diff options
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r-- | sql/sql_acl.cc | 106 |
1 files changed, 102 insertions, 4 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 96ed36da755..951471bca29 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -607,6 +607,7 @@ static MEM_ROOT acl_memroot, grant_memroot; static bool initialized=0; static bool allow_all_hosts=1; static HASH acl_check_hosts, column_priv_hash, proc_priv_hash, func_priv_hash; +static HASH package_spec_priv_hash, package_body_priv_hash; static DYNAMIC_ARRAY acl_wild_hosts; static Hash_filo<acl_entry> *acl_cache; static uint grant_version=0; /* Version of priv tables. incremented by acl_load */ @@ -650,6 +651,18 @@ HASH *Sp_handler_function::get_priv_hash() const } +HASH *Sp_handler_package_spec::get_priv_hash() const +{ + return &package_spec_priv_hash; +} + + +HASH *Sp_handler_package_body::get_priv_hash() const +{ + return &package_body_priv_hash; +} + + /* Enumeration of ACL/GRANT tables in the mysql database */ @@ -1312,6 +1325,8 @@ enum enum_acl_lists COLUMN_PRIVILEGES_HASH, PROC_PRIVILEGES_HASH, FUNC_PRIVILEGES_HASH, + PACKAGE_SPEC_PRIVILEGES_HASH, + PACKAGE_BODY_PRIVILEGES_HASH, PROXY_USERS_ACL, ROLES_MAPPINGS_HASH }; @@ -5401,7 +5416,10 @@ table_error: ******************************************************************/ struct PRIVS_TO_MERGE { - enum what { ALL, GLOBAL, DB, TABLE_COLUMN, PROC, FUNC } what; + enum what + { + ALL, GLOBAL, DB, TABLE_COLUMN, PROC, FUNC, PACKAGE_SPEC, PACKAGE_BODY + } what; const char *db, *name; }; @@ -5413,6 +5431,10 @@ static enum PRIVS_TO_MERGE::what sp_privs_to_merge(stored_procedure_type type) return PRIVS_TO_MERGE::FUNC; case TYPE_ENUM_PROCEDURE: return PRIVS_TO_MERGE::PROC; + case TYPE_ENUM_PACKAGE: + return PRIVS_TO_MERGE::PACKAGE_SPEC; + case TYPE_ENUM_PACKAGE_BODY: + return PRIVS_TO_MERGE::PACKAGE_BODY; case TYPE_ENUM_TRIGGER: case TYPE_ENUM_PROXY: break; @@ -6231,7 +6253,14 @@ static int merge_role_privileges(ACL_ROLE *role __attribute__((unused)), if (all || data->what == PRIVS_TO_MERGE::FUNC) changed|= merge_role_routine_grant_privileges(grantee, data->db, data->name, &role_hash, &func_priv_hash); - + if (all || data->what == PRIVS_TO_MERGE::PACKAGE_SPEC) + changed|= merge_role_routine_grant_privileges(grantee, + data->db, data->name, &role_hash, + &package_spec_priv_hash); + if (all || data->what == PRIVS_TO_MERGE::PACKAGE_BODY) + changed|= merge_role_routine_grant_privileges(grantee, + data->db, data->name, &role_hash, + &package_body_priv_hash); return !changed; // don't recurse into the subgraph if privs didn't change } @@ -7116,6 +7145,8 @@ void grant_free(void) my_hash_free(&column_priv_hash); my_hash_free(&proc_priv_hash); my_hash_free(&func_priv_hash); + my_hash_free(&package_spec_priv_hash); + my_hash_free(&package_body_priv_hash); free_root(&grant_memroot,MYF(0)); DBUG_VOID_RETURN; } @@ -7182,6 +7213,10 @@ static bool grant_load(THD *thd, 0,0,0, (my_hash_get_key) get_grant_table, 0,0); (void) my_hash_init(&func_priv_hash, &my_charset_utf8_bin, 0,0,0, (my_hash_get_key) get_grant_table, 0,0); + (void) my_hash_init(&package_spec_priv_hash, &my_charset_utf8_bin, + 0,0,0, (my_hash_get_key) get_grant_table, 0,0); + (void) my_hash_init(&package_body_priv_hash, &my_charset_utf8_bin, + 0,0,0, (my_hash_get_key) get_grant_table, 0,0); init_sql_alloc(&grant_memroot, "GRANT", ACL_ALLOC_BLOCK_SIZE, 0, MYF(0)); t_table= tables_priv.table(); @@ -7331,6 +7366,7 @@ static my_bool propagate_role_grants_action(void *role_ptr, bool grant_reload(THD *thd) { HASH old_column_priv_hash, old_proc_priv_hash, old_func_priv_hash; + HASH old_package_spec_priv_hash, old_package_body_priv_hash; MEM_ROOT old_mem; int result; DBUG_ENTER("grant_reload"); @@ -7350,6 +7386,8 @@ bool grant_reload(THD *thd) old_column_priv_hash= column_priv_hash; old_proc_priv_hash= proc_priv_hash; old_func_priv_hash= func_priv_hash; + old_package_spec_priv_hash= package_spec_priv_hash; + old_package_body_priv_hash= package_body_priv_hash; /* Create a new memory pool but save the current memory pool to make an undo @@ -7367,6 +7405,8 @@ bool grant_reload(THD *thd) column_priv_hash= old_column_priv_hash; /* purecov: deadcode */ proc_priv_hash= old_proc_priv_hash; func_priv_hash= old_func_priv_hash; + package_spec_priv_hash= old_package_spec_priv_hash; + package_body_priv_hash= old_package_body_priv_hash; grant_memroot= old_mem; /* purecov: deadcode */ } else @@ -7374,6 +7414,8 @@ bool grant_reload(THD *thd) my_hash_free(&old_column_priv_hash); my_hash_free(&old_proc_priv_hash); my_hash_free(&old_func_priv_hash); + my_hash_free(&old_package_spec_priv_hash); + my_hash_free(&old_package_body_priv_hash); free_root(&old_mem,MYF(0)); } @@ -8002,7 +8044,9 @@ bool check_grant_db(THD *thd, const char *db) if (error) error= check_grant_db_routine(thd, db, &proc_priv_hash) && - check_grant_db_routine(thd, db, &func_priv_hash); + check_grant_db_routine(thd, db, &func_priv_hash) && + check_grant_db_routine(thd, db, &package_spec_priv_hash) && + check_grant_db_routine(thd, db, &package_body_priv_hash); mysql_rwlock_unlock(&LOCK_grant); @@ -8399,6 +8443,14 @@ static bool print_grants_for_role(THD *thd, ACL_ROLE * role) buff, sizeof(buff))) return TRUE; + if (show_routine_grants(thd, role->user.str, "", &sp_handler_package_spec, + buff, sizeof(buff))) + return TRUE; + + if (show_routine_grants(thd, role->user.str, "", &sp_handler_package_body, + buff, sizeof(buff))) + return TRUE; + return FALSE; } @@ -8624,6 +8676,14 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user) buff, sizeof(buff))) goto end; + if (show_routine_grants(thd, username, hostname, &sp_handler_package_spec, + buff, sizeof(buff))) + goto end; + + if (show_routine_grants(thd, username, hostname, &sp_handler_package_body, + buff, sizeof(buff))) + goto end; + if (show_proxy_grants(thd, username, hostname, buff, sizeof(buff))) goto end; } @@ -9559,6 +9619,14 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, grant_name_hash= &func_priv_hash; elements= grant_name_hash->records; break; + case PACKAGE_SPEC_PRIVILEGES_HASH: + grant_name_hash= &package_spec_priv_hash; + elements= grant_name_hash->records; + break; + case PACKAGE_BODY_PRIVILEGES_HASH: + grant_name_hash= &package_body_priv_hash; + elements= grant_name_hash->records; + break; case PROXY_USERS_ACL: elements= acl_proxy_users.elements; break; @@ -9597,6 +9665,8 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, case COLUMN_PRIVILEGES_HASH: case PROC_PRIVILEGES_HASH: case FUNC_PRIVILEGES_HASH: + case PACKAGE_SPEC_PRIVILEGES_HASH: + case PACKAGE_BODY_PRIVILEGES_HASH: grant_name= (GRANT_NAME*) my_hash_element(grant_name_hash, idx); user= grant_name->user; host= grant_name->host.hostname; @@ -9679,6 +9749,8 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, case COLUMN_PRIVILEGES_HASH: case PROC_PRIVILEGES_HASH: case FUNC_PRIVILEGES_HASH: + case PACKAGE_SPEC_PRIVILEGES_HASH: + case PACKAGE_BODY_PRIVILEGES_HASH: my_hash_delete(grant_name_hash, (uchar*) grant_name); /* In our HASH implementation on deletion one elements @@ -9724,6 +9796,8 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, case COLUMN_PRIVILEGES_HASH: case PROC_PRIVILEGES_HASH: case FUNC_PRIVILEGES_HASH: + case PACKAGE_SPEC_PRIVILEGES_HASH: + case PACKAGE_BODY_PRIVILEGES_HASH: { /* Save old hash key and its length to be able to properly update @@ -9906,6 +9980,26 @@ static int handle_grant_data(THD *thd, Grant_tables& tables, bool drop, if (search_only) goto end; } + /* Handle package spec array. */ + if ((handle_grant_struct(PACKAGE_SPEC_PRIVILEGES_HASH, + drop, user_from, user_to) || found) + && ! result) + { + result= 1; /* At least one record/element found. */ + /* If search is requested, we do not need to search further. */ + if (search_only) + goto end; + } + /* Handle package body array. */ + if ((handle_grant_struct(PACKAGE_BODY_PRIVILEGES_HASH, + drop, user_from, user_to) || found) + && ! result) + { + result= 1; /* At least one record/element found. */ + /* If search is requested, we do not need to search further. */ + if (search_only) + goto end; + } } /* Handle tables table. */ @@ -10632,7 +10726,9 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) /* Remove procedure access */ if (mysql_revoke_sp_privs(thd, &tables, &sp_handler_function, lex_user) || - mysql_revoke_sp_privs(thd, &tables, &sp_handler_procedure, lex_user)) + mysql_revoke_sp_privs(thd, &tables, &sp_handler_procedure, lex_user) || + mysql_revoke_sp_privs(thd, &tables, &sp_handler_package_spec, lex_user) || + mysql_revoke_sp_privs(thd, &tables, &sp_handler_package_body, lex_user)) result= -1; ACL_USER_BASE *user_or_role; @@ -11177,6 +11273,8 @@ SHOW_VAR acl_statistics[] = { {"database_grants", (char*)&acl_dbs.elements, SHOW_UINT}, {"function_grants", (char*)&func_priv_hash.records, SHOW_ULONG}, {"procedure_grants", (char*)&proc_priv_hash.records, SHOW_ULONG}, + {"package_spec_grants", (char*)&package_spec_priv_hash.records, SHOW_ULONG}, + {"package_body_grants", (char*)&package_body_priv_hash.records, SHOW_ULONG}, {"proxy_users", (char*)&acl_proxy_users.elements, SHOW_UINT}, {"role_grants", (char*)&acl_roles_mappings.records, SHOW_ULONG}, {"roles", (char*)&acl_roles.records, SHOW_ULONG}, |