updates to system, statistics and admin tables logged to binary log.
- Removed special code used to temporarily change to statement based replication.
- Changed to a faster and smaller interface for temporarily switching to statement based replication.
sql/event_db_repository.cc:
Change to new interface to not use row based replication for system table changes.
sql/events.cc:
Change to new interface to not use row based replication for system table changes.
sql/sp.cc:
Removed temporarily switching to statement based replication (this is now done automaticly in mysql_execute_command())
sql/sql_acl.cc:
Change to new interface to not use row based replication for system table changes.
Removed temporarily switching to statement based replication (this is now done automaticly in mysql_execute_command())
sql/sql_class.h:
Added new interface for temporarily switching to statement based replication.
sql/sql_parse.cc:
Mark commands that needs original replication mode with CF_FORCE_ORIGINAL_BINLOG_FORMAT.
Switch automaticly to statement based replication for statements that can't generate row based events (and can't change replication mode)
sql/sql_udf.cc:
Removed temporarily switching to statement based replication (this is now done automaticly in mysql_execute_command())
Analysis:
-------------
If server is started with limit of MAX_CONNECTIONS and
MAX_USER_CONNECTIONS then only MAX_USER_CONNECTIONS of any particular
users can be connected to server and total MAX_CONNECTIONS of client can
be connected to server.
Server maintains a counter for total CONNECTIONS and total CONNECTIONS
from particular user.
Here, MAX_CONNECTIONS of connections are created to server. Out of this
MAX_CONNECTIONS, connections from particular user (say USER1) are
also created. The connections from USER1 is lesser than
MAX_USER_CONNECTIONS. After that there was one more connection request from
USER1. Since USER1 can still create connections as he havent reached
MAX_USER_CONNECTIONS, server increments counter of CONNECTIONS per user.
As server already has MAX_CONNECTIONS of connections, next check to total
CONNECTION count fails. In this case control is returned WITHOUT
decrementing the CONNECTIONS per user. So the counter per user CONNECTIONS goes
on incrementing for each attempt until current connections are closed.
And because of this counter per CONNECTIONS reached MAX_USER_CONNECTIONS.
So, next connections form USER1 user always returns with MAX_USER_CONNECTION
limit error, even when total connection to sever are less than MAX_CONNECTIONS.
Fix:
-------------
This issue is occurred because of not handling counters properly in the
server. Changed the code to handle per user connection counters properly.
Analysis:
-------------
If server is started with limit of MAX_CONNECTIONS and
MAX_USER_CONNECTIONS then only MAX_USER_CONNECTIONS of any particular
users can be connected to server and total MAX_CONNECTIONS of client can
be connected to server.
Server maintains a counter for total CONNECTIONS and total CONNECTIONS
from particular user.
Here, MAX_CONNECTIONS of connections are created to server. Out of this
MAX_CONNECTIONS, connections from particular user (say USER1) are
also created. The connections from USER1 is lesser than
MAX_USER_CONNECTIONS. After that there was one more connection request from
USER1. Since USER1 can still create connections as he havent reached
MAX_USER_CONNECTIONS, server increments counter of CONNECTIONS per user.
As server already has MAX_CONNECTIONS of connections, next check to total
CONNECTION count fails. In this case control is returned WITHOUT
decrementing the CONNECTIONS per user. So the counter per user CONNECTIONS goes
on incrementing for each attempt until current connections are closed.
And because of this counter per CONNECTIONS reached MAX_USER_CONNECTIONS.
So, next connections form USER1 user always returns with MAX_USER_CONNECTION
limit error, even when total connection to sever are less than MAX_CONNECTIONS.
Fix:
-------------
This issue is occurred because of not handling counters properly in the
server. Changed the code to handle per user connection counters properly.
sql/sql_insert.cc:
CREATE ... IF NOT EXISTS may do nothing, but
it is still not a failure. don't forget to my_ok it.
******
CREATE ... IF NOT EXISTS may do nothing, but
it is still not a failure. don't forget to my_ok it.
sql/sql_table.cc:
small cleanup
******
small cleanup
One can set @@global.max_user_connections to -1 to block anyone, except SUPER user, to login.
If max_user_connection is 0, one can't change it without a restart (needed to get user connections counting to work correctly)
mysql-test/r/system_mysql_db.result:
Changed max_user_connections to handle negative numbers.
mysql-test/r/user_limits-2.result:
New test case that one can't change max_user_connection if it was 0
mysql-test/r/user_limits.result:
Fixed wrong error messages.
mysql-test/r/variables.result:
Store / restore max_user_connections (needed as there is now a --master.opt file that changes it)
mysql-test/t/subselect_mat_cost-master.opt:
Enable slow query log (as this test found some errors in slow query logging)
mysql-test/t/user_limits-2.test:
New test case that one can't change max_user_connection if it was 0
mysql-test/t/user_limits-master.opt:
Set max_user_connections (as one can't change it if it was 0)
mysql-test/t/user_limits.test:
Test max_user_connections -1
mysql-test/t/variables-master.opt:
Set max_user_connections (as one can't change it if it was 0)
mysql-test/t/variables.test:
Set/restore max_user_connections
scripts/Makefile.am:
Add a text message to mysql_fix_privilege_tables.sql that it's automaticly generated
scripts/mysql_system_tables.sql:
Change max_user_connections to signed
scripts/mysql_system_tables_fix.sql:
Change max_user_connections to signed
sql/item_func.cc:
Change SHOW_INT to be signed.
(Needed for max_user_connections and it's probably a bug that it was not originally signed)
sql/log.cc:
Remove some code that was not needed (All these variables are reset at start of query)
sql/mysql_priv.h:
Made max_user_connections signed.
Added max_user_connections_checking
sql/mysqld.cc:
Added max_user_connections_checking so that we know if max_user_connections was 0 at startup
(Which means that we will not do connection counting for accounts that don't have user resource limits)
Set thd->start_utime at same time as thr_create_utime. (Before start_utime could be < thr_create_utime which lead to wrong query counting)
sql/set_var.cc:
Don't allow one to change 'max_user_connections' if it was 0 at startup.
sql/sql_acl.cc:
Change user_connection counting to be negative.
sql/sql_connect.cc:
If max_user_connections is < 0 then only SUPER user can login.
Fixed wrong variable names for error messages.
Fixed wrong initial value for questions.
Set thd->start_utime and thd->thr_create_utime at startup. Needed to get time_out_user_resource_limits() to work.
sql/sql_show.cc:
SHOW_INT is now negative
sql/sql_yacc.yy:
Support negative values for MAX_USER_CONNECTIONS
sql/structs.h:
Make user connect counting work with signed numbers.
FROM OK PACKET
There's no reliable way (without knowing the protocol variants that each
plugin pair implements) to find out when does the authentication exchange
end.
The server is changed to send all the extra authentication packets that
server plugins need to send prefixed with the \x1 command.
FROM OK PACKET
There's no reliable way (without knowing the protocol variants that each
plugin pair implements) to find out when does the authentication exchange
end.
The server is changed to send all the extra authentication packets that
server plugins need to send prefixed with the \x1 command.
The client-server protocol has left some room for interpretation
which this patch fixes by introducing byte counters and
enforced logic for SSL handshakes.
The client-server protocol has left some room for interpretation
which this patch fixes by introducing byte counters and
enforced logic for SSL handshakes.
thd->user_connect is now handled in thd->clenup() which will ensure that it works in all context (including slaves).
I added also some DBUG_ASSERT() to ensure that things are working correctly.
sql/sql_acl.cc:
Reset thd->user_connect on failed check_for_max_user_connections() to ensure we don't decrement value twice.
Removed not needed call to decrease_user_connections() as thd->cleanup() will now do it.
sql/sql_class.cc:
Call decrease_user_connections() in thd->cleanup()
sql/sql_connect.cc:
Ensure we don't allocate thd->user_connect twice.
Simplify check_for_max_user_connections().
sql/sql_parse.cc:
Ensure that thd->user_connect is handled properly in for 'change_user' command.
PAM AUTHENTICATION SETTINGS
SET PASSWORD code on a account with plugin authentication was errorneously
resetting the in-memory plugin pointer for the user back to native password
plugin despite the fact that it was sending a warning that the command has
no immediate effect.
Fixed by not updating the user's plugin if it's already set to a non default value.
Note that the bug affected only the in-memory cache of the user definitions.
Any restart of the server will fix the problem.
Also the salt and the password has are still stored into the user tables (just as
it's documented now).
Test case added.
One old test case result updated to have the correct value.
PAM AUTHENTICATION SETTINGS
SET PASSWORD code on a account with plugin authentication was errorneously
resetting the in-memory plugin pointer for the user back to native password
plugin despite the fact that it was sending a warning that the command has
no immediate effect.
Fixed by not updating the user's plugin if it's already set to a non default value.
Note that the bug affected only the in-memory cache of the user definitions.
Any restart of the server will fix the problem.
Also the salt and the password has are still stored into the user tables (just as
it's documented now).
Test case added.
One old test case result updated to have the correct value.
