From aa260cf6cf5a91682fa6176f70d3c55263cec57e Mon Sep 17 00:00:00 2001 From: Esa Korhonen Date: Mon, 19 Mar 2018 14:32:37 +0200 Subject: [PATCH] MXS-1716 Reduce the amount of duplicate elements in users db for PAM The database-level query now only takes rows with either a global select privileges or non-null database privileges. The table-level query only accepts non-null databases and no global privileges, as users with global select are added by the previous section. --- server/modules/authenticator/PAM/PAMAuth/pam_instance.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc b/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc index bc9447d28..23d2c6adc 100644 --- a/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc +++ b/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc @@ -174,12 +174,12 @@ int PamInstance::load_users(SERVICE* service) /** Query that gets all users that authenticate via the pam plugin */ const char PAM_USERS_QUERY[] = "SELECT u.user, u.host, d.db, u.select_priv, u.authentication_string FROM " - "mysql.user AS u LEFT JOIN mysql.db AS d " - "ON (u.user = d.user AND u.host = d.host) WHERE u.plugin = 'pam' " + "mysql.user AS u LEFT JOIN mysql.db AS d ON (u.user = d.user AND u.host = d.host) WHERE " + "(u.plugin = 'pam' AND (d.db IS NOT NULL OR u.select_priv = 'Y')) " "UNION " "SELECT u.user, u.host, t.db, u.select_priv, u.authentication_string FROM " - "mysql.user AS u LEFT JOIN mysql.tables_priv AS t " - "ON (u.user = t.user AND u.host = t.host) WHERE u.plugin = 'pam' " + "mysql.user AS u LEFT JOIN mysql.tables_priv AS t ON (u.user = t.user AND u.host = t.host) WHERE " + "(u.plugin = 'pam' AND t.db IS NOT NULL AND u.select_priv = 'N') " "ORDER BY user"; #if defined(SS_DEBUG) const unsigned int PAM_USERS_QUERY_NUM_FIELDS = 5;