summaryrefslogtreecommitdiff
path: root/plugin
Commit message (Collapse)AuthorAgeFilesLines
* Merge 10.5 into 10.6Marko Mäkelä2021-03-051-41/+66
|\
| * Merge 10.4 into 10.5Marko Mäkelä2021-03-051-41/+66
| |\
| | * Merge 10.3 into 10.4Marko Mäkelä2021-03-051-41/+66
| | |\
| | | * MDEV-24965 With ALTER USER ...IDENTIFIED BY command, password doesn't ↵Alexey Botchkov2021-02-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | replaced by asterisks in audit log. Check for the ALTER USER command added.
| | | * MENT-1098 Crash during update on 10.4.17 after upgrade from 10.4.10Monty2021-02-251-41/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The reason for the crash was that there was not a write lock to protect against file rotations in the server_audit plugin after an audit plugin patch to changed audit mutexes to read & write locks. The fixes are: * Moving server_audit.c to use read & write locks (which improves performance). * Added functionality in file_logger.c to not do file rotations until it is allowed by the caller (done without any interface changes for the logging service). * Move checking of file size limit to server_audit.c and if it is time to do a rotation change the read lock to a write lock and tell file_logger that it is now allowed to rotate the log files.
* | | | Merge 10.5 into 10.6Marko Mäkelä2021-02-173-3/+3
|\ \ \ \ | |/ / /
| * | | Merge branch 'bb-10.4-release' into bb-10.5-releaseSergei Golubchik2021-02-153-3/+3
| |\ \ \ | | |/ /
| | * | Merge branch 'bb-10.3-release' into bb-10.4-releaseSergei Golubchik2021-02-121-1/+1
| | |\ \ | | | |/ | | | | | | | | | | | | Note, the fix for "MDEV-23328 Server hang due to Galera lock conflict resolution" was null-merged. 10.4 version of the fix is coming up separately
| | | * MDEV-17556 Assertion `bitmap_is_set_all(&table->s->all_set)' failedNikita Malyavin2021-01-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The assertion failed in handler::ha_reset upon SELECT under READ UNCOMMITTED from table with index on virtual column. This was the debug-only failure, though the problem is mush wider: * MY_BITMAP is a structure containing my_bitmap_map, the latter is a raw bitmap. * read_set, write_set and vcol_set of TABLE are the pointers to MY_BITMAP * The rest of MY_BITMAPs are stored in TABLE and TABLE_SHARE * The pointers to the stored MY_BITMAPs, like orig_read_set etc, and sometimes all_set and tmp_set, are assigned to the pointers. * Sometimes tmp_use_all_columns is used to substitute the raw bitmap directly with all_set.bitmap * Sometimes even bitmaps are directly modified, like in TABLE::update_virtual_field(): bitmap_clear_all(&tmp_set) is called. The last three bullets in the list, when used together (which is mostly always) make the program flow cumbersome and impossible to follow, notwithstanding the errors they cause, like this MDEV-17556, where tmp_set pointer was assigned to read_set, write_set and vcol_set, then its bitmap was substituted with all_set.bitmap by dbug_tmp_use_all_columns() call, and then bitmap_clear_all(&tmp_set) was applied to all this. To untangle this knot, the rule should be applied: * Never substitute bitmaps! This patch is about this. orig_*, all_set bitmaps are never substituted already. This patch changes the following function prototypes: * tmp_use_all_columns, dbug_tmp_use_all_columns to accept MY_BITMAP** and to return MY_BITMAP * instead of my_bitmap_map* * tmp_restore_column_map, dbug_tmp_restore_column_maps to accept MY_BITMAP* instead of my_bitmap_map* These functions now will substitute read_set/write_set/vcol_set directly, and won't touch underlying bitmaps.
* | | | MDEV-23959 GSSAPI plugin - support AD or local group name , and SIDs on WindowsVladislav Vaintroub2021-01-275-45/+294
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support membership tests in SSPI with special prefix form CREATE USER u IDENTIFIED WITH gssapi AS "GROUP:<group_name>" or CREATE USER u IDENTIFIED WITH gssapi AS "SID:<sid>" If user is created as one of the above, after successful SSPI handshake, this will happen 1) If "GROUP:" prefix is used, then <group_name> is translated to SID using LookupAccountName() API 2) SSPI user is checked for SID membership with ImpersonateSecurityContext() and CheckMembership() APIs Note, that it <group>/<sid> do not need strictly to refer to an actual group. Identity test is also supported, e.g "GROUP:<users_name>" or "SID:<user_sid>" will work too. Well-known SIDs (in SDDL syntax) appear to be supported such as "SID:WD" will refer to World/Everyone (== "SID:S-1-1-0") or "SID:BA" will refer to Administrators (== "SID:S-1-5-32-544") In UAC environments, for successful checks against Administrators group, elevation(Run As Administrator) might be necessary, since CheckMembership() needs groups to be marked as enabled in the token group list.
* | | | Merge 10.5 into 10.6Marko Mäkelä2021-01-252-2/+2
|\ \ \ \ | |/ / /
| * | | Merge 10.4 into 10.5Marko Mäkelä2021-01-252-2/+2
| |\ \ \ | | |/ /
| | * | MDEV-24577: Fix warnings generated during compilation of ↵Dmitry Shulga2021-01-192-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | plugin/auth_pam/testing/pam_mariadb_mtr.c on FreeBSD Compiler warnings generated on building MariaDB server for BSD has the same reason as in case building is performed on MacOS. Both platforms do use clang as a C/C++ compiler. So, fix the compiler warnings in case the compiler is clang doesn't matter what kind of building platform do we use for building. This is a follow-up patch for the following bug reports: MDEV-23564: CMAKE failing due to deprecated Apple GSS method MDEV-23935: Fix warnings generated during compilation of plugin/auth_pam/testing/pam_mariadb_mtr.c on MacOS
* | | | Merge 10.5 into 10.6Marko Mäkelä2021-01-111-7/+15
|\ \ \ \ | |/ / /
| * | | Merge 10.4 into 10.5Marko Mäkelä2021-01-111-7/+15
| |\ \ \ | | |/ /
| | * | Merge 10.3 into 10.4Marko Mäkelä2021-01-111-7/+15
| | |\ \ | | | |/
| | | * Merge 10.2 into 10.3 (except MDEV-17556)Marko Mäkelä2021-01-111-7/+15
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | The fix of MDEV-17556 (commit e25623e78a3efde05e30070dc7362f8dc0d8c459 and commit 61a362c9493df63dc588fcb71409537ae56ab9c8) has been omitted due to conflicts and will have to be applied separately later.
| | | | * MDEV-17556 Assertion `bitmap_is_set_all(&table->s->all_set)' failedNikita Malyavin2021-01-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The assertion failed in handler::ha_reset upon SELECT under READ UNCOMMITTED from table with index on virtual column. This was the debug-only failure, though the problem is mush wider: * MY_BITMAP is a structure containing my_bitmap_map, the latter is a raw bitmap. * read_set, write_set and vcol_set of TABLE are the pointers to MY_BITMAP * The rest of MY_BITMAPs are stored in TABLE and TABLE_SHARE * The pointers to the stored MY_BITMAPs, like orig_read_set etc, and sometimes all_set and tmp_set, are assigned to the pointers. * Sometimes tmp_use_all_columns is used to substitute the raw bitmap directly with all_set.bitmap * Sometimes even bitmaps are directly modified, like in TABLE::update_virtual_field(): bitmap_clear_all(&tmp_set) is called. The last three bullets in the list, when used together (which is mostly always) make the program flow cumbersome and impossible to follow, notwithstanding the errors they cause, like this MDEV-17556, where tmp_set pointer was assigned to read_set, write_set and vcol_set, then its bitmap was substituted with all_set.bitmap by dbug_tmp_use_all_columns() call, and then bitmap_clear_all(&tmp_set) was applied to all this. To untangle this knot, the rule should be applied: * Never substitute bitmaps! This patch is about this. orig_*, all_set bitmaps are never substituted already. This patch changes the following function prototypes: * tmp_use_all_columns, dbug_tmp_use_all_columns to accept MY_BITMAP** and to return MY_BITMAP * instead of my_bitmap_map* * tmp_restore_column_map, dbug_tmp_restore_column_maps to accept MY_BITMAP* instead of my_bitmap_map* These functions now will substitute read_set/write_set/vcol_set directly, and won't touch underlying bitmaps.
| | | | * MDEV-19442 add-onAndrei Elkin2021-01-071-1/+1
| | | | | | | | | | | | | | | | | | | | fixing windows build.
| | | | * MDEV-19442 server_audit plugin doesn't consider proxy users in ↵Alexey Botchkov2020-12-281-7/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | server_audit_excl_users/server_audit_incl_users. Check the proxy user just as the connection user against the incl_users_list and excl_users_list.
* | | | | Merge 10.5 into 10.6Marko Mäkelä2021-01-072-4/+5
|\ \ \ \ \ | |/ / / /
| * | | | Merge commit '10.4' into 10.5Oleksandr Byelkin2021-01-062-4/+5
| |\ \ \ \ | | |/ / /
| | * | | Merge 10.3 into 10.4Marko Mäkelä2020-12-232-4/+5
| | |\ \ \ | | | |/ /
| | | * | Merge 10.2 into 10.3Marko Mäkelä2020-12-231-4/+4
| | | |\ \ | | | | |/
| | | | * MDEV-24318 server_audit doesn't respect filters for PROXY_CONNECTAlexey Botchkov2020-12-011-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | events. The log line should be added behind the filters.
| | | * | MDEV-24279 Segfault after 1 day and 5 minutes uptimeSergei Golubchik2020-12-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | feedback plugin now fakes a SHOW command to force create_schema_table() to instantiate the table at once, not lazily. The test from plugins.feedback_plugin_send applies. Caused by e64084d5a3a7
* | | | | Merge 10.5 into 10.6Marko Mäkelä2020-12-212-2/+2
|\ \ \ \ \ | |/ / / /
| * | | | increase INET6 plugin maturitySergei Golubchik2020-12-212-2/+2
| | | | |
* | | | | Merge 10.5 into 10.6bb-10.6-MDEV-24426Marko Mäkelä2020-12-173-1/+25
|\ \ \ \ \ | |/ / / /
| * | | | Parse GSSAPI flags on AIXEtienne Guesnet2020-12-161-1/+5
| | | | |
| * | | | Support of AIX for auth_socket pluginEtienne Guesnet2020-12-162-0/+20
| | | | |
* | | | | Merge 10.5 into 10.6Marko Mäkelä2020-12-032-4/+2
|\ \ \ \ \ | |/ / / /
| * | | | Merge 10.4 into 10.5Marko Mäkelä2020-12-022-4/+2
| |\ \ \ \ | | |/ / /
| | * | | MDEV-15532 after-merge fixes from MontyMarko Mäkelä2020-12-021-3/+1
| | | | | | | | | | | | | | | | | | | | The Galera tests were massively failing with debug assertions.
* | | | | Windows : reduce useless system checksVladislav Vaintroub2020-11-121-0/+4
|/ / / /
* | | | Merge 10.4 into 10.5Marko Mäkelä2020-11-031-2/+6
|\ \ \ \ | |/ / /
| * | | Merge 10.3 into 10.4Marko Mäkelä2020-11-032-4/+8
| |\ \ \ | | |/ /
| | * | Merge 10.2 into 10.3Marko Mäkelä2020-11-021-2/+6
| | |\ \ | | | |/
| | | * MDEV-22387: Do not violate __attribute__((nonnull))Marko Mäkelä2020-11-021-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This follows up commit commit 94a520ddbe39ae97de1135d98699cf2674e6b77e and commit 7c5519c12d46ead947d341cbdcbb6fbbe4d4fe1b. After these changes, the default test suites on a cmake -DWITH_UBSAN=ON build no longer fail due to passing null pointers as parameters that are declared to never be null, but plenty of other runtime errors remain.
* | | | Merge branch '10.4' into 10.5Oleksandr Byelkin2020-11-011-2/+2
|\ \ \ \
| * \ \ \ Merge branch '10.3' into 10.4Oleksandr Byelkin2020-10-311-2/+2
| |\ \ \ \ | | |/ / / | |/| / / | | |/ /
| | * | Fixed bug in detection of getgrouplist parameters.Monty2020-10-291-2/+2
| | | | | | | | | | | | | | | | | | | | On my system, OpenSuse, I got a compilation error that some arguments to getgrouplist() where not initialized
* | | | Merge 10.4 into 10.5Marko Mäkelä2020-10-308-26/+121
|\ \ \ \ | |/ / /
| * | | Merge 10.3 into 10.4Marko Mäkelä2020-10-297-26/+117
| |\ \ \ | | |/ /
| | * | Merge 10.2 into 10.3Marko Mäkelä2020-10-285-23/+52
| | |\ \ | | | |/
| | | * MDEV-23926: Follow-up patchDmitry Shulga2020-10-231-4/+0
| | | | | | | | | | | | | | | | This patch removes unnecessary #ifdefs in cmake macros CHECK_C_SOURCE_COMPILES.
| | | * MDEV-23926: Follow-up patchDmitry Shulga2020-10-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This patch fixes incorrect argument type passed to the last parameter of getgrouplist() in cmake macros CHECK_C_SOURCE_COMPILES()
| | | * MDEV-23564: CMAKE failing due to deprecated Apple GSS methodDmitry Shulga2020-10-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some GSS-API functions like gss_import_name(), gss_release_buffer() used in plugin/auth_gssapi and libmariadb/plugins/auth are marked as deprecated in MacOS starting from version 10.14+. It results in extra warnings output on server building. To eliminate extra warnings the flag '-Wno-deprecated-declarations' has been added to compiler invocation string for those source files that invoke deprecated GSS-API functions.
| | | * MDEV-23926: Follow-up patch to add missed file plugin/auth_pam/config.h.cmakeDmitry Shulga2020-10-231-0/+5
| | | |
| | | * MDEV-23926: Follow-up patch to cleanup plugin/auth_pam/CMakeLists.txt codeDmitry Shulga2020-10-232-12/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch moves definitions of macros variables HAVE_PAM_SYSLOG, HAVE_PAM_EXT_H, HAVE_PAM_APPL_H, HAVE_STRNDUP from command line (in the form -Dmacros) to the auto-generated header file config_auth_pam.h
View Lorry Controller Status