mirror of
https://github.com/MariaDB/server.git
synced 2025-07-30 16:24:05 +03:00
CURRENT_USER() and "access denied" error messages now report hostname exactly as it was specified in the GRANT command (with wildcards, that is)
BitKeeper/etc/logging_ok: Logging to logging@openlogging.org accepted
This commit is contained in:
unknown
@ -79,6 +79,7 @@ salle@geopard.(none)
|
||||
salle@geopard.online.bg
|
||||
sasha@mysql.sashanet.com
|
||||
serg@build.mysql2.com
|
||||
serg@serg.mylan
|
||||
serg@serg.mysql.com
|
||||
serg@sergbook.mysql.com
|
||||
sinisa@rhols221.adsl.netsonic.fi
|
||||
|
||||
@ -297,7 +297,7 @@ Item *create_func_current_user()
|
||||
char buff[HOSTNAME_LENGTH+USERNAME_LENGTH+2];
|
||||
uint length;
|
||||
|
||||
length= (uint) (strxmov(buff, thd->priv_user, "@", thd->host_or_ip, NullS) -
|
||||
length= (uint) (strxmov(buff, thd->priv_user, "@", thd->priv_host, NullS) -
|
||||
buff);
|
||||
return new Item_string(NullS, thd->memdup(buff, length), length);
|
||||
}
|
||||
|
||||
@ -114,7 +114,7 @@ static ACL_USER *find_acl_user(const char *host, const char *user);
|
||||
static bool update_user_table(THD *thd, const char *host, const char *user,
|
||||
const char *new_password);
|
||||
static void update_hostname(acl_host_and_ip *host, const char *hostname);
|
||||
static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
|
||||
static bool compare_hostname(const acl_host_and_ip *host,const char *hostname,
|
||||
const char *ip);
|
||||
|
||||
/*
|
||||
@ -492,7 +492,8 @@ static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b)
|
||||
*/
|
||||
|
||||
ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
|
||||
const char *password,const char *message,char **priv_user,
|
||||
const char *password,const char *message,
|
||||
char **priv_user, char **priv_host,
|
||||
bool old_ver, USER_RESOURCES *mqh)
|
||||
{
|
||||
ulong user_access=NO_ACCESS;
|
||||
@ -526,10 +527,10 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
|
||||
#ifdef HAVE_OPENSSL
|
||||
Vio *vio=thd->net.vio;
|
||||
/*
|
||||
In this point we know that user is allowed to connect
|
||||
from given host by given username/password pair. Now
|
||||
we check if SSL is required, if user is using SSL and
|
||||
if X509 certificate attributes are OK
|
||||
In this point we know that user is allowed to connect
|
||||
from given host by given username/password pair. Now
|
||||
we check if SSL is required, if user is using SSL and
|
||||
if X509 certificate attributes are OK
|
||||
*/
|
||||
switch (acl_user->ssl_type) {
|
||||
case SSL_TYPE_NOT_SPECIFIED: // Impossible
|
||||
@ -577,7 +578,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
|
||||
X509* cert=SSL_get_peer_certificate(vio->ssl_);
|
||||
DBUG_PRINT("info",("checkpoint 2"));
|
||||
/* If X509 issuer is speified, we check it... */
|
||||
if (acl_user->x509_issuer)
|
||||
if (acl_user->x509_issuer)
|
||||
{
|
||||
DBUG_PRINT("info",("checkpoint 3"));
|
||||
char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
|
||||
@ -605,7 +606,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
|
||||
if (strcmp(acl_user->x509_subject,ptr))
|
||||
{
|
||||
if (global_system_variables.log_warnings)
|
||||
sql_print_error("X509 subject mismatch: '%s' vs '%s'",
|
||||
sql_print_error("X509 subject mismatch: '%s' vs '%s'",
|
||||
acl_user->x509_subject, ptr);
|
||||
user_access=NO_ACCESS;
|
||||
}
|
||||
@ -622,6 +623,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
|
||||
*mqh=acl_user->user_resource;
|
||||
if (!acl_user->user)
|
||||
*priv_user=(char*) ""; // Change to anonymous user /* purecov: inspected */
|
||||
*priv_host=acl_user->host.hostname;
|
||||
break;
|
||||
}
|
||||
#ifndef ALLOW_DOWNGRADE_OF_USERS
|
||||
|
||||
@ -87,7 +87,8 @@ void acl_free(bool end=0);
|
||||
ulong acl_get(const char *host, const char *ip, const char *bin_ip,
|
||||
const char *user, const char *db);
|
||||
ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
|
||||
const char *password,const char *scramble,char **priv_user,
|
||||
const char *password,const char *scramble,
|
||||
char **priv_user, char **priv_host,
|
||||
bool old_ver, USER_RESOURCES *max);
|
||||
bool acl_check_host(const char *host, const char *ip);
|
||||
bool check_change_password(THD *thd, const char *host, const char *user);
|
||||
|
||||
@ -351,14 +351,14 @@ public:
|
||||
db - currently selected database
|
||||
ip - client IP
|
||||
*/
|
||||
char *host,*user,*priv_user,*db,*ip;
|
||||
char *host,*user,*priv_user,*priv_host,*db,*ip;
|
||||
/* remote (peer) port */
|
||||
uint16 peer_port;
|
||||
/* Points to info-string that will show in SHOW PROCESSLIST */
|
||||
const char *proc_info;
|
||||
/* points to host if host is available, otherwise points to ip */
|
||||
const char *host_or_ip;
|
||||
|
||||
|
||||
uint client_capabilities; /* What the client supports */
|
||||
/* Determines if which non-standard SQL behaviour should be enabled */
|
||||
uint sql_mode;
|
||||
@ -366,7 +366,6 @@ public:
|
||||
ulong master_access; /* Global privileges from mysql.user */
|
||||
ulong db_access; /* Privileges for current db */
|
||||
|
||||
|
||||
/*
|
||||
open_tables - list of regular tables in use by this thread
|
||||
temporary_tables - list of temp tables in use by this thread
|
||||
|
||||
@ -362,11 +362,11 @@ bool mysql_change_db(THD *thd,const char *name)
|
||||
{
|
||||
net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR,
|
||||
thd->priv_user,
|
||||
thd->host_or_ip,
|
||||
thd->priv_host,
|
||||
dbname);
|
||||
mysql_log.write(thd,COM_INIT_DB,ER(ER_DBACCESS_DENIED_ERROR),
|
||||
thd->priv_user,
|
||||
thd->host_or_ip,
|
||||
thd->priv_host,
|
||||
dbname);
|
||||
my_free(dbname,MYF(0));
|
||||
DBUG_RETURN(1);
|
||||
|
||||
@ -186,7 +186,7 @@ end:
|
||||
/*
|
||||
Check if user is ok
|
||||
Updates:
|
||||
thd->user, thd->master_access, thd->priv_user, thd->db, thd->db_access
|
||||
thd->{user,master_access,priv_user,priv_host,db,db_access}
|
||||
*/
|
||||
|
||||
static bool check_user(THD *thd,enum_server_command command, const char *user,
|
||||
@ -205,7 +205,8 @@ static bool check_user(THD *thd,enum_server_command command, const char *user,
|
||||
return 1;
|
||||
}
|
||||
thd->master_access=acl_getroot(thd, thd->host, thd->ip, thd->user,
|
||||
passwd, thd->scramble, &thd->priv_user,
|
||||
passwd, thd->scramble,
|
||||
&thd->priv_user, &thd->priv_host,
|
||||
protocol_version == 9 ||
|
||||
!(thd->client_capabilities &
|
||||
CLIENT_LONG_PASSWORD),&ur);
|
||||
@ -2566,7 +2567,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
|
||||
if (!no_errors)
|
||||
net_printf(&thd->net,ER_ACCESS_DENIED_ERROR,
|
||||
thd->priv_user,
|
||||
thd->host_or_ip,
|
||||
thd->priv_host,
|
||||
thd->password ? ER(ER_YES) : ER(ER_NO));/* purecov: tested */
|
||||
DBUG_RETURN(TRUE); /* purecov: tested */
|
||||
}
|
||||
@ -2591,7 +2592,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
|
||||
if (!no_errors)
|
||||
net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR,
|
||||
thd->priv_user,
|
||||
thd->host_or_ip,
|
||||
thd->priv_host,
|
||||
db ? db : thd->db ? thd->db : "unknown"); /* purecov: tested */
|
||||
DBUG_RETURN(TRUE); /* purecov: tested */
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user