diff options
Diffstat (limited to 'plugin')
-rw-r--r-- | plugin/auth_ed25519/server_ed25519.c | 47 | ||||
-rw-r--r-- | plugin/auth_examples/dialog_examples.c | 6 | ||||
-rw-r--r-- | plugin/auth_examples/qa_auth_interface.c | 3 | ||||
-rw-r--r-- | plugin/auth_examples/qa_auth_server.c | 3 | ||||
-rw-r--r-- | plugin/auth_examples/test_plugin.c | 6 | ||||
-rw-r--r-- | plugin/auth_pam/CMakeLists.txt | 11 | ||||
-rw-r--r-- | plugin/auth_pam/auth_pam.c | 287 | ||||
-rw-r--r-- | plugin/auth_pam/auth_pam_base.c | 179 | ||||
-rw-r--r-- | plugin/auth_pam/auth_pam_common.c | 51 | ||||
-rw-r--r-- | plugin/auth_pam/auth_pam_tool.c | 121 | ||||
-rw-r--r-- | plugin/auth_pam/auth_pam_tool.h | 81 | ||||
-rw-r--r-- | plugin/auth_pam/auth_pam_v1.c | 71 | ||||
-rw-r--r-- | plugin/auth_pam/testing/pam_mariadb_mtr.c | 10 | ||||
-rw-r--r-- | plugin/auth_socket/auth_socket.c | 3 | ||||
-rw-r--r-- | plugin/aws_key_management/CMakeLists.txt | 8 | ||||
-rw-r--r-- | plugin/aws_key_management/aws_key_management_plugin.cc | 28 | ||||
-rw-r--r-- | plugin/cracklib_password_check/cracklib_password_check.c | 3 | ||||
-rw-r--r-- | plugin/feedback/sender_thread.cc | 3 | ||||
-rw-r--r-- | plugin/server_audit/server_audit.c | 10 | ||||
-rw-r--r-- | plugin/simple_password_check/simple_password_check.c | 4 |
20 files changed, 736 insertions, 199 deletions
diff --git a/plugin/auth_ed25519/server_ed25519.c b/plugin/auth_ed25519/server_ed25519.c index 23b4e7389c7..06c25558653 100644 --- a/plugin/auth_ed25519/server_ed25519.c +++ b/plugin/auth_ed25519/server_ed25519.c @@ -36,16 +36,6 @@ static int auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) int pkt_len; unsigned long nonce[CRYPTO_LONGS + NONCE_LONGS]; unsigned char *pkt, *reply= (unsigned char*)nonce; - unsigned char pk[PASSWORD_LEN_BUF/4*3]; - char pw[PASSWORD_LEN_BUF]; - - /* prepare the pk */ - if (info->auth_string_length != PASSWORD_LEN) - return CR_AUTH_USER_CREDENTIALS; - memcpy(pw, info->auth_string, PASSWORD_LEN); - pw[PASSWORD_LEN]= '='; - if (my_base64_decode(pw, PASSWORD_LEN_BUF, pk, NULL, 0) != CRYPTO_PUBLICKEYBYTES) - return CR_AUTH_USER_CREDENTIALS; info->password_used= PASSWORD_USED_YES; @@ -62,17 +52,46 @@ static int auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) return CR_AUTH_HANDSHAKE; memcpy(reply, pkt, CRYPTO_BYTES); - if (crypto_sign_open(reply, CRYPTO_BYTES + NONCE_BYTES, pk)) + if (crypto_sign_open(reply, CRYPTO_BYTES + NONCE_BYTES, + (unsigned char*)info->auth_string)) return CR_ERROR; return CR_OK; } +static int compute_password_digest(const char *pw, size_t pwlen, + char *d, size_t *dlen) +{ + unsigned char pk[CRYPTO_PUBLICKEYBYTES]; + if (*dlen < PASSWORD_LEN || pwlen == 0) + return 1; + *dlen= PASSWORD_LEN; + crypto_sign_keypair(pk, (unsigned char*)pw, pwlen); + my_base64_encode(pk, CRYPTO_PUBLICKEYBYTES, d); + return 0; +} + +static int digest_to_binary(const char *d, size_t dlen, + unsigned char *b, size_t *blen) +{ + char pw[PASSWORD_LEN_BUF]; + + if (*blen < CRYPTO_PUBLICKEYBYTES || dlen != PASSWORD_LEN) + return 1; + + *blen= CRYPTO_PUBLICKEYBYTES; + memcpy(pw, d, PASSWORD_LEN); + pw[PASSWORD_LEN]= '='; + return my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) != CRYPTO_PUBLICKEYBYTES; +} + static struct st_mysql_auth info = { MYSQL_AUTHENTICATION_INTERFACE_VERSION, "client_ed25519", - auth + auth, + compute_password_digest, + digest_to_binary }; static int init(void *p __attribute__((unused))) @@ -97,10 +116,10 @@ maria_declare_plugin(ed25519) PLUGIN_LICENSE_GPL, init, deinit, - 0x0100, + 0x0101, NULL, NULL, - "1.0", + "1.1", MariaDB_PLUGIN_MATURITY_STABLE } maria_declare_plugin_end; diff --git a/plugin/auth_examples/dialog_examples.c b/plugin/auth_examples/dialog_examples.c index 067244d6f7d..1c96c8d7faf 100644 --- a/plugin/auth_examples/dialog_examples.c +++ b/plugin/auth_examples/dialog_examples.c @@ -81,7 +81,8 @@ static struct st_mysql_auth two_handler= { MYSQL_AUTHENTICATION_INTERFACE_VERSION, "dialog", /* requires dialog client plugin */ - two_questions + two_questions, + NULL, NULL /* no PASSWORD() */ }; /* dialog demo where the number of questions is not known in advance */ @@ -118,7 +119,8 @@ static struct st_mysql_auth three_handler= { MYSQL_AUTHENTICATION_INTERFACE_VERSION, "dialog", /* requires dialog client plugin */ - three_attempts + three_attempts, + NULL, NULL /* no PASSWORD() */ }; mysql_declare_plugin(dialog) diff --git a/plugin/auth_examples/qa_auth_interface.c b/plugin/auth_examples/qa_auth_interface.c index 08ddbf7f30a..70050cf0d91 100644 --- a/plugin/auth_examples/qa_auth_interface.c +++ b/plugin/auth_examples/qa_auth_interface.c @@ -136,7 +136,8 @@ static struct st_mysql_auth qa_auth_test_handler= { MYSQL_AUTHENTICATION_INTERFACE_VERSION, "qa_auth_interface", /* requires test_plugin client's plugin */ - qa_auth_interface + qa_auth_interface, + NULL, NULL /* no PASSWORD() */ }; mysql_declare_plugin(test_plugin) diff --git a/plugin/auth_examples/qa_auth_server.c b/plugin/auth_examples/qa_auth_server.c index 59b926b63dc..0ed16b692cf 100644 --- a/plugin/auth_examples/qa_auth_server.c +++ b/plugin/auth_examples/qa_auth_server.c @@ -56,7 +56,8 @@ static struct st_mysql_auth qa_auth_test_handler= { MYSQL_AUTHENTICATION_INTERFACE_VERSION, "qa_auth_interface", /* requires test_plugin client's plugin */ - qa_auth_interface + qa_auth_interface, + NULL, NULL /* no PASSWORD() */ }; mysql_declare_plugin(test_plugin) diff --git a/plugin/auth_examples/test_plugin.c b/plugin/auth_examples/test_plugin.c index 8cc17894be4..e2d79d753f4 100644 --- a/plugin/auth_examples/test_plugin.c +++ b/plugin/auth_examples/test_plugin.c @@ -69,7 +69,8 @@ static struct st_mysql_auth auth_test_handler= { MYSQL_AUTHENTICATION_INTERFACE_VERSION, "auth_test_plugin", /* requires test_plugin client's plugin */ - auth_test_plugin + auth_test_plugin, + NULL, NULL /* no PASSWORD() */ }; /** @@ -99,7 +100,8 @@ static struct st_mysql_auth auth_cleartext_handler= { MYSQL_AUTHENTICATION_INTERFACE_VERSION, "mysql_clear_password", /* requires the clear text plugin */ - auth_cleartext_plugin + auth_cleartext_plugin, + NULL, NULL /* no PASSWORD() */ }; mysql_declare_plugin(test_plugin) diff --git a/plugin/auth_pam/CMakeLists.txt b/plugin/auth_pam/CMakeLists.txt index 51317527c77..fbf0979cd1e 100644 --- a/plugin/auth_pam/CMakeLists.txt +++ b/plugin/auth_pam/CMakeLists.txt @@ -8,6 +8,15 @@ IF(HAVE_PAM_APPL_H) IF(HAVE_STRNDUP) ADD_DEFINITIONS(-DHAVE_STRNDUP) ENDIF(HAVE_STRNDUP) - MYSQL_ADD_PLUGIN(auth_pam auth_pam.c LINK_LIBRARIES pam MODULE_ONLY) + ADD_DEFINITIONS(-D_GNU_SOURCE) + MYSQL_ADD_PLUGIN(auth_pam_v1 auth_pam_v1.c LINK_LIBRARIES pam MODULE_ONLY) + MYSQL_ADD_PLUGIN(auth_pam auth_pam.c LINK_LIBRARIES pam dl MODULE_ONLY) + MYSQL_ADD_EXECUTABLE(auth_pam_tool auth_pam_tool.c DESTINATION ${INSTALL_PLUGINDIR}/auth_pam_tool_dir COMPONENT Server) + TARGET_LINK_LIBRARIES(auth_pam_tool pam) + INSTALL(CODE "EXECUTE_PROCESS( + COMMAND chmod u=rwx,g=,o= auth_pam_tool_dir + COMMAND chmod u=rwxs,g=rx,o=rx auth_pam_tool_dir/auth_pam_tool + WORKING_DIRECTORY \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${INSTALL_PLUGINDIR}/)" + COMPONENT Server) ENDIF(HAVE_PAM_APPL_H) diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c index ffc3d6f5537..1ffc3285a3d 100644 --- a/plugin/auth_pam/auth_pam.c +++ b/plugin/auth_pam/auth_pam.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2011, 2012, Monty Program Ab + Copyright (c) 2011, 2018 MariaDB Corporation This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -14,36 +14,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ -#define _GNU_SOURCE 1 /* for strndup */ -#include <mysql/plugin_auth.h> -#include <stdio.h> +#include <unistd.h> #include <string.h> -#include <security/pam_appl.h> -#include <security/pam_modules.h> - -struct param { - unsigned char buf[10240], *ptr; - MYSQL_PLUGIN_VIO *vio; -}; - -/* It least solaris doesn't have strndup */ - -#ifndef HAVE_STRNDUP -char *strndup(const char *from, size_t length) -{ - char *ptr; - size_t max_length= strlen(from); - if (length > max_length) - length= max_length; - if ((ptr= (char*) malloc(length+1)) != 0) - { - memcpy((char*) ptr, (char*) from, length); - ptr[length]=0; - } - return ptr; -} -#endif +#include <mysql/plugin_auth.h> +#include "auth_pam_tool.h" +#include <my_global.h> #ifndef DBUG_OFF static char pam_debug = 0; @@ -52,158 +28,163 @@ static char pam_debug = 0; #define PAM_DEBUG(X) /* no-op */ #endif -static int conv(int n, const struct pam_message **msg, - struct pam_response **resp, void *data) +static char *opt_plugin_dir; /* To be dynamically linked. */ +static const char *tool_name= "auth_pam_tool_dir/auth_pam_tool"; +static const int tool_name_len= 31; + +static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) { - struct param *param = (struct param *)data; - unsigned char *end = param->buf + sizeof(param->buf) - 1; - int i; + int p_to_c[2], c_to_p[2]; /* Parent-to-child and child-to-parent pipes. */ + pid_t proc_id; + int result= CR_ERROR; + unsigned char field; - *resp = 0; + PAM_DEBUG((stderr, "PAM: opening pipes.\n")); + if (pipe(p_to_c) < 0 || pipe(c_to_p) < 0) + { + /* Error creating pipes. */ + return CR_ERROR; + } + PAM_DEBUG((stderr, "PAM: forking.\n")); + if ((proc_id= fork()) < 0) + { + /* Error forking. */ + close(p_to_c[0]); + close(c_to_p[1]); + goto error_ret; + } - for (i = 0; i < n; i++) + if (proc_id == 0) { - /* if there's a message - append it to the buffer */ - if (msg[i]->msg) + /* The 'sandbox' process started. */ + char toolpath[FN_REFLEN]; + size_t plugin_dir_len= strlen(opt_plugin_dir); + + PAM_DEBUG((stderr, "PAM: Child process prepares pipes.\n")); + + if (close(p_to_c[1]) < 0 || + close(c_to_p[0]) < 0 || + dup2(p_to_c[0], 0) < 0 || /* Parent's pipe to STDIN. */ + dup2(c_to_p[1], 1) < 0) /* Sandbox's pipe to STDOUT. */ { - int len = strlen(msg[i]->msg); - if (len > end - param->ptr) - len = end - param->ptr; - if (len > 0) - { - memcpy(param->ptr, msg[i]->msg, len); - param->ptr+= len; - *(param->ptr)++ = '\n'; - } + exit(-1); } - /* if the message style is *_PROMPT_*, meaning PAM asks a question, - send the accumulated text to the client, read the reply */ - if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF || - msg[i]->msg_style == PAM_PROMPT_ECHO_ON) + + PAM_DEBUG((stderr, "PAM: check tool directory: %s, %s.\n", + opt_plugin_dir, tool_name)); + if (plugin_dir_len + tool_name_len + 2 > sizeof(toolpath)) { - int pkt_len; - unsigned char *pkt; + /* Tool path too long. */ + exit(-1); + } - /* allocate the response array. - freeing it is the responsibility of the caller */ - if (*resp == 0) - { - *resp = calloc(sizeof(struct pam_response), n); - if (*resp == 0) - return PAM_BUF_ERR; - } + memcpy(toolpath, opt_plugin_dir, plugin_dir_len); + if (plugin_dir_len && toolpath[plugin_dir_len-1] != FN_LIBCHAR) + toolpath[plugin_dir_len++]= FN_LIBCHAR; + memcpy(toolpath+plugin_dir_len, tool_name, tool_name_len+1); - /* dialog plugin interprets the first byte of the packet - as the magic number. - 2 means "read the input with the echo enabled" - 4 means "password-like input, echo disabled" - C'est la vie. */ - param->buf[0] = msg[i]->msg_style == PAM_PROMPT_ECHO_ON ? 2 : 4; - PAM_DEBUG((stderr, "PAM: conv: send(%.*s)\n", (int)(param->ptr - param->buf - 1), param->buf)); - if (param->vio->write_packet(param->vio, param->buf, param->ptr - param->buf - 1)) - return PAM_CONV_ERR; - - pkt_len = param->vio->read_packet(param->vio, &pkt); - if (pkt_len < 0) - { - PAM_DEBUG((stderr, "PAM: conv: recv() ERROR\n")); - return PAM_CONV_ERR; - } - PAM_DEBUG((stderr, "PAM: conv: recv(%.*s)\n", pkt_len, pkt)); - /* allocate and copy the reply to the response array */ - if (!((*resp)[i].resp= strndup((char*) pkt, pkt_len))) - return PAM_CONV_ERR; - param->ptr = param->buf + 1; - } + PAM_DEBUG((stderr, "PAM: execute pam sandbox [%s].\n", toolpath)); + (void) execl(toolpath, toolpath, NULL); + PAM_DEBUG((stderr, "PAM: exec() failed.\n")); + exit(-1); } - return PAM_SUCCESS; -} -#define DO(X) if ((status = (X)) != PAM_SUCCESS) goto end + /* Parent process continues. */ -#if defined(SOLARIS) || defined(__sun) -typedef void** pam_get_item_3_arg; -#else -typedef const void** pam_get_item_3_arg; -#endif + PAM_DEBUG((stderr, "PAM: parent continues.\n")); + if (close(p_to_c[0]) < 0 || + close(c_to_p[1]) < 0) + goto error_ret; -static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) -{ - pam_handle_t *pamh = NULL; - int status; - const char *new_username= NULL; - struct param param; - /* The following is written in such a way to make also solaris happy */ - struct pam_conv pam_start_arg = { &conv, (char*) ¶m }; - /* - get the service name, as specified in + PAM_DEBUG((stderr, "PAM: parent sends user data [%s], [%s].\n", + info->user_name, info->auth_string)); - CREATE USER ... IDENTIFIED WITH pam AS "service" - */ - const char *service = info->auth_string && info->auth_string[0] - ? info->auth_string : "mysql"; +#ifndef DBUG_OFF + field= pam_debug; +#else + field= 0; +#endif + if (write(p_to_c[1], &field, 1) != 1 || + write_string(p_to_c[1], (const uchar *) info->user_name, + info->user_name_length) || + write_string(p_to_c[1], (const uchar *) info->auth_string, + info->auth_string_length)) + goto error_ret; + + for (;;) + { + PAM_DEBUG((stderr, "PAM: listening to the sandbox.\n")); + if (read(c_to_p[0], &field, 1) < 1) + { + PAM_DEBUG((stderr, "PAM: read failed.\n")); + goto error_ret; + } - param.ptr = param.buf + 1; - param.vio = vio; + if (field == AP_EOF) + { + PAM_DEBUG((stderr, "PAM: auth OK returned.\n")); + break; + } - PAM_DEBUG((stderr, "PAM: pam_start(%s, %s)\n", service, info->user_name)); - DO( pam_start(service, info->user_name, &pam_start_arg, &pamh) ); + switch (field) + { + case AP_AUTHENTICATED_AS: + PAM_DEBUG((stderr, "PAM: reading authenticated_as string.\n")); + if (read_string(c_to_p[0], info->authenticated_as, + sizeof(info->authenticated_as) - 1) < 0) + goto error_ret; + break; + + case AP_CONV: + { + unsigned char buf[10240]; + int buf_len; + unsigned char *pkt; - PAM_DEBUG((stderr, "PAM: pam_authenticate(0)\n")); - DO( pam_authenticate (pamh, 0) ); + PAM_DEBUG((stderr, "PAM: getting CONV string.\n")); + if ((buf_len= read_string(c_to_p[0], (char *) buf, sizeof(buf))) < 0) + goto error_ret; - PAM_DEBUG((stderr, "PAM: pam_acct_mgmt(0)\n")); - DO( pam_acct_mgmt(pamh, 0) ); + PAM_DEBUG((stderr, "PAM: sending CONV string.\n")); + if (vio->write_packet(vio, buf, buf_len)) + goto error_ret; - PAM_DEBUG((stderr, "PAM: pam_get_item(PAM_USER)\n")); - DO( pam_get_item(pamh, PAM_USER, (pam_get_item_3_arg) &new_username) ); + PAM_DEBUG((stderr, "PAM: reading CONV answer.\n")); + if ((buf_len= vio->read_packet(vio, &pkt)) < 0) + goto error_ret; - if (new_username && strcmp(new_username, info->user_name)) - strncpy(info->authenticated_as, new_username, - sizeof(info->authenticated_as)); - info->authenticated_as[sizeof(info->authenticated_as)-1]= 0; + PAM_DEBUG((stderr, "PAM: answering CONV.\n")); + if (write_string(p_to_c[1], pkt, buf_len)) + goto error_ret; + } + break; -end: - pam_end(pamh, status); - PAM_DEBUG((stderr, "PAM: status = %d user = %s\n", status, info->authenticated_as)); - return status == PAM_SUCCESS ? CR_OK : CR_ERROR; -} + default: + PAM_DEBUG((stderr, "PAM: unknown sandbox field.\n")); + goto error_ret; + } + } + result= CR_OK; -static struct st_mysql_auth info = -{ - MYSQL_AUTHENTICATION_INTERFACE_VERSION, - "dialog", - pam_auth -}; - -static char use_cleartext_plugin; -static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin, - PLUGIN_VAR_NOCMDARG | PLUGIN_VAR_READONLY, - "Use mysql_cleartext_plugin on the client side instead of the dialog " - "plugin. This may be needed for compatibility reasons, but it only " - "supports simple PAM policies that don't require anything besides " - "a password", NULL, NULL, 0); +error_ret: + close(p_to_c[1]); + close(c_to_p[0]); -#ifndef DBUG_OFF -static MYSQL_SYSVAR_BOOL(debug, pam_debug, PLUGIN_VAR_OPCMDARG, - "Log all PAM activity", NULL, NULL, 0); -#endif + PAM_DEBUG((stderr, "PAM: auth result %d.\n", result)); + return result; +} -static struct st_mysql_sys_var* vars[] = { - MYSQL_SYSVAR(use_cleartext_plugin), -#ifndef DBUG_OFF - MYSQL_SYSVAR(debug), -#endif - NULL -}; +#include "auth_pam_common.c" static int init(void *p __attribute__((unused))) { if (use_cleartext_plugin) info.client_auth_plugin= "mysql_clear_password"; + if (!(opt_plugin_dir= dlsym(RTLD_DEFAULT, "opt_plugin_dir"))) + return 1; return 0; } @@ -212,15 +193,15 @@ maria_declare_plugin(pam) MYSQL_AUTHENTICATION_PLUGIN, &info, "pam", - "Sergei Golubchik", + "MariaDB Corp", "PAM based authentication", PLUGIN_LICENSE_GPL, init, NULL, - 0x0100, + 0x0200, NULL, vars, - "1.0", - MariaDB_PLUGIN_MATURITY_STABLE + "2.0", + MariaDB_PLUGIN_MATURITY_BETA } maria_declare_plugin_end; diff --git a/plugin/auth_pam/auth_pam_base.c b/plugin/auth_pam/auth_pam_base.c new file mode 100644 index 00000000000..68be0e92b71 --- /dev/null +++ b/plugin/auth_pam/auth_pam_base.c @@ -0,0 +1,179 @@ +/* + Copyright (c) 2011, 2018 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ + +/* + This file contains code to interact with the PAM module. + To be included into auth_pam_tool.c and auth_pam_v2.c, + + Before the #include these sould be defined: + + struct param { + unsigned char buf[10240], *ptr; + MYSQL_PLUGIN_VIO *vio; + ... other arbitrary fields allowed. + }; + static int write_packet(struct param *param, const unsigned char *buf, + int buf_len) + static int read_packet(struct param *param, unsigned char **pkt) +*/ + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_modules.h> + +/* It least solaris doesn't have strndup */ + +#ifndef HAVE_STRNDUP +char *strndup(const char *from, size_t length) +{ + char *ptr; + size_t max_length= strlen(from); + if (length > max_length) + length= max_length; + if ((ptr= (char*) malloc(length+1)) != 0) + { + memcpy((char*) ptr, (char*) from, length); + ptr[length]=0; + } + return ptr; +} +#endif + +#ifndef DBUG_OFF +static char pam_debug = 0; +#define PAM_DEBUG(X) do { if (pam_debug) { fprintf X; } } while(0) +#else +#define PAM_DEBUG(X) /* no-op */ +#endif + +static int conv(int n, const struct pam_message **msg, + struct pam_response **resp, void *data) +{ + struct param *param = (struct param *)data; + unsigned char *end = param->buf + sizeof(param->buf) - 1; + int i; + + *resp = 0; + + for (i = 0; i < n; i++) + { + /* if there's a message - append it to the buffer */ + if (msg[i]->msg) + { + int len = strlen(msg[i]->msg); + if (len > end - param->ptr) + len = end - param->ptr; + if (len > 0) + { + memcpy(param->ptr, msg[i]->msg, len); + param->ptr+= len; + *(param->ptr)++ = '\n'; + } + } + /* if the message style is *_PROMPT_*, meaning PAM asks a question, + send the accumulated text to the client, read the reply */ + if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF || + msg[i]->msg_style == PAM_PROMPT_ECHO_ON) + { + int pkt_len; + unsigned char *pkt; + + /* allocate the response array. + freeing it is the responsibility of the caller */ + if (*resp == 0) + { + *resp = calloc(sizeof(struct pam_response), n); + if (*resp == 0) + return PAM_BUF_ERR; + } + + /* dialog plugin interprets the first byte of the packet + as the magic number. + 2 means "read the input with the echo enabled" + 4 means "password-like input, echo disabled" + C'est la vie. */ + param->buf[0] = msg[i]->msg_style == PAM_PROMPT_ECHO_ON ? 2 : 4; + PAM_DEBUG((stderr, "PAM: conv: send(%.*s)\n", + (int)(param->ptr - param->buf - 1), param->buf)); + if (write_packet(param, param->buf, param->ptr - param->buf - 1)) + return PAM_CONV_ERR; + + pkt_len = read_packet(param, &pkt); + if (pkt_len < 0) + { + PAM_DEBUG((stderr, "PAM: conv: recv() ERROR\n")); + return PAM_CONV_ERR; + } + PAM_DEBUG((stderr, "PAM: conv: recv(%.*s)\n", pkt_len, pkt)); + /* allocate and copy the reply to the response array */ + if (!((*resp)[i].resp= strndup((char*) pkt, pkt_len))) + return PAM_CONV_ERR; + param->ptr = param->buf + 1; + } + } + return PAM_SUCCESS; +} + +#define DO(X) if ((status = (X)) != PAM_SUCCESS) goto end + +#if defined(SOLARIS) || defined(__sun) +typedef void** pam_get_item_3_arg; +#else +typedef const void** pam_get_item_3_arg; +#endif + +static int pam_auth_base(struct param *param, MYSQL_SERVER_AUTH_INFO *info) +{ + pam_handle_t *pamh = NULL; + int status; + const char *new_username= NULL; + /* The following is written in such a way to make also solaris happy */ + struct pam_conv pam_start_arg = { &conv, (char*) param }; + + /* + get the service name, as specified in + + CREATE USER ... IDENTIFIED WITH pam AS "service" + */ + const char *service = info->auth_string && info->auth_string[0] + ? info->auth_string : "mysql"; + + param->ptr = param->buf + 1; + + PAM_DEBUG((stderr, "PAM: pam_start(%s, %s)\n", service, info->user_name)); + DO( pam_start(service, info->user_name, &pam_start_arg, &pamh) ); + + PAM_DEBUG((stderr, "PAM: pam_authenticate(0)\n")); + DO( pam_authenticate (pamh, 0) ); + + PAM_DEBUG((stderr, "PAM: pam_acct_mgmt(0)\n")); + DO( pam_acct_mgmt(pamh, 0) ); + + PAM_DEBUG((stderr, "PAM: pam_get_item(PAM_USER)\n")); + DO( pam_get_item(pamh, PAM_USER, (pam_get_item_3_arg) &new_username) ); + + if (new_username && strcmp(new_username, info->user_name)) + strncpy(info->authenticated_as, new_username, + sizeof(info->authenticated_as)); + info->authenticated_as[sizeof(info->authenticated_as)-1]= 0; + +end: + pam_end(pamh, status); + PAM_DEBUG((stderr, "PAM: status = %d user = %s\n", status, info->authenticated_as)); + return status == PAM_SUCCESS ? CR_OK : CR_ERROR; +} + diff --git a/plugin/auth_pam/auth_pam_common.c b/plugin/auth_pam/auth_pam_common.c new file mode 100644 index 00000000000..135feb611a6 --- /dev/null +++ b/plugin/auth_pam/auth_pam_common.c @@ -0,0 +1,51 @@ +/* + Copyright (c) 2011, 2018 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ + +/* + In this file we gather the plugin interface definitions + that are same in all the PAM plugin versions. + To be included into auth_pam.c and auth_pam_v1.c. +*/ + +static struct st_mysql_auth info = +{ + MYSQL_AUTHENTICATION_INTERFACE_VERSION, + "dialog", + pam_auth, + NULL, NULL /* no PASSWORD() */ +}; + +static char use_cleartext_plugin; +static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin, + PLUGIN_VAR_NOCMDARG | PLUGIN_VAR_READONLY, + "Use mysql_cleartext_plugin on the client side instead of the dialog " + "plugin. This may be needed for compatibility reasons, but it only " + "supports simple PAM policies that don't require anything besides " + "a password", NULL, NULL, 0); + +#ifndef DBUG_OFF +static MYSQL_SYSVAR_BOOL(debug, pam_debug, PLUGIN_VAR_OPCMDARG, + "Log all PAM activity", NULL, NULL, 0); +#endif + + +static struct st_mysql_sys_var* vars[] = { + MYSQL_SYSVAR(use_cleartext_plugin), +#ifndef DBUG_OFF + MYSQL_SYSVAR(debug), +#endif + NULL +}; diff --git a/plugin/auth_pam/auth_pam_tool.c b/plugin/auth_pam/auth_pam_tool.c new file mode 100644 index 00000000000..3f7015952a0 --- /dev/null +++ b/plugin/auth_pam/auth_pam_tool.c @@ -0,0 +1,121 @@ +/* + Copyright (c) 2011, 2018 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ + +#include <stdlib.h> +#include <unistd.h> +#include <mysql/plugin_auth_common.h> + +struct param { + unsigned char buf[10240], *ptr; +}; + + +#include "auth_pam_tool.h" + + +static int write_packet(struct param *param __attribute__((unused)), + const unsigned char *buf, int buf_len) +{ + unsigned char b= AP_CONV; + return write(1, &b, 1) < 1 || + write_string(1, buf, buf_len); +} + + +static int read_packet(struct param *param, unsigned char **pkt) +{ + *pkt= (unsigned char *) param->buf; + return read_string(0, (char *) param->buf, (int) sizeof(param->buf)) - 1; +} + + +typedef struct st_mysql_server_auth_info +{ + /** + User name as sent by the client and shown in USER(). + NULL if the client packet with the user name was not received yet. + */ + char *user_name; + + /** + A corresponding column value from the mysql.user table for the + matching account name + */ + char *auth_string; + + /** + Matching account name as found in the mysql.user table. + A plugin can override it with another name that will be + used by MySQL for authorization, and shown in CURRENT_USER() + */ + char authenticated_as[MYSQL_USERNAME_LENGTH+1]; +} MYSQL_SERVER_AUTH_INFO; + + +#include "auth_pam_base.c" + + +int main(int argc, char **argv) +{ + struct param param; + MYSQL_SERVER_AUTH_INFO info; + unsigned char field; + int res; + char a_buf[MYSQL_USERNAME_LENGTH + 1 + 1024]; + + if (read(0, &field, 1) < 1) + return -1; +#ifndef DBUG_OFF + pam_debug= field; +#endif + + PAM_DEBUG((stderr, "PAM: sandbox started [%s].\n", argv[0])); + + info.user_name= a_buf; + if ((res= read_string(0, info.user_name, sizeof(a_buf))) < 0) + return -1; + PAM_DEBUG((stderr, "PAM: sandbox username [%s].\n", info.user_name)); + + info.auth_string= info.user_name + res + 1; + if (read_string(0, info.auth_string, sizeof(a_buf) - 1 - res) < 0) + return -1; + + PAM_DEBUG((stderr, "PAM: sandbox auth string [%s].\n", info.auth_string)); + + if ((res= pam_auth_base(¶m, &info)) != CR_OK) + { + PAM_DEBUG((stderr, "PAM: auth failed, sandbox closed.\n")); + return -1; + } + + if (info.authenticated_as[0]) + { + PAM_DEBUG((stderr, "PAM: send authenticated_as field.\n")); + field= AP_AUTHENTICATED_AS; + if (write(1, &field, 1) < 1 || + write_string(1, (unsigned char *) info.authenticated_as, + strlen(info.authenticated_as))) + return -1; + } + + PAM_DEBUG((stderr, "PAM: send OK result.\n")); + field= AP_EOF; + if (write(1, &field, 1) != 1) + return -1; + + PAM_DEBUG((stderr, "PAM: sandbox closed.\n")); + return 0; +} diff --git a/plugin/auth_pam/auth_pam_tool.h b/plugin/auth_pam/auth_pam_tool.h new file mode 100644 index 00000000000..60ae016db72 --- /dev/null +++ b/plugin/auth_pam/auth_pam_tool.h @@ -0,0 +1,81 @@ +/* + Copyright (c) 2011, 2018 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ + +/* + This file contains definitions and functions for + the interface between the auth_pam.so (PAM plugin version 2) + and the auth_pam_tool executable. + To be included both in auth_pam.c and auth_pam_tool.c. +*/ + +#define AP_AUTHENTICATED_AS 'A' +#define AP_CONV 'C' +#define AP_EOF 'E' + + +static int read_length(int file) +{ + unsigned char hdr[2]; + + if (read(file, hdr, 2) < 2) + return -1; + + return (((int) hdr[0]) << 8) + (int) hdr[1]; +} + + +static void store_length(int len, unsigned char *p_len) +{ + p_len[0]= (unsigned char) ((len >> 8) & 0xFF); + p_len[1]= (unsigned char) (len & 0xFF); +} + + +/* + Returns the length of the string read, + or -1 on error. +*/ + +static int read_string(int file, char *s, int s_size) +{ + int len; + + len= read_length(file); + + if (len < 0 || len > s_size-1 || + read(file, s, len) < len) + return -1; + + s[len]= 0; + + return len; +} + + +/* + Returns 0 on success. +*/ + +static int write_string(int file, const unsigned char *s, int s_len) +{ + unsigned char hdr[2]; + store_length(s_len, hdr); + return write(file, hdr, 2) < 2 || + write(file, s, s_len) < s_len; +} + + +#define MAX_PAM_SERVICE_NAME 1024 diff --git a/plugin/auth_pam/auth_pam_v1.c b/plugin/auth_pam/auth_pam_v1.c new file mode 100644 index 00000000000..ab352b1492b --- /dev/null +++ b/plugin/auth_pam/auth_pam_v1.c @@ -0,0 +1,71 @@ +/* + Copyright (c) 2011, 2018 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ + +#include <mysql/plugin_auth.h> + +struct param { + unsigned char buf[10240], *ptr; + MYSQL_PLUGIN_VIO *vio; +}; + +static int write_packet(struct param *param, const unsigned char *buf, + int buf_len) +{ + return param->vio->write_packet(param->vio, buf, buf_len); +} + +static int read_packet(struct param *param, unsigned char **pkt) +{ + return param->vio->read_packet(param->vio, pkt); +} + +#include "auth_pam_base.c" + +static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) +{ + struct param param; + param.vio = vio; + return pam_auth_base(¶m, info); +} + + +#include "auth_pam_common.c" + + +static int init(void *p __attribute__((unused))) +{ + if (use_cleartext_plugin) + info.client_auth_plugin= "mysql_clear_password"; + return 0; +} + +maria_declare_plugin(pam) +{ + MYSQL_AUTHENTICATION_PLUGIN, + &info, + "pam", + "Sergei Golubchik", + "PAM based authentication", + PLUGIN_LICENSE_GPL, + init, + NULL, + 0x0100, + NULL, + vars, + "1.0", + MariaDB_PLUGIN_MATURITY_STABLE +} +maria_declare_plugin_end; diff --git a/plugin/auth_pam/testing/pam_mariadb_mtr.c b/plugin/auth_pam/testing/pam_mariadb_mtr.c index 473ec246fe0..44af584d7f0 100644 --- a/plugin/auth_pam/testing/pam_mariadb_mtr.c +++ b/plugin/auth_pam/testing/pam_mariadb_mtr.c @@ -58,7 +58,17 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, if (strlen(r1) == atoi(r2) % 100) retval = PAM_SUCCESS; else + { + /* Produce the crash for testing purposes. */ + if ((strlen(r1) == 16) && + memcmp(r1, "crash pam module", 16) == 0 && + atoi(r2) == 666) + { + r1= 0; + *((struct pam_message *) r1)= msg[0]; + } retval = PAM_AUTH_ERR; + } if (argc > 0 && argv[0]) pam_set_item(pamh, PAM_USER, argv[0]); diff --git a/plugin/auth_socket/auth_socket.c b/plugin/auth_socket/auth_socket.c index f04b1d9d2a1..2fc29e9ba1c 100644 --- a/plugin/auth_socket/auth_socket.c +++ b/plugin/auth_socket/auth_socket.c @@ -102,7 +102,8 @@ static struct st_mysql_auth socket_auth_handler= { MYSQL_AUTHENTICATION_INTERFACE_VERSION, 0, - socket_auth + socket_auth, + NULL, NULL /* no PASSWORD() */ }; maria_declare_plugin(auth_socket) diff --git a/plugin/aws_key_management/CMakeLists.txt b/plugin/aws_key_management/CMakeLists.txt index aa93fc3aa03..4620290000e 100644 --- a/plugin/aws_key_management/CMakeLists.txt +++ b/plugin/aws_key_management/CMakeLists.txt @@ -120,6 +120,12 @@ ELSE() SET(GIT_TAG "1.2.11") ENDIF() + IF(MSVC_CRT_TYPE MATCHES "/MD") + SET(FORCE_SHARED_CRT ON) + ELSE() + SET(FORCE_SHARED_CRT OFF) + ENDIF() + SET(AWS_SDK_PATCH_COMMAND ) ExternalProject_Add( aws_sdk_cpp @@ -131,7 +137,7 @@ ELSE() CMAKE_ARGS -DBUILD_ONLY=kms -DBUILD_SHARED_LIBS=OFF - -DFORCE_SHARED_CRT=OFF + -DFORCE_SHARED_CRT=${FORCE_SHARED_CRT} -DENABLE_TESTING=OFF "-DCMAKE_CXX_FLAGS_DEBUG=${CMAKE_CXX_FLAGS_DEBUG} ${PIC_FLAG}" "-DCMAKE_CXX_FLAGS_RELWITHDEBINFO=${CMAKE_CXX_FLAGS_RELWITHDEBINFO} ${PIC_FLAG}" diff --git a/plugin/aws_key_management/aws_key_management_plugin.cc b/plugin/aws_key_management/aws_key_management_plugin.cc index eb330103291..00a2e5f8778 100644 --- a/plugin/aws_key_management/aws_key_management_plugin.cc +++ b/plugin/aws_key_management/aws_key_management_plugin.cc @@ -110,7 +110,7 @@ static void print_kms_error(const char *func, const Aws::Client::AWSError<Aws::K { my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin : KMS Client API '%s' failed : %s - %s", - ME_ERROR_LOG, + ME_ERROR_LOG_ONLY, func, err.GetExceptionName().c_str(), err.GetMessage().c_str()); } @@ -237,7 +237,7 @@ static int aws_init() client = new KMSClient(clientConfiguration); if (!client) { - my_printf_error(ER_UNKNOWN_ERROR, "Can not initialize KMS client", ME_ERROR_LOG | ME_WARNING); + my_printf_error(ER_UNKNOWN_ERROR, "Can't initialize KMS client", ME_ERROR_LOG_ONLY | ME_WARNING); return -1; } return 0; @@ -339,12 +339,12 @@ static int load_key(KEY_INFO *info) if (!ret) { - my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: loaded key %u, version %u, key length %u bit", ME_ERROR_LOG | ME_NOTE, + my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: loaded key %u, version %u, key length %u bit", ME_ERROR_LOG_ONLY | ME_NOTE, info->key_id, info->key_version,(uint)info->length*8); } else { - my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: key %u, version %u could not be decrypted", ME_ERROR_LOG | ME_WARNING, + my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: key %u, version %u could not be decrypted", ME_ERROR_LOG_ONLY | ME_WARNING, info->key_id, info->key_version); } return ret; @@ -443,13 +443,13 @@ static int read_and_decrypt_key(const char *path, KEY_INFO *info) ifstream ifs(path, ios::binary | ios::ate); if (!ifs.good()) { - my_printf_error(ER_UNKNOWN_ERROR, "can't open file %s", ME_ERROR_LOG, path); + my_printf_error(ER_UNKNOWN_ERROR, "can't open file %s", ME_ERROR_LOG_ONLY, path); return(-1); } size_t pos = (size_t)ifs.tellg(); if (!pos || pos == SIZE_T_MAX) { - my_printf_error(ER_UNKNOWN_ERROR, "invalid key file %s", ME_ERROR_LOG, path); + my_printf_error(ER_UNKNOWN_ERROR, "invalid key file %s", ME_ERROR_LOG_ONLY, path); return(-1); } std::vector<char> contents(pos); @@ -470,7 +470,7 @@ static int read_and_decrypt_key(const char *path, KEY_INFO *info) if (len > sizeof(info->data)) { - my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: encoding key too large for %s", ME_ERROR_LOG, path); + my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: encoding key too large for %s", ME_ERROR_LOG_ONLY, path); return(ENCRYPTION_KEY_BUFFER_TOO_SMALL); } memcpy(info->data, plaintext.GetUnderlyingData(), len); @@ -527,19 +527,19 @@ static int generate_and_save_datakey(uint keyid, uint version) int fd= open(filename, O_WRONLY |O_CREAT|O_BINARY, IF_WIN(_S_IREAD, S_IRUSR| S_IRGRP| S_IROTH)); if (fd < 0) { - my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: Can't create file %s", ME_ERROR_LOG, filename); + my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: Can't create file %s", ME_ERROR_LOG_ONLY, filename); return(-1); } unsigned int len= (unsigned int)byteBuffer.GetLength(); if (write(fd, byteBuffer.GetUnderlyingData(), len) != len) { - my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: can't write to %s", ME_ERROR_LOG, filename); + my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: can't write to %s", ME_ERROR_LOG_ONLY, filename); close(fd); unlink(filename); return(-1); } close(fd); - my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: generated encrypted datakey for key id=%u, version=%u", ME_ERROR_LOG | ME_NOTE, + my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: generated encrypted datakey for key id=%u, version=%u", ME_ERROR_LOG_ONLY | ME_NOTE, keyid, version); return(0); } @@ -552,13 +552,13 @@ static int rotate_single_key(uint key_id) if (!ver) { - my_printf_error(ER_UNKNOWN_ERROR, "key %u does not exist", MYF(ME_JUST_WARNING), key_id); + my_printf_error(ER_UNKNOWN_ERROR, "key %u does not exist", MYF(ME_WARNING), key_id); return -1; } else if (generate_and_save_datakey(key_id, ver + 1)) { my_printf_error(ER_UNKNOWN_ERROR, "Could not generate datakey for key id= %u, ver= %u", - MYF(ME_JUST_WARNING), key_id, ver); + MYF(ME_WARNING), key_id, ver); return -1; } else @@ -569,7 +569,7 @@ static int rotate_single_key(uint key_id) if (load_key(&info)) { my_printf_error(ER_UNKNOWN_ERROR, "Could not load datakey for key id= %u, ver= %u", - MYF(ME_JUST_WARNING), key_id, ver); + MYF(ME_WARNING), key_id, ver); return -1; } } @@ -594,7 +594,7 @@ static void update_rotate(MYSQL_THD, struct st_mysql_sys_var *, void *, const vo if (!master_key_id[0]) { my_printf_error(ER_UNKNOWN_ERROR, - "aws_key_management_master_key_id must be set to generate new data keys", MYF(ME_JUST_WARNING)); + "aws_key_management_master_key_id must be set to generate new data keys", MYF(ME_WARNING)); return; } mtx.lock(); diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c index 22d5eee21f2..d64ef990983 100644 --- a/plugin/cracklib_password_check/cracklib_password_check.c +++ b/plugin/cracklib_password_check/cracklib_password_check.c @@ -21,7 +21,8 @@ static char *dictionary; -static int crackme(MYSQL_CONST_LEX_STRING *username, MYSQL_CONST_LEX_STRING *password) +static int crackme(const MYSQL_CONST_LEX_STRING *username, + const MYSQL_CONST_LEX_STRING *password) { char *user= alloca(username->length + 1); char *host; diff --git a/plugin/feedback/sender_thread.cc b/plugin/feedback/sender_thread.cc index 92f186a1e2a..b025879b6ee 100644 --- a/plugin/feedback/sender_thread.cc +++ b/plugin/feedback/sender_thread.cc @@ -117,11 +117,12 @@ static int prepare_for_fill(TABLE_LIST *tables) tables->init_one_table(&INFORMATION_SCHEMA_NAME, &tbl_name, 0, TL_READ); tables->schema_table= i_s_feedback; + tables->select_lex= thd->lex->first_select_lex(); + DBUG_ASSERT(tables->select_lex); tables->table= create_schema_table(thd, tables); if (!tables->table) return 1; - tables->select_lex= thd->lex->current_select; tables->table->pos_in_table_list= tables; return 0; diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index 72d5a91d59d..a9b4ff200d9 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -733,7 +733,7 @@ static int user_coll_fill(struct user_coll *c, char *users, internal_stop_logging= 1; CLIENT_ERROR(1, "User '%.*s' was removed from the" " server_audit_excl_users.", - MYF(ME_JUST_WARNING), (int) cmp_length, users); + MYF(ME_WARNING), (int) cmp_length, users); internal_stop_logging= 0; blank_user(cmp_user); refill_cmp_coll= 1; @@ -742,7 +742,7 @@ static int user_coll_fill(struct user_coll *c, char *users, { internal_stop_logging= 1; CLIENT_ERROR(1, "User '%.*s' is in the server_audit_incl_users, " - "so wasn't added.", MYF(ME_JUST_WARNING), (int) cmp_length, users); + "so wasn't added.", MYF(ME_WARNING), (int) cmp_length, users); internal_stop_logging= 0; remove_user(users); continue; @@ -1050,7 +1050,7 @@ static int start_logging() "Could not create file '%s'.", alt_fname); is_active= 0; CLIENT_ERROR(1, "SERVER AUDIT plugin can't create file '%s'.", - MYF(ME_JUST_WARNING), alt_fname); + MYF(ME_WARNING), alt_fname); return 1; } error_header(); @@ -2593,7 +2593,7 @@ static void update_file_path(MYSQL_THD thd, { error_header(); fprintf(stderr, "Logging was disabled..\n"); - CLIENT_ERROR(1, "Logging was disabled.", MYF(ME_JUST_WARNING)); + CLIENT_ERROR(1, "Logging was disabled.", MYF(ME_WARNING)); } goto exit_func; } @@ -2763,7 +2763,7 @@ static void update_logging(MYSQL_THD thd, start_logging(); if (!logging) { - CLIENT_ERROR(1, "Logging was disabled.", MYF(ME_JUST_WARNING)); + CLIENT_ERROR(1, "Logging was disabled.", MYF(ME_WARNING)); } } else diff --git a/plugin/simple_password_check/simple_password_check.c b/plugin/simple_password_check/simple_password_check.c index 5a76c3d3005..2d298f0efa9 100644 --- a/plugin/simple_password_check/simple_password_check.c +++ b/plugin/simple_password_check/simple_password_check.c @@ -22,8 +22,8 @@ static unsigned min_length, min_digits, min_letters, min_others; -static int validate(MYSQL_CONST_LEX_STRING *username, - MYSQL_CONST_LEX_STRING *password) +static int validate(const MYSQL_CONST_LEX_STRING *username, + const MYSQL_CONST_LEX_STRING *password) { unsigned digits=0 , uppers=0 , lowers=0, others=0, length= (unsigned)password->length; const char *ptr= password->str, *end= ptr + length; |