diff options
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_acl.cc | 67 | ||||
| -rw-r--r-- | sql/sql_class.cc | 78 | ||||
| -rw-r--r-- | sql/structs.h | 2 |
3 files changed, 138 insertions, 9 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 88d1630d94b..9d243e95fbb 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3880,6 +3880,41 @@ static bool test_if_create_new_users(THD *thd) return create_new_users; } +void user_require_to_str(LEX *lex, String &str) +{ + int ssl_type= lex->ssl_type; + if (ssl_type != SSL_TYPE_NOT_SPECIFIED) + { + str.append(" REQUIRE "); + if (ssl_type == SSL_TYPE_ANY) + str.append(" SSL "); + else if (ssl_type == SSL_TYPE_X509) + str.append(" X509 "); + else if (ssl_type == SSL_TYPE_NONE) + str.append(" NONE "); + else if (ssl_type == SSL_TYPE_SPECIFIED) + { + if (strlen(lex->x509_subject)) + { + str.append(" SUBJECT '"); + str.append(lex->x509_subject); + str.append("' "); + } + if (strlen(lex->x509_issuer)) + { + str.append(" ISSUER '"); + str.append(lex->x509_issuer); + str.append("' "); + } + if (strlen(lex->ssl_cipher)) + { + str.append(" CIPHER '"); + str.append(lex->ssl_cipher); + str.append("' "); + } + } + } +} /**************************************************************************** Handle GRANT commands @@ -10137,10 +10172,10 @@ end: bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) { int result; - String wrong_users; + String wrong_users, binlog_query; LEX_USER *user_name; List_iterator <LEX_USER> user_list(list); - bool binlog= false; + bool if_not_exists= thd->lex->create_info.if_not_exists(); DBUG_ENTER("mysql_create_user"); DBUG_PRINT("entry", ("Handle as %s", handle_as_role ? "role" : "user")); @@ -10209,9 +10244,8 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) } // Proceed with the creation } - else if (thd->lex->create_info.if_not_exists()) + else if (if_not_exists) { - binlog= true; if (handle_as_role) push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE, ER_ROLE_CREATE_EXISTS, @@ -10222,7 +10256,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ER_USER_CREATE_EXISTS, ER_THD(thd, ER_USER_CREATE_EXISTS), user_name->user.str, user_name->host.str); - continue; + goto log; } else { @@ -10239,7 +10273,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) result= TRUE; continue; } - binlog= true; // every created role is automatically granted to its creator-admin if (handle_as_role) @@ -10273,6 +10306,25 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) &thd->lex->definer->host, &user_name->user, true, NULL, false); } + +log: + if (mysql_bin_log.is_open()) + { + binlog_query.append("CREATE USER "); + if (thd->lex->create_info.if_not_exists()) + binlog_query.append(" IF NOT EXISTS "); + user_name->to_str(binlog_query); + user_require_to_str(thd->lex, binlog_query); + thd->lex->mqh.to_str(binlog_query); + binlog_query.append("/* Generated by server */"); + // Log individual user into binlog + thd->binlog_query(THD::STMT_QUERY_TYPE, + binlog_query.ptr(), + binlog_query.length(), + FALSE, FALSE, if_not_exists, + result ? ER_CANNOT_USER : 0); + binlog_query.release(); + } } mysql_mutex_unlock(&acl_cache->lock); @@ -10282,9 +10334,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) (handle_as_role) ? "CREATE ROLE" : "CREATE USER", wrong_users.c_ptr_safe()); - if (binlog) - result |= write_bin_log(thd, FALSE, thd->query(), thd->query_length()); - mysql_rwlock_unlock(&LOCK_grant); DBUG_RETURN(result); } diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 0bbfdba88c7..c9ed61b175e 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -7651,6 +7651,84 @@ void AUTHID::parse(const char *str, size_t length) host.length= HOSTNAME_LENGTH; } +void LEX_USER::to_str(String &str) +{ + str.append("'"); + str.append(user.str, user.length); + str.append("'"); + if (host.length) + { + str.append("@"); + str.append("'"); + str.append(host.str, host.length); + str.append("'"); + } + str.append(" IDENTIFIED "); + if (pwtext.length) + { + str.append(" BY '"); + str.append(pwtext.str, pwtext.length); + str.append("' "); + } + else if (pwhash.length) + { + str.append(" BY PASSWORD '"); + str.append(pwhash.str, pwhash.length); + str.append("' "); + } + if (plugin.length) + { + str.append(" WITH "); + str.append(plugin.str, pwhash.length); + str.append("' "); + if (auth.length) + { + str.append(" USING '"); + str.append(auth.str, auth.length); + str.append("' "); + } + } +} + +void USER_RESOURCES::to_str(String &str) +{ + str.append(" WITH "); + if (specified_limits & USER_RESOURCES::QUERIES_PER_HOUR) + { + char num[10]; + sprintf(num, "%d", questions); + str.append(" MAX_QUERIES_PER_HOUR "); + str.append((const char *)&num); + } + if (specified_limits & USER_RESOURCES::UPDATES_PER_HOUR) + { + char num[10]; + sprintf(num, "%d", updates); + str.append(" MAX_UPDATES_PER_HOUR "); + str.append((const char *)&num); + } + if (specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR) + { + char num[10]; + sprintf(num, "%d", conn_per_hour); + str.append(" MAX_CONNECTIONS_PER_HOUR "); + str.append((const char *)&num); + } + if (specified_limits & USER_RESOURCES::USER_CONNECTIONS) + { + char num[10]; + sprintf(num, "%d", user_conn); + str.append(" MAX_USER_CONNECTIONS "); + str.append((const char *)&num); + } + if (specified_limits & USER_RESOURCES::MAX_STATEMENT_TIME) + { + char num[20]; + sprintf(num, "%f", max_statement_time); + str.append(" MAX_QUERY_PER_HOUR "); + str.append((const char *)&num); + } +} void Database_qualified_name::copy(MEM_ROOT *mem_root, const LEX_CSTRING &db, diff --git a/sql/structs.h b/sql/structs.h index 355d6e75e48..5efd658878b 100644 --- a/sql/structs.h +++ b/sql/structs.h @@ -235,6 +235,7 @@ struct LEX_USER: public AUTHID pwtext.str= pwhash.str= 0; plugin.str= auth.str= ""; } + void to_str(class String &str); }; /* @@ -267,6 +268,7 @@ typedef struct user_resources { enum {QUERIES_PER_HOUR= 1, UPDATES_PER_HOUR= 2, CONNECTIONS_PER_HOUR= 4, USER_CONNECTIONS= 8, MAX_STATEMENT_TIME= 16}; uint specified_limits; + void to_str(class String &str); } USER_RESOURCES; |