Merge mariadb-5.5 -> 10.0-base.

5 files changed, 129 insertions, 34 deletions

diff --git a/plugin/audit_null/audit_null.c b/plugin/audit_null/audit_null.c
index 469e5ae494c..be0c70fbd35 100644
--- a/plugin/audit_null/audit_null.c
+++ b/plugin/audit_null/audit_null.c
@@ -145,7 +145,7 @@ mysql_declare_plugin(audit_null)
 {
   MYSQL_AUDIT_PLUGIN,         /* type                            */
   &audit_null_descriptor,     /* descriptor                      */
-  "NULL_AUDIT",               /* name                            */
+  "AUDIT_NULL",               /* name                            */
   "Oracle Corp",              /* author                          */
   "Simple NULL Audit",        /* description                     */
   PLUGIN_LICENSE_GPL,
diff --git a/plugin/auth_pam/mapper/pam_user_map.c b/plugin/auth_pam/mapper/pam_user_map.c
new file mode 100644
index 00000000000..e73ab6de544
--- /dev/null
+++ b/plugin/auth_pam/mapper/pam_user_map.c
@@ -0,0 +1,93 @@
+/*
+  Pam module to change user names arbitrarily in the pam stack.
+
+  Compile as
+  
+     gcc pam_user_map.c -shared -lpam -fPIC -o pam_user_map.so
+
+  Install as appropriate (for example, in /lib/security/).
+  Add to your /etc/pam.d/mysql (preferrably, at the end) this line:
+=========================================================
+auth            required        pam_user_map.so
+=========================================================
+
+  And create /etc/security/user_map.conf with the desired mapping
+  in the format:  orig_user_name: mapped_user_name
+=========================================================
+#comments and emty lines are ignored
+john: jack
+bob:  admin
+top:  accounting
+=========================================================
+
+*/
+
+#include <stdio.h>
+#include <syslog.h>
+#include <security/pam_modules.h>
+
+#define FILENAME "/etc/security/user_map.conf"
+#define skip(what) while (*s && (what)) s++
+
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+    int argc, const char *argv[])
+{
+  int pam_err, line= 0;
+  const char *username;
+  char buf[256];
+  FILE *f;
+
+  f= fopen(FILENAME, "r");
+  if (f == NULL)
+  {
+    pam_syslog(pamh, LOG_ERR, "Cannot open '%s'\n", FILENAME);
+    return PAM_SYSTEM_ERR;
+  }
+
+  pam_err = pam_get_item(pamh, PAM_USER, (const void**)&username);
+  if (pam_err != PAM_SUCCESS)
+    goto ret;
+
+  while (fgets(buf, sizeof(buf), f) != NULL)
+  {
+    char *s= buf, *from, *to, *end_from, *end_to;
+    line++;
+
+    skip(isspace(*s));
+    if (*s == '#' || *s == 0) continue;
+    from= s;
+    skip(isalnum(*s) || (*s == '_'));
+    end_from= s;
+    skip(isspace(*s));
+    if (end_from == from || *s++ != ':') goto syntax_error;
+    skip(isspace(*s));
+    to= s;
+    skip(isalnum(*s) || (*s == '_'));
+    end_to= s;
+    if (end_to == to) goto syntax_error;
+
+    *end_from= *end_to= 0;
+    if (strcmp(username, from) == 0)
+    {
+      pam_err= pam_set_item(pamh, PAM_USER, to);
+      goto ret;
+    }
+  }
+  pam_err= PAM_SUCCESS;
+  goto ret;
+
+syntax_error:
+  pam_syslog(pamh, LOG_ERR, "Syntax error at %s:%d", FILENAME, line);
+  pam_err= PAM_SYSTEM_ERR;
+ret:
+  fclose(f);
+  return pam_err;
+}
+
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+                   int argc, const char *argv[])
+{
+
+    return PAM_SUCCESS;
+}
+
diff --git a/plugin/auth_pam/testing/pam_mariadb_mtr.c b/plugin/auth_pam/testing/pam_mariadb_mtr.c
index 8ad1e18e696..473ec246fe0 100644
--- a/plugin/auth_pam/testing/pam_mariadb_mtr.c
+++ b/plugin/auth_pam/testing/pam_mariadb_mtr.c
@@ -12,7 +12,7 @@
   Create /etc/pam.d/mariadb_mtr with
 =========================================================
 auth            required        pam_mariadb_mtr.so pam_test
-account         required        pam_mariadb_mtr.so
+account         required        pam_permit.so
 =========================================================
 */
 
@@ -23,9 +23,8 @@ account         required        pam_mariadb_mtr.so
 
 #define N 3
 
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags,
-    int argc, const char *argv[])
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+                        int argc, const char *argv[])
 {
   struct pam_conv *conv;
   struct pam_response *resp = 0;
@@ -71,17 +70,8 @@ ret:
   return retval;
 }
 
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags,
-    int argc, const char *argv[])
-{
-
-    return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
-    int argc, const char *argv[])
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+                   int argc, const char *argv[])
 {
 
     return PAM_SUCCESS;
diff --git a/plugin/feedback/CMakeLists.txt b/plugin/feedback/CMakeLists.txt
index 627e4d643fb..3e14ef3918b 100644
--- a/plugin/feedback/CMakeLists.txt
+++ b/plugin/feedback/CMakeLists.txt
@@ -1,9 +1,11 @@
 INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/sql ${CMAKE_SOURCE_DIR}/regex
-                    ${CMAKE_SOURCE_DIR}/extra/yassl/include)
+                    ${SSL_INCLUDE_DIRS})
 
 SET(FEEDBACK_SOURCES feedback.cc sender_thread.cc
     url_base.cc url_http.cc utils.cc)
 
+ADD_DEFINITIONS(${SSL_DEFINES})
+
 INCLUDE (CheckIncludeFiles)
 CHECK_INCLUDE_FILES (netdb.h HAVE_NETDB_H)
 IF(HAVE_NETDB_H)
@@ -11,8 +13,10 @@ IF(HAVE_NETDB_H)
 ENDIF(HAVE_NETDB_H)
 
 IF(WIN32)
-  #SET(FEEDBACK_LIBS Ws2_32)
-  MYSQL_ADD_PLUGIN(FEEDBACK ${FEEDBACK_SOURCES} STATIC_ONLY DEFAULT)
+  MYSQL_ADD_PLUGIN(FEEDBACK ${FEEDBACK_SOURCES}
+    LINK_LIBRARIES ${SSL_LIBRARIES}
+    STATIC_ONLY DEFAULT)
 ELSE(WIN32)
-  MYSQL_ADD_PLUGIN(FEEDBACK ${FEEDBACK_SOURCES})
+  MYSQL_ADD_PLUGIN(FEEDBACK ${FEEDBACK_SOURCES}
+    LINK_LIBRARIES ${SSL_LIBRARIES})
 ENDIF(WIN32)
diff --git a/plugin/feedback/url_http.cc b/plugin/feedback/url_http.cc
index a9d4c5bbbaf..dd39adbf7a7 100644
--- a/plugin/feedback/url_http.cc
+++ b/plugin/feedback/url_http.cc
@@ -29,12 +29,6 @@ namespace feedback {
 static const uint FOR_READING= 0;
 static const uint FOR_WRITING= 1;
 
-#ifdef MARIADB_BASE_VERSION
-#define ssl_connect(A,B,C,D) sslconnect(A,B,C,D)
-#else
-#define ssl_connect(A,B,C,D) sslconnect(A,B,C)
-#endif
-
 /**
   implementation of the Url class that sends the data via HTTP POST request.
 
@@ -199,12 +193,23 @@ int Url_http::send(const char* data, size_t data_length)
   struct st_VioSSLFd *UNINIT_VAR(ssl_fd);
   if (ssl)
   {
-    buf[0]= 0;
-    if (!(ssl_fd= new_VioSSLConnectorFd(0, 0, 0, 0, 0)) ||
-        ssl_connect(ssl_fd, vio, send_timeout, buf))
+    enum enum_ssl_init_error ssl_init_error= SSL_INITERR_NOERROR;
+    ulong ssl_error= 0;
+    if (!(ssl_fd= new_VioSSLConnectorFd(0, 0, 0, 0, 0, &ssl_init_error)) ||
+        sslconnect(ssl_fd, vio, send_timeout, &ssl_error))
     {
+      const char *err;
+      if (ssl_init_error != SSL_INITERR_NOERROR)
+        err= sslGetErrString(ssl_init_error);
+      else
+      {
+        ERR_error_string_n(ssl_error, buf, sizeof(buf));
+        buf[sizeof(buf)-1]= 0;
+        err= buf;
+      }
+
       sql_print_error("feedback plugin: ssl failed for url '%s' %s",
-                      full_url.str, buf);
+                      full_url.str, err);
       if (ssl_fd)
         free_vio_ssl_acceptor_fd(ssl_fd);
       closesocket(fd);
@@ -256,18 +261,21 @@ int Url_http::send(const char* data, size_t data_length)
       Extract the first string between <h1>...</h1> tags
       and put it as a server reply into the error log.
     */
+    len= 0;
     for (;;)
     {
-      size_t i= vio_read(vio, (uchar*)buf + len, sizeof(buf) - len - 1);
+      size_t i= sizeof(buf) - len - 1;
+      if (i)
+        i= vio_read(vio, (uchar*)buf + len, i);
       if ((int)i <= 0)
         break;
       len+= i;
     }
-    if (len && len < sizeof(buf))
+    if (len)
     {
       char *from;
 
-      buf[len+1]= 0; // safety
+      buf[len]= 0; // safety
 
       if ((from= strstr(buf, "<h1>")))
       {
@@ -296,7 +304,7 @@ int Url_http::send(const char* data, size_t data_length)
   if (ssl)
   {
     SSL_CTX_free(ssl_fd->ssl_context);
-    my_free(ssl_fd, MYF(0));
+    my_free(ssl_fd);
   }
 #endif