summaryrefslogtreecommitdiff
path: root/sql/set_var.cc
diff options
context:
space:
mode:
authorMichael Widenius <monty@askmonty.org>2011-09-26 20:26:47 +0300
committerMichael Widenius <monty@askmonty.org>2011-09-26 20:26:47 +0300
commit7800d93bc3caca0143334941f626dc6aa3ff2b26 (patch)
tree71bf2e9499d5adee68abe77d56913263b9040ba4 /sql/set_var.cc
parentf0c6ce9adec82ceec054b0f6e973ab1526a033c4 (diff)
downloadmariadb-git-7800d93bc3caca0143334941f626dc6aa3ff2b26.tar.gz
Allow one to block an account by using GRANT max_user_connections = -1
One can set @@global.max_user_connections to -1 to block anyone, except SUPER user, to login. If max_user_connection is 0, one can't change it without a restart (needed to get user connections counting to work correctly) mysql-test/r/system_mysql_db.result: Changed max_user_connections to handle negative numbers. mysql-test/r/user_limits-2.result: New test case that one can't change max_user_connection if it was 0 mysql-test/r/user_limits.result: Fixed wrong error messages. mysql-test/r/variables.result: Store / restore max_user_connections (needed as there is now a --master.opt file that changes it) mysql-test/t/subselect_mat_cost-master.opt: Enable slow query log (as this test found some errors in slow query logging) mysql-test/t/user_limits-2.test: New test case that one can't change max_user_connection if it was 0 mysql-test/t/user_limits-master.opt: Set max_user_connections (as one can't change it if it was 0) mysql-test/t/user_limits.test: Test max_user_connections -1 mysql-test/t/variables-master.opt: Set max_user_connections (as one can't change it if it was 0) mysql-test/t/variables.test: Set/restore max_user_connections scripts/Makefile.am: Add a text message to mysql_fix_privilege_tables.sql that it's automaticly generated scripts/mysql_system_tables.sql: Change max_user_connections to signed scripts/mysql_system_tables_fix.sql: Change max_user_connections to signed sql/item_func.cc: Change SHOW_INT to be signed. (Needed for max_user_connections and it's probably a bug that it was not originally signed) sql/log.cc: Remove some code that was not needed (All these variables are reset at start of query) sql/mysql_priv.h: Made max_user_connections signed. Added max_user_connections_checking sql/mysqld.cc: Added max_user_connections_checking so that we know if max_user_connections was 0 at startup (Which means that we will not do connection counting for accounts that don't have user resource limits) Set thd->start_utime at same time as thr_create_utime. (Before start_utime could be < thr_create_utime which lead to wrong query counting) sql/set_var.cc: Don't allow one to change 'max_user_connections' if it was 0 at startup. sql/sql_acl.cc: Change user_connection counting to be negative. sql/sql_connect.cc: If max_user_connections is < 0 then only SUPER user can login. Fixed wrong variable names for error messages. Fixed wrong initial value for questions. Set thd->start_utime and thd->thr_create_utime at startup. Needed to get time_out_user_resource_limits() to work. sql/sql_show.cc: SHOW_INT is now negative sql/sql_yacc.yy: Support negative values for MAX_USER_CONNECTIONS sql/structs.h: Make user connect counting work with signed numbers.
Diffstat (limited to 'sql/set_var.cc')
-rw-r--r--sql/set_var.cc14
1 files changed, 13 insertions, 1 deletions
diff --git a/sql/set_var.cc b/sql/set_var.cc
index 0a06b3254f6..10f3e20cc86 100644
--- a/sql/set_var.cc
+++ b/sql/set_var.cc
@@ -3082,7 +3082,19 @@ void sys_var_thd_time_zone::set_default(THD *thd, enum_var_type type)
bool sys_var_max_user_conn::check(THD *thd, set_var *var)
{
if (var->type == OPT_GLOBAL)
+ {
+ if (! max_user_connections_checking)
+ {
+ /*
+ We can't change the value of max_user_connections from 0 as then
+ connect counting would be wrong.
+ */
+ my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0),
+ "--max-user-connections=0");
+ return TRUE;
+ }
return sys_var_thd::check(thd, var);
+ }
else
{
/*
@@ -3098,7 +3110,7 @@ bool sys_var_max_user_conn::update(THD *thd, set_var *var)
{
DBUG_ASSERT(var->type == OPT_GLOBAL);
pthread_mutex_lock(&LOCK_global_system_variables);
- max_user_connections= (uint)var->save_result.ulonglong_value;
+ max_user_connections= (int) var->save_result.ulonglong_value;
pthread_mutex_unlock(&LOCK_global_system_variables);
return 0;
}