database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

Merge sanja.is.com.ua:/home/bell/mysql/bk/mysql-5.0

Browse Source 
into sanja.is.com.ua:/home/bell/mysql/bk/work-view-5.0
This commit is contained in:
bell@sanja.is.com.ua
2004-11-06 12:46:46 +02:00
parent 3d389a038e b12dfea6be
commit 7eae926e26
1320 changed files with 59307 additions and 22263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
sql/sql_acl.cc
View File

@ -203,7 +203,7 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
host.sort= get_sort(2,host.host.hostname,host.db);
if (check_no_resolve && hostname_requires_resolving(host.host.hostname))
{
sql_print_error("Warning: 'host' entry '%s|%s' "
sql_print_warning("'host' entry '%s|%s' "
"ignored in --skip-name-resolve mode.",
host.host.hostname, host.db, host.host.hostname);
continue;
@ -271,8 +271,8 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
user.user= get_field(&mem, table->field[1]);
if (check_no_resolve && hostname_requires_resolving(user.host.hostname))
{
sql_print_error("Warning: 'user' entry '%s@%s' "
"ignored in --skip-name-resolve mode.",
sql_print_warning("'user' entry '%s@%s' "
"ignored in --skip-name-resolve mode.",
user.user, user.host.hostname, user.host.hostname);
continue;
}
@ -284,16 +284,16 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
{
switch (password_len) {
case 45: /* 4.1: to be removed */
sql_print_error("Found 4.1 style password for user '%s@%s'. "
"Ignoring user. "
"You should change password for this user.",
user.user ? user.user : "",
user.host.hostname ? user.host.hostname : "");
sql_print_warning("Found 4.1 style password for user '%s@%s'. "
"Ignoring user. "
"You should change password for this user.",
user.user ? user.user : "",
user.host.hostname ? user.host.hostname : "");
break;
default:
sql_print_error("Found invalid password for user: '%s@%s'; "
"Ignoring user", user.user ? user.user : "",
user.host.hostname ? user.host.hostname : "");
sql_print_warning("Found invalid password for user: '%s@%s'; "
"Ignoring user", user.user ? user.user : "",
user.host.hostname ? user.host.hostname : "");
break;
}
}
@ -375,15 +375,15 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
db.db=get_field(&mem, table->field[1]);
if (!db.db)
{
sql_print_error("Found an entry in the 'db' table with empty database name; Skipped");
sql_print_warning("Found an entry in the 'db' table with empty database name; Skipped");
continue;
}
db.user=get_field(&mem, table->field[2]);
if (check_no_resolve && hostname_requires_resolving(db.host.hostname))
{
sql_print_error("Warning: 'db' entry '%s %s@%s' "
"ignored in --skip-name-resolve mode.",
db.db, db.user, db.host.hostname, db.host.hostname);
sql_print_warning("'db' entry '%s %s@%s' "
"ignored in --skip-name-resolve mode.",
db.db, db.user, db.host.hostname, db.host.hostname);
continue;
}
db.access=get_access(table,3);
@ -740,9 +740,9 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh,
else
{
if (global_system_variables.log_warnings)
sql_print_error("X509 ciphers mismatch: should be '%s' but is '%s'",
acl_user->ssl_cipher,
SSL_get_cipher(ssl));
sql_print_information("X509 ciphers mismatch: should be '%s' but is '%s'",
acl_user->ssl_cipher,
SSL_get_cipher(ssl));
break;
}
}
@ -764,8 +764,8 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh,
if (strcmp(acl_user->x509_issuer, ptr))
{
if (global_system_variables.log_warnings)
sql_print_error("X509 issuer mismatch: should be '%s' "
"but is '%s'", acl_user->x509_issuer, ptr);
sql_print_information("X509 issuer mismatch: should be '%s' "
"but is '%s'", acl_user->x509_issuer, ptr);
free(ptr);
break;
}
@ -782,7 +782,7 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh,
if (strcmp(acl_user->x509_subject,ptr))
{
if (global_system_variables.log_warnings)
sql_print_error("X509 subject mismatch: '%s' vs '%s'",
sql_print_information("X509 subject mismatch: '%s' vs '%s'",
acl_user->x509_subject, ptr);
}
else
@ -1550,13 +1550,28 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
(byte*) table->field[0]->ptr,0,
HA_READ_KEY_EXACT))
{
if (!create_user)
/* what == 'N' means revoke */
if (what == 'N')
{
if (what == 'N')
my_error(ER_NONEXISTING_GRANT, MYF(0), combo.user.str, combo.host.str);
else
my_error(ER_NO_PERMISSION_TO_CREATE_USER, MYF(0),
thd->user, thd->host_or_ip);
my_error(ER_NONEXISTING_GRANT, MYF(0), combo.user.str, combo.host.str);
goto end;
}
/*
There are four options which affect the process of creation of
a new user(mysqld option --safe-create-user, 'insert' privilege
on 'mysql.user' table, using 'GRANT' with 'IDENTIFIED BY' and
SQL_MODE flag NO_AUTO_CREATE_USER). Below is the simplified rule
how it should work.
if (safe-user-create && ! INSERT_priv) => reject
else if (identified_by) => create
else if (no_auto_create_user) => reject
else create
*/
else if (((thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER) &&
!password_len) || !create_user)
{
my_error(ER_NO_PERMISSION_TO_CREATE_USER, MYF(0),
thd->user, thd->host_or_ip);
goto end;
}
old_row_exists = 0;
@ -1570,6 +1585,17 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
}
else
{
/*
Check that the user isn't trying to change a password for another
user if he doesn't have UPDATE privilege to the MySQL database
*/
DBUG_ASSERT(combo.host.str);
if (thd->user && combo.password.str &&
(strcmp(thd->user,combo.user.str) ||
my_strcasecmp(&my_charset_latin1,
combo.host.str, thd->host_or_ip)) &&
check_access(thd, UPDATE_ACL, "mysql",0,1,0))
goto end;
old_row_exists = 1;
store_record(table,record[1]); // Save copy for update
if (combo.password.str) // If password given
@ -2493,7 +2519,8 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
if (replace_table_table(thd, grant_table, tables[1].table, *Str,
db_name, real_name,
rights, column_priv, revoke_grant))
{ // Crashend table ??
{
/* Should only happen if table is crashed */
result= -1; /* purecov: deadcode */
}
else if (tables[2].table)
@ -2702,10 +2729,10 @@ my_bool grant_init(THD *org_thd)
{
if (hostname_requires_resolving(mem_check->host))
{
sql_print_error("Warning: 'tables_priv' entry '%s %s@%s' "
"ignored in --skip-name-resolve mode.",
mem_check->tname, mem_check->user,
mem_check->host, mem_check->host);
sql_print_warning("'tables_priv' entry '%s %s@%s' "
"ignored in --skip-name-resolve mode.",
mem_check->tname, mem_check->user,
mem_check->host, mem_check->host);
continue;
}
}
@ -3710,7 +3737,7 @@ int mysql_drop_user(THD *thd, List <LEX_USER> &list)
int mysql_revoke_all(THD *thd, List <LEX_USER> &list)
{
uint counter;
uint counter, revoked;
int result;
ACL_DB *acl_db;
TABLE_LIST tables[4];
@ -3743,73 +3770,96 @@ int mysql_revoke_all(THD *thd, List <LEX_USER> &list)
}
/* Remove db access privileges */
for (counter= 0 ; counter < acl_dbs.elements ; counter++)
/*
Because acl_dbs and column_priv_hash shrink and may re-order
as privileges are removed, removal occurs in a repeated loop
until no more privileges are revoked.
*/
do
{
const char *user,*host;
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
if (!(user=acl_db->user))
user= "";
if (!(host=acl_db->host.hostname))
host= "";
if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host))
for (counter= 0, revoked= 0 ; counter < acl_dbs.elements ; )
{
if (replace_db_table(tables[1].table, acl_db->db, *lex_user, ~0, 1))
result= -1;
const char *user,*host;
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
if (!(user=acl_db->user))
user= "";
if (!(host=acl_db->host.hostname))
host= "";
if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host))
{
if (!replace_db_table(tables[1].table, acl_db->db, *lex_user, ~0, 1))
{
/*
Don't increment counter as replace_db_table deleted the
current element in acl_dbs.
*/
revoked= 1;
continue;
}
result= -1; // Something went wrong
}
counter++;
}
}
} while (revoked);
/* Remove column access */
for (counter= 0 ; counter < column_priv_hash.records ; counter++)
do
{
const char *user,*host;
GRANT_TABLE *grant_table= (GRANT_TABLE*) hash_element(&column_priv_hash,
counter);
if (!(user=grant_table->user))
user= "";
if (!(host=grant_table->host))
host= "";
if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host))
for (counter= 0, revoked= 0 ; counter < column_priv_hash.records ; )
{
if (replace_table_table(thd,grant_table,tables[2].table,*lex_user,
grant_table->db,
grant_table->tname,
~0, 0, 1))
const char *user,*host;
GRANT_TABLE *grant_table= (GRANT_TABLE*)hash_element(&column_priv_hash,
counter);
if (!(user=grant_table->user))
user= "";
if (!(host=grant_table->host))
host= "";
if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host))
{
result= -1;
continue;
}
if (grant_table->cols)
{
List<LEX_COLUMN> columns;
if (replace_column_table(grant_table,tables[3].table, *lex_user,
columns,
grant_table->db,
grant_table->tname,
~0, 1))
if (replace_table_table(thd,grant_table,tables[2].table,*lex_user,
grant_table->db,
grant_table->tname,
~0, 0, 1))
{
result= -1;
}
else
{
if (!grant_table->cols)
{
revoked= 1;
continue;
}
List<LEX_COLUMN> columns;
if (!replace_column_table(grant_table,tables[3].table, *lex_user,
columns,
grant_table->db,
grant_table->tname,
~0, 1))
{
revoked= 1;
continue;
}
result= -1;
}
}
counter++;
}
}
} while (revoked);
}
VOID(pthread_mutex_unlock(&acl_cache->lock));
rw_unlock(&LOCK_grant);
close_thread_tables(thd);
/* XXX this should not be necessary. The error message is already printed
by replace_xxx_table. my_error() should be use above instead of
sql_print_error(), and print ER_NONEXISTING_GRANT - as other grant
commands do */
/* when this code is deleted, the error slot (error 1268) can be reused,
as this error code was not present in any MySQL release */
if (result)
my_error(ER_REVOKE_GRANTS, MYF(0));
DBUG_RETURN(result);
}