summaryrefslogtreecommitdiff
path: root/sql/sql_acl.cc
diff options
context:
space:
mode:
authorMarko Mäkelä <marko.makela@mariadb.com>2018-12-07 13:41:10 +0200
committerMarko Mäkelä <marko.makela@mariadb.com>2018-12-07 13:41:10 +0200
commit5e5deabdbcbd189f1242c493f0e1d534d8acbdb0 (patch)
tree2503f7d5fd257e7788a4b170f93dca9c887be5af /sql/sql_acl.cc
parent49a50a19a1b71ad24dcc36ca9b5d83e73706d235 (diff)
parentecd3a7e00de28d279ef180e1d4defa979e80f9e4 (diff)
downloadmariadb-git-5e5deabdbcbd189f1242c493f0e1d534d8acbdb0.tar.gz
Merge 10.1 into 10.2
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r--sql/sql_acl.cc125
1 files changed, 65 insertions, 60 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 4c2649cea56..50c9c33e8fa 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -711,7 +711,9 @@ bool ROLE_GRANT_PAIR::init(MEM_ROOT *mem, char *username,
/* Flag to mark that on_node was already called for this role */
#define ROLE_OPENED (1L << 3)
-static DYNAMIC_ARRAY acl_hosts, acl_users, acl_dbs, acl_proxy_users;
+static DYNAMIC_ARRAY acl_hosts, acl_users, acl_proxy_users;
+static Dynamic_array<ACL_DB> acl_dbs(0U,50U);
+typedef Dynamic_array<ACL_DB>::CMP_FUNC acl_dbs_cmp;
static HASH acl_roles;
/*
An hash containing mappings user <--> role
@@ -2191,12 +2193,11 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
db.access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL;
}
#endif
- (void) push_dynamic(&acl_dbs,(uchar*) &db);
+ acl_dbs.push(db);
}
- my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements,
- sizeof(ACL_DB),(qsort_cmp) acl_compare);
end_read_record(&read_record_info);
- freeze_size(&acl_dbs);
+ acl_dbs.sort((acl_dbs_cmp)acl_compare);
+ acl_dbs.freeze();
const Proxies_priv_table& proxies_priv_table= tables.proxies_priv_table();
if (proxies_priv_table.table_exists())
@@ -2275,7 +2276,7 @@ void acl_free(bool end)
free_root(&acl_memroot,MYF(0));
delete_dynamic(&acl_hosts);
delete_dynamic_with_callback(&acl_users, (FREE_FUNC) free_acl_user);
- delete_dynamic(&acl_dbs);
+ acl_dbs.free_memory();
delete_dynamic(&acl_wild_hosts);
delete_dynamic(&acl_proxy_users);
my_hash_free(&acl_check_hosts);
@@ -2313,7 +2314,8 @@ void acl_free(bool end)
bool acl_reload(THD *thd)
{
- DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_dbs, old_acl_proxy_users;
+ DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_proxy_users;
+ Dynamic_array<ACL_DB> old_acl_dbs(0U,0U);
HASH old_acl_roles, old_acl_roles_mappings;
MEM_ROOT old_mem;
int result;
@@ -2349,7 +2351,7 @@ bool acl_reload(THD *thd)
old_acl_dbs= acl_dbs;
my_init_dynamic_array(&acl_hosts, sizeof(ACL_HOST), 20, 50, MYF(0));
my_init_dynamic_array(&acl_users, sizeof(ACL_USER), 50, 100, MYF(0));
- my_init_dynamic_array(&acl_dbs, sizeof(ACL_DB), 50, 100, MYF(0));
+ acl_dbs.init(50, 100);
my_init_dynamic_array(&acl_proxy_users, sizeof(ACL_PROXY_USER), 50, 100, MYF(0));
my_hash_init2(&acl_roles,50, &my_charset_utf8_bin,
0, 0, 0, (my_hash_get_key) acl_role_get_key, 0,
@@ -2370,6 +2372,7 @@ bool acl_reload(THD *thd)
acl_roles_mappings= old_acl_roles_mappings;
acl_proxy_users= old_acl_proxy_users;
acl_dbs= old_acl_dbs;
+ old_acl_dbs.init(0,0);
acl_memroot= old_mem;
init_check_host();
}
@@ -2380,7 +2383,6 @@ bool acl_reload(THD *thd)
delete_dynamic(&old_acl_hosts);
delete_dynamic_with_callback(&old_acl_users, (FREE_FUNC) free_acl_user);
delete_dynamic(&old_acl_proxy_users);
- delete_dynamic(&old_acl_dbs);
my_hash_free(&old_acl_roles_mappings);
}
mysql_mutex_unlock(&acl_cache->lock);
@@ -2535,9 +2537,9 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
if (acl_user)
{
res= 0;
- for (i=0 ; i < acl_dbs.elements ; i++)
+ for (i=0 ; i < acl_dbs.elements() ; i++)
{
- ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*);
+ ACL_DB *acl_db= &acl_dbs.at(i);
if (!acl_db->user ||
(user && user[0] && !strcmp(user, acl_db->user)))
{
@@ -2566,9 +2568,9 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
if (acl_role)
{
res= 0;
- for (i=0 ; i < acl_dbs.elements ; i++)
+ for (i=0 ; i < acl_dbs.elements() ; i++)
{
- ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*);
+ ACL_DB *acl_db= &acl_dbs.at(i);
if (!acl_db->user ||
(user && user[0] && !strcmp(user, acl_db->user)))
{
@@ -2860,9 +2862,9 @@ static bool acl_update_db(const char *user, const char *host, const char *db,
bool updated= false;
- for (uint i=0 ; i < acl_dbs.elements ; i++)
+ for (uint i=0 ; i < acl_dbs.elements() ; i++)
{
- ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*);
+ ACL_DB *acl_db= &acl_dbs.at(i);
if ((!acl_db->user && !user[0]) ||
(acl_db->user &&
!strcmp(user,acl_db->user)))
@@ -2881,7 +2883,7 @@ static bool acl_update_db(const char *user, const char *host, const char *db,
acl_db->initial_access= acl_db->access;
}
else
- delete_dynamic_element(&acl_dbs,i);
+ acl_dbs.del(i);
updated= true;
}
}
@@ -2916,9 +2918,8 @@ static void acl_insert_db(const char *user, const char *host, const char *db,
acl_db.db=strdup_root(&acl_memroot,db);
acl_db.initial_access= acl_db.access= privileges;
acl_db.sort=get_sort(3,acl_db.host.hostname,acl_db.db,acl_db.user);
- (void) push_dynamic(&acl_dbs,(uchar*) &acl_db);
- my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements,
- sizeof(ACL_DB),(qsort_cmp) acl_compare);
+ acl_dbs.push(acl_db);
+ acl_dbs.sort((acl_dbs_cmp)acl_compare);
}
@@ -2964,9 +2965,9 @@ ulong acl_get(const char *host, const char *ip,
/*
Check if there are some access rights for database and user
*/
- for (i=0 ; i < acl_dbs.elements ; i++)
+ for (i=0 ; i < acl_dbs.elements() ; i++)
{
- ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*);
+ ACL_DB *acl_db= &acl_dbs.at(i);
if (!acl_db->user || !strcmp(user,acl_db->user))
{
if (compare_hostname(&acl_db->host,host,ip))
@@ -5830,9 +5831,9 @@ static bool merge_role_global_privileges(ACL_ROLE *grantee)
return old != grantee->access;
}
-static int db_name_sort(ACL_DB * const *db1, ACL_DB * const *db2)
+static int db_name_sort(const int *db1, const int *db2)
{
- return strcmp((*db1)->db, (*db2)->db);
+ return strcmp(acl_dbs.at(*db1).db, acl_dbs.at(*db2).db);
}
/**
@@ -5848,14 +5849,14 @@ static int db_name_sort(ACL_DB * const *db1, ACL_DB * const *db2)
2 - ACL_DB was added
4 - ACL_DB was deleted
*/
-static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *role)
+static int update_role_db(int merged, int first, ulong access, char *role)
{
- if (!first)
+ if (first < 0)
return 0;
DBUG_EXECUTE_IF("role_merge_stats", role_db_merges++;);
- if (merged == NULL)
+ if (merged < 0)
{
/*
there's no ACL_DB for this role (all db grants come from granted roles)
@@ -5870,11 +5871,11 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro
acl_db.user= role;
acl_db.host.hostname= const_cast<char*>("");
acl_db.host.ip= acl_db.host.ip_mask= 0;
- acl_db.db= first[0]->db;
+ acl_db.db= acl_dbs.at(first).db;
acl_db.access= access;
acl_db.initial_access= 0;
acl_db.sort=get_sort(3, "", acl_db.db, role);
- push_dynamic(&acl_dbs,(uchar*) &acl_db);
+ acl_dbs.push(acl_db);
return 2;
}
else if (access == 0)
@@ -5890,13 +5891,13 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro
2. it's O(N) operation, and we may need many of them
so we only mark elements deleted and will delete later.
*/
- merged->sort= 0; // lower than any valid ACL_DB sort value, will be sorted last
+ acl_dbs.at(merged).sort= 0; // lower than any valid ACL_DB sort value, will be sorted last
return 4;
}
- else if (merged->access != access)
+ else if (acl_dbs.at(merged).access != access)
{
/* this is easy */
- merged->access= access;
+ acl_dbs.at(merged).access= access;
return 1;
}
return 0;
@@ -5911,7 +5912,7 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro
static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
role_hash_t *rhash)
{
- Dynamic_array<ACL_DB *> dbs;
+ Dynamic_array<int> dbs;
/*
Supposedly acl_dbs can be huge, but only a handful of db grants
@@ -5919,9 +5920,9 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
Collect these applicable db grants.
*/
- for (uint i=0 ; i < acl_dbs.elements ; i++)
+ for (uint i=0 ; i < acl_dbs.elements() ; i++)
{
- ACL_DB *db= dynamic_element(&acl_dbs,i,ACL_DB*);
+ ACL_DB *db= &acl_dbs.at(i);
if (db->host.hostname[0])
continue;
if (dbname && strcmp(db->db, dbname))
@@ -5929,7 +5930,7 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
ACL_ROLE *r= rhash->find(db->user, strlen(db->user));
if (!r)
continue;
- dbs.append(db);
+ dbs.append(i);
}
dbs.sort(db_name_sort);
@@ -5938,21 +5939,21 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
(that should be merged) are sorted together. The grantee's ACL_DB element
is not necessarily the first and may be not present at all.
*/
- ACL_DB **first= NULL, *merged= NULL;
+ int first= -1, merged= -1;
ulong access= 0, update_flags= 0;
- for (ACL_DB **cur= dbs.front(); cur <= dbs.back(); cur++)
+ for (int *p= dbs.front(); p <= dbs.back(); p++)
{
- if (!first || (!dbname && strcmp(cur[0]->db, cur[-1]->db)))
+ if (first<0 || (!dbname && strcmp(acl_dbs.at(*p).db, acl_dbs.at(*p-1).db)))
{ // new db name series
update_flags|= update_role_db(merged, first, access, grantee->user.str);
- merged= NULL;
+ merged= -1;
access= 0;
- first= cur;
+ first= *p;
}
- if (strcmp(cur[0]->user, grantee->user.str) == 0)
- access|= (merged= cur[0])->initial_access;
+ if (strcmp(acl_dbs.at(*p).user, grantee->user.str) == 0)
+ access|= acl_dbs.at(merged= *p).initial_access;
else
- access|= cur[0]->access;
+ access|= acl_dbs.at(*p).access;
}
update_flags|= update_role_db(merged, first, access, grantee->user.str);
@@ -5965,14 +5966,12 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
*/
if (update_flags & (2|4))
{ // inserted or deleted, need to sort
- my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements,
- sizeof(ACL_DB),(qsort_cmp) acl_compare);
+ acl_dbs.sort((acl_dbs_cmp)acl_compare);
}
if (update_flags & 4)
{ // deleted, trim the end
- while (acl_dbs.elements &&
- dynamic_element(&acl_dbs, acl_dbs.elements-1, ACL_DB*)->sort == 0)
- acl_dbs.elements--;
+ while (acl_dbs.elements() && acl_dbs.back()->sort == 0)
+ acl_dbs.pop();
}
return update_flags;
}
@@ -8862,16 +8861,14 @@ static bool show_database_privileges(THD *thd, const char *username,
const char *hostname,
char *buff, size_t buffsize)
{
- ACL_DB *acl_db;
ulong want_access;
- uint counter;
Protocol *protocol= thd->protocol;
- for (counter=0 ; counter < acl_dbs.elements ; counter++)
+ for (uint i=0 ; i < acl_dbs.elements() ; i++)
{
const char *user, *host;
- acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
+ ACL_DB *acl_db= &acl_dbs.at(i);
user= safe_str(acl_db->user);
host=acl_db->host.hostname;
@@ -9629,7 +9626,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
elements= acl_users.elements;
break;
case DB_ACL:
- elements= acl_dbs.elements;
+ elements= acl_dbs.elements();
break;
case COLUMN_PRIVILEGES_HASH:
grant_name_hash= &column_priv_hash;
@@ -9673,7 +9670,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
break;
case DB_ACL:
- acl_db= dynamic_element(&acl_dbs, idx, ACL_DB*);
+ acl_db= &acl_dbs.at(idx);
user= acl_db->user;
host= acl_db->host.hostname;
break;
@@ -9757,7 +9754,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
break;
case DB_ACL:
- delete_dynamic_element(&acl_dbs, idx);
+ acl_dbs.del(idx);
break;
case COLUMN_PRIVILEGES_HASH:
@@ -10597,11 +10594,11 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
*/
do
{
- for (counter= 0, revoked= 0 ; counter < acl_dbs.elements ; )
+ for (counter= 0, revoked= 0 ; counter < acl_dbs.elements() ; )
{
const char *user,*host;
- acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
+ acl_db=&acl_dbs.at(counter);
user= safe_str(acl_db->user);
host= safe_str(acl_db->host.hostname);
@@ -11223,6 +11220,14 @@ static int show_column_grants(THD *thd, SHOW_VAR *var, char *buff,
return 0;
}
+static int show_database_grants(THD *thd, SHOW_VAR *var, char *buff,
+ enum enum_var_type scope)
+{
+ var->type= SHOW_UINT;
+ var->value= buff;
+ *(uint *)buff= acl_dbs.elements();
+ return 0;
+}
#else
bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
@@ -11234,7 +11239,7 @@ bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
SHOW_VAR acl_statistics[] = {
#ifndef NO_EMBEDDED_ACCESS_CHECKS
{"column_grants", (char*)show_column_grants, SHOW_SIMPLE_FUNC},
- {"database_grants", (char*)&acl_dbs.elements, SHOW_UINT},
+ {"database_grants", (char*)show_database_grants, SHOW_SIMPLE_FUNC},
{"function_grants", (char*)&func_priv_hash.records, SHOW_ULONG},
{"procedure_grants", (char*)&proc_priv_hash.records, SHOW_ULONG},
{"proxy_users", (char*)&acl_proxy_users.elements, SHOW_UINT},
@@ -11505,11 +11510,11 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
DBUG_RETURN(0);
mysql_mutex_lock(&acl_cache->lock);
- for (counter=0 ; counter < acl_dbs.elements ; counter++)
+ for (counter=0 ; counter < acl_dbs.elements() ; counter++)
{
const char *user, *host, *is_grantable="YES";
- acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
+ acl_db=&acl_dbs.at(counter);
user= safe_str(acl_db->user);
host= safe_str(acl_db->host.hostname);
View Lorry Controller Status