database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Merge 10.3 into 10.4

Browse Source
This commit is contained in:
Marko Mäkelä
2018-12-07 16:12:17 +02:00
parent a00f8bc3ad 21069c528e
commit ce8716a1ed
16 changed files with 217 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
sql/sql_acl.cc
View File

@ -596,7 +596,9 @@ bool ROLE_GRANT_PAIR::init(MEM_ROOT *mem, const char *username,
/* Flag to mark that on_node was already called for this role */
#define ROLE_OPENED (1L << 3)
static DYNAMIC_ARRAY acl_hosts, acl_users, acl_dbs, acl_proxy_users;
static DYNAMIC_ARRAY acl_hosts, acl_users, acl_proxy_users;
static Dynamic_array<ACL_DB> acl_dbs(0U,50U);
typedef Dynamic_array<ACL_DB>::CMP_FUNC acl_dbs_cmp;
static HASH acl_roles;
/*
An hash containing mappings user <--> role
@ -2043,11 +2045,11 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
db.access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL;
}
#endif
(void) push_dynamic(&acl_dbs,(uchar*) &db);
acl_dbs.push(db);
}
rebuild_acl_dbs();
end_read_record(&read_record_info);
freeze_size(&acl_dbs);
rebuild_acl_dbs();
acl_dbs.freeze();
const Proxies_priv_table& proxies_priv_table= tables.proxies_priv_table();
if (proxies_priv_table.table_exists())
@ -2126,7 +2128,7 @@ void acl_free(bool end)
free_root(&acl_memroot,MYF(0));
delete_dynamic(&acl_hosts);
delete_dynamic_with_callback(&acl_users, (FREE_FUNC) free_acl_user);
delete_dynamic(&acl_dbs);
acl_dbs.free_memory();
delete_dynamic(&acl_wild_hosts);
delete_dynamic(&acl_proxy_users);
my_hash_free(&acl_check_hosts);
@ -2164,7 +2166,8 @@ void acl_free(bool end)
bool acl_reload(THD *thd)
{
DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_dbs, old_acl_proxy_users;
DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_proxy_users;
Dynamic_array<ACL_DB> old_acl_dbs(0U,0U);
HASH old_acl_roles, old_acl_roles_mappings;
MEM_ROOT old_mem;
int result;
@ -2200,7 +2203,7 @@ bool acl_reload(THD *thd)
old_acl_dbs= acl_dbs;
my_init_dynamic_array(&acl_hosts, sizeof(ACL_HOST), 20, 50, MYF(0));
my_init_dynamic_array(&acl_users, sizeof(ACL_USER), 50, 100, MYF(0));
my_init_dynamic_array(&acl_dbs, sizeof(ACL_DB), 50, 100, MYF(0));
acl_dbs.init(50, 100);
my_init_dynamic_array(&acl_proxy_users, sizeof(ACL_PROXY_USER), 50, 100, MYF(0));
my_hash_init2(&acl_roles,50, &my_charset_utf8_bin,
0, 0, 0, (my_hash_get_key) acl_role_get_key, 0,
@ -2221,6 +2224,7 @@ bool acl_reload(THD *thd)
acl_roles_mappings= old_acl_roles_mappings;
acl_proxy_users= old_acl_proxy_users;
acl_dbs= old_acl_dbs;
old_acl_dbs.init(0,0);
acl_memroot= old_mem;
init_check_host();
}
@ -2231,7 +2235,6 @@ bool acl_reload(THD *thd)
delete_dynamic(&old_acl_hosts);
delete_dynamic_with_callback(&old_acl_users, (FREE_FUNC) free_acl_user);
delete_dynamic(&old_acl_proxy_users);
delete_dynamic(&old_acl_dbs);
my_hash_free(&old_acl_roles_mappings);
}
mysql_mutex_unlock(&acl_cache->lock);
@ -2369,8 +2372,7 @@ static void rebuild_acl_users()
static void rebuild_acl_dbs()
{
my_qsort((uchar*)dynamic_element(&acl_dbs, 0, ACL_DB*), acl_dbs.elements,
sizeof(ACL_DB), (qsort_cmp)acl_db_compare);
acl_dbs.sort(acl_db_compare);
}
@ -2416,7 +2418,7 @@ static uint acl_find_user_by_name(const char *user)
static uint acl_find_db_by_username(const char *user)
{
return find_first_user<ACL_DB>((ACL_DB *)acl_dbs.buffer, acl_dbs.elements, user);
return find_first_user<ACL_DB>(acl_dbs.front(), acl_dbs.elements(), user);
}
static bool match_db(ACL_DB *acl_db, const char *db, my_bool db_is_pattern)
@ -2437,17 +2439,15 @@ static bool match_db(ACL_DB *acl_db, const char *db, my_bool db_is_pattern)
This function uses optimizations (binary search by username), yet preserves the
historical behavior, i.e the returns a match with highest ACL_ENTRY::sort.
*/
template <typename T> T* find_by_username_or_anon(DYNAMIC_ARRAY *dynarray, const char *user,
template <typename T> T* find_by_username_or_anon(T* arr, size_t len, const char *user,
const char *host, const char *ip,
const char *db, my_bool db_is_pattern, bool (*match_db_func)(T*,const char *,my_bool))
{
uint i;
size_t i;
T *ret = NULL;
T* arr= (T*)dynarray->buffer;
uint len= dynarray->elements;
// Check entries matching user name.
uint start = find_first_user(arr, len, user);
size_t start = find_first_user(arr, len, user);
for (i= start; i < len; i++)
{
T *entry= &arr[i];
@ -2479,7 +2479,8 @@ template <typename T> T* find_by_username_or_anon(DYNAMIC_ARRAY *dynarray, const
static ACL_DB *acl_db_find(const char *db, const char *user, const char *host, const char *ip, my_bool db_is_pattern)
{
return find_by_username_or_anon<ACL_DB>(&acl_dbs, user, host, ip, db, db_is_pattern, match_db);
return find_by_username_or_anon(acl_dbs.front(), acl_dbs.elements(),
user, host, ip, db, db_is_pattern, match_db);
}
@ -2535,9 +2536,8 @@ bool acl_getroot(Security_context *sctx, const char *user, const char *host,
if (acl_user)
{
res= 0;
ACL_DB *acl_db= acl_db_find(db, user, host, ip, FALSE);
if(acl_db)
sctx->db_access = acl_db->access;
if (ACL_DB *acl_db= acl_db_find(db, user, host, ip, FALSE))
sctx->db_access= acl_db->access;
sctx->master_access= acl_user->access;
@ -2553,8 +2553,7 @@ bool acl_getroot(Security_context *sctx, const char *user, const char *host,
if (acl_role)
{
res= 0;
ACL_DB *acl_db = acl_db_find(db, user, "", "", FALSE);
if (acl_db)
if (ACL_DB *acl_db= acl_db_find(db, user, "", "", FALSE))
sctx->db_access = acl_db->access;
sctx->master_access= acl_role->access;
@ -2755,10 +2754,10 @@ static bool acl_update_db(const char *user, const char *host, const char *db,
bool updated= false;
for (uint i=acl_find_db_by_username(user) ; i < acl_dbs.elements ; i++)
for (uint i= acl_find_db_by_username(user); i < acl_dbs.elements(); i++)
{
ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*);
if (!strcmp(user, acl_db->user))
ACL_DB *acl_db= &acl_dbs.at(i);
if (!strcmp(user,acl_db->user))
{
if ((!acl_db->host.hostname && !host[0]) ||
(acl_db->host.hostname && !strcmp(host, acl_db->host.hostname)))
@ -2773,7 +2772,7 @@ static bool acl_update_db(const char *user, const char *host, const char *db,
acl_db->initial_access= acl_db->access;
}
else
delete_dynamic_element(&acl_dbs,i);
acl_dbs.del(i);
updated= true;
}
}
@ -2810,7 +2809,7 @@ static void acl_insert_db(const char *user, const char *host, const char *db,
acl_db.db=strdup_root(&acl_memroot,db);
acl_db.initial_access= acl_db.access= privileges;
acl_db.sort=get_sort(3,acl_db.host.hostname,acl_db.db,acl_db.user);
(void) push_dynamic(&acl_dbs,(uchar*) &acl_db);
acl_dbs.push(acl_db);
rebuild_acl_dbs();
}
@ -2857,9 +2856,7 @@ ulong acl_get(const char *host, const char *ip,
/*
Check if there are some access rights for database and user
*/
ACL_DB *acl_db = acl_db_find(db,user, host, ip, db_is_pattern);
if (acl_db)
if (ACL_DB *acl_db= acl_db_find(db,user, host, ip, db_is_pattern))
{
db_access= acl_db->access;
if (acl_db->host.hostname)
@ -3523,7 +3520,9 @@ bool is_acl_user(const char *host, const char *user)
*/
static ACL_USER *find_user_or_anon(const char *host, const char *user, const char *ip)
{
return find_by_username_or_anon<ACL_USER>(&acl_users,user,host, ip, 0, false, 0);
return find_by_username_or_anon<ACL_USER>
(reinterpret_cast<ACL_USER*>(acl_users.buffer), acl_users.elements,
user, host, ip, NULL, FALSE, NULL);
}
@ -5674,15 +5673,15 @@ static bool merge_role_global_privileges(ACL_ROLE *grantee)
return old != grantee->access;
}
static int db_name_sort(ACL_DB * const *db1, ACL_DB * const *db2)
static int db_name_sort(const int *db1, const int *db2)
{
return strcmp((*db1)->db, (*db2)->db);
return strcmp(acl_dbs.at(*db1).db, acl_dbs.at(*db2).db);
}
/**
update ACL_DB for given database and a given role with merged privileges
@param merged ACL_DB of the role in question (or NULL if it wasn't found)
@param merged ACL_DB of the role in question (or -1 if it wasn't found)
@param first first ACL_DB in an array for the database in question
@param access new privileges for the given role on the gived database
@param role the name of the given role
@ -5692,15 +5691,15 @@ static int db_name_sort(ACL_DB * const *db1, ACL_DB * const *db2)
2 - ACL_DB was added
4 - ACL_DB was deleted
*/
static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access,
static int update_role_db(int merged, int first, ulong access,
const char *role)
{
if (!first)
if (first < 0)
return 0;
DBUG_EXECUTE_IF("role_merge_stats", role_db_merges++;);
if (merged == NULL)
if (merged < 0)
{
/*
there's no ACL_DB for this role (all db grants come from granted roles)
@ -5715,11 +5714,11 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access,
acl_db.user= role;
acl_db.host.hostname= const_cast<char*>("");
acl_db.host.ip= acl_db.host.ip_mask= 0;
acl_db.db= first[0]->db;
acl_db.db= acl_dbs.at(first).db;
acl_db.access= access;
acl_db.initial_access= 0;
acl_db.sort=get_sort(3, "", acl_db.db, role);
push_dynamic(&acl_dbs,(uchar*) &acl_db);
acl_dbs.push(acl_db);
return 2;
}
else if (access == 0)
@ -5735,13 +5734,13 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access,
2. it's O(N) operation, and we may need many of them
so we only mark elements deleted and will delete later.
*/
merged->sort= 0; // mark for deletion
acl_dbs.at(merged).sort= 0; // lower than any valid ACL_DB sort value, will be sorted last
return 4;
}
else if (merged->access != access)
else if (acl_dbs.at(merged).access != access)
{
/* this is easy */
merged->access= access;
acl_dbs.at(merged).access= access;
return 1;
}
return 0;
@ -5756,7 +5755,7 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access,
static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
role_hash_t *rhash)
{
Dynamic_array<ACL_DB *> dbs;
Dynamic_array<int> dbs;
/*
Supposedly acl_dbs can be huge, but only a handful of db grants
@ -5764,9 +5763,9 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
Collect these applicable db grants.
*/
for (uint i=0 ; i < acl_dbs.elements ; i++)
for (uint i=0 ; i < acl_dbs.elements() ; i++)
{
ACL_DB *db= dynamic_element(&acl_dbs,i,ACL_DB*);
ACL_DB *db= &acl_dbs.at(i);
if (db->host.hostname[0])
continue;
if (dbname && strcmp(db->db, dbname))
@ -5774,7 +5773,7 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
ACL_ROLE *r= rhash->find(db->user, strlen(db->user));
if (!r)
continue;
dbs.append(db);
dbs.append(i);
}
dbs.sort(db_name_sort);
@ -5783,21 +5782,21 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
(that should be merged) are sorted together. The grantee's ACL_DB element
is not necessarily the first and may be not present at all.
*/
ACL_DB **first= NULL, *merged= NULL;
int first= -1, merged= -1;
ulong access= 0, update_flags= 0;
for (ACL_DB **cur= dbs.front(); cur <= dbs.back(); cur++)
for (int *p= dbs.front(); p <= dbs.back(); p++)
{
if (!first || (!dbname && strcmp(cur[0]->db, cur[-1]->db)))
if (first<0 || (!dbname && strcmp(acl_dbs.at(*p).db, acl_dbs.at(*p-1).db)))
{ // new db name series
update_flags|= update_role_db(merged, first, access, grantee->user.str);
merged= NULL;
merged= -1;
access= 0;
first= cur;
first= *p;
}
if (strcmp(cur[0]->user, grantee->user.str) == 0)
access|= (merged= cur[0])->initial_access;
if (strcmp(acl_dbs.at(*p).user, grantee->user.str) == 0)
access|= acl_dbs.at(merged= *p).initial_access;
else
access|= cur[0]->access;
access|= acl_dbs.at(*p).access;
}
update_flags|= update_role_db(merged, first, access, grantee->user.str);
@ -5805,17 +5804,17 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
{
// Remove elements marked for deletion.
uint count= 0;
for(uint i= 0; i < acl_dbs.elements; i++)
for(uint i= 0; i < acl_dbs.elements(); i++)
{
ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*);
ACL_DB *acl_db= &acl_dbs.at(i);
if (acl_db->sort)
{
if (i > count)
set_dynamic(&acl_dbs, acl_db, count);
acl_dbs.set(count, *acl_db);
count++;
}
}
acl_dbs.elements= count;
acl_dbs.elements(count);
}
@ -8770,16 +8769,14 @@ static bool show_database_privileges(THD *thd, const char *username,
const char *hostname,
char *buff, size_t buffsize)
{
ACL_DB *acl_db;
ulong want_access;
uint counter;
Protocol *protocol= thd->protocol;
for (counter=0 ; counter < acl_dbs.elements ; counter++)
for (uint i=0 ; i < acl_dbs.elements() ; i++)
{
const char *user, *host;
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
ACL_DB *acl_db= &acl_dbs.at(i);
user= acl_db->user;
host=acl_db->host.hostname;
@ -9534,7 +9531,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
elements= acl_users.elements;
break;
case DB_ACL:
elements= acl_dbs.elements;
elements= acl_dbs.elements();
break;
case COLUMN_PRIVILEGES_HASH:
grant_name_hash= &column_priv_hash;
@ -9586,7 +9583,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
break;
case DB_ACL:
acl_db= dynamic_element(&acl_dbs, idx, ACL_DB*);
acl_db= &acl_dbs.at(idx);
user= acl_db->user;
host= acl_db->host.hostname;
break;
@ -9670,7 +9667,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
break;
case DB_ACL:
delete_dynamic_element(&acl_dbs, idx);
acl_dbs.del(idx);
break;
case COLUMN_PRIVILEGES_HASH:
@ -10565,11 +10562,11 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
*/
do
{
for (counter= 0, revoked= 0 ; counter < acl_dbs.elements ; )
for (counter= 0, revoked= 0 ; counter < acl_dbs.elements() ; )
{
const char *user,*host;
const char *user, *host;
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
acl_db= &acl_dbs.at(counter);
user= acl_db->user;
host= safe_str(acl_db->host.hostname);
@ -11172,6 +11169,14 @@ static int show_column_grants(THD *thd, SHOW_VAR *var, char *buff,
return 0;
}
static int show_database_grants(THD *thd, SHOW_VAR *var, char *buff,
enum enum_var_type scope)
{
var->type= SHOW_UINT;
var->value= buff;
*(uint *)buff= acl_dbs.elements();
return 0;
}
#else
bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
@ -11183,7 +11188,7 @@ bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
SHOW_VAR acl_statistics[] = {
#ifndef NO_EMBEDDED_ACCESS_CHECKS
{"column_grants", (char*)show_column_grants, SHOW_SIMPLE_FUNC},
{"database_grants", (char*)&acl_dbs.elements, SHOW_UINT},
{"database_grants", (char*)show_database_grants, SHOW_SIMPLE_FUNC},
{"function_grants", (char*)&func_priv_hash.records, SHOW_ULONG},
{"procedure_grants", (char*)&proc_priv_hash.records, SHOW_ULONG},
{"package_spec_grants", (char*)&package_spec_priv_hash.records, SHOW_ULONG},
@ -11456,11 +11461,11 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
DBUG_RETURN(0);
mysql_mutex_lock(&acl_cache->lock);
for (counter=0 ; counter < acl_dbs.elements ; counter++)
for (counter=0 ; counter < acl_dbs.elements() ; counter++)
{
const char *user, *host, *is_grantable="YES";
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
acl_db=&acl_dbs.at(counter);
user= acl_db->user;
host= safe_str(acl_db->host.hostname);