diff options
| author | Marko Mäkelä <marko.makela@mariadb.com> | 2019-05-03 20:14:09 +0300 |
|---|---|---|
| committer | Marko Mäkelä <marko.makela@mariadb.com> | 2019-05-03 20:14:09 +0300 |
| commit | b6f4cccd191f7d98306db9ebc6e8667ec9e1ec79 (patch) | |
| tree | f530d85bd1ca8b3cb45f6b6d2b0e1e2ac6b24451 /extra | |
| parent | 779fb636daf4c127dbb90f75bab004ac1bbe12df (diff) | |
| parent | ce195987c3c995470992f16ca7a985796d6b65a6 (diff) | |
| download | mariadb-git-b6f4cccd191f7d98306db9ebc6e8667ec9e1ec79.tar.gz | |
Merge 10.2 into 10.3
Diffstat (limited to 'extra')
| -rw-r--r-- | extra/mariabackup/backup_copy.cc | 68 | ||||
| -rw-r--r-- | extra/mariabackup/xtrabackup.cc | 7 |
2 files changed, 74 insertions, 1 deletions
diff --git a/extra/mariabackup/backup_copy.cc b/extra/mariabackup/backup_copy.cc index abd9f710983..02998d9b5e5 100644 --- a/extra/mariabackup/backup_copy.cc +++ b/extra/mariabackup/backup_copy.cc @@ -986,6 +986,65 @@ run_data_threads(datadir_iter_t *it, os_thread_func_t func, uint n) return(ret); } +#ifdef _WIN32 +#include <windows.h> +#include <accctrl.h> +#include <aclapi.h> +/* + On Windows, fix permission of the file after "copyback" + We assume that after copyback, mysqld will run as service as NetworkService + user, thus well give full permission on given file to that user. +*/ + +static int fix_win_file_permissions(const char *file) +{ + struct { + TOKEN_USER tokenUser; + BYTE buffer[SECURITY_MAX_SID_SIZE]; + } tokenInfoBuffer; + HANDLE hFile = CreateFile(file, READ_CONTROL | WRITE_DAC, 0, NULL, OPEN_EXISTING, + FILE_FLAG_BACKUP_SEMANTICS, NULL); + if (hFile == INVALID_HANDLE_VALUE) + return -1; + ACL* pOldDACL; + SECURITY_DESCRIPTOR* pSD = NULL; + EXPLICIT_ACCESS ea = { 0 }; + BOOL isWellKnownSID = FALSE; + PSID pSid = NULL; + + GetSecurityInfo(hFile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, + &pOldDACL, NULL, (void**)&pSD); + DWORD size = SECURITY_MAX_SID_SIZE; + pSid = (PSID)tokenInfoBuffer.buffer; + if (!CreateWellKnownSid(WinNetworkServiceSid, NULL, pSid, + &size)) + { + return 1; + } + ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea.Trustee.ptstrName = (LPTSTR)pSid; + + ea.grfAccessMode = GRANT_ACCESS; + ea.grfAccessPermissions = GENERIC_ALL; + ea.grfInheritance = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE; + ea.Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN; + ACL* pNewDACL = 0; + DWORD err = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); + if (pNewDACL) + { + SetSecurityInfo(hFile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, + pNewDACL, NULL); + } + if (pSD != NULL) + LocalFree((HLOCAL)pSD); + if (pNewDACL != NULL) + LocalFree((HLOCAL)pNewDACL); + CloseHandle(hFile); + return 0; +} + +#endif + /************************************************************************ Copy file for backup/restore. @@ -1034,6 +1093,10 @@ copy_file(ds_ctxt_t *datasink, /* close */ msg(thread_n," ...done"); datafile_close(&cursor); +#ifdef _WIN32 + if (xtrabackup_copy_back || xtrabackup_move_back) + ut_a(!fix_win_file_permissions(dstfile->path)); +#endif if (ds_close(dstfile)) { goto error_close; } @@ -1104,7 +1167,10 @@ move_file(ds_ctxt_t *datasink, errbuf); return(false); } - +#ifdef _WIN32 + if (xtrabackup_copy_back || xtrabackup_move_back) + ut_a(!fix_win_file_permissions(dst_file_path_abs)); +#endif msg(thread_n," ...done"); return(true); diff --git a/extra/mariabackup/xtrabackup.cc b/extra/mariabackup/xtrabackup.cc index cad31bc2bed..8aa1743d20b 100644 --- a/extra/mariabackup/xtrabackup.cc +++ b/extra/mariabackup/xtrabackup.cc @@ -5755,6 +5755,13 @@ check_all_privileges() if (check_result & PRIVILEGE_ERROR) { mysql_close(mysql_connection); + msg("Current privileges, as reported by 'SHOW GRANTS': "); + int n=1; + for (std::list<std::string>::const_iterator it = granted_privileges.begin(); + it != granted_privileges.end(); + it++,n++) { + msg(" %d.%s", n, it->c_str()); + } die("Insufficient privileges"); } } |