mirror of
https://github.com/MariaDB/server.git
synced 2025-01-25 00:04:33 +01:00
7800d93bc3
One can set @@global.max_user_connections to -1 to block anyone, except SUPER user, to login. If max_user_connection is 0, one can't change it without a restart (needed to get user connections counting to work correctly) mysql-test/r/system_mysql_db.result: Changed max_user_connections to handle negative numbers. mysql-test/r/user_limits-2.result: New test case that one can't change max_user_connection if it was 0 mysql-test/r/user_limits.result: Fixed wrong error messages. mysql-test/r/variables.result: Store / restore max_user_connections (needed as there is now a --master.opt file that changes it) mysql-test/t/subselect_mat_cost-master.opt: Enable slow query log (as this test found some errors in slow query logging) mysql-test/t/user_limits-2.test: New test case that one can't change max_user_connection if it was 0 mysql-test/t/user_limits-master.opt: Set max_user_connections (as one can't change it if it was 0) mysql-test/t/user_limits.test: Test max_user_connections -1 mysql-test/t/variables-master.opt: Set max_user_connections (as one can't change it if it was 0) mysql-test/t/variables.test: Set/restore max_user_connections scripts/Makefile.am: Add a text message to mysql_fix_privilege_tables.sql that it's automaticly generated scripts/mysql_system_tables.sql: Change max_user_connections to signed scripts/mysql_system_tables_fix.sql: Change max_user_connections to signed sql/item_func.cc: Change SHOW_INT to be signed. (Needed for max_user_connections and it's probably a bug that it was not originally signed) sql/log.cc: Remove some code that was not needed (All these variables are reset at start of query) sql/mysql_priv.h: Made max_user_connections signed. Added max_user_connections_checking sql/mysqld.cc: Added max_user_connections_checking so that we know if max_user_connections was 0 at startup (Which means that we will not do connection counting for accounts that don't have user resource limits) Set thd->start_utime at same time as thr_create_utime. (Before start_utime could be < thr_create_utime which lead to wrong query counting) sql/set_var.cc: Don't allow one to change 'max_user_connections' if it was 0 at startup. sql/sql_acl.cc: Change user_connection counting to be negative. sql/sql_connect.cc: If max_user_connections is < 0 then only SUPER user can login. Fixed wrong variable names for error messages. Fixed wrong initial value for questions. Set thd->start_utime and thd->thr_create_utime at startup. Needed to get time_out_user_resource_limits() to work. sql/sql_show.cc: SHOW_INT is now negative sql/sql_yacc.yy: Support negative values for MAX_USER_CONNECTIONS sql/structs.h: Make user connect counting work with signed numbers.
213 lines
6.7 KiB
Text
213 lines
6.7 KiB
Text
#
|
|
# Test behavior of various per-account limits (aka quotas)
|
|
#
|
|
|
|
# Requires privileges to be enabled
|
|
--source include/not_embedded.inc
|
|
|
|
# Save the initial number of concurrent sessions
|
|
--source include/count_sessions.inc
|
|
|
|
set @my_max_user_connections= @@global.max_user_connections;
|
|
|
|
# Prepare play-ground
|
|
--disable_warnings
|
|
drop table if exists t1;
|
|
--enable_warnings
|
|
create table t1 (i int);
|
|
# Just be sure that nothing will bother us
|
|
delete from mysql.user where user like 'mysqltest\_%';
|
|
delete from mysql.db where user like 'mysqltest\_%';
|
|
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|
flush privileges;
|
|
|
|
# Limits doesn't work with prepared statements (yet)
|
|
--disable_ps_protocol
|
|
|
|
# Test of MAX_QUERIES_PER_HOUR limit
|
|
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 2;
|
|
# This ensures that counters are reset and makes test scheduling independent
|
|
flush user_resources;
|
|
connect (mqph, localhost, mysqltest_1,,);
|
|
connection mqph;
|
|
select * from t1;
|
|
select * from t1;
|
|
--error ER_USER_LIMIT_REACHED
|
|
select * from t1;
|
|
connect (mqph2, localhost, mysqltest_1,,);
|
|
connection mqph2;
|
|
--error ER_USER_LIMIT_REACHED
|
|
select * from t1;
|
|
# cleanup
|
|
connection default;
|
|
drop user mysqltest_1@localhost;
|
|
disconnect mqph;
|
|
disconnect mqph2;
|
|
|
|
# Test of MAX_UPDATES_PER_HOUR limit
|
|
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 2;
|
|
flush user_resources;
|
|
connect (muph, localhost, mysqltest_1,,);
|
|
connection muph;
|
|
select * from t1;
|
|
select * from t1;
|
|
select * from t1;
|
|
delete from t1;
|
|
delete from t1;
|
|
--error ER_USER_LIMIT_REACHED
|
|
delete from t1;
|
|
select * from t1;
|
|
connect (muph2, localhost, mysqltest_1,,);
|
|
connection muph2;
|
|
--error ER_USER_LIMIT_REACHED
|
|
delete from t1;
|
|
select * from t1;
|
|
# Cleanup
|
|
connection default;
|
|
drop user mysqltest_1@localhost;
|
|
disconnect muph;
|
|
disconnect muph2;
|
|
|
|
# Test of MAX_CONNECTIONS_PER_HOUR limit
|
|
grant usage on *.* to mysqltest_1@localhost with max_connections_per_hour 2;
|
|
flush user_resources;
|
|
connect (mcph1, localhost, mysqltest_1,,);
|
|
connection mcph1;
|
|
select * from t1;
|
|
connect (mcph2, localhost, mysqltest_1,,);
|
|
connection mcph2;
|
|
select * from t1;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_USER_LIMIT_REACHED
|
|
connect (mcph3, localhost, mysqltest_1,,);
|
|
# Old connection is still ok
|
|
select * from t1;
|
|
# Let us try to close old connections and try again. This will also test that
|
|
# counters are not thrown away if there are no connections for this user.
|
|
disconnect mcph1;
|
|
disconnect mcph2;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_USER_LIMIT_REACHED
|
|
connect (mcph3, localhost, mysqltest_1,,);
|
|
# Cleanup
|
|
connection default;
|
|
drop user mysqltest_1@localhost;
|
|
|
|
# Test of MAX_USER_CONNECTIONS limit
|
|
# We need this to reset internal mqh_used variable
|
|
flush privileges;
|
|
grant usage on *.* to mysqltest_1@localhost with max_user_connections 2;
|
|
flush user_resources;
|
|
connect (muc1, localhost, mysqltest_1,,);
|
|
connection muc1;
|
|
select * from t1;
|
|
connect (muc2, localhost, mysqltest_1,,);
|
|
connection muc2;
|
|
select * from t1;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_USER_LIMIT_REACHED
|
|
connect (muc3, localhost, mysqltest_1,,);
|
|
# Closing of one of connections should help
|
|
disconnect muc1;
|
|
connect (muc3, localhost, mysqltest_1,,);
|
|
select * from t1;
|
|
# Changing of limit should also help (and immediately)
|
|
connection default;
|
|
grant usage on *.* to mysqltest_1@localhost with max_user_connections 3;
|
|
flush user_resources;
|
|
connect (muc4, localhost, mysqltest_1,,);
|
|
connection muc4;
|
|
select * from t1;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_USER_LIMIT_REACHED
|
|
connect (muc5, localhost, mysqltest_1,,);
|
|
|
|
connection default;
|
|
# Test with negative max_user_connections
|
|
grant usage on *.* to mysqltest_1@localhost with max_user_connections -1;
|
|
show grants for mysqltest_1@localhost;
|
|
flush user_resources;
|
|
show grants for mysqltest_1@localhost;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_USER_LIMIT_REACHED
|
|
connect (muc5, localhost, mysqltest_1,,);
|
|
|
|
# Clean up
|
|
disconnect muc2;
|
|
disconnect muc3;
|
|
disconnect muc4;
|
|
drop user mysqltest_1@localhost;
|
|
|
|
# Now let us test interaction between global and per-account
|
|
# max_user_connections limits
|
|
select @@session.max_user_connections, @@global.max_user_connections;
|
|
# Local max_user_connections variable can't be set directly
|
|
# since this limit is per-account
|
|
--error ER_GLOBAL_VARIABLE
|
|
set session max_user_connections= 2;
|
|
# But it is ok to set global max_user_connections
|
|
set global max_user_connections= 2;
|
|
select @@session.max_user_connections, @@global.max_user_connections;
|
|
# Let us check that global limit works
|
|
grant usage on *.* to mysqltest_1@localhost;
|
|
flush user_resources;
|
|
connect (muca1, localhost, mysqltest_1,,);
|
|
connection muca1;
|
|
select @@session.max_user_connections, @@global.max_user_connections;
|
|
connect (muca2, localhost, mysqltest_1,,);
|
|
connection muca2;
|
|
select * from t1;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_TOO_MANY_USER_CONNECTIONS
|
|
connect (muca3, localhost, mysqltest_1,,);
|
|
# Now we are testing that per-account limit prevails over gloabl limit
|
|
connection default;
|
|
grant usage on *.* to mysqltest_1@localhost with max_user_connections 3;
|
|
flush user_resources;
|
|
connect (muca3, localhost, mysqltest_1,,);
|
|
connection muca3;
|
|
select @@session.max_user_connections, @@global.max_user_connections;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_USER_LIMIT_REACHED
|
|
connect (muca4, localhost, mysqltest_1,,);
|
|
# Cleanup
|
|
connection default;
|
|
disconnect muca1;
|
|
disconnect muca2;
|
|
disconnect muca3;
|
|
set global max_user_connections= 0;
|
|
--enable_ps_protocol
|
|
|
|
#
|
|
# Test setting negative values of max_user_connections
|
|
#
|
|
grant usage on *.* to mysqltest_1@localhost with max_user_connections 0;
|
|
set global max_user_connections=-1;
|
|
show variables like "max_user_user_connections";
|
|
select @@max_user_connections;
|
|
select @@global.max_user_connections;
|
|
# Check that we can't connect anymore except as root
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_TOO_MANY_USER_CONNECTIONS
|
|
connect (muca2, localhost, mysqltest_1,,);
|
|
connect (muca2, localhost, root,,);
|
|
disconnect muca2;
|
|
connection default;
|
|
set global max_user_connections=1;
|
|
# Check that we can connect one time, not two
|
|
connect (muca2, localhost, mysqltest_1,,);
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_TOO_MANY_USER_CONNECTIONS
|
|
connect (muca3, localhost, mysqltest_1,,);
|
|
disconnect muca2;
|
|
connection default;
|
|
drop user mysqltest_1@localhost;
|
|
|
|
# Final cleanup
|
|
drop table t1;
|
|
|
|
# Wait till all disconnects are completed
|
|
--source include/wait_until_count_sessions.inc
|
|
|
|
set global max_user_connections= @my_max_user_connections;
|