Mirrors/MariaDB-server
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-28 00:01:00 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

MDEV-37548 : wsrep_allowlist allows all connections during SST

Browse Source 
MDEV-37136 allowed connections by default if wsrep_schema is
not initialized, but this allows and process to connect to a
node which is joining to the cluster and receiving SST (i.e.
all incoming connections are allowed until the storage engines
get initialized). We need to allow all connections by default
to maintain upgradability if nothing else is configured.

However, if user has given wsrep_allowlist string or stored
allowed connections to mysql.wsrep_allowlist table used
address should be checked.

When node is joining to the cluster and receiving SST InnoDB
storage engine is not initialized, thus mysq.wsrep_allowlist
table is not available and wsrep_schema is not intialized.
In this case we still should check has user configured
allowed connections using wsrep_allowlist configuration
variable. If wsrep_allowlist configuration variable contains
list of allowed addressed, we check is address used in
new connection in this list. If it is not connection is not
allowed.
This commit is contained in:
Jan Lindström 2025-09-04 09:24:34 +03:00 committed by Jan Lindström
parent f609dbd39b
commit c96a4fd419
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
sql/wsrep_allowlist_service.cc
View File

@ -36,12 +36,31 @@ bool Wsrep_allowlist_service::allowlist_cb (
const wsrep::const_buffer& value)
WSREP_NOEXCEPT
{
bool res=true; // allow all connections
// Allow all connections if user has not given list of
// allowed addresses or stored them on mysql.wsrep_allowlist
// table. Note that table is available after SEs are initialized.
bool res=true;
std::string string_value(value.data());
if (wsrep_schema)
{
std::string string_value(value.data());
res= wsrep_schema->allowlist_check(key, string_value);
}
// If wsrep_schema is not initialized check if user has given
// list of addresses where connections are allowed
else if (wsrep_allowlist && wsrep_allowlist[0] != '\0')
{
res= false; // Allow only given addresses
std::vector<std::string> allowlist;
wsrep_split_allowlist(allowlist);
for(auto allowed : allowlist)
{
if (!string_value.compare(allowed))
{
res= true; // Address found allow connection
break;
}
}
}
return res;
}