~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/sql_connect.cc

• browse files at revision 243.1.2
• compare with another revision
• download diff
• download tarball
• view history from revision 243.1.2

• reverse the comparison (243.1.2 to 279)
• stop comparing with revision 279

Show diffs side-by-side

added

removed

drizzled/sql_connect.cc

17

17

/*

18

18

  Functions to autenticate and handle reqests for a connection

19

19

*/

20

 

#include <drizzled/server_includes.h>

21

 

#include <drizzled/authentication.h>

22

 

#include <drizzled/drizzled_error_messages.h>

 

20

 

 

21

#include "mysql_priv.h"

23

22

 

24

23

#define MIN_HANDSHAKE_SIZE      6

25

24

 

70

69

  should be done with this in mind; 'thd' is INOUT, all other params

71

70

  are 'IN'.

72

71

 

73

 

  @retval  0  OK

 

72

  @retval  0  OK; thd->security_ctx->user/master_access/priv_user/db_access and

 

73

              thd->db are updated; OK is sent to the client.

74

74

  @retval  1  error, e.g. access denied or handshake error, not sent to

75

75

              the client. A message is pushed into the error stack.

76

76

*/

77

77

 

78

78

int

79

79

check_user(THD *thd, enum enum_server_command command,

80

 

           const char *passwd,

 

80

           const char *passwd __attribute__((unused)),

81

81

           uint passwd_len, const char *db,

82

82

           bool check_count)

83

83

{

84

84

  LEX_STRING db_str= { (char *) db, db ? strlen(db) : 0 };

85

 

  bool is_authenticated;

86

85

 

87

86

  /*

88

87

    Clear thd->db as it points to something, that will be freed when

92

91

  */

93

92

  thd->reset_db(NULL, 0);

94

93

 

95

 

  if (passwd_len != 0 && passwd_len != SCRAMBLE_LENGTH)

96

 

  {

97

 

    my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.ip);

98

 

    return(1);

99

 

  }

100

 

 

101

 

  is_authenticated= authenticate_user(thd, passwd);

102

 

 

103

 

  if (is_authenticated != true)

104

 

  {

105

 

    my_error(ER_ACCESS_DENIED_ERROR, MYF(0),

106

 

             thd->main_security_ctx.user,

107

 

             thd->main_security_ctx.ip,

108

 

             passwd_len ? ER(ER_YES) : ER(ER_NO));

109

 

 

110

 

    return 1;

111

 

  }

112

 

 

 

94

  bool opt_secure_auth_local;

 

95

  pthread_mutex_lock(&LOCK_global_system_variables);

 

96

  opt_secure_auth_local= opt_secure_auth;

 

97

  pthread_mutex_unlock(&LOCK_global_system_variables);

 

98

 

 

99

  /*

 

100

    If the server is running in secure auth mode, short scrambles are 

 

101

    forbidden.

 

102

  */

 

103

  if (opt_secure_auth_local && passwd_len == SCRAMBLE_LENGTH_323)

 

104

  {

 

105

    my_error(ER_NOT_SUPPORTED_AUTH_MODE, MYF(0));

 

106

    general_log_print(thd, COM_CONNECT, ER(ER_NOT_SUPPORTED_AUTH_MODE));

 

107

    return(1);

 

108

  }

 

109

  if (passwd_len != 0 &&

 

110

      passwd_len != SCRAMBLE_LENGTH &&

 

111

      passwd_len != SCRAMBLE_LENGTH_323)

 

112

  {

 

113

    my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);

 

114

    return(1);

 

115

  }

113

116

 

114

117

  USER_RESOURCES ur;

115

118

  thd->security_ctx->skip_grants();

134

137

    break-in attempts.

135

138

  */

136

139

  general_log_print(thd, command,

137

 

                    ((char*) "%s@%s on %s"),

 

140

                    (thd->main_security_ctx.priv_user ==

 

141

                     thd->main_security_ctx.user ?

 

142

                     (char*) "%s@%s on %s" :

 

143

                     (char*) "%s@%s as anonymous on %s"),

138

144

                    thd->main_security_ctx.user,

139

 

                    thd->main_security_ctx.ip,

 

145

                    thd->main_security_ctx.host_or_ip,

140

146

                    db ? db : (char*) "");

141

147

 

 

148

  /*

 

149

    This is the default access rights for the current database.  It's

 

150

    set to 0 here because we don't have an active database yet (and we

 

151

    may not have an active database to set.

 

152

  */

 

153

  thd->main_security_ctx.db_access=0;

 

154

 

142

155

  /* Change database if necessary */

143

156

  if (db && db[0])

144

157

  {

240

253

  thd->set_active_vio(net->vio);

241

254

#endif

242

255

 

243

 

  // TCP/IP connection

 

256

  if (!thd->main_security_ctx.host)         // If TCP/IP connection

244

257

  {

245

258

    char ip[NI_MAXHOST];

246

259

 

247

260

    if (vio_peer_addr(net->vio, ip, &thd->peer_port, NI_MAXHOST))

248

261

    {

249

 

      my_error(ER_BAD_HOST_ERROR, MYF(0), thd->main_security_ctx.ip);

 

262

      my_error(ER_BAD_HOST_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);

250

263

      return 1;

251

264

    }

252

265

    if (!(thd->main_security_ctx.ip= my_strdup(ip,MYF(MY_WME))))

253

266

      return 1; /* The error is set by my_strdup(). */

 

267

    thd->main_security_ctx.host_or_ip= thd->main_security_ctx.ip;

 

268

    thd->main_security_ctx.host= ip_to_hostname(&net->vio->remote, 

 

269

                                                net->vio->addrLen);

 

270

    thd->main_security_ctx.host_or_ip= thd->main_security_ctx.host;

 

271

  }

 

272

  else /* Hostname given means that the connection was on a socket */

 

273

  {

 

274

    thd->main_security_ctx.host_or_ip= thd->main_security_ctx.host;

 

275

    thd->main_security_ctx.ip= 0;

 

276

    /* Reset sin_addr */

 

277

    memset((char*) &net->vio->remote, 0, sizeof(net->vio->remote));

254

278

  }

255

279

  vio_keepalive(net->vio, true);

256

280

  

299

323

        pkt_len < MIN_HANDSHAKE_SIZE)

300

324

    {

301

325

      my_error(ER_HANDSHAKE_ERROR, MYF(0),

302

 

               thd->main_security_ctx.ip);

 

326

               thd->main_security_ctx.host_or_ip);

303

327

      return 1;

304

328

    }

305

329

  }

 

330

#ifdef _CUSTOMCONFIG_

 

331

#include "_cust_sql_parse.h"

 

332

#endif

306

333

  if (thd->packet.alloc(thd->variables.net_buffer_length))

307

334

    return 1; /* The error is set by alloc(). */

308

335

 

309

336

  thd->client_capabilities= uint2korr(net->read_pos);

310

 

 

311

 

 

312

 

  thd->client_capabilities|= ((ulong) uint2korr(net->read_pos+2)) << 16;

313

 

  thd->max_client_packet_length= uint4korr(net->read_pos+4);

314

 

  thd_init_client_charset(thd, (uint) net->read_pos[8]);

315

 

  thd->update_charset();

316

 

  end= (char*) net->read_pos+32;

317

 

 

 

337

  if (thd->client_capabilities & CLIENT_PROTOCOL_41)

 

338

  {

 

339

    thd->client_capabilities|= ((ulong) uint2korr(net->read_pos+2)) << 16;

 

340

    thd->max_client_packet_length= uint4korr(net->read_pos+4);

 

341

    thd_init_client_charset(thd, (uint) net->read_pos[8]);

 

342

    thd->update_charset();

 

343

    end= (char*) net->read_pos+32;

 

344

  }

 

345

  else

 

346

  {

 

347

    thd->max_client_packet_length= uint3korr(net->read_pos+2);

 

348

    end= (char*) net->read_pos+5;

 

349

  }

318

350

  /*

319

351

    Disable those bits which are not supported by the server.

320

352

    This is a precautionary measure, if the client lies. See Bug#27944.

327

359

  if (end >= (char*) net->read_pos+ pkt_len +2)

328

360

  {

329

361

 

330

 

    my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.ip);

 

362

    my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);

331

363

    return 1;

332

364

  }

333

365

 

364

396

 

365

397

  if (passwd + passwd_len + db_len > (char *)net->read_pos + pkt_len)

366

398

  {

367

 

    my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.ip);

 

399

    my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);

368

400

    return 1;

369

401

  }

370

402

 

493

525

      sql_print_warning(ER(ER_NEW_ABORTING_CONNECTION),

494

526

                        thd->thread_id,(thd->db ? thd->db : "unconnected"),

495

527

                        sctx->user ? sctx->user : "unauthenticated",

496

 

                        sctx->ip,

 

528

                        sctx->host_or_ip,

497

529

                        (thd->main_da.is_error() ? thd->main_da.message() :

498

530

                         ER(ER_UNKNOWN_ERROR)));

499

531

    }

535

567

      sql_print_warning(ER(ER_NEW_ABORTING_CONNECTION),

536

568

                        thd->thread_id,(thd->db ? thd->db : "unconnected"),

537

569

                        sctx->user ? sctx->user : "unauthenticated",

538

 

                        sctx->ip, "init_connect command failed");

 

570

                        sctx->host_or_ip, "init_connect command failed");

539

571

      sql_print_warning("%s", thd->main_da.message());

540

572

    }

541

573

    thd->proc_info=0;

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1