summaryrefslogtreecommitdiff
path: root/sql/sql_acl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r--sql/sql_acl.cc90
1 files changed, 53 insertions, 37 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 22135d376fe..b2d0304f007 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -313,8 +313,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
}
const char *password= get_field(thd->mem_root, table->field[2]);
- uint password_len= password ? strlen(password) : 0;
- set_user_salt(&user, password, password_len);
+ size_t password_len= password ? strlen(password) : 0;
+ set_user_salt(&user, password, (uint) password_len);
if (user.salt_len == 0 && password_len != 0)
{
switch (password_len) {
@@ -1405,7 +1405,7 @@ int check_change_password(THD *thd, const char *host, const char *user,
MYF(0));
return(1);
}
- uint len=strlen(new_password);
+ size_t len= strlen(new_password);
if (len && len != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
{
@@ -1439,14 +1439,14 @@ bool change_password(THD *thd, const char *host, const char *user,
/* Buffer should be extended when password length is extended. */
char buff[512];
ulong query_length;
- uint new_password_len= strlen(new_password);
+ size_t new_password_len= strlen(new_password);
bool result= 1;
DBUG_ENTER("change_password");
DBUG_PRINT("enter",("host: '%s' user: '%s' new_password: '%s'",
host,user,new_password));
DBUG_ASSERT(host != 0); // Ensured by parent
- if (check_change_password(thd, host, user, new_password, new_password_len))
+ if (check_change_password(thd, host, user, new_password, (uint) new_password_len))
DBUG_RETURN(1);
bzero((char*) &tables, sizeof(tables));
@@ -1483,12 +1483,12 @@ bool change_password(THD *thd, const char *host, const char *user,
goto end;
}
/* update loaded acl entry: */
- set_user_salt(acl_user, new_password, new_password_len);
+ set_user_salt(acl_user, new_password, (uint) new_password_len);
if (update_user_table(thd, table,
acl_user->host.hostname ? acl_user->host.hostname : "",
acl_user->user ? acl_user->user : "",
- new_password, new_password_len))
+ new_password, (uint) new_password_len))
{
VOID(pthread_mutex_unlock(&acl_cache->lock)); /* purecov: deadcode */
goto end;
@@ -1641,11 +1641,11 @@ bool hostname_requires_resolving(const char *hostname)
char cur;
if (!hostname)
return FALSE;
- int namelen= strlen(hostname);
- int lhlen= strlen(my_localhost);
+ size_t namelen= strlen(hostname);
+ size_t lhlen= strlen(my_localhost);
if ((namelen == lhlen) &&
- !my_strnncoll(system_charset_info, (const uchar *)hostname, namelen,
- (const uchar *)my_localhost, strlen(my_localhost)))
+ !my_strnncoll(system_charset_info, (const uchar *)hostname, (uint) namelen,
+ (const uchar *)my_localhost, (uint) strlen(my_localhost)))
return FALSE;
for (; (cur=*hostname); hostname++)
{
@@ -1873,13 +1873,13 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
table->field[next_field+3]->store("", 0, &my_charset_latin1);
if (lex->ssl_cipher)
table->field[next_field+1]->store(lex->ssl_cipher,
- strlen(lex->ssl_cipher), system_charset_info);
+ (uint) strlen(lex->ssl_cipher), system_charset_info);
if (lex->x509_issuer)
table->field[next_field+2]->store(lex->x509_issuer,
- strlen(lex->x509_issuer), system_charset_info);
+ (uint) strlen(lex->x509_issuer), system_charset_info);
if (lex->x509_subject)
table->field[next_field+3]->store(lex->x509_subject,
- strlen(lex->x509_subject), system_charset_info);
+ (uint) strlen(lex->x509_subject), system_charset_info);
break;
case SSL_TYPE_NOT_SPECIFIED:
break;
@@ -3866,6 +3866,11 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
Security_context *sctx= thd->security_ctx;
ulong want_access= want_access_arg;
const char *table_name= NULL;
+ /*
+ Flag that gets set if privilege checking has to be performed on column
+ level.
+ */
+ bool using_column_privileges= FALSE;
if (grant_option)
{
@@ -3909,6 +3914,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
GRANT_COLUMN *grant_column=
column_hash_search(grant_table, field_name,
(uint) strlen(field_name));
+ if (grant_column)
+ using_column_privileges= TRUE;
if (!grant_column || (~grant_column->rights & want_access))
goto err;
}
@@ -3924,12 +3931,21 @@ err:
char command[128];
get_privilege_desc(command, sizeof(command), want_access);
- my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
- command,
- sctx->priv_user,
- sctx->host_or_ip,
- fields->name(),
- table_name);
+ /*
+ Do not give an error message listing a column name unless the user has
+ privilege to see all columns.
+ */
+ if (using_column_privileges)
+ my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
+ command, sctx->priv_user,
+ sctx->host_or_ip, table_name);
+ else
+ my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
+ command,
+ sctx->priv_user,
+ sctx->host_or_ip,
+ fields->name(),
+ table_name);
return 1;
}
@@ -4186,10 +4202,10 @@ static void add_user_option(String *grant, ulong value, const char *name)
{
char buff[22], *p; // just as in int2str
grant->append(' ');
- grant->append(name, strlen(name));
+ grant->append(name, (uint) strlen(name));
grant->append(' ');
p=int10_to_str(value, buff, 10);
- grant->append(buff,p-buff);
+ grant->append(buff,(uint) (p - buff));
}
}
@@ -4327,7 +4343,7 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
{
ssl_options++;
global.append(STRING_WITH_LEN("ISSUER \'"));
- global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
+ global.append(acl_user->x509_issuer,(uint) strlen(acl_user->x509_issuer));
global.append('\'');
}
if (acl_user->x509_subject)
@@ -4335,7 +4351,7 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
if (ssl_options++)
global.append(' ');
global.append(STRING_WITH_LEN("SUBJECT \'"));
- global.append(acl_user->x509_subject,strlen(acl_user->x509_subject),
+ global.append(acl_user->x509_subject,(uint) strlen(acl_user->x509_subject),
system_charset_info);
global.append('\'');
}
@@ -4344,7 +4360,7 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
if (ssl_options++)
global.append(' ');
global.append(STRING_WITH_LEN("CIPHER '"));
- global.append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher),
+ global.append(acl_user->ssl_cipher,(uint) strlen(acl_user->ssl_cipher),
system_charset_info);
global.append('\'');
}
@@ -4424,13 +4440,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
}
}
db.append (STRING_WITH_LEN(" ON "));
- append_identifier(thd, &db, acl_db->db, strlen(acl_db->db));
+ append_identifier(thd, &db, acl_db->db, (uint) strlen(acl_db->db));
db.append (STRING_WITH_LEN(".* TO '"));
db.append(lex_user->user.str, lex_user->user.length,
system_charset_info);
db.append (STRING_WITH_LEN("'@'"));
// host and lex_user->host are equal except for case
- db.append(host, strlen(host), system_charset_info);
+ db.append(host, (uint) strlen(host), system_charset_info);
db.append ('\'');
if (want_access & GRANT_ACL)
db.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
@@ -4536,16 +4552,16 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
}
global.append(STRING_WITH_LEN(" ON "));
append_identifier(thd, &global, grant_table->db,
- strlen(grant_table->db));
+ (uint) strlen(grant_table->db));
global.append('.');
append_identifier(thd, &global, grant_table->tname,
- strlen(grant_table->tname));
+ (uint) strlen(grant_table->tname));
global.append(STRING_WITH_LEN(" TO '"));
global.append(lex_user->user.str, lex_user->user.length,
system_charset_info);
global.append(STRING_WITH_LEN("'@'"));
// host and lex_user->host are equal except for case
- global.append(host, strlen(host), system_charset_info);
+ global.append(host, (uint) strlen(host), system_charset_info);
global.append('\'');
if (table_access & GRANT_ACL)
global.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
@@ -4642,16 +4658,16 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash,
global.append(type,typelen);
global.append(' ');
append_identifier(thd, &global, grant_proc->db,
- strlen(grant_proc->db));
+ (uint) strlen(grant_proc->db));
global.append('.');
append_identifier(thd, &global, grant_proc->tname,
- strlen(grant_proc->tname));
+ (uint) strlen(grant_proc->tname));
global.append(STRING_WITH_LEN(" TO '"));
global.append(lex_user->user.str, lex_user->user.length,
system_charset_info);
global.append(STRING_WITH_LEN("'@'"));
// host and lex_user->host are equal except for case
- global.append(host, strlen(host), system_charset_info);
+ global.append(host, (uint) strlen(host), system_charset_info);
global.append('\'');
if (proc_access & GRANT_ACL)
global.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
@@ -5769,11 +5785,11 @@ bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
{
LEX_USER lex_user;
lex_user.user.str= grant_proc->user;
- lex_user.user.length= strlen(grant_proc->user);
+ lex_user.user.length= (uint) strlen(grant_proc->user);
lex_user.host.str= grant_proc->host.hostname ?
grant_proc->host.hostname : (char*)"";
lex_user.host.length= grant_proc->host.hostname ?
- strlen(grant_proc->host.hostname) : 0;
+ (uint) strlen(grant_proc->host.hostname) : 0;
if (!replace_routine_table(thd,grant_proc,tables[4].table,lex_user,
grant_proc->db, grant_proc->tname,
is_proc, ~(ulong)0, 1))
@@ -5852,8 +5868,8 @@ int sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
tables->db= (char*)sp_db;
tables->table_name= tables->alias= (char*)sp_name;
- combo->host.length= strlen(combo->host.str);
- combo->user.length= strlen(combo->user.str);
+ combo->host.length= (uint) strlen(combo->host.str);
+ combo->user.length= (uint) strlen(combo->user.str);
combo->host.str= thd->strmake(combo->host.str,combo->host.length);
combo->user.str= thd->strmake(combo->user.str,combo->user.length);
View Lorry Controller Status