Merge branch '2.3' into 2.4

2019-07-05 10:39:03 +03:00 · 2019-07-05 10:39:03 +03:00 · e45dcb6d8a
commit e45dcb6d8a
parent 8960d2df8f edbbafc2e9
3 changed files with 7 additions and 5 deletions
--- a/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc
+++ b/server/modules/authenticator/GSSAPI/GSSAPIAuth/gssapi_auth.cc
@ -62,7 +62,7 @@ const char create_sql[] =
 /** The query that is executed when a user is authenticated */
 static const char gssapi_auth_query[] =
    "SELECT * FROM " GSSAPI_TABLE_NAME
-    " WHERE user = '%s' AND '%s' LIKE host AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
+    " WHERE user = '%s' AND '%s' LIKE host AND (anydb = '1' OR '%s' IN ('information_schema', '') OR '%s' LIKE db)"
    " AND ('%s' = '%s' OR princ = '%s') LIMIT 1";

 /** Delete query used to clean up the database before loading new users */
--- a/server/modules/authenticator/MariaDBAuth/mysql_auth.hh
+++ b/server/modules/authenticator/MariaDBAuth/mysql_auth.hh
@ -53,19 +53,21 @@ static const char pragma_sql[] = "PRAGMA JOURNAL_MODE=NONE";
 /** Query that checks if there's a grant for the user being authenticated */
 static const char mysqlauth_validate_user_query[] =
    "SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
-    " WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
+    " WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host)"
+    " AND (anydb = '1' OR '%s' IN ('', 'information_schema') OR '%s' LIKE db)"
    " LIMIT 1";

 /** Query that checks if there's a grant for the user being authenticated */
 static const char mysqlauth_validate_user_query_lower[] =
    "SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
-    " WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR LOWER('%s') LIKE LOWER(db))"
+    " WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host)"
+    " AND (anydb = '1' OR LOWER('%s') IN ('', 'information_schema') OR LOWER('%s') LIKE LOWER(db)"
    " LIMIT 1";

 /** Query that only checks if there's a matching user */
 static const char mysqlauth_skip_auth_query[] =
    "SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
-    " WHERE user = '%s' AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
+    " WHERE user = '%s' AND (anydb = '1' OR '%s' IN ('', 'information_schema') OR '%s' LIKE db)"
    " LIMIT 1";

 /** Query that checks that the database exists */
--- a/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
+++ b/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
@ -137,7 +137,7 @@ void PamClientSession::get_pam_user_services(const DCB* dcb, const MYSQL_session
    string services_query = string("SELECT authentication_string FROM ") + m_instance.m_tablename + " WHERE "
        + FIELD_USER + " = '" + session->user + "'"
        + " AND '" + dcb->remote + "' LIKE " + FIELD_HOST
-        + " AND (" + FIELD_ANYDB + " = '1' OR '" + session->db + "' = '' OR '"
+        + " AND (" + FIELD_ANYDB + " = '1' OR '" + session->db + "' IN ('information_schema', '') OR '"
        + session->db + "' LIKE " + FIELD_DB + ")"
        + " AND " + FIELD_PROXY + " = '0' ORDER BY authentication_string;";
    MXS_DEBUG("PAM services search sql: '%s'.", services_query.c_str());