From d098137155f184aaa25b9710d40854928276fcaf Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 29 Apr 2003 00:15:18 +0200 Subject: CURRENT_USER() and "access denied" error messages now report hostname exactly as it was specified in the GRANT command (with wildcards, that is) BitKeeper/etc/logging_ok: Logging to logging@openlogging.org accepted --- BitKeeper/etc/logging_ok | 1 + sql/item_create.cc | 2 +- sql/sql_acl.cc | 18 ++++++++++-------- sql/sql_acl.h | 3 ++- sql/sql_class.h | 5 ++--- sql/sql_db.cc | 4 ++-- sql/sql_parse.cc | 9 +++++---- 7 files changed, 23 insertions(+), 19 deletions(-) diff --git a/BitKeeper/etc/logging_ok b/BitKeeper/etc/logging_ok index aca77159202..8074f38541a 100644 --- a/BitKeeper/etc/logging_ok +++ b/BitKeeper/etc/logging_ok @@ -79,6 +79,7 @@ salle@geopard.(none) salle@geopard.online.bg sasha@mysql.sashanet.com serg@build.mysql2.com +serg@serg.mylan serg@serg.mysql.com serg@sergbook.mysql.com sinisa@rhols221.adsl.netsonic.fi diff --git a/sql/item_create.cc b/sql/item_create.cc index 7e082bc174c..6809d6892b0 100644 --- a/sql/item_create.cc +++ b/sql/item_create.cc @@ -297,7 +297,7 @@ Item *create_func_current_user() char buff[HOSTNAME_LENGTH+USERNAME_LENGTH+2]; uint length; - length= (uint) (strxmov(buff, thd->priv_user, "@", thd->host_or_ip, NullS) - + length= (uint) (strxmov(buff, thd->priv_user, "@", thd->priv_host, NullS) - buff); return new Item_string(NullS, thd->memdup(buff, length), length); } diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 3f63344baba..e14fa891977 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -114,7 +114,7 @@ static ACL_USER *find_acl_user(const char *host, const char *user); static bool update_user_table(THD *thd, const char *host, const char *user, const char *new_password); static void update_hostname(acl_host_and_ip *host, const char *hostname); -static bool compare_hostname(const acl_host_and_ip *host, const char *hostname, +static bool compare_hostname(const acl_host_and_ip *host,const char *hostname, const char *ip); /* @@ -492,7 +492,8 @@ static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b) */ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, - const char *password,const char *message,char **priv_user, + const char *password,const char *message, + char **priv_user, char **priv_host, bool old_ver, USER_RESOURCES *mqh) { ulong user_access=NO_ACCESS; @@ -526,10 +527,10 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, #ifdef HAVE_OPENSSL Vio *vio=thd->net.vio; /* - In this point we know that user is allowed to connect - from given host by given username/password pair. Now - we check if SSL is required, if user is using SSL and - if X509 certificate attributes are OK + In this point we know that user is allowed to connect + from given host by given username/password pair. Now + we check if SSL is required, if user is using SSL and + if X509 certificate attributes are OK */ switch (acl_user->ssl_type) { case SSL_TYPE_NOT_SPECIFIED: // Impossible @@ -577,7 +578,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, X509* cert=SSL_get_peer_certificate(vio->ssl_); DBUG_PRINT("info",("checkpoint 2")); /* If X509 issuer is speified, we check it... */ - if (acl_user->x509_issuer) + if (acl_user->x509_issuer) { DBUG_PRINT("info",("checkpoint 3")); char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); @@ -605,7 +606,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, if (strcmp(acl_user->x509_subject,ptr)) { if (global_system_variables.log_warnings) - sql_print_error("X509 subject mismatch: '%s' vs '%s'", + sql_print_error("X509 subject mismatch: '%s' vs '%s'", acl_user->x509_subject, ptr); user_access=NO_ACCESS; } @@ -622,6 +623,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, *mqh=acl_user->user_resource; if (!acl_user->user) *priv_user=(char*) ""; // Change to anonymous user /* purecov: inspected */ + *priv_host=acl_user->host.hostname; break; } #ifndef ALLOW_DOWNGRADE_OF_USERS diff --git a/sql/sql_acl.h b/sql/sql_acl.h index 6925b6b406c..26e445fb7ea 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -87,7 +87,8 @@ void acl_free(bool end=0); ulong acl_get(const char *host, const char *ip, const char *bin_ip, const char *user, const char *db); ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, - const char *password,const char *scramble,char **priv_user, + const char *password,const char *scramble, + char **priv_user, char **priv_host, bool old_ver, USER_RESOURCES *max); bool acl_check_host(const char *host, const char *ip); bool check_change_password(THD *thd, const char *host, const char *user); diff --git a/sql/sql_class.h b/sql/sql_class.h index ad0540de18c..26551b01da1 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -351,14 +351,14 @@ public: db - currently selected database ip - client IP */ - char *host,*user,*priv_user,*db,*ip; + char *host,*user,*priv_user,*priv_host,*db,*ip; /* remote (peer) port */ uint16 peer_port; /* Points to info-string that will show in SHOW PROCESSLIST */ const char *proc_info; /* points to host if host is available, otherwise points to ip */ const char *host_or_ip; - + uint client_capabilities; /* What the client supports */ /* Determines if which non-standard SQL behaviour should be enabled */ uint sql_mode; @@ -366,7 +366,6 @@ public: ulong master_access; /* Global privileges from mysql.user */ ulong db_access; /* Privileges for current db */ - /* open_tables - list of regular tables in use by this thread temporary_tables - list of temp tables in use by this thread diff --git a/sql/sql_db.cc b/sql/sql_db.cc index 900c87d83a5..7e58b5d4582 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -362,11 +362,11 @@ bool mysql_change_db(THD *thd,const char *name) { net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR, thd->priv_user, - thd->host_or_ip, + thd->priv_host, dbname); mysql_log.write(thd,COM_INIT_DB,ER(ER_DBACCESS_DENIED_ERROR), thd->priv_user, - thd->host_or_ip, + thd->priv_host, dbname); my_free(dbname,MYF(0)); DBUG_RETURN(1); diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 7479ef653a9..33b6c3f45c0 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -186,7 +186,7 @@ end: /* Check if user is ok Updates: - thd->user, thd->master_access, thd->priv_user, thd->db, thd->db_access + thd->{user,master_access,priv_user,priv_host,db,db_access} */ static bool check_user(THD *thd,enum_server_command command, const char *user, @@ -205,7 +205,8 @@ static bool check_user(THD *thd,enum_server_command command, const char *user, return 1; } thd->master_access=acl_getroot(thd, thd->host, thd->ip, thd->user, - passwd, thd->scramble, &thd->priv_user, + passwd, thd->scramble, + &thd->priv_user, &thd->priv_host, protocol_version == 9 || !(thd->client_capabilities & CLIENT_LONG_PASSWORD),&ur); @@ -2566,7 +2567,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, if (!no_errors) net_printf(&thd->net,ER_ACCESS_DENIED_ERROR, thd->priv_user, - thd->host_or_ip, + thd->priv_host, thd->password ? ER(ER_YES) : ER(ER_NO));/* purecov: tested */ DBUG_RETURN(TRUE); /* purecov: tested */ } @@ -2591,7 +2592,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, if (!no_errors) net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR, thd->priv_user, - thd->host_or_ip, + thd->priv_host, db ? db : thd->db ? thd->db : "unknown"); /* purecov: tested */ DBUG_RETURN(TRUE); /* purecov: tested */ } -- cgit v1.2.1