database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-01-06 05:22:24 +03:00
Code Activity

SCRUM

Browse Source 
WL#1284 (warnings about --skip-name-resolve)
Now MySQL will issue warnings during startup about entries in
grant tables with hostnames that require resolve, and after
GRANT commands with that kind of hostnames.


include/mysqld_error.h:
  errno added
sql/share/czech/errmsg.txt:
  error message added
sql/share/danish/errmsg.txt:
  error message added
sql/share/dutch/errmsg.txt:
  error message added
sql/share/english/errmsg.txt:
  error message added
sql/share/estonian/errmsg.txt:
  error message added
sql/share/french/errmsg.txt:
  error message added
sql/share/german/errmsg.txt:
  error message added
sql/share/greek/errmsg.txt:
  error message added
sql/share/hungarian/errmsg.txt:
  error message added
sql/share/italian/errmsg.txt:
  error message added
sql/share/japanese/errmsg.txt:
  error message added
sql/share/korean/errmsg.txt:
  error message added
sql/share/norwegian-ny/errmsg.txt:
  error message added
sql/share/norwegian/errmsg.txt:
  error message added
sql/share/polish/errmsg.txt:
  error message added
sql/share/portuguese/errmsg.txt:
  error message added
sql/share/romanian/errmsg.txt:
  error message added
sql/share/russian/errmsg.txt:
  error message added
sql/share/serbian/errmsg.txt:
  error message added
sql/share/slovak/errmsg.txt:
  error message added
sql/share/spanish/errmsg.txt:
  error message added
sql/share/swedish/errmsg.txt:
  error message added
sql/share/ukrainian/errmsg.txt:
  error message added
sql/sql_acl.cc:
  Checks added to detect entries with symbolic hostnames in grant tables
sql/sql_acl.h:
  interface added
sql/sql_parse.cc:
  Check added to the GRANT command to warn about 
  symbolic hostname & --skip-name-resolve
This commit is contained in:
unknown
2003-11-20 12:55:48 +04:00
parent 1cd722bb8f
commit 0aa62bc375
27 changed files with 103 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
sql/sql_acl.cc
View File

@@ -139,6 +139,8 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
READ_RECORD read_record_info;
MYSQL_LOCK *lock;
my_bool return_val=1;
bool check_no_resolve= specialflag & SPECIAL_NO_RESOLVE;
DBUG_ENTER("acl_init");
if (!acl_cache)
@@ -198,6 +200,13 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
host.access= get_access(table,2);
host.access= fix_rights_for_db(host.access);
host.sort= get_sort(2,host.host.hostname,host.db);
if (check_no_resolve && hostname_requires_resolving(host.host.hostname))
{
sql_print_error("Error in table 'host' entry '%s|%s'. "
"Can't resolve '%s' if --skip-name-resolve active. Skipped",
host.host.hostname, host.db, host.host.hostname);
continue;
}
#ifndef TO_BE_REMOVED
if (table->fields == 8)
{ // Without grant
@@ -259,6 +268,14 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
ACL_USER user;
update_hostname(&user.host, get_field(&mem, table->field[0]));
user.user= get_field(&mem, table->field[1]);
if (check_no_resolve && hostname_requires_resolving(user.host.hostname))
{
sql_print_error("Error in table 'user' entry '%s@%s'. "
"Can't resolve '%s' if --skip-name-resolve active. Skipped",
user.user, user.host.hostname, user.host.hostname);
continue;
}
const char *password= get_field(&mem, table->field[2]);
uint password_len= password ? strlen(password) : 0;
set_user_salt(&user, password, password_len);
@@ -353,6 +370,13 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
continue;
}
db.user=get_field(&mem, table->field[2]);
if (check_no_resolve && hostname_requires_resolving(db.host.hostname))
{
sql_print_error("Error in table 'db' entry '%s %s@%s'. "
"Can't resolve '%s' if --skip-name-resolve active. Skipped",
db.db, db.user, db.host.hostname, db.host.hostname);
continue;
}
db.access=get_access(table,3);
db.access=fix_rights_for_db(db.access);
db.sort=get_sort(3,db.host.hostname,db.db,db.user);
@@ -1257,6 +1281,25 @@ static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
(ip && !wild_compare(ip,host->hostname,0)));
}
bool hostname_requires_resolving(const char *hostname)
{
char cur;
if (!hostname)
return false;
int namelen= strlen(hostname);
int lhlen= strlen(my_localhost);
if ((namelen == lhlen) &&
!my_strnncoll(&my_charset_latin1, (const uchar *)hostname, namelen,
(const uchar *)my_localhost, strlen(my_localhost)))
return false;
for (; (cur=*hostname); hostname++)
{
if ((cur != '%') && (cur != '_') && (cur != '.') &&
((cur < '0') || (cur > '9')))
return true;
}
return false;
}
/*
Update grants in the user and database privilege tables
@@ -2444,6 +2487,7 @@ my_bool grant_init(THD *org_thd)
MYSQL_LOCK *lock;
my_bool return_val= 1;
TABLE *t_table, *c_table;
bool check_no_resolve= specialflag & SPECIAL_NO_RESOLVE;
DBUG_ENTER("grant_init");
grant_option = FALSE;
@@ -2493,13 +2537,31 @@ my_bool grant_init(THD *org_thd)
do
{
GRANT_TABLE *mem_check;
if (!(mem_check=new GRANT_TABLE(t_table,c_table)) ||
mem_check->ok() && my_hash_insert(&column_priv_hash,(byte*) mem_check))
if (!(mem_check=new GRANT_TABLE(t_table,c_table)) || mem_check->ok())
{
/* This could only happen if we are out memory */
grant_option= FALSE; /* purecov: deadcode */
goto end_unlock;
}
if (check_no_resolve)
{
if (hostname_requires_resolving(mem_check->host))
{
char buff[MAX_FIELD_WIDTH];
sql_print_error("Error in table 'tables_priv' entry '%s %s@%s'. "
"Can't resolve '%s' if --skip-name-resolve active. Skipped",
mem_check->tname, mem_check->user,
mem_check->host, mem_check->host);
continue;
}
}
if (my_hash_insert(&column_priv_hash,(byte*) mem_check))
{
grant_option= FALSE;
goto end_unlock;
}
}
while (!t_table->file->index_next(t_table->record[0]));