Merge 10.3 into 10.4

7 files changed, 117 insertions, 26 deletions

diff --git a/plugin/auth_gssapi/CMakeLists.txt b/plugin/auth_gssapi/CMakeLists.txt
index bca4f5af3a1..4d3718dd471 100644
--- a/plugin/auth_gssapi/CMakeLists.txt
+++ b/plugin/auth_gssapi/CMakeLists.txt
@@ -18,6 +18,11 @@ ELSE()
    SET(GSSAPI_SERVER gssapi_server.cc)
    SET(GSSAPI_ERRMSG gssapi_errmsg.cc)
 
+   IF(APPLE)
+     SET_SOURCE_FILES_PROPERTIES(
+       ${GSSAPI_CLIENT} ${GSSAPI_SERVER} ${GSSAPI_ERRMSG}
+       PROPERTY COMPILE_FLAGS "-Wno-deprecated-declarations")
+   ENDIF()
    SET(CMAKE_REQUIRED_INCLUDES ${GSSAPI_INCS})
    SET(CMAKE_REQUIRED_LIBRARIES ${GSSAPI_LIBS})
    INCLUDE(CheckCXXSymbolExists)
diff --git a/plugin/auth_pam/CMakeLists.txt b/plugin/auth_pam/CMakeLists.txt
index 93ac29cd425..d89b8591a8f 100644
--- a/plugin/auth_pam/CMakeLists.txt
+++ b/plugin/auth_pam/CMakeLists.txt
@@ -5,27 +5,35 @@ CHECK_INCLUDE_FILES (security/pam_ext.h  HAVE_PAM_EXT_H)
 CHECK_INCLUDE_FILES (security/pam_appl.h HAVE_PAM_APPL_H)
 CHECK_FUNCTION_EXISTS (strndup HAVE_STRNDUP)
 
+INCLUDE_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR})
+
+# Check whether getgrouplist uses git_t for second and third arguments.
+SET(CMAKE_REQUIRED_FLAGS -Werror)
+CHECK_C_SOURCE_COMPILES(
+"
+#include <grp.h>
+#include <unistd.h>
+int main() {
+  char *arg_1;
+  gid_t arg_2, arg_3;
+  int arg_4;
+  (void)getgrouplist(arg_1,arg_2,&arg_3,&arg_4);
+  return 0;
+}
+"
+HAVE_POSIX_GETGROUPLIST
+)
+SET(CMAKE_REQUIRED_FLAGS)
+
 SET(CMAKE_REQUIRED_LIBRARIES pam)
 CHECK_FUNCTION_EXISTS(pam_syslog HAVE_PAM_SYSLOG)
 SET(CMAKE_REQUIRED_LIBRARIES)
 
-IF(HAVE_PAM_SYSLOG)
-  ADD_DEFINITIONS(-DHAVE_PAM_SYSLOG)
-ENDIF()
-
-IF(HAVE_PAM_EXT_H)
-  ADD_DEFINITIONS(-DHAVE_PAM_EXT_H)
-ENDIF()
-
 IF(HAVE_PAM_APPL_H)
-  ADD_DEFINITIONS(-DHAVE_PAM_APPL_H)
-  IF(HAVE_STRNDUP)
-    ADD_DEFINITIONS(-DHAVE_STRNDUP)
-  ENDIF(HAVE_STRNDUP)
   FIND_LIBRARY(PAM_LIBRARY pam) # for srpm build-depends detection
   ADD_DEFINITIONS(-D_GNU_SOURCE)
   MYSQL_ADD_PLUGIN(auth_pam_v1 auth_pam_v1.c LINK_LIBRARIES pam MODULE_ONLY)
-  MYSQL_ADD_PLUGIN(auth_pam auth_pam.c LINK_LIBRARIES pam ${LIBDL} MODULE_ONLY)
+  MYSQL_ADD_PLUGIN(auth_pam auth_pam.c LINK_LIBRARIES pam ${CMAKE_DL_LIBS} MODULE_ONLY)
   IF (TARGET auth_pam)
     MYSQL_ADD_EXECUTABLE(auth_pam_tool auth_pam_tool.c DESTINATION ${INSTALL_PLUGINDIR}/auth_pam_tool_dir COMPONENT Server)
     TARGET_LINK_LIBRARIES(auth_pam_tool pam)
@@ -47,3 +55,6 @@ IF(HAVE_PAM_APPL_H)
     ENDIF()
   ENDIF()
 ENDIF(HAVE_PAM_APPL_H)
+
+CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/config.h.cmake
+               ${CMAKE_CURRENT_BINARY_DIR}/config_auth_pam.h)
diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c
index c1c05bba216..35272c6b7cd 100644
--- a/plugin/auth_pam/auth_pam.c
+++ b/plugin/auth_pam/auth_pam.c
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2011, 2019, MariaDB Corporation.
+   Copyright (c) 2011, 2020, MariaDB Corporation.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -15,6 +15,7 @@
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */
 
 
+#include <config_auth_pam.h>
 #include <unistd.h>
 #include <string.h>
 #include <sys/types.h>
diff --git a/plugin/auth_pam/auth_pam_base.c b/plugin/auth_pam/auth_pam_base.c
index cdaafa58b98..1e8f4a08def 100644
--- a/plugin/auth_pam/auth_pam_base.c
+++ b/plugin/auth_pam/auth_pam_base.c
@@ -30,6 +30,7 @@
   static int read_packet(struct param *param, unsigned char **pkt)
 */
 
+#include <config_auth_pam.h>
 #include <stdio.h>
 #include <string.h>
 #include <security/pam_appl.h>
diff --git a/plugin/auth_pam/config.h.cmake b/plugin/auth_pam/config.h.cmake
new file mode 100644
index 00000000000..2a60e99d52c
--- /dev/null
+++ b/plugin/auth_pam/config.h.cmake
@@ -0,0 +1,5 @@
+#cmakedefine HAVE_POSIX_GETGROUPLIST 1
+#cmakedefine HAVE_PAM_SYSLOG 1
+#cmakedefine HAVE_PAM_EXT_H 1
+#cmakedefine HAVE_PAM_APPL_H 1
+#cmakedefine HAVE_STRNDUP 1
diff --git a/plugin/auth_pam/mapper/pam_user_map.c b/plugin/auth_pam/mapper/pam_user_map.c
index 9d7ed53f8b1..fa8d9ae08c1 100644
--- a/plugin/auth_pam/mapper/pam_user_map.c
+++ b/plugin/auth_pam/mapper/pam_user_map.c
@@ -31,6 +31,7 @@ These comments are written to the syslog as 'authpriv.debug'
 and usually end up in /var/log/secure file.
 */
 
+#include <config_auth_pam.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <ctype.h>
@@ -70,10 +71,16 @@ pam_syslog (const pam_handle_t *pamh, int priority,
 #define GROUP_BUFFER_SIZE 100
 static const char debug_keyword[]= "debug";
 
-static int populate_user_groups(const char *user, gid_t **groups)
+#ifdef HAVE_POSIX_GETGROUPLIST
+typedef gid_t my_gid_t;
+#else
+typedef int my_gid_t;
+#endif
+
+static int populate_user_groups(const char *user, my_gid_t **groups)
 {
-  gid_t user_group_id;
-  gid_t *loc_groups= *groups;
+  my_gid_t user_group_id;
+  my_gid_t *loc_groups= *groups;
   int ng;
 
   {
@@ -88,22 +95,23 @@ static int populate_user_groups(const char *user, gid_t **groups)
   {
     /* The rare case when the user is present in more than */
     /* GROUP_BUFFER_SIZE groups.                           */
-    loc_groups= (gid_t *) malloc(ng * sizeof (gid_t));
+    loc_groups= (my_gid_t *) malloc(ng * sizeof (my_gid_t));
+
     if (!loc_groups)
       return 0;
 
     (void) getgrouplist(user, user_group_id, loc_groups, &ng);
-    *groups= loc_groups;
+    *groups= (my_gid_t*)loc_groups;
   }
 
   return ng;
 }
 
 
-static int user_in_group(const gid_t *user_groups, int ng,const char *group)
+static int user_in_group(const my_gid_t *user_groups, int ng,const char *group)
 {
-  gid_t group_id;
-  const gid_t *groups_end = user_groups + ng;
+  my_gid_t group_id;
+  const my_gid_t *groups_end = user_groups + ng;
 
   {
     struct group *g= getgrnam(group);
@@ -122,7 +130,7 @@ static int user_in_group(const gid_t *user_groups, int ng,const char *group)
 }
 
 
-static void print_groups(pam_handle_t *pamh, const gid_t *user_groups, int ng)
+static void print_groups(pam_handle_t *pamh, const my_gid_t *user_groups, int ng)
 {
   char buf[256];
   char *c_buf= buf, *buf_end= buf+sizeof(buf)-2;
@@ -158,8 +166,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
   const char *username;
   char buf[256];
   FILE *f;
-  gid_t group_buffer[GROUP_BUFFER_SIZE];
-  gid_t *groups= group_buffer;
+  my_gid_t group_buffer[GROUP_BUFFER_SIZE];
+  my_gid_t *groups= group_buffer;
   int n_groups= -1;
 
   for (; argc > 0; argc--) 
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c
index 4a6757aee90..30acfa3d6f6 100644
--- a/plugin/server_audit/server_audit.c
+++ b/plugin/server_audit/server_audit.c
@@ -16,7 +16,7 @@
 
 
 #define PLUGIN_VERSION 0x104
-#define PLUGIN_STR_VERSION "1.4.8"
+#define PLUGIN_STR_VERSION "1.4.10"
 
 #define _my_thread_var loc_thread_var
 
@@ -327,6 +327,10 @@ struct connection_info
   char query_buffer[1024];
   time_t query_time;
   int log_always;
+  char proxy[64];
+  int proxy_length;
+  char proxy_host[64];
+  int proxy_host_length;
 };
 
 #define DEFAULT_FILENAME_LEN 16
@@ -1131,9 +1135,13 @@ static void setup_connection_simple(struct connection_info *ci)
   ci->ip_length= 0;
   ci->query_length= 0;
   ci->header= 0;
+  ci->proxy_length= 0;
 }
 
 
+#define MAX_HOSTNAME 61
+#define USERNAME_LENGTH 384
+
 static void setup_connection_connect(struct connection_info *cn,
     const struct mysql_event_connection *event)
 {
@@ -1150,6 +1158,29 @@ static void setup_connection_connect(struct connection_info *cn,
   get_str_n(cn->ip, &cn->ip_length, sizeof(cn->ip),
             event->ip, event->ip_length);
   cn->header= 0;
+  if (event->proxy_user && event->proxy_user[0])
+  {
+    const char *priv_host= event->proxy_user +
+            sizeof(char[MAX_HOSTNAME+USERNAME_LENGTH+5]);
+    size_t priv_host_length;
+
+    if (mysql_57_started)
+    {
+      priv_host+= sizeof(size_t);
+      priv_host_length= *(size_t *) (priv_host + MAX_HOSTNAME);
+    }
+    else
+      priv_host_length= strlen(priv_host);
+
+
+    get_str_n(cn->proxy, &cn->proxy_length, sizeof(cn->proxy),
+              event->priv_user, event->priv_user_length);
+    get_str_n(cn->proxy_host, &cn->proxy_host_length,
+              sizeof(cn->proxy_host),
+              priv_host, priv_host_length);
+  }
+  else
+    cn->proxy_length= 0;
 }
 
 
@@ -1349,6 +1380,31 @@ static size_t log_header(char *message, size_t message_len,
 }
 
 
+static int log_proxy(const struct connection_info *cn,
+                     const struct mysql_event_connection *event)
+                   
+{
+  time_t ctime;
+  size_t csize;
+  char message[1024];
+
+  (void) time(&ctime);
+  csize= log_header(message, sizeof(message)-1, &ctime,
+                    servhost, servhost_len,
+                    cn->user, cn->user_length,
+                    cn->host, cn->host_length,
+                    cn->ip, cn->ip_length,
+                    event->thread_id, 0, "PROXY_CONNECT");
+  csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
+    ",%.*s,`%.*s`@`%.*s`,%d", cn->db_length, cn->db,
+                     cn->proxy_length, cn->proxy,
+                     cn->proxy_host_length, cn->proxy_host,
+                     event->status);
+  message[csize]= '\n';
+  return write_log(message, csize + 1, 1);
+}
+
+
 static int log_connection(const struct connection_info *cn,
                           const struct mysql_event_connection *event,
                           const char *type)
@@ -2010,9 +2066,13 @@ static void update_connection_info(struct connection_info *cn,
     {
       case MYSQL_AUDIT_CONNECTION_CONNECT:
         setup_connection_connect(cn, event);
+        if (event->status == 0 && event->proxy_user && event->proxy_user[0])
+          log_proxy(cn, event);
         break;
       case MYSQL_AUDIT_CONNECTION_CHANGE_USER:
         *after_action= AA_CHANGE_USER;
+        if (event->proxy_user && event->proxy_user[0])
+          log_proxy(cn, event);
         break;
       default:;
     }