Merge remote-tracking branch 'origin/bb-10.2-ext' into 10.3

TODO: enable MDEV-13049 optimization for 10.3
2025-07-29 05:21:33 +03:00 · 2017-10-30 20:47:39 +04:00
parent fe8cf8fdf1 003cb2f424
commit 835cbbcc7b
644 changed files with 35267 additions and 4099 deletions
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -9238,6 +9238,16 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc)
  mysql_mutex_unlock(&acl_cache->lock);
 }

+static int check_role_is_granted_callback(ACL_USER_BASE *grantee, void *data)
+{
+  LEX_CSTRING *rolename= static_cast<LEX_CSTRING *>(data);
+  if (rolename->length == grantee->user.length &&
+      !strcmp(rolename->str, grantee->user.str))
+    return -1; // End search, we've found our role.
+
+  /* Keep looking, we haven't found our role yet. */
+  return 0;
+}

 /*
  Modify a privilege table.
@ -11258,7 +11268,6 @@ bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
 }
 #endif /*NO_EMBEDDED_ACCESS_CHECKS */

-
 SHOW_VAR acl_statistics[] = {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
  {"column_grants",    (char*)show_column_grants,          SHOW_SIMPLE_FUNC},
@ -11274,6 +11283,43 @@ SHOW_VAR acl_statistics[] = {
  {NullS, NullS, SHOW_LONG},
 };

+/* Check if a role is granted to a user/role. We traverse the role graph
+   and return true if we find a match.
+
+   hostname == NULL means we are looking for a role as a starting point,
+   otherwise a user.
+*/
+bool check_role_is_granted(const char *username,
+                           const char *hostname,
+                           const char *rolename)
+{
+  DBUG_ENTER("check_role_is_granted");
+  bool result= false;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  ACL_USER_BASE *root;
+  mysql_mutex_lock(&acl_cache->lock);
+  if (hostname)
+    root= find_user_exact(username, hostname);
+  else
+    root= find_acl_role(username);
+
+  LEX_CSTRING role_lex;
+  role_lex.str= rolename;
+  role_lex.length= strlen(rolename);
+
+  if (root && /* No grantee, nothing to search. */
+      traverse_role_graph_down(root, &role_lex, check_role_is_granted_callback,
+                               NULL) == -1)
+  {
+    /* We have found the role during our search. */
+    result= true;
+  }
+
+  /* We haven't found the role or we had no initial grantee to start from. */
+  mysql_mutex_unlock(&acl_cache->lock);
+#endif
+  DBUG_RETURN(result);
+}

 int fill_schema_enabled_roles(THD *thd, TABLE_LIST *tables, COND *cond)
 {
@ -12402,7 +12448,7 @@ static bool parse_com_change_user_packet(MPVIO_EXT *mpvio, uint packet_length)
  char *end= user + packet_length;
  /* Safe because there is always a trailing \0 at the end of the packet */
  char *passwd= strend(user) + 1;
-  uint user_len= passwd - user - 1;
+  uint user_len= (uint)(passwd - user - 1);
  char *db= passwd;
  char db_buff[SAFE_NAME_LEN + 1];            // buffer to store db in utf8
  char user_buff[USERNAME_LENGTH + 1];	      // buffer to store user in utf8
@ -13662,4 +13708,3 @@ maria_declare_plugin(mysql_password)
  MariaDB_PLUGIN_MATURITY_STABLE                /* Maturity         */
 }
 maria_declare_plugin_end;
-