diff options
| author | unknown <hf@deer.(none)> | 2003-09-26 15:40:26 +0500 |
|---|---|---|
| committer | unknown <hf@deer.(none)> | 2003-09-26 15:40:26 +0500 |
| commit | dbb9596727c043805790c9cc24cc8726569d723e (patch) | |
| tree | b80c6147c3a9929ec4e00bac55883c6d575ac2a4 | |
| parent | 23dfae40f6b0c0a0d873a248b6a3428b3b6d7cae (diff) | |
| parent | 1705369809aaa17407ce0bd25fdd15607cdf32b0 (diff) | |
| download | mariadb-git-dbb9596727c043805790c9cc24cc8726569d723e.tar.gz | |
Merge
include/mysql.h:
Auto merged
sql/item_strfunc.cc:
Auto merged
sql/log.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/repl_failsafe.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_cache.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_derived.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql-common/client.c:
Auto merged
sql/sql_prepare.cc:
Auto merged
sql/sql_repl.cc:
Auto merged
sql/sql_show.cc:
Auto merged
libmysqld/lib_sql.cc:
SCCS merged
libmysqld/libmysqld.c:
SCCS merged
sql/sql_parse.cc:
SCCS merged
| -rw-r--r-- | include/mysql.h | 3 | ||||
| -rw-r--r-- | libmysqld/Makefile.am | 1 | ||||
| -rw-r--r-- | libmysqld/lib_sql.cc | 93 | ||||
| -rw-r--r-- | libmysqld/libmysqld.c | 86 | ||||
| -rw-r--r-- | sql-common/client.c | 7 | ||||
| -rw-r--r-- | sql/item_strfunc.cc | 2 | ||||
| -rw-r--r-- | sql/log.cc | 14 | ||||
| -rw-r--r-- | sql/mysql_priv.h | 18 | ||||
| -rw-r--r-- | sql/mysqld.cc | 12 | ||||
| -rw-r--r-- | sql/repl_failsafe.cc | 3 | ||||
| -rw-r--r-- | sql/set_var.cc | 13 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 95 | ||||
| -rw-r--r-- | sql/sql_acl.h | 6 | ||||
| -rw-r--r-- | sql/sql_base.cc | 6 | ||||
| -rw-r--r-- | sql/sql_cache.cc | 2 | ||||
| -rw-r--r-- | sql/sql_class.cc | 4 | ||||
| -rw-r--r-- | sql/sql_db.cc | 8 | ||||
| -rw-r--r-- | sql/sql_derived.cc | 10 | ||||
| -rw-r--r-- | sql/sql_insert.cc | 9 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 290 | ||||
| -rw-r--r-- | sql/sql_prepare.cc | 27 | ||||
| -rw-r--r-- | sql/sql_repl.cc | 4 | ||||
| -rw-r--r-- | sql/sql_show.cc | 11 | ||||
| -rw-r--r-- | sql/sql_update.cc | 8 |
24 files changed, 445 insertions, 287 deletions
diff --git a/include/mysql.h b/include/mysql.h index 2e9147894ca..963c35e92ea 100644 --- a/include/mysql.h +++ b/include/mysql.h @@ -142,7 +142,7 @@ enum mysql_option MYSQL_OPT_PROTOCOL, MYSQL_SHARED_MEMORY_BASE_NAME, MYSQL_OPT_READ_TIMEOUT, MYSQL_OPT_WRITE_TIMEOUT, MYSQL_OPT_USE_RESULT, MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION, - MYSQL_OPT_GUESS_CONNECTION + MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP }; struct st_mysql_options { @@ -180,6 +180,7 @@ struct st_mysql_options { my_bool separate_thread; #endif enum mysql_option methods_to_use; + char *client_ip; }; enum mysql_status diff --git a/libmysqld/Makefile.am b/libmysqld/Makefile.am index b22ff9e5001..09b03bce79a 100644 --- a/libmysqld/Makefile.am +++ b/libmysqld/Makefile.am @@ -22,6 +22,7 @@ MYSQLSHAREdir = $(pkgdatadir) MYSQLBASEdir= $(prefix) DEFS = -DEMBEDDED_LIBRARY -DMYSQL_SERVER \ + -DNO_EMBEDDED_ACCESS_CHECKS \ -DDEFAULT_MYSQL_HOME="\"$(MYSQLBASEdir)\"" \ -DDATADIR="\"$(MYSQLDATAdir)\"" \ -DSHAREDIR="\"$(MYSQLSHAREdir)\"" diff --git a/libmysqld/lib_sql.cc b/libmysqld/lib_sql.cc index df1e5b8f36c..38fc3cce9ee 100644 --- a/libmysqld/lib_sql.cc +++ b/libmysqld/lib_sql.cc @@ -33,6 +33,9 @@ static const char *fake_groups[] = { "server", "embedded", 0 }; #include "../sql/mysqld.cc" #endif +int check_user(THD *thd, enum enum_server_command command, + const char *passwd, uint passwd_len, const char *db, + bool check_count); C_MODE_START #include <mysql.h> #undef ER @@ -42,14 +45,6 @@ C_MODE_START static my_bool org_my_init_done; my_bool server_inited; -static int check_connections1(THD * thd); -static int check_connections2(THD * thd); -static bool check_user(THD *thd, enum_server_command command, - const char *user, const char *passwd, const char *db, - bool check_count); -char * get_mysql_home(){ return mysql_home;}; -char * get_mysql_real_data_home(){ return mysql_real_data_home;}; - static my_bool STDCALL emb_advanced_command(MYSQL *mysql, enum enum_server_command command, const char *header, ulong header_length, @@ -238,34 +233,6 @@ void THD::clear_error() net.report_error= 0; } -static bool check_user(THD *thd,enum_server_command command, const char *user, - const char *passwd, const char *db, bool check_count) -{ - thd->db=0; - - if (!(thd->user = my_strdup(user, MYF(0)))) - { - send_error(thd,ER_OUT_OF_RESOURCES); - return 1; - } - thd->master_access= ~0L; // No user checking - thd->priv_user= thd->user; - mysql_log.write(thd,command, - (thd->priv_user == thd->user ? - (char*) "%s@%s on %s" : - (char*) "%s@%s as anonymous on %s"), - user, - thd->host_or_ip, - db ? db : (char*) ""); - thd->db_access=0; - if (db && db[0]) - return test(mysql_change_db(thd,db)); - else - send_ok(thd); // Ready to handle questions - return 0; // ok -} - - /* Make a copy of array and the strings array points to */ @@ -360,7 +327,7 @@ int STDCALL mysql_server_init(int argc, char **argv, char **groups) error_handler_hook = my_message_sql; - opt_noacl = 1; // No permissions +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (acl_init((THD *)0, opt_noacl)) { mysql_server_end(); @@ -368,11 +335,16 @@ int STDCALL mysql_server_init(int argc, char **argv, char **groups) } if (!opt_noacl) (void) grant_init((THD *)0); + +#endif + init_max_user_conn(); init_update_queries(); #ifdef HAVE_DLOPEN +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (!opt_noacl) +#endif udf_init(); #endif @@ -465,8 +437,10 @@ void *create_embedded_thd(int client_flag, char *db) thd->db= db; thd->db_length= db ? strip_sp(db) : 0; +#ifndef NO_EMBEDDED_ACCESS_CHECKS thd->db_access= DB_ACLS; thd->master_access= ~NO_ACCESS; +#endif thd->net.query_cache_query= 0; thd->data= 0; @@ -474,6 +448,51 @@ void *create_embedded_thd(int client_flag, char *db) return thd; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS +int check_embedded_connection(MYSQL *mysql) +{ + THD *thd= (THD*)mysql->thd; + int result; + char scramble_buff[SCRAMBLE_LENGTH]; + int passwd_len; + + thd->host= mysql->options.client_ip ? + mysql->options.client_ip : (char*)my_localhost; + thd->ip= thd->host; + thd->host_or_ip= thd->host; + + if (acl_check_host(thd->host,thd->ip)) + { + result= ER_HOST_NOT_PRIVILEGED; + goto err; + } + + thd->user= mysql->user; + if (mysql->passwd && mysql->passwd[0]) + { + memset(thd->scramble, 55, SCRAMBLE_LENGTH); // dummy scramble + thd->scramble[SCRAMBLE_LENGTH]= 0; + scramble(scramble_buff, thd->scramble, mysql->passwd); + passwd_len= SCRAMBLE_LENGTH; + } + else + passwd_len= 0; + + if((result= check_user(thd, COM_CONNECT, + scramble_buff, passwd_len, thd->db, true))) + goto err; + + return 0; +err: + { + NET *net= &mysql->net; + memcpy(net->last_error, thd->net.last_error, sizeof(net->last_error)); + memcpy(net->sqlstate, thd->net.sqlstate, sizeof(net->sqlstate)); + } + return result; +} +#endif + void free_embedded_thd(MYSQL *mysql) { THD *thd= (THD*)mysql->thd; diff --git a/libmysqld/libmysqld.c b/libmysqld/libmysqld.c index ddde18c1918..59c18368279 100644 --- a/libmysqld/libmysqld.c +++ b/libmysqld/libmysqld.c @@ -146,12 +146,17 @@ static inline int mysql_init_charset(MYSQL *mysql) return 0; } +int check_embedded_connection(MYSQL *mysql); + MYSQL * STDCALL mysql_real_connect(MYSQL *mysql,const char *host, const char *user, const char *passwd, const char *db, uint port, const char *unix_socket,ulong client_flag) { - char *db_name; + char *db_name; +#ifndef NO_EMBEDDED_ACCESS_CHECKS + char name_buff[USERNAME_LENGTH]; +#endif DBUG_ENTER("mysql_real_connect"); DBUG_PRINT("enter",("host: %s db: %s user: %s", host ? host : "(Null)", @@ -190,6 +195,29 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user, if (!db || !db[0]) db=mysql->options.db; +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (!user || !user[0]) + user=mysql->options.user; + + if (!passwd) + { + passwd=mysql->options.password; +#if !defined(DONT_USE_MYSQL_PWD) + if (!passwd) + passwd=getenv("MYSQL_PWD"); /* get it from environment */ +#endif + } + if (!user || !user[0]) + { + read_user_name(name_buff); + if (!name_buff[0]) + user= name_buff; + } + + mysql->user=my_strdup(user,MYF(0)); + mysql->passwd= passwd ? my_strdup(passwd,MYF(0)) : NULL; +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ + port=0; unix_socket=0; db_name = db ? my_strdup(db,MYF(MY_WME)) : NULL; @@ -198,6 +226,11 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user, init_embedded_mysql(mysql, client_flag, db_name); +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_embedded_connection(mysql)) + goto error; +#endif + if (mysql_init_charset(mysql)) goto error; @@ -245,54 +278,3 @@ error: DBUG_RETURN(0); } - -/************************************************************************* -** Send a QUIT to the server and close the connection -** If handle is alloced by mysql connect free it. -*************************************************************************/ - -void STDCALL mysql_close(MYSQL *mysql) -{ - DBUG_ENTER("mysql_close"); - if (mysql) /* Some simple safety */ - { - if (mysql->methods != &embedded_methods) - { - cli_mysql_close(mysql); - DBUG_VOID_RETURN; - } - - my_free(mysql->options.user,MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.host,MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.password,MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.unix_socket,MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.db,MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.my_cnf_file,MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.my_cnf_group,MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.charset_dir,MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.charset_name,MYF(MY_ALLOW_ZERO_PTR)); - if (mysql->options.init_commands) - { - DYNAMIC_ARRAY *init_commands= mysql->options.init_commands; - char **ptr= (char**)init_commands->buffer; - char **end= ptr + init_commands->elements; - for (; ptr<end; ptr++) - my_free(*ptr,MYF(MY_WME)); - delete_dynamic(init_commands); - my_free((char*)init_commands,MYF(MY_WME)); - } - /* Clear pointers for better safety */ - bzero((char*) &mysql->options,sizeof(mysql->options)); -#ifdef HAVE_OPENSSL - ((VioConnectorFd*)(mysql->connector_fd))->delete(); - mysql->connector_fd = 0; -#endif /* HAVE_OPENSSL */ - if (mysql->free_me) - my_free((gptr) mysql,MYF(0)); - - free_embedded_thd(mysql); - - } - DBUG_VOID_RETURN; -} - diff --git a/sql-common/client.c b/sql-common/client.c index cd3763da725..6b3a44cf7d5 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -48,14 +48,12 @@ #endif #define CLI_MYSQL_REAL_CONNECT cli_mysql_real_connect -#define CLI_MYSQL_CLOSE cli_mysql_close #undef net_flush my_bool net_flush(NET *net); #else /*EMBEDDED_LIBRARY*/ #define CLI_MYSQL_REAL_CONNECT mysql_real_connect -#define CLI_MYSQL_CLOSE mysql_close #endif /*EMBEDDED_LIBRARY*/ #if !defined(MYSQL_SERVER) && (defined(__WIN__) || defined(_WIN32) || defined(_WIN64)) @@ -2130,6 +2128,7 @@ static void mysql_close_free_options(MYSQL *mysql) my_free(mysql->options.my_cnf_group,MYF(MY_ALLOW_ZERO_PTR)); my_free(mysql->options.charset_dir,MYF(MY_ALLOW_ZERO_PTR)); my_free(mysql->options.charset_name,MYF(MY_ALLOW_ZERO_PTR)); + my_free(mysql->options.client_ip,MYF(MY_ALLOW_ZERO_PTR)); if (mysql->options.init_commands) { DYNAMIC_ARRAY *init_commands= mysql->options.init_commands; @@ -2162,7 +2161,7 @@ static void mysql_close_free(MYSQL *mysql) } -void STDCALL CLI_MYSQL_CLOSE(MYSQL *mysql) +void STDCALL mysql_close(MYSQL *mysql) { DBUG_ENTER("mysql_close"); if (mysql) /* Some simple safety */ @@ -2532,6 +2531,8 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const char *arg) case MYSQL_OPT_GUESS_CONNECTION: mysql->options.methods_to_use= option; break; + case MYSQL_SET_CLIENT_IP: + mysql->options.client_ip= my_strdup(arg, MYF(MY_WME)); default: DBUG_RETURN(1); } diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 224e6dceec4..86efde096c5 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -2279,7 +2279,9 @@ String *Item_load_file::val_str(String *str) DBUG_ENTER("load_file"); if (!(file_name= args[0]->val_str(str)) || +#ifndef NO_EMBEDDED_ACCESS_CHECKS !(current_thd->master_access & FILE_ACL) || +#endif !my_stat(file_name->c_ptr(), &stat_info, MYF(MY_WME))) goto err; if (!(stat_info.st_mode & S_IROTH)) diff --git a/sql/log.cc b/sql/log.cc index 708aa943a81..9ad779a119b 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -1092,8 +1092,11 @@ bool MYSQL_LOG::write(THD *thd,enum enum_server_command command, if (thd) { // Normal thread - if ((thd->options & OPTION_LOG_OFF) && - (thd->master_access & SUPER_ACL)) + if ((thd->options & OPTION_LOG_OFF) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + && (thd->master_access & SUPER_ACL) +#endif +) { VOID(pthread_mutex_unlock(&LOCK_log)); return 0; // No logging @@ -1552,8 +1555,11 @@ bool MYSQL_LOG::write(THD *thd,const char *query, uint query_length, int tmp_errno=0; char buff[80],*end; end=buff; - if (!(thd->options & OPTION_UPDATE_LOG) && - (thd->master_access & SUPER_ACL)) + if (!(thd->options & OPTION_UPDATE_LOG) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + && (thd->master_access & SUPER_ACL) +#endif + ) { VOID(pthread_mutex_unlock(&LOCK_log)); return 0; diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index e5ad15e1d0e..23d72901404 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -393,18 +393,24 @@ bool check_stack_overrun(THD *thd,char *dummy); #define check_stack_overrun(A, B) 0 #endif -bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, - bool *write_to_binlog); void table_cache_init(void); void table_cache_free(void); uint cached_tables(void); void kill_mysql(void); void close_connection(THD *thd, uint errcode, bool lock); -bool check_access(THD *thd, ulong access, const char *db=0, ulong *save_priv=0, - bool no_grant=0, bool no_errors=0); +#ifndef NO_EMBEDDED_ACCESS_CHECKS +bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, + bool *write_to_binlog); +bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv, + bool no_grant, bool no_errors); bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables, - bool no_errors=0); + bool no_errors); bool check_global_access(THD *thd, ulong want_access); +#else +#define check_access(thd, access, db, save_priv, no_grant, no_errors) false +#define check_table_access(thd, want_access, tables, no_errors) false +#define check_global_access(thd, want_access) false +#endif int mysql_backup_table(THD* thd, TABLE_LIST* table_list); int mysql_restore_table(THD* thd, TABLE_LIST* table_list); @@ -720,7 +726,7 @@ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH], #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list)) extern MY_TMPDIR mysql_tmpdir_list; extern const char *command_name[]; -extern const char *first_keyword, *localhost, *delayed_user, *binary_keyword; +extern const char *first_keyword, *my_localhost, *delayed_user, *binary_keyword; extern const char **errmesg; /* Error messages */ extern const char *myisam_recover_options_str; extern const char *in_left_expr_name, *in_additional_cond; diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 854fae4f15f..74127a5d19f 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -218,7 +218,7 @@ const char *sql_mode_names[] = TYPELIB sql_mode_typelib= { array_elements(sql_mode_names)-1,"", sql_mode_names }; const char *first_keyword= "first", *binary_keyword= "BINARY"; -const char *localhost= "localhost", *delayed_user= "DELAYED"; +const char *my_localhost= "localhost", *delayed_user= "DELAYED"; #if SIZEOF_OFF_T > 4 && defined(BIG_TABLES) #define GET_HA_ROWS GET_ULL #else @@ -875,8 +875,10 @@ void clean_up(bool print_message) if (use_slave_mask) bitmap_free(&slave_error_mask); #endif +#ifndef NO_EMBEDDED_ACCESS_CHECKS acl_free(1); grant_free(); +#endif query_cache_destroy(); table_cache_free(); hostname_cache_free(); @@ -1672,6 +1674,7 @@ static void init_signals(void) } +#ifndef EMBEDDED_LIBRARY static void start_signal_handler(void) { int error; @@ -1834,6 +1837,7 @@ extern "C" void *signal_hand(void *arg __attribute__((unused))) } return(0); /* purecov: deadcode */ } +#endif /*!EMBEDDED_LIBRARY*/ static void check_data_home(const char *path) {} @@ -3111,7 +3115,7 @@ extern "C" pthread_handler_decl(handle_connections_sockets, continue; } if (sock == unix_sock) - thd->host=(char*) localhost; + thd->host=(char*) my_localhost; #ifdef __WIN__ /* Set default wait_timeout */ ulong wait_timeout= global_system_variables.net_wait_timeout * 1000; @@ -3201,7 +3205,7 @@ extern "C" pthread_handler_decl(handle_connections_namedpipes,arg) continue; } /* host name is unknown */ - thd->host = my_strdup(localhost,MYF(0)); /* Host is unknown */ + thd->host = my_strdup(my_localhost,MYF(0)); /* Host is unknown */ create_new_thread(thd); } @@ -3410,7 +3414,7 @@ errorconn: if (!event_client_read) CloseHandle(event_client_read); continue; } - thd->host = my_strdup(localhost,MYF(0)); /* Host is unknown */ + thd->host = my_strdup(my_localhost,MYF(0)); /* Host is unknown */ create_new_thread(thd); uint4korr(connect_number++); } diff --git a/sql/repl_failsafe.cc b/sql/repl_failsafe.cc index 78fee1d8b19..7c943d4ae53 100644 --- a/sql/repl_failsafe.cc +++ b/sql/repl_failsafe.cc @@ -153,9 +153,8 @@ int register_slave(THD* thd, uchar* packet, uint packet_length) SLAVE_INFO *si; uchar *p= packet, *p_end= packet + packet_length; - if (check_access(thd, REPL_SLAVE_ACL, any_db)) + if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0)) return 1; - if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME)))) goto err2; diff --git a/sql/set_var.cc b/sql/set_var.cc index ba1baf3797e..a44ee96ea0e 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -1723,6 +1723,7 @@ byte *sys_var_insert_id::value_ptr(THD *thd, enum_var_type type, bool sys_var_pseudo_thread_id::check(THD *thd, set_var *var) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (thd->master_access & SUPER_ACL) return 0; else @@ -1730,6 +1731,9 @@ bool sys_var_pseudo_thread_id::check(THD *thd, set_var *var) my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER"); return 1; } +#else + return 0; +#endif } @@ -2026,7 +2030,6 @@ int set_var::check(THD *thd) } if ((type == OPT_GLOBAL && check_global_access(thd, SUPER_ACL))) return 1; - /* value is a NULL pointer if we are using SET ... = DEFAULT */ if (!value) { @@ -2089,17 +2092,25 @@ int set_var_user::update(THD *thd) int set_var_password::check(THD *thd) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (!user->host.str) user->host.str= (char*) thd->host_or_ip; /* Returns 1 as the function sends error to client */ return check_change_password(thd, user->host.str, user->user.str) ? 1 : 0; +#else + return 0; +#endif } int set_var_password::update(THD *thd) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Returns 1 as the function sends error to client */ return (change_password(thd, user->host.str, user->user.str, password) ? 1 : 0); +#else + return 0; +#endif } /**************************************************************************** diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 508ff88a0cf..179da6096de 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -34,6 +34,7 @@ #include <m_ctype.h> #include <stdarg.h> +#ifndef NO_EMBEDDED_ACCESS_CHECKS class acl_entry :public hash_filo_element { @@ -985,51 +986,6 @@ exit: return (db_access & host_access); } - -int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr) -{ - reg3 int flag; - DBUG_ENTER("wild_case_compare"); - DBUG_PRINT("enter",("str: '%s' wildstr: '%s'",str,wildstr)); - while (*wildstr) - { - while (*wildstr && *wildstr != wild_many && *wildstr != wild_one) - { - if (*wildstr == wild_prefix && wildstr[1]) - wildstr++; - if (my_toupper(cs, *wildstr++) != - my_toupper(cs, *str++)) DBUG_RETURN(1); - } - if (! *wildstr ) DBUG_RETURN (*str != 0); - if (*wildstr++ == wild_one) - { - if (! *str++) DBUG_RETURN (1); /* One char; skip */ - } - else - { /* Found '*' */ - if (!*wildstr) DBUG_RETURN(0); /* '*' as last char: OK */ - flag=(*wildstr != wild_many && *wildstr != wild_one); - do - { - if (flag) - { - char cmp; - if ((cmp= *wildstr) == wild_prefix && wildstr[1]) - cmp=wildstr[1]; - cmp=my_toupper(cs, cmp); - while (*str && my_toupper(cs, *str) != cmp) - str++; - if (!*str) DBUG_RETURN (1); - } - if (wild_case_compare(cs, str,wildstr) == 0) DBUG_RETURN (0); - } while (*str++); - DBUG_RETURN(1); - } - } - DBUG_RETURN (*str != '\0'); -} - - /* Check if there are any possible matching entries for this host @@ -1136,7 +1092,7 @@ bool check_change_password(THD *thd, const char *host, const char *user) (strcmp(thd->user,user) || my_strcasecmp(&my_charset_latin1, host, thd->host_or_ip))) { - if (check_access(thd, UPDATE_ACL, "mysql",0,1)) + if (check_access(thd, UPDATE_ACL, "mysql",0,1,0)) return(1); } if (!thd->slave_thread && !thd->user[0]) @@ -3605,3 +3561,50 @@ template class List_iterator<LEX_USER>; template class List<LEX_COLUMN>; template class List<LEX_USER>; #endif + +#endif /*NO_EMBEDDED_ACCESS_CHECKS */ + + +int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr) +{ + reg3 int flag; + DBUG_ENTER("wild_case_compare"); + DBUG_PRINT("enter",("str: '%s' wildstr: '%s'",str,wildstr)); + while (*wildstr) + { + while (*wildstr && *wildstr != wild_many && *wildstr != wild_one) + { + if (*wildstr == wild_prefix && wildstr[1]) + wildstr++; + if (my_toupper(cs, *wildstr++) != + my_toupper(cs, *str++)) DBUG_RETURN(1); + } + if (! *wildstr ) DBUG_RETURN (*str != 0); + if (*wildstr++ == wild_one) + { + if (! *str++) DBUG_RETURN (1); /* One char; skip */ + } + else + { /* Found '*' */ + if (!*wildstr) DBUG_RETURN(0); /* '*' as last char: OK */ + flag=(*wildstr != wild_many && *wildstr != wild_one); + do + { + if (flag) + { + char cmp; + if ((cmp= *wildstr) == wild_prefix && wildstr[1]) + cmp=wildstr[1]; + cmp=my_toupper(cs, cmp); + while (*str && my_toupper(cs, *str) != cmp) + str++; + if (!*str) DBUG_RETURN (1); + } + if (wild_case_compare(cs, str,wildstr) == 0) DBUG_RETURN (0); + } while (*str++); + DBUG_RETURN(1); + } + } + DBUG_RETURN (*str != '\0'); +} + diff --git a/sql/sql_acl.h b/sql/sql_acl.h index 0b2df8e765a..220eb0d55ad 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -14,7 +14,6 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ - #define SELECT_ACL (1L << 0) #define INSERT_ACL (1L << 1) #define UPDATE_ACL (1L << 2) @@ -59,6 +58,8 @@ #define EXTRA_ACL (1L << 29) #define NO_ACCESS (1L << 30) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + /* Defines to change the above bits to how things are stored in tables This is needed as the 'host' and 'db' table is missing a few privileges @@ -162,3 +163,6 @@ void get_privilege_desc(char *to, uint max_length, ulong access); void get_mqh(const char *user, const char *host, USER_CONN *uc); int mysql_drop_user(THD *thd, List <LEX_USER> &list); int mysql_revoke_all(THD *thd, List <LEX_USER> &list); + +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ + diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 1e44aa6e46d..73468ecf8eb 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -158,7 +158,6 @@ OPEN_TABLE_LIST *list_open_tables(THD *thd, const char *wild) table_list.grant.privilege=0; if (check_table_access(thd,SELECT_ACL | EXTRA_ACL,&table_list,1)) continue; - /* need to check if we haven't already listed it */ for (table= open_list ; table ; table=table->next) { @@ -1696,8 +1695,10 @@ Field *find_field_in_table(THD *thd,TABLE *table,const char *name,uint length, else thd->dupp_field=field; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (check_grants && check_grant_column(thd,table,name,length)) return WRONG_GRANT; +#endif return field; } @@ -2099,11 +2100,12 @@ insert_fields(THD *thd,TABLE_LIST *tables, const char *db_name, tables->alias) && (!db_name || !strcmp(tables->db,db_name)))) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Ensure that we have access right to all columns */ if (!(table->grant.privilege & SELECT_ACL) && check_grant_all_columns(thd,SELECT_ACL,table)) DBUG_RETURN(-1); - +#endif Field **ptr=table->field,*field; thd->used_tables|=table->map; while ((field = *ptr++)) diff --git a/sql/sql_cache.cc b/sql/sql_cache.cc index fb86f52ab6e..9460b6cf577 100644 --- a/sql/sql_cache.cc +++ b/sql/sql_cache.cc @@ -1002,6 +1002,7 @@ Query_cache::send_result_to_client(THD *thd, char *sql, uint query_length) Query_cache_table *table = block_table->parent; table_list.db = table->db(); table_list.alias= table_list.real_name= table->table(); +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (check_table_access(thd,SELECT_ACL,&table_list,1)) { DBUG_PRINT("qcache", @@ -1021,6 +1022,7 @@ Query_cache::send_result_to_client(THD *thd, char *sql, uint query_length) thd->lex.safe_to_cache_query= 0; // Don't try to cache this goto err_unlock; // Parse query } +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ if (check_tables && !handler::caching_allowed(thd, table->db(), table->key_length(), table->type())) diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 88e338d953b..de2da5a379b 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -135,7 +135,9 @@ THD::THD():user_time(0), is_fatal_error(0), slave_net = 0; command=COM_CONNECT; set_query_id=1; +#ifndef NO_EMBEDDED_ACCESS_CHECKS db_access=NO_ACCESS; +#endif version=refresh_version; // For boot *scramble= '\0'; @@ -316,7 +318,7 @@ THD::~THD() #endif DBUG_PRINT("info", ("freeing host")); - if (host != localhost) // If not pointer to constant + if (host != my_localhost) // If not pointer to constant safeFree(host); if (user != delayed_user) safeFree(user); diff --git a/sql/sql_db.cc b/sql/sql_db.cc index 2b42c2c9a5b..113ff20ac08 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -592,6 +592,7 @@ bool mysql_change_db(THD *thd, const char *name) DBUG_RETURN(1); } DBUG_PRINT("info",("Use database: %s", dbname)); +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (test_all_bits(thd->master_access,DB_ACLS)) db_access=DB_ACLS; else @@ -611,7 +612,7 @@ bool mysql_change_db(THD *thd, const char *name) my_free(dbname,MYF(0)); DBUG_RETURN(1); } - +#endif (void) sprintf(path,"%s/%s",mysql_data_home,dbname); length=unpack_dirname(path,path); // Convert if not unix if (length && path[length-1] == FN_LIBCHAR) @@ -626,8 +627,9 @@ bool mysql_change_db(THD *thd, const char *name) x_free(thd->db); thd->db=dbname; // THD::~THD will free this thd->db_length=db_length; +#ifndef NO_EMBEDDED_ACCESS_CHECKS thd->db_access=db_access; - +#endif strmov(path+unpack_dirname(path,path), MY_DB_OPT_FILE); load_db_opt(thd, path, &create); thd->db_charset= create.table_charset ? @@ -656,6 +658,7 @@ int mysqld_show_create_db(THD *thd, char *dbname, DBUG_RETURN(1); } +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (test_all_bits(thd->master_access,DB_ACLS)) db_access=DB_ACLS; else @@ -674,6 +677,7 @@ int mysqld_show_create_db(THD *thd, char *dbname, dbname); DBUG_RETURN(1); } +#endif (void) sprintf(path,"%s/%s",mysql_data_home, dbname); length=unpack_dirname(path,path); // Convert if not unix diff --git a/sql/sql_derived.cc b/sql/sql_derived.cc index 121e0321eb0..a740bb1b3c7 100644 --- a/sql/sql_derived.cc +++ b/sql/sql_derived.cc @@ -89,13 +89,15 @@ int mysql_derived(THD *thd, LEX *lex, SELECT_LEX_UNIT *unit, We have to do access checks here as this code is executed before any sql command is started to execute. */ +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (tables) - res= check_table_access(thd,SELECT_ACL, tables); + res= check_table_access(thd,SELECT_ACL, tables,0); else - res= check_access(thd, SELECT_ACL, any_db); + res= check_access(thd, SELECT_ACL, any_db,0,0,0); if (res) DBUG_RETURN(1); - +#endif + if (!(res=open_and_lock_tables(thd,tables))) { if (is_union || is_subsel) @@ -201,7 +203,9 @@ int mysql_derived(THD *thd, LEX *lex, SELECT_LEX_UNIT *unit, org_table_list->table=table; table->derived_select_number= select_cursor->select_number; table->tmp_table= TMP_TABLE; +#ifndef NO_EMBEDDED_ACCESS_CHECKS org_table_list->grant.privilege= SELECT_ACL; +#endif if (lex->describe) { // to fix a problem in EXPLAIN diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc index 2e229d2b04d..af28d48ed8a 100644 --- a/sql/sql_insert.cc +++ b/sql/sql_insert.cc @@ -60,9 +60,11 @@ check_insert_fields(THD *thd,TABLE *table,List<Item> &fields, MYF(0),counter); return -1; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (grant_option && check_grant_all_columns(thd,INSERT_ACL,table)) return -1; +#endif table->time_stamp=0; // This is saved by caller } else @@ -96,7 +98,9 @@ check_insert_fields(THD *thd,TABLE *table,List<Item> &fields, table->time_stamp= table->timestamp_field->offset()+1; } // For the values we need select_priv +#ifndef NO_EMBEDDED_ACCESS_CHECKS table->grant.want_privilege=(SELECT_ACL & ~table->grant.privilege); +#endif return 0; } @@ -130,14 +134,15 @@ int mysql_insert(THD *thd,TABLE_LIST *table_list, thd->lex.select_lex.table_list.first; DBUG_ENTER("mysql_insert"); +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (thd->master_access & SUPER_ACL) +#endif { if (!(thd->options & OPTION_UPDATE_LOG)) log_on&= ~(int) DELAYED_LOG_UPDATE; if (!(thd->options & OPTION_BIN_LOG)) log_on&= ~(int) DELAYED_LOG_BIN; } - /* in safe mode or with skip-new change delayed insert to be regular if we are told to replace duplicates, the insert cannot be concurrent @@ -626,7 +631,7 @@ public: group_count(0) { thd.user=thd.priv_user=(char*) delayed_user; - thd.host=(char*) localhost; + thd.host=(char*) my_localhost; thd.current_tablenr=0; thd.version=refresh_version; thd.command=COM_DELAYED_INSERT; diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 53318907d78..15039e331f6 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -52,15 +52,19 @@ extern "C" int gethostname(char *name, int namelen); static int check_for_max_user_connections(THD *thd, USER_CONN *uc); static void decrease_user_connections(USER_CONN *uc); static bool check_db_used(THD *thd,TABLE_LIST *tables); +#ifndef NO_EMBEDDED_ACCESS_CHECKS static bool check_merge_table_access(THD *thd, char *db, TABLE_LIST *tables); +static bool single_table_command_access(THD *thd, ulong privilege, + TABLE_LIST *tables, int *res); +#else +#define check_merge_table_access(thd, db, tables) false +#define single_table_command_access(thd, privilege, tables, res) false +#endif static void remove_escape(char *name); static void refresh_status(void); static bool append_file_to_dir(THD *thd, char **filename_ptr, char *table_name); -static bool single_table_command_access(THD *thd, ulong privilege, - TABLE_LIST *tables, int *res); - const char *any_db="*any*"; // Special symbol for check_access const char *command_name[]={ @@ -174,7 +178,7 @@ end: } -#ifndef EMBEDDED_LIBRARY +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Check if user exist and password supplied is correct. @@ -201,9 +205,9 @@ end: >0 error, not sent to client */ -static int check_user(THD *thd, enum enum_server_command command, - const char *passwd, uint passwd_len, const char *db, - bool check_count) +int check_user(THD *thd, enum enum_server_command command, + const char *passwd, uint passwd_len, const char *db, + bool check_count) { DBUG_ENTER("check_user"); @@ -238,6 +242,7 @@ static int check_user(THD *thd, enum enum_server_command command, USER_RESOURCES ur; int res= acl_getroot(thd, &ur, passwd, passwd_len); +#ifndef EMBEDDED_LIBRARY if (res == -1) { /* @@ -265,6 +270,7 @@ static int check_user(THD *thd, enum enum_server_command command, /* So as passwd is short, errcode is always >= 0 */ res= acl_getroot(thd, &ur, (char *) net->read_pos, SCRAMBLE_LENGTH_323); } +#endif /*EMBEDDED_LIBRARY*/ /* here res is always >= 0 */ if (res == 0) { @@ -350,7 +356,7 @@ static int check_user(THD *thd, enum enum_server_command command, DBUG_RETURN(-1); } -#endif // EMBEDDED_LIBRARY +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ /* @@ -461,6 +467,7 @@ bool is_update_query(enum enum_sql_command command) return uc_update_queries[command]; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Check if maximum queries per hour limit has been reached returns 0 if OK. @@ -551,7 +558,7 @@ static void reset_mqh(THD *thd, LEX_USER *lu, bool get_them= 0) } (void) pthread_mutex_unlock(&LOCK_user_conn); } - +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ /* Perform handshake, authorize client and update thd ACL variables. @@ -565,9 +572,8 @@ static void reset_mqh(THD *thd, LEX_USER *lu, bool get_them= 0) > 0 error code (not sent to user) */ -#ifndef EMBEDDED_LIBRARY -static int -check_connection(THD *thd) +#ifndef EMBEDDED_LIBRARY +static int check_connection(THD *thd) { uint connect_errors= 0; NET *net= &thd->net; @@ -588,8 +594,8 @@ check_connection(THD *thd) /* Fast local hostname resolve for Win32 */ if (!strcmp(thd->ip,"127.0.0.1")) { - thd->host= (char*) localhost; - thd->host_or_ip= localhost; + thd->host= (char*) my_localhost; + thd->host_or_ip= my_localhost; } else #endif @@ -622,7 +628,6 @@ check_connection(THD *thd) bzero((char*) &thd->remote, sizeof(struct sockaddr)); } vio_keepalive(net->vio, TRUE); - ulong pkt_len= 0; char *end; { @@ -812,7 +817,6 @@ check_connection(THD *thd) return check_user(thd, COM_CONNECT, passwd, passwd_len, db, true); } - pthread_handler_decl(handle_one_connection,arg) { THD *thd=(THD*) arg; @@ -1038,11 +1042,12 @@ int mysql_table_dump(THD* thd, char* db, char* tbl_name, int fd) if (!(table=open_ltable(thd, table_list, TL_READ_NO_INSERT))) DBUG_RETURN(1); - if (check_access(thd, SELECT_ACL, db, &table_list->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd, SELECT_ACL, db, &table_list->grant.privilege,0,0)) goto err; if (grant_option && check_grant(thd, SELECT_ACL, table_list)) goto err; - +#endif thd->free_list = 0; thd->query_length=(uint) strlen(tbl_name); thd->query = tbl_name; @@ -1342,11 +1347,13 @@ bool dispatch_command(enum enum_server_command command, THD *thd, my_casedn_str(files_charset_info, table_list.real_name); remove_escape(table_list.real_name); // This can't have wildcards - if (check_access(thd,SELECT_ACL,table_list.db,&thd->col_access)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,SELECT_ACL,table_list.db,&thd->col_access,0,0)) break; table_list.grant.privilege=thd->col_access; if (grant_option && check_grant(thd,SELECT_ACL,&table_list,2)) break; +#endif /*DONT_ALLOW_SHOW_COMMANDS*/ mysqld_list_fields(thd,&table_list,fields); free_items(thd->free_list); break; @@ -1369,7 +1376,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, net_printf(thd,ER_WRONG_DB_NAME, db ? db : "NULL"); break; } - if (check_access(thd,CREATE_ACL,db,0,1)) + if (check_access(thd,CREATE_ACL,db,0,1,0)) break; mysql_log.write(thd,command,packet); mysql_create_db(thd,db,0,0); @@ -1385,7 +1392,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, net_printf(thd,ER_WRONG_DB_NAME, db ? db : "NULL"); break; } - if (check_access(thd,DROP_ACL,db,0,1)) + if (check_access(thd,DROP_ACL,db,0,1,0)) break; if (thd->locked_tables || thd->active_transaction()) { @@ -1423,6 +1430,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, break; } #endif +#ifndef NO_EMBEDDED_ACCESS_CHECKS case COM_REFRESH: { statistic_increment(com_stat[SQLCOM_FLUSH],&LOCK_status); @@ -1436,6 +1444,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, send_ok(thd); break; } +#endif #ifndef EMBEDDED_LIBRARY case COM_SHUTDOWN: statistic_increment(com_other,&LOCK_status); @@ -1488,11 +1497,19 @@ bool dispatch_command(enum enum_server_command command, THD *thd, break; case COM_PROCESS_INFO: statistic_increment(com_stat[SQLCOM_SHOW_PROCESSLIST],&LOCK_status); +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (!thd->priv_user[0] && check_global_access(thd,PROCESS_ACL)) break; +#endif mysql_log.write(thd,command,NullS); - mysqld_list_processes(thd,thd->master_access & PROCESS_ACL ? NullS : - thd->priv_user,0); + mysqld_list_processes(thd, +#ifndef NO_EMBEDDED_ACCESS_CHECKS + thd->master_access & PROCESS_ACL ? + NullS : thd->priv_user +#else + NullS +#endif + ,0); break; case COM_PROCESS_KILL: { @@ -1632,7 +1649,7 @@ mysql_execute_command(THD *thd) */ thd->old_total_warn_count= thd->total_warn_count; -#ifndef EMBEDDED_LIBRARY +#ifdef HAVE_REPLICATON if (thd->slave_thread) { /* @@ -1658,7 +1675,7 @@ mysql_execute_command(THD *thd) } #endif } -#endif /* !EMBEDDED_LIBRARY */ +#endif /* !HAVE_REPLICATION */ /* TODO: make derived tables processing 'inside' SELECT processing. TODO: solve problem with depended derived tables in subselects @@ -1693,7 +1710,11 @@ mysql_execute_command(THD *thd) Except for the replication thread and the 'super' users. */ if (opt_readonly && - !(thd->slave_thread || (thd->master_access & SUPER_ACL)) && + !(thd->slave_thread +#ifndef NO_EMBEDDED_ACCESS_CHECKS + || (thd->master_access & SUPER_ACL) +#endif + ) && (uc_update_queries[lex->sql_command] > 0)) { send_error(thd, ER_CANT_UPDATE_WITH_READLOCK); @@ -1705,22 +1726,23 @@ mysql_execute_command(THD *thd) case SQLCOM_SELECT: { select_result *result=lex->result; +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (tables) { res=check_table_access(thd, lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL, - tables); + tables,0); } else res=check_access(thd, lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL, - any_db); + any_db,0,0,0); if (res) { res=0; break; // Error message is given } - +#endif /* In case of single SELECT unit->global_parameters points on first SELECT TODO: move counters to SELECT_LEX @@ -1772,8 +1794,9 @@ mysql_execute_command(THD *thd) } break; } + case SQLCOM_DO: - if (tables && ((res= check_table_access(thd, SELECT_ACL, tables)) || + if (tables && ((res= check_table_access(thd, SELECT_ACL, tables,0)) || (res= open_and_lock_tables(thd,tables)))) break; @@ -1809,7 +1832,6 @@ mysql_execute_command(THD *thd) break; } #endif - case SQLCOM_SHOW_WARNS: { res= mysqld_show_warnings(thd, (ulong) @@ -1859,7 +1881,7 @@ mysql_execute_command(THD *thd) case SQLCOM_BACKUP_TABLE: { if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL, tables) || + check_table_access(thd,SELECT_ACL, tables,0) || check_global_access(thd, FILE_ACL)) goto error; /* purecov: inspected */ res = mysql_backup_table(thd, tables); @@ -1869,7 +1891,7 @@ mysql_execute_command(THD *thd) case SQLCOM_RESTORE_TABLE: { if (check_db_used(thd,tables) || - check_table_access(thd, INSERT_ACL, tables) || + check_table_access(thd, INSERT_ACL, tables,0) || check_global_access(thd, FILE_ACL)) goto error; /* purecov: inspected */ res = mysql_restore_table(thd, tables); @@ -1878,7 +1900,7 @@ mysql_execute_command(THD *thd) case SQLCOM_PRELOAD_KEYS: { if (check_db_used(thd, tables) || - check_access(thd, INDEX_ACL, tables->db, &tables->grant.privilege)) + check_access(thd, INDEX_ACL, tables->db, &tables->grant.privilege,0,0)) goto error; res = mysql_preload_keys(thd, tables); break; @@ -1935,7 +1957,8 @@ mysql_execute_command(THD *thd) { if (!tables->db) tables->db=thd->db; - if (check_access(thd,CREATE_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,CREATE_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; /* purecov: inspected */ if (grant_option) { @@ -1947,6 +1970,7 @@ mysql_execute_command(THD *thd) if (error) goto error; } +#endif if (strlen(tables->real_name) > NAME_LEN) { net_printf(thd,ER_WRONG_TABLE_NAME,tables->real_name); @@ -1966,11 +1990,14 @@ mysql_execute_command(THD *thd) case SQLCOM_CREATE_TABLE: { +#ifndef NO_EMBEDDED_ACCESS_CHECKS ulong want_priv= ((lex->create_info.options & HA_LEX_CREATE_TMP_TABLE) ? CREATE_TMP_ACL : CREATE_ACL); +#endif if (!tables->db) tables->db=thd->db; - if (check_access(thd,want_priv,tables->db,&tables->grant.privilege) || +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,want_priv,tables->db,&tables->grant.privilege,0,0) || check_merge_table_access(thd, tables->db, (TABLE_LIST *) lex->create_info.merge_list.first)) @@ -1985,6 +2012,7 @@ mysql_execute_command(THD *thd) if (error) goto error; } +#endif if (strlen(tables->real_name) > NAME_LEN) { net_printf(thd, ER_WRONG_TABLE_NAME, tables->alias); @@ -2014,11 +2042,13 @@ mysql_execute_command(THD *thd) net_printf(thd,ER_UPDATE_TABLE_USED,tables->real_name); DBUG_VOID_RETURN; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (tables->next) { - if (check_table_access(thd, SELECT_ACL, tables->next)) + if (check_table_access(thd, SELECT_ACL, tables->next,0)) goto error; // Error message is given } +#endif select_lex->options|= SELECT_NO_UNLOCK; unit->offset_limit_cnt= select_lex->offset_limit; unit->select_limit_cnt= select_lex->select_limit+ @@ -2061,10 +2091,12 @@ mysql_execute_command(THD *thd) case SQLCOM_CREATE_INDEX: if (!tables->db) tables->db=thd->db; - if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; /* purecov: inspected */ if (grant_option && check_grant(thd,INDEX_ACL,tables)) goto error; +#endif if (end_active_trans(thd)) res= -1; else @@ -2123,14 +2155,15 @@ mysql_execute_command(THD *thd) tables->db=thd->db; if (!select_lex->db) select_lex->db=tables->db; - if (check_access(thd,ALTER_ACL,tables->db,&tables->grant.privilege) || - check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv) || + if (check_access(thd,ALTER_ACL,tables->db,&tables->grant.privilege,0,0) || + check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0)|| check_merge_table_access(thd, tables->db, (TABLE_LIST *) lex->create_info.merge_list.first)) goto error; /* purecov: inspected */ if (!tables->db) tables->db=thd->db; +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (grant_option) { if (check_grant(thd,ALTER_ACL,tables)) @@ -2146,6 +2179,7 @@ mysql_execute_command(THD *thd) goto error; } } +#endif /* Don't yet allow changing of symlinks with ALTER TABLE */ lex->create_info.data_file_name=lex->create_info.index_file_name=0; /* ALTER TABLE ends previous transaction */ @@ -2164,18 +2198,19 @@ mysql_execute_command(THD *thd) } break; } -#endif +#endif /*DONT_ALLOW_SHOW_COMMANDS*/ case SQLCOM_RENAME_TABLE: { TABLE_LIST *table; if (check_db_used(thd,tables)) goto error; +#ifndef NO_EMBEDDED_ACCESS_CHECKS for (table=tables ; table ; table=table->next->next) { if (check_access(thd, ALTER_ACL | DROP_ACL, table->db, - &table->grant.privilege) || + &table->grant.privilege,0,0) || check_access(thd, INSERT_ACL | CREATE_ACL, table->next->db, - &table->next->grant.privilege)) + &table->next->grant.privilege,0,0)) goto error; if (grant_option) { @@ -2190,6 +2225,7 @@ mysql_execute_command(THD *thd) goto error; } } +#endif query_cache_invalidate3(thd, tables, 0); if (end_active_trans(thd)) res= -1; @@ -2219,7 +2255,7 @@ mysql_execute_command(THD *thd) { if (check_db_used(thd, tables) || check_access(thd, SELECT_ACL | EXTRA_ACL, tables->db, - &tables->grant.privilege)) + &tables->grant.privilege,0,0)) goto error; res = mysqld_show_create(thd, tables); break; @@ -2228,7 +2264,7 @@ mysql_execute_command(THD *thd) case SQLCOM_CHECKSUM: { if (check_db_used(thd,tables) || - check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables)) + check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables,0)) goto error; /* purecov: inspected */ res = mysql_checksum_table(thd, tables, &lex->check_opt); break; @@ -2236,7 +2272,7 @@ mysql_execute_command(THD *thd) case SQLCOM_REPAIR: { if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL | INSERT_ACL, tables)) + check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0)) goto error; /* purecov: inspected */ res = mysql_repair_table(thd, tables, &lex->check_opt); /* ! we write after unlocking the table */ @@ -2254,7 +2290,7 @@ mysql_execute_command(THD *thd) case SQLCOM_CHECK: { if (check_db_used(thd,tables) || - check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables)) + check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables,0)) goto error; /* purecov: inspected */ res = mysql_check_table(thd, tables, &lex->check_opt); break; @@ -2262,7 +2298,7 @@ mysql_execute_command(THD *thd) case SQLCOM_ANALYZE: { if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL | INSERT_ACL, tables)) + check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0)) goto error; /* purecov: inspected */ res = mysql_analyze_table(thd, tables, &lex->check_opt); /* ! we write after unlocking the table */ @@ -2282,7 +2318,7 @@ mysql_execute_command(THD *thd) { HA_CREATE_INFO create_info; if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL | INSERT_ACL, tables)) + check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0)) goto error; /* purecov: inspected */ if (specialflag & (SPECIAL_SAFE_MODE | SPECIAL_NO_NEW_FUNC)) { @@ -2322,7 +2358,6 @@ mysql_execute_command(THD *thd) if (single_table_command_access(thd, UPDATE_ACL, tables, &res)) goto error; - if (select_lex->item_list.elements != lex->value_list.elements) { send_error(thd,ER_WRONG_VALUE_COUNT); @@ -2340,10 +2375,12 @@ mysql_execute_command(THD *thd) res= -1; break; case SQLCOM_UPDATE_MULTI: - if (check_access(thd,UPDATE_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,UPDATE_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; if (grant_option && check_grant(thd,UPDATE_ACL,tables)) goto error; +#endif if (select_lex->item_list.elements != lex->value_list.elements) { send_error(thd,ER_WRONG_VALUE_COUNT); @@ -2373,13 +2410,14 @@ mysql_execute_command(THD *thd) case SQLCOM_REPLACE: case SQLCOM_INSERT: { +#ifndef NO_EMBEDDED_ACCESS_CHECKS my_bool update=(lex->value_list.elements ? UPDATE_ACL : 0); ulong privilege= (lex->duplicates == DUP_REPLACE ? INSERT_ACL | DELETE_ACL : INSERT_ACL | update); if (single_table_command_access(thd, privilege, tables, &res)) goto error; - +#endif if (select_lex->item_list.elements != lex->value_list.elements) { send_error(thd,ER_WRONG_VALUE_COUNT); @@ -2387,7 +2425,12 @@ mysql_execute_command(THD *thd) } res = mysql_insert(thd,tables,lex->field_list,lex->many_values, select_lex->item_list, lex->value_list, - (update ? DUP_UPDATE : lex->duplicates)); +#ifndef NO_EMBEDDED_ACCESS_CHECKS + (update ? DUP_UPDATE : lex->duplicates) +#else + DUP_UPDATE +#endif +); if (thd->net.report_error) res= -1; break; @@ -2400,19 +2443,22 @@ mysql_execute_command(THD *thd) Check that we have modify privileges for the first table and select privileges for the rest */ +#ifndef NO_EMBEDDED_ACCESS_CHECKS { ulong privilege= (lex->duplicates == DUP_REPLACE ? INSERT_ACL | DELETE_ACL : INSERT_ACL); TABLE_LIST *save_next=tables->next; tables->next=0; if (check_access(thd, privilege, - tables->db,&tables->grant.privilege) || + tables->db,&tables->grant.privilege,0,0) || (grant_option && check_grant(thd, privilege, tables))) goto error; + tables->next=save_next; - if ((res=check_table_access(thd, SELECT_ACL, save_next))) + if ((res=check_table_access(thd, SELECT_ACL, save_next,0))) goto error; } +#endif /* Don't unlock tables until command is written to binary log */ select_lex->options|= SELECT_NO_UNLOCK; @@ -2446,10 +2492,12 @@ mysql_execute_command(THD *thd) break; } case SQLCOM_TRUNCATE: - if (check_access(thd,DELETE_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,DELETE_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; /* purecov: inspected */ if (grant_option && check_grant(thd,DELETE_ACL,tables)) goto error; +#endif /* Don't allow this within a transaction because we want to use re-generate table @@ -2463,11 +2511,12 @@ mysql_execute_command(THD *thd) break; case SQLCOM_DELETE: { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (single_table_command_access(thd, DELETE_ACL, tables, &res)) goto error; - // Set privilege for the WHERE clause tables->grant.want_privilege=(SELECT_ACL & ~tables->grant.privilege); +#endif res = mysql_delete(thd,tables, select_lex->where, (ORDER*) select_lex->order_list.first, select_lex->select_limit, select_lex->options); @@ -2484,8 +2533,8 @@ mysql_execute_command(THD *thd) /* sql_yacc guarantees that tables and aux_tables are not zero */ if (check_db_used(thd, tables) || check_db_used(thd,aux_tables) || - check_table_access(thd,SELECT_ACL, tables) || - check_table_access(thd,DELETE_ACL, aux_tables)) + check_table_access(thd,SELECT_ACL, tables,0) || + check_table_access(thd,DELETE_ACL, aux_tables,0)) goto error; if ((thd->options & OPTION_SAFE_UPDATES) && !select_lex->where) { @@ -2562,7 +2611,7 @@ mysql_execute_command(THD *thd) { if (!lex->drop_temporary) { - if (check_table_access(thd,DROP_ACL,tables)) + if (check_table_access(thd,DROP_ACL,tables,0)) goto error; /* purecov: inspected */ if (end_active_trans(thd)) { @@ -2589,10 +2638,12 @@ mysql_execute_command(THD *thd) case SQLCOM_DROP_INDEX: if (!tables->db) tables->db=thd->db; - if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; /* purecov: inspected */ if (grant_option && check_grant(thd,INDEX_ACL,tables)) goto error; +#endif if (end_active_trans(thd)) res= -1; else @@ -2610,12 +2661,18 @@ mysql_execute_command(THD *thd) break; #endif case SQLCOM_SHOW_PROCESSLIST: -#ifndef EMBEDDED_LIBRARY +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (!thd->priv_user[0] && check_global_access(thd,PROCESS_ACL)) break; #endif - mysqld_list_processes(thd,thd->master_access & PROCESS_ACL ? NullS : - thd->priv_user,lex->verbose); + mysqld_list_processes(thd, +#ifndef NO_EMBEDDED_ACCESS_CHECKS + thd->master_access & PROCESS_ACL ? NullS : + thd->priv_user +#else + NullS +#endif + ,lex->verbose); break; case SQLCOM_SHOW_TABLE_TYPES: res= mysqld_show_table_types(thd); @@ -2641,8 +2698,10 @@ mysql_execute_command(THD *thd) DBUG_VOID_RETURN; #else { - if (grant_option && check_access(thd, FILE_ACL, any_db)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0)) goto error; +#endif res= mysqld_show_logs(thd); break; } @@ -2666,7 +2725,8 @@ mysql_execute_command(THD *thd) net_printf(thd,ER_WRONG_DB_NAME, db); goto error; } - if (check_access(thd,SELECT_ACL,db,&thd->col_access)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0)) goto error; /* purecov: inspected */ if (!thd->col_access && check_grant_db(thd,db)) { @@ -2676,6 +2736,7 @@ mysql_execute_command(THD *thd) db); goto error; } +#endif /* grant is checked in mysqld_show_tables */ if (select_lex->options & SELECT_DESCRIBE) res= mysqld_extend_show_tables(thd,db, @@ -2709,11 +2770,13 @@ mysql_execute_command(THD *thd) } remove_escape(db); // Fix escaped '_' remove_escape(tables->real_name); - if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,&thd->col_access)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,&thd->col_access,0,0)) goto error; /* purecov: inspected */ tables->grant.privilege=thd->col_access; if (grant_option && check_grant(thd,SELECT_ACL,tables,2)) goto error; +#endif res= mysqld_show_fields(thd,tables, (lex->wild ? lex->wild->ptr() : NullS), lex->verbose); @@ -2736,11 +2799,13 @@ mysql_execute_command(THD *thd) remove_escape(tables->real_name); if (!tables->db) tables->db=thd->db; - if (check_access(thd,SELECT_ACL,db,&thd->col_access)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0)) goto error; /* purecov: inspected */ tables->grant.privilege=thd->col_access; if (grant_option && check_grant(thd,SELECT_ACL,tables,2)) goto error; +#endif res= mysqld_show_keys(thd,tables); break; } @@ -2751,12 +2816,13 @@ mysql_execute_command(THD *thd) case SQLCOM_LOAD: { +#ifndef NO_EMBEDDED_ACCESS_CHECKS uint privilege= (lex->duplicates == DUP_REPLACE ? INSERT_ACL | DELETE_ACL : INSERT_ACL); if (!lex->local_file) { - if (check_access(thd,privilege | FILE_ACL,tables->db)) + if (check_access(thd,privilege | FILE_ACL,tables->db,0,0,0)) goto error; } else @@ -2767,17 +2833,18 @@ mysql_execute_command(THD *thd) send_error(thd,ER_NOT_ALLOWED_COMMAND); goto error; } - if (check_access(thd,privilege,tables->db,&tables->grant.privilege) || + if (check_access(thd,privilege,tables->db,&tables->grant.privilege,0,0) || grant_option && check_grant(thd,privilege,tables)) goto error; } +#endif /*NO_EMBEDDED_ACCESS_CHECKS*/ res=mysql_load(thd, lex->exchange, tables, lex->field_list, lex->duplicates, (bool) lex->local_file, lex->lock_option); break; } case SQLCOM_SET_OPTION: - if (tables && ((res= check_table_access(thd, SELECT_ACL, tables)) || + if (tables && ((res= check_table_access(thd, SELECT_ACL, tables,0)) || (res= open_and_lock_tables(thd,tables)))) break; fix_tables_pointers(lex->all_selects_list); @@ -2802,7 +2869,7 @@ mysql_execute_command(THD *thd) unlock_locked_tables(thd); if (check_db_used(thd,tables) || end_active_trans(thd)) goto error; - if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, tables)) + if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, tables,0)) goto error; thd->in_lock_tables=1; thd->options|= OPTION_TABLE_LOCK; @@ -2839,7 +2906,7 @@ mysql_execute_command(THD *thd) break; } #endif - if (check_access(thd,CREATE_ACL,lex->name,0,1)) + if (check_access(thd,CREATE_ACL,lex->name,0,1,0)) break; res=mysql_create_db(thd,lex->name,&lex->create_info,0); break; @@ -2867,7 +2934,7 @@ mysql_execute_command(THD *thd) break; } #endif - if (check_access(thd,DROP_ACL,lex->name,0,1)) + if (check_access(thd,DROP_ACL,lex->name,0,1,0)) break; if (thd->locked_tables || thd->active_transaction()) { @@ -2884,7 +2951,7 @@ mysql_execute_command(THD *thd) net_printf(thd,ER_WRONG_DB_NAME, lex->name); break; } - if (check_access(thd,ALTER_ACL,lex->name,0,1)) + if (check_access(thd,ALTER_ACL,lex->name,0,1,0)) break; if (thd->locked_tables || thd->active_transaction()) { @@ -2901,7 +2968,7 @@ mysql_execute_command(THD *thd) net_printf(thd,ER_WRONG_DB_NAME, lex->name); break; } - if (check_access(thd,DROP_ACL,lex->name,0,1)) + if (check_access(thd,DROP_ACL,lex->name,0,1,0)) break; if (thd->locked_tables || thd->active_transaction()) { @@ -2912,7 +2979,7 @@ mysql_execute_command(THD *thd) break; } case SQLCOM_CREATE_FUNCTION: - if (check_access(thd,INSERT_ACL,"mysql",0,1)) + if (check_access(thd,INSERT_ACL,"mysql",0,1,0)) break; #ifdef HAVE_DLOPEN if (!(res = mysql_create_function(thd,&lex->udf))) @@ -2922,7 +2989,7 @@ mysql_execute_command(THD *thd) #endif break; case SQLCOM_DROP_FUNCTION: - if (check_access(thd,DELETE_ACL,"mysql",0,1)) + if (check_access(thd,DELETE_ACL,"mysql",0,1,0)) break; #ifdef HAVE_DLOPEN if (!(res = mysql_drop_function(thd,&lex->udf.name))) @@ -2931,9 +2998,10 @@ mysql_execute_command(THD *thd) res= -1; #endif break; +#ifndef NO_EMBEDDED_ACCESS_CHECKS case SQLCOM_DROP_USER: { - if (check_access(thd, GRANT_ACL,"mysql",0,1)) + if (check_access(thd, GRANT_ACL,"mysql",0,1,0)) break; if (!(res= mysql_drop_user(thd, lex->users_list))) { @@ -2949,7 +3017,7 @@ mysql_execute_command(THD *thd) } case SQLCOM_REVOKE_ALL: { - if (check_access(thd, GRANT_ACL ,"mysql",0,1)) + if (check_access(thd, GRANT_ACL ,"mysql",0,1,0)) break; if (!(res = mysql_revoke_all(thd, lex->users_list))) { @@ -2969,7 +3037,7 @@ mysql_execute_command(THD *thd) if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL, tables && tables->db ? tables->db : select_lex->db, tables ? &tables->grant.privilege : 0, - tables ? 0 : 1)) + tables ? 0 : 1,0)) goto error; /* @@ -2989,7 +3057,7 @@ mysql_execute_command(THD *thd) my_strcasecmp(&my_charset_latin1, user->host.str, thd->host_or_ip))) { - if (check_access(thd, UPDATE_ACL, "mysql",0,1)) + if (check_access(thd, UPDATE_ACL, "mysql",0,1,0)) goto error; break; // We are allowed to do changes } @@ -3079,21 +3147,24 @@ mysql_execute_command(THD *thd) } break; } +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ case SQLCOM_KILL: kill_one_thread(thd,lex->thread_id); break; +#ifndef NO_EMBEDDED_ACCESS_CHECKS case SQLCOM_SHOW_GRANTS: res=0; if ((thd->priv_user && !strcmp(thd->priv_user,lex->grant_user->user.str)) || - !check_access(thd, SELECT_ACL, "mysql",0,1)) + !check_access(thd, SELECT_ACL, "mysql",0,1,0)) { res = mysql_show_grants(thd,lex->grant_user); } break; +#endif case SQLCOM_HA_OPEN: if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL, tables)) + check_table_access(thd,SELECT_ACL, tables,0)) goto error; res = mysql_ha_open(thd, tables); break; @@ -3203,6 +3274,7 @@ error: } +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Check grants for commands which work only with one table and all other tables belong to subselects. @@ -3223,7 +3295,7 @@ static bool single_table_command_access(THD *thd, ulong privilege, TABLE_LIST *tables, int *res) { - if (check_access(thd, privilege, tables->db, &tables->grant.privilege)) + if (check_access(thd, privilege, tables->db, &tables->grant.privilege,0,0)) return 1; // Show only 1 table for check_grant @@ -3236,7 +3308,7 @@ static bool single_table_command_access(THD *thd, ulong privilege, if (subselects_tables) { tables->next= subselects_tables; - if ((*res= check_table_access(thd, SELECT_ACL, subselects_tables))) + if ((*res= check_table_access(thd, SELECT_ACL, subselects_tables,0))) return 1; } return 0; @@ -3407,24 +3479,6 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables, return FALSE; } - -static bool check_db_used(THD *thd,TABLE_LIST *tables) -{ - for (; tables ; tables=tables->next) - { - if (!tables->db) - { - if (!(tables->db=thd->db)) - { - send_error(thd,ER_NO_DB_ERROR); /* purecov: tested */ - return TRUE; /* purecov: tested */ - } - } - } - return FALSE; -} - - static bool check_merge_table_access(THD *thd, char *db, TABLE_LIST *table_list) { @@ -3439,11 +3493,28 @@ static bool check_merge_table_access(THD *thd, char *db, tmp->db=db; } error=check_table_access(thd, SELECT_ACL | UPDATE_ACL | DELETE_ACL, - table_list); + table_list,0); } return error; } +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ + +static bool check_db_used(THD *thd,TABLE_LIST *tables) +{ + for (; tables ; tables=tables->next) + { + if (!tables->db) + { + if (!(tables->db=thd->db)) + { + send_error(thd,ER_NO_DB_ERROR); /* purecov: tested */ + return TRUE; /* purecov: tested */ + } + } + } + return FALSE; +} /**************************************************************************** Check stack size; Send error if there isn't enough stack to continue @@ -3669,12 +3740,14 @@ mysql_parse(THD *thd, char *inBuf, uint length) LEX *lex=lex_start(thd, (uchar*) inBuf, length); if (!yyparse((void *)thd) && ! thd->is_fatal_error) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (mqh_used && thd->user_connect && check_mqh(thd, lex->sql_command)) { thd->net.error = 0; } else +#endif { if (thd->net.report_error) send_error(thd, 0, NullS); @@ -4279,7 +4352,7 @@ void add_join_natural(TABLE_LIST *a,TABLE_LIST *b) b->natural_join=a; } - +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Reload/resets privileges and the different caches. @@ -4409,6 +4482,7 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, *write_to_binlog= tmp_write_to_binlog; return result; } +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ /* @@ -4440,14 +4514,18 @@ void kill_one_thread(THD *thd, ulong id) VOID(pthread_mutex_unlock(&LOCK_thread_count)); if (tmp) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if ((thd->master_access & SUPER_ACL) || !strcmp(thd->user,tmp->user)) +#endif { tmp->awake(1 /*prepare to die*/); error=0; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS else error=ER_KILL_DENIED_ERROR; +#endif pthread_mutex_unlock(&tmp->LOCK_delete); } diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 0fd5ef5b7dd..ff7886f87f1 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -523,16 +523,18 @@ static bool mysql_test_insert_fields(PREP_STMT *stmt, List_item *values; DBUG_ENTER("mysql_test_insert_fields"); +#ifndef NO_EMBEDDED_ACCESS_CHECKS my_bool update=(thd->lex.value_list.elements ? UPDATE_ACL : 0); ulong privilege= (thd->lex.duplicates == DUP_REPLACE ? INSERT_ACL | DELETE_ACL : INSERT_ACL | update); if (check_access(thd,privilege,table_list->db, - &table_list->grant.privilege) || - (grant_option && check_grant(thd,privilege,table_list)) || - open_and_lock_tables(thd, table_list)) + &table_list->grant.privilege,0,0) || + (grant_option && check_grant(thd,privilege,table_list))) + DBUG_RETURN(1); +#endif + if (open_and_lock_tables(thd, table_list)) DBUG_RETURN(1); - table= table_list->table; if ((values= its++)) @@ -580,12 +582,14 @@ static bool mysql_test_upd_fields(PREP_STMT *stmt, TABLE_LIST *table_list, THD *thd= stmt->thd; DBUG_ENTER("mysql_test_upd_fields"); +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (check_access(thd,UPDATE_ACL,table_list->db, - &table_list->grant.privilege) || - (grant_option && check_grant(thd,UPDATE_ACL,table_list)) || - open_and_lock_tables(thd, table_list)) + &table_list->grant.privilege,0,0) || + (grant_option && check_grant(thd,UPDATE_ACL,table_list))) + DBUG_RETURN(1); +#endif + if (open_and_lock_tables(thd, table_list)) DBUG_RETURN(1); - if (setup_tables(table_list) || setup_fields(thd, 0, table_list, fields, 1, 0, 0) || setup_conds(thd, table_list, &conds) || thd->net.report_error) @@ -626,15 +630,16 @@ static bool mysql_test_select_fields(PREP_STMT *stmt, TABLE_LIST *tables, select_result *result= thd->lex.result; DBUG_ENTER("mysql_test_select_fields"); +#ifndef NO_EMBEDDED_ACCESS_CHECKS ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL; if (tables) { - if (check_table_access(thd, privilege, tables)) + if (check_table_access(thd, privilege, tables,0)) DBUG_RETURN(1); } - else if (check_access(thd, privilege, "*any*")) + else if (check_access(thd, privilege, "*any*",0,0,0)) DBUG_RETURN(1); - +#endif if ((&lex->select_lex != lex->all_selects_list && lex->unit.create_total_list(thd, lex, &tables, 0))) DBUG_RETURN(1); diff --git a/sql/sql_repl.cc b/sql/sql_repl.cc index b1097f3f376..7bb51989cc3 100644 --- a/sql/sql_repl.cc +++ b/sql/sql_repl.cc @@ -667,7 +667,7 @@ int start_slave(THD* thd , MASTER_INFO* mi, bool net_report) int thread_mask; DBUG_ENTER("start_slave"); - if (check_access(thd, SUPER_ACL, any_db)) + if (check_access(thd, SUPER_ACL, any_db,0,0,0)) DBUG_RETURN(1); lock_slave_threads(mi); // this allows us to cleanly read slave_running // Get a mask of _stopped_ threads @@ -789,7 +789,7 @@ int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report ) if (!thd) thd = current_thd; - if (check_access(thd, SUPER_ACL, any_db)) + if (check_access(thd, SUPER_ACL, any_db,0,0,0)) return 1; thd->proc_info = "Killing slave"; int thread_mask; diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 8ed4d6d7324..8550973ff88 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -73,10 +73,12 @@ mysqld_show_dbs(THD *thd,const char *wild) while ((file_name=it++)) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (thd->master_access & (DB_ACLS | SHOW_DB_ACL) || acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr, thd->priv_user, file_name,0) || (grant_option && !check_grant_db(thd, file_name))) +#endif { protocol->prepare_for_resend(); protocol->store(file_name, system_charset_info); @@ -437,6 +439,7 @@ mysql_find_files(THD *thd,List<char> *files, const char *db,const char *path, continue; } } +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Don't show tables where we don't have any privileges */ if (db && !(col_access & TABLE_ACLS)) { @@ -446,6 +449,7 @@ mysql_find_files(THD *thd,List<char> *files, const char *db,const char *path, if (check_grant(thd,TABLE_ACLS,&table_list,1,1)) continue; } +#endif if (files->push_back(thd->strdup(file->name))) { my_dirend(dirp); @@ -674,8 +678,9 @@ mysqld_show_fields(THD *thd, TABLE_LIST *table_list,const char *wild, } file=table->file; file->info(HA_STATUS_VARIABLE | HA_STATUS_NO_LOCK); +#ifndef NO_EMBEDDED_ACCESS_CHECKS (void) get_table_grant(thd, table_list); - +#endif List<Item> field_list; field_list.push_back(new Item_empty_string("Field",NAME_LEN)); field_list.push_back(new Item_empty_string("Type",40)); @@ -755,6 +760,7 @@ mysqld_show_fields(THD *thd, TABLE_LIST *table_list,const char *wild, { /* Add grant options & comments */ end=tmp; +#ifndef NO_EMBEDDED_ACCESS_CHECKS col_access= get_column_grant(thd,table_list,field) & COL_ACLS; for (uint bitnr=0; col_access ; col_access>>=1,bitnr++) { @@ -764,6 +770,9 @@ mysqld_show_fields(THD *thd, TABLE_LIST *table_list,const char *wild, end=strmov(end,grant_types.type_names[bitnr]); } } +#else + end=strmov(end,""); +#endif protocol->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1), system_charset_info); protocol->store(field->comment.str, field->comment.length, diff --git a/sql/sql_update.cc b/sql/sql_update.cc index 7430029a5e5..946107049dc 100644 --- a/sql/sql_update.cc +++ b/sql/sql_update.cc @@ -86,8 +86,10 @@ int mysql_update(THD *thd, /* Calculate "table->used_keys" based on the WHERE */ table->used_keys=table->keys_in_use; table->quick_keys=0; +#ifndef NO_EMBEDDED_ACCESS_CHECKS want_privilege=table->grant.want_privilege; table->grant.want_privilege=(SELECT_ACL & ~table->grant.privilege); +#endif bzero((char*) &tables,sizeof(tables)); // For ORDER BY tables.table= table; @@ -122,7 +124,9 @@ int mysql_update(THD *thd, } /* Check the fields we are going to modify */ +#ifndef NO_EMBEDDED_ACCESS_CHECKS table->grant.want_privilege=want_privilege; +#endif if (setup_fields(thd, 0, update_table_list, fields, 1, 0, 0)) DBUG_RETURN(-1); /* purecov: inspected */ if (table->timestamp_field) @@ -134,8 +138,10 @@ int mysql_update(THD *thd, table->timestamp_field->query_id=timestamp_query_id; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Check values */ table->grant.want_privilege=(SELECT_ACL & ~table->grant.privilege); +#endif if (setup_fields(thd, 0, update_table_list, values, 0, 0, 0)) { free_underlaid_joins(thd, &thd->lex.select_lex); @@ -418,7 +424,9 @@ int mysql_multi_update(THD *thd, TABLE_LIST *tl; DBUG_ENTER("mysql_multi_update"); +#ifndef NO_EMBEDDED_ACCESS_CHECKS table_list->grant.want_privilege=(SELECT_ACL & ~table_list->grant.privilege); +#endif if ((res=open_and_lock_tables(thd,table_list))) DBUG_RETURN(res); fix_tables_pointers(thd->lex.all_selects_list); |