05 10:37:31 +03:00
Esa Korhonen
5dca53f877 Merge branch '2.4.0' into 2.4 2019-06-28 17:58:01 +03:00
Esa Korhonen
3b39d42d3b Merge branch '2.3' into 2.4 2019-06-27 18:56:25 +03:00
Esa Korhonen
166d26ff13 Avoid using SQLITE_OPEN_URI 
Centos6 uses a very old version of SQLite without support for URI filenames.
PAM authenticator must use a file-based database.

Commit cherry-picked to 2.4.0 from 2.3.
 2019-06-27 15:18:49 +03:00
Esa Korhonen
d8790fa3e7 Merge branch '2.2' into 2.3 2019-06-27 14:20:42 +03:00
Esa Korhonen
b4289224de Avoid using SQLITE_OPEN_URI 
Centos6 uses a very old version of SQLite without support for URI filenames.
PAM authenticator must use a file-based database.
 2019-06-27 13:59:05 +03:00
Johan Wikman
0ba779d5a2 Update 2.4.0 Change Date 2019-06-25 10:11:55 +03:00
Johan Wikman
2ab9aa9a94 Update 2.4.0 Change Date 2019-06-25 09:19:55 +03:00
Esa Korhonen
cf866a6a57 Merge branch '2.2' into 2.3 2019-06-14 10:49:51 +03:00
Esa Korhonen
acfaae9d46 MXS-2480 Use in-memory-database in PAM authenticator 
This was already fixed in develop, but the fix is both small and useful
so should be backported.
 2019-06-13 17:47:08 +03:00
Markus Mäkelä
74f61c233d MXS-2558: Reuse loaded users 
When users are loaded, they can be reused across all routing workers.
 2019-06-11 21:30:45 +03:00
Esa Korhonen
4efa9dbeea Remove maxscale/alloc.h 
The remaining contents were moved to maxbase/alloc.h.
 2019-06-10 14:11:25 +03:00
Markus Mäkelä
44d1b821c3 Merge branch '2.3' into develop 2019-06-03 13:54:55 +03:00
Markus Mäkelä
1012b95544 Merge branch '2.2' into 2.3 2019-05-31 12:40:15 +03:00
Esa Korhonen
3b60bf00e1 Merge branch '2.3' into develop 2019-05-29 18:41:50 +03:00
Esa Korhonen
442d8bed9a MXS-2479 Add username and host to PAM authenticator log messages 2019-05-29 17:32:27 +03:00
Markus Mäkelä
114e095e1b MXS-2525: Fix non-plugin authentication 
Older clients assume the plugin used for authentication is
mysql_native_password. If the client doesn't request plugin
authentication, don't treat it as an error.
 2019-05-29 12:41:53 +03:00
Markus Mäkelä
3af66f3309 MXS-2483: Take SSLProvider into use 
Servers and listeners now have a SSLProvider member variable that is used
for all SSL related tasks.
 2019-05-24 15:33:17 +03:00
Markus Mäkelä
8a4b58d52c MXS-2483: Move SSL configuration into SSLConfig 
This way the configuration information can be accessed without the
SSLContext.
 2019-05-24 15:33:17 +03:00
Esa Korhonen
bed28db3fd Merge branch '2.3' into develop 2019-05-24 13:55:47 +03:00
Esa Korhonen
a1697e2aa6 MXS-2479 PAMBackendAuth is more tolerant of extra messages. 
The authenticator can now receive additional questions from the server even
after the original password-query.
 2019-05-24 11:31:55 +03:00
Markus Mäkelä
3b8e28392e MXS-2483: Make server SSL private 
The old server_ssl member is now renamed and private. The ssl_context and
set_ssl_context methods provide access to it.
 2019-05-24 10:05:42 +03:00
Esa Korhonen
bd8aa64547 MXS-2479 Accept additional messages in PAM authenticator 
Plugins may send additional messages during authentication. These messages
often contain notifications such as password expiration dates. Both the client
and backend side authenticators now handle such messages. The messages are not
sent to the user, only the log. The requirement that only "Password: " is queried
still stands.
 2019-05-23 14:14:25 +03:00
Markus Mäkelä
f8688a7285 Merge branch '2.3' into develop 2019-05-22 15:57:46 +03:00
Markus Mäkelä
e545e2ac5c Merge branch '2.3' into develop 2019-05-22 10:02:27 +03:00
Markus Mäkelä
8317fec745 MXS-2496: Check for ALL PRIVILEGES grant 
If a user has ALL PRIVILEGES as a global privilege, it overshadows the
SHOW DATABASES grant.
 2019-05-22 09:56:35 +03:00
Markus Mäkelä
b294acf276 MXS-2496: Fix SHOW DATABASES grant check 
The code expected that the grant was given to the actual user, not a role.
 2019-05-21 13:43:51 +03:00
Marko
004e8e638f MXS-2480 Fix creating of the in memory sqlite3 databases in PAMAuth 
SQLITE_OPEN_URI flag was missing causing the databases to be created in
disk instead of in memory. Also added info level log message from created
database in clustrixmonitor.
 2019-05-20 09:11:58 +03:00
Markus Mäkelä
5828061321 Merge branch '2.3' into develop 2019-05-17 14:39:30 +03:00
Markus Mäkelä
f94355770f Merge branch '2.2' into 2.3 2019-05-17 14:10:28 +03:00
Markus Mäkelä
2cd4da32a7 MXS-2494: Fix user loading queries for MariaDB 10.1+ 
The queries now properly check for the plugin.
 2019-05-16 10:41:04 +03:00
Marko
50fef6f361 MXS-1957 Add MariaDBAuth alias 2019-05-13 15:35:09 +03:00
Marko
9810c5fa69 MXS-1957 Add MariaDBBackendAuth alias 2019-05-13 15:35:09 +03:00
Markus Mäkelä
6625c1296b Format authenticator and protocol modules 2019-05-10 10:31:12 +03:00
Esa Korhonen
74634abc80 MXS-1662 Move PAM authentication function into maxbase 
The same code can be used for REST-API authentication.
 2019-04-09 14:41:40 +03:00
Esa Korhonen
2f634264dc Merge branch '2.3' into develop 2019-03-22 13:39:52 +02:00
Esa Korhonen
fadbdc7514 Merge branch '2.2' into 2.3 2019-03-22 12:11:24 +02:00
Esa Korhonen
9236ace077 MXS-2355 If client is using the wrong authenticator, attempt a switch 
Some SQL clients may default to a different authentication plugin than
"mysql_native_password". Since this is the only one supported by MySQL-
authenticator, the client is instructed to swap its plugin.
 2019-03-21 17:07:09 +02:00
Markus Mäkelä
9572ff84ea Merge branch '2.3' into develop 2019-03-05 10:37:56 +02:00