diff options
| author | unknown <bell@sanja.is.com.ua> | 2005-09-15 22:29:07 +0300 |
|---|---|---|
| committer | unknown <bell@sanja.is.com.ua> | 2005-09-15 22:29:07 +0300 |
| commit | 84f029a448fc822f2fa150ab13e61b233b1e4027 (patch) | |
| tree | fc6da649fdbafccdf434cac04cebe418f638185d /sql/sp_head.cc | |
| parent | fbe338f4b009c8f0057645bdfae9b981a346dbc3 (diff) | |
| download | mariadb-git-84f029a448fc822f2fa150ab13e61b233b1e4027.tar.gz | |
WL#2787 (part 2, ver 3 (merged)) changed securety context switching
libmysqld/lib_sql.cc:
changed securety context switching
mysql-test/r/rpl_sp.result:
now it show real information from changed security context of SP (checked)
sql/ha_innodb.cc:
changed securety context switching
sql/item.cc:
changed securety context switching
sql/item_func.cc:
changed securety context switching
sql/item_strfunc.cc:
changed securety context switching
sql/log.cc:
changed securety context switching
sql/mysql_priv.h:
changed securety context switching
sql/mysqld.cc:
changed securety context switching
sql/repl_failsafe.cc:
changed securety context switching
sql/set_var.cc:
changed securety context switching
sql/slave.cc:
changed securety context switching
sql/sp.cc:
changed securety context switching
sql/sp_head.cc:
changed securety context switching
in case of inability to switch context we return error now
sql/sp_head.h:
changed securety context switching
sql/sql_acl.cc:
changed securety context switching
sql/sql_acl.h:
changed securety context switching
sql/sql_base.cc:
changed securety context switching
sql/sql_class.cc:
changed securety context switching
sql/sql_class.h:
changed securety context switching
sql/sql_db.cc:
changed securety context switching
sql/sql_insert.cc:
changed securety context switching
sql/sql_parse.cc:
changed securety context switching
sql/sql_show.cc:
changed securety context switching
sql/sql_trigger.cc:
changed securety context switching
sql/sql_view.cc:
changed securety context switching
sql/sql_yacc.yy:
changed securety context switching
Diffstat (limited to 'sql/sp_head.cc')
| -rw-r--r-- | sql/sp_head.cc | 68 |
1 files changed, 27 insertions, 41 deletions
diff --git a/sql/sp_head.cc b/sql/sp_head.cc index 1a7599d7bbc..0d481047849 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -1636,8 +1636,10 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access) tables.db= (char*) "mysql"; tables.table_name= tables.alias= (char*) "proc"; *full_access= (!check_table_access(thd, SELECT_ACL, &tables, 1) || - (!strcmp(sp->m_definer_user.str, thd->priv_user) && - !strcmp(sp->m_definer_host.str, thd->priv_host))); + (!strcmp(sp->m_definer_user.str, + thd->security_ctx->priv_user) && + !strcmp(sp->m_definer_host.str, + thd->security_ctx->priv_host))); if (!*full_access) return check_some_routine_access(thd, sp->m_db.str, sp->m_name.str, sp->m_type == TYPE_ENUM_PROCEDURE); @@ -2645,54 +2647,38 @@ sp_instr_error::print(String *str) */ #ifndef NO_EMBEDDED_ACCESS_CHECKS -void -sp_change_security_context(THD *thd, sp_head *sp, st_sp_security_context *ctxp) +bool +sp_change_security_context(THD *thd, sp_head *sp, st_security_context **backup) { - ctxp->changed= (sp->m_chistics->suid != SP_IS_NOT_SUID && - (strcmp(sp->m_definer_user.str, thd->priv_user) || - strcmp(sp->m_definer_host.str, thd->priv_host))); + bool changed= (sp->m_chistics->suid != SP_IS_NOT_SUID && + (strcmp(sp->m_definer_user.str, + thd->security_ctx->priv_user) || + my_strcasecmp(system_charset_info, sp->m_definer_host.str, + thd->security_ctx->priv_host))); - if (ctxp->changed) + *backup= 0; + if (changed) { - ctxp->master_access= thd->master_access; - ctxp->db_access= thd->db_access; - ctxp->priv_user= thd->priv_user; - strncpy(ctxp->priv_host, thd->priv_host, sizeof(ctxp->priv_host)); - ctxp->user= thd->user; - ctxp->host= thd->host; - ctxp->ip= thd->ip; - - /* Change thise just to do the acl_getroot_no_password */ - thd->user= sp->m_definer_user.str; - thd->host= thd->ip = sp->m_definer_host.str; - - if (acl_getroot_no_password(thd)) - { // Failed, run as invoker for now - ctxp->changed= FALSE; - thd->master_access= ctxp->master_access; - thd->db_access= ctxp->db_access; - thd->priv_user= ctxp->priv_user; - strncpy(thd->priv_host, ctxp->priv_host, sizeof(thd->priv_host)); + if (acl_getroot_no_password(&sp->m_security_ctx, sp->m_definer_user.str, + sp->m_definer_host.str, + sp->m_definer_host.str, + sp->m_db.str)) + { + my_error(ER_NO_SUCH_USER, MYF(0), sp->m_definer_user.str, + sp->m_definer_host.str); + return TRUE; } - - /* Restore these immiediately */ - thd->user= ctxp->user; - thd->host= ctxp->host; - thd->ip= ctxp->ip; + *backup= thd->security_ctx; + thd->security_ctx= &sp->m_security_ctx; } + return FALSE; } void -sp_restore_security_context(THD *thd, sp_head *sp, st_sp_security_context *ctxp) +sp_restore_security_context(THD *thd, st_security_context *backup) { - if (ctxp->changed) - { - ctxp->changed= FALSE; - thd->master_access= ctxp->master_access; - thd->db_access= ctxp->db_access; - thd->priv_user= ctxp->priv_user; - strncpy(thd->priv_host, ctxp->priv_host, sizeof(thd->priv_host)); - } + if (backup) + thd->security_ctx= backup; } #endif /* NO_EMBEDDED_ACCESS_CHECKS */ |