diff options
| author | Michael Widenius <monty@askmonty.org> | 2011-09-26 20:26:47 +0300 |
|---|---|---|
| committer | Michael Widenius <monty@askmonty.org> | 2011-09-26 20:26:47 +0300 |
| commit | 7800d93bc3caca0143334941f626dc6aa3ff2b26 (patch) | |
| tree | 71bf2e9499d5adee68abe77d56913263b9040ba4 /sql/sql_connect.cc | |
| parent | f0c6ce9adec82ceec054b0f6e973ab1526a033c4 (diff) | |
| download | mariadb-git-7800d93bc3caca0143334941f626dc6aa3ff2b26.tar.gz | |
Allow one to block an account by using GRANT max_user_connections = -1
One can set @@global.max_user_connections to -1 to block anyone, except SUPER user, to login.
If max_user_connection is 0, one can't change it without a restart (needed to get user connections counting to work correctly)
mysql-test/r/system_mysql_db.result:
Changed max_user_connections to handle negative numbers.
mysql-test/r/user_limits-2.result:
New test case that one can't change max_user_connection if it was 0
mysql-test/r/user_limits.result:
Fixed wrong error messages.
mysql-test/r/variables.result:
Store / restore max_user_connections (needed as there is now a --master.opt file that changes it)
mysql-test/t/subselect_mat_cost-master.opt:
Enable slow query log (as this test found some errors in slow query logging)
mysql-test/t/user_limits-2.test:
New test case that one can't change max_user_connection if it was 0
mysql-test/t/user_limits-master.opt:
Set max_user_connections (as one can't change it if it was 0)
mysql-test/t/user_limits.test:
Test max_user_connections -1
mysql-test/t/variables-master.opt:
Set max_user_connections (as one can't change it if it was 0)
mysql-test/t/variables.test:
Set/restore max_user_connections
scripts/Makefile.am:
Add a text message to mysql_fix_privilege_tables.sql that it's automaticly generated
scripts/mysql_system_tables.sql:
Change max_user_connections to signed
scripts/mysql_system_tables_fix.sql:
Change max_user_connections to signed
sql/item_func.cc:
Change SHOW_INT to be signed.
(Needed for max_user_connections and it's probably a bug that it was not originally signed)
sql/log.cc:
Remove some code that was not needed (All these variables are reset at start of query)
sql/mysql_priv.h:
Made max_user_connections signed.
Added max_user_connections_checking
sql/mysqld.cc:
Added max_user_connections_checking so that we know if max_user_connections was 0 at startup
(Which means that we will not do connection counting for accounts that don't have user resource limits)
Set thd->start_utime at same time as thr_create_utime. (Before start_utime could be < thr_create_utime which lead to wrong query counting)
sql/set_var.cc:
Don't allow one to change 'max_user_connections' if it was 0 at startup.
sql/sql_acl.cc:
Change user_connection counting to be negative.
sql/sql_connect.cc:
If max_user_connections is < 0 then only SUPER user can login.
Fixed wrong variable names for error messages.
Fixed wrong initial value for questions.
Set thd->start_utime and thd->thr_create_utime at startup. Needed to get time_out_user_resource_limits() to work.
sql/sql_show.cc:
SHOW_INT is now negative
sql/sql_yacc.yy:
Support negative values for MAX_USER_CONNECTIONS
sql/structs.h:
Make user connect counting work with signed numbers.
Diffstat (limited to 'sql/sql_connect.cc')
| -rw-r--r-- | sql/sql_connect.cc | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/sql/sql_connect.cc b/sql/sql_connect.cc index 5e0ab339418..cd51fd25558 100644 --- a/sql/sql_connect.cc +++ b/sql/sql_connect.cc @@ -113,8 +113,11 @@ int check_for_max_user_connections(THD *thd, USER_CONN *uc) DBUG_ENTER("check_for_max_user_connections"); (void) pthread_mutex_lock(&LOCK_user_conn); + + /* Root is not affected by the value of max_user_connections */ if (max_user_connections && !uc->user_resources.user_conn && - max_user_connections < (uint) uc->connections) + max_user_connections < uc->connections && + !(thd->security_ctx->master_access & SUPER_ACL)) { my_error(ER_TOO_MANY_USER_CONNECTIONS, MYF(0), uc->user); goto end; @@ -202,7 +205,7 @@ void time_out_user_resource_limits(THD *thd, USER_CONN *uc) /* If more than a hour since last check, reset resource checking */ if (check_time - uc->reset_utime >= LL(3600000000)) { - uc->questions=1; + uc->questions=0; uc->updates=0; uc->conn_per_hour=0; uc->reset_utime= check_time; @@ -231,7 +234,7 @@ bool check_mqh(THD *thd, uint check_command) if (uc->user_resources.questions && uc->questions++ >= uc->user_resources.questions) { - my_error(ER_USER_LIMIT_REACHED, MYF(0), uc->user, "max_questions", + my_error(ER_USER_LIMIT_REACHED, MYF(0), uc->user, "max_queries_per_hour", (long) uc->user_resources.questions); error=1; goto end; @@ -243,7 +246,7 @@ bool check_mqh(THD *thd, uint check_command) (sql_command_flags[check_command] & CF_CHANGES_DATA) && uc->updates++ >= uc->user_resources.updates) { - my_error(ER_USER_LIMIT_REACHED, MYF(0), uc->user, "max_updates", + my_error(ER_USER_LIMIT_REACHED, MYF(0), uc->user, "max_updates_per_hour", (long) uc->user_resources.updates); error=1; goto end; @@ -1131,6 +1134,8 @@ pthread_handler_t handle_one_connection(void *arg) THD *thd= (THD*) arg; thd->thr_create_utime= microsecond_interval_timer(); + /* We need to set this because of time_out_user_resource_limits */ + thd->start_utime= thd->thr_create_utime; if (thread_scheduler.init_new_connection_thread()) { |