diff options
| author | unknown <hf@deer.(none)> | 2003-09-26 15:40:26 +0500 |
|---|---|---|
| committer | unknown <hf@deer.(none)> | 2003-09-26 15:40:26 +0500 |
| commit | dbb9596727c043805790c9cc24cc8726569d723e (patch) | |
| tree | b80c6147c3a9929ec4e00bac55883c6d575ac2a4 /sql/sql_parse.cc | |
| parent | 23dfae40f6b0c0a0d873a248b6a3428b3b6d7cae (diff) | |
| parent | 1705369809aaa17407ce0bd25fdd15607cdf32b0 (diff) | |
| download | mariadb-git-dbb9596727c043805790c9cc24cc8726569d723e.tar.gz | |
Merge
include/mysql.h:
Auto merged
sql/item_strfunc.cc:
Auto merged
sql/log.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/repl_failsafe.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_cache.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_derived.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql-common/client.c:
Auto merged
sql/sql_prepare.cc:
Auto merged
sql/sql_repl.cc:
Auto merged
sql/sql_show.cc:
Auto merged
libmysqld/lib_sql.cc:
SCCS merged
libmysqld/libmysqld.c:
SCCS merged
sql/sql_parse.cc:
SCCS merged
Diffstat (limited to 'sql/sql_parse.cc')
| -rw-r--r-- | sql/sql_parse.cc | 290 |
1 files changed, 184 insertions, 106 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 53318907d78..15039e331f6 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -52,15 +52,19 @@ extern "C" int gethostname(char *name, int namelen); static int check_for_max_user_connections(THD *thd, USER_CONN *uc); static void decrease_user_connections(USER_CONN *uc); static bool check_db_used(THD *thd,TABLE_LIST *tables); +#ifndef NO_EMBEDDED_ACCESS_CHECKS static bool check_merge_table_access(THD *thd, char *db, TABLE_LIST *tables); +static bool single_table_command_access(THD *thd, ulong privilege, + TABLE_LIST *tables, int *res); +#else +#define check_merge_table_access(thd, db, tables) false +#define single_table_command_access(thd, privilege, tables, res) false +#endif static void remove_escape(char *name); static void refresh_status(void); static bool append_file_to_dir(THD *thd, char **filename_ptr, char *table_name); -static bool single_table_command_access(THD *thd, ulong privilege, - TABLE_LIST *tables, int *res); - const char *any_db="*any*"; // Special symbol for check_access const char *command_name[]={ @@ -174,7 +178,7 @@ end: } -#ifndef EMBEDDED_LIBRARY +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Check if user exist and password supplied is correct. @@ -201,9 +205,9 @@ end: >0 error, not sent to client */ -static int check_user(THD *thd, enum enum_server_command command, - const char *passwd, uint passwd_len, const char *db, - bool check_count) +int check_user(THD *thd, enum enum_server_command command, + const char *passwd, uint passwd_len, const char *db, + bool check_count) { DBUG_ENTER("check_user"); @@ -238,6 +242,7 @@ static int check_user(THD *thd, enum enum_server_command command, USER_RESOURCES ur; int res= acl_getroot(thd, &ur, passwd, passwd_len); +#ifndef EMBEDDED_LIBRARY if (res == -1) { /* @@ -265,6 +270,7 @@ static int check_user(THD *thd, enum enum_server_command command, /* So as passwd is short, errcode is always >= 0 */ res= acl_getroot(thd, &ur, (char *) net->read_pos, SCRAMBLE_LENGTH_323); } +#endif /*EMBEDDED_LIBRARY*/ /* here res is always >= 0 */ if (res == 0) { @@ -350,7 +356,7 @@ static int check_user(THD *thd, enum enum_server_command command, DBUG_RETURN(-1); } -#endif // EMBEDDED_LIBRARY +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ /* @@ -461,6 +467,7 @@ bool is_update_query(enum enum_sql_command command) return uc_update_queries[command]; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Check if maximum queries per hour limit has been reached returns 0 if OK. @@ -551,7 +558,7 @@ static void reset_mqh(THD *thd, LEX_USER *lu, bool get_them= 0) } (void) pthread_mutex_unlock(&LOCK_user_conn); } - +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ /* Perform handshake, authorize client and update thd ACL variables. @@ -565,9 +572,8 @@ static void reset_mqh(THD *thd, LEX_USER *lu, bool get_them= 0) > 0 error code (not sent to user) */ -#ifndef EMBEDDED_LIBRARY -static int -check_connection(THD *thd) +#ifndef EMBEDDED_LIBRARY +static int check_connection(THD *thd) { uint connect_errors= 0; NET *net= &thd->net; @@ -588,8 +594,8 @@ check_connection(THD *thd) /* Fast local hostname resolve for Win32 */ if (!strcmp(thd->ip,"127.0.0.1")) { - thd->host= (char*) localhost; - thd->host_or_ip= localhost; + thd->host= (char*) my_localhost; + thd->host_or_ip= my_localhost; } else #endif @@ -622,7 +628,6 @@ check_connection(THD *thd) bzero((char*) &thd->remote, sizeof(struct sockaddr)); } vio_keepalive(net->vio, TRUE); - ulong pkt_len= 0; char *end; { @@ -812,7 +817,6 @@ check_connection(THD *thd) return check_user(thd, COM_CONNECT, passwd, passwd_len, db, true); } - pthread_handler_decl(handle_one_connection,arg) { THD *thd=(THD*) arg; @@ -1038,11 +1042,12 @@ int mysql_table_dump(THD* thd, char* db, char* tbl_name, int fd) if (!(table=open_ltable(thd, table_list, TL_READ_NO_INSERT))) DBUG_RETURN(1); - if (check_access(thd, SELECT_ACL, db, &table_list->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd, SELECT_ACL, db, &table_list->grant.privilege,0,0)) goto err; if (grant_option && check_grant(thd, SELECT_ACL, table_list)) goto err; - +#endif thd->free_list = 0; thd->query_length=(uint) strlen(tbl_name); thd->query = tbl_name; @@ -1342,11 +1347,13 @@ bool dispatch_command(enum enum_server_command command, THD *thd, my_casedn_str(files_charset_info, table_list.real_name); remove_escape(table_list.real_name); // This can't have wildcards - if (check_access(thd,SELECT_ACL,table_list.db,&thd->col_access)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,SELECT_ACL,table_list.db,&thd->col_access,0,0)) break; table_list.grant.privilege=thd->col_access; if (grant_option && check_grant(thd,SELECT_ACL,&table_list,2)) break; +#endif /*DONT_ALLOW_SHOW_COMMANDS*/ mysqld_list_fields(thd,&table_list,fields); free_items(thd->free_list); break; @@ -1369,7 +1376,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, net_printf(thd,ER_WRONG_DB_NAME, db ? db : "NULL"); break; } - if (check_access(thd,CREATE_ACL,db,0,1)) + if (check_access(thd,CREATE_ACL,db,0,1,0)) break; mysql_log.write(thd,command,packet); mysql_create_db(thd,db,0,0); @@ -1385,7 +1392,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, net_printf(thd,ER_WRONG_DB_NAME, db ? db : "NULL"); break; } - if (check_access(thd,DROP_ACL,db,0,1)) + if (check_access(thd,DROP_ACL,db,0,1,0)) break; if (thd->locked_tables || thd->active_transaction()) { @@ -1423,6 +1430,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, break; } #endif +#ifndef NO_EMBEDDED_ACCESS_CHECKS case COM_REFRESH: { statistic_increment(com_stat[SQLCOM_FLUSH],&LOCK_status); @@ -1436,6 +1444,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, send_ok(thd); break; } +#endif #ifndef EMBEDDED_LIBRARY case COM_SHUTDOWN: statistic_increment(com_other,&LOCK_status); @@ -1488,11 +1497,19 @@ bool dispatch_command(enum enum_server_command command, THD *thd, break; case COM_PROCESS_INFO: statistic_increment(com_stat[SQLCOM_SHOW_PROCESSLIST],&LOCK_status); +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (!thd->priv_user[0] && check_global_access(thd,PROCESS_ACL)) break; +#endif mysql_log.write(thd,command,NullS); - mysqld_list_processes(thd,thd->master_access & PROCESS_ACL ? NullS : - thd->priv_user,0); + mysqld_list_processes(thd, +#ifndef NO_EMBEDDED_ACCESS_CHECKS + thd->master_access & PROCESS_ACL ? + NullS : thd->priv_user +#else + NullS +#endif + ,0); break; case COM_PROCESS_KILL: { @@ -1632,7 +1649,7 @@ mysql_execute_command(THD *thd) */ thd->old_total_warn_count= thd->total_warn_count; -#ifndef EMBEDDED_LIBRARY +#ifdef HAVE_REPLICATON if (thd->slave_thread) { /* @@ -1658,7 +1675,7 @@ mysql_execute_command(THD *thd) } #endif } -#endif /* !EMBEDDED_LIBRARY */ +#endif /* !HAVE_REPLICATION */ /* TODO: make derived tables processing 'inside' SELECT processing. TODO: solve problem with depended derived tables in subselects @@ -1693,7 +1710,11 @@ mysql_execute_command(THD *thd) Except for the replication thread and the 'super' users. */ if (opt_readonly && - !(thd->slave_thread || (thd->master_access & SUPER_ACL)) && + !(thd->slave_thread +#ifndef NO_EMBEDDED_ACCESS_CHECKS + || (thd->master_access & SUPER_ACL) +#endif + ) && (uc_update_queries[lex->sql_command] > 0)) { send_error(thd, ER_CANT_UPDATE_WITH_READLOCK); @@ -1705,22 +1726,23 @@ mysql_execute_command(THD *thd) case SQLCOM_SELECT: { select_result *result=lex->result; +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (tables) { res=check_table_access(thd, lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL, - tables); + tables,0); } else res=check_access(thd, lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL, - any_db); + any_db,0,0,0); if (res) { res=0; break; // Error message is given } - +#endif /* In case of single SELECT unit->global_parameters points on first SELECT TODO: move counters to SELECT_LEX @@ -1772,8 +1794,9 @@ mysql_execute_command(THD *thd) } break; } + case SQLCOM_DO: - if (tables && ((res= check_table_access(thd, SELECT_ACL, tables)) || + if (tables && ((res= check_table_access(thd, SELECT_ACL, tables,0)) || (res= open_and_lock_tables(thd,tables)))) break; @@ -1809,7 +1832,6 @@ mysql_execute_command(THD *thd) break; } #endif - case SQLCOM_SHOW_WARNS: { res= mysqld_show_warnings(thd, (ulong) @@ -1859,7 +1881,7 @@ mysql_execute_command(THD *thd) case SQLCOM_BACKUP_TABLE: { if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL, tables) || + check_table_access(thd,SELECT_ACL, tables,0) || check_global_access(thd, FILE_ACL)) goto error; /* purecov: inspected */ res = mysql_backup_table(thd, tables); @@ -1869,7 +1891,7 @@ mysql_execute_command(THD *thd) case SQLCOM_RESTORE_TABLE: { if (check_db_used(thd,tables) || - check_table_access(thd, INSERT_ACL, tables) || + check_table_access(thd, INSERT_ACL, tables,0) || check_global_access(thd, FILE_ACL)) goto error; /* purecov: inspected */ res = mysql_restore_table(thd, tables); @@ -1878,7 +1900,7 @@ mysql_execute_command(THD *thd) case SQLCOM_PRELOAD_KEYS: { if (check_db_used(thd, tables) || - check_access(thd, INDEX_ACL, tables->db, &tables->grant.privilege)) + check_access(thd, INDEX_ACL, tables->db, &tables->grant.privilege,0,0)) goto error; res = mysql_preload_keys(thd, tables); break; @@ -1935,7 +1957,8 @@ mysql_execute_command(THD *thd) { if (!tables->db) tables->db=thd->db; - if (check_access(thd,CREATE_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,CREATE_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; /* purecov: inspected */ if (grant_option) { @@ -1947,6 +1970,7 @@ mysql_execute_command(THD *thd) if (error) goto error; } +#endif if (strlen(tables->real_name) > NAME_LEN) { net_printf(thd,ER_WRONG_TABLE_NAME,tables->real_name); @@ -1966,11 +1990,14 @@ mysql_execute_command(THD *thd) case SQLCOM_CREATE_TABLE: { +#ifndef NO_EMBEDDED_ACCESS_CHECKS ulong want_priv= ((lex->create_info.options & HA_LEX_CREATE_TMP_TABLE) ? CREATE_TMP_ACL : CREATE_ACL); +#endif if (!tables->db) tables->db=thd->db; - if (check_access(thd,want_priv,tables->db,&tables->grant.privilege) || +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,want_priv,tables->db,&tables->grant.privilege,0,0) || check_merge_table_access(thd, tables->db, (TABLE_LIST *) lex->create_info.merge_list.first)) @@ -1985,6 +2012,7 @@ mysql_execute_command(THD *thd) if (error) goto error; } +#endif if (strlen(tables->real_name) > NAME_LEN) { net_printf(thd, ER_WRONG_TABLE_NAME, tables->alias); @@ -2014,11 +2042,13 @@ mysql_execute_command(THD *thd) net_printf(thd,ER_UPDATE_TABLE_USED,tables->real_name); DBUG_VOID_RETURN; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (tables->next) { - if (check_table_access(thd, SELECT_ACL, tables->next)) + if (check_table_access(thd, SELECT_ACL, tables->next,0)) goto error; // Error message is given } +#endif select_lex->options|= SELECT_NO_UNLOCK; unit->offset_limit_cnt= select_lex->offset_limit; unit->select_limit_cnt= select_lex->select_limit+ @@ -2061,10 +2091,12 @@ mysql_execute_command(THD *thd) case SQLCOM_CREATE_INDEX: if (!tables->db) tables->db=thd->db; - if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; /* purecov: inspected */ if (grant_option && check_grant(thd,INDEX_ACL,tables)) goto error; +#endif if (end_active_trans(thd)) res= -1; else @@ -2123,14 +2155,15 @@ mysql_execute_command(THD *thd) tables->db=thd->db; if (!select_lex->db) select_lex->db=tables->db; - if (check_access(thd,ALTER_ACL,tables->db,&tables->grant.privilege) || - check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv) || + if (check_access(thd,ALTER_ACL,tables->db,&tables->grant.privilege,0,0) || + check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0)|| check_merge_table_access(thd, tables->db, (TABLE_LIST *) lex->create_info.merge_list.first)) goto error; /* purecov: inspected */ if (!tables->db) tables->db=thd->db; +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (grant_option) { if (check_grant(thd,ALTER_ACL,tables)) @@ -2146,6 +2179,7 @@ mysql_execute_command(THD *thd) goto error; } } +#endif /* Don't yet allow changing of symlinks with ALTER TABLE */ lex->create_info.data_file_name=lex->create_info.index_file_name=0; /* ALTER TABLE ends previous transaction */ @@ -2164,18 +2198,19 @@ mysql_execute_command(THD *thd) } break; } -#endif +#endif /*DONT_ALLOW_SHOW_COMMANDS*/ case SQLCOM_RENAME_TABLE: { TABLE_LIST *table; if (check_db_used(thd,tables)) goto error; +#ifndef NO_EMBEDDED_ACCESS_CHECKS for (table=tables ; table ; table=table->next->next) { if (check_access(thd, ALTER_ACL | DROP_ACL, table->db, - &table->grant.privilege) || + &table->grant.privilege,0,0) || check_access(thd, INSERT_ACL | CREATE_ACL, table->next->db, - &table->next->grant.privilege)) + &table->next->grant.privilege,0,0)) goto error; if (grant_option) { @@ -2190,6 +2225,7 @@ mysql_execute_command(THD *thd) goto error; } } +#endif query_cache_invalidate3(thd, tables, 0); if (end_active_trans(thd)) res= -1; @@ -2219,7 +2255,7 @@ mysql_execute_command(THD *thd) { if (check_db_used(thd, tables) || check_access(thd, SELECT_ACL | EXTRA_ACL, tables->db, - &tables->grant.privilege)) + &tables->grant.privilege,0,0)) goto error; res = mysqld_show_create(thd, tables); break; @@ -2228,7 +2264,7 @@ mysql_execute_command(THD *thd) case SQLCOM_CHECKSUM: { if (check_db_used(thd,tables) || - check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables)) + check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables,0)) goto error; /* purecov: inspected */ res = mysql_checksum_table(thd, tables, &lex->check_opt); break; @@ -2236,7 +2272,7 @@ mysql_execute_command(THD *thd) case SQLCOM_REPAIR: { if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL | INSERT_ACL, tables)) + check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0)) goto error; /* purecov: inspected */ res = mysql_repair_table(thd, tables, &lex->check_opt); /* ! we write after unlocking the table */ @@ -2254,7 +2290,7 @@ mysql_execute_command(THD *thd) case SQLCOM_CHECK: { if (check_db_used(thd,tables) || - check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables)) + check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables,0)) goto error; /* purecov: inspected */ res = mysql_check_table(thd, tables, &lex->check_opt); break; @@ -2262,7 +2298,7 @@ mysql_execute_command(THD *thd) case SQLCOM_ANALYZE: { if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL | INSERT_ACL, tables)) + check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0)) goto error; /* purecov: inspected */ res = mysql_analyze_table(thd, tables, &lex->check_opt); /* ! we write after unlocking the table */ @@ -2282,7 +2318,7 @@ mysql_execute_command(THD *thd) { HA_CREATE_INFO create_info; if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL | INSERT_ACL, tables)) + check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0)) goto error; /* purecov: inspected */ if (specialflag & (SPECIAL_SAFE_MODE | SPECIAL_NO_NEW_FUNC)) { @@ -2322,7 +2358,6 @@ mysql_execute_command(THD *thd) if (single_table_command_access(thd, UPDATE_ACL, tables, &res)) goto error; - if (select_lex->item_list.elements != lex->value_list.elements) { send_error(thd,ER_WRONG_VALUE_COUNT); @@ -2340,10 +2375,12 @@ mysql_execute_command(THD *thd) res= -1; break; case SQLCOM_UPDATE_MULTI: - if (check_access(thd,UPDATE_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,UPDATE_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; if (grant_option && check_grant(thd,UPDATE_ACL,tables)) goto error; +#endif if (select_lex->item_list.elements != lex->value_list.elements) { send_error(thd,ER_WRONG_VALUE_COUNT); @@ -2373,13 +2410,14 @@ mysql_execute_command(THD *thd) case SQLCOM_REPLACE: case SQLCOM_INSERT: { +#ifndef NO_EMBEDDED_ACCESS_CHECKS my_bool update=(lex->value_list.elements ? UPDATE_ACL : 0); ulong privilege= (lex->duplicates == DUP_REPLACE ? INSERT_ACL | DELETE_ACL : INSERT_ACL | update); if (single_table_command_access(thd, privilege, tables, &res)) goto error; - +#endif if (select_lex->item_list.elements != lex->value_list.elements) { send_error(thd,ER_WRONG_VALUE_COUNT); @@ -2387,7 +2425,12 @@ mysql_execute_command(THD *thd) } res = mysql_insert(thd,tables,lex->field_list,lex->many_values, select_lex->item_list, lex->value_list, - (update ? DUP_UPDATE : lex->duplicates)); +#ifndef NO_EMBEDDED_ACCESS_CHECKS + (update ? DUP_UPDATE : lex->duplicates) +#else + DUP_UPDATE +#endif +); if (thd->net.report_error) res= -1; break; @@ -2400,19 +2443,22 @@ mysql_execute_command(THD *thd) Check that we have modify privileges for the first table and select privileges for the rest */ +#ifndef NO_EMBEDDED_ACCESS_CHECKS { ulong privilege= (lex->duplicates == DUP_REPLACE ? INSERT_ACL | DELETE_ACL : INSERT_ACL); TABLE_LIST *save_next=tables->next; tables->next=0; if (check_access(thd, privilege, - tables->db,&tables->grant.privilege) || + tables->db,&tables->grant.privilege,0,0) || (grant_option && check_grant(thd, privilege, tables))) goto error; + tables->next=save_next; - if ((res=check_table_access(thd, SELECT_ACL, save_next))) + if ((res=check_table_access(thd, SELECT_ACL, save_next,0))) goto error; } +#endif /* Don't unlock tables until command is written to binary log */ select_lex->options|= SELECT_NO_UNLOCK; @@ -2446,10 +2492,12 @@ mysql_execute_command(THD *thd) break; } case SQLCOM_TRUNCATE: - if (check_access(thd,DELETE_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,DELETE_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; /* purecov: inspected */ if (grant_option && check_grant(thd,DELETE_ACL,tables)) goto error; +#endif /* Don't allow this within a transaction because we want to use re-generate table @@ -2463,11 +2511,12 @@ mysql_execute_command(THD *thd) break; case SQLCOM_DELETE: { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (single_table_command_access(thd, DELETE_ACL, tables, &res)) goto error; - // Set privilege for the WHERE clause tables->grant.want_privilege=(SELECT_ACL & ~tables->grant.privilege); +#endif res = mysql_delete(thd,tables, select_lex->where, (ORDER*) select_lex->order_list.first, select_lex->select_limit, select_lex->options); @@ -2484,8 +2533,8 @@ mysql_execute_command(THD *thd) /* sql_yacc guarantees that tables and aux_tables are not zero */ if (check_db_used(thd, tables) || check_db_used(thd,aux_tables) || - check_table_access(thd,SELECT_ACL, tables) || - check_table_access(thd,DELETE_ACL, aux_tables)) + check_table_access(thd,SELECT_ACL, tables,0) || + check_table_access(thd,DELETE_ACL, aux_tables,0)) goto error; if ((thd->options & OPTION_SAFE_UPDATES) && !select_lex->where) { @@ -2562,7 +2611,7 @@ mysql_execute_command(THD *thd) { if (!lex->drop_temporary) { - if (check_table_access(thd,DROP_ACL,tables)) + if (check_table_access(thd,DROP_ACL,tables,0)) goto error; /* purecov: inspected */ if (end_active_trans(thd)) { @@ -2589,10 +2638,12 @@ mysql_execute_command(THD *thd) case SQLCOM_DROP_INDEX: if (!tables->db) tables->db=thd->db; - if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege,0,0)) goto error; /* purecov: inspected */ if (grant_option && check_grant(thd,INDEX_ACL,tables)) goto error; +#endif if (end_active_trans(thd)) res= -1; else @@ -2610,12 +2661,18 @@ mysql_execute_command(THD *thd) break; #endif case SQLCOM_SHOW_PROCESSLIST: -#ifndef EMBEDDED_LIBRARY +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (!thd->priv_user[0] && check_global_access(thd,PROCESS_ACL)) break; #endif - mysqld_list_processes(thd,thd->master_access & PROCESS_ACL ? NullS : - thd->priv_user,lex->verbose); + mysqld_list_processes(thd, +#ifndef NO_EMBEDDED_ACCESS_CHECKS + thd->master_access & PROCESS_ACL ? NullS : + thd->priv_user +#else + NullS +#endif + ,lex->verbose); break; case SQLCOM_SHOW_TABLE_TYPES: res= mysqld_show_table_types(thd); @@ -2641,8 +2698,10 @@ mysql_execute_command(THD *thd) DBUG_VOID_RETURN; #else { - if (grant_option && check_access(thd, FILE_ACL, any_db)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0)) goto error; +#endif res= mysqld_show_logs(thd); break; } @@ -2666,7 +2725,8 @@ mysql_execute_command(THD *thd) net_printf(thd,ER_WRONG_DB_NAME, db); goto error; } - if (check_access(thd,SELECT_ACL,db,&thd->col_access)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0)) goto error; /* purecov: inspected */ if (!thd->col_access && check_grant_db(thd,db)) { @@ -2676,6 +2736,7 @@ mysql_execute_command(THD *thd) db); goto error; } +#endif /* grant is checked in mysqld_show_tables */ if (select_lex->options & SELECT_DESCRIBE) res= mysqld_extend_show_tables(thd,db, @@ -2709,11 +2770,13 @@ mysql_execute_command(THD *thd) } remove_escape(db); // Fix escaped '_' remove_escape(tables->real_name); - if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,&thd->col_access)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,&thd->col_access,0,0)) goto error; /* purecov: inspected */ tables->grant.privilege=thd->col_access; if (grant_option && check_grant(thd,SELECT_ACL,tables,2)) goto error; +#endif res= mysqld_show_fields(thd,tables, (lex->wild ? lex->wild->ptr() : NullS), lex->verbose); @@ -2736,11 +2799,13 @@ mysql_execute_command(THD *thd) remove_escape(tables->real_name); if (!tables->db) tables->db=thd->db; - if (check_access(thd,SELECT_ACL,db,&thd->col_access)) +#ifndef NO_EMBEDDED_ACCESS_CHECKS + if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0)) goto error; /* purecov: inspected */ tables->grant.privilege=thd->col_access; if (grant_option && check_grant(thd,SELECT_ACL,tables,2)) goto error; +#endif res= mysqld_show_keys(thd,tables); break; } @@ -2751,12 +2816,13 @@ mysql_execute_command(THD *thd) case SQLCOM_LOAD: { +#ifndef NO_EMBEDDED_ACCESS_CHECKS uint privilege= (lex->duplicates == DUP_REPLACE ? INSERT_ACL | DELETE_ACL : INSERT_ACL); if (!lex->local_file) { - if (check_access(thd,privilege | FILE_ACL,tables->db)) + if (check_access(thd,privilege | FILE_ACL,tables->db,0,0,0)) goto error; } else @@ -2767,17 +2833,18 @@ mysql_execute_command(THD *thd) send_error(thd,ER_NOT_ALLOWED_COMMAND); goto error; } - if (check_access(thd,privilege,tables->db,&tables->grant.privilege) || + if (check_access(thd,privilege,tables->db,&tables->grant.privilege,0,0) || grant_option && check_grant(thd,privilege,tables)) goto error; } +#endif /*NO_EMBEDDED_ACCESS_CHECKS*/ res=mysql_load(thd, lex->exchange, tables, lex->field_list, lex->duplicates, (bool) lex->local_file, lex->lock_option); break; } case SQLCOM_SET_OPTION: - if (tables && ((res= check_table_access(thd, SELECT_ACL, tables)) || + if (tables && ((res= check_table_access(thd, SELECT_ACL, tables,0)) || (res= open_and_lock_tables(thd,tables)))) break; fix_tables_pointers(lex->all_selects_list); @@ -2802,7 +2869,7 @@ mysql_execute_command(THD *thd) unlock_locked_tables(thd); if (check_db_used(thd,tables) || end_active_trans(thd)) goto error; - if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, tables)) + if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, tables,0)) goto error; thd->in_lock_tables=1; thd->options|= OPTION_TABLE_LOCK; @@ -2839,7 +2906,7 @@ mysql_execute_command(THD *thd) break; } #endif - if (check_access(thd,CREATE_ACL,lex->name,0,1)) + if (check_access(thd,CREATE_ACL,lex->name,0,1,0)) break; res=mysql_create_db(thd,lex->name,&lex->create_info,0); break; @@ -2867,7 +2934,7 @@ mysql_execute_command(THD *thd) break; } #endif - if (check_access(thd,DROP_ACL,lex->name,0,1)) + if (check_access(thd,DROP_ACL,lex->name,0,1,0)) break; if (thd->locked_tables || thd->active_transaction()) { @@ -2884,7 +2951,7 @@ mysql_execute_command(THD *thd) net_printf(thd,ER_WRONG_DB_NAME, lex->name); break; } - if (check_access(thd,ALTER_ACL,lex->name,0,1)) + if (check_access(thd,ALTER_ACL,lex->name,0,1,0)) break; if (thd->locked_tables || thd->active_transaction()) { @@ -2901,7 +2968,7 @@ mysql_execute_command(THD *thd) net_printf(thd,ER_WRONG_DB_NAME, lex->name); break; } - if (check_access(thd,DROP_ACL,lex->name,0,1)) + if (check_access(thd,DROP_ACL,lex->name,0,1,0)) break; if (thd->locked_tables || thd->active_transaction()) { @@ -2912,7 +2979,7 @@ mysql_execute_command(THD *thd) break; } case SQLCOM_CREATE_FUNCTION: - if (check_access(thd,INSERT_ACL,"mysql",0,1)) + if (check_access(thd,INSERT_ACL,"mysql",0,1,0)) break; #ifdef HAVE_DLOPEN if (!(res = mysql_create_function(thd,&lex->udf))) @@ -2922,7 +2989,7 @@ mysql_execute_command(THD *thd) #endif break; case SQLCOM_DROP_FUNCTION: - if (check_access(thd,DELETE_ACL,"mysql",0,1)) + if (check_access(thd,DELETE_ACL,"mysql",0,1,0)) break; #ifdef HAVE_DLOPEN if (!(res = mysql_drop_function(thd,&lex->udf.name))) @@ -2931,9 +2998,10 @@ mysql_execute_command(THD *thd) res= -1; #endif break; +#ifndef NO_EMBEDDED_ACCESS_CHECKS case SQLCOM_DROP_USER: { - if (check_access(thd, GRANT_ACL,"mysql",0,1)) + if (check_access(thd, GRANT_ACL,"mysql",0,1,0)) break; if (!(res= mysql_drop_user(thd, lex->users_list))) { @@ -2949,7 +3017,7 @@ mysql_execute_command(THD *thd) } case SQLCOM_REVOKE_ALL: { - if (check_access(thd, GRANT_ACL ,"mysql",0,1)) + if (check_access(thd, GRANT_ACL ,"mysql",0,1,0)) break; if (!(res = mysql_revoke_all(thd, lex->users_list))) { @@ -2969,7 +3037,7 @@ mysql_execute_command(THD *thd) if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL, tables && tables->db ? tables->db : select_lex->db, tables ? &tables->grant.privilege : 0, - tables ? 0 : 1)) + tables ? 0 : 1,0)) goto error; /* @@ -2989,7 +3057,7 @@ mysql_execute_command(THD *thd) my_strcasecmp(&my_charset_latin1, user->host.str, thd->host_or_ip))) { - if (check_access(thd, UPDATE_ACL, "mysql",0,1)) + if (check_access(thd, UPDATE_ACL, "mysql",0,1,0)) goto error; break; // We are allowed to do changes } @@ -3079,21 +3147,24 @@ mysql_execute_command(THD *thd) } break; } +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ case SQLCOM_KILL: kill_one_thread(thd,lex->thread_id); break; +#ifndef NO_EMBEDDED_ACCESS_CHECKS case SQLCOM_SHOW_GRANTS: res=0; if ((thd->priv_user && !strcmp(thd->priv_user,lex->grant_user->user.str)) || - !check_access(thd, SELECT_ACL, "mysql",0,1)) + !check_access(thd, SELECT_ACL, "mysql",0,1,0)) { res = mysql_show_grants(thd,lex->grant_user); } break; +#endif case SQLCOM_HA_OPEN: if (check_db_used(thd,tables) || - check_table_access(thd,SELECT_ACL, tables)) + check_table_access(thd,SELECT_ACL, tables,0)) goto error; res = mysql_ha_open(thd, tables); break; @@ -3203,6 +3274,7 @@ error: } +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Check grants for commands which work only with one table and all other tables belong to subselects. @@ -3223,7 +3295,7 @@ static bool single_table_command_access(THD *thd, ulong privilege, TABLE_LIST *tables, int *res) { - if (check_access(thd, privilege, tables->db, &tables->grant.privilege)) + if (check_access(thd, privilege, tables->db, &tables->grant.privilege,0,0)) return 1; // Show only 1 table for check_grant @@ -3236,7 +3308,7 @@ static bool single_table_command_access(THD *thd, ulong privilege, if (subselects_tables) { tables->next= subselects_tables; - if ((*res= check_table_access(thd, SELECT_ACL, subselects_tables))) + if ((*res= check_table_access(thd, SELECT_ACL, subselects_tables,0))) return 1; } return 0; @@ -3407,24 +3479,6 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables, return FALSE; } - -static bool check_db_used(THD *thd,TABLE_LIST *tables) -{ - for (; tables ; tables=tables->next) - { - if (!tables->db) - { - if (!(tables->db=thd->db)) - { - send_error(thd,ER_NO_DB_ERROR); /* purecov: tested */ - return TRUE; /* purecov: tested */ - } - } - } - return FALSE; -} - - static bool check_merge_table_access(THD *thd, char *db, TABLE_LIST *table_list) { @@ -3439,11 +3493,28 @@ static bool check_merge_table_access(THD *thd, char *db, tmp->db=db; } error=check_table_access(thd, SELECT_ACL | UPDATE_ACL | DELETE_ACL, - table_list); + table_list,0); } return error; } +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ + +static bool check_db_used(THD *thd,TABLE_LIST *tables) +{ + for (; tables ; tables=tables->next) + { + if (!tables->db) + { + if (!(tables->db=thd->db)) + { + send_error(thd,ER_NO_DB_ERROR); /* purecov: tested */ + return TRUE; /* purecov: tested */ + } + } + } + return FALSE; +} /**************************************************************************** Check stack size; Send error if there isn't enough stack to continue @@ -3669,12 +3740,14 @@ mysql_parse(THD *thd, char *inBuf, uint length) LEX *lex=lex_start(thd, (uchar*) inBuf, length); if (!yyparse((void *)thd) && ! thd->is_fatal_error) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if (mqh_used && thd->user_connect && check_mqh(thd, lex->sql_command)) { thd->net.error = 0; } else +#endif { if (thd->net.report_error) send_error(thd, 0, NullS); @@ -4279,7 +4352,7 @@ void add_join_natural(TABLE_LIST *a,TABLE_LIST *b) b->natural_join=a; } - +#ifndef NO_EMBEDDED_ACCESS_CHECKS /* Reload/resets privileges and the different caches. @@ -4409,6 +4482,7 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, *write_to_binlog= tmp_write_to_binlog; return result; } +#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ /* @@ -4440,14 +4514,18 @@ void kill_one_thread(THD *thd, ulong id) VOID(pthread_mutex_unlock(&LOCK_thread_count)); if (tmp) { +#ifndef NO_EMBEDDED_ACCESS_CHECKS if ((thd->master_access & SUPER_ACL) || !strcmp(thd->user,tmp->user)) +#endif { tmp->awake(1 /*prepare to die*/); error=0; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS else error=ER_KILL_DENIED_ERROR; +#endif pthread_mutex_unlock(&tmp->LOCK_delete); } |