This commit is based on the work of Michal Schorm, rebased on the
earliest MariaDB version.
Th command line used to generate this diff was:
find ./ -type f \
-exec sed -i -e 's/Foundation, Inc., 59 Temple Place, Suite 330, Boston, /Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, /g' {} \; \
-exec sed -i -e 's/Foundation, Inc. 59 Temple Place.* Suite 330, Boston, /Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, /g' {} \; \
-exec sed -i -e 's/MA.*.....-1307.*USA/MA 02110-1335 USA/g' {} \; \
-exec sed -i -e 's/Foundation, Inc., 59 Temple/Foundation, Inc., 51 Franklin/g' {} \; \
-exec sed -i -e 's/Place, Suite 330, Boston, MA.*02111-1307.*USA/Street, Fifth Floor, Boston, MA 02110-1335 USA/g' {} \; \
-exec sed -i -e 's/MA.*.....-1307/MA 02110-1335/g' {} \;
special cases:
* change systemd detection to use CHECK_LIBRARY_EXISTS at least once,
to have it detected by build_depends.cmake
* similarly, use find_library for pam
* unixODBC is weird, libodbc.so is in the unixODBC package, not
in the unixODBC-devel, where normally all .so files belong.
Packaging bug? As a workaround, use find_file(sql.h) instead of
find_path(sql.h) to make sure that /usr/include/sql.h (not /usr/include)
is cached by cmake, and later build_depends.cmake will select
unixODBC-devel, as a package owning /usr/include/sql.h file.
Revert the side effect of 7c40996cc8.
Do not convert password hash to its binary representation when a user
entry is loaded. Do it lazily on the first authenticatation attempt.
As a collateral - force all authentication plugins to follow the
protocol and read_packet at least once before accessing info->username
(username is not available before first client handshake packet is read).
Fix PAM and GSSAPI plugins to behave.
Support SET PASSWORD for authentication plugins.
Authentication plugin API is extended with two optional methods:
* hash_password() is used to compute a password hash (or digest)
from the plain-text password. This digest will be stored in mysql.user
table
* preprocess_hash() is used to convert this digest into some memory
representation that can be later used to authenticate a user.
Build-in plugins convert the hash from hexadecimal or base64 to binary,
to avoid doing it on every authentication attempt.
Note a change in behavior: when loading privileges (on startup or on
FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a
warning (e.g. "Plugin 'foo' is not loaded"). But such an account could
not be used for authentication until the plugin is installed. Now an
account like that will not be loaded at all (with a warning, still).
Indeed, without plugin's preprocess_hash() method the server cannot know
how to load an account. Thus, if a new authentication plugin is
installed run-time, one might need FLUSH PRIVILEGES to activate all
existing accounts that were using this new plugin.
New version of PAM plugin (v2.0) added along with the old v1.0.
There the pam module is isolated in the auth_pam_tool application so
cannot crash the server.
allow more characters in a valid user/group name:
* POSIX allows dashes '-' and dots '.'
* also the name may end with a dollar sign '$'
for our purposes it's enough to allow [-.$] anywhere in the name
Remove ONLY_IF clause in MYSQL_ADD_PLUGIN and the requirement
that every plugin's CMakeLists.txt *must* do MYSQL_ADD_PLUGIN
for PLUGIN_XXX=YES to work. This was very fragile and cannot be
relied on.
Use a different implementation of =YES check - iterate all
PLUGIN_* variables and see which one doesn't have a matching target.
Revert all ONLY_IF changes in CMakeLists.txt files.
* Introduce a set of PLUGIN_xxx cmake options with values
NO, STATIC, DYNAMIC, AUTO, YES (abort if plugin is not compiled)
* Deprecate redundant and ambiguous WITH_xxx, WITH_PLUGIN_xxx,
WITH_xxx_STORAGE_ENGINE, WITHOUT_xxx, WITHOUT_PLUGIN_xxx,
WITHOUT_xxx_STORAGE_ENGINE
* Actually check whether a plugin is disabled (DISABLED keyword was
always present, but it was ignored until now).
* Support conditionally disabled plugins - keyword ONLY_IF
* Use ONLY_IF for conditionally skipping plugins, instead of
doing MYSQL_ADD_PLUGIN conditionally as before. Because if
MYSQL_ADD_PLUGIN isn't done at all, PLUGIN_xxx=YES cannot work.
Fixed error in test that caused following tests to fail
extra/yassl/taocrypt/src/dsa.cpp:
Fixed compiler warning by adding cast
mysql-test/suite/rpl/t/rpl_start_slave_deadlock_sys_vars.test:
We have to first test for have_debug_sync to not start master wrongly
plugin/auth_pam/auth_pam.c:
Fixed compiler warning
sql/sys_vars.h:
Fixed compiler warning (Sys_var_max_user_conn is now signed)
support-files/compiler_warnings.supp:
Don't give warnings for auth_pam.c (Tried to fix it by changing the code, but could not find an easy way to do that on solaris)
Fixed compiler warnings found by buildbot
Makefile.am:
Removed extra empty line
cmd-line-utils/libedit/sys.h:
Fixed that strndup() doesn't give compiler warnings
mysql-test/Makefile.am:
Fixes for 'make distcheck'
plugin/auth_pam/auth_pam.c:
Ensure that prototype for strndup() is included on linux
sql/share/Makefile.am:
Fixes for 'make distcheck'
storage/innodb_plugin/btr/btr0sea.c:
Fixed compiler warning
support-files/Makefile.am:
Fixes for 'make distcheck'
configure.in:
Added testing of STRNDUP (not found on solaris)
mysql-test/include/wait_until_connected_again.inc:
Also test for error 2005 (can happen on windows)
mysql-test/include/wait_until_disconnected.inc:
Also test for error 2005 (can happen on windows)
mysql-test/suite/innodb_plugin/r/innodb_bug30423.result:
Number of rows is not stable (found difference on Solaris)
mysql-test/suite/innodb_plugin/t/innodb_bug30423.test:
Number of rows is not stable (found difference on Solaris)
plugin/auth_pam/auth_pam.c:
Use internal strndup if it doesn't exist on system (solaris)
Changed code so that it should also compile on solaris.
