diff options
| author | Vicențiu Ciorbaru <cvicentiu@gmail.com> | 2022-01-06 14:40:51 +0200 |
|---|---|---|
| committer | Vicențiu Ciorbaru <cvicentiu@gmail.com> | 2022-02-28 17:02:58 +0200 |
| commit | 314f1f8cd7caf136883002bb6863c49a24c3192d (patch) | |
| tree | 57154d105f3a7efac53c50feea613779c97d455d | |
| parent | 88e0476fb7ef32e16a0c3df4bea6b461a4defb8d (diff) | |
| download | mariadb-git-314f1f8cd7caf136883002bb6863c49a24c3192d.tar.gz | |
cleanup: check_grant_db doesn't need THD as parameter, only Security_ctx
| -rw-r--r-- | sql/sql_acl.cc | 17 | ||||
| -rw-r--r-- | sql/sql_acl.h | 2 | ||||
| -rw-r--r-- | sql/sql_db.cc | 2 | ||||
| -rw-r--r-- | sql/sql_show.cc | 6 |
4 files changed, 12 insertions, 15 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 145be8417fc..de9d1e132af 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3238,7 +3238,7 @@ static bool check_show_access(THD *thd, TABLE_LIST *table) &thd->col_access, NULL, FALSE, FALSE)) return TRUE; - if (!thd->col_access && check_grant_db(thd, dst_db_name)) + if (!thd->col_access && check_grant_db(thd->security_ctx, dst_db_name)) { status_var_increment(thd->status_var.access_denied_errors); my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), @@ -9383,10 +9383,8 @@ err: } -static bool check_grant_db_routine(THD *thd, const char *db, HASH *hash) +static bool check_grant_db_routine(Security_context *sctx, const char *db, HASH *hash) { - Security_context *sctx= thd->security_ctx; - for (uint idx= 0; idx < hash->records; ++idx) { GRANT_NAME *item= (GRANT_NAME*) my_hash_element(hash, idx); @@ -9415,9 +9413,8 @@ static bool check_grant_db_routine(THD *thd, const char *db, HASH *hash) Return 1 if access is denied */ -bool check_grant_db(THD *thd, const char *db) +bool check_grant_db(Security_context *sctx, const char *db) { - Security_context *sctx= thd->security_ctx; char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2], *end; char helping2 [SAFE_NAME_LEN + USERNAME_LENGTH+2], *tmp_db; uint len, UNINIT_VAR(len2); @@ -9472,10 +9469,10 @@ bool check_grant_db(THD *thd, const char *db) } if (error) - error= check_grant_db_routine(thd, db, &proc_priv_hash) && - check_grant_db_routine(thd, db, &func_priv_hash) && - check_grant_db_routine(thd, db, &package_spec_priv_hash) && - check_grant_db_routine(thd, db, &package_body_priv_hash); + error= check_grant_db_routine(sctx, db, &proc_priv_hash) && + check_grant_db_routine(sctx, db, &func_priv_hash) && + check_grant_db_routine(sctx, db, &package_spec_priv_hash) && + check_grant_db_routine(sctx, db, &package_body_priv_hash); mysql_rwlock_unlock(&LOCK_grant); diff --git a/sql/sql_acl.h b/sql/sql_acl.h index c33dc58dc21..e5d370b1d0f 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -101,7 +101,7 @@ bool check_grant_all_columns(THD *thd, privilege_t want_access, bool check_grant_routine(THD *thd, privilege_t want_access, TABLE_LIST *procs, const Sp_handler *sph, bool no_error); -bool check_grant_db(THD *thd,const char *db); +bool check_grant_db(Security_context *sctx, const char *db); bool check_global_access(THD *thd, const privilege_t want_access, bool no_errors= false); bool check_access(THD *thd, privilege_t want_access, const char *db, privilege_t *save_priv, diff --git a/sql/sql_db.cc b/sql/sql_db.cc index c9f74b9f182..aff9c108e97 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -1782,7 +1782,7 @@ uint mysql_change_db(THD *thd, const LEX_CSTRING *new_db_name, if (!force_switch && !(db_access & DB_ACLS) && - check_grant_db(thd, new_db_file_name.str)) + check_grant_db(thd->security_ctx, new_db_file_name.str)) { my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), sctx->priv_user, diff --git a/sql/sql_show.cc b/sql/sql_show.cc index e5e2377621b..8d3da015d34 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -1405,7 +1405,7 @@ bool mysqld_show_create_db(THD *thd, LEX_CSTRING *dbname, db_access= sctx->master_access | acl_get_current_auth(sctx, dbname->str, false); - if (!(db_access & DB_ACLS) && check_grant_db(thd,dbname->str)) + if (!(db_access & DB_ACLS) && check_grant_db(sctx, dbname->str)) { status_var_increment(thd->status_var.access_denied_errors); my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), @@ -5237,7 +5237,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) #ifndef NO_EMBEDDED_ACCESS_CHECKS if (!(check_access(thd, SELECT_ACL, db_name->str, &thd->col_access, NULL, 0, 1) || - (!thd->col_access && check_grant_db(thd, db_name->str))) || + (!thd->col_access && check_grant_db(sctx, db_name->str))) || sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || acl_get_current_auth(sctx, db_name->str, false)) #endif @@ -5431,7 +5431,7 @@ int fill_schema_schemata(THD *thd, TABLE_LIST *tables, COND *cond) #ifndef NO_EMBEDDED_ACCESS_CHECKS if (sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || acl_get_current_auth(sctx, db_name->str, false) || - !check_grant_db(thd, db_name->str)) + !check_grant_db(sctx, db_name->str)) #endif { load_db_opt_by_name(thd, db_name->str, &create); |