diff options
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r-- | sql/sql_acl.cc | 57 |
1 files changed, 28 insertions, 29 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 130113c17f1..abc53687ee0 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -38,6 +38,7 @@ #include "records.h" // READ_RECORD, read_record_info, // init_read_record, end_read_record #include "rpl_filter.h" // rpl_filter +#include "rpl_rli.h" #include <m_ctype.h> #include <stdarg.h> #include "sp_head.h" @@ -299,7 +300,7 @@ public: bool eq(const char *user2, const char *host2) { return !cmp(user2, host2); } - bool wild_eq(const char *user2, const char *host2, const char *ip2 = 0) + bool wild_eq(const char *user2, const char *host2, const char *ip2) { if (strcmp(safe_str(user.str), safe_str(user2))) return false; @@ -876,7 +877,6 @@ static char *fix_plugin_ptr(char *name) */ static bool fix_user_plugin_ptr(ACL_USER *user) { - user->salt_len= 0; if (my_strcasecmp(system_charset_info, user->plugin.str, native_password_plugin_name.str) == 0) user->plugin= native_password_plugin_name; @@ -887,7 +887,8 @@ static bool fix_user_plugin_ptr(ACL_USER *user) else return true; - set_user_salt(user, user->auth_string.str, user->auth_string.length); + if (user->auth_string.length) + set_user_salt(user, user->auth_string.str, user->auth_string.length); return false; } @@ -1258,7 +1259,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) { user.plugin.str= tmpstr; user.plugin.length= strlen(user.plugin.str); - if (user.auth_string.length) + user.auth_string.str= + safe_str(get_field(&acl_memroot, table->field[next_field++])); + user.auth_string.length= strlen(user.auth_string.str); + + if (user.auth_string.length && password_len) { sql_print_warning("'user' entry '%s@%s' has both a password " "and an authentication plugin specified. The " @@ -1266,9 +1271,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) safe_str(user.user.str), safe_str(user.host.hostname)); } - user.auth_string.str= - safe_str(get_field(&acl_memroot, table->field[next_field++])); - user.auth_string.length= strlen(user.auth_string.str); fix_user_plugin_ptr(&user); } @@ -1881,7 +1883,7 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access) acl_user= (ACL_USER *)acl_user_base; /* Yes! priv_user@host. Don't ask why - that's what check_access() does. */ if (acl_user->wild_eq(thd->security_ctx->priv_user, - thd->security_ctx->host)) + thd->security_ctx->host, thd->security_ctx->ip)) { is_granted= TRUE; break; @@ -2558,7 +2560,7 @@ bool change_password(THD *thd, const char *host, const char *user, { TABLE_LIST tables; TABLE *table; - Rpl_filter *rpl_filter= thd->rpl_filter; + Rpl_filter *rpl_filter; /* Buffer should be extended when password length is extended. */ char buff[512]; ulong query_length; @@ -2580,7 +2582,8 @@ bool change_password(THD *thd, const char *host, const char *user, GRANT and REVOKE are applied the slave in/exclusion rules as they are some kind of updates to the mysql.% tables. */ - if (thd->slave_thread && rpl_filter->is_on()) + if (thd->slave_thread && + (rpl_filter= thd->system_thread_info.rpl_sql_info->rpl_filter)->is_on()) { /* The tables must be marked "updating" so that tables_ok() takes them into @@ -5393,7 +5396,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, TABLE_LIST tables[3]; bool create_new_users=0; char *db_name, *table_name; - Rpl_filter *rpl_filter= thd->rpl_filter; + Rpl_filter *rpl_filter; DBUG_ENTER("mysql_table_grant"); if (!initialized) @@ -5483,7 +5486,8 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, GRANT and REVOKE are applied the slave in/exclusion rules as they are some kind of updates to the mysql.% tables. */ - if (thd->slave_thread && rpl_filter->is_on()) + if (thd->slave_thread && + (rpl_filter= thd->system_thread_info.rpl_sql_info->rpl_filter)->is_on()) { /* The tables must be marked "updating" so that tables_ok() takes them into @@ -5670,7 +5674,7 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, TABLE_LIST tables[2]; bool create_new_users=0, result=0; char *db_name, *table_name; - Rpl_filter *rpl_filter= thd->rpl_filter; + Rpl_filter *rpl_filter; DBUG_ENTER("mysql_routine_grant"); if (!initialized) @@ -5705,7 +5709,8 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, GRANT and REVOKE are applied the slave in/exclusion rules as they are some kind of updates to the mysql.% tables. */ - if (thd->slave_thread && rpl_filter->is_on()) + if (thd->slave_thread && + (rpl_filter= thd->system_thread_info.rpl_sql_info->rpl_filter)->is_on()) { /* The tables must be marked "updating" so that tables_ok() takes them into @@ -6141,7 +6146,7 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list, char tmp_db[SAFE_NAME_LEN+1]; bool create_new_users=0; TABLE_LIST tables[2]; - Rpl_filter *rpl_filter= thd->rpl_filter; + Rpl_filter *rpl_filter; DBUG_ENTER("mysql_grant"); if (!initialized) @@ -6190,7 +6195,8 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list, GRANT and REVOKE are applied the slave in/exclusion rules as they are some kind of updates to the mysql.% tables. */ - if (thd->slave_thread && rpl_filter->is_on()) + if (thd->slave_thread && + (rpl_filter= thd->system_thread_info.rpl_sql_info->rpl_filter)->is_on()) { /* The tables must be marked "updating" so that tables_ok() takes them into @@ -8223,7 +8229,7 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc) #define GRANT_TABLES 7 static int open_grant_tables(THD *thd, TABLE_LIST *tables) { - Rpl_filter *rpl_filter= thd->rpl_filter; + Rpl_filter *rpl_filter; DBUG_ENTER("open_grant_tables"); if (!initialized) @@ -8267,7 +8273,8 @@ static int open_grant_tables(THD *thd, TABLE_LIST *tables) GRANT and REVOKE are applied the slave in/exclusion rules as they are some kind of updates to the mysql.% tables. */ - if (thd->slave_thread && rpl_filter->is_on()) + if (thd->slave_thread && + (rpl_filter= thd->system_thread_info.rpl_sql_info->rpl_filter)->is_on()) { /* The tables must be marked "updating" so that tables_ok() takes them into @@ -10835,7 +10842,6 @@ struct MPVIO_EXT :public MYSQL_PLUGIN_VIO uint pkt_len; } cached_server_packet; int packets_read, packets_written; ///< counters for send/received packets - uint connect_errors; ///< if there were connect errors for this host bool make_it_fail; /** when plugin returns a failure this tells us what really happened */ enum { SUCCESS, FAILURE, RESTART } status; @@ -11386,9 +11392,6 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio, */ DBUG_ASSERT(net->read_pos[pkt_len] == 0); - if (mpvio->connect_errors) - reset_host_connect_errors(thd->main_security_ctx.ip); - ulong client_capabilities= uint2korr(net->read_pos); if (client_capabilities & CLIENT_PROTOCOL_41) { @@ -11966,8 +11969,6 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name, Perform the handshake, authorize the client and update thd sctx variables. @param thd thread handle - @param connect_errors number of previous failed connect attemps - from this host @param com_change_user_pkt_len size of the COM_CHANGE_USER packet (without the first, command, byte) or 0 if it's not a COM_CHANGE_USER (that is, if @@ -11976,8 +11977,7 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name, @retval 0 success, thd is updated. @retval 1 error */ -bool acl_authenticate(THD *thd, uint connect_errors, - uint com_change_user_pkt_len) +bool acl_authenticate(THD *thd, uint com_change_user_pkt_len) { int res= CR_OK; MPVIO_EXT mpvio; @@ -11991,7 +11991,6 @@ bool acl_authenticate(THD *thd, uint connect_errors, mpvio.write_packet= server_mpvio_write_packet; mpvio.info= server_mpvio_info; mpvio.thd= thd; - mpvio.connect_errors= connect_errors; mpvio.status= MPVIO_EXT::FAILURE; mpvio.make_it_fail= false; mpvio.auth_info.host_or_ip= thd->security_ctx->host_or_ip; @@ -12441,7 +12440,7 @@ maria_declare_plugin(mysql_password) NULL, /* status variables */ NULL, /* system variables */ "1.0", /* String version */ - MariaDB_PLUGIN_MATURITY_BETA /* Maturity */ + MariaDB_PLUGIN_MATURITY_STABLE /* Maturity */ }, { MYSQL_AUTHENTICATION_PLUGIN, /* type constant */ @@ -12456,7 +12455,7 @@ maria_declare_plugin(mysql_password) NULL, /* status variables */ NULL, /* system variables */ "1.0", /* String version */ - MariaDB_PLUGIN_MATURITY_BETA /* Maturity */ + MariaDB_PLUGIN_MATURITY_STABLE /* Maturity */ } maria_declare_plugin_end; |