Commit 08f32802 authored by Sergei Golubchik's avatar Sergei Golubchik

5.6-compatibility, per-host connect error counter is reset only after the

successful connection, not when a client reply packet is received
(that still might be invalid).

(test case was merged with perfschema 5.6.17)
parent a83a4136
...@@ -10841,7 +10841,6 @@ struct MPVIO_EXT :public MYSQL_PLUGIN_VIO ...@@ -10841,7 +10841,6 @@ struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
uint pkt_len; uint pkt_len;
} cached_server_packet; } cached_server_packet;
int packets_read, packets_written; ///< counters for send/received packets int packets_read, packets_written; ///< counters for send/received packets
uint connect_errors; ///< if there were connect errors for this host
bool make_it_fail; bool make_it_fail;
/** when plugin returns a failure this tells us what really happened */ /** when plugin returns a failure this tells us what really happened */
enum { SUCCESS, FAILURE, RESTART } status; enum { SUCCESS, FAILURE, RESTART } status;
...@@ -11392,9 +11391,6 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio, ...@@ -11392,9 +11391,6 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
*/ */
DBUG_ASSERT(net->read_pos[pkt_len] == 0); DBUG_ASSERT(net->read_pos[pkt_len] == 0);
if (mpvio->connect_errors)
reset_host_connect_errors(thd->main_security_ctx.ip);
ulong client_capabilities= uint2korr(net->read_pos); ulong client_capabilities= uint2korr(net->read_pos);
if (client_capabilities & CLIENT_PROTOCOL_41) if (client_capabilities & CLIENT_PROTOCOL_41)
{ {
...@@ -11972,8 +11968,6 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name, ...@@ -11972,8 +11968,6 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name,
Perform the handshake, authorize the client and update thd sctx variables. Perform the handshake, authorize the client and update thd sctx variables.
@param thd thread handle @param thd thread handle
@param connect_errors number of previous failed connect attemps
from this host
@param com_change_user_pkt_len size of the COM_CHANGE_USER packet @param com_change_user_pkt_len size of the COM_CHANGE_USER packet
(without the first, command, byte) or 0 (without the first, command, byte) or 0
if it's not a COM_CHANGE_USER (that is, if if it's not a COM_CHANGE_USER (that is, if
...@@ -11982,8 +11976,7 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name, ...@@ -11982,8 +11976,7 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name,
@retval 0 success, thd is updated. @retval 0 success, thd is updated.
@retval 1 error @retval 1 error
*/ */
bool acl_authenticate(THD *thd, uint connect_errors, bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
uint com_change_user_pkt_len)
{ {
int res= CR_OK; int res= CR_OK;
MPVIO_EXT mpvio; MPVIO_EXT mpvio;
...@@ -11997,7 +11990,6 @@ bool acl_authenticate(THD *thd, uint connect_errors, ...@@ -11997,7 +11990,6 @@ bool acl_authenticate(THD *thd, uint connect_errors,
mpvio.write_packet= server_mpvio_write_packet; mpvio.write_packet= server_mpvio_write_packet;
mpvio.info= server_mpvio_info; mpvio.info= server_mpvio_info;
mpvio.thd= thd; mpvio.thd= thd;
mpvio.connect_errors= connect_errors;
mpvio.status= MPVIO_EXT::FAILURE; mpvio.status= MPVIO_EXT::FAILURE;
mpvio.make_it_fail= false; mpvio.make_it_fail= false;
mpvio.auth_info.host_or_ip= thd->security_ctx->host_or_ip; mpvio.auth_info.host_or_ip= thd->security_ctx->host_or_ip;
......
...@@ -202,7 +202,7 @@ my_bool acl_reload(THD *thd); ...@@ -202,7 +202,7 @@ my_bool acl_reload(THD *thd);
void acl_free(bool end=0); void acl_free(bool end=0);
ulong acl_get(const char *host, const char *ip, ulong acl_get(const char *host, const char *ip,
const char *user, const char *db, my_bool db_is_pattern); const char *user, const char *db, my_bool db_is_pattern);
bool acl_authenticate(THD *thd, uint connect_errors, uint com_change_user_pkt_len); bool acl_authenticate(THD *thd, uint com_change_user_pkt_len);
bool acl_getroot(Security_context *sctx, char *user, char *host, bool acl_getroot(Security_context *sctx, char *user, char *host,
char *ip, char *db); char *ip, char *db);
bool acl_check_host(const char *host, const char *ip); bool acl_check_host(const char *host, const char *ip);
......
...@@ -1067,7 +1067,7 @@ static int check_connection(THD *thd) ...@@ -1067,7 +1067,7 @@ static int check_connection(THD *thd)
return 1; /* The error is set by alloc(). */ return 1; /* The error is set by alloc(). */
} }
auth_rc= acl_authenticate(thd, connect_errors, 0); auth_rc= acl_authenticate(thd, 0);
if (auth_rc == 0 && connect_errors != 0) if (auth_rc == 0 && connect_errors != 0)
{ {
/* /*
......
...@@ -1224,7 +1224,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, ...@@ -1224,7 +1224,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
auth_rc= 1; auth_rc= 1;
} }
else else
auth_rc= acl_authenticate(thd, 0, packet_length); auth_rc= acl_authenticate(thd, packet_length);
mysql_audit_notify_connection_change_user(thd); mysql_audit_notify_connection_change_user(thd);
if (auth_rc) if (auth_rc)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment