diff options
author | Marko Mäkelä <marko.makela@mariadb.com> | 2019-07-02 21:44:58 +0300 |
---|---|---|
committer | Marko Mäkelä <marko.makela@mariadb.com> | 2019-07-02 21:44:58 +0300 |
commit | 7a3d34d6456ed719da62a896e5ac6e983b72f3d8 (patch) | |
tree | 38dc1133cd53a366e7a851cfba6dad1269dcd5a1 /plugin | |
parent | faeaf978b8c1deaa61d7d408fa6cb4ed03bfcfa3 (diff) | |
parent | 1d45b3b055511d58c1e820ad497793f30871586e (diff) | |
download | mariadb-git-7a3d34d6456ed719da62a896e5ac6e983b72f3d8.tar.gz |
Merge 10.3 into 10.4
Diffstat (limited to 'plugin')
-rw-r--r-- | plugin/disks/information_schema_disks.cc | 12 | ||||
-rw-r--r-- | plugin/disks/mysql-test/disks/disks_notembedded.result | 22 | ||||
-rw-r--r-- | plugin/disks/mysql-test/disks/disks_notembedded.test | 25 | ||||
-rw-r--r-- | plugin/server_audit/server_audit.c | 111 |
4 files changed, 123 insertions, 47 deletions
diff --git a/plugin/disks/information_schema_disks.cc b/plugin/disks/information_schema_disks.cc index 54dbb25b101..9b1b6c0fe69 100644 --- a/plugin/disks/information_schema_disks.cc +++ b/plugin/disks/information_schema_disks.cc @@ -1,5 +1,5 @@ /* - Copyright (c) 2017, MariaDB + Copyright (c) 2017, 2019, MariaDB This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,6 +20,7 @@ #include <mntent.h> #include <sql_class.h> #include <table.h> +#include <sql_acl.h> /* check_global_access() */ bool schema_table_store_record(THD *thd, TABLE *table); @@ -84,6 +85,9 @@ int disks_fill_table(THD* pThd, TABLE_LIST* pTables, Item* pCond) int rv = 1; TABLE* pTable = pTables->table; + if (check_global_access(pThd, FILE_ACL, true)) + return 0; + FILE* pFile = setmntent("/etc/mtab", "r"); if (pFile) @@ -145,11 +149,11 @@ maria_declare_plugin(disks) PLUGIN_LICENSE_GPL, /* license type */ disks_table_init, /* init function */ NULL, /* deinit function */ - 0x0100, /* version = 1.0 */ + 0x0101, /* version = 1.1 */ NULL, /* no status variables */ NULL, /* no system variables */ - "1.0", /* String version representation */ - MariaDB_PLUGIN_MATURITY_GAMMA /* Maturity (see include/mysql/plugin.h)*/ + "1.1", /* String version representation */ + MariaDB_PLUGIN_MATURITY_STABLE /* Maturity (see include/mysql/plugin.h)*/ } mysql_declare_plugin_end; diff --git a/plugin/disks/mysql-test/disks/disks_notembedded.result b/plugin/disks/mysql-test/disks/disks_notembedded.result new file mode 100644 index 00000000000..974294744cc --- /dev/null +++ b/plugin/disks/mysql-test/disks/disks_notembedded.result @@ -0,0 +1,22 @@ +# +# MDEV-18328: Make DISKS plugin check some privilege to access +# information_schema.DISKS table +# +CREATE USER user1@localhost; +GRANT SELECT ON *.* TO user1@localhost; +connect con1,localhost,user1,,; +connection con1; +select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks; +sum(Total) > sum(Available) sum(Total)>sum(Used) +NULL NULL +disconnect con1; +connection default; +GRANT FILE ON *.* TO user1@localhost; +connect con1,localhost,user1,,; +connection con1; +select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks; +sum(Total) > sum(Available) sum(Total)>sum(Used) +1 1 +connection default; +DROP USER user1@localhost; +# End of 10.1 tests diff --git a/plugin/disks/mysql-test/disks/disks_notembedded.test b/plugin/disks/mysql-test/disks/disks_notembedded.test new file mode 100644 index 00000000000..a0f6c2e5887 --- /dev/null +++ b/plugin/disks/mysql-test/disks/disks_notembedded.test @@ -0,0 +1,25 @@ +source include/not_embedded.inc; + +--echo # +--echo # MDEV-18328: Make DISKS plugin check some privilege to access +--echo # information_schema.DISKS table +--echo # + +CREATE USER user1@localhost; +GRANT SELECT ON *.* TO user1@localhost; + +connect (con1,localhost,user1,,); +connection con1; +select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks; +disconnect con1; + +connection default; +GRANT FILE ON *.* TO user1@localhost; + +connect (con1,localhost,user1,,); +connection con1; +select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks; +connection default; +DROP USER user1@localhost; + +--echo # End of 10.1 tests diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index e0504a0a24c..d54203544d4 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -1,4 +1,5 @@ /* Copyright (C) 2013, 2015, Alexey Botchkov and SkySQL Ab + Copyright (c) 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,7 +16,7 @@ #define PLUGIN_VERSION 0x104 -#define PLUGIN_STR_VERSION "1.4.6" +#define PLUGIN_STR_VERSION "1.4.7" #define _my_thread_var loc_thread_var @@ -290,7 +291,7 @@ static unsigned long long file_rotate_size; static unsigned int rotations; static my_bool rotate= TRUE; static char logging; -static int internal_stop_logging= 0; +static volatile int internal_stop_logging= 0; static char incl_user_buffer[1024]; static char excl_user_buffer[1024]; static char *big_buffer= NULL; @@ -536,16 +537,20 @@ static struct st_mysql_show_var audit_status[]= #if defined(HAVE_PSI_INTERFACE) && !defined(FLOGGER_NO_PSI) /* These belong to the service initialization */ static PSI_mutex_key key_LOCK_operations; +static PSI_mutex_key key_LOCK_atomic; static PSI_mutex_key key_LOCK_bigbuffer; static PSI_mutex_info mutex_key_list[]= { { &key_LOCK_operations, "SERVER_AUDIT_plugin::lock_operations", PSI_FLAG_GLOBAL}, + { &key_LOCK_atomic, "SERVER_AUDIT_plugin::lock_atomic", + PSI_FLAG_GLOBAL}, { &key_LOCK_bigbuffer, "SERVER_AUDIT_plugin::lock_bigbuffer", PSI_FLAG_GLOBAL} }; #endif static mysql_mutex_t lock_operations; +static mysql_mutex_t lock_atomic; static mysql_mutex_t lock_bigbuffer; /* The Percona server and partly MySQL don't support */ @@ -556,6 +561,14 @@ static mysql_mutex_t lock_bigbuffer; /* worths doing. */ #define CLIENT_ERROR if (!started_mysql) my_printf_error +#define ADD_ATOMIC(x, a) \ + do { \ + flogger_mutex_lock(&lock_atomic); \ + x+= a; \ + flogger_mutex_unlock(&lock_atomic); \ + } while (0) + + static uchar *getkey_user(const char *entry, size_t *length, my_bool nu __attribute__((unused)) ) { @@ -734,20 +747,20 @@ static int user_coll_fill(struct user_coll *c, char *users, if (cmp_user && take_over_cmp) { - internal_stop_logging= 1; + ADD_ATOMIC(internal_stop_logging, 1); CLIENT_ERROR(1, "User '%.*s' was removed from the" " server_audit_excl_users.", MYF(ME_WARNING), (int) cmp_length, users); - internal_stop_logging= 0; + ADD_ATOMIC(internal_stop_logging, -1); blank_user(cmp_user); refill_cmp_coll= 1; } else if (cmp_user) { - internal_stop_logging= 1; + ADD_ATOMIC(internal_stop_logging, 1); CLIENT_ERROR(1, "User '%.*s' is in the server_audit_incl_users, " "so wasn't added.", MYF(ME_WARNING), (int) cmp_length, users); - internal_stop_logging= 0; + ADD_ATOMIC(internal_stop_logging, -1); remove_user(users); continue; } @@ -1255,23 +1268,30 @@ static void change_connection(struct connection_info *cn, event->ip, event->ip_length); } -static int write_log(const char *message, size_t len) +static int write_log(const char *message, size_t len, int take_lock) { + int result= 0; + if (take_lock) + flogger_mutex_lock(&lock_operations); + if (output_type == OUTPUT_FILE) { if (logfile && - (is_active= (logger_write(logfile, message, len) == (int)len))) - return 0; + (is_active= (logger_write(logfile, message, len) == (int) len))) + goto exit; ++log_write_failures; - return 1; + result= 1; } else if (output_type == OUTPUT_SYSLOG) { syslog(syslog_facility_codes[syslog_facility] | syslog_priority_codes[syslog_priority], - "%s %.*s", syslog_info, (int)len, message); + "%s %.*s", syslog_info, (int) len, message); } - return 0; +exit: + if (take_lock) + flogger_mutex_unlock(&lock_operations); + return result; } @@ -1330,7 +1350,7 @@ static int log_connection(const struct connection_info *cn, csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize, ",%.*s,,%d", cn->db_length, cn->db, event->status); message[csize]= '\n'; - return write_log(message, csize + 1); + return write_log(message, csize + 1, 1); } @@ -1351,7 +1371,7 @@ static int log_connection_event(const struct mysql_event_connection *event, csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize, ",%.*s,,%d", event->database.length, event->database.str, event->status); message[csize]= '\n'; - return write_log(message, csize + 1); + return write_log(message, csize + 1, 1); } @@ -1480,21 +1500,28 @@ no_password: -static int do_log_user(const char *name) +static int do_log_user(const char *name, int take_lock) { size_t len; + int result; if (!name) return 0; len= strlen(name); - if (incl_user_coll.n_users) - return coll_search(&incl_user_coll, name, len) != 0; + if (take_lock) + flogger_mutex_lock(&lock_operations); - if (excl_user_coll.n_users) - return coll_search(&excl_user_coll, name, len) == 0; + if (incl_user_coll.n_users) + result= coll_search(&incl_user_coll, name, len) != 0; + else if (excl_user_coll.n_users) + result= coll_search(&excl_user_coll, name, len) == 0; + else + result= 1; - return 1; + if (take_lock) + flogger_mutex_unlock(&lock_operations); + return result; } @@ -1591,7 +1618,7 @@ not_in_list: static int log_statement_ex(const struct connection_info *cn, time_t ev_time, unsigned long thd_id, const char *query, unsigned int query_len, - int error_code, const char *type) + int error_code, const char *type, int take_lock) { size_t csize; char message_loc[1024]; @@ -1739,7 +1766,7 @@ do_log_query: csize+= my_snprintf(message+csize, message_size - 1 - csize, "\',%d", error_code); message[csize]= '\n'; - result= write_log(message, csize + 1); + result= write_log(message, csize + 1, take_lock); if (message == big_buffer) flogger_mutex_unlock(&lock_bigbuffer); @@ -1753,7 +1780,7 @@ static int log_statement(const struct connection_info *cn, { return log_statement_ex(cn, event->general_time, event->general_thread_id, event->general_query, event->general_query_length, - event->general_error_code, type); + event->general_error_code, type, 1); } @@ -1775,7 +1802,7 @@ static int log_table(const struct connection_info *cn, ",%.*s,%.*s,",event->database.length, event->database.str, event->table.length, event->table.str); message[csize]= '\n'; - return write_log(message, csize + 1); + return write_log(message, csize + 1, 1); } @@ -1799,7 +1826,7 @@ static int log_rename(const struct connection_info *cn, event->new_database.length, event->new_database.str, event->new_table.length, event->new_table.str); message[csize]= '\n'; - return write_log(message, csize + 1); + return write_log(message, csize + 1, 1); } @@ -1991,8 +2018,6 @@ void auditing(MYSQL_THD thd, unsigned int event_class, const void *ev) if (!thd || internal_stop_logging) return; - flogger_mutex_lock(&lock_operations); - if (maria_55_started && debug_server_started && event_class == MYSQL_AUDIT_GENERAL_CLASS) { @@ -2031,7 +2056,7 @@ void auditing(MYSQL_THD thd, unsigned int event_class, const void *ev) } if (event_class == MYSQL_AUDIT_GENERAL_CLASS && FILTER(EVENT_QUERY) && - cn && (cn->log_always || do_log_user(cn->user))) + cn && (cn->log_always || do_log_user(cn->user, 1))) { const struct mysql_event_general *event = (const struct mysql_event_general *) ev; @@ -2051,7 +2076,7 @@ void auditing(MYSQL_THD thd, unsigned int event_class, const void *ev) { const struct mysql_event_table *event = (const struct mysql_event_table *) ev; - if (do_log_user(event->user)) + if (do_log_user(event->user, 1)) { switch (event->event_subclass) { @@ -2115,7 +2140,6 @@ exit_func: break; } } - flogger_mutex_unlock(&lock_operations); } @@ -2384,6 +2408,7 @@ static int server_audit_init(void *p __attribute__((unused))) PSI_server->register_mutex("server_audit", mutex_key_list, 1); #endif flogger_mutex_init(key_LOCK_operations, &lock_operations, MY_MUTEX_INIT_FAST); + flogger_mutex_init(key_LOCK_operations, &lock_atomic, MY_MUTEX_INIT_FAST); flogger_mutex_init(key_LOCK_operations, &lock_bigbuffer, MY_MUTEX_INIT_FAST); coll_init(&incl_user_coll); @@ -2471,6 +2496,7 @@ static int server_audit_deinit(void *p __attribute__((unused))) (void) free(big_buffer); flogger_mutex_destroy(&lock_operations); + flogger_mutex_destroy(&lock_atomic); flogger_mutex_destroy(&lock_bigbuffer); error_header(); @@ -2563,7 +2589,7 @@ static void log_current_query(MYSQL_THD thd) { cn->log_always= 1; log_statement_ex(cn, cn->query_time, thd_get_thread_id(thd), - cn->query, cn->query_length, 0, "QUERY"); + cn->query, cn->query_length, 0, "QUERY", 0); cn->log_always= 0; } } @@ -2575,12 +2601,13 @@ static void update_file_path(MYSQL_THD thd, { char *new_name= (*(char **) save) ? *(char **) save : empty_str; - if (!maria_55_started || !debug_server_started) - flogger_mutex_lock(&lock_operations); - internal_stop_logging= 1; + ADD_ATOMIC(internal_stop_logging, 1); error_header(); fprintf(stderr, "Log file name was changed to '%s'.\n", new_name); + if (!maria_55_started || !debug_server_started) + flogger_mutex_lock(&lock_operations); + if (logging) log_current_query(thd); @@ -2589,7 +2616,6 @@ static void update_file_path(MYSQL_THD thd, char *sav_path= file_path; file_path= new_name; - internal_stop_logging= 1; stop_logging(); if (start_logging()) { @@ -2605,16 +2631,15 @@ static void update_file_path(MYSQL_THD thd, } goto exit_func; } - internal_stop_logging= 0; } strncpy(path_buffer, new_name, sizeof(path_buffer)-1); path_buffer[sizeof(path_buffer)-1]= 0; file_path= path_buffer; exit_func: - internal_stop_logging= 0; if (!maria_55_started || !debug_server_started) flogger_mutex_unlock(&lock_operations); + ADD_ATOMIC(internal_stop_logging, -1); } @@ -2745,8 +2770,8 @@ static void update_output_type(MYSQL_THD thd, if (output_type == new_output_type) return; + ADD_ATOMIC(internal_stop_logging, 1); flogger_mutex_lock(&lock_operations); - internal_stop_logging= 1; if (logging) { log_current_query(thd); @@ -2760,8 +2785,8 @@ static void update_output_type(MYSQL_THD thd, if (logging) start_logging(); - internal_stop_logging= 0; flogger_mutex_unlock(&lock_operations); + ADD_ATOMIC(internal_stop_logging, -1); } @@ -2809,9 +2834,9 @@ static void update_logging(MYSQL_THD thd, if (new_logging == logging) return; + ADD_ATOMIC(internal_stop_logging, 1); if (!maria_55_started || !debug_server_started) flogger_mutex_lock(&lock_operations); - internal_stop_logging= 1; if ((logging= new_logging)) { start_logging(); @@ -2827,9 +2852,9 @@ static void update_logging(MYSQL_THD thd, stop_logging(); } - internal_stop_logging= 0; if (!maria_55_started || !debug_server_started) flogger_mutex_unlock(&lock_operations); + ADD_ATOMIC(internal_stop_logging, -1); } @@ -2841,16 +2866,16 @@ static void update_mode(MYSQL_THD thd __attribute__((unused)), if (mode_readonly || new_mode == mode) return; + ADD_ATOMIC(internal_stop_logging, 1); if (!maria_55_started || !debug_server_started) flogger_mutex_lock(&lock_operations); - internal_stop_logging= 1; mark_always_logged(thd); error_header(); fprintf(stderr, "Logging mode was changed from %d to %d.\n", mode, new_mode); mode= new_mode; - internal_stop_logging= 0; if (!maria_55_started || !debug_server_started) flogger_mutex_unlock(&lock_operations); + ADD_ATOMIC(internal_stop_logging, -1); } |