database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Merge mysql.com:/home/my/mysql-5.0

Browse Source 
into  mysql.com:/home/my/mysql-5.1
This commit is contained in:
monty@mysql.com
2005-11-05 01:32:55 +02:00
parent 3b74bb1b03 303f6b4a7a
commit a6f5375cb0
487 changed files with 26830 additions and 7411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
sql/sql_acl.cc
View File

@ -193,6 +193,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
my_bool return_val= 1;
bool check_no_resolve= specialflag & SPECIAL_NO_RESOLVE;
char tmp_name[NAME_LEN+1];
int password_length;
DBUG_ENTER("acl_load");
grant_version++; /* Privileges updated */
@ -249,7 +250,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
init_read_record(&read_record_info,thd,table=tables[1].table,NULL,1,0);
VOID(my_init_dynamic_array(&acl_users,sizeof(ACL_USER),50,100));
if (table->field[2]->field_length < SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
password_length= table->field[2]->field_length /
table->field[2]->charset()->mbmaxlen;
if (password_length < SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
{
sql_print_error("Fatal error: mysql.user table is damaged or in "
"unsupported 3.20 format.");
@ -257,10 +260,10 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
}
DBUG_PRINT("info",("user table fields: %d, password length: %d",
table->s->fields, table->field[2]->field_length));
table->s->fields, password_length));
pthread_mutex_lock(&LOCK_global_system_variables);
if (table->field[2]->field_length < SCRAMBLED_PASSWORD_CHAR_LENGTH)
if (password_length < SCRAMBLED_PASSWORD_CHAR_LENGTH)
{
if (opt_secure_auth)
{
@ -930,6 +933,9 @@ bool acl_getroot_no_password(Security_context *sctx, char *user, char *host,
ACL_USER *acl_user= 0;
DBUG_ENTER("acl_getroot_no_password");
DBUG_PRINT("enter", ("Host: '%s', Ip: '%s', User: '%s', db: '%s'",
(host ? host : "(NULL)"), (ip ? ip : "(NULL)"),
(user ? user : "(NULL)"), (db ? db : "(NULL)")));
sctx->user= user;
sctx->host= host;
sctx->ip= ip;
@ -1486,6 +1492,11 @@ end:
bool is_acl_user(const char *host, const char *user)
{
bool res;
/* --skip-grants */
if (!initialized)
return TRUE;
VOID(pthread_mutex_lock(&acl_cache->lock));
res= find_acl_user(host, user, TRUE) != NULL;
VOID(pthread_mutex_unlock(&acl_cache->lock));
@ -3504,17 +3515,38 @@ end:
bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
uint show_table, uint number, bool no_errors)
{
TABLE_LIST *table;
TABLE_LIST *table, *first_not_own_table= thd->lex->first_not_own_table();
Security_context *sctx= thd->security_ctx;
uint i;
DBUG_ENTER("check_grant");
DBUG_ASSERT(number > 0);
/*
Walk through the list of tables that belong to the query and save the
requested access (orig_want_privilege) to be able to use it when
checking access rights to the underlying tables of a view. Our grant
system gradually eliminates checked bits from want_privilege and thus
after all checks are done we can no longer use it.
The check that first_not_own_table is not reached is for the case when
the given table list refers to the list for prelocking (contains tables
of other queries). For simple queries first_not_own_table is 0.
*/
for (i= 0, table= tables;
table != first_not_own_table && i < number;
table= table->next_global, i++)
{
/* Remove SHOW_VIEW_ACL, because it will be checked during making view */
table->grant.orig_want_privilege= (want_access & ~SHOW_VIEW_ACL);
}
want_access&= ~sctx->master_access;
if (!want_access)
DBUG_RETURN(0); // ok
rw_rdlock(&LOCK_grant);
for (table= tables; table && number--; table= table->next_global)
for (table= tables;
table && number-- && table != first_not_own_table;
table= table->next_global)
{
GRANT_TABLE *grant_table;
if (!(~table->grant.privilege & want_access) ||
@ -3524,8 +3556,16 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
It is subquery in the FROM clause. VIEW set table->derived after
table opening, but this function always called before table opening.
*/
table->grant.want_privilege= 0;
continue; // Already checked
if (!table->referencing_view)
{
/*
If it's a temporary table created for a subquery in the FROM
clause, or an INFORMATION_SCHEMA table, drop the request for
a privilege.
*/
table->grant.want_privilege= 0;
}
continue;
}
if (!(grant_table= table_hash_search(sctx->host, sctx->ip,
table->db, sctx->priv_user,
@ -5834,24 +5874,37 @@ void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
const char *db, const char *table)
{
Security_context *sctx= thd->security_ctx;
DBUG_ENTER("fill_effective_table_privileges");
DBUG_PRINT("enter", ("Host: '%s', Ip: '%s', User: '%s', table: `%s`.`%s`",
sctx->priv_host, (sctx->ip ? sctx->ip : "(NULL)"),
(sctx->priv_user ? sctx->priv_user : "(NULL)"),
db, table));
/* --skip-grants */
if (!initialized)
{
DBUG_PRINT("info", ("skip grants"));
grant->privilege= ~NO_ACCESS; // everything is allowed
return;
DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege));
DBUG_VOID_RETURN;
}
/* global privileges */
grant->privilege= sctx->master_access;
if (!sctx->priv_user)
return; // it is slave
{
DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege));
DBUG_VOID_RETURN; // it is slave
}
/* db privileges */
grant->privilege|= acl_get(sctx->host, sctx->ip, sctx->priv_user, db, 0);
if (!grant_option)
return;
{
DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege));
DBUG_VOID_RETURN;
}
/* table privileges */
if (grant->version != grant_version)
@ -5868,6 +5921,8 @@ void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
{
grant->privilege|= grant->grant_table->privs;
}
DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege));
DBUG_VOID_RETURN;
}
#else /* NO_EMBEDDED_ACCESS_CHECKS */