Commit 961f98f1 authored by Sinisa@sinisa.nasamreza.org's avatar Sinisa@sinisa.nasamreza.org

resolve changes

parents b9e1e904 d65671f7
......@@ -36191,15 +36191,6 @@ SET [GLOBAL | SESSION] TRANSACTION ISOLATION LEVEL
Sets the transaction isolation level for the global, whole session or
the next transaction.
The default behavior is to set the isolation level for the next (not
started) transaction. If you use the @code{GLOBAL} keyword, the statement
sets the default transaction level globally for all new connections
created from that point on. You will need the @strong{process}
privilege to do do this. Using the @code{SESSION} keyword sets the
default transaction level for all future transactions performed on the
current connection.
You can set the default global isolation level for @code{mysqld} with
@code{--transaction-isolation=...}. @xref{Command-line options}.
@node Fulltext Search, Query Cache, Transactional Commands, Reference
......@@ -49215,6 +49206,77 @@ Our TODO section contains what we plan to have in 4.0. @xref{TODO MySQL 4.0}.
@itemize @bullet
@item
Fixed bug in DROP DATABASE with symlink
@item
Fixed bug in EXPLAIN with LIMIT offset != 0
@item
New feature :
Management of user resources
So far, the only available method of limiting user usage of MySQL
server resources has been setting max_user_connections startup
variable to some non-zero value at MySQL startup. But this method is
strictly a global one and does not allow management of individual
users, which could be of paricular interest to Interent Service
Providers.
Therefore, management of three resources is introduced on the
individual user level :
* number of all queries per hour
* number of all updates per hour
* number of connections made per hour
Small clarification : By the updates in the above sense is considered
any command that changes any table or database. Queries in the above
context comprehend all commands that could be run by user. User in the
above context comprehends a single entry in user table, which is
uniquely identified by user and host columns.
All users are by default not limited in using the above resources,
unless the limits are GRANTed to them. These limits can be granted
ONLY by global GRANT (*.*) and with a following syntax :
GRANT ... WITH MAX_QUERIES_PER_HOUR = N1 MAX_UPDATES_PER_HOUR = N2
MAX_CONNECTIONS_PER_HOUR = N3;
It is not required that all three resources are specified. One or two
can be specified also. N1,N2 and N3 are intergers and should limit
number of times user can execute any command, update command or can
login that many times per hour.
If user reaches any of the above limits withing one hour, his
connection will be broken or refused and the appropriate error message
shall be issued.
Current values of particular user resources can be flushed (set to
zero) by issuing a grant statement with any of the above limiting
clauses, including a GRANT statement with current value(s) of tha
resource(s).
Also, current values for all users will be flushed if privileges are
reloaded or if a new flush command is issued :
flush user_resources.
Also, current values for all users will be flushed with mysqladmin
reload command.
This new feature is enabled as soon as single user is GRANTed with
some of the limiting GRANT clauses.
As a prerequisite for enabling this features, user table in mysql
database must have the additional columns, just as defined in table
creation scripts mysql_install_db and mysql_install_db.sh in scripts/
directory.
@item
New configure option --without-query-cache.
@item
Memory allocation strategy for 'root memory' changed. Block size now grows
=======
Fixed bug in phrase operator @code{"..."} in boolean full-text search.
@item
Fixed bug that caused duplicated rows when using truncation operator
......@@ -81,6 +81,7 @@ enum enum_server_command {COM_SLEEP,COM_QUIT,COM_INIT_DB,COM_QUERY,
#define REFRESH_QUERY_CACHE 65536
#define REFRESH_QUERY_CACHE_FREE 0x20000L /* pack query cache */
#define REFRESH_DES_KEY_FILE 0x40000L
#define REFRESH_USER_RESOURCES 0x80000L
#define CLIENT_LONG_PASSWORD 1 /* new more secure passwords */
#define CLIENT_FOUND_ROWS 2 /* Found instead of affected rows */
......
......@@ -229,6 +229,8 @@ static SYMBOL symbols[] = {
{ "MASTER_USER", SYM(MASTER_USER_SYM),0,0},
{ "MAX_ROWS", SYM(MAX_ROWS),0,0},
{ "MAX_QUERIES_PER_HOUR", SYM(MAX_QUERIES_PER_HOUR), 0,0},
{ "MAX_UPDATES_PER_HOUR", SYM(MAX_UPDATES_PER_HOUR), 0,0},
{ "MAX_CONNECTIONS_PER_HOUR", SYM(MAX_CONNECTIONS_PER_HOUR), 0,0},
{ "MATCH", SYM(MATCH),0,0},
{ "MEDIUMBLOB", SYM(MEDIUMBLOB),0,0},
{ "MEDIUMTEXT", SYM(MEDIUMTEXT),0,0},
......@@ -290,6 +292,7 @@ static SYMBOL symbols[] = {
{ "REPEATABLE", SYM(REPEATABLE_SYM),0,0},
{ "REQUIRE", SYM(REQUIRE_SYM),0,0},
{ "RESET", SYM(RESET_SYM),0,0},
{ "USER_RESOURCES", SYM(RESOURCES),0,0},
{ "RESTORE", SYM(RESTORE_SYM),0,0},
{ "RESTRICT", SYM(RESTRICT),0,0},
{ "RETURNS", SYM(UDF_RETURNS_SYM),0,0},
......
......@@ -58,7 +58,8 @@ class ACL_USER :public ACL_ACCESS
{
public:
acl_host_and_ip host;
uint hostname_length, questions, updates;
uint hostname_length;
USER_RESOURCES user_resource;
char *user,*password;
ulong salt[2];
#ifdef HAVE_OPENSSL
......@@ -110,6 +111,32 @@ static void update_hostname(acl_host_and_ip *host, const char *hostname);
static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
const char *ip);
extern char uc_update_queries[SQLCOM_END];
static void init_update_queries(void)
{
uc_update_queries[SQLCOM_CREATE_TABLE]=1;
uc_update_queries[SQLCOM_CREATE_INDEX]=1;
uc_update_queries[SQLCOM_ALTER_TABLE]=1;
uc_update_queries[SQLCOM_UPDATE]=1;
uc_update_queries[SQLCOM_INSERT]=1;
uc_update_queries[SQLCOM_INSERT_SELECT]=1;
uc_update_queries[SQLCOM_DELETE]=1;
uc_update_queries[SQLCOM_TRUNCATE]=1;
uc_update_queries[SQLCOM_DROP_TABLE]=1;
uc_update_queries[SQLCOM_LOAD]=1;
uc_update_queries[SQLCOM_CREATE_DB]=1;
uc_update_queries[SQLCOM_DROP_DB]=1;
uc_update_queries[SQLCOM_REPLACE]=1;
uc_update_queries[SQLCOM_REPLACE_SELECT]=1;
uc_update_queries[SQLCOM_RENAME_TABLE]=1;
uc_update_queries[SQLCOM_BACKUP_TABLE]=1;
uc_update_queries[SQLCOM_RESTORE_TABLE]=1;
uc_update_queries[SQLCOM_DELETE_MULTI]=1;
uc_update_queries[SQLCOM_DROP_INDEX]=1;
uc_update_queries[SQLCOM_MULTI_UPDATE]=1;
}
int acl_init(bool dont_read_acl_tables)
{
THD *thd;
......@@ -247,14 +274,16 @@ int acl_init(bool dont_read_acl_tables)
{
/* Table has new MySQL usage limits */
char *ptr = get_field(&mem, table, 21);
user.questions=atoi(ptr);
user.user_resource.questions=atoi(ptr);
ptr = get_field(&mem, table, 22);
user.updates=atoi(ptr);
if (user.questions)
user.user_resource.updates=atoi(ptr);
ptr = get_field(&mem, table, 23);
user.user_resource.connections=atoi(ptr);
if (user.user_resource.questions || user.user_resource.updates || user.user_resource.connections)
mqh_used=1;
}
else
user.questions=user.updates=0;
bzero(&(user.user_resource),sizeof(user.user_resource));
#ifndef TO_BE_REMOVED
if (table->fields <= 13)
{ // Without grant
......@@ -299,6 +328,7 @@ int acl_init(bool dont_read_acl_tables)
init_check_host();
mysql_unlock_tables(thd, lock);
init_update_queries();
thd->version--; // Force close to free memory
close_thread_tables(thd);
delete thd;
......@@ -442,13 +472,13 @@ static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b)
uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
const char *password,const char *message,char **priv_user,
bool old_ver, uint *max_questions)
bool old_ver, USER_RESOURCES *mqh)
{
uint user_access=NO_ACCESS;
*priv_user=(char*) user;
char *ptr=0;
*max_questions=0;
bzero(mqh,sizeof(USER_RESOURCES));
if (!initialized)
return (uint) ~NO_ACCESS; // If no data allow anything /* purecov: tested */
VOID(pthread_mutex_lock(&acl_cache->lock));
......@@ -556,7 +586,7 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
#else /* HAVE_OPENSSL */
user_access=acl_user->access;
#endif /* HAVE_OPENSSL */
*max_questions=acl_user->questions;
*mqh=acl_user->user_resource;
if (!acl_user->user)
*priv_user=(char*) ""; // Change to anonymous user /* purecov: inspected */
break;
......@@ -590,7 +620,7 @@ static void acl_update_user(const char *user, const char *host,
const char *ssl_cipher,
const char *x509_issuer,
const char *x509_subject,
unsigned int mqh,
USER_RESOURCES *mqh,
uint privileges)
{
for (uint i=0 ; i < acl_users.elements ; i++)
......@@ -604,7 +634,7 @@ static void acl_update_user(const char *user, const char *host,
acl_user->host.hostname && !strcmp(host,acl_user->host.hostname))
{
acl_user->access=privileges;
acl_user->questions=mqh;
acl_user->user_resource=*mqh;
#ifdef HAVE_OPENSSL
acl_user->ssl_type=ssl_type;
acl_user->ssl_cipher=ssl_cipher;
......@@ -634,7 +664,7 @@ static void acl_insert_user(const char *user, const char *host,
const char *ssl_cipher,
const char *x509_issuer,
const char *x509_subject,
unsigned int mqh,
USER_RESOURCES *mqh,
uint privileges)
{
ACL_USER acl_user;
......@@ -642,7 +672,7 @@ static void acl_insert_user(const char *user, const char *host,
update_hostname(&acl_user.host,strdup_root(&mem,host));
acl_user.password=0;
acl_user.access=privileges;
acl_user.questions=mqh;
acl_user.user_resource = *mqh;
acl_user.sort=get_sort(2,acl_user.host.hostname,acl_user.user);
acl_user.hostname_length=(uint) strlen(acl_user.host.hostname);
#ifdef HAVE_OPENSSL
......@@ -1151,7 +1181,14 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
DBUG_ENTER("replace_user_table");
if (combo.password.str && combo.password.str[0])
{
if (combo.password.length <= HASH_PASSWORD_LENGTH)
{
send_error(&thd->net, ER_PASSWORD_NO_MATCH);
DBUG_RETURN(1);
}
password=combo.password.str;
}
else
{
password=empty_string;
......@@ -1233,10 +1270,16 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
}
}
#endif /* HAVE_OPENSSL */
if (table->fields >= 23 && thd->lex.mqh)
if (table->fields >= 23)
{
table->field[21]->store((longlong) thd->lex.mqh);
mqh_used=1;
USER_RESOURCES mqh = thd->lex.mqh;
if (mqh.questions)
table->field[21]->store((longlong) mqh.questions);
if (mqh.updates)
table->field[22]->store((longlong) mqh.updates);
if (mqh.connections)
table->field[23]->store((longlong) mqh.connections);
mqh_used = mqh_used || mqh.questions || mqh.updates || mqh.connections;
}
if (old_row_exists)
{
......@@ -1276,7 +1319,7 @@ end:
thd->lex.ssl_cipher,
thd->lex.x509_issuer,
thd->lex.x509_subject,
thd->lex.mqh,
&thd->lex.mqh,
rights);
else
acl_insert_user(combo.user.str,combo.host.str,password,
......@@ -1284,7 +1327,7 @@ end:
thd->lex.ssl_cipher,
thd->lex.x509_issuer,
thd->lex.x509_subject,
thd->lex.mqh,
&thd->lex.mqh,
rights);
}
table->file->index_end();
......@@ -2691,11 +2734,25 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
#endif /* HAVE_OPENSSL */
if (want_access & GRANT_ACL)
global.append(" WITH GRANT OPTION",18);
else if (acl_user->questions)
if (acl_user->user_resource.questions)
{
char buff[65], *p; // just as in int2str
global.append(" WITH MAX_QUERIES_PER_HOUR = ",29);
p=int2str(acl_user->questions,buff,10);
p=int2str(acl_user->user_resource.questions,buff,10);
global.append(buff,p-buff);
}
if (acl_user->user_resource.updates)
{
char buff[65], *p; // just as in int2str
global.append(" WITH MAX_UPDATES_PER_HOUR = ",29);
p=int2str(acl_user->user_resource.updates,buff,10);
global.append(buff,p-buff);
}
if (acl_user->user_resource.connections)
{
char buff[65], *p; // just as in int2str
global.append(" WITH MAX_CONNECTIONS_PER_HOUR = ",33);
p=int2str(acl_user->user_resource.connections,buff,10);
global.append(buff,p-buff);
}
thd->packet.length(0);
......@@ -2860,16 +2917,17 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
}
uint get_mqh(const char *user, const char *host)
void get_mqh(const char *user, const char *host, USER_CONN *uc)
{
if (!initialized) return 0;
ACL_USER *acl_user;
acl_user= find_acl_user(host,user);
return (acl_user) ? acl_user->questions : 0;
if (initialized && (acl_user= find_acl_user(host,user)))
uc->user_resources= acl_user->user_resource;
else
bzero((char*) &uc->user_resources, sizeof(uc->user_resources));
}
/*****************************************************************************
** Instantiate used templates
*****************************************************************************/
......
......@@ -61,7 +61,7 @@ uint acl_get(const char *host, const char *ip, const char *bin_ip,
const char *user, const char *db);
uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
const char *password,const char *scramble,char **priv_user,
bool old_ver, uint *max);
bool old_ver, USER_RESOURCES *max);
bool acl_check_host(const char *host, const char *ip);
bool change_password(THD *thd, const char *host, const char *user,
char *password);
......@@ -82,4 +82,4 @@ bool check_grant_db(THD *thd,const char *db);
uint get_table_grant(THD *thd, TABLE_LIST *table);
uint get_column_grant(THD *thd, TABLE_LIST *table, Field *field);
int mysql_show_grants(THD *thd, LEX_USER *user);
uint get_mqh(const char *user, const char *host);
void get_mqh(const char *user, const char *host, USER_CONN *uc);
......@@ -147,7 +147,7 @@ THD::THD():user_time(0),fatal_error(0),last_insert_id_used(0),
/* Initialize sub structures */
bzero((char*) &mem_root,sizeof(mem_root));
bzero((char*) &transaction.mem_root,sizeof(transaction.mem_root));
user_connect=(UC *)0;
user_connect=(USER_CONN *)0;
hash_init(&user_vars, USER_VARS_HASH_SIZE, 0, 0,
(hash_get_key) get_var_key,
(void (*)(void*)) free_var,0);
......
......@@ -382,7 +382,7 @@ public:
ha_rows select_limit,offset_limit,default_select_limit,cuted_fields,
max_join_size, sent_row_count, examined_row_count;
table_map used_tables;
UC *user_connect;
USER_CONN *user_connect;
ulong query_id,version, inactive_timeout,options,thread_id;
long dbug_thread_id;
pthread_t real_id;
......
......@@ -283,13 +283,20 @@ static long mysql_rm_known_files(THD *thd, MY_DIR *dirp, const char *db,
*/
if (!found_other_files)
{
char tmp_path[FN_REFLEN];
char tmp_path[FN_REFLEN], *pos;
char *path=unpack_filename(tmp_path,org_path);
#ifdef HAVE_READLINK
int linkcount = readlink(path,filePath,sizeof(filePath)-1);
if (linkcount > 0) // If the path was a symbolic link
int error;
/* Remove end FN_LIBCHAR as this causes problem on Linux in readlink */
pos=strend(path);
if (pos > path && pos[-1] == FN_LIBCHAR)
*--pos=0;
if ((error=my_readlink(filePath, path, MYF(MY_WME))) < 0)
DBUG_RETURN(-1);
if (!error)
{
*(filePath + linkcount) = '\0';
if (my_delete(path,MYF(!level ? MY_WME : 0)))
{
/* Don't give errors if we can't delete 'RAID' directory */
......@@ -297,11 +304,12 @@ static long mysql_rm_known_files(THD *thd, MY_DIR *dirp, const char *db,
DBUG_RETURN(deleted);
DBUG_RETURN(-1);
}
path=filePath;
/* Delete directory symbolic link pointed at */
path= filePath;
}
#endif
/* Remove last FN_LIBCHAR to not cause a problem on OS/2 */
char *pos=strend(path);
pos=strend(path);
if (pos > path && pos[-1] == FN_LIBCHAR)
*--pos=0;
/* Don't give errors if we can't delete 'RAID' directory */
......
......@@ -176,6 +176,7 @@ typedef struct st_lex {
HA_CHECK_OPT check_opt; // check/repair options
HA_CREATE_INFO create_info;
LEX_MASTER_INFO mi; // used by CHANGE MASTER
USER_RESOURCES mqh;
ulong thread_id,type;
enum_sql_command sql_command;
enum lex_states next_state;
......@@ -184,7 +185,7 @@ typedef struct st_lex {
enum enum_ha_read_modes ha_read_mode;
enum ha_rkey_function ha_rkey_mode;
enum enum_enable_or_disable alter_keys_onoff;
uint grant,grant_tot_col,which_columns, union_option, mqh;
uint grant,grant_tot_col,which_columns, union_option;
thr_lock_type lock_option;
bool drop_primary,drop_if_exists,local_file;
bool in_comment,ignore_space,verbose,simple_alter, option_type;
......
This diff is collapsed.
......@@ -501,8 +501,8 @@ mysql_select(THD *thd,TABLE_LIST *tables,List<Item> &fields,COND *conds,
select_distinct=0;
}
else if (select_distinct && join.tables - join.const_tables == 1 &&
(thd->select_limit == HA_POS_ERROR ||
(join.select_options & OPTION_FOUND_ROWS) ||
((thd->select_limit == HA_POS_ERROR ||
(join.select_options & OPTION_FOUND_ROWS)) &&
order &&
!(skip_sort_order=
test_if_skip_sort_order(&join.join_tab[join.const_tables],
......@@ -2363,7 +2363,7 @@ make_simple_join(JOIN *join,TABLE *tmp_table)
join->send_records=(ha_rows) 0;
join->group=0;
join->do_send_rows = 1;
join->row_limit=HA_POS_ERROR;
join->row_limit=join->thd->select_limit;
join_tab->cache.buff=0; /* No cacheing */
join_tab->table=tmp_table;
......@@ -4899,7 +4899,7 @@ end_send(JOIN *join, JOIN_TAB *join_tab __attribute__((unused)),
JOIN_TAB *jt=join->join_tab;
if ((join->tables == 1) && !join->tmp_table && !join->sort_and_group
&& !join->send_group_parts && !join->having && !jt->select_cond &&
!(jt->table->file->table_flags() & HA_NOT_EXACT_COUNT))
!(jt->table->file->table_flags() & HA_NOT_EXACT_COUNT) && (jt->records < INT_MAX32))
{
/* Join over all rows in table; Return number of found rows */
join->select_options ^= OPTION_FOUND_ROWS;
......@@ -6990,6 +6990,7 @@ static void select_describe(JOIN *join, bool need_tmp_table, bool need_order,
/* Don't log this into the slow query log */
select_lex->options&= ~(QUERY_NO_INDEX_USED | QUERY_NO_GOOD_INDEX_USED);
thd->offset_limit=0;
if (thd->lex.select == select_lex)
{
field_list.push_back(new Item_empty_string("table",NAME_LEN));
......
......@@ -245,7 +245,9 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token RELAY_LOG_POS_SYM
%token MATCH
%token MAX_ROWS
%token MAX_CONNECTIONS_PER_HOUR
%token MAX_QUERIES_PER_HOUR
%token MAX_UPDATES_PER_HOUR
%token MEDIUM_SYM
%token MERGE_SYM
%token MIN_ROWS
......@@ -289,6 +291,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token RENAME
%token REPEATABLE_SYM
%token REQUIRE_SYM
%token RESOURCES
%token RESTORE_SYM
%token RESTRICT
%token REVOKE
......@@ -3046,7 +3049,9 @@ keyword:
| MASTER_USER_SYM {}
| MASTER_PASSWORD_SYM {}
| MASTER_CONNECT_RETRY_SYM {}
| MAX_CONNECTIONS_PER_HOUR {}
| MAX_QUERIES_PER_HOUR {}
| MAX_UPDATES_PER_HOUR {}
| MEDIUM_SYM {}
| MERGE_SYM {}
| MINUTE_SYM {}
......@@ -3080,6 +3085,7 @@ keyword:
| REPAIR {}
| REPEATABLE_SYM {}
| RESET_SYM {}
| RESOURCES {}
| RESTORE_SYM {}
| ROLLBACK_SYM {}
| ROWS_SYM {}
......@@ -3449,7 +3455,7 @@ grant:
lex->select->db=0;
lex->ssl_type=SSL_TYPE_NONE;
lex->ssl_cipher=lex->x509_subject=lex->x509_issuer=0;
lex->mqh=0;
bzero(&(lex->mqh),sizeof(lex->mqh));
}
grant_privileges ON opt_table TO_SYM user_list
require_clause grant_options;
......@@ -3649,10 +3655,18 @@ grant_option_list:
grant_option:
GRANT OPTION { Lex->grant |= GRANT_ACL;}
| MAX_QUERIES_PER_HOUR EQ NUM
| MAX_QUERIES_PER_HOUR EQ ULONG_NUM
{
Lex->mqh=atoi($3.str);
};
Lex->mqh.questions=$3;
}
| MAX_UPDATES_PER_HOUR EQ ULONG_NUM
{
Lex->mqh.updates=$3;
}
| MAX_CONNECTIONS_PER_HOUR EQ ULONG_NUM
{
Lex->mqh.connections=$3;
}
begin:
BEGIN_SYM { Lex->sql_command = SQLCOM_BEGIN;} opt_work;
......
......@@ -162,13 +162,16 @@ typedef struct st_lex_user {
} LEX_USER;
typedef struct user_resources {
uint questions, updates, connections;
} USER_RESOURCES;
typedef struct user_conn {
char *user;
uint len, connections, questions, max_questions;
char *user, *host;
uint len, connections, conn_per_hour, updates, questions, user_len;
USER_RESOURCES user_resources;
time_t intime;
} UC;
} USER_CONN;
/* Bits in form->update */
#define REG_MAKE_DUPP 1 /* Make a copy of record when read */
#define REG_NEW_RECORD 2 /* Write a new record if not found */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment