Skip to content

Commit 41dbe6d

Browse files
shussinhshussinh
committed
WL#15655 Firewall: Make database the plugin is using configurable
Firewall will be able to fetch the data it needs to function from the database specified by this new read-only system variable named mysql_firewall_database. Change-Id: I1a809fc95926134b3af28364d733633e8c8b54fc
1 parent 9a432ed commit 41dbe6d

File tree

5 files changed

+27
-24
lines changed

5 files changed

+27
-24
lines changed

packaging/rpm-docker/mysql.spec.in

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -552,6 +552,7 @@ rm -r $(readlink var) var
552552
%attr(755, root, root) %{_libdir}/mysql/plugin/keyring_aws.so
553553
%endif # aws_sdk
554554
%attr(644, root, root) %{_datadir}/mysql-*/linux_install_firewall.sql
555+
%attr(644, root, root) %{_datadir}/mysql-*/uninstall_firewall.sql
555556
%attr(644, root, root) %{_datadir}/mysql-*/firewall_profile_migration.sql
556557
%attr(644, root, root) %{_datadir}/mysql-*/masking_functions_install.sql
557558
%attr(644, root, root) %{_datadir}/mysql-*/masking_functions_uninstall.sql

packaging/rpm-oel/mysql.spec.in

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1270,6 +1270,7 @@ fi
12701270
%attr(755, root, root) %{_libdir}/mysql/plugin/component_masking_functions.so
12711271
%attr(755, root, root) %{_libdir}/mysql/plugin/component_scheduler.so
12721272
%attr(644, root, root) %{_datadir}/mysql-*/linux_install_firewall.sql
1273+
%attr(644, root, root) %{_datadir}/mysql-*/uninstall_firewall.sql
12731274
%attr(644, root, root) %{_datadir}/mysql-*/firewall_profile_migration.sql
12741275
%attr(644, root, root) %{_datadir}/mysql-*/masking_functions_install.sql
12751276
%attr(644, root, root) %{_datadir}/mysql-*/masking_functions_uninstall.sql

packaging/rpm-sles/mysql.spec.in

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -883,6 +883,7 @@ rm -r $(readlink var) var
883883
%attr(644, root, root) %{_datadir}/mysql-*/audit_log_filter_uninstall.sql
884884
%attr(644, root, root) %{_datadir}/mysql-*/firewall_profile_migration.sql
885885
%attr(644, root, root) %{_datadir}/mysql-*/linux_install_firewall.sql
886+
%attr(644, root, root) %{_datadir}/mysql-*/uninstall_firewall.sql
886887
%attr(644, root, root) %{_datadir}/mysql-*/masking_functions_install.sql
887888
%attr(644, root, root) %{_datadir}/mysql-*/masking_functions_uninstall.sql
888889
%attr(755, root, root) %{_libdir}/mysql/plugin/authentication_fido.so

scripts/firewall_stored_procedures.sql

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -46,21 +46,21 @@ CREATE DEFINER='mysql.sys'@'localhost'
4646
BEGIN
4747
DECLARE result VARCHAR(160);
4848
IF arg_mode = "RECORDING" THEN
49-
SELECT read_firewall_whitelist(arg_userhost,FW.rule) FROM mysql.firewall_whitelist FW WHERE userhost = arg_userhost;
49+
SELECT read_firewall_whitelist(arg_userhost,FW.rule) FROM firewall_whitelist FW WHERE userhost = arg_userhost;
5050
END IF;
5151
SELECT set_firewall_mode(arg_userhost, arg_mode) INTO result;
5252
IF arg_mode = "RESET" THEN
5353
SET arg_mode = "OFF";
5454
END IF;
5555
IF result = "OK" THEN
56-
INSERT IGNORE INTO mysql.firewall_users VALUES (arg_userhost, arg_mode);
57-
UPDATE mysql.firewall_users SET mode=arg_mode WHERE userhost = arg_userhost;
56+
INSERT IGNORE INTO firewall_users VALUES (arg_userhost, arg_mode);
57+
UPDATE firewall_users SET mode=arg_mode WHERE userhost = arg_userhost;
5858
ELSE
5959
SELECT result;
6060
END IF;
6161
IF arg_mode = "PROTECTING" OR arg_mode = "OFF" OR arg_mode = "DETECTING" THEN
62-
DELETE FROM mysql.firewall_whitelist WHERE USERHOST = arg_userhost;
63-
INSERT INTO mysql.firewall_whitelist(USERHOST, RULE) SELECT USERHOST,RULE FROM INFORMATION_SCHEMA.mysql_firewall_whitelist WHERE USERHOST=arg_userhost;
62+
DELETE FROM firewall_whitelist WHERE USERHOST = arg_userhost;
63+
INSERT INTO firewall_whitelist(USERHOST, RULE) SELECT USERHOST,RULE FROM INFORMATION_SCHEMA.mysql_firewall_whitelist WHERE USERHOST=arg_userhost;
6464
END IF;
6565
END$$
6666

@@ -72,9 +72,9 @@ BEGIN
7272
DECLARE result VARCHAR(160);
7373
SELECT set_firewall_mode(arg_userhost, "RESET") INTO result;
7474
IF result = "OK" THEN
75-
INSERT IGNORE INTO mysql.firewall_users VALUES (arg_userhost, "OFF");
76-
UPDATE mysql.firewall_users SET mode="OFF" WHERE userhost = arg_userhost;
77-
SELECT read_firewall_whitelist(arg_userhost,FW.rule) FROM mysql.firewall_whitelist FW WHERE FW.userhost=arg_userhost;
75+
INSERT IGNORE INTO firewall_users VALUES (arg_userhost, "OFF");
76+
UPDATE firewall_users SET mode="OFF" WHERE userhost = arg_userhost;
77+
SELECT read_firewall_whitelist(arg_userhost,FW.rule) FROM firewall_whitelist FW WHERE FW.userhost=arg_userhost;
7878
ELSE
7979
SELECT result;
8080
END IF;
@@ -88,21 +88,21 @@ CREATE DEFINER='mysql.sys'@'localhost'
8888
BEGIN
8989
DECLARE result VARCHAR(160);
9090
IF arg_mode = "RECORDING" THEN
91-
SELECT read_firewall_group_allowlist(arg_group_name,FW.rule) FROM mysql.firewall_group_allowlist FW WHERE name = arg_group_name;
91+
SELECT read_firewall_group_allowlist(arg_group_name,FW.rule) FROM firewall_group_allowlist FW WHERE name = arg_group_name;
9292
END IF;
9393
SELECT set_firewall_group_mode(arg_group_name, arg_mode) INTO result;
9494
IF arg_mode = "RESET" THEN
9595
SET arg_mode = "OFF";
9696
END IF;
9797
IF result = "OK" THEN
98-
INSERT IGNORE INTO mysql.firewall_groups VALUES (arg_group_name, arg_mode, NULL);
99-
UPDATE mysql.firewall_groups SET mode=arg_mode WHERE name = arg_group_name;
98+
INSERT IGNORE INTO firewall_groups VALUES (arg_group_name, arg_mode, NULL);
99+
UPDATE firewall_groups SET mode=arg_mode WHERE name = arg_group_name;
100100
ELSE
101101
SELECT result;
102102
END IF;
103103
IF arg_mode = "PROTECTING" OR arg_mode = "OFF" OR arg_mode = "DETECTING" THEN
104-
DELETE FROM mysql.firewall_group_allowlist WHERE name = arg_group_name;
105-
INSERT INTO mysql.firewall_group_allowlist(name, rule)
104+
DELETE FROM firewall_group_allowlist WHERE name = arg_group_name;
105+
INSERT INTO firewall_group_allowlist(name, rule)
106106
SELECT name, rule FROM performance_schema.firewall_group_allowlist
107107
WHERE name=arg_group_name;
108108
END IF;
@@ -117,21 +117,21 @@ CREATE DEFINER='mysql.sys'@'localhost'
117117
BEGIN
118118
DECLARE result VARCHAR(160);
119119
IF arg_mode = "RECORDING" THEN
120-
SELECT read_firewall_group_allowlist(arg_group_name,FW.rule) FROM mysql.firewall_group_allowlist FW WHERE name = arg_group_name;
120+
SELECT read_firewall_group_allowlist(arg_group_name,FW.rule) FROM firewall_group_allowlist FW WHERE name = arg_group_name;
121121
END IF;
122122
SELECT set_firewall_group_mode(arg_group_name, arg_mode, arg_userhost) INTO result;
123123
IF arg_mode = "RESET" THEN
124124
SET arg_mode = "OFF";
125125
END IF;
126126
IF result = "OK" THEN
127-
INSERT IGNORE INTO mysql.firewall_groups VALUES (arg_group_name, arg_mode, arg_userhost);
128-
UPDATE mysql.firewall_groups SET mode=arg_mode, userhost=arg_userhost WHERE name = arg_group_name;
127+
INSERT IGNORE INTO firewall_groups VALUES (arg_group_name, arg_mode, arg_userhost);
128+
UPDATE firewall_groups SET mode=arg_mode, userhost=arg_userhost WHERE name = arg_group_name;
129129
ELSE
130130
SELECT result;
131131
END IF;
132132
IF arg_mode = "PROTECTING" OR arg_mode = "OFF" OR arg_mode = "DETECTING" THEN
133-
DELETE FROM mysql.firewall_group_allowlist WHERE name = arg_group_name;
134-
INSERT INTO mysql.firewall_group_allowlist(name, rule)
133+
DELETE FROM firewall_group_allowlist WHERE name = arg_group_name;
134+
INSERT INTO firewall_group_allowlist(name, rule)
135135
SELECT name, rule FROM performance_schema.firewall_group_allowlist
136136
WHERE name=arg_group_name;
137137
END IF;
@@ -145,9 +145,9 @@ BEGIN
145145
DECLARE result VARCHAR(160);
146146
SELECT set_firewall_group_mode(arg_group_name, "RESET") INTO result;
147147
IF result = "OK" THEN
148-
INSERT IGNORE INTO mysql.firewall_groups VALUES (arg_group_name, "OFF", NULL);
149-
UPDATE mysql.firewall_groups SET mode="OFF" WHERE name = arg_group_name;
150-
SELECT read_firewall_group_allowlist(arg_group_name,FW.rule) FROM mysql.firewall_group_allowlist FW WHERE FW.name=arg_group_name;
148+
INSERT IGNORE INTO firewall_groups VALUES (arg_group_name, "OFF", NULL);
149+
UPDATE firewall_groups SET mode="OFF" WHERE name = arg_group_name;
150+
SELECT read_firewall_group_allowlist(arg_group_name,FW.rule) FROM firewall_group_allowlist FW WHERE FW.name=arg_group_name;
151151
ELSE
152152
SELECT result;
153153
END IF;
@@ -162,7 +162,7 @@ BEGIN
162162
DECLARE result VARCHAR(160);
163163
SELECT firewall_group_enlist(arg_group_name, arg_userhost) INTO result;
164164
IF result = "OK" THEN
165-
INSERT IGNORE INTO mysql.firewall_membership VALUES (arg_group_name, arg_userhost);
165+
INSERT IGNORE INTO firewall_membership VALUES (arg_group_name, arg_userhost);
166166
ELSE
167167
SELECT result;
168168
END IF;
@@ -177,7 +177,7 @@ BEGIN
177177
DECLARE result VARCHAR(160);
178178
SELECT firewall_group_delist(arg_group_name, arg_userhost) INTO result;
179179
IF result = "OK" THEN
180-
DELETE IGNORE FROM mysql.firewall_membership WHERE group_id = arg_group_name AND member_id = arg_userhost;
180+
DELETE IGNORE FROM firewall_membership WHERE group_id = arg_group_name AND member_id = arg_userhost;
181181
ELSE
182182
SELECT result;
183183
END IF;

sql/mysqld.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -379,7 +379,7 @@ extern uint opt_server_id_bits;
379379
extern ulong opt_server_id_mask;
380380
extern const char *load_default_groups[];
381381
extern struct my_option my_long_early_options[];
382-
extern bool mysqld_server_started;
382+
extern "C" MYSQL_PLUGIN_IMPORT bool mysqld_server_started;
383383
extern "C" MYSQL_PLUGIN_IMPORT int orig_argc;
384384
extern "C" MYSQL_PLUGIN_IMPORT char **orig_argv;
385385
extern my_thread_attr_t connection_attrib;

0 commit comments

Comments
 (0)