Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
37245fd1
Commit
37245fd1
authored
Oct 19, 2002
by
peter@mysql.com
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
More work on secure connection protocol. commited in order to do the sync with new large pushed
bunch.
parent
d448caba
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
50 additions
and
2 deletions
+50
-2
client/insert_test.c
client/insert_test.c
+1
-0
client/select_test.c
client/select_test.c
+1
-0
include/mysql_com.h
include/mysql_com.h
+1
-0
sql/mysqld.cc
sql/mysqld.cc
+1
-0
sql/sql_acl.cc
sql/sql_acl.cc
+46
-2
No files found.
client/insert_test.c
View file @
37245fd1
...
...
@@ -16,6 +16,7 @@
#include <stdio.h>
#include <stdlib.h>
#include "my_global.h"
#include "mysql.h"
#define INSERT_QUERY "insert into test (name,num) values ('item %d', %d)"
...
...
client/select_test.c
View file @
37245fd1
...
...
@@ -19,6 +19,7 @@
#endif
#include <stdio.h>
#include <stdlib.h>
#include "my_global.h"
#include "mysql.h"
#define SELECT_QUERY "select name from test where num = %d"
...
...
include/mysql_com.h
View file @
37245fd1
...
...
@@ -97,6 +97,7 @@ enum enum_server_command
#define CLIENT_IGNORE_SIGPIPE 4096
/* IGNORE sigpipes */
#define CLIENT_TRANSACTIONS 8192
/* Client knows about transactions */
#define CLIENT_PROTOCOL_41 16384
/* New 4.1 protocol */
#define CLIENT_SECURE_CONNECTION 32768
/* New 4.1 authentication */
#define SERVER_STATUS_IN_TRANS 1
/* Transaction has started */
#define SERVER_STATUS_AUTOCOMMIT 2
/* Server in auto_commit mode */
...
...
sql/mysqld.cc
View file @
37245fd1
...
...
@@ -317,6 +317,7 @@ uint volatile thread_count=0, thread_running=0, kill_cached_threads=0,
ulong
thd_startup_options
=
(
OPTION_UPDATE_LOG
|
OPTION_AUTO_IS_NULL
|
OPTION_BIN_LOG
|
OPTION_QUOTE_SHOW_CREATE
);
uint
protocol_version
=
PROTOCOL_VERSION
;
uint
connection_auth_flag
=
0
;
/* Supported authentication mode */
struct
system_variables
global_system_variables
;
struct
system_variables
max_system_variables
;
ulong
keybuff_size
,
table_cache_size
,
...
...
sql/sql_acl.cc
View file @
37245fd1
...
...
@@ -32,6 +32,8 @@
#include <assert.h>
#include <stdarg.h>
extern
uint
connection_auth_flag
;
struct
acl_host_and_ip
{
char
*
hostname
;
...
...
@@ -143,7 +145,11 @@ my_bool acl_init(bool dont_read_acl_tables)
(
hash_get_key
)
acl_entry_get_key
,
(
void
(
*
)(
void
*
))
free
);
if
(
dont_read_acl_tables
)
{
/* If we do not read tables use old handshake to make it quick for all clients */
connection_auth_flag
=
CLIENT_LONG_PASSWORD
;
DBUG_RETURN
(
0
);
/* purecov: tested */
}
/*
To be able to run this from boot, we allocate a temporary THD
...
...
@@ -218,6 +224,7 @@ my_bool acl_init(bool dont_read_acl_tables)
DBUG_PRINT
(
"info"
,(
"user table fields: %d"
,
table
->
fields
));
allow_all_hosts
=
0
;
connection_auth_flag
=
0
;
/* Reset flag as we're rereading the table */
while
(
!
(
read_record_info
.
read_record
(
&
read_record_info
)))
{
ACL_USER
user
;
...
...
@@ -242,6 +249,18 @@ my_bool acl_init(bool dont_read_acl_tables)
}
get_salt_from_password
(
user
.
salt
,
user
.
password
);
user
.
pversion
=
get_password_version
(
user
.
password
);
/*
We check the version of passwords in database. If no old passwords found we can force new handshake
if there are only old password we will force new handshake. In case of both types of passwords
found we will perform 2 stage authentication.
*/
if
(
user
.
password
&&
user
.
password
[
0
]
!=
0
)
/* empty passwords are not counted */
{
if
(
user
.
pversion
)
connection_auth_flag
|=
CLIENT_SECURE_CONNECTION
;
else
connection_auth_flag
|=
CLIENT_LONG_PASSWORD
;
}
user
.
access
=
get_access
(
table
,
3
)
&
GLOBAL_ACLS
;
user
.
sort
=
get_sort
(
2
,
user
.
host
.
hostname
,
user
.
user
);
user
.
hostname_length
=
(
user
.
host
.
hostname
?
...
...
@@ -299,7 +318,18 @@ my_bool acl_init(bool dont_read_acl_tables)
sizeof
(
ACL_USER
),(
qsort_cmp
)
acl_compare
);
end_read_record
(
&
read_record_info
);
freeze_size
(
&
acl_users
);
/*
If database is empty or has no passwords use new connection protocol
unless we're running with --old-passwords option
*/
if
(
!
connection_auth_flag
)
{
if
(
!
opt_old_passwords
)
connection_auth_flag
=
CLIENT_SECURE_CONNECTION
;
else
connection_auth_flag
=
CLIENT_LONG_PASSWORD
;
}
printf
(
"Set flag after read: %d
\n
"
,
connection_auth_flag
);
init_read_record
(
&
read_record_info
,
thd
,
table
=
tables
[
2
].
table
,
NULL
,
1
,
0
);
VOID
(
my_init_dynamic_array
(
&
acl_dbs
,
sizeof
(
ACL_DB
),
50
,
100
));
while
(
!
(
read_record_info
.
read_record
(
&
read_record_info
)))
...
...
@@ -674,6 +704,12 @@ static void acl_update_user(const char *user, const char *host,
acl_user
->
password
=
(
char
*
)
""
;
// Just point at something
get_salt_from_password
(
acl_user
->
salt
,
password
);
acl_user
->
pversion
=
get_password_version
(
acl_user
->
password
);
// We should allow connection with authentication method matching password
if
(
acl_user
->
pversion
)
connection_auth_flag
|=
CLIENT_SECURE_CONNECTION
;
else
connection_auth_flag
|=
CLIENT_LONG_PASSWORD
;
printf
(
"Debug: flag set to %d
\n
"
,
connection_auth_flag
);
}
}
break
;
...
...
@@ -1084,7 +1120,15 @@ bool change_password(THD *thd, const char *host, const char *user,
if
(
!
new_password
[
0
])
acl_user
->
password
=
0
;
else
acl_user
->
password
=
(
char
*
)
""
;
// Point at something
{
acl_user
->
password
=
(
char
*
)
""
;
// Point at something
/* Adjust global connection options depending of client password*/
if
(
acl_user
->
pversion
)
connection_auth_flag
|=
CLIENT_SECURE_CONNECTION
;
else
connection_auth_flag
|=
CLIENT_LONG_PASSWORD
;
}
acl_cache
->
clear
(
1
);
// Clear locked hostname cache
VOID
(
pthread_mutex_unlock
(
&
acl_cache
->
lock
));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment