Merge branch '10.1' into 10.2

2025-07-30 16:24:05 +03:00 · 2017-10-24 14:53:18 +02:00
parent 4ec88ea9c3 2aa51f528f
commit e0a1c745ec
186 changed files with 3332 additions and 1603 deletions
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -9194,6 +9194,16 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc)
  mysql_mutex_unlock(&acl_cache->lock);
 }

+static int check_role_is_granted_callback(ACL_USER_BASE *grantee, void *data)
+{
+  LEX_CSTRING *rolename= static_cast<LEX_CSTRING *>(data);
+  if (rolename->length == grantee->user.length &&
+      !strcmp(rolename->str, grantee->user.str))
+    return -1; // End search, we've found our role.
+
+  /* Keep looking, we haven't found our role yet. */
+  return 0;
+}

 /*
  Modify a privilege table.
@ -11198,7 +11208,6 @@ bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
 }
 #endif /*NO_EMBEDDED_ACCESS_CHECKS */

-
 SHOW_VAR acl_statistics[] = {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
  {"column_grants",    (char*)show_column_grants,          SHOW_SIMPLE_FUNC},
@ -11214,6 +11223,43 @@ SHOW_VAR acl_statistics[] = {
  {NullS, NullS, SHOW_LONG},
 };

+/* Check if a role is granted to a user/role. We traverse the role graph
+   and return true if we find a match.
+
+   hostname == NULL means we are looking for a role as a starting point,
+   otherwise a user.
+*/
+bool check_role_is_granted(const char *username,
+                           const char *hostname,
+                           const char *rolename)
+{
+  DBUG_ENTER("check_role_is_granted");
+  bool result= false;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  ACL_USER_BASE *root;
+  mysql_mutex_lock(&acl_cache->lock);
+  if (hostname)
+    root= find_user_exact(username, hostname);
+  else
+    root= find_acl_role(username);
+
+  LEX_CSTRING role_lex;
+  role_lex.str= rolename;
+  role_lex.length= strlen(rolename);
+
+  if (root && /* No grantee, nothing to search. */
+      traverse_role_graph_down(root, &role_lex, check_role_is_granted_callback,
+                               NULL) == -1)
+  {
+    /* We have found the role during our search. */
+    result= true;
+  }
+
+  /* We haven't found the role or we had no initial grantee to start from. */
+  mysql_mutex_unlock(&acl_cache->lock);
+#endif
+  DBUG_RETURN(result);
+}

 int fill_schema_enabled_roles(THD *thd, TABLE_LIST *tables, COND *cond)
 {
@ -13599,4 +13645,3 @@ maria_declare_plugin(mysql_password)
  MariaDB_PLUGIN_MATURITY_STABLE                /* Maturity         */
 }
 maria_declare_plugin_end;
-