diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2018-08-15 16:48:13 +0200 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2018-08-15 16:48:13 +0200 |
| commit | bcc677bb7264db08b22284998706b44c377ed8ec (patch) | |
| tree | edbffbf3a801c0fcc26f6bb6a0fc0b62d151fc87 /sql/mysqld.cc | |
| parent | b62ac161856570e9a0e92d17de1e3dd31d54410f (diff) | |
| parent | 1b797e9e6308913c2472f3e04ad253e95a35d59f (diff) | |
| download | mariadb-git-bcc677bb7264db08b22284998706b44c377ed8ec.tar.gz | |
Merge branch '5.5' into 10.0
Diffstat (limited to 'sql/mysqld.cc')
| -rw-r--r-- | sql/mysqld.cc | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 75d6cca7fda..9643f0699d1 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -1391,9 +1391,9 @@ static NTService Service; ///< Service object for WinNT #endif /* __WIN__ */ #ifdef _WIN32 +#include <sddl.h> /* ConvertStringSecurityDescriptorToSecurityDescriptor */ static char pipe_name[512]; static SECURITY_ATTRIBUTES saPipeSecurity; -static SECURITY_DESCRIPTOR sdPipeDescriptor; static HANDLE hPipe = INVALID_HANDLE_VALUE; #endif @@ -2491,21 +2491,20 @@ static void network_init(void) strxnmov(pipe_name, sizeof(pipe_name)-1, "\\\\.\\pipe\\", mysqld_unix_port, NullS); - bzero((char*) &saPipeSecurity, sizeof(saPipeSecurity)); - bzero((char*) &sdPipeDescriptor, sizeof(sdPipeDescriptor)); - if (!InitializeSecurityDescriptor(&sdPipeDescriptor, - SECURITY_DESCRIPTOR_REVISION)) + /* + Create a security descriptor for pipe. + - Use low integrity level, so that it is possible to connect + from any process. + - Give Everyone read/write access to pipe. + */ + if (!ConvertStringSecurityDescriptorToSecurityDescriptor( + "S:(ML;; NW;;; LW) D:(A;; FRFW;;; WD)", + SDDL_REVISION_1, &saPipeSecurity.lpSecurityDescriptor, NULL)) { sql_perror("Can't start server : Initialize security descriptor"); unireg_abort(1); } - if (!SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE)) - { - sql_perror("Can't start server : Set security descriptor"); - unireg_abort(1); - } saPipeSecurity.nLength = sizeof(SECURITY_ATTRIBUTES); - saPipeSecurity.lpSecurityDescriptor = &sdPipeDescriptor; saPipeSecurity.bInheritHandle = FALSE; if ((hPipe= CreateNamedPipe(pipe_name, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE, @@ -6397,6 +6396,7 @@ pthread_handler_t handle_connections_namedpipes(void *arg) create_new_thread(thd); set_current_thd(0); } + LocalFree(saPipeSecurity.lpSecurityDescriptor); CloseHandle(connectOverlapped.hEvent); DBUG_LEAVE; decrement_handler_count(); |