55
55
Check if user exist and password supplied is correct.
57
@param thd thread handle, thd->security_ctx->{host,user,ip} are used
57
@param session thread handle, session->security_ctx->{host,user,ip} are used
58
58
@param command originator of the check: now check_user is called
59
59
during connect and change user procedures; used for
68
68
@note Host, user and passwd may point to communication buffer.
69
69
Current implementation does not depend on that, but future changes
70
should be done with this in mind; 'thd' is INOUT, all other params
70
should be done with this in mind; 'session' is INOUT, all other params
79
check_user(THD *thd, const char *passwd,
79
check_user(Session *session, const char *passwd,
80
80
uint32_t passwd_len, const char *db,
84
84
bool is_authenticated;
87
Clear thd->db as it points to something, that will be freed when
87
Clear session->db as it points to something, that will be freed when
88
88
connection is closed. We don't want to accidentally free a wrong
89
89
pointer if connect failed. Also in case of 'CHANGE USER' failure,
90
90
current database will be switched to 'no database selected'.
92
thd->reset_db(NULL, 0);
92
session->reset_db(NULL, 0);
94
94
if (passwd_len != 0 && passwd_len != SCRAMBLE_LENGTH)
96
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.ip);
96
my_error(ER_HANDSHAKE_ERROR, MYF(0), session->main_security_ctx.ip);
100
is_authenticated= authenticate_user(thd, passwd);
100
is_authenticated= authenticate_user(session, passwd);
102
102
if (is_authenticated != true)
104
104
my_error(ER_ACCESS_DENIED_ERROR, MYF(0),
105
thd->main_security_ctx.user,
106
thd->main_security_ctx.ip,
105
session->main_security_ctx.user,
106
session->main_security_ctx.ip,
107
107
passwd_len ? ER(ER_YES) : ER(ER_NO));
130
130
/* Change database if necessary */
133
if (mysql_change_db(thd, &db_str, false))
133
if (mysql_change_db(session, &db_str, false))
135
135
/* mysql_change_db() has pushed the error message. */
140
thd->password= test(passwd_len); // remember for error messages
140
session->password= test(passwd_len); // remember for error messages
141
141
/* Ready to handle queries */
171
171
- client character set doesn't exists in server
173
173
if (!opt_character_set_client_handshake ||
174
!(thd->variables.character_set_client= get_charset(cs_number, MYF(0))) ||
174
!(session->variables.character_set_client= get_charset(cs_number, MYF(0))) ||
175
175
!my_strcasecmp(&my_charset_utf8_general_ci,
176
176
global_system_variables.character_set_client->name,
177
thd->variables.character_set_client->name))
177
session->variables.character_set_client->name))
179
thd->variables.character_set_client=
179
session->variables.character_set_client=
180
180
global_system_variables.character_set_client;
181
thd->variables.collation_connection=
181
session->variables.collation_connection=
182
182
global_system_variables.collation_connection;
183
thd->variables.character_set_results=
183
session->variables.character_set_results=
184
184
global_system_variables.character_set_results;
188
thd->variables.character_set_results=
189
thd->variables.collation_connection=
190
thd->variables.character_set_client;
188
session->variables.character_set_results=
189
session->variables.collation_connection=
190
session->variables.character_set_client;
209
Perform handshake, authorize client and update thd ACL variables.
209
Perform handshake, authorize client and update session ACL variables.
212
212
check_connection()
213
session thread handle
216
0 success, OK is sent to user, thd is updated.
216
0 success, OK is sent to user, session is updated.
217
217
-1 error, which is sent to user
218
218
> 0 error code (not sent to user)
221
static int check_connection(THD *thd)
221
static int check_connection(Session *session)
223
NET *net= &session->net;
224
224
uint32_t pkt_len= 0;
229
229
char ip[NI_MAXHOST];
231
if (net_peer_addr(net, ip, &thd->peer_port, NI_MAXHOST))
231
if (net_peer_addr(net, ip, &session->peer_port, NI_MAXHOST))
233
my_error(ER_BAD_HOST_ERROR, MYF(0), thd->main_security_ctx.ip);
233
my_error(ER_BAD_HOST_ERROR, MYF(0), session->main_security_ctx.ip);
236
if (!(thd->main_security_ctx.ip= my_strdup(ip,MYF(MY_WME))))
236
if (!(session->main_security_ctx.ip= my_strdup(ip,MYF(MY_WME))))
237
237
return 1; /* The error is set by my_strdup(). */
239
239
net_keepalive(net, true);
251
251
#endif /* HAVE_COMPRESS */
253
253
end= my_stpncpy(buff, server_version, SERVER_VERSION_LENGTH) + 1;
254
int4store((unsigned char*) end, thd->thread_id);
254
int4store((unsigned char*) end, session->thread_id);
257
257
So as check_connection is the only entry point to authorization
258
258
procedure, scramble is set here. This gives us new scramble for
261
create_random_string(thd->scramble, SCRAMBLE_LENGTH, &thd->rand);
261
create_random_string(session->scramble, SCRAMBLE_LENGTH, &session->rand);
263
263
Old clients does not understand long scrambles, but can ignore packet
264
264
tail: that's why first part of the scramble is placed here, and second
265
265
part at the end of packet.
267
end= strmake(end, thd->scramble, SCRAMBLE_LENGTH_323) + 1;
267
end= strmake(end, session->scramble, SCRAMBLE_LENGTH_323) + 1;
269
269
int2store(end, server_capabilites);
270
270
/* write server characteristics: up to 16 bytes allowed */
271
271
end[2]=(char) default_charset_info->number;
272
int2store(end+3, thd->server_status);
272
int2store(end+3, session->server_status);
273
273
memset(end+5, 0, 13);
275
275
/* write scramble tail */
276
end= strmake(end, thd->scramble + SCRAMBLE_LENGTH_323,
276
end= strmake(end, session->scramble + SCRAMBLE_LENGTH_323,
277
277
SCRAMBLE_LENGTH - SCRAMBLE_LENGTH_323) + 1;
279
279
/* At this point we write connection message and read reply */
283
283
pkt_len < MIN_HANDSHAKE_SIZE)
285
285
my_error(ER_HANDSHAKE_ERROR, MYF(0),
286
thd->main_security_ctx.ip);
286
session->main_security_ctx.ip);
290
if (thd->packet.alloc(thd->variables.net_buffer_length))
290
if (session->packet.alloc(session->variables.net_buffer_length))
291
291
return 1; /* The error is set by alloc(). */
293
thd->client_capabilities= uint2korr(net->read_pos);
296
thd->client_capabilities|= ((uint32_t) uint2korr(net->read_pos+2)) << 16;
297
thd->max_client_packet_length= uint4korr(net->read_pos+4);
298
thd_init_client_charset(thd, (uint) net->read_pos[8]);
299
thd->update_charset();
293
session->client_capabilities= uint2korr(net->read_pos);
296
session->client_capabilities|= ((uint32_t) uint2korr(net->read_pos+2)) << 16;
297
session->max_client_packet_length= uint4korr(net->read_pos+4);
298
session_init_client_charset(session, (uint) net->read_pos[8]);
299
session->update_charset();
300
300
end= (char*) net->read_pos+32;
303
303
Disable those bits which are not supported by the server.
304
304
This is a precautionary measure, if the client lies. See Bug#27944.
306
thd->client_capabilities&= server_capabilites;
306
session->client_capabilities&= server_capabilites;
308
308
if (end >= (char*) net->read_pos+ pkt_len +2)
311
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.ip);
311
my_error(ER_HANDSHAKE_ERROR, MYF(0), session->main_security_ctx.ip);
315
if (thd->client_capabilities & CLIENT_INTERACTIVE)
316
thd->variables.net_wait_timeout= thd->variables.net_interactive_timeout;
317
if ((thd->client_capabilities & CLIENT_TRANSACTIONS) &&
315
if (session->client_capabilities & CLIENT_INTERACTIVE)
316
session->variables.net_wait_timeout= session->variables.net_interactive_timeout;
317
if ((session->client_capabilities & CLIENT_TRANSACTIONS) &&
318
318
opt_using_transactions)
319
net->return_status= &thd->server_status;
319
net->return_status= &session->server_status;
322
322
char *passwd= strchr(user, '\0')+1;
336
336
Cast *passwd to an unsigned char, so that it doesn't extend the sign for
337
337
*passwd > 127 and become 2**32-127+ after casting to uint.
339
uint32_t passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
339
uint32_t passwd_len= session->client_capabilities & CLIENT_SECURE_CONNECTION ?
340
340
(unsigned char)(*passwd++) : strlen(passwd);
341
db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
341
db= session->client_capabilities & CLIENT_CONNECT_WITH_DB ?
342
342
db + passwd_len + 1 : 0;
343
343
/* strlen() can't be easily deleted without changing protocol */
344
344
uint32_t db_len= db ? strlen(db) : 0;
346
346
if (passwd + passwd_len + db_len > (char *)net->read_pos + pkt_len)
348
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.ip);
348
my_error(ER_HANDSHAKE_ERROR, MYF(0), session->main_security_ctx.ip);
355
355
db_buff[copy_and_convert(db_buff, sizeof(db_buff)-1,
356
356
system_charset_info,
358
thd->charset(), &dummy_errors)]= 0;
358
session->charset(), &dummy_errors)]= 0;
362
362
user_buff[user_len= copy_and_convert(user_buff, sizeof(user_buff)-1,
363
363
system_charset_info, user, user_len,
364
thd->charset(), &dummy_errors)]= '\0';
364
session->charset(), &dummy_errors)]= '\0';
367
367
/* If username starts and ends in "'", chop them off */
375
if (thd->main_security_ctx.user)
376
if (thd->main_security_ctx.user)
377
free(thd->main_security_ctx.user);
378
if (!(thd->main_security_ctx.user= my_strdup(user, MYF(MY_WME))))
375
if (session->main_security_ctx.user)
376
if (session->main_security_ctx.user)
377
free(session->main_security_ctx.user);
378
if (!(session->main_security_ctx.user= my_strdup(user, MYF(MY_WME))))
379
379
return 1; /* The error is set by my_strdup(). */
380
return check_user(thd, passwd, passwd_len, db, true);
380
return check_user(session, passwd, passwd_len, db, true);
394
394
In this case we will close the connection and increment status
397
bool setup_connection_thread_globals(THD *thd)
397
bool setup_connection_thread_globals(Session *session)
399
if (thd->store_globals())
399
if (session->store_globals())
401
close_connection(thd, ER_OUT_OF_RESOURCES, 1);
401
close_connection(session, ER_OUT_OF_RESOURCES, 1);
402
402
statistic_increment(aborted_connects,&LOCK_status);
403
thread_scheduler.end_thread(thd, 0);
403
thread_scheduler.end_thread(session, 0);
404
404
return 1; // Error
426
bool login_connection(THD *thd)
426
bool login_connection(Session *session)
428
NET *net= &session->net;
431
431
/* Use "connect_timeout" value during connection phase */
432
432
my_net_set_read_timeout(net, connect_timeout);
433
433
my_net_set_write_timeout(net, connect_timeout);
437
error= check_connection(thd);
438
net_end_statement(thd);
437
error= check_connection(session);
438
net_end_statement(session);
441
441
{ // Wrong permissions
445
445
/* Connect completed, set read/write timeouts back to default */
446
my_net_set_read_timeout(net, thd->variables.net_read_timeout);
447
my_net_set_write_timeout(net, thd->variables.net_write_timeout);
446
my_net_set_read_timeout(net, session->variables.net_read_timeout);
447
my_net_set_write_timeout(net, session->variables.net_write_timeout);
456
456
This mainly updates status variables
459
void end_connection(THD *thd)
459
void end_connection(Session *session)
462
plugin_thdvar_cleanup(thd);
461
NET *net= &session->net;
462
plugin_sessionvar_cleanup(session);
464
if (thd->killed || (net->error && net->vio != 0))
464
if (session->killed || (net->error && net->vio != 0))
466
466
statistic_increment(aborted_threads,&LOCK_status);
469
469
if (net->error && net->vio != 0)
471
if (!thd->killed && thd->variables.log_warnings > 1)
471
if (!session->killed && session->variables.log_warnings > 1)
473
Security_context *sctx= thd->security_ctx;
473
Security_context *sctx= session->security_ctx;
475
475
sql_print_warning(ER(ER_NEW_ABORTING_CONNECTION),
476
thd->thread_id,(thd->db ? thd->db : "unconnected"),
476
session->thread_id,(session->db ? session->db : "unconnected"),
477
477
sctx->user ? sctx->user : "unauthenticated",
479
(thd->main_da.is_error() ? thd->main_da.message() :
479
(session->main_da.is_error() ? session->main_da.message() :
480
480
ER(ER_UNKNOWN_ERROR)));
487
Initialize THD to handle queries
487
Initialize Session to handle queries
490
void prepare_new_connection_state(THD* thd)
490
void prepare_new_connection_state(Session* session)
492
Security_context *sctx= thd->security_ctx;
492
Security_context *sctx= session->security_ctx;
494
if (thd->variables.max_join_size == HA_POS_ERROR)
495
thd->options |= OPTION_BIG_SELECTS;
496
if (thd->client_capabilities & CLIENT_COMPRESS)
497
thd->net.compress=1; // Use compression
494
if (session->variables.max_join_size == HA_POS_ERROR)
495
session->options |= OPTION_BIG_SELECTS;
496
if (session->client_capabilities & CLIENT_COMPRESS)
497
session->net.compress=1; // Use compression
500
Much of this is duplicated in create_embedded_thd() for the
500
Much of this is duplicated in create_embedded_session() for the
501
501
embedded server library.
502
502
TODO: refactor this to avoid code duplication there
504
thd->version= refresh_version;
505
thd->set_proc_info(0);
506
thd->command= COM_SLEEP;
508
thd->init_for_queries();
504
session->version= refresh_version;
505
session->set_proc_info(0);
506
session->command= COM_SLEEP;
508
session->init_for_queries();
510
510
/* In the past this would only run of the user did not have SUPER_ACL */
511
511
if (sys_init_connect.value_length)
513
execute_init_command(thd, &sys_init_connect, &LOCK_sys_init_connect);
513
execute_init_command(session, &sys_init_connect, &LOCK_sys_init_connect);
514
if (session->is_error())
516
thd->killed= THD::KILL_CONNECTION;
516
session->killed= Session::KILL_CONNECTION;
517
517
sql_print_warning(ER(ER_NEW_ABORTING_CONNECTION),
518
thd->thread_id,(thd->db ? thd->db : "unconnected"),
518
session->thread_id,(session->db ? session->db : "unconnected"),
519
519
sctx->user ? sctx->user : "unauthenticated",
520
520
sctx->ip, "init_connect command failed");
521
sql_print_warning("%s", thd->main_da.message());
521
sql_print_warning("%s", session->main_da.message());
523
thd->set_proc_info(0);
525
thd->init_for_queries();
523
session->set_proc_info(0);
525
session->init_for_queries();
534
534
handle_one_connection()
535
arg Connection object (THD)
535
arg Connection object (Session)
538
538
This function (normally) does the following:
539
539
- Initialize thread
540
- Initialize THD to be used with this thread
540
- Initialize Session to be used with this thread
541
541
- Authenticate user
542
542
- Execute all queries sent on the connection
543
543
- Take connection down
547
547
pthread_handler_t handle_one_connection(void *arg)
549
THD *thd= (THD*) arg;
550
uint32_t launch_time= (uint32_t) ((thd->thr_create_utime= my_micro_time()) -
549
Session *session= (Session*) arg;
550
uint32_t launch_time= (uint32_t) ((session->thr_create_utime= my_micro_time()) -
551
session->connect_utime);
553
553
if (thread_scheduler.init_new_connection_thread())
555
close_connection(thd, ER_OUT_OF_RESOURCES, 1);
555
close_connection(session, ER_OUT_OF_RESOURCES, 1);
556
556
statistic_increment(aborted_connects,&LOCK_status);
557
thread_scheduler.end_thread(thd,0);
557
thread_scheduler.end_thread(session,0);
560
560
if (launch_time >= slow_launch_time*1000000L)
564
564
handle_one_connection() is normally the only way a thread would
565
565
start and would always be on the very high end of the stack ,
566
566
therefore, the thread stack always starts at the address of the
567
first local variable of handle_one_connection, which is thd. We
567
first local variable of handle_one_connection, which is session. We
568
568
need to know the start of the stack so that we could check for
571
thd->thread_stack= (char*) &thd;
572
if (setup_connection_thread_globals(thd))
571
session->thread_stack= (char*) &session;
572
if (setup_connection_thread_globals(session))
577
NET *net= &session->net;
579
if (login_connection(thd))
579
if (login_connection(session))
582
prepare_new_connection_state(thd);
582
prepare_new_connection_state(session);
584
584
while (!net->error && net->vio != 0 &&
585
!(thd->killed == THD::KILL_CONNECTION))
585
!(session->killed == Session::KILL_CONNECTION))
587
if (do_command(session))
590
end_connection(session);
593
close_connection(thd, 0, 1);
594
if (thread_scheduler.end_thread(thd,1))
593
close_connection(session, 0, 1);
594
if (thread_scheduler.end_thread(session,1))
595
595
return 0; // Probably no-threads
added
removed
drizzled/sql_connect.cc
