database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

CURRENT_USER() and "access denied" error messages now report hostname exactly as it was specified in the GRANT command (with wildcards, that is)

Browse Source
This commit is contained in:
serg@serg.mylan
2003-04-29 00:15:18 +02:00
parent da3e2d29a0
commit d13e4fc532
7 changed files with 23 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
BitKeeper/etc/logging_ok
View File

@ -79,6 +79,7 @@ salle@geopard.(none)
salle@geopard.online.bg salle@geopard.online.bg
sasha@mysql.sashanet.com sasha@mysql.sashanet.com
serg@build.mysql2.com serg@build.mysql2.com
serg@serg.mylan
serg@serg.mysql.com serg@serg.mysql.com
serg@sergbook.mysql.com serg@sergbook.mysql.com
sinisa@rhols221.adsl.netsonic.fi sinisa@rhols221.adsl.netsonic.fi

2
sql/item_create.cc
View File

@ -297,7 +297,7 @@ Item *create_func_current_user()
char buff[HOSTNAME_LENGTH+USERNAME_LENGTH+2]; char buff[HOSTNAME_LENGTH+USERNAME_LENGTH+2];
uint length; uint length;
length= (uint) (strxmov(buff, thd->priv_user, "@", thd->host_or_ip, NullS) - length= (uint) (strxmov(buff, thd->priv_user, "@", thd->priv_host, NullS) -
buff); buff);
return new Item_string(NullS, thd->memdup(buff, length), length); return new Item_string(NullS, thd->memdup(buff, length), length);
} }

18
sql/sql_acl.cc
View File

@ -114,7 +114,7 @@ static ACL_USER *find_acl_user(const char *host, const char *user);
static bool update_user_table(THD *thd, const char *host, const char *user, static bool update_user_table(THD *thd, const char *host, const char *user,
const char *new_password); const char *new_password);
static void update_hostname(acl_host_and_ip *host, const char *hostname); static void update_hostname(acl_host_and_ip *host, const char *hostname);
static bool compare_hostname(const acl_host_and_ip *host, const char *hostname, static bool compare_hostname(const acl_host_and_ip *host,const char *hostname,
const char *ip); const char *ip);
/* /*
@ -492,7 +492,8 @@ static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b)
*/ */
ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
const char *password,const char *message,char **priv_user, const char *password,const char *message,
char **priv_user, char **priv_host,
bool old_ver, USER_RESOURCES *mqh) bool old_ver, USER_RESOURCES *mqh)
{ {
ulong user_access=NO_ACCESS; ulong user_access=NO_ACCESS;
@ -526,10 +527,10 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
Vio *vio=thd->net.vio; Vio *vio=thd->net.vio;
/* /*
In this point we know that user is allowed to connect In this point we know that user is allowed to connect
from given host by given username/password pair. Now from given host by given username/password pair. Now
we check if SSL is required, if user is using SSL and we check if SSL is required, if user is using SSL and
if X509 certificate attributes are OK if X509 certificate attributes are OK
*/ */
switch (acl_user->ssl_type) { switch (acl_user->ssl_type) {
case SSL_TYPE_NOT_SPECIFIED: // Impossible case SSL_TYPE_NOT_SPECIFIED: // Impossible
@ -577,7 +578,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
X509* cert=SSL_get_peer_certificate(vio->ssl_); X509* cert=SSL_get_peer_certificate(vio->ssl_);
DBUG_PRINT("info",("checkpoint 2")); DBUG_PRINT("info",("checkpoint 2"));
/* If X509 issuer is speified, we check it... */ /* If X509 issuer is speified, we check it... */
if (acl_user->x509_issuer) if (acl_user->x509_issuer)
{ {
DBUG_PRINT("info",("checkpoint 3")); DBUG_PRINT("info",("checkpoint 3"));
char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
@ -605,7 +606,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
if (strcmp(acl_user->x509_subject,ptr)) if (strcmp(acl_user->x509_subject,ptr))
{ {
if (global_system_variables.log_warnings) if (global_system_variables.log_warnings)
sql_print_error("X509 subject mismatch: '%s' vs '%s'", sql_print_error("X509 subject mismatch: '%s' vs '%s'",
acl_user->x509_subject, ptr); acl_user->x509_subject, ptr);
user_access=NO_ACCESS; user_access=NO_ACCESS;
} }
@ -622,6 +623,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
*mqh=acl_user->user_resource; *mqh=acl_user->user_resource;
if (!acl_user->user) if (!acl_user->user)
*priv_user=(char*) ""; // Change to anonymous user /* purecov: inspected */ *priv_user=(char*) ""; // Change to anonymous user /* purecov: inspected */
*priv_host=acl_user->host.hostname;
break; break;
} }
#ifndef ALLOW_DOWNGRADE_OF_USERS #ifndef ALLOW_DOWNGRADE_OF_USERS

3
sql/sql_acl.h
View File

@ -87,7 +87,8 @@ void acl_free(bool end=0);
ulong acl_get(const char *host, const char *ip, const char *bin_ip, ulong acl_get(const char *host, const char *ip, const char *bin_ip,
const char *user, const char *db); const char *user, const char *db);
ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
const char *password,const char *scramble,char **priv_user, const char *password,const char *scramble,
char **priv_user, char **priv_host,
bool old_ver, USER_RESOURCES *max); bool old_ver, USER_RESOURCES *max);
bool acl_check_host(const char *host, const char *ip); bool acl_check_host(const char *host, const char *ip);
bool check_change_password(THD *thd, const char *host, const char *user); bool check_change_password(THD *thd, const char *host, const char *user);

5
sql/sql_class.h
View File

@ -351,14 +351,14 @@ public:
db - currently selected database db - currently selected database
ip - client IP ip - client IP
*/ */
char *host,*user,*priv_user,*db,*ip; char *host,*user,*priv_user,*priv_host,*db,*ip;
/* remote (peer) port */ /* remote (peer) port */
uint16 peer_port; uint16 peer_port;
/* Points to info-string that will show in SHOW PROCESSLIST */ /* Points to info-string that will show in SHOW PROCESSLIST */
const char *proc_info; const char *proc_info;
/* points to host if host is available, otherwise points to ip */ /* points to host if host is available, otherwise points to ip */
const char *host_or_ip; const char *host_or_ip;
uint client_capabilities; /* What the client supports */ uint client_capabilities; /* What the client supports */
/* Determines if which non-standard SQL behaviour should be enabled */ /* Determines if which non-standard SQL behaviour should be enabled */
uint sql_mode; uint sql_mode;
@ -366,7 +366,6 @@ public:
ulong master_access; /* Global privileges from mysql.user */ ulong master_access; /* Global privileges from mysql.user */
ulong db_access; /* Privileges for current db */ ulong db_access; /* Privileges for current db */
/* /*
open_tables - list of regular tables in use by this thread open_tables - list of regular tables in use by this thread
temporary_tables - list of temp tables in use by this thread temporary_tables - list of temp tables in use by this thread

4
sql/sql_db.cc
View File

@ -362,11 +362,11 @@ bool mysql_change_db(THD *thd,const char *name)
{ {
net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR, net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR,
thd->priv_user, thd->priv_user,
thd->host_or_ip, thd->priv_host,
dbname); dbname);
mysql_log.write(thd,COM_INIT_DB,ER(ER_DBACCESS_DENIED_ERROR), mysql_log.write(thd,COM_INIT_DB,ER(ER_DBACCESS_DENIED_ERROR),
thd->priv_user, thd->priv_user,
thd->host_or_ip, thd->priv_host,
dbname); dbname);
my_free(dbname,MYF(0)); my_free(dbname,MYF(0));
DBUG_RETURN(1); DBUG_RETURN(1);

9
sql/sql_parse.cc
View File

@ -186,7 +186,7 @@ end:
/* /*
Check if user is ok Check if user is ok
Updates: Updates:
thd->user, thd->master_access, thd->priv_user, thd->db, thd->db_access thd->{user,master_access,priv_user,priv_host,db,db_access}
*/ */
static bool check_user(THD *thd,enum_server_command command, const char *user, static bool check_user(THD *thd,enum_server_command command, const char *user,
@ -205,7 +205,8 @@ static bool check_user(THD *thd,enum_server_command command, const char *user,
return 1; return 1;
} }
thd->master_access=acl_getroot(thd, thd->host, thd->ip, thd->user, thd->master_access=acl_getroot(thd, thd->host, thd->ip, thd->user,
passwd, thd->scramble, &thd->priv_user, passwd, thd->scramble,
&thd->priv_user, &thd->priv_host,
protocol_version == 9 || protocol_version == 9 ||
!(thd->client_capabilities & !(thd->client_capabilities &
CLIENT_LONG_PASSWORD),&ur); CLIENT_LONG_PASSWORD),&ur);
@ -2566,7 +2567,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
if (!no_errors) if (!no_errors)
net_printf(&thd->net,ER_ACCESS_DENIED_ERROR, net_printf(&thd->net,ER_ACCESS_DENIED_ERROR,
thd->priv_user, thd->priv_user,
thd->host_or_ip, thd->priv_host,
thd->password ? ER(ER_YES) : ER(ER_NO));/* purecov: tested */ thd->password ? ER(ER_YES) : ER(ER_NO));/* purecov: tested */
DBUG_RETURN(TRUE); /* purecov: tested */ DBUG_RETURN(TRUE); /* purecov: tested */
} }
@ -2591,7 +2592,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
if (!no_errors) if (!no_errors)
net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR, net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR,
thd->priv_user, thd->priv_user,
thd->host_or_ip, thd->priv_host,
db ? db : thd->db ? thd->db : "unknown"); /* purecov: tested */ db ? db : thd->db ? thd->db : "unknown"); /* purecov: tested */
DBUG_RETURN(TRUE); /* purecov: tested */ DBUG_RETURN(TRUE); /* purecov: tested */
} }