MDEV-13641 host errors are not reset after successful connection.

Fixed thd_set_peer_addr() to propagate host error count from ip_to_hostname() to check_connection(), which tests this count to clear errors affter successful authentication.

MDEV-13641 host errors are not reset after successful connection.
Fixed thd_set_peer_addr() to propagate host error count from ip_to_hostname() to check_connection(), which tests this count to clear errors affter successful authentication.
578b2b05 · Vladislav Vaintroub · 77c41fa7 · 578b2b05 · 578b2b05 · 578b2b05
Commit 578b2b05 authored Aug 25, 2017 by Vladislav Vaintroub
Hide whitespace changes
Inline Side-by-side

Showing with 37 additions and 7 deletions

sql/net_serv.cc sql/net_serv.cc +3 -1

sql/sql_connect.cc sql/sql_connect.cc +30 -5

sql/sql_connect.h sql/sql_connect.h +4 -1

No files found.
--- a/sql/net_serv.cc
+++ b/sql/net_serv.cc
@@ -882,8 +882,10 @@ static handle_proxy_header_result handle_proxy_header(NET *net)
    /* proxy header indicates LOCAL connection, no action necessary */
    return RETRY;
  /* Change peer address in THD and ACL structures.*/
+  uint host_errors;
  return (handle_proxy_header_result)thd_set_peer_addr(thd,
-                         &(peer_info.peer_addr), NULL, peer_info.port, false);
+                         &(peer_info.peer_addr), NULL, peer_info.port,
+                         false, &host_errors);
 #endif
 }

--- a/sql/sql_connect.cc
+++ b/sql/sql_connect.cc
@@ -837,10 +837,34 @@ bool init_new_connection_handler_thread()
  return 0;
 }
-int thd_set_peer_addr(THD *thd, sockaddr_storage *addr, const char *ip,uint port, bool check_proxy_networks)
+/**
+  Set client address during authentication.
+  Initializes THD::main_security_ctx and THD::peer_port.
+  Optionally does ip to hostname translation.
+  @param thd   current THD handle
+  @param addr  peer address (can be NULL, if 'ip' is set)
+  @param ip    peer address as string (can be NULL if 'addr' is set)
+  @param port  peer port
+  @param check_proxy_networks if true, and host is in
+               'proxy_protocol_networks' list, skip
+               "host not privileged" check
+  @param[out] host_errors - number of connect
+              errors for this host
+  @retval 0 ok, 1 error
+*/
+int thd_set_peer_addr(THD *thd,
+  sockaddr_storage *addr,
+  const char *ip,
+  uint port,
+  bool check_proxy_networks,
+  uint *host_errors)
 {
-  uint connect_errors;
+  *host_errors= 0;
-  thd->peer_port = port;
+  thd->peer_port= port;
  char ip_string[128];
  if (!ip)
@@ -886,7 +910,7 @@ int thd_set_peer_addr(THD *thd, sockaddr_storage *addr, const char *ip,uint port
    rc = ip_to_hostname(addr,
      thd->main_security_ctx.ip,
      &thd->main_security_ctx.host,
-      &connect_errors);
+      host_errors);
    /* Cut very long hostnames to avoid possible overflows */
    if (thd->main_security_ctx.host)
@@ -1027,7 +1051,8 @@ static int check_connection(THD *thd)
      return 1;
    }
-    if (thd_set_peer_addr(thd, &net->vio->remote, ip, peer_port, true))
+    if (thd_set_peer_addr(thd, &net->vio->remote, ip, peer_port,
+                          true, &connect_errors))
      return 1;
  }
  else /* Hostname given means that the connection was on a socket */

--- a/sql/sql_connect.h
+++ b/sql/sql_connect.h
@@ -85,7 +85,10 @@ bool thd_init_client_charset(THD *thd, uint cs_number);
 bool setup_connection_thread_globals(THD *thd);
 bool thd_prepare_connection(THD *thd);
 bool thd_is_connection_alive(THD *thd);
-int thd_set_peer_addr(THD *thd, sockaddr_storage *addr, const char *ip, uint port, bool check_proxy_networks);
+int thd_set_peer_addr(THD *thd, sockaddr_storage *addr,
+                      const char *ip, uint port,
+                      bool check_proxy_networks,
+                      uint *host_errors);
 bool login_connection(THD *thd);
 void prepare_new_connection_state(THD* thd);