Merge branch '10.1' into 10.2

author: Sergei Golubchik <serg@mariadb.org> 2019-03-15 20:00:28 +0100
committer: Sergei Golubchik <serg@mariadb.org> 2019-03-15 21:00:41 +0100
commit: 0508d327aef520d3131ff8a85ed610337149fffc (patch)
tree: 7e04769f49b4aded9053adcad442fe00eb487d98 /sql/sql_acl.cc
parent: bb8c82c66abddf796e8d44f817518e5ab38ae6e4 (diff)
parent: 34db9958e28c325b0f708f78b7ff029de810d5ea (diff)
download: mariadb-git-0508d327aef520d3131ff8a85ed610337149fffc.tar.gz
1 files changed, 56 insertions, 57 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 537dcc77c8c..1d1cca0568e 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -8500,70 +8500,17 @@ static bool print_grants_for_role(THD *thd, ACL_ROLE * role)
 
 }
 
-/** checks privileges for SHOW GRANTS and SHOW CREATE USER
-
-  @note that in case of SHOW CREATE USER the parser guarantees
-  that a role can never happen here, so *rolename will never
-  be assigned to
-*/
-static bool check_show_access(THD *thd, LEX_USER *lex_user, char **username,
-                              char **hostname, char **rolename)
-{
-  DBUG_ENTER("check_show_access");
-
-  if (lex_user->user.str == current_user.str)
-  {
-    *username= thd->security_ctx->priv_user;
-    *hostname= thd->security_ctx->priv_host;
-  }
-  else if (lex_user->user.str == current_role.str)
-  {
-    *rolename= thd->security_ctx->priv_role;
-  }
-  else if (lex_user->user.str == current_user_and_current_role.str)
-  {
-    *username= thd->security_ctx->priv_user;
-    *hostname= thd->security_ctx->priv_host;
-    *rolename= thd->security_ctx->priv_role;
-  }
-  else
-  {
-    Security_context *sctx= thd->security_ctx;
-    bool do_check_access;
-
-    lex_user= get_current_user(thd, lex_user);
-    if (!lex_user)
-      DBUG_RETURN(TRUE);
-
-    if (lex_user->is_role())
-    {
-      *rolename= lex_user->user.str;
-      do_check_access= strcmp(*rolename, sctx->priv_role);
-    }
-    else
-    {
-      *username= lex_user->user.str;
-      *hostname= lex_user->host.str;
-      do_check_access= strcmp(*username, sctx->priv_user) ||
-                       strcmp(*hostname, sctx->priv_host);
-    }
-
-    if (do_check_access && check_access(thd, SELECT_ACL, "mysql", 0, 0, 1, 0))
-      DBUG_RETURN(TRUE);
-  }
-  DBUG_RETURN(FALSE);
-}
 
 bool mysql_show_create_user(THD *thd, LEX_USER *lex_user)
 {
-  char *username= NULL, *hostname= NULL;
+  const char *username= NULL, *hostname= NULL;
   char buff[1024]; //Show create user should not take more than 1024 bytes.
   Protocol *protocol= thd->protocol;
   bool error= false;
   ACL_USER *acl_user;
   DBUG_ENTER("mysql_show_create_user");
 
-  if (check_show_access(thd, lex_user, &username, &hostname, NULL))
+  if (get_show_user(thd, lex_user, &username, &hostname, NULL))
     DBUG_RETURN(TRUE);
 
   List<Item> field_list;
@@ -8635,6 +8582,57 @@ void mysql_show_grants_get_fields(THD *thd, List<Item> *fields,
   fields->push_back(field, thd->mem_root);
 }
 
+/** checks privileges for SHOW GRANTS and SHOW CREATE USER
+
+  @note that in case of SHOW CREATE USER the parser guarantees
+  that a role can never happen here, so *rolename will never
+  be assigned to
+*/
+bool get_show_user(THD *thd, LEX_USER *lex_user, const char **username,
+                   const char **hostname, const char **rolename)
+{
+  if (lex_user->user.str == current_user.str)
+  {
+    *username= thd->security_ctx->priv_user;
+    *hostname= thd->security_ctx->priv_host;
+    return 0;
+  }
+  if (lex_user->user.str == current_role.str)
+  {
+    *rolename= thd->security_ctx->priv_role;
+    return 0;
+  }
+  if (lex_user->user.str == current_user_and_current_role.str)
+  {
+    *username= thd->security_ctx->priv_user;
+    *hostname= thd->security_ctx->priv_host;
+    *rolename= thd->security_ctx->priv_role;
+    return 0;
+  }
+
+  Security_context *sctx= thd->security_ctx;
+  bool do_check_access;
+
+  if (!(lex_user= get_current_user(thd, lex_user)))
+    return 1;
+
+  if (lex_user->is_role())
+  {
+    *rolename= lex_user->user.str;
+    do_check_access= strcmp(*rolename, sctx->priv_role);
+  }
+  else
+  {
+    *username= lex_user->user.str;
+    *hostname= lex_user->host.str;
+    do_check_access= strcmp(*username, sctx->priv_user) ||
+                     strcmp(*hostname, sctx->priv_host);
+  }
+
+  if (do_check_access && check_access(thd, SELECT_ACL, "mysql", 0, 0, 1, 0))
+    return 1;
+  return 0;
+}
 
 /*
   SHOW GRANTS;  Send grants for a user to the client
@@ -8650,7 +8648,7 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
   ACL_ROLE *acl_role= NULL;
   char buff[1024];
   Protocol *protocol= thd->protocol;
-  char *username= NULL, *hostname= NULL, *rolename= NULL;
+  const char *username= NULL, *hostname= NULL, *rolename= NULL;
   DBUG_ENTER("mysql_show_grants");
 
   if (!initialized)
@@ -8659,8 +8657,9 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
     DBUG_RETURN(TRUE);
   }
 
-  if (check_show_access(thd, lex_user, &username, &hostname, &rolename))
+  if (get_show_user(thd, lex_user, &username, &hostname, &rolename))
     DBUG_RETURN(TRUE);
+
   DBUG_ASSERT(rolename || username);
 
   List<Item> field_list;
author	Sergei Golubchik <serg@mariadb.org>	2019-03-15 20:00:28 +0100
committer	Sergei Golubchik <serg@mariadb.org>	2019-03-15 21:00:41 +0100
commit	0508d327aef520d3131ff8a85ed610337149fffc (patch)
tree	7e04769f49b4aded9053adcad442fe00eb487d98 /sql/sql_acl.cc
parent	bb8c82c66abddf796e8d44f817518e5ab38ae6e4 (diff)
parent	34db9958e28c325b0f708f78b7ff029de810d5ea (diff)
download	mariadb-git-0508d327aef520d3131ff8a85ed610337149fffc.tar.gz