diff options
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r-- | sql/sql_acl.cc | 82 |
1 files changed, 45 insertions, 37 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 6d8506a8e43..3dd27622da8 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -25,7 +25,7 @@ in the relevant fields. Empty strings comes last. */ -#include <my_global.h> /* NO_EMBEDDED_ACCESS_CHECKS */ +#include "mariadb.h" /* NO_EMBEDDED_ACCESS_CHECKS */ #include "sql_priv.h" #include "sql_acl.h" // MYSQL_DB_FIELD_COUNT, ACL_ACCESS #include "sql_base.h" // close_mysql_tables @@ -170,6 +170,11 @@ TABLE_FIELD_TYPE mysql_db_table_fields[MYSQL_DB_FIELD_COUNT] = { { C_STRING_WITH_LEN("Trigger_priv") }, { C_STRING_WITH_LEN("enum('N','Y')") }, { C_STRING_WITH_LEN("utf8") } + }, + { + { C_STRING_WITH_LEN("Truncate_versioning_priv") }, + { C_STRING_WITH_LEN("enum('N','Y')") }, + { C_STRING_WITH_LEN("utf8") } } }; @@ -695,9 +700,9 @@ bool ROLE_GRANT_PAIR::init(MEM_ROOT *mem, const char *username, #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */ #define NORMAL_HANDSHAKE_SIZE 6 -#define ROLE_ASSIGN_COLUMN_IDX 43 -#define DEFAULT_ROLE_COLUMN_IDX 44 -#define MAX_STATEMENT_TIME_COLUMN_IDX 45 +#define ROLE_ASSIGN_COLUMN_IDX 44 +#define DEFAULT_ROLE_COLUMN_IDX 45 +#define MAX_STATEMENT_TIME_COLUMN_IDX 46 /* various flags valid for ACL_USER */ #define IS_ROLE (1L << 0) @@ -1594,12 +1599,10 @@ static const char *fix_plugin_ptr(const char *name) */ static bool fix_user_plugin_ptr(ACL_USER *user) { - if (my_strcasecmp(system_charset_info, user->plugin.str, - native_password_plugin_name.str) == 0) + if (lex_string_eq(&user->plugin, &native_password_plugin_name) == 0) user->plugin= native_password_plugin_name; else - if (my_strcasecmp(system_charset_info, user->plugin.str, - old_password_plugin_name.str) == 0) + if (lex_string_eq(&user->plugin, &old_password_plugin_name) == 0) user->plugin= old_password_plugin_name; else return true; @@ -1639,12 +1642,10 @@ static bool fix_lex_user(THD *thd, LEX_USER *user) DBUG_ASSERT(user->plugin.length || !user->auth.length); DBUG_ASSERT(!(user->plugin.length && (user->pwtext.length || user->pwhash.length))); - if (my_strcasecmp(system_charset_info, user->plugin.str, - native_password_plugin_name.str) == 0) + if (lex_string_eq(&user->plugin, &native_password_plugin_name) == 0) check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH; else - if (my_strcasecmp(system_charset_info, user->plugin.str, - old_password_plugin_name.str) == 0) + if (lex_string_eq(&user->plugin, &old_password_plugin_name) == 0) check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; else if (user->plugin.length) @@ -1832,7 +1833,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables) { if (host_table.init_read_record(&read_record_info, thd)) DBUG_RETURN(true); - while (!(read_record_info.read_record(&read_record_info))) + while (!(read_record_info.read_record())) { ACL_HOST host; update_hostname(&host.host, get_field(&acl_memroot, host_table.host())); @@ -1936,7 +1937,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables) } allow_all_hosts=0; - while (!(read_record_info.read_record(&read_record_info))) + while (!(read_record_info.read_record())) { ACL_USER user; bool is_role= FALSE; @@ -2017,6 +2018,9 @@ static bool acl_load(THD *thd, const Grant_tables& tables) if (user_table.num_fields() <= 38 && (user.access & SUPER_ACL)) user.access|= TRIGGER_ACL; + if (user_table.num_fields() <= 46 && (user.access & DELETE_ACL)) + user.access|= DELETE_HISTORY_ACL; + user.sort= get_sort(2, user.host.hostname, user.user.str); user.hostname_length= safe_strlen(user.host.hostname); user.user_resource.user_conn= 0; @@ -2148,7 +2152,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables) const Db_table& db_table= tables.db_table(); if (db_table.init_read_record(&read_record_info, thd)) DBUG_RETURN(TRUE); - while (!(read_record_info.read_record(&read_record_info))) + while (!(read_record_info.read_record())) { ACL_DB db; char *db_name; @@ -2215,7 +2219,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables) { if (proxies_priv_table.init_read_record(&read_record_info, thd)) DBUG_RETURN(TRUE); - while (!(read_record_info.read_record(&read_record_info))) + while (!(read_record_info.read_record())) { ACL_PROXY_USER proxy; proxy.init(proxies_priv_table, &acl_memroot); @@ -2244,7 +2248,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables) MEM_ROOT temp_root; init_alloc_root(&temp_root, ACL_ALLOC_BLOCK_SIZE, 0, MYF(0)); - while (!(read_record_info.read_record(&read_record_info))) + while (!(read_record_info.read_record())) { char *hostname= safe_str(get_field(&temp_root, roles_mapping_table.host())); char *username= safe_str(get_field(&temp_root, roles_mapping_table.user())); @@ -3181,7 +3185,7 @@ static void remove_ptr_from_dynarray(DYNAMIC_ARRAY *array, void *ptr) { DBUG_ASSERT(!found); delete_dynamic_element(array, i); - IF_DBUG(found= true, break); + IF_DBUG_ASSERT(found= true, break); } } DBUG_ASSERT(found); @@ -7603,10 +7607,18 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, sctx= t_ref->security_ctx ? t_ref->security_ctx : thd->security_ctx; ulong orig_want_access= original_want_access; - if (t_ref->sequence) + /* + If sequence is used as part of NEXT VALUE, PREVIUS VALUE or SELECT, + we need to modify the requested access rights depending on how the + sequence is used. + */ + if (t_ref->sequence & + (orig_want_access & + (SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL))) { - /* We want to have either SELECT or INSERT rights to sequences depending - on how they are accessed + /* + We want to have either SELECT or INSERT rights to sequences depending + on how they are accessed */ orig_want_access= ((t_ref->lock_type == TL_WRITE_ALLOW_WRITE) ? INSERT_ACL : SELECT_ACL); @@ -8405,18 +8417,18 @@ static void add_user_parameters(String *result, ACL_USER* acl_user, { DBUG_ASSERT(acl_user->salt_len); result->append(STRING_WITH_LEN(" IDENTIFIED BY PASSWORD '")); - result->append(acl_user->auth_string.str, acl_user->auth_string.length); + result->append(&acl_user->auth_string); result->append('\''); } } else { result->append(STRING_WITH_LEN(" IDENTIFIED VIA ")); - result->append(acl_user->plugin.str, acl_user->plugin.length); + result->append(&acl_user->plugin); if (acl_user->auth_string.length) { result->append(STRING_WITH_LEN(" USING '")); - result->append(acl_user->auth_string.str, acl_user->auth_string.length); + result->append(&acl_user->auth_string); result->append('\''); } } @@ -8485,13 +8497,14 @@ static const char *command_array[]= "ALTER", "SHOW DATABASES", "SUPER", "CREATE TEMPORARY TABLES", "LOCK TABLES", "EXECUTE", "REPLICATION SLAVE", "REPLICATION CLIENT", "CREATE VIEW", "SHOW VIEW", "CREATE ROUTINE", "ALTER ROUTINE", - "CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE" + "CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE", + "DELETE VERSIONING ROWS" }; static uint command_lengths[]= { 6, 6, 6, 6, 6, 4, 6, 8, 7, 4, 5, 10, 5, 5, 14, 5, 23, 11, 7, 17, 18, 11, 9, - 14, 13, 11, 5, 7, 17 + 14, 13, 11, 5, 7, 17, 22, }; @@ -11234,7 +11247,7 @@ applicable_roles_insert(ACL_USER_BASE *grantee, ACL_ROLE *role, void *ptr) if (!is_role) { if (data->user->default_rolename.length && - !strcmp(data->user->default_rolename.str, role->user.str)) + !lex_string_eq(&data->user->default_rolename, &role->user)) table->field[3]->store(STRING_WITH_LEN("YES"), cs); else table->field[3]->store(STRING_WITH_LEN("NO"), cs); @@ -12446,12 +12459,10 @@ read_client_connect_attrs(char **ptr, char *end, CHARSET_INFO *from_cs) if (length > 65535) return true; -#ifdef HAVE_PSI_THREAD_INTERFACE - if (PSI_THREAD_CALL(set_thread_connect_attrs)(*ptr, (size_t)length, from_cs) && + if (PSI_CALL_set_thread_connect_attrs(*ptr, (size_t)length, from_cs) && current_thd->variables.log_warnings) sql_print_warning("Connection attributes of length %llu were truncated", length); -#endif return false; } @@ -12846,8 +12857,8 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio, restarted and a server auth plugin will read the data that the client has just send. Cache them to return in the next server_mpvio_read_packet(). */ - if (my_strcasecmp(system_charset_info, mpvio->acl_user->plugin.str, - plugin_name(mpvio->plugin)->str) != 0) + if (lex_string_eq(&mpvio->acl_user->plugin, + plugin_name(mpvio->plugin)) != 0) { mpvio->cached_client_reply.pkt= passwd; mpvio->cached_client_reply.pkt_len= passwd_len; @@ -13277,8 +13288,7 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len) { DBUG_ASSERT(mpvio.acl_user); DBUG_ASSERT(command == COM_CHANGE_USER || - my_strcasecmp(system_charset_info, auth_plugin_name->str, - mpvio.acl_user->plugin.str)); + lex_string_eq(auth_plugin_name, &mpvio.acl_user->plugin)); auth_plugin_name= &mpvio.acl_user->plugin; res= do_auth_once(thd, auth_plugin_name, &mpvio); } @@ -13525,11 +13535,9 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len) else my_ok(thd); -#ifdef HAVE_PSI_THREAD_INTERFACE - PSI_THREAD_CALL(set_thread_user_host) + PSI_CALL_set_thread_user_host (thd->main_security_ctx.user, strlen(thd->main_security_ctx.user), thd->main_security_ctx.host_or_ip, strlen(thd->main_security_ctx.host_or_ip)); -#endif /* Ready to handle queries */ DBUG_RETURN(0); |