diff options
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r-- | sql/sql_acl.cc | 125 |
1 files changed, 65 insertions, 60 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 886ff90f35b..0f21a6bc134 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -714,7 +714,9 @@ bool ROLE_GRANT_PAIR::init(MEM_ROOT *mem, char *username, /* Flag to mark that on_node was already called for this role */ #define ROLE_OPENED (1L << 3) -static DYNAMIC_ARRAY acl_hosts, acl_users, acl_dbs, acl_proxy_users; +static DYNAMIC_ARRAY acl_hosts, acl_users, acl_proxy_users; +static Dynamic_array<ACL_DB> acl_dbs(0U,50U); +typedef Dynamic_array<ACL_DB>::CMP_FUNC acl_dbs_cmp; static HASH acl_roles; /* An hash containing mappings user <--> role @@ -1582,12 +1584,11 @@ static bool acl_load(THD *thd, TABLE_LIST *tables) db.access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL; } #endif - (void) push_dynamic(&acl_dbs,(uchar*) &db); + acl_dbs.push(db); } - my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements, - sizeof(ACL_DB),(qsort_cmp) acl_compare); end_read_record(&read_record_info); - freeze_size(&acl_dbs); + acl_dbs.sort((acl_dbs_cmp)acl_compare); + acl_dbs.freeze(); if ((table= tables[PROXIES_PRIV_TABLE].table)) { @@ -1675,7 +1676,7 @@ void acl_free(bool end) free_root(&acl_memroot,MYF(0)); delete_dynamic(&acl_hosts); delete_dynamic_with_callback(&acl_users, (FREE_FUNC) free_acl_user); - delete_dynamic(&acl_dbs); + acl_dbs.free_memory(); delete_dynamic(&acl_wild_hosts); delete_dynamic(&acl_proxy_users); my_hash_free(&acl_check_hosts); @@ -1714,7 +1715,8 @@ void acl_free(bool end) bool acl_reload(THD *thd) { TABLE_LIST tables[TABLES_MAX]; - DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_dbs, old_acl_proxy_users; + DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_proxy_users; + Dynamic_array<ACL_DB> old_acl_dbs(0U,0U); HASH old_acl_roles, old_acl_roles_mappings; MEM_ROOT old_mem; int result; @@ -1749,7 +1751,7 @@ bool acl_reload(THD *thd) old_acl_dbs= acl_dbs; my_init_dynamic_array(&acl_hosts, sizeof(ACL_HOST), 20, 50, MYF(0)); my_init_dynamic_array(&acl_users, sizeof(ACL_USER), 50, 100, MYF(0)); - my_init_dynamic_array(&acl_dbs, sizeof(ACL_DB), 50, 100, MYF(0)); + acl_dbs.init(50, 100); my_init_dynamic_array(&acl_proxy_users, sizeof(ACL_PROXY_USER), 50, 100, MYF(0)); my_hash_init2(&acl_roles,50, &my_charset_utf8_bin, 0, 0, 0, (my_hash_get_key) acl_role_get_key, 0, @@ -1770,6 +1772,7 @@ bool acl_reload(THD *thd) acl_roles_mappings= old_acl_roles_mappings; acl_proxy_users= old_acl_proxy_users; acl_dbs= old_acl_dbs; + old_acl_dbs.init(0,0); acl_memroot= old_mem; init_check_host(); } @@ -1780,7 +1783,6 @@ bool acl_reload(THD *thd) delete_dynamic(&old_acl_hosts); delete_dynamic_with_callback(&old_acl_users, (FREE_FUNC) free_acl_user); delete_dynamic(&old_acl_proxy_users); - delete_dynamic(&old_acl_dbs); my_hash_free(&old_acl_roles_mappings); } mysql_mutex_unlock(&acl_cache->lock); @@ -1963,9 +1965,9 @@ bool acl_getroot(Security_context *sctx, char *user, char *host, if (acl_user) { res= 0; - for (i=0 ; i < acl_dbs.elements ; i++) + for (i=0 ; i < acl_dbs.elements() ; i++) { - ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*); + ACL_DB *acl_db= &acl_dbs.at(i); if (!acl_db->user || (user && user[0] && !strcmp(user, acl_db->user))) { @@ -1994,9 +1996,9 @@ bool acl_getroot(Security_context *sctx, char *user, char *host, if (acl_role) { res= 0; - for (i=0 ; i < acl_dbs.elements ; i++) + for (i=0 ; i < acl_dbs.elements() ; i++) { - ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*); + ACL_DB *acl_db= &acl_dbs.at(i); if (!acl_db->user || (user && user[0] && !strcmp(user, acl_db->user))) { @@ -2289,9 +2291,9 @@ static bool acl_update_db(const char *user, const char *host, const char *db, bool updated= false; - for (uint i=0 ; i < acl_dbs.elements ; i++) + for (uint i=0 ; i < acl_dbs.elements() ; i++) { - ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*); + ACL_DB *acl_db= &acl_dbs.at(i); if ((!acl_db->user && !user[0]) || (acl_db->user && !strcmp(user,acl_db->user))) @@ -2310,7 +2312,7 @@ static bool acl_update_db(const char *user, const char *host, const char *db, acl_db->initial_access= acl_db->access; } else - delete_dynamic_element(&acl_dbs,i); + acl_dbs.del(i); updated= true; } } @@ -2345,9 +2347,8 @@ static void acl_insert_db(const char *user, const char *host, const char *db, acl_db.db=strdup_root(&acl_memroot,db); acl_db.initial_access= acl_db.access= privileges; acl_db.sort=get_sort(3,acl_db.host.hostname,acl_db.db,acl_db.user); - (void) push_dynamic(&acl_dbs,(uchar*) &acl_db); - my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements, - sizeof(ACL_DB),(qsort_cmp) acl_compare); + acl_dbs.push(acl_db); + acl_dbs.sort((acl_dbs_cmp)acl_compare); } @@ -2393,9 +2394,9 @@ ulong acl_get(const char *host, const char *ip, /* Check if there are some access rights for database and user */ - for (i=0 ; i < acl_dbs.elements ; i++) + for (i=0 ; i < acl_dbs.elements() ; i++) { - ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*); + ACL_DB *acl_db= &acl_dbs.at(i); if (!acl_db->user || !strcmp(user,acl_db->user)) { if (compare_hostname(&acl_db->host,host,ip)) @@ -5195,9 +5196,9 @@ static bool merge_role_global_privileges(ACL_ROLE *grantee) return old != grantee->access; } -static int db_name_sort(ACL_DB * const *db1, ACL_DB * const *db2) +static int db_name_sort(const int *db1, const int *db2) { - return strcmp((*db1)->db, (*db2)->db); + return strcmp(acl_dbs.at(*db1).db, acl_dbs.at(*db2).db); } /** @@ -5213,14 +5214,14 @@ static int db_name_sort(ACL_DB * const *db1, ACL_DB * const *db2) 2 - ACL_DB was added 4 - ACL_DB was deleted */ -static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *role) +static int update_role_db(int merged, int first, ulong access, char *role) { - if (!first) + if (first < 0) return 0; DBUG_EXECUTE_IF("role_merge_stats", role_db_merges++;); - if (merged == NULL) + if (merged < 0) { /* there's no ACL_DB for this role (all db grants come from granted roles) @@ -5235,11 +5236,11 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro acl_db.user= role; acl_db.host.hostname= const_cast<char*>(""); acl_db.host.ip= acl_db.host.ip_mask= 0; - acl_db.db= first[0]->db; + acl_db.db= acl_dbs.at(first).db; acl_db.access= access; acl_db.initial_access= 0; acl_db.sort=get_sort(3, "", acl_db.db, role); - push_dynamic(&acl_dbs,(uchar*) &acl_db); + acl_dbs.push(acl_db); return 2; } else if (access == 0) @@ -5255,13 +5256,13 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro 2. it's O(N) operation, and we may need many of them so we only mark elements deleted and will delete later. */ - merged->sort= 0; // lower than any valid ACL_DB sort value, will be sorted last + acl_dbs.at(merged).sort= 0; // lower than any valid ACL_DB sort value, will be sorted last return 4; } - else if (merged->access != access) + else if (acl_dbs.at(merged).access != access) { /* this is easy */ - merged->access= access; + acl_dbs.at(merged).access= access; return 1; } return 0; @@ -5276,7 +5277,7 @@ static int update_role_db(ACL_DB *merged, ACL_DB **first, ulong access, char *ro static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname, role_hash_t *rhash) { - Dynamic_array<ACL_DB *> dbs; + Dynamic_array<int> dbs; /* Supposedly acl_dbs can be huge, but only a handful of db grants @@ -5284,9 +5285,9 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname, Collect these applicable db grants. */ - for (uint i=0 ; i < acl_dbs.elements ; i++) + for (uint i=0 ; i < acl_dbs.elements() ; i++) { - ACL_DB *db= dynamic_element(&acl_dbs,i,ACL_DB*); + ACL_DB *db= &acl_dbs.at(i); if (db->host.hostname[0]) continue; if (dbname && strcmp(db->db, dbname)) @@ -5294,7 +5295,7 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname, ACL_ROLE *r= rhash->find(db->user, strlen(db->user)); if (!r) continue; - dbs.append(db); + dbs.append(i); } dbs.sort(db_name_sort); @@ -5303,21 +5304,21 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname, (that should be merged) are sorted together. The grantee's ACL_DB element is not necessarily the first and may be not present at all. */ - ACL_DB **first= NULL, *UNINIT_VAR(merged); + int first= -1, merged= -1; ulong UNINIT_VAR(access), update_flags= 0; - for (ACL_DB **cur= dbs.front(); cur <= dbs.back(); cur++) + for (int *p= dbs.front(); p <= dbs.back(); p++) { - if (!first || (!dbname && strcmp(cur[0]->db, cur[-1]->db))) + if (first<0 || (!dbname && strcmp(acl_dbs.at(*p).db, acl_dbs.at(*p-1).db))) { // new db name series update_flags|= update_role_db(merged, first, access, grantee->user.str); - merged= NULL; + merged= -1; access= 0; - first= cur; + first= *p; } - if (strcmp(cur[0]->user, grantee->user.str) == 0) - access|= (merged= cur[0])->initial_access; + if (strcmp(acl_dbs.at(*p).user, grantee->user.str) == 0) + access|= acl_dbs.at(merged= *p).initial_access; else - access|= cur[0]->access; + access|= acl_dbs.at(*p).access; } update_flags|= update_role_db(merged, first, access, grantee->user.str); @@ -5330,14 +5331,12 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname, */ if (update_flags & (2|4)) { // inserted or deleted, need to sort - my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements, - sizeof(ACL_DB),(qsort_cmp) acl_compare); + acl_dbs.sort((acl_dbs_cmp)acl_compare); } if (update_flags & 4) { // deleted, trim the end - while (acl_dbs.elements && - dynamic_element(&acl_dbs, acl_dbs.elements-1, ACL_DB*)->sort == 0) - acl_dbs.elements--; + while (acl_dbs.elements() && acl_dbs.back()->sort == 0) + acl_dbs.pop(); } return update_flags; } @@ -8130,16 +8129,14 @@ static bool show_database_privileges(THD *thd, const char *username, const char *hostname, char *buff, size_t buffsize) { - ACL_DB *acl_db; ulong want_access; - uint counter; Protocol *protocol= thd->protocol; - for (counter=0 ; counter < acl_dbs.elements ; counter++) + for (uint i=0 ; i < acl_dbs.elements() ; i++) { const char *user, *host; - acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*); + ACL_DB *acl_db= &acl_dbs.at(i); user= safe_str(acl_db->user); host=acl_db->host.hostname; @@ -8958,7 +8955,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, elements= acl_users.elements; break; case DB_ACL: - elements= acl_dbs.elements; + elements= acl_dbs.elements(); break; case COLUMN_PRIVILEGES_HASH: grant_name_hash= &column_priv_hash; @@ -9002,7 +8999,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, break; case DB_ACL: - acl_db= dynamic_element(&acl_dbs, idx, ACL_DB*); + acl_db= &acl_dbs.at(idx); user= acl_db->user; host= acl_db->host.hostname; break; @@ -9086,7 +9083,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, break; case DB_ACL: - delete_dynamic_element(&acl_dbs, idx); + acl_dbs.del(idx); break; case COLUMN_PRIVILEGES_HASH: @@ -9850,11 +9847,11 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) */ do { - for (counter= 0, revoked= 0 ; counter < acl_dbs.elements ; ) + for (counter= 0, revoked= 0 ; counter < acl_dbs.elements() ; ) { const char *user,*host; - acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*); + acl_db=&acl_dbs.at(counter); user= safe_str(acl_db->user); host= safe_str(acl_db->host.hostname); @@ -10467,6 +10464,14 @@ static int show_column_grants(THD *thd, SHOW_VAR *var, char *buff, return 0; } +static int show_database_grants(THD *thd, SHOW_VAR *var, char *buff, + enum enum_var_type scope) +{ + var->type= SHOW_UINT; + var->value= buff; + *(uint *)buff= acl_dbs.elements(); + return 0; +} #else bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool) @@ -10478,7 +10483,7 @@ bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool) SHOW_VAR acl_statistics[] = { #ifndef NO_EMBEDDED_ACCESS_CHECKS {"column_grants", (char*)show_column_grants, SHOW_SIMPLE_FUNC}, - {"database_grants", (char*)&acl_dbs.elements, SHOW_UINT}, + {"database_grants", (char*)show_database_grants, SHOW_SIMPLE_FUNC}, {"function_grants", (char*)&func_priv_hash.records, SHOW_ULONG}, {"procedure_grants", (char*)&proc_priv_hash.records, SHOW_ULONG}, {"proxy_users", (char*)&acl_proxy_users.elements, SHOW_UINT}, @@ -10749,11 +10754,11 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) DBUG_RETURN(0); mysql_mutex_lock(&acl_cache->lock); - for (counter=0 ; counter < acl_dbs.elements ; counter++) + for (counter=0 ; counter < acl_dbs.elements() ; counter++) { const char *user, *host, *is_grantable="YES"; - acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*); + acl_db=&acl_dbs.at(counter); user= safe_str(acl_db->user); host= safe_str(acl_db->host.hostname); |