From: Marc Alff Date: January 30 2012 7:04pm Subject: bzr push into mysql-trunk-wl5259 branch (marc.alff:3364 to 3365) List-Archive: http://lists.mysql.com/commits/142652 Message-Id: <201201301904.q0UJ4TEx018252@acsmt358.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3365 Marc Alff 2012-01-30 Fixed blocked hosts, added tests added: mysql-test/suite/perfschema/r/hostcache_ipv4_blocked.result mysql-test/suite/perfschema/r/hostcache_ipv6_blocked.result mysql-test/suite/perfschema/t/hostcache_ipv4_blocked.test mysql-test/suite/perfschema/t/hostcache_ipv6_blocked-master.opt mysql-test/suite/perfschema/t/hostcache_ipv6_blocked.test modified: sql/hostname.cc sql/hostname.h sql/sql_acl.cc sql/sql_acl.h sql/sql_connect.cc sql/sql_parse.cc 3364 Marc Alff 2012-01-30 [merge] Merge mysql-trunk --> mysql-trunk-wl5259 renamed: mysql-test/suite/sys_vars/r/innodb_sort_buf_size_basic.result => mysql-test/suite/sys_vars/r/innodb_sort_buffer_size_basic.result mysql-test/suite/sys_vars/t/innodb_sort_buf_size_basic.test => mysql-test/suite/sys_vars/t/innodb_sort_buffer_size_basic.test modified: mysql-test/include/func_in.inc mysql-test/include/range.inc mysql-test/r/func_in_all.result mysql-test/r/func_in_icp.result mysql-test/r/func_in_icp_mrr.result mysql-test/r/func_in_mrr.result mysql-test/r/func_in_mrr_cost.result mysql-test/r/func_in_none.result mysql-test/r/lowercase_fs_off.result mysql-test/r/merge.result mysql-test/r/optimizer_debug_sync.result mysql-test/r/plugin.result mysql-test/r/range_all.result mysql-test/r/range_icp.result mysql-test/r/range_icp_mrr.result mysql-test/r/range_mrr.result mysql-test/r/range_mrr_cost.result mysql-test/r/range_none.result mysql-test/r/sp-security.result mysql-test/r/sp.result mysql-test/suite/opt_trace/include/range.inc mysql-test/suite/parts/inc/partition-dml-1-7.inc mysql-test/suite/parts/inc/partition-dml-1-8.inc mysql-test/suite/parts/inc/partition_key_16col.inc mysql-test/suite/parts/inc/partition_key_32col.inc mysql-test/suite/parts/inc/partition_key_4col.inc mysql-test/suite/parts/inc/partition_key_8col.inc mysql-test/suite/parts/r/partition_special_myisam.result mysql-test/t/merge.test mysql-test/t/optimizer_debug_sync.test mysql-test/t/plugin.test mysql-test/t/sp-security.test mysql-test/t/sp.test mysql-test/t/temp_table.test mysql-test/valgrind.supp sql/handler.cc sql/handler.h sql/item.cc sql/item_cmpfunc.h sql/item_func.cc sql/item_func.h sql/mysqld.cc sql/opt_explain.cc sql/opt_range.cc sql/sql_parse.cc storage/example/ha_example.cc storage/innobase/btr/btr0btr.cc storage/innobase/btr/btr0cur.cc storage/innobase/buf/buf0buf.cc storage/innobase/handler/ha_innodb.cc storage/innobase/ibuf/ibuf0ibuf.cc storage/innobase/include/btr0btr.h storage/innobase/include/mtr0log.ic storage/innobase/lock/lock0lock.cc storage/innobase/page/page0page.cc storage/innobase/row/row0ins.cc storage/innobase/row/row0sel.cc storage/innobase/row/row0umod.cc storage/innobase/row/row0upd.cc storage/innobase/srv/srv0srv.cc storage/innobase/trx/trx0purge.cc storage/innobase/trx/trx0rec.cc storage/myisammrg/ha_myisammrg.cc storage/perfschema/pfs_instr_class.cc storage/perfschema/pfs_instr_class.h storage/perfschema/pfs_server.cc mysql-test/suite/sys_vars/r/innodb_sort_buffer_size_basic.result mysql-test/suite/sys_vars/t/innodb_sort_buffer_size_basic.test === added file 'mysql-test/suite/perfschema/r/hostcache_ipv4_blocked.result' --- a/mysql-test/suite/perfschema/r/hostcache_ipv4_blocked.result 1970-01-01 00:00:00 +0000 +++ b/mysql-test/suite/perfschema/r/hostcache_ipv4_blocked.result 2012-01-30 19:03:41 +0000 @@ -0,0 +1,351 @@ +flush status; +flush hosts; +flush user_resources; +select @@global.debug; +@@global.debug + +select @@global.max_connect_errors; +@@global.max_connect_errors +10 +select @@global.max_connect_errors into @saved_max_connect_errors; +show global status like "%peer%"; +Variable_name Value +Peer_address_errors 0 +set global max_connect_errors = 2; +grant select on test.* to 'root'@'santa.claus.ipv4.example.com'; +select "Con1 is alive"; +Con1 is alive +Con1 is alive +select current_user(); +current_user() +root@localhost +set global debug= "+d,vio_peer_addr_fake_ipv4,getnameinfo_fake_ipv4,getaddrinfo_fake_good_ipv4,native_password_bad_reply"; +ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv4.example.com' (using password: NO) +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 1 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 1 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 1 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv4.example.com' (using password: NO) +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 2 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 2 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 2 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv4.example.com' (using password: NO) +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 3 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 3 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 3 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +ERROR HY000: Host '192.0.2.4' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts' +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 3 +COUNT_HOST_BLOCKED_ERRORS 1 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 3 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 3 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +ERROR HY000: Host '192.0.2.4' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts' +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 3 +COUNT_HOST_BLOCKED_ERRORS 2 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 3 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 3 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +flush hosts; +ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv4.example.com' (using password: NO) +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 1 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 1 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 1 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +revoke select on test.* from 'root'@'santa.claus.ipv4.example.com'; +drop user 'root'@'santa.claus.ipv4.example.com'; +set global max_connect_errors = @saved_max_connect_errors; +set global debug= default; === added file 'mysql-test/suite/perfschema/r/hostcache_ipv6_blocked.result' --- a/mysql-test/suite/perfschema/r/hostcache_ipv6_blocked.result 1970-01-01 00:00:00 +0000 +++ b/mysql-test/suite/perfschema/r/hostcache_ipv6_blocked.result 2012-01-30 19:03:41 +0000 @@ -0,0 +1,351 @@ +flush status; +flush hosts; +flush user_resources; +select @@global.debug; +@@global.debug + +select @@global.max_connect_errors; +@@global.max_connect_errors +10 +select @@global.max_connect_errors into @saved_max_connect_errors; +show global status like "%peer%"; +Variable_name Value +Peer_address_errors 0 +set global max_connect_errors = 2; +grant select on test.* to 'root'@'santa.claus.ipv6.example.com'; +select "Con1 is alive"; +Con1 is alive +Con1 is alive +select current_user(); +current_user() +root@localhost +set global debug= "+d,vio_peer_addr_fake_ipv6,getnameinfo_fake_ipv6,getaddrinfo_fake_good_ipv6,native_password_bad_reply"; +ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv6.example.com' (using password: NO) +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 2001:db8::6:6 +HOST santa.claus.ipv6.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 1 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 1 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 1 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv6.example.com' (using password: NO) +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 2001:db8::6:6 +HOST santa.claus.ipv6.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 2 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 2 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 2 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv6.example.com' (using password: NO) +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 2001:db8::6:6 +HOST santa.claus.ipv6.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 3 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 3 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 3 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +ERROR HY000: Host '2001:db8::6:6' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts' +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 2001:db8::6:6 +HOST santa.claus.ipv6.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 3 +COUNT_HOST_BLOCKED_ERRORS 1 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 3 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 3 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +ERROR HY000: Host '2001:db8::6:6' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts' +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 2001:db8::6:6 +HOST santa.claus.ipv6.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 3 +COUNT_HOST_BLOCKED_ERRORS 2 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 3 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 3 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +flush hosts; +ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv6.example.com' (using password: NO) +select +IP, HOST, HOST_VALIDATED, SUM_CONNECT_ERRORS, +COUNT_HOST_BLOCKED_ERRORS, +COUNT_NAMEINFO_TRANSIENT_ERRORS, +COUNT_NAMEINFO_PERMANENT_ERRORS, +COUNT_FORMAT_ERRORS, +COUNT_ADDRINFO_TRANSIENT_ERRORS, +COUNT_ADDRINFO_PERMANENT_ERRORS, +COUNT_FCRDNS_ERRORS, +COUNT_HOST_ACL_ERRORS, +COUNT_NO_AUTH_PLUGIN_ERRORS, +COUNT_AUTH_PLUGIN_ERRORS, +COUNT_HANDSHAKE_ERRORS, +COUNT_PROXY_USER_ERRORS, +COUNT_PROXY_USER_ACL_ERRORS, +COUNT_AUTHENTICATION_ERRORS, +COUNT_SSL_ERRORS, +COUNT_MAX_USER_CONNECTION_ERRORS, +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS, +COUNT_MAX_CONNECTION_ERRORS, +COUNT_USER_ACL_ERRORS, +COUNT_LOCAL_ERRORS, +COUNT_UNKNOWN_ERRORS, +if (FIRST_ERROR_SEEN is not null, "set", "null") as FIRST_ERROR_SEEN, +if (LAST_ERROR_SEEN is not null, "set", "null") as LAST_ERROR_SEEN +from performance_schema.host_cache; +IP 2001:db8::6:6 +HOST santa.claus.ipv6.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 1 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 0 +COUNT_HANDSHAKE_ERRORS 1 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 1 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTION_ERRORS 0 +COUNT_MAX_USER_CONNECTION_PER_HOUR_ERRORS 0 +COUNT_MAX_CONNECTION_ERRORS 0 +COUNT_USER_ACL_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +revoke select on test.* from 'root'@'santa.claus.ipv6.example.com'; +drop user 'root'@'santa.claus.ipv6.example.com'; +set global max_connect_errors = @saved_max_connect_errors; +set global debug= default; === added file 'mysql-test/suite/perfschema/t/hostcache_ipv4_blocked.test' --- a/mysql-test/suite/perfschema/t/hostcache_ipv4_blocked.test 1970-01-01 00:00:00 +0000 +++ b/mysql-test/suite/perfschema/t/hostcache_ipv4_blocked.test 2012-01-30 19:03:41 +0000 @@ -0,0 +1,91 @@ + +# +# Tests for the performance_schema host_cache. +# +# Simulate failures from client / server protocol: +# - reported in COUNT_HANDSHAKE_ERRORS +# aud further causes blocking errors: +# - reported in SUM_CONNECT_ERRORS +# - reported in COUNT_HOST_BLOCKED_ERRORS + +--source include/not_embedded.inc +--source include/have_debug.inc +--source include/have_perfschema.inc + +flush status; +flush hosts; +flush user_resources; +select @@global.debug; +select @@global.max_connect_errors; +select @@global.max_connect_errors into @saved_max_connect_errors; +show global status like "%peer%"; + +set global max_connect_errors = 2; + +grant select on test.* to 'root'@'santa.claus.ipv4.example.com'; + +connect (con1,"127.0.0.1",root,,test,$MASTER_MYPORT,); +select "Con1 is alive"; +select current_user(); +disconnect con1; + +--connection default +set global debug= "+d,vio_peer_addr_fake_ipv4,getnameinfo_fake_ipv4,getaddrinfo_fake_good_ipv4,native_password_bad_reply"; + +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect (con2a,"127.0.0.1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect (con2b,"127.0.0.1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect (con2c,"127.0.0.1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +--disable_query_log +--error ER_HOST_IS_BLOCKED +connect (con2d,"127.0.0.1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +--disable_query_log +--error ER_HOST_IS_BLOCKED +connect (con2e,"127.0.0.1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +# Now that the host is blocked, check that flush works +flush hosts; + +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect (con2c,"127.0.0.1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +revoke select on test.* from 'root'@'santa.claus.ipv4.example.com'; +drop user 'root'@'santa.claus.ipv4.example.com'; + +set global max_connect_errors = @saved_max_connect_errors; +set global debug= default; + === added file 'mysql-test/suite/perfschema/t/hostcache_ipv6_blocked-master.opt' --- a/mysql-test/suite/perfschema/t/hostcache_ipv6_blocked-master.opt 1970-01-01 00:00:00 +0000 +++ b/mysql-test/suite/perfschema/t/hostcache_ipv6_blocked-master.opt 2012-01-30 19:03:41 +0000 @@ -0,0 +1 @@ +--bind-addr=:: === added file 'mysql-test/suite/perfschema/t/hostcache_ipv6_blocked.test' --- a/mysql-test/suite/perfschema/t/hostcache_ipv6_blocked.test 1970-01-01 00:00:00 +0000 +++ b/mysql-test/suite/perfschema/t/hostcache_ipv6_blocked.test 2012-01-30 19:03:41 +0000 @@ -0,0 +1,92 @@ + +# +# Tests for the performance_schema host_cache. +# +# Simulate failures from client / server protocol: +# - reported in COUNT_HANDSHAKE_ERRORS +# aud further causes blocking errors: +# - reported in SUM_CONNECT_ERRORS +# - reported in COUNT_HOST_BLOCKED_ERRORS + +--source include/not_embedded.inc +--source include/have_debug.inc +--source include/have_ipv6.inc +--source include/have_perfschema.inc + +flush status; +flush hosts; +flush user_resources; +select @@global.debug; +select @@global.max_connect_errors; +select @@global.max_connect_errors into @saved_max_connect_errors; +show global status like "%peer%"; + +set global max_connect_errors = 2; + +grant select on test.* to 'root'@'santa.claus.ipv6.example.com'; + +connect (con1,"::1",root,,test,$MASTER_MYPORT,); +select "Con1 is alive"; +select current_user(); +disconnect con1; + +--connection default +set global debug= "+d,vio_peer_addr_fake_ipv6,getnameinfo_fake_ipv6,getaddrinfo_fake_good_ipv6,native_password_bad_reply"; + +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect (con2a,"::1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect (con2b,"::1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect (con2c,"::1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +--disable_query_log +--error ER_HOST_IS_BLOCKED +connect (con2d,"::1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +--disable_query_log +--error ER_HOST_IS_BLOCKED +connect (con2e,"::1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +# Now that the host is blocked, check that flush works +flush hosts; + +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect (con2c,"::1",quota,,test,$MASTER_MYPORT,); +--enable_query_log + +--connection default +--source ../include/hostcache_dump.inc + +revoke select on test.* from 'root'@'santa.claus.ipv6.example.com'; +drop user 'root'@'santa.claus.ipv6.example.com'; + +set global max_connect_errors = @saved_max_connect_errors; +set global debug= default; + === modified file 'sql/hostname.cc' --- a/sql/hostname.cc 2012-01-27 12:14:54 +0000 +++ b/sql/hostname.cc 2012-01-30 19:03:41 +0000 @@ -290,7 +290,7 @@ static void add_hostname(const char *ip_ return; } -void inc_host_errors(const char *ip_string, const Host_errors *errors) +void inc_host_errors(const char *ip_string, Host_errors *errors) { if (!ip_string) return; @@ -305,6 +305,11 @@ void inc_host_errors(const char *ip_stri if (entry) { + if (entry->m_host_validated) + errors->sum_connect_errors(); + else + errors->clear_connect_errors(); + entry->m_errors.aggregate(errors); entry->set_error_timestamps(now); } @@ -313,7 +318,7 @@ void inc_host_errors(const char *ip_stri } -void reset_host_errors(const char *ip_string) +void reset_host_connect_errors(const char *ip_string) { if (!ip_string) return; @@ -326,7 +331,7 @@ void reset_host_errors(const char *ip_st Host_entry *entry= hostname_cache_search(ip_key); if (entry) - entry->m_errors.reset(); + entry->m_errors.clear_connect_errors(); mysql_mutex_unlock(&hostname_cache->lock); } @@ -381,6 +386,8 @@ static inline bool is_hostname_valid(con - resolves IP-address; - employs Forward Confirmed Reverse DNS technique to validate IP-address; - returns host name if IP-address is validated; + - set value to out-variable connect_errors -- this variable represents the + number of connection errors from the specified IP-address. - update the host_cache statistics NOTE: connect_errors are counted (are supported) only for the clients @@ -389,6 +396,7 @@ static inline bool is_hostname_valid(con @param [in] ip_storage IP address (sockaddr). Must be set. @param [in] ip_string IP address (string). Must be set. @param [out] hostname + @param [out] connect_errors @return Error status @retval 0 Success @@ -401,7 +409,8 @@ static inline bool is_hostname_valid(con int ip_to_hostname(struct sockaddr_storage *ip_storage, const char *ip_string, - char **hostname) + char **hostname, + uint *connect_errors) { const struct sockaddr *ip= (const sockaddr *) ip_storage; int err_code; @@ -415,6 +424,7 @@ int ip_to_hostname(struct sockaddr_stora /* Default output values, for most cases. */ *hostname= NULL; + *connect_errors= 0; /* Check if we have loopback address (127.0.0.1 or ::1). */ @@ -451,6 +461,7 @@ int ip_to_hostname(struct sockaddr_stora { entry->m_errors.m_host_blocked++; entry->set_error_timestamps(now); + *connect_errors= entry->m_errors.m_connect; mysql_mutex_unlock(&hostname_cache->lock); DBUG_RETURN(RC_BLOCKED_HOST); } === modified file 'sql/hostname.h' --- a/sql/hostname.h 2012-01-27 12:14:54 +0000 +++ b/sql/hostname.h 2012-01-30 19:03:41 +0000 @@ -102,7 +102,11 @@ public: void sum_connect_errors() { - m_connect= m_host_acl + m_authentication + m_user_acl; + /* Current (historical) behavior: */ + m_connect= m_handshake; + /* Proposed behavior: + m_connect= m_host_acl + m_handshake + m_authentication + m_user_acl; + */ } void clear_connect_errors() @@ -167,14 +171,13 @@ public: extern ulong host_cache_size; #define RC_OK 0 -#define RC_NO_HOST 1 -#define RC_BLOCKED_HOST 2 +#define RC_BLOCKED_HOST 1 int ip_to_hostname(struct sockaddr_storage *ip_storage, const char *ip_string, - char **hostname); + char **hostname, uint *connect_errors); -void inc_host_errors(const char *ip_string, const Host_errors *errors); -void reset_host_errors(const char *ip_string); +void inc_host_errors(const char *ip_string, Host_errors *errors); +void reset_host_connect_errors(const char *ip_string); bool hostname_cache_init(); void hostname_cache_free(); void hostname_cache_refresh(void); === modified file 'sql/sql_acl.cc' --- a/sql/sql_acl.cc 2012-01-26 10:10:55 +0000 +++ b/sql/sql_acl.cc 2012-01-30 19:03:41 +0000 @@ -7993,7 +7993,6 @@ struct MPVIO_EXT :public MYSQL_PLUGIN_VI uint pkt_len; } cached_server_packet; int packets_read, packets_written; ///< counters for send/received packets - uint connect_errors; ///< if there were connect errors for this host /** when plugin returns a failure this tells us what really happened */ enum { SUCCESS, FAILURE, RESTART } status; @@ -8676,9 +8675,6 @@ static ulong parse_client_handshake_pack bool packet_has_required_size= false; DBUG_ASSERT(mpvio->status == MPVIO_EXT::FAILURE); - if (mpvio->connect_errors) - reset_host_errors(mpvio->ip); - uint charset_code= 0; end= (char *)net->read_pos; /* @@ -9352,7 +9348,7 @@ static int do_auth_once(THD *thd, const static void -server_mpvio_initialize(THD *thd, MPVIO_EXT *mpvio, uint connect_errors, +server_mpvio_initialize(THD *thd, MPVIO_EXT *mpvio, Thd_charset_adapter *charset_adapter) { memset(mpvio, 0, sizeof(MPVIO_EXT)); @@ -9364,7 +9360,6 @@ server_mpvio_initialize(THD *thd, MPVIO_ (unsigned int) strlen(thd->security_ctx->host_or_ip); mpvio->auth_info.user_name= NULL; mpvio->auth_info.user_name_length= 0; - mpvio->connect_errors= connect_errors; mpvio->status= MPVIO_EXT::FAILURE; mpvio->client_capabilities= thd->client_capabilities; @@ -9396,8 +9391,6 @@ server_mpvio_update_thd(THD *thd, MPVIO_ Perform the handshake, authorize the client and update thd sctx variables. @param thd thread handle - @param connect_errors number of previous failed connect attemps - from this host @param com_change_user_pkt_len size of the COM_CHANGE_USER packet (without the first, command, byte) or 0 if it's not a COM_CHANGE_USER (that is, if @@ -9406,8 +9399,8 @@ server_mpvio_update_thd(THD *thd, MPVIO_ @retval 0 success, thd is updated. @retval 1 error */ -bool -acl_authenticate(THD *thd, uint connect_errors, uint com_change_user_pkt_len) +int +acl_authenticate(THD *thd, uint com_change_user_pkt_len) { int res= CR_OK; MPVIO_EXT mpvio; @@ -9420,7 +9413,7 @@ acl_authenticate(THD *thd, uint connect_ DBUG_ENTER("acl_authenticate"); compile_time_assert(MYSQL_USERNAME_LENGTH == USERNAME_LENGTH); - server_mpvio_initialize(thd, &mpvio, connect_errors, &charset_adapter); + server_mpvio_initialize(thd, &mpvio, &charset_adapter); DBUG_PRINT("info", ("com_change_user_pkt_len=%u", com_change_user_pkt_len)); @@ -9761,6 +9754,12 @@ static int native_password_authenticate( DBUG_RETURN(CR_OK); #endif + DBUG_EXECUTE_IF("native_password_bad_reply", + { + pkt_len= 12; + } + ); + if (pkt_len == 0) /* no password */ DBUG_RETURN(mpvio->acl_user->salt_len != 0 ? CR_ERROR : CR_OK); === modified file 'sql/sql_acl.h' --- a/sql/sql_acl.h 2011-08-17 14:07:07 +0000 +++ b/sql/sql_acl.h 2012-01-30 19:03:41 +0000 @@ -195,7 +195,7 @@ my_bool acl_reload(THD *thd); void acl_free(bool end=0); ulong acl_get(const char *host, const char *ip, const char *user, const char *db, my_bool db_is_pattern); -bool acl_authenticate(THD *thd, uint connect_errors, uint com_change_user_pkt_len); +int acl_authenticate(THD *thd, uint com_change_user_pkt_len); bool acl_getroot(Security_context *sctx, char *user, char *host, char *ip, char *db); bool acl_check_host(const char *host, const char *ip); === modified file 'sql/sql_connect.cc' --- a/sql/sql_connect.cc 2012-01-26 10:10:55 +0000 +++ b/sql/sql_connect.cc 2012-01-30 19:03:41 +0000 @@ -463,6 +463,7 @@ bool init_new_connection_handler_thread( static int check_connection(THD *thd) { uint connect_errors= 0; + int auth_rc; NET *net= &thd->net; DBUG_PRINT("info", @@ -563,14 +564,8 @@ static int check_connection(THD *thd) rc= ip_to_hostname(&net->vio->remote, thd->main_security_ctx.ip, - &thd->main_security_ctx.host); - - if (rc == RC_NO_HOST) - { - /* HOST_CACHE stats updated by ip_to_hostname(). */ - my_error(ER_BAD_HOST_ERROR, MYF(0)); - return 1; - } + &thd->main_security_ctx.host, + &connect_errors); /* Cut very long hostnames to avoid possible overflows */ if (thd->main_security_ctx.host) @@ -617,7 +612,18 @@ static int check_connection(THD *thd) return 1; /* The error is set by alloc(). */ } - return acl_authenticate(thd, connect_errors, 0); + auth_rc= acl_authenticate(thd, 0); + if (auth_rc == 0 && connect_errors != 0) + { + /* + A client connection from this IP was successful, + after some previous failures. + Reset the connection error counter. + */ + reset_host_connect_errors(thd->main_security_ctx.ip); + } + + return auth_rc; } === modified file 'sql/sql_parse.cc' --- a/sql/sql_parse.cc 2012-01-30 06:59:39 +0000 +++ b/sql/sql_parse.cc 2012-01-30 19:03:41 +0000 @@ -1099,7 +1099,7 @@ bool dispatch_command(enum enum_server_c #endif case COM_CHANGE_USER: { - bool rc; + int auth_rc; status_var_increment(thd->status_var.com_other); thd->change_user(); @@ -1119,9 +1119,9 @@ bool dispatch_command(enum enum_server_c const CHARSET_INFO *save_character_set_results= thd->variables.character_set_results; - rc= acl_authenticate(thd, 0, packet_length); + auth_rc= acl_authenticate(thd, packet_length); MYSQL_AUDIT_NOTIFY_CONNECTION_CHANGE_USER(thd); - if (rc) + if (auth_rc) { my_free(thd->security_ctx->user); *thd->security_ctx= save_security_ctx; No bundle (reason: useless for push emails).