diff options
| -rw-r--r-- | BitKeeper/etc/gone | 1 | ||||
| -rw-r--r-- | Docs/manual.texi | 93 | ||||
| -rw-r--r-- | sql/ha_berkeley.cc | 30 | ||||
| -rw-r--r-- | sql/mysqld.cc | 2 | ||||
| -rw-r--r-- | sql/sql_base.cc | 2 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 15 |
6 files changed, 110 insertions, 33 deletions
diff --git a/BitKeeper/etc/gone b/BitKeeper/etc/gone index 8cb2c630f4f..7ea90fa5f39 100644 --- a/BitKeeper/etc/gone +++ b/BitKeeper/etc/gone @@ -316,3 +316,4 @@ sasha@work.mysql.com|BitKeeper/etc/logging_ok|20001214015456|29919|32b6551b8288c serg@serg.mysql.com|mysql-test/r/3.23/mrg000001.dummy.result|20001206231604|05053|bf7e6d609f22b897 serg@serg.mysql.com|mysql-test/r/3.23/mrg000001.result|20001206231609|46662|db2ef2e717ab8332 mwagner@evoq.home.mwagner.org|mysql-test/chew_on_this/select.res|20001014084759|41327|1295456b9394876 +mwagner@evoq.home.mwagner.org|mysql-test/chew_on_this/select.res|20001014084759|41327|1295456b93948768 diff --git a/Docs/manual.texi b/Docs/manual.texi index 541ce715d54..9f028b6fccd 100644 --- a/Docs/manual.texi +++ b/Docs/manual.texi @@ -347,6 +347,7 @@ The MySQL Access Privilege System * General security:: General security * Security:: How to make @strong{MySQL} secure against crackers +* Privileges options:: * What Privileges:: What the privilege system does * User names:: @strong{MySQL} user names and passwords * Connecting:: Connecting to the @strong{MySQL} server @@ -615,7 +616,7 @@ MySQL Utilites * mysql:: The command line tool * mysqladmin:: Administering a @strong{MySQL} server * mysqldump:: Dumping the structure and data from @strong{MySQL} databases and tables -* mysqlhotcopy:: Copying @code{MySQL} Databases and Tables +* mysqlhotcopy:: Copying @strong{MySQL} Databases and Tables * mysqlimport:: Importing data from text files * perror:: Displaying error messages * mysqlshow:: Showing databases, tables and columns @@ -2030,25 +2031,25 @@ Big changes made in @strong{MySQL} Version 3.22.12. @item @strong{MyODBC} (uses ODBC SDK 2.5) --- Gamma It seems to work well with some programs. -@item Replication -- Alpha / Beta +@item Replication -- Beta / Gamma We are still working on replication, so don't expect this to be rock solid yet. On the other hand, some @strong{MySQL} users are already using this with good results. -@item BDB Tables -- Alpha / Beta +@item BDB Tables -- Beta The Berkeley DB code is very stable, but we are still improving the interface between @strong{MySQL} and BDB tables, so it will take some time before this is as tested as the other table types. -@item Automatic recovery of MyISAM tables - Alpha. +@item Automatic recovery of MyISAM tables - Beta. This only affects the new code that checks if the table was closed properly on open and executes an automatic check/repair of the table if it wasn't. -@item MERGE tables -- Alpha / Beta +@item MERGE tables -- Beta / Gamma The usage of keys on @code{MERGE} tables is still not that tested. The other part of the @code{MERGE} code is quite well tested. -@item FULLTEXT -- Alpha / Beta +@item FULLTEXT -- Beta Text search seams to work, but is still not widely used. @end table @@ -8178,6 +8179,7 @@ On NT you can get the following service error messages: @multitable @columnfractions .3 .7 @item Permission Denied @tab Means that it cannot find @code{mysqld-nt.exe}. @item Cannot Register @tab Means that the path is incorrect. +@item Failed to install service. @tab Means that the service is already installed or that the Service Control Manager is in bad state. @end multitable If you have problems installing @code{mysqld-nt} as a service, try starting @@ -10901,6 +10903,7 @@ system. This section describes how it works. @menu * General security:: General security * Security:: How to make @strong{MySQL} secure against crackers +* Privileges options:: * What Privileges:: What the privilege system does * User names:: @strong{MySQL} user names and passwords * Connecting:: Connecting to the @strong{MySQL} server @@ -11087,7 +11090,7 @@ actually mean that it is encrypted. If you need high security, you should consult with a security expert. @end itemize -@node Security, What Privileges, General security, Privilege system +@node Security, Privileges options, General security, Privilege system @section How to Make MySQL Secure Against Crackers @cindex crackers, security against @cindex security, against crackers @@ -11190,6 +11193,9 @@ careful about creating grant table entries using hostname values that contain wild cards! @end itemize +@node Privileges options, What Privileges, Security, Privilege system +@section Startup options to mysqld which concerns security + The following @code{mysqld} options affect networking security: @table @code @@ -11218,15 +11224,22 @@ Don't allow TCP/IP connections over the network. All connections to @code{mysqld} must be made via Unix sockets. This option is unsuitable for systems that use MIT-pthreads, because the MIT-pthreads package doesn't support Unix sockets. + +@item --skip-show-database +@code{SHOW DATABASE} command doesn't return anything. + +@item --safe-show-database +@code{SHOW DATABASE} only returns databases for which the user have +some kind of privilege. + @end table -@node What Privileges, User names, Security, Privilege system +@node What Privileges, User names, Privileges options, Privilege system @section What the Privilege System Does @cindex system, privilege @cindex privilege system @cindex passwords, security - The primary function of the @strong{MySQL} privilege system is to authenticate a user connecting from a given host, and to associate that user with privileges on a database such as @@ -22898,6 +22911,8 @@ client. We plan to partly fix this in 4.0. tables. @item Optimize performance. +@item +Change to not use page locks at all when we are scanning tables. @end itemize @node BDB errors, , BDB TODO, BDB @@ -25690,7 +25705,7 @@ connect to the master. @cindex @code{my.cnf} file @cindex files,@code{my.cnf} @node Replication Features, Replication Options, Replication HOWTO, Replication -@section Replication Features +@section Replication Features and known problems Below is an explanation of what is supported and what is not: @@ -25703,7 +25718,16 @@ Replication will be done correctly with @code{AUTO_INCREMENT}, still resides on the master server at the time of update propagation. @code{LOAD LOCAL DATA INFILE} will be skipped. @item -Update queries that use user variables are not replication-safe (yet). +The master and slave is not synchronizing @code{RAND()}. This means +that you should not use @code{RAND()} with any statement that updates a +table. As fixing this will require a change in the protocol, we will +delay fixing this until 4.0. A workaround is using @code{RAND(#)}, where +# is a random integer genearated by your application or by first +executing @code{LAST_INSERT_ID(RAND())} and then using +@code{LAST_INSERT_ID()} in the next statement. +@item +Update queries that use user variables (@code{@@variable}) are not yet +replication-safe. @item Temporary tables starting in 3.23.29 are replicated properly with the exception of the case when you shut down slave server ( not just slave thread), @@ -25718,6 +25742,12 @@ In earlier versions temporary tables are not being replicated properly - we recommend that you either upgrade, or execute @code{SET SQL_LOG_BIN=0} on your clients before all queries with temp tables. @item +@strong{MySQL} only supports one master and many slaves. We will in 4.x +add a voting algorithm to automaticly change master if something goes +wrong with the current master. We will also introduce 'agent' processes +to help doing load balancing by sending select queries to different +slaves. +@item Starting in Version 3.23.26, it is safe to connect servers in a circular master-slave relationship with @code{log-slave-updates} enabled. Note, however, that many queries will not work right in this kind of @@ -25728,9 +25758,10 @@ so that pre-3.23.26 slaves will not be able to read it. @item If the query on the slave gets an error, the slave thread will terminate, and a message will appear in the @code{.err} file. You should -then connect to the slave manually, fix the cause of the error -(for example, non-existent table), and then run @code{SLAVE START} sql command (available starting in Version 3.23.16). In Version 3.23.15, you will have -to restart the server. +then connect to the slave manually, fix the cause of the error (for +example, non-existent table), and then run @code{SLAVE START} sql +command (available starting in Version 3.23.16). In Version 3.23.15, you +will have to restart the server. @item If connection to the master is lost, the slave will retry immediately, and then in case of failure every @code{master-connect-retry} (default @@ -28515,6 +28546,7 @@ Most of the options to @code{safe_mysqld} are the same as the options to @table @code @item --basedir=path @item --core-file-size=# +Size of the core file @code{mysqld} should be able to create. Passed to @code{ulimit -c}. @item --datadir=path @item --defaults-extra-file=path @item --defaults-file=path @@ -28525,10 +28557,8 @@ Path to @code{mysqld} @item --mysqld=mysqld-version Name of the mysqld version in the @code{ledir} directory you want to start. @item --no-defaults -@item --open-files=# -Number of files @code{mysqld} should be able to open. Passed to @code{ulimit -n}. -@item --open-files=# -Size of the core file @code{mysqld} should be able to create. Passed to @code{ulimit -c}. +@item --open-files-limit=# +Number of files @code{mysqld} should be able to open. Passed to @code{ulimit -n}. Not that you need to start @code{safe_mysqld} as root for this to work properly! @item --pid-file=path @item --port=# @item --socket=path @@ -33494,9 +33524,12 @@ number 256 to affect the number of file descriptors available to @code{ulimit} (and @code{open-files-limit}) can increase the number of file descriptors, but only up to the limit imposed by the operating -system. If you need to increase the OS limit on the number of file -descriptors available to each process, consult the documentation for -your operating system. +system. There is also a 'hard' limit that can only be overrided if you +start @code{safe_mysqld} or @code{mysqld} as root (Just remember that +you need to also use the @code{--user=..} option in this case). If you +need to increase the OS limit on the number of file descriptors +available to each process, consult the documentation for your operating +system. Note that if you run the @code{tcsh} shell, @code{ulimit} will not work! @code{tcsh} will also report incorrect values when you ask for the current @@ -39376,8 +39409,8 @@ An open source client for exploring databases and executing SQL. Supports A query tool for @strong{MySQL} and PostgreSQL. @item @uref{http://dbman.linux.cz/,dbMan} A query tool written in Perl. Uses DBI and Tk. -@item @uref{http://www.mysql.com/Downloads/Win32/Msc18.exe, Mascon 2000.1.8} -@item @uref{http://www.mysql.com/Downloads/Win32/FrMsc18.exe, Free Mascon 2000.1.8} +@item @uref{http://www.mysql.com/Downloads/Win32/Msc110.exe, Mascon 2000.1.10.48} +@item @uref{http://www.mysql.com/Downloads/Win32/FrMsc110.exe, Free Mascon 2000.1.10.48} Mascon is a powerful Win32 GUI for the administering MySQL server databases. Mascon's features include visual table design, connections to multiple servers, data and blob editing of tables, security setting, SQL @@ -40248,6 +40281,9 @@ Our TODO section contains what we plan to have in 4.0. @xref{TODO MySQL 4.0}. @itemize @bullet @item Added @code{ORDER BY} syntax to @code{UPDATE} and @code{DELETE}. +@item +Added @code{SELECT .. WITH UPDATE} and @code{SELECT ... IN SHARE MODE} to +get more locking options. @end itemize @node News-3.23.x, News-3.22.x, News-4.0.x, News @@ -40305,6 +40341,14 @@ though, so Version 3.23 is not released as a stable version yet. @appendixsubsec Changes in release 3.23.31 @itemize @bullet @item +Fixed security bug in something (please upgrade if you are using a earlier +MySQL 3.23 version). +@item +Fixed buffer overflow bug when writing a certain error message. +@item +Added usage of @code{getrlimit()} on Linux to get @code{-O --open-files-limit=#} +to work on Linux. +@item Fixed bug when using expression of type @code{SELECT ... FROM t1 left join t2 on (t1.a=t2.a) WHERE t1.a=t2.a}. In this case the test in the @code{WHERE} clause was wrongly optimized away. @@ -45121,8 +45165,7 @@ The @code{mysqld} will support all standard @strong{MySQL} features and one can use it in a threaded client to run different queries in each thread. @item -@code{SHOW DATABASES} should only show the database which you have some kind -of access privilege to. +Replication should work with @code{RAND()}. @item Online backup with very low performance penalty. The online backup will make it easy to add a new replication slave without taking down the diff --git a/sql/ha_berkeley.cc b/sql/ha_berkeley.cc index 0cf789056c9..1732f77cd0a 100644 --- a/sql/ha_berkeley.cc +++ b/sql/ha_berkeley.cc @@ -119,6 +119,8 @@ bool berkeley_init(void) berkeley_tmpdir=mysql_tmpdir; if (!berkeley_home) berkeley_home=mysql_real_data_home; + DBUG_PRINT("bdb",("berkeley_home: %s",mysql_real_data_home)); + /* If we don't set set_lg_bsize() we will get into trouble when trying to use many open BDB tables. @@ -1675,6 +1677,34 @@ int ha_berkeley::external_lock(THD *thd, int lock_type) DBUG_RETURN(error); } +/* + The idea with handler::store_lock() is the following: + + The statement decided which locks we should need for the table + for updates/deletes/inserts we get WRITE locks, for SELECT... we get + read locks. + + Before adding the lock into the table lock handler (see thr_lock.c) + mysqld calls store lock with the requested locks. Store lock can now + modify a write lock to a read lock (or some other lock), ignore the + lock (if we don't want to use MySQL table locks at all) or add locks + for many tables (like we do when we are using a MERGE handler). + + Berkeley DB changes all WRITE locks to TL_WRITE_ALLOW_WRITE (which + signals that we are doing WRITES, but we are still allowing other + reader's and writer's. + + When releasing locks, store_lock() are also called. In this case one + usually doesn't have to do anything. + + In some exceptional cases MySQL may send a request for a TL_IGNORE; + This means that we are requesting the same lock as last time and this + should also be ignored. (This may happen when someone does a flush + table when we have opened a part of the tables, in which case mysqld + closes and reopens the tables and tries to get the same locks at last + time). In the future we will probably try to remove this. +*/ + THR_LOCK_DATA **ha_berkeley::store_lock(THD *thd, THR_LOCK_DATA **to, enum thr_lock_type lock_type) diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 4d9b7982f48..3d2c850ee36 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -119,7 +119,7 @@ inline void reset_floating_point_exceptions() #else #include <my_pthread.h> // For thr_setconcurency() #endif -#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) && !defined(__linux__) && !defined(HAVE_mit_thread) +#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) && !defined(HAVE_mit_thread) #define SET_RLIMIT_NOFILE #endif diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 74e8dccd4d7..8425fb2d75a 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -1610,7 +1610,7 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables) char buff[NAME_LEN*2+1]; if (db) { - strxmov(buff,db,".",table_name,NullS); + strxnmov(buff,sizeof(buff)-1,db,".",table_name,NullS); table_name=buff; } my_printf_error(ER_UNKNOWN_TABLE,ER(ER_UNKNOWN_TABLE),MYF(0),table_name, diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index c1c27ec3192..1d41ae6230a 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1784,8 +1784,8 @@ mysql_execute_command(void) break; case SQLCOM_SHOW_GRANTS: res=0; - if ((thd->user && !strcmp(thd->user,lex->grant_user->user.str)) || - !(check_access(thd, SELECT_ACL, "mysql"))) + if ((thd->priv_user && !strcmp(thd->priv_user,lex->grant_user->user.str)) || + !check_access(thd, SELECT_ACL, "mysql",0,1)) { res = mysql_show_grants(thd,lex->grant_user); } @@ -1854,7 +1854,7 @@ error: bool check_access(THD *thd,uint want_access,const char *db, uint *save_priv, - bool no_grant) + bool dont_check_global_grants) { uint db_access,dummy; if (save_priv) @@ -1862,7 +1862,7 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv, else save_priv= &dummy; - if (!db && !thd->db && !no_grant) + if (!db && !thd->db && !dont_check_global_grants) { send_error(&thd->net,ER_NO_DB_ERROR); /* purecov: tested */ return TRUE; /* purecov: tested */ @@ -1874,7 +1874,7 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv, return FALSE; } if ((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL) || - ! db && no_grant) + ! db && dont_check_global_grants) { // We can never grant this net_printf(&thd->net,ER_ACCESS_DENIED_ERROR, thd->priv_user, @@ -1892,8 +1892,11 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv, db_access=thd->db_access; want_access &= ~EXTRA_ACL; // Remove SHOW attribute db_access= ((*save_priv=(db_access | thd->master_access)) & want_access); + + /* grant_option is set if there exists a single table or column grant */ if (db_access == want_access || - ((grant_option && !no_grant) && !(want_access & ~TABLE_ACLS))) + ((grant_option && !dont_check_global_grants) && + !(want_access & ~TABLE_ACLS))) return FALSE; /* Ok */ net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR, thd->priv_user, |