database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

Merge branch '10.0' into 10.1

Browse Source
This commit is contained in:
Sergei Golubchik
2018-12-06 15:08:42 +01:00
parent 328d7779bc daca7e70d7
commit 6491c591b2
8 changed files with 159 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
sql/sql_acl.cc
View File

@ -714,7 +714,9 @@ bool ROLE_GRANT_PAIR::init(MEM_ROOT *mem, char *username,
/* Flag to mark that on_node was already called for this role */
#define ROLE_OPENED (1L << 3)
static DYNAMIC_ARRAY acl_hosts, acl_users, acl_dbs, acl_proxy_users;
static DYNAMIC_ARRAY acl_hosts, acl_users, acl_proxy_users;
static Dynamic_array<ACL_DB> acl_dbs(0U,50U);
typedef Dynamic_array<ACL_DB>::CMP_FUNC acl_dbs_cmp;
static HASH acl_roles;
/*
An hash containing mappings user <--> role
@ -1582,12 +1584,11 @@ static bool acl_load(THD *thd, TABLE_LIST *tables)
db.access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL;
}
#endif
(void) push_dynamic(&acl_dbs,(uchar*) &db);
acl_dbs.push(db);
}
my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements,
sizeof(ACL_DB),(qsort_cmp) acl_compare);
end_read_record(&read_record_info);
freeze_size(&acl_dbs);
acl_dbs.sort((acl_dbs_cmp)acl_compare);
acl_dbs.freeze();
if ((table= tables[PROXIES_PRIV_TABLE].table))
{
@ -1675,7 +1676,7 @@ void acl_free(bool end)
free_root(&acl_memroot,MYF(0));
delete_dynamic(&acl_hosts);
delete_dynamic_with_callback(&acl_users, (FREE_FUNC) free_acl_user);
delete_dynamic(&acl_dbs);
acl_dbs.free_memory();
delete_dynamic(&acl_wild_hosts);
delete_dynamic(&acl_proxy_users);
my_hash_free(&acl_check_hosts);
@ -1714,7 +1715,8 @@ void acl_free(bool end)
bool acl_reload(THD *thd)
{
TABLE_LIST tables[TABLES_MAX];
DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_dbs, old_acl_proxy_users;
DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_proxy_users;
Dynamic_array<ACL_DB> old_acl_dbs(0U,0U);
HASH old_acl_roles, old_acl_roles_mappings;
MEM_ROOT old_mem;
int result;
@ -1749,7 +1751,7 @@ bool acl_reload(THD *thd)
old_acl_dbs= acl_dbs;
my_init_dynamic_array(&acl_hosts, sizeof(ACL_HOST), 20, 50, MYF(0));
my_init_dynamic_array(&acl_users, sizeof(ACL_USER), 50, 100, MYF(0));
my_init_dynamic_array(&acl_dbs, sizeof(ACL_DB), 50, 100, MYF(0));
acl_dbs.init(50, 100);
my_init_dynamic_array(&acl_proxy_users, sizeof(ACL_PROXY_USER), 50, 100, MYF(0));
my_hash_init2(&acl_roles,50, &my_charset_utf8_bin,
0, 0, 0, (my_hash_get_key) acl_role_get_key, 0,
@ -1770,6 +1772,7 @@ bool acl_reload(THD *thd)
acl_roles_mappings= old_acl_roles_mappings;
acl_proxy_users= old_acl_proxy_users;
acl_dbs= old_acl_dbs;
old_acl_dbs.init(0,0);
acl_memroot= old_mem;
init_check_host();
}
@ -1780,7 +1783,6 @@ bool acl_reload(THD *thd)
delete_dynamic(&old_acl_hosts);
delete_dynamic_with_callback(&old_acl_users, (FREE_FUNC) free_acl_user);
delete_dynamic(&old_acl_proxy_users);
delete_dynamic(&old_acl_dbs);
my_hash_free(&old_acl_roles_mappings);
}
mysql_mutex_unlock(&acl_cache->lock);
@ -1963,9 +1965,9 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
if (acl_user)
{
res= 0;
for (i=0 ; i < acl_dbs.elements ; i++)
for (i=0 ; i < acl_dbs.elements() ; i++)
{
ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*);
ACL_DB *acl_db= &acl_dbs.at(i);
if (!acl_db->user ||
(user && user[0] && !strcmp(user, acl_db->user)))
{
@ -1994,9 +1996,9 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
if (acl_role)
{
res= 0;
for (i=0 ; i < acl_dbs.elements ; i++)
for (i=0 ; i < acl_dbs.elements() ; i++)
{
ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*);
ACL_DB *acl_db= &acl_dbs.at(i);
if (!acl_db->user ||
(user && user[0] && !strcmp(user, acl_db->user)))
{
@ -2289,9 +2291,9 @@ static bool acl_update_db(const char *user, const char *host, const char *db,
bool updated= false;
for (uint i=0 ; i < acl_dbs.elements ; i++)
for (uint i=0 ; i < acl_dbs.elements() ; i++)
{
ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*);
ACL_DB *acl_db= &acl_dbs.at(i);
if ((!acl_db->user && !user[0]) ||
(acl_db->user &&
!strcmp(user,acl_db->user)))
@ -2310,7 +2312,7 @@ static bool acl_update_db(const char *user, const char *host, const char *db,
acl_db->initial_access= acl_db->access;
}
else
delete_dynamic_element(&acl_dbs,i);
acl_dbs.del(i);
updated= true;
}
}
@ -2345,9 +2347,8 @@ static void acl_insert_db(const char *user, const char *host, const char *db,
acl_db.db=strdup_root(&acl_memroot,db);
acl_db.initial_access= acl_db.access= privileges;
acl_db.sort=get_sort(3,acl_db.host.hostname,acl_db.db,acl_db.user);
(void) push_dynamic(&acl_dbs,(uchar*) &acl_db);
my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements,
sizeof(ACL_DB),(qsort_cmp) acl_compare);
acl_dbs.push(acl_db);
acl_dbs.sort((acl_dbs_cmp)acl_compare);
}
@ -2393,9 +2394,9 @@ ulong acl_get(const char *host, const char *ip,
/*
Check if there are some access rights for database and user
*/
for (i=0 ; i < acl_dbs.elements ; i++)
for (i=0 ; i < acl_dbs.elements() ; i++)
{
ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*);
ACL_DB *acl_db= &acl_dbs.at(i);
if (!acl_db->user || !strcmp(user,acl_db->user))
{
if (compare_hostname(&acl_db->host,host,ip))
@ -5195,9 +5196,9 @@ static bool merge_role_global_privileges(ACL_ROLE *grantee)
return old != grantee->access;
}
static int db_name_sort(ACL_DB * const *db1, ACL_DB * const *db2)
static int db_name_sort(const int *db1, const int *db2)
{
return strcmp((*db1)->db, (*db2)->db);
return strcmp(acl_dbs.at(*db1).db, acl_dbs.at(*db2).db);
}
/**
@ -5213,14 +5214,14 @@ static int db_name_sort(ACL_DB * const *db1, ACL_DB * const *db2)
2 - ACL_DB was added
4 - ACL_DB was deleted
*/
static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *role)
static int update_role_db(int merged, int first, ulong access, char *role)
{
if (!first)
if (first < 0)
return 0;
DBUG_EXECUTE_IF("role_merge_stats", role_db_merges++;);
if (merged == NULL)
if (merged < 0)
{
/*
there's no ACL_DB for this role (all db grants come from granted roles)
@ -5235,11 +5236,11 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro
acl_db.user= role;
acl_db.host.hostname= const_cast<char*>("");
acl_db.host.ip= acl_db.host.ip_mask= 0;
acl_db.db= first[0]->db;
acl_db.db= acl_dbs.at(first).db;
acl_db.access= access;
acl_db.initial_access= 0;
acl_db.sort=get_sort(3, "", acl_db.db, role);
push_dynamic(&acl_dbs,(uchar*) &acl_db);
acl_dbs.push(acl_db);
return 2;
}
else if (access == 0)
@ -5255,13 +5256,13 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro
2. it's O(N) operation, and we may need many of them
so we only mark elements deleted and will delete later.
*/
merged->sort= 0; // lower than any valid ACL_DB sort value, will be sorted last
acl_dbs.at(merged).sort= 0; // lower than any valid ACL_DB sort value, will be sorted last
return 4;
}
else if (merged->access != access)
else if (acl_dbs.at(merged).access != access)
{
/* this is easy */
merged->access= access;
acl_dbs.at(merged).access= access;
return 1;
}
return 0;
@ -5276,7 +5277,7 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro
static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
role_hash_t *rhash)
{
Dynamic_array<ACL_DB *> dbs;
Dynamic_array<int> dbs;
/*
Supposedly acl_dbs can be huge, but only a handful of db grants
@ -5284,9 +5285,9 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
Collect these applicable db grants.
*/
for (uint i=0 ; i < acl_dbs.elements ; i++)
for (uint i=0 ; i < acl_dbs.elements() ; i++)
{
ACL_DB *db= dynamic_element(&acl_dbs,i,ACL_DB*);
ACL_DB *db= &acl_dbs.at(i);
if (db->host.hostname[0])
continue;
if (dbname && strcmp(db->db, dbname))
@ -5294,7 +5295,7 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
ACL_ROLE *r= rhash->find(db->user, strlen(db->user));
if (!r)
continue;
dbs.append(db);
dbs.append(i);
}
dbs.sort(db_name_sort);
@ -5303,21 +5304,21 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
(that should be merged) are sorted together. The grantee's ACL_DB element
is not necessarily the first and may be not present at all.
*/
ACL_DB **first= NULL, *UNINIT_VAR(merged);
int first= -1, merged= -1;
ulong UNINIT_VAR(access), update_flags= 0;
for (ACL_DB **cur= dbs.front(); cur <= dbs.back(); cur++)
for (int *p= dbs.front(); p <= dbs.back(); p++)
{
if (!first || (!dbname && strcmp(cur[0]->db, cur[-1]->db)))
if (first<0 || (!dbname && strcmp(acl_dbs.at(*p).db, acl_dbs.at(*p-1).db)))
{ // new db name series
update_flags|= update_role_db(merged, first, access, grantee->user.str);
merged= NULL;
merged= -1;
access= 0;
first= cur;
first= *p;
}
if (strcmp(cur[0]->user, grantee->user.str) == 0)
access|= (merged= cur[0])->initial_access;
if (strcmp(acl_dbs.at(*p).user, grantee->user.str) == 0)
access|= acl_dbs.at(merged= *p).initial_access;
else
access|= cur[0]->access;
access|= acl_dbs.at(*p).access;
}
update_flags|= update_role_db(merged, first, access, grantee->user.str);
@ -5330,14 +5331,12 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
*/
if (update_flags & (2|4))
{ // inserted or deleted, need to sort
my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements,
sizeof(ACL_DB),(qsort_cmp) acl_compare);
acl_dbs.sort((acl_dbs_cmp)acl_compare);
}
if (update_flags & 4)
{ // deleted, trim the end
while (acl_dbs.elements &&
dynamic_element(&acl_dbs, acl_dbs.elements-1, ACL_DB*)->sort == 0)
acl_dbs.elements--;
while (acl_dbs.elements() && acl_dbs.back()->sort == 0)
acl_dbs.pop();
}
return update_flags;
}
@ -8130,16 +8129,14 @@ static bool show_database_privileges(THD *thd, const char *username,
const char *hostname,
char *buff, size_t buffsize)
{
ACL_DB *acl_db;
ulong want_access;
uint counter;
Protocol *protocol= thd->protocol;
for (counter=0 ; counter < acl_dbs.elements ; counter++)
for (uint i=0 ; i < acl_dbs.elements() ; i++)
{
const char *user, *host;
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
ACL_DB *acl_db= &acl_dbs.at(i);
user= safe_str(acl_db->user);
host=acl_db->host.hostname;
@ -8958,7 +8955,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
elements= acl_users.elements;
break;
case DB_ACL:
elements= acl_dbs.elements;
elements= acl_dbs.elements();
break;
case COLUMN_PRIVILEGES_HASH:
grant_name_hash= &column_priv_hash;
@ -9002,7 +8999,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
break;
case DB_ACL:
acl_db= dynamic_element(&acl_dbs, idx, ACL_DB*);
acl_db= &acl_dbs.at(idx);
user= acl_db->user;
host= acl_db->host.hostname;
break;
@ -9086,7 +9083,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
break;
case DB_ACL:
delete_dynamic_element(&acl_dbs, idx);
acl_dbs.del(idx);
break;
case COLUMN_PRIVILEGES_HASH:
@ -9850,11 +9847,11 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
*/
do
{
for (counter= 0, revoked= 0 ; counter < acl_dbs.elements ; )
for (counter= 0, revoked= 0 ; counter < acl_dbs.elements() ; )
{
const char *user,*host;
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
acl_db=&acl_dbs.at(counter);
user= safe_str(acl_db->user);
host= safe_str(acl_db->host.hostname);
@ -10467,6 +10464,14 @@ static int show_column_grants(THD *thd, SHOW_VAR *var, char *buff,
return 0;
}
static int show_database_grants(THD *thd, SHOW_VAR *var, char *buff,
enum enum_var_type scope)
{
var->type= SHOW_UINT;
var->value= buff;
*(uint *)buff= acl_dbs.elements();
return 0;
}
#else
bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
@ -10478,7 +10483,7 @@ bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
SHOW_VAR acl_statistics[] = {
#ifndef NO_EMBEDDED_ACCESS_CHECKS
{"column_grants", (char*)show_column_grants, SHOW_SIMPLE_FUNC},
{"database_grants", (char*)&acl_dbs.elements, SHOW_UINT},
{"database_grants", (char*)show_database_grants, SHOW_SIMPLE_FUNC},
{"function_grants", (char*)&func_priv_hash.records, SHOW_ULONG},
{"procedure_grants", (char*)&proc_priv_hash.records, SHOW_ULONG},
{"proxy_users", (char*)&acl_proxy_users.elements, SHOW_UINT},
@ -10749,11 +10754,11 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
DBUG_RETURN(0);
mysql_mutex_lock(&acl_cache->lock);
for (counter=0 ; counter < acl_dbs.elements ; counter++)
for (counter=0 ; counter < acl_dbs.elements() ; counter++)
{
const char *user, *host, *is_grantable="YES";
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
acl_db=&acl_dbs.at(counter);
user= safe_str(acl_db->user);
host= safe_str(acl_db->host.hostname);