SCRUM:

WL#604 Privileges in embedded library
code added to check privileges in embedded library
NO_EMBEDDED_ACCESS_CHECKS macros inserted in code so we can exclude
access-checking parts. Actually we now can exclude these parts from
standalone server as well. Do we need it?
Access checks are disabled in embedded server by default. One should
edit libmysqld/Makefile manually to get this working.
We definitely need the separate configure for embedded server


include/mysql.h:
  options added so user of embedded library can set the client host
  it will work as if the usual client connects from this host
libmysqld/Makefile.am:
  Usually one doesn't need access checking in embedded library
  we definitely should separate configure for embedded server
libmysqld/lib_sql.cc:
  necessary code for getting passwords and access checks added
libmysqld/libmysqld.c:
  code #ifdef-ed - we use this only when we check permissions
sql-common/client.c:
  one mysql_close left now
sql/item_strfunc.cc:
  #ifndef-s added
sql/log.cc:
  #ifndef-s added
sql/mysql_priv.h:
  #ifndef-s added
  also i removed default parameters from check_access and check_table_access
  definitions to set definitions working
sql/mysqld.cc:
  #ifndef-s added
  localhost renamed to my_localhost
sql/repl_failsafe.cc:
  parameters added
sql/set_var.cc:
  #ifndef-s added
sql/sql_acl.cc:
  #ifndef-s added
sql/sql_acl.h:
  #ifndef-s added
sql/sql_base.cc:
  #ifndef-s added
sql/sql_cache.cc:
  #ifndef-s added
sql/sql_class.cc:
  #ifndef-s added
sql/sql_db.cc:
  #ifndef-s added
sql/sql_derived.cc:
  #ifndef-s added
sql/sql_insert.cc:
  #ifndef-s added
sql/sql_parse.cc:
  a horde of #ifndef-s added
sql/sql_prepare.cc:
  #ifndef-s added
sql/sql_repl.cc:
  parameters added
sql/sql_show.cc:
  #ifndef-s added
sql/sql_update.cc:
  #ifndef-s added

1 files changed, 16 insertions, 11 deletions

diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
index 4b8001c11c4..95e46f02f93 100644
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -524,16 +524,18 @@ static bool mysql_test_insert_fields(PREP_STMT *stmt,
   List_item *values;
   DBUG_ENTER("mysql_test_insert_fields");
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
   my_bool update=(thd->lex.value_list.elements ? UPDATE_ACL : 0);
   ulong privilege= (thd->lex.duplicates == DUP_REPLACE ?
                     INSERT_ACL | DELETE_ACL : INSERT_ACL | update);
 
   if (check_access(thd,privilege,table_list->db,
-                   &table_list->grant.privilege) || 
-      (grant_option && check_grant(thd,privilege,table_list)) || 
-      open_and_lock_tables(thd, table_list))
+                   &table_list->grant.privilege,0,0) || 
+      (grant_option && check_grant(thd,privilege,table_list)))
+    DBUG_RETURN(1); 
+#endif  
+  if (open_and_lock_tables(thd, table_list))
     DBUG_RETURN(1); 
-  
   table= table_list->table;
 
   if ((values= its++))
@@ -581,12 +583,14 @@ static bool mysql_test_upd_fields(PREP_STMT *stmt, TABLE_LIST *table_list,
   THD *thd= stmt->thd;
   DBUG_ENTER("mysql_test_upd_fields");
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
   if (check_access(thd,UPDATE_ACL,table_list->db,
-                   &table_list->grant.privilege) || 
-      (grant_option && check_grant(thd,UPDATE_ACL,table_list)) || 
-      open_and_lock_tables(thd, table_list))
+                   &table_list->grant.privilege,0,0) || 
+      (grant_option && check_grant(thd,UPDATE_ACL,table_list)))
+    DBUG_RETURN(1);
+#endif
+  if (open_and_lock_tables(thd, table_list))
     DBUG_RETURN(1);
-
   if (setup_tables(table_list) ||
       setup_fields(thd, 0, table_list, fields, 1, 0, 0) || 
       setup_conds(thd, table_list, &conds) || thd->net.report_error)      
@@ -627,15 +631,16 @@ static bool mysql_test_select_fields(PREP_STMT *stmt, TABLE_LIST *tables,
   select_result *result= thd->lex.result;
   DBUG_ENTER("mysql_test_select_fields");
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
   ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL;
   if (tables)
   {
-    if (check_table_access(thd, privilege, tables))
+    if (check_table_access(thd, privilege, tables,0))
       DBUG_RETURN(1);
   }
-  else if (check_access(thd, privilege, "*any*"))
+  else if (check_access(thd, privilege, "*any*",0,0,0))
     DBUG_RETURN(1);
-
+#endif
   if ((&lex->select_lex != lex->all_selects_list &&
        lex->unit.create_total_list(thd, lex, &tables, 0)))
    DBUG_RETURN(1);