diff options
| author | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2017-10-17 15:33:19 +0300 |
|---|---|---|
| committer | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2017-10-17 15:33:19 +0300 |
| commit | 4090ef820e869608e6f67f8a590b9fea427b73d5 (patch) | |
| tree | 91456dcfaa4e1c9407e80715b50741c5573a5783 | |
| parent | 9a791c9c8d75116d3d15bebb4df198b122b98f97 (diff) | |
| download | mariadb-git-4090ef820e869608e6f67f8a590b9fea427b73d5.tar.gz | |
Fix check_role_is_granted for embedded
| -rw-r--r-- | sql/sql_acl.cc | 74 |
1 files changed, 39 insertions, 35 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 8de6bb920a9..177b4517904 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8264,41 +8264,6 @@ static int check_role_is_granted_callback(ACL_USER_BASE *grantee, void *data) return 0; } -/* Check if a role is granted to a user/role. We traverse the role graph - and return true if we find a match. - - hostname == NULL means we are looking for a role as a starting point, - otherwise a user. -*/ -bool check_role_is_granted(const char *username, - const char *hostname, - const char *rolename) -{ - DBUG_ENTER("check_role_is_granted"); - ACL_USER_BASE *root; - bool result= false; - mysql_mutex_lock(&acl_cache->lock); - if (hostname) - root= find_user_exact(username, hostname); - else - root= find_acl_role(username); - - LEX_CSTRING role_lex; - role_lex.str= rolename; - role_lex.length= strlen(rolename); - - if (root && /* No grantee, nothing to search. */ - traverse_role_graph_down(root, &role_lex, check_role_is_granted_callback, - NULL) == -1) - { - /* We have found the role during our search. */ - result= true; - } - - /* We haven't found the role or we had no initial grantee to start from. */ - mysql_mutex_unlock(&acl_cache->lock); - DBUG_RETURN(result); -} /* Open the grant tables. @@ -10213,6 +10178,45 @@ applicable_roles_insert(ACL_USER_BASE *grantee, ACL_ROLE *role, void *ptr) #endif /*NO_EMBEDDED_ACCESS_CHECKS */ +/* Check if a role is granted to a user/role. We traverse the role graph + and return true if we find a match. + + hostname == NULL means we are looking for a role as a starting point, + otherwise a user. +*/ +bool check_role_is_granted(const char *username, + const char *hostname, + const char *rolename) +{ + DBUG_ENTER("check_role_is_granted"); + bool result= false; +#ifndef NO_EMBEDDED_ACCESS_CHECKS + ACL_USER_BASE *root; + mysql_mutex_lock(&acl_cache->lock); + if (hostname) + root= find_user_exact(username, hostname); + else + root= find_acl_role(username); + + LEX_CSTRING role_lex; + role_lex.str= rolename; + role_lex.length= strlen(rolename); + + if (root && /* No grantee, nothing to search. */ + traverse_role_graph_down(root, &role_lex, check_role_is_granted_callback, + NULL) == -1) + { + /* We have found the role during our search. */ + result= true; + } + + /* We haven't found the role or we had no initial grantee to start from. */ + mysql_mutex_unlock(&acl_cache->lock); +#endif + DBUG_RETURN(result); +} + + int fill_schema_enabled_roles(THD *thd, TABLE_LIST *tables, COND *cond) { TABLE *table= tables->table; |