diff --git a/db/comdb2.c b/db/comdb2.c index ed8cb31a9b..322ce6f2bb 100644 --- a/db/comdb2.c +++ b/db/comdb2.c @@ -236,6 +236,7 @@ int gbl_uses_password; int gbl_unauth_tag_access = 0; int64_t gbl_num_auth_allowed = 0; int64_t gbl_num_auth_denied = 0; +int gbl_allow_old_authn = 1; int gbl_uses_externalauth = 0; int gbl_uses_externalauth_connect = 0; int gbl_externalauth_warn = 0; diff --git a/db/comdb2.h b/db/comdb2.h index e547d7ebf4..8286c6ef78 100644 --- a/db/comdb2.h +++ b/db/comdb2.h @@ -1632,6 +1632,7 @@ extern int gbl_maxreclen; extern int gbl_penaltyincpercent; extern int gbl_maxwthreadpenalty; +extern int gbl_allow_old_authn; extern int gbl_uses_password; extern int gbl_unauth_tag_access; extern int gbl_uses_externalauth; diff --git a/db/db_tunables.h b/db/db_tunables.h index a8d94a78bd..7af50b750e 100644 --- a/db/db_tunables.h +++ b/db/db_tunables.h @@ -2383,6 +2383,10 @@ REGISTER_TUNABLE("merge_table_enabled", TUNABLE_BOOLEAN, &gbl_merge_table_enabled, 0, NULL, NULL, NULL, NULL); +REGISTER_TUNABLE("allow_old_authn", "Reuse old successful authentication for the connection", + TUNABLE_BOOLEAN, &gbl_allow_old_authn, NOARG | READEARLY, + NULL, NULL, NULL, NULL); + REGISTER_TUNABLE("externalauth", NULL, TUNABLE_BOOLEAN, &gbl_uses_externalauth, NOARG | READEARLY, NULL, NULL, NULL, NULL); diff --git a/db/sql.h b/db/sql.h index 802711349f..77f1bfc7f5 100644 --- a/db/sql.h +++ b/db/sql.h @@ -490,6 +490,7 @@ struct plugin_callbacks { plugin_func *local_check; /* newsql_local_check_evbuffer */ plugin_func *peer_check; /* newsql_peer_check_evbuffer */ auth_func *get_authdata; /* newsql_get_authdata */ + plugin_func *free_authdata; /* newsql_free_authdata */ api_type_func *api_type; /* newsql_api_type */ /* Optional */ @@ -556,6 +557,7 @@ struct plugin_callbacks { make_plugin_callback(clnt, name, local_check); \ make_plugin_callback(clnt, name, peer_check); \ make_plugin_callback(clnt, name, get_authdata); \ + make_plugin_callback(clnt, name, free_authdata); \ make_plugin_callback(clnt, name, api_type); \ make_plugin_optional_null(clnt, count); \ make_plugin_optional_null(clnt, type); \ @@ -586,6 +588,7 @@ int clr_high_availability(struct sqlclntstate *); uint64_t get_client_starttime(struct sqlclntstate *); int get_client_retries(struct sqlclntstate *); void *get_authdata(struct sqlclntstate *); +void free_authdata(struct sqlclntstate *); char *clnt_tzname(struct sqlclntstate *, sqlite3_stmt *); struct clnt_ddl_context { diff --git a/db/sqlinterfaces.c b/db/sqlinterfaces.c index 54703f0630..e35dcb3ecb 100644 --- a/db/sqlinterfaces.c +++ b/db/sqlinterfaces.c @@ -592,6 +592,12 @@ void *get_authdata(struct sqlclntstate *clnt) return clnt->plugin.get_authdata(clnt); } +void free_authdata(struct sqlclntstate *clnt) +{ + if (clnt && clnt->plugin.free_authdata) + clnt->plugin.free_authdata(clnt); +} + static int skip_row(struct sqlclntstate *clnt, uint64_t rowid) { return clnt->plugin.skip_row(clnt, rowid); @@ -5251,7 +5257,7 @@ void cleanup_clnt(struct sqlclntstate *clnt) memset(clnt->work.aFingerprint, 0, FINGERPRINTSZ); clear_session_tbls(clnt); - free(clnt->authdata); + free_authdata(clnt); clnt->authdata = NULL; free_client_adj_col_names(clnt); @@ -5283,6 +5289,18 @@ void cleanup_clnt(struct sqlclntstate *clnt) int gbl_unexpected_last_type_warn = 1; int gbl_unexpected_last_type_abort = 0; +int cdb2_in_client_trans() { + struct sql_thread *thd = pthread_getspecific(query_info_key); + if (thd == NULL) + return 0; + + struct sqlclntstate *clnt = thd->clnt; + if (clnt == NULL) + return 0; + + return clnt->in_client_trans; +} + void reset_clnt(struct sqlclntstate *clnt, int initial) { if (initial) { @@ -5437,7 +5455,7 @@ void reset_clnt(struct sqlclntstate *clnt, int initial) } free(clnt->context); if (clnt->authdata) { - free(clnt->authdata); + free_authdata(clnt); clnt->authdata = NULL; } clnt->context = NULL; @@ -7008,6 +7026,10 @@ void *internal_get_authdata(struct sqlclntstate *a) return a->authdata; return NULL; } +int internal_free_authdata(struct sqlclntstate *a) +{ + return 0; +} static int internal_local_check(struct sqlclntstate *a) { return 1; diff --git a/plugins/newsql/newsql.c b/plugins/newsql/newsql.c index 445bae16ca..e4c158e3df 100644 --- a/plugins/newsql/newsql.c +++ b/plugins/newsql/newsql.c @@ -2519,6 +2519,7 @@ void free_newsql_appdata(struct sqlclntstate *clnt) } void *(*externalMakeNewsqlAuthData)(void *, CDB2SQLQUERY__IdentityBlob *id) = NULL; +void (*externalFreeNewsqlAuthData)(void *) = NULL; static void *newsql_get_authdata(struct sqlclntstate *clnt) { @@ -2536,12 +2537,21 @@ static void *newsql_get_authdata(struct sqlclntstate *clnt) } if (clnt->authdata) { - free(clnt->authdata); + externalFreeNewsqlAuthData(clnt->authdata); clnt->authdata = NULL; } return NULL; } +static int newsql_free_authdata(struct sqlclntstate *clnt) +{ + if (clnt->authdata) { + externalFreeNewsqlAuthData(clnt->authdata); + clnt->authdata = NULL; + } + return 0; +} + void newsql_setup_clnt(struct sqlclntstate *clnt) { struct newsql_appdata *appdata = clnt->appdata; diff --git a/tests/tunables.test/t00_all_tunables.expected b/tests/tunables.test/t00_all_tunables.expected index 7b9f7e0b54..59e70801a2 100644 --- a/tests/tunables.test/t00_all_tunables.expected +++ b/tests/tunables.test/t00_all_tunables.expected @@ -30,6 +30,7 @@ (name='allow_mismatched_tag_size', description='Allow variants in padding in static tag struct sizes', type='BOOLEAN', value='OFF', read_only='N') (name='allow_negative_column_size', description='Allow negative column size in csc2 schema. Added mostly for backwards compatibility. (Default: off)', type='BOOLEAN', value='OFF', read_only='Y') (name='allow_offline_upgrades', description='Allow machines marked offline to become master.', type='BOOLEAN', value='OFF', read_only='N') +(name='allow_old_authn', description='Reuse old successful authentication for the connection', type='BOOLEAN', value='ON', read_only='N') (name='allow_parallel_rep_on_pagesplit', description='allow parallel rep on pgsplit', type='BOOLEAN', value='ON', read_only='N') (name='allow_parallel_rep_on_prefix', description='allow parallel rep on bam_prefix', type='BOOLEAN', value='ON', read_only='N') (name='allow_portmux_route', description='', type='BOOLEAN', value='ON', read_only='Y')