FB8-53: Expose user certificate details to command line #959
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
laurynas-biveinis
suggested changes
Feb 12, 2019
dutow
reviewed
Feb 12, 2019
percona-ysorokin
force-pushed
the
fbms-8.0-bug_fb8_53-schema_authinfo
branch
from
de4a7cc to
b96a591
Compare
|
Rebased on a newer trunk with audit extensions, addressed review comments. Ready for another round of review. |
dutow
reviewed
Feb 15, 2019
sql/sql_class.cc
Outdated
| print_result = PEM_write_bio_X509(bio.get(), cert.get()); | ||
| if (print_result != 1) return {}; | ||
|
|
||
| // decouple buffer and close bio object |
There was a problem hiding this comment.
Are you sure this comment is true?
The bio object is closed when the unique_ptr is destructed, at the end of the function. And if it decouples it, and it doesn't free the memory, we are leaking memory - but based on the documentation, I don't think BIO_get_mem_ptr does that.
There was a problem hiding this comment.
Oh, this is just an outdated comment. There is no decoupling here at all. Removing.
sql/sql_class.cc
Outdated
| std::string THD::extract_peer_certificate_info(const THD *thd, bool printable) { | ||
| if (!thd->has_net_vio_ssl_arg()) return {}; | ||
|
|
||
| auto ssl = static_cast<SSL *>(thd->get_net_vio_ssl_arg()); |
There was a problem hiding this comment.
This could be const SSL*, and the get_net_vio getters could also return const pointers.
There was a problem hiding this comment.
Good point. Reworked.
Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()'; - 'get_net_vio()'; - 'has_net_vio_ssl_arg()'; - 'get_net_vio_ssl_arg()'; - 'extract_peer_certificate_info()'. Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. The following changes were implemented on the top of the "FB8-54, FB8-55, FB8-70, FB8-101: Expose more information to audit plugin" (facebook@3092225). * Fixed problem with empty connection certificates for users who are connecting via SSL to the server but were not created with 'SSL | X509' option in 'CREATE USER' statement. * The following methods are now used as a substitution for their duplicates: - 'update_connection_certificate()'; - 'reset_connection_certificate()'; - 'get_connection_certificate()'. - Increased stability of the 'audit_null.event_params_cert' MTR test case. ---------- facebook@f29eb03 ---------- Expose user certificate details to command line. Summary: This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Test Plan: Run newly added test case Reviewers: pengt, tianx, jtolmer, santoshb Originally Reviewed By: santoshb ---------- facebook@c631017 ---------- Fix leak in get_peer_cert_info Summary: Valgrind shows that we are not freeing the X509 object that is returned when we call SSL_get_peer_certificate. Fix this by free'ing it at various exit points. Squash with: f29eb03 Expose user certificate details to command line. Test Plan: mysqltest.sh --valgrind main.information_schema_authinfo Reviewers: kradhakrishnan Originally Reviewed By: kradhakrishnan Subscribers: jkedgar, webscalesql-eng
percona-ysorokin
force-pushed
the
fbms-8.0-bug_fb8_53-schema_authinfo
branch
from
b96a591 to
8a82959
Compare
dutow
approved these changes
Feb 15, 2019
percona-ysorokin
changed the title
There was a problem hiding this comment.
@hermanlee has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.
hermanlee
requested changes
Feb 22, 2019
| @@ -3375,6 +3370,8 @@ int acl_authenticate(THD *thd, enum_server_command command) { | |||
| DBUG_RETURN(1); | |||
| } | |||
|
|
|||
| thd->update_connection_certificate(); | |||
There was a problem hiding this comment.
Should this check for failure? If acl_check_ssl() returned 0, but then update_connection_certificate() hits a problem allocating memory during Bio_new, the certificate stored for the connection would be "". Would it be safer to fail the authentication?
There was a problem hiding this comment.
@hermanlee My reasoning is that this certificate string stored in THD is used only for information purposes and in my opinion in case of OOM it is better to provide inaccurate information but let users log in rather than completely deny their access. In any case, leaving this up to you to decide. It's not a big deal to rework this.
hermanlee
approved these changes
Mar 6, 2019
facebook-github-bot
pushed a commit
that referenced
this pull request
Mar 11, 2019
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: f29eb03 Reference Patch: c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: #959 Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: b42aeba
facebook-github-bot
pushed a commit
that referenced
this pull request
Nov 18, 2019
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: f29eb03 Reference Patch: c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: #959 Test Plan: Run newly added test case Originally Reviewed By: santoshb Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: d391cad
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jul 21, 2020
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Test Plan: Run newly added test case Originally Reviewed By: santoshb Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: d391cad
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jul 28, 2020
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Test Plan: Run newly added test case Originally Reviewed By: santoshb Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: d391cad
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jul 28, 2020
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Test Plan: Run newly added test case Originally Reviewed By: santoshb Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: d391cad
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jul 29, 2020
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Test Plan: Run newly added test case Originally Reviewed By: santoshb Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: d391cad
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Aug 10, 2020
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Test Plan: Run newly added test case Originally Reviewed By: santoshb Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: d391cad
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Aug 10, 2020
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Test Plan: Run newly added test case Originally Reviewed By: santoshb Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: d391cad
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Sep 7, 2020
Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Test Plan: Run newly added test case Originally Reviewed By: santoshb Reviewed By: lth Differential Revision: D14137362 Pulled By: lth fbshipit-source-id: d391cad
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jun 23, 2023
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
hermanlee
pushed a commit
to hermanlee/mysql-5.6
that referenced
this pull request
Oct 3, 2023
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
hermanlee
pushed a commit
to hermanlee/mysql-5.6
that referenced
this pull request
Oct 18, 2023
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/percona-server
that referenced
this pull request
Apr 16, 2024
…percona#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook/mysql-5.6@f29eb03 Reference Patch: facebook/mysql-5.6@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook/mysql-5.6#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/percona-server
that referenced
this pull request
Apr 17, 2024
…percona#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook/mysql-5.6@f29eb03 Reference Patch: facebook/mysql-5.6@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook/mysql-5.6#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Apr 23, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Apr 25, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 7, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 8, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 9, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 10, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 13, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 15, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 16, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 17, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 21, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 21, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
May 30, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jun 13, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jun 14, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jun 19, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jun 20, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jun 21, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jun 25, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jul 2, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jul 19, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jul 19, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Jul 31, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Aug 2, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
inikep
pushed a commit
to inikep/mysql-5.6
that referenced
this pull request
Aug 6, 2024
facebook#959) Summary: Jira ticket: https://jira.percona.com/browse/FB8-53 Reference Patch: facebook@f29eb03 Reference Patch: facebook@c631017 'THD' class extended with the following convenience methods: - 'has_net_vio()' - 'get_net_vio()' - 'has_net_vio_ssl_arg()' - 'get_net_vio_ssl_arg()' - 'get_peer_certificate_info()' Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl' which populates 'INFORMATION_SCHEMA.AUTHINFO' table. This is a change to help the implementation of SSL based authentication efforts. Currently the certificate details are unavailable to the sys admin. The v3 extensions usually carry important information for identifying the user. This change adds a new table to the information schema to expose auth details. It is organized by process ID like processlist table. Pull Request resolved: facebook#959 Reviewed By: lloyd Differential Revision: D14137362 Pulled By: lth
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira ticket: https://jira.percona.com/browse/FB8-53
Reference Patch: f29eb03
Reference Patch: c631017
'THD' class extended with the following convenience methods:
Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl'
which populates 'INFORMATION_SCHEMA.AUTHINFO' table.
This is a change to help the implementation of SSL based authentication
efforts. Currently the certificate details are unavailable to the sys admin.
The v3 extensions usually carry important information for identifying the
user.
This change adds a new table to the information schema to expose auth
details. It is organized by process ID like processlist table.
Test Plan: Run newly added test case
Originally Reviewed By: santoshb