SCRUM:

WL#604 Privileges in embedded library
code added to check privileges in embedded library
NO_EMBEDDED_ACCESS_CHECKS macros inserted in code so we can exclude
access-checking parts. Actually we now can exclude these parts from
standalone server as well. Do we need it?
Access checks are disabled in embedded server by default. One should
edit libmysqld/Makefile manually to get this working.
We definitely need the separate configure for embedded server


include/mysql.h:
  options added so user of embedded library can set the client host
  it will work as if the usual client connects from this host
libmysqld/Makefile.am:
  Usually one doesn't need access checking in embedded library
  we definitely should separate configure for embedded server
libmysqld/lib_sql.cc:
  necessary code for getting passwords and access checks added
libmysqld/libmysqld.c:
  code #ifdef-ed - we use this only when we check permissions
sql-common/client.c:
  one mysql_close left now
sql/item_strfunc.cc:
  #ifndef-s added
sql/log.cc:
  #ifndef-s added
sql/mysql_priv.h:
  #ifndef-s added
  also i removed default parameters from check_access and check_table_access
  definitions to set definitions working
sql/mysqld.cc:
  #ifndef-s added
  localhost renamed to my_localhost
sql/repl_failsafe.cc:
  parameters added
sql/set_var.cc:
  #ifndef-s added
sql/sql_acl.cc:
  #ifndef-s added
sql/sql_acl.h:
  #ifndef-s added
sql/sql_base.cc:
  #ifndef-s added
sql/sql_cache.cc:
  #ifndef-s added
sql/sql_class.cc:
  #ifndef-s added
sql/sql_db.cc:
  #ifndef-s added
sql/sql_derived.cc:
  #ifndef-s added
sql/sql_insert.cc:
  #ifndef-s added
sql/sql_parse.cc:
  a horde of #ifndef-s added
sql/sql_prepare.cc:
  #ifndef-s added
sql/sql_repl.cc:
  parameters added
sql/sql_show.cc:
  #ifndef-s added
sql/sql_update.cc:
  #ifndef-s added

3 files changed, 91 insertions, 86 deletions

diff --git a/libmysqld/Makefile.am b/libmysqld/Makefile.am
index b22ff9e5001..09b03bce79a 100644
--- a/libmysqld/Makefile.am
+++ b/libmysqld/Makefile.am
@@ -22,6 +22,7 @@ MYSQLSHAREdir =		$(pkgdatadir)
 MYSQLBASEdir=		$(prefix)
 
 DEFS =			-DEMBEDDED_LIBRARY -DMYSQL_SERVER \
+			-DNO_EMBEDDED_ACCESS_CHECKS \
 			-DDEFAULT_MYSQL_HOME="\"$(MYSQLBASEdir)\"" \
 			-DDATADIR="\"$(MYSQLDATAdir)\"" \
 			-DSHAREDIR="\"$(MYSQLSHAREdir)\""
diff --git a/libmysqld/lib_sql.cc b/libmysqld/lib_sql.cc
index 6b099158ae0..8cc7a5029b0 100644
--- a/libmysqld/lib_sql.cc
+++ b/libmysqld/lib_sql.cc
@@ -33,6 +33,9 @@ static const char *fake_groups[] = { "server", "embedded", 0 };
 #include "../sql/mysqld.cc"
 #endif
 
+int check_user(THD *thd, enum enum_server_command command, 
+	       const char *passwd, uint passwd_len, const char *db,
+	       bool check_count);
 C_MODE_START
 #include <mysql.h>
 #undef ER
@@ -42,14 +45,6 @@ C_MODE_START
 static my_bool  org_my_init_done;
 my_bool         server_inited;
 
-static int check_connections1(THD * thd);
-static int check_connections2(THD * thd);
-static bool check_user(THD *thd, enum_server_command command,
-		       const char *user, const char *passwd, const char *db,
-		       bool check_count);
-char * get_mysql_home(){ return mysql_home;};
-char * get_mysql_real_data_home(){ return mysql_real_data_home;};
-
 static my_bool STDCALL
 emb_advanced_command(MYSQL *mysql, enum enum_server_command command,
 		     const char *header, ulong header_length,
@@ -217,34 +212,6 @@ void THD::clear_error()
   net.report_error= 0;
 }
 
-static bool check_user(THD *thd,enum_server_command command, const char *user,
-		       const char *passwd, const char *db, bool check_count)
-{
-  thd->db=0;
-
-  if (!(thd->user = my_strdup(user, MYF(0))))
-  {
-    send_error(thd,ER_OUT_OF_RESOURCES);
-    return 1;
-  }
-  thd->master_access= ~0L;			// No user checking
-  thd->priv_user= thd->user;
-  mysql_log.write(thd,command,
-		  (thd->priv_user == thd->user ?
-		   (char*) "%s@%s on %s" :
-		   (char*) "%s@%s as anonymous on %s"),
-		  user,
-		  thd->host_or_ip,
-		  db ? db : (char*) "");
-  thd->db_access=0;
-  if (db && db[0])
-    return test(mysql_change_db(thd,db));
-  else
-    send_ok(thd);				// Ready to handle questions
-  return 0;					// ok
-}
-
-
 /*
   Make a copy of array and the strings array points to
 */
@@ -339,7 +306,7 @@ int STDCALL mysql_server_init(int argc, char **argv, char **groups)
 
   error_handler_hook = my_message_sql;
 
-  opt_noacl = 1;				// No permissions
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
   if (acl_init((THD *)0, opt_noacl))
   {
     mysql_server_end();
@@ -347,11 +314,16 @@ int STDCALL mysql_server_init(int argc, char **argv, char **groups)
   }
   if (!opt_noacl)
     (void) grant_init((THD *)0);
+
+#endif
+
   init_max_user_conn();
   init_update_queries();
 
 #ifdef HAVE_DLOPEN
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
   if (!opt_noacl)
+#endif
     udf_init();
 #endif
 
@@ -444,8 +416,10 @@ void *create_embedded_thd(int client_flag, char *db)
 
   thd->db= db;
   thd->db_length= db ? strip_sp(db) : 0;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
   thd->db_access= DB_ACLS;
   thd->master_access= ~NO_ACCESS;
+#endif
   thd->net.query_cache_query= 0;
 
   thd->data= 0;
@@ -453,6 +427,51 @@ void *create_embedded_thd(int client_flag, char *db)
   return thd;
 }
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+int check_embedded_connection(MYSQL *mysql)
+{
+  THD *thd= (THD*)mysql->thd;
+  int result;
+  char scramble_buff[SCRAMBLE_LENGTH];
+  int passwd_len;
+
+  thd->host= mysql->options.client_ip ?
+    mysql->options.client_ip : (char*)my_localhost;
+  thd->ip= thd->host;
+  thd->host_or_ip= thd->host;
+
+  if (acl_check_host(thd->host,thd->ip))
+  {
+    result= ER_HOST_NOT_PRIVILEGED;
+    goto err;
+  }
+
+  thd->user= mysql->user;
+  if (mysql->passwd && mysql->passwd[0])
+  {
+    memset(thd->scramble, 55, SCRAMBLE_LENGTH); // dummy scramble
+    thd->scramble[SCRAMBLE_LENGTH]= 0;
+    scramble(scramble_buff, thd->scramble, mysql->passwd);
+    passwd_len= SCRAMBLE_LENGTH;
+  }
+  else
+    passwd_len= 0;
+
+  if((result= check_user(thd, COM_CONNECT, 
+			 scramble_buff, passwd_len, thd->db, true)))
+     goto err;
+
+  return 0;
+err:
+  {
+    NET *net= &mysql->net;
+    memcpy(net->last_error, thd->net.last_error, sizeof(net->last_error));
+    memcpy(net->sqlstate, thd->net.sqlstate, sizeof(net->sqlstate));
+  }
+  return result;
+}
+#endif
+
 C_MODE_END
 
 bool Protocol::send_fields(List<Item> *list, uint flag)
diff --git a/libmysqld/libmysqld.c b/libmysqld/libmysqld.c
index 67dc00e4c1b..e3a46733288 100644
--- a/libmysqld/libmysqld.c
+++ b/libmysqld/libmysqld.c
@@ -146,12 +146,17 @@ static inline int mysql_init_charset(MYSQL *mysql)
   return 0;
 }
 
+int check_embedded_connection(MYSQL *mysql);
+
 MYSQL * STDCALL
 mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
 		   const char *passwd, const char *db,
 		   uint port, const char *unix_socket,ulong client_flag)
 {
-  char          *db_name;
+  char *db_name;
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  char name_buff[USERNAME_LENGTH];
+#endif
   DBUG_ENTER("mysql_real_connect");
   DBUG_PRINT("enter",("host: %s  db: %s  user: %s",
 		      host ? host : "(Null)",
@@ -190,6 +195,29 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
   if (!db || !db[0])
     db=mysql->options.db;
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  if (!user || !user[0])
+    user=mysql->options.user;
+
+  if (!passwd)
+  {
+    passwd=mysql->options.password;
+#if !defined(DONT_USE_MYSQL_PWD)
+    if (!passwd)
+      passwd=getenv("MYSQL_PWD");		/* get it from environment */
+#endif
+  }
+  if (!user || !user[0])
+  {
+    read_user_name(name_buff);
+    if (!name_buff[0])
+      user= name_buff;
+  }
+
+  mysql->user=my_strdup(user,MYF(0));
+  mysql->passwd= passwd ? my_strdup(passwd,MYF(0)) : NULL;
+#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
+
   port=0;
   unix_socket=0;
   db_name = db ? my_strdup(db,MYF(MY_WME)) : NULL;
@@ -198,6 +226,11 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
 
   init_embedded_mysql(mysql, client_flag, db_name);
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  if (check_embedded_connection(mysql))
+    goto error;
+#endif
+
   if (mysql_init_charset(mysql))
     goto error;
 
@@ -245,51 +278,3 @@ error:
   DBUG_RETURN(0);
 }
 
-
-/*************************************************************************
-** Send a QUIT to the server and close the connection
-** If handle is alloced by mysql connect free it.
-*************************************************************************/
-
-void STDCALL mysql_close(MYSQL *mysql)
-{
-  DBUG_ENTER("mysql_close");
-  if (mysql)					/* Some simple safety */
-  {
-    if (mysql->methods != &embedded_methods)
-    {
-      cli_mysql_close(mysql);
-      DBUG_VOID_RETURN;
-    }
-
-    my_free(mysql->options.user,MYF(MY_ALLOW_ZERO_PTR));
-    my_free(mysql->options.host,MYF(MY_ALLOW_ZERO_PTR));
-    my_free(mysql->options.password,MYF(MY_ALLOW_ZERO_PTR));
-    my_free(mysql->options.unix_socket,MYF(MY_ALLOW_ZERO_PTR));
-    my_free(mysql->options.db,MYF(MY_ALLOW_ZERO_PTR));
-    my_free(mysql->options.my_cnf_file,MYF(MY_ALLOW_ZERO_PTR));
-    my_free(mysql->options.my_cnf_group,MYF(MY_ALLOW_ZERO_PTR));
-    my_free(mysql->options.charset_dir,MYF(MY_ALLOW_ZERO_PTR));
-    my_free(mysql->options.charset_name,MYF(MY_ALLOW_ZERO_PTR));
-    if (mysql->options.init_commands)
-    {
-      DYNAMIC_ARRAY *init_commands= mysql->options.init_commands;
-      char **ptr= (char**)init_commands->buffer;
-      char **end= ptr + init_commands->elements;
-      for (; ptr<end; ptr++)
-	my_free(*ptr,MYF(MY_WME));
-      delete_dynamic(init_commands);
-      my_free((char*)init_commands,MYF(MY_WME));
-    }
-    /* Clear pointers for better safety */
-    bzero((char*) &mysql->options,sizeof(mysql->options));
-#ifdef HAVE_OPENSSL
-    ((VioConnectorFd*)(mysql->connector_fd))->delete();
-    mysql->connector_fd = 0;
-#endif /* HAVE_OPENSSL */
-    if (mysql->free_me)
-      my_free((gptr) mysql,MYF(0));
-  }
-  DBUG_VOID_RETURN;
-}
-