Wednesday, March 30, 2016

SQL Relay 0.65.0 Release Announcement

Version 0.65.0 of SQL Relay, the powerful connection pool, load balancer, query router, and database proxy, is now available.

This release primarily introduces Kerberos and TLS authentication and encryption, support for Python 3, and support for Node.js 4.X and higher, but there are a lot of smaller updates as well.



Kerberos

SQL Relay now supports Kerberos encryption and authentication.

When Kerberos encryption and authentication is used:

  • All communications between the SQL Relay client and SQL Relay server are encrypted.
  • A user who has authenticated against a Kerberos KDC or Active Directory Domain Controller can access SQL Relay without having to provide additional credentials.

See the SQL Relay Configuration Guide for detailed information.

TLS

SQL Relay now supports TLS/SSL encryption and authentication.

When TLS/SSL encryption and authentication is used:

  • All communications between the SQL Relay client and SQL Relay server are encrypted.
  • SQL Relay clients and servers may optionally validate each other's certificates and identities.

See the SQL Relay Configuration Guide for detailed information.

Python 3

It's been a long time coming but Python 3 is really starting to take off. In response, SQL Relay's configure script can detect a Python 3 installation and the Python API now formally supports Python 3.

Currently, the configure script looks for Python 2 and Python 3 installations but defaults to Python 2 if it finds one. The Python 2 search can be disabled with the --disable-python flag though, and the Python 3 search can be disabled with the --disable-python3 flag.

In a future release, Python 3 will be the default. So, look out for that.

node.js

Node.js 4.x and higher are now correctly detected and supported.

Separate "database" and "proxied" Authentication Options

The authtier="database" configuration option has been split into two options: authtier="database" and authtier="proxied". When authtier="database" is used, the user is authenticated against the database (rather than against a list of users in the sqlrelay.conf file) by way of a re-login, except (in previous releases) when using an Oracle database. Previous releases required configuration of a proxy user when using an Oracle database and there was no way to get the standard re-login behavior. There is now. authtier="database" works the same with all databases now: it re-logs in unless the requested user is the one that the database connection is currently logged in as. To get the proxy-user behaviour, authtier="proxied" must now be used.

ODBC

Various ODBC-related bugs have been fixed. If you had a problem connecting to SQL Relay from an app that uses ODBC, try this release.

logrotate

A subtle bug that caused incompatibilities with the popular logrotate utility has been fixed. Logrotate can now be used to rotate any of the logs produced by SQL Relay.

listenertimeout

A long standing problem that occurred when using a listenertimeout with a threaded listener (the default) has been fixed.

PHP/Apache Weirdness

There has been a problem for a while now where, after a graceful restart, Apache workers would get stuck in the Closing Connection state after running a PHP script that used SQL Relay. This is now fixed.

Bugs

Lots of even more obscure and subtle bugs have been fixed too. Full ChangeLog follows...

  • removed erroneous SQLR_SQLExecute export in ODBC driver
  • fixed call type of internal ODBC driver functions and made them static
  • fixed --disable-API flags in configure.vbs
  • fixed bad user/password copy logic in ODBC SQLConnect function
  • added missing default implementation of sqlrservercursor::getColumnTypeName()
  • added parser debug option
  • normalize translation can convert foreign decimals now
  • updated missing-tnsnames.ora warning
  • updated sqlr-start and sqlr-scaler to run programs using fully qualified path names
  • fixed query timer in sqlrsh
  • add timer="query/command" parameter to slowqueries logger
  • added odbcversion parameter to ODBC connection
  • updated erlang api to use the C++ compiler to link (for netbsd 7.0)
  • added major-version check to node.js api for node 4.x+
  • ODBC driver's SQLGetData can deal with NULL targetvalue now
  • fixed normalize || bug
  • fixed normalize bug that removed spaces around * for "all columns" improperly
  • removed freetds warning, modern sybase has different library file names
  • updates to support python3
  • added several --disable options to the configure script for unix/linux
  • removed sqlr-fields/sqlr-query and updated sqlrsh to provide the same functionality
  • removed antiquated sqlrelay.dtd
  • moved default example directory to share/sqlrelay/examples
  • sqlrelay.conf example is installed under example directory now
  • Python DB -> Python DB-API in the docs
  • moved private members and support classes into C++ API's .cpp files
  • removed -revision during link and adopted Semantic Versioning 2.0
  • added missing get*List methods to Java API
  • removed errant information_schema views from getTableList with mysql
  • refactored listenertimeout to use timed semaphore ops and only fall back to an alarm if the system doesn't support timed sem ops and the instance isn't configured to use threads
  • fixed inode-check in logger modules - works correctly with logrotate
  • change "an error occurred" to "server closed connection" to reduce false-positives from log analyzers - "real" errors will still be reported elsewhere
  • refactored the config file parser
  • added support for kerberos authentication and encryption
  • added krb_userlist auth module
  • renamed "authentication" to "auth" (for authentication/authorization, also matches module name prefix) in config file and docs
  • removed an errant flushWriteBuffer after client auth
  • moved debugprint stuff into rudiments
  • added support for tls authentication and encryption
  • added tls_userlist auth module
  • fixed long-standing copyrefs bug
  • when calling after-triggers, "success" flag is set correctly now
  • fixed bug where after-triggers could mask failed queries
  • added support for "before and after" triggers
  • moved call to set stdinput to use blocking mode from rudiments::stdiofiledescriptor to sqlrsh, as doing it in every case caused problems with apps like Apache, which need stdin/out/err to be in non-blocking mode sometimes (fixes bug where PHP's that used the SQL Relay API would cause apache workers to hang closing connections after a graceful restart)
  • made auth_database module always re-login
  • added auth_proxied module to support Oracle's (and potentially other databases') n-tier/proxied authentication
  • fixed a long-standing bug where passwords weren't checked when switching between oracle n-tier authenticated users

Rudiments 0.55.0 Release Announcement

It's official. Version 0.55.0 of Rudiments, the C++ class library for developing systems and applications, is now available.

What's new in this release? Read on...

Security Framework

The most significant new feature is a security framework. A securitycontext may now be attached to a filedescriptor to enable encrypted reads and writes. The securitycontext class is just an interface though, and there are currently gsscontext and tlscontext implementations of it.

The gsscontext class and associated classes implement a wrapper on top of the GSSAPI on Linux/Unix and SSPI on Windows. This primarily provides Kerberos encryption and authentication, though on Windows it could be used for NTLM as well.

The tlscontext class and associated classes implement a wrapper on top of OpenSSL on Linux/Unix and, again, SSPI on Windows. This provides Transport Layer Security, or it's predecessor Secure Socket Layer, on both platforms.

See the Rudiments class reference for detailed information about all gss and tls classes. Comprehensive code examples are provided in the test directory of the source distribution as well: gssserver.cpp, gssclient.cpp, tlsserver.cpp, and tlsclient.cpp

Thread Class Improvements

The thread class has been improved a bit.

If constrained system resources cause run() to fail, it automatically retries now, and this behavior can be adjusted with the retryFailedRun()/dontRetryFailedRun() methods.

A thread can now be created in a detached state with the runDetached() method, rather than having to be detached later, which can cause a race condition.

The cancel() method has been removed now too, as it was the primary culprit in creating the aforementioned race condition, and can't be implemented on Windows at all.

Thread methods are more robust as well. They all verify that the thread is actually valid before attempting to operate on it. Not doing this caused crashes and odd behavior on some platforms.

Versioning

The keen eye might observe the uncharacteristic .0 trailing the Rudiments version number. As of this version, Rudiments has adopted Semantic Versioning for the project and Libtool Versioning for library files on Linux/Unix. Hopefully, between the two, version-compatibility should be more intuitive.

General Bug Fixes

There were a slew of bug fixes as well, though most were very obscure and difficult to encounter.

The most significant had to do with handling standard input. There was a call that placed it in blocking mode by default which wreaked odd havoc on Apache after a graceful restart when running PHP/SQLRelay apps.

Full ChangeLog follows...

  • file::open sets errno=ENOENT if the file or path wasn't found on Windows now
  • fixed a bug with filedescriptor::printf when printing to non-buffered files on Windows and Solaris 11
  • fixed a bug that caused a crash in codetree if codeposition is NULL added missing dll export clause to codetreegrammar class
  • added xmldomevents class
  • added namespace discrimination in codetree::write
  • fixed a codetree end-of-string-during-concatenation bug
  • fixed a codetree tree reset bug
  • fixed an xmlsax bug that caused text nodes with empty values to be inserted between tag nodes when there is no text between tags
  • added escapechar option to filedescriptor::read-until-terminator methods
  • added a generic securitycontext class and integrated it with filedescriptor
  • implemented GSS/SSPI and TLS/SSL children of securitycontext
  • removed old SSL integration with filedescriptor
  • updated inet/unixsocketclient to close() as the first step of connect()
  • updated charstring::to(Unsigned)Integer-with-endptr methods to have const char **endptr arguments
  • updated configure script to find erlang on openbsd 5.8
  • buffers allocated by vasprintf are free()'ed now rather than deleted
  • fixed a commandline bug that could cause it to return the next parameter for getValue() of a parameter with no value
  • fixed connect()/useBlockingMode error masking bug
  • removed -revision during link and adopted Semantic Versioning 2.0
  • added pthread_create/EAGAIN retry
  • added methods to configure and examine process::fork and thread::run retry behavior
  • thread methods test for invalid thread before operating on it now
  • charstring::split doesn't crash if list or listlength are null now
  • added debugprint header
  • removed problematic thread::cancel() method
  • added thread::runDetached() methods
  • removed useBlockingMode() call in stdio constructor as is caused problems with apps like Apache that actually need stdin/out/err to be in non-blocking mode sometimes

Tuesday, March 8, 2016

SQL Server on Linux!

It would seem that Microsoft is going to release a version of SQL Server for Linux sometime this year. You can sign up for updates and previews too.

Awesome?