Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
8730d0a4
Commit
8730d0a4
authored
Apr 05, 2010
by
Igor Babaev
Browse files
Options
Browse Files
Download
Plain Diff
Merge with the latest changes of 5.2.
parents
32a4805c
fedbda3f
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
84 additions
and
20 deletions
+84
-20
mysql-test/r/connect.result
mysql-test/r/connect.result
+14
-0
mysql-test/t/connect.test
mysql-test/t/connect.test
+28
-0
sql/sql_acl.cc
sql/sql_acl.cc
+42
-20
No files found.
mysql-test/r/connect.result
View file @
8730d0a4
...
...
@@ -225,3 +225,17 @@ Connection on extra port 2 ok
# ------------------------------------------------------------------
# -- End of 5.1 tests
# ------------------------------------------------------------------
CREATE USER mysqltest_up1 IDENTIFIED VIA mysql_native_password using '*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB';
CREATE USER mysqltest_up2 IDENTIFIED VIA mysql_old_password using '09301740536db389';
connect(localhost,mysqltest_up1,foo,test,13001,MASTER_SOCKET);
ERROR 28000: Access denied for user 'mysqltest_up1'@'localhost' (using password: YES)
select user(), current_user();
user() current_user()
mysqltest_up1@localhost mysqltest_up1@%
connect(localhost,mysqltest_up2,newpw,test,13001,MASTER_SOCKET);
ERROR 28000: Access denied for user 'mysqltest_up2'@'localhost' (using password: YES)
select user(), current_user();
user() current_user()
mysqltest_up2@localhost mysqltest_up2@%
DROP USER mysqltest_up1@'%';
DROP USER mysqltest_up2@'%';
mysql-test/t/connect.test
View file @
8730d0a4
...
...
@@ -328,6 +328,34 @@ if ($error)
--
disconnect
extracon2
--
connection
default
#
# A couple of plugin tests - for builtin plugins only
#
CREATE
USER
mysqltest_up1
IDENTIFIED
VIA
mysql_native_password
using
'*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB'
;
CREATE
USER
mysqltest_up2
IDENTIFIED
VIA
mysql_old_password
using
'09301740536db389'
;
--
replace_result
$MASTER_MYSOCK
MASTER_SOCKET
$MASTER_MYPORT
MASTER_PORT
--
error
ER_ACCESS_DENIED_ERROR
connect
(
pcon1
,
localhost
,
mysqltest_up1
,
foo
,,
$MASTER_EXTRA_PORT
,);
connect
(
pcon2
,
localhost
,
mysqltest_up1
,
bar
,,
$MASTER_EXTRA_PORT
,);
connection
pcon2
;
select
user
(),
current_user
();
disconnect
pcon2
;
--
replace_result
$MASTER_MYSOCK
MASTER_SOCKET
$MASTER_MYPORT
MASTER_PORT
--
error
ER_ACCESS_DENIED_ERROR
connect
(
pcon3
,
localhost
,
mysqltest_up2
,
newpw
,,
$MASTER_EXTRA_PORT
,);
connect
(
pcon4
,
localhost
,
mysqltest_up2
,
oldpw
,,
$MASTER_EXTRA_PORT
,);
connection
pcon4
;
select
user
(),
current_user
();
disconnect
pcon4
;
connection
default
;
DROP
USER
mysqltest_up1
@
'%'
;
DROP
USER
mysqltest_up2
@
'%'
;
# Wait till all disconnects are completed
--
source
include
/
wait_until_count_sessions
.
inc
sql/sql_acl.cc
View file @
8730d0a4
...
...
@@ -319,6 +319,35 @@ set_user_salt(ACL_USER *acl_user, const char *password, uint password_len)
acl_user
->
salt_len
=
0
;
}
/**
Fix ACL::plugin pointer to point to a hard-coded string, if appropriate
Make sure that if ACL_USER's plugin is a built-in, then it points
to a hard coded string, not to an allocated copy. Run-time, for
authentication, we want to be able to detect built-ins by comparing
pointers, not strings.
Additionally - update the salt if the plugin is built-in.
@retval 0 the pointers were fixed
@retval 1 this ACL_USER uses a not built-in plugin
*/
static
bool
fix_user_plugin_ptr
(
ACL_USER
*
user
)
{
if
(
my_strcasecmp
(
system_charset_info
,
user
->
plugin
.
str
,
native_password_plugin_name
.
str
)
==
0
)
user
->
plugin
=
native_password_plugin_name
;
else
if
(
my_strcasecmp
(
system_charset_info
,
user
->
plugin
.
str
,
old_password_plugin_name
.
str
)
==
0
)
user
->
plugin
=
old_password_plugin_name
;
else
return
true
;
set_user_salt
(
user
,
user
->
auth_string
.
str
,
user
->
auth_string
.
length
);
return
false
;
}
/*
This after_update function is used when user.password is less than
SCRAMBLE_LENGTH bytes.
...
...
@@ -662,6 +691,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
char
*
tmpstr
=
get_field
(
&
mem
,
table
->
field
[
next_field
++
]);
if
(
tmpstr
)
{
user
.
plugin
.
str
=
tmpstr
;
user
.
plugin
.
length
=
strlen
(
user
.
plugin
.
str
);
if
(
user
.
auth_string
.
length
)
{
sql_print_warning
(
"'user' entry '%s@%s' has both a password "
...
...
@@ -670,22 +701,12 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
user
.
user
?
user
.
user
:
""
,
user
.
host
.
hostname
?
user
.
host
.
hostname
:
""
);
}
if
(
my_strcasecmp
(
system_charset_info
,
tmpstr
,
native_password_plugin_name
.
str
)
==
0
)
user
.
plugin
=
native_password_plugin_name
;
else
if
(
my_strcasecmp
(
system_charset_info
,
tmpstr
,
old_password_plugin_name
.
str
)
==
0
)
user
.
plugin
=
old_password_plugin_name
;
else
{
user
.
plugin
.
str
=
tmpstr
;
user
.
plugin
.
length
=
strlen
(
tmpstr
);
}
user
.
auth_string
.
str
=
get_field
(
&
mem
,
table
->
field
[
next_field
++
]);
if
(
!
user
.
auth_string
.
str
)
user
.
auth_string
.
str
=
const_cast
<
char
*>
(
""
);
user
.
auth_string
.
length
=
strlen
(
user
.
auth_string
.
str
);
fix_user_plugin_ptr
(
&
user
);
}
}
}
...
...
@@ -1132,12 +1153,15 @@ static void acl_update_user(const char *user, const char *host,
{
if
(
plugin
->
str
[
0
])
{
acl_user
->
plugin
.
str
=
strmake_root
(
&
mem
,
plugin
->
str
,
plugin
->
length
);
acl_user
->
plugin
.
length
=
plugin
->
length
;
acl_user
->
plugin
=
*
plugin
;
acl_user
->
auth_string
.
str
=
auth
->
str
?
strmake_root
(
&
mem
,
auth
->
str
,
auth
->
length
)
:
const_cast
<
char
*>
(
""
);
acl_user
->
auth_string
.
length
=
auth
->
length
;
if
(
fix_user_plugin_ptr
(
acl_user
))
acl_user
->
plugin
.
str
=
strmake_root
(
&
mem
,
plugin
->
str
,
plugin
->
length
);
}
else
set_user_salt
(
acl_user
,
password
,
password_len
);
acl_user
->
access
=
privileges
;
if
(
mqh
->
specified_limits
&
USER_RESOURCES
::
QUERIES_PER_HOUR
)
acl_user
->
user_resource
.
questions
=
mqh
->
questions
;
...
...
@@ -1157,8 +1181,6 @@ static void acl_update_user(const char *user, const char *host,
acl_user
->
x509_subject
=
(
x509_subject
?
strdup_root
(
&
mem
,
x509_subject
)
:
0
);
}
if
(
password
)
set_user_salt
(
acl_user
,
password
,
password_len
);
/* search complete: */
break
;
}
...
...
@@ -1186,11 +1208,12 @@ static void acl_insert_user(const char *user, const char *host,
update_hostname
(
&
acl_user
.
host
,
*
host
?
strdup_root
(
&
mem
,
host
)
:
0
);
if
(
plugin
->
str
[
0
])
{
acl_user
.
plugin
.
str
=
strmake_root
(
&
mem
,
plugin
->
str
,
plugin
->
length
);
acl_user
.
plugin
.
length
=
plugin
->
length
;
acl_user
.
plugin
=
*
plugin
;
acl_user
.
auth_string
.
str
=
auth
->
str
?
strmake_root
(
&
mem
,
auth
->
str
,
auth
->
length
)
:
const_cast
<
char
*>
(
""
);
acl_user
.
auth_string
.
length
=
auth
->
length
;
if
(
fix_user_plugin_ptr
(
&
acl_user
))
acl_user
.
plugin
.
str
=
strmake_root
(
&
mem
,
plugin
->
str
,
plugin
->
length
);
}
else
{
...
...
@@ -1198,6 +1221,7 @@ static void acl_insert_user(const char *user, const char *host,
old_password_plugin_name
:
native_password_plugin_name
;
acl_user
.
auth_string
.
str
=
strmake_root
(
&
mem
,
password
,
password_len
);
acl_user
.
auth_string
.
length
=
password_len
;
set_user_salt
(
&
acl_user
,
password
,
password_len
);
}
acl_user
.
access
=
privileges
;
...
...
@@ -1210,8 +1234,6 @@ static void acl_insert_user(const char *user, const char *host,
acl_user
.
x509_issuer
=
x509_issuer
?
strdup_root
(
&
mem
,
x509_issuer
)
:
0
;
acl_user
.
x509_subject
=
x509_subject
?
strdup_root
(
&
mem
,
x509_subject
)
:
0
;
set_user_salt
(
&
acl_user
,
password
,
password_len
);
VOID
(
push_dynamic
(
&
acl_users
,(
uchar
*
)
&
acl_user
));
if
(
!
acl_user
.
host
.
hostname
||
(
acl_user
.
host
.
hostname
[
0
]
==
wild_many
&&
!
acl_user
.
host
.
hostname
[
1
]))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment