Commit c1c0a837 authored by Sergei Golubchik's avatar Sergei Golubchik

ACL_USER methods for comparing ACL_USER objects

parent ce688789
...@@ -205,6 +205,12 @@ static plugin_ref old_password_plugin; ...@@ -205,6 +205,12 @@ static plugin_ref old_password_plugin;
#endif #endif
static plugin_ref native_password_plugin; static plugin_ref native_password_plugin;
static char *safe_str(char *str)
{ return str ? str : const_cast<char*>(""); }
static const char *safe_str(const char *str)
{ return str ? str : ""; }
/* Classes */ /* Classes */
struct acl_host_and_ip struct acl_host_and_ip
...@@ -213,6 +219,8 @@ struct acl_host_and_ip ...@@ -213,6 +219,8 @@ struct acl_host_and_ip
long ip, ip_mask; // Used with masked ip:s long ip, ip_mask; // Used with masked ip:s
}; };
static bool compare_hostname(const acl_host_and_ip *, const char *, const char *);
class ACL_ACCESS { class ACL_ACCESS {
public: public:
ulong sort; ulong sort;
...@@ -276,6 +284,25 @@ public: ...@@ -276,6 +284,25 @@ public:
return dst; return dst;
} }
int cmp(const char *user2, const char *host2)
{
CHARSET_INFO *cs= system_charset_info;
int res;
res= strcmp(safe_str(user.str), safe_str(user2));
if (!res)
res= my_strcasecmp(cs, host.hostname, host2);
return res;
}
bool eq(const char *user2, const char *host2) { return !cmp(user2, host2); }
bool wild_eq(const char *user2, const char *host2, const char *ip2 = 0)
{
if (strcmp(safe_str(user.str), safe_str(user2)))
return false;
return compare_hostname(&host, host2, ip2 ? ip2 : host2);
}
}; };
class ACL_ROLE :public ACL_USER_BASE class ACL_ROLE :public ACL_USER_BASE
...@@ -311,12 +338,6 @@ public: ...@@ -311,12 +338,6 @@ public:
ulong initial_access; /* access bits present in the table */ ulong initial_access; /* access bits present in the table */
}; };
static char *safe_str(char *str)
{ return str ? str : const_cast<char*>(""); }
static const char *safe_str(const char *str)
{ return str ? str : ""; }
#ifndef DBUG_OFF #ifndef DBUG_OFF
/* status variables, only visible in SHOW STATUS after -#d,role_merge_stats */ /* status variables, only visible in SHOW STATUS after -#d,role_merge_stats */
ulong role_global_merges= 0, role_db_merges= 0, role_table_merges= 0, ulong role_global_merges= 0, role_db_merges= 0, role_table_merges= 0,
...@@ -326,7 +347,6 @@ ulong role_global_merges= 0, role_db_merges= 0, role_table_merges= 0, ...@@ -326,7 +347,6 @@ ulong role_global_merges= 0, role_db_merges= 0, role_table_merges= 0,
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
static void update_hostname(acl_host_and_ip *host, const char *hostname); static void update_hostname(acl_host_and_ip *host, const char *hostname);
static ulong get_sort(uint count,...); static ulong get_sort(uint count,...);
static bool compare_hostname(const acl_host_and_ip *, const char *, const char *);
static bool show_proxy_grants (THD *, const char *, const char *, static bool show_proxy_grants (THD *, const char *, const char *,
char *, size_t); char *, size_t);
static bool show_role_grants(THD *, const char *, const char *, static bool show_role_grants(THD *, const char *, const char *,
...@@ -721,8 +741,8 @@ static ulong get_sort(uint count,...); ...@@ -721,8 +741,8 @@ static ulong get_sort(uint count,...);
static void init_check_host(void); static void init_check_host(void);
static void rebuild_check_host(void); static void rebuild_check_host(void);
static void rebuild_role_grants(void); static void rebuild_role_grants(void);
static ACL_USER *find_user_no_anon(const char *host, const char *user, bool exact); static ACL_USER *find_user_exact(const char *host, const char *user);
static ACL_USER *find_user(const char *host, const char *user, const char *ip); static ACL_USER *find_user_wild(const char *host, const char *user, const char *ip= 0);
static ACL_ROLE *find_acl_role(const char *user); static ACL_ROLE *find_acl_role(const char *user);
static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_STRING *u, const LEX_STRING *h, const LEX_STRING *r); static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_STRING *u, const LEX_STRING *h, const LEX_STRING *r);
static ACL_USER_BASE *find_acl_user_base(const char *user, const char *host); static ACL_USER_BASE *find_acl_user_base(const char *user, const char *host);
...@@ -1030,8 +1050,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1030,8 +1050,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
"case that has been forced to lowercase because " "case that has been forced to lowercase because "
"lower_case_table_names is set. It will not be " "lower_case_table_names is set. It will not be "
"possible to remove this privilege using REVOKE.", "possible to remove this privilege using REVOKE.",
safe_str(host.host.hostname), host.host.hostname, host.db);
safe_str(host.db));
} }
host.access= get_access(table,2); host.access= get_access(table,2);
host.access= fix_rights_for_db(host.access); host.access= fix_rights_for_db(host.access);
...@@ -1406,7 +1425,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1406,7 +1425,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
table->use_all_columns(); table->use_all_columns();
/* account for every role mapping */ /* account for every role mapping */
/* acquire lock for the find_user_no_anon functions */
if (!initialized) if (!initialized)
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
...@@ -1764,29 +1782,11 @@ bool acl_getroot(Security_context *sctx, char *user, char *host, ...@@ -1764,29 +1782,11 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
if (host[0]) // User, not Role if (host[0]) // User, not Role
{ {
/* acl_user= find_user_wild(host, user, ip);
Find acl entry in user database.
This is specially tailored to suit the check we do for CALL of
a stored procedure; user is set to what is actually a
priv_user, which can be ''.
*/
for (i=0 ; i < acl_users.elements ; i++)
{
ACL_USER *acl_user_tmp= dynamic_element(&acl_users,i,ACL_USER*);
if ((!acl_user_tmp->user.str && !user[0]) ||
(acl_user_tmp->user.str && strcmp(user, acl_user_tmp->user.str) == 0))
{
if (compare_hostname(&acl_user_tmp->host, host, ip))
{
acl_user= acl_user_tmp;
res= 0;
break;
}
}
}
if (acl_user) if (acl_user)
{ {
res= 0;
for (i=0 ; i < acl_dbs.elements ; i++) for (i=0 ; i < acl_dbs.elements ; i++)
{ {
ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*); ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*);
...@@ -1861,8 +1861,8 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access) ...@@ -1861,8 +1861,8 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access)
{ {
/* have to clear the privileges */ /* have to clear the privileges */
/* get the current user */ /* get the current user */
acl_user= find_user(thd->security_ctx->host, thd->security_ctx->user, acl_user= find_user_exact(thd->security_ctx->priv_host,
thd->security_ctx->ip); thd->security_ctx->priv_user);
if (acl_user == NULL) if (acl_user == NULL)
{ {
my_error(ER_INVALID_CURRENT_USER, MYF(0), rolename); my_error(ER_INVALID_CURRENT_USER, MYF(0), rolename);
...@@ -1890,18 +1890,12 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access) ...@@ -1890,18 +1890,12 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access)
continue; continue;
acl_user= (ACL_USER *)acl_user_base; acl_user= (ACL_USER *)acl_user_base;
if ((!acl_user->user.str && !thd->security_ctx->user[0]) || if (acl_user->wild_eq(thd->security_ctx->user, thd->security_ctx->host))
(acl_user->user.str && !strcmp(thd->security_ctx->user,
acl_user->user.str)))
{
if (compare_hostname(&acl_user->host, thd->security_ctx->host,
thd->security_ctx->host))
{ {
is_granted= TRUE; is_granted= TRUE;
break; break;
} }
} }
}
/* According to SQL standard, the same error message must be presented */ /* According to SQL standard, the same error message must be presented */
if (!is_granted) if (!is_granted)
...@@ -1976,12 +1970,7 @@ static void acl_update_user(const char *user, const char *host, ...@@ -1976,12 +1970,7 @@ static void acl_update_user(const char *user, const char *host,
for (uint i=0 ; i < acl_users.elements ; i++) for (uint i=0 ; i < acl_users.elements ; i++)
{ {
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
if ((!acl_user->user.str && !user[0]) || if (acl_user->eq(user, host))
(acl_user->user.str && !strcmp(user,acl_user->user.str)))
{
if ((!acl_user->host.hostname && !host[0]) ||
(acl_user->host.hostname &&
!my_strcasecmp(system_charset_info, host, acl_user->host.hostname)))
{ {
if (plugin->str[0]) if (plugin->str[0])
{ {
...@@ -2023,7 +2012,6 @@ static void acl_update_user(const char *user, const char *host, ...@@ -2023,7 +2012,6 @@ static void acl_update_user(const char *user, const char *host,
break; break;
} }
} }
}
} }
...@@ -2627,7 +2615,7 @@ bool change_password(THD *thd, const char *host, const char *user, ...@@ -2627,7 +2615,7 @@ bool change_password(THD *thd, const char *host, const char *user,
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
ACL_USER *acl_user; ACL_USER *acl_user;
if (!(acl_user= find_user_no_anon(host, user, TRUE))) if (!(acl_user= find_user_exact(host, user)))
{ {
mysql_mutex_unlock(&acl_cache->lock); mysql_mutex_unlock(&acl_cache->lock);
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0)); my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0));
...@@ -2702,7 +2690,7 @@ bool is_acl_user(const char *host, const char *user) ...@@ -2702,7 +2690,7 @@ bool is_acl_user(const char *host, const char *user)
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
if (*host) // User if (*host) // User
res= find_user_no_anon(host, user, TRUE) != NULL; res= find_user_exact(host, user) != NULL;
else // Role else // Role
res= find_acl_role(user) != NULL; res= find_acl_role(user) != NULL;
...@@ -2711,7 +2699,12 @@ bool is_acl_user(const char *host, const char *user) ...@@ -2711,7 +2699,12 @@ bool is_acl_user(const char *host, const char *user)
} }
static ACL_USER *find_user(const char *host, const char *user, const char *ip) /*
unlike find_user_exact and find_user_wild,
this function finds anonymous users too, it's when a
user is not empty, but priv_user (acl_user->user) is empty.
*/
static ACL_USER *find_user_or_anon(const char *host, const char *user, const char *ip)
{ {
ACL_USER *result= NULL; ACL_USER *result= NULL;
mysql_mutex_assert_owner(&acl_cache->lock); mysql_mutex_assert_owner(&acl_cache->lock);
...@@ -2733,33 +2726,33 @@ static ACL_USER *find_user(const char *host, const char *user, const char *ip) ...@@ -2733,33 +2726,33 @@ static ACL_USER *find_user(const char *host, const char *user, const char *ip)
/* /*
Find first entry that matches the current user Find first entry that matches the current user
*/ */
static ACL_USER * static ACL_USER * find_user_exact(const char *host, const char *user)
find_user_no_anon(const char *host, const char *user, bool exact)
{ {
DBUG_ENTER("find_user_no_anon");
DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user));
mysql_mutex_assert_owner(&acl_cache->lock); mysql_mutex_assert_owner(&acl_cache->lock);
for (uint i=0 ; i < acl_users.elements ; i++) for (uint i=0 ; i < acl_users.elements ; i++)
{ {
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
DBUG_PRINT("info",("strcmp('%s','%s'), compare_hostname('%s','%s'),", if (acl_user->eq(user, host))
user, safe_str(acl_user->user.str), return acl_user;
host,
safe_str(acl_user->host.hostname)));
if ((!acl_user->user.str && !user[0]) ||
(acl_user->user.str && !strcmp(user,acl_user->user.str)))
{
if (exact ? !my_strcasecmp(system_charset_info, host,
safe_str(acl_user->host.hostname)) :
compare_hostname(&acl_user->host,host,host))
{
DBUG_RETURN(acl_user);
}
} }
return 0;
}
/*
Find first entry that matches the current user
*/
static ACL_USER * find_user_wild(const char *host, const char *user, const char *ip)
{
mysql_mutex_assert_owner(&acl_cache->lock);
for (uint i=0 ; i < acl_users.elements ; i++)
{
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
if (acl_user->wild_eq(user, host, ip))
return acl_user;
} }
DBUG_RETURN(0); return 0;
} }
/* /*
...@@ -2782,7 +2775,7 @@ static ACL_ROLE *find_acl_role(const char *user) ...@@ -2782,7 +2775,7 @@ static ACL_ROLE *find_acl_role(const char *user)
static ACL_USER_BASE *find_acl_user_base(const char *user, const char *host) static ACL_USER_BASE *find_acl_user_base(const char *user, const char *host)
{ {
if (*host) if (*host)
return find_user_no_anon(host, user, TRUE); return find_user_exact(host, user);
return find_acl_role(user); return find_acl_role(user);
} }
...@@ -3313,7 +3306,7 @@ static int replace_db_table(TABLE *table, const char *db, ...@@ -3313,7 +3306,7 @@ static int replace_db_table(TABLE *table, const char *db,
} }
/* Check if there is such a user in user table in memory? */ /* Check if there is such a user in user table in memory? */
if (!find_user_no_anon(combo.host.str,combo.user.str, FALSE)) if (!find_user_wild(combo.host.str,combo.user.str))
{ {
/* The user could be a role, check if the user is registered as a role */ /* The user could be a role, check if the user is registered as a role */
if (!combo.host.length && !find_acl_role(combo.user.str)) if (!combo.host.length && !find_acl_role(combo.user.str))
...@@ -3565,7 +3558,7 @@ replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user, ...@@ -3565,7 +3558,7 @@ replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user,
} }
/* Check if there is such a user in user table in memory? */ /* Check if there is such a user in user table in memory? */
if (!find_user_no_anon(user->host.str,user->user.str, FALSE)) if (!find_user_wild(user->host.str,user->user.str))
{ {
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0)); my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0));
DBUG_RETURN(-1); DBUG_RETURN(-1);
...@@ -4229,7 +4222,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, ...@@ -4229,7 +4222,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
The following should always succeed as new users are created before The following should always succeed as new users are created before
this function is called! this function is called!
*/ */
if (!find_user_no_anon(combo.host.str,combo.user.str, FALSE)) if (!find_user_wild(combo.host.str,combo.user.str))
{ {
if (!combo.host.length && !find_acl_role(combo.user.str)) if (!combo.host.length && !find_acl_role(combo.user.str))
{ {
...@@ -5799,7 +5792,7 @@ static bool can_grant_role(THD *thd, ACL_ROLE *role) ...@@ -5799,7 +5792,7 @@ static bool can_grant_role(THD *thd, ACL_ROLE *role)
if (!sctx->user) // replication if (!sctx->user) // replication
return true; return true;
ACL_USER *grantee= find_user_no_anon(sctx->priv_host, sctx->priv_user, true); ACL_USER *grantee= find_user_exact(sctx->priv_host, sctx->priv_user);
if (!grantee) if (!grantee)
return false; return false;
...@@ -5923,7 +5916,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -5923,7 +5916,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
ACL_USER_BASE *grantee= role_as_user; ACL_USER_BASE *grantee= role_as_user;
if (!grantee) if (!grantee)
grantee= find_user_no_anon(hostname.str, username.str, true); grantee= find_user_exact(hostname.str, username.str);
if (!grantee) if (!grantee)
{ {
...@@ -7436,7 +7429,7 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user) ...@@ -7436,7 +7429,7 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
if (username) if (username)
{ {
acl_user= find_user_no_anon(hostname, username, TRUE); acl_user= find_user_exact(hostname, username);
if (!acl_user) if (!acl_user)
{ {
mysql_mutex_unlock(&acl_cache->lock); mysql_mutex_unlock(&acl_cache->lock);
...@@ -8057,7 +8050,7 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc) ...@@ -8057,7 +8050,7 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc)
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
if (initialized && (acl_user= find_user_no_anon(host,user, FALSE))) if (initialized && (acl_user= find_user_wild(host,user)))
uc->user_resources= acl_user->user_resource; uc->user_resources= acl_user->user_resource;
else else
bzero((char*) &uc->user_resources, sizeof(uc->user_resources)); bzero((char*) &uc->user_resources, sizeof(uc->user_resources));
...@@ -8161,8 +8154,7 @@ static int open_grant_tables(THD *thd, TABLE_LIST *tables) ...@@ -8161,8 +8154,7 @@ static int open_grant_tables(THD *thd, TABLE_LIST *tables)
DBUG_RETURN(0); DBUG_RETURN(0);
} }
ACL_USER *check_acl_user(LEX_USER *user_name, ACL_USER *check_acl_user(LEX_USER *user_name, uint *acl_acl_userdx)
uint *acl_acl_userdx)
{ {
ACL_USER *acl_user= 0; ACL_USER *acl_user= 0;
uint counter; uint counter;
...@@ -8171,13 +8163,8 @@ ACL_USER *check_acl_user(LEX_USER *user_name, ...@@ -8171,13 +8163,8 @@ ACL_USER *check_acl_user(LEX_USER *user_name,
for (counter= 0 ; counter < acl_users.elements ; counter++) for (counter= 0 ; counter < acl_users.elements ; counter++)
{ {
const char *user,*host;
acl_user= dynamic_element(&acl_users, counter, ACL_USER*); acl_user= dynamic_element(&acl_users, counter, ACL_USER*);
user= safe_str(acl_user->user.str); if(acl_user->eq(user_name->user.str, user_name->host.str))
host=acl_user->host.hostname;
if (!strcmp(user_name->user.str,user) &&
!my_strcasecmp(system_charset_info, user_name->host.str, host))
break; break;
} }
if (counter == acl_users.elements) if (counter == acl_users.elements)
...@@ -8875,7 +8862,7 @@ static int handle_grant_data(TABLE_LIST *tables, bool drop, ...@@ -8875,7 +8862,7 @@ static int handle_grant_data(TABLE_LIST *tables, bool drop,
goto end; goto end;
} }
else else
if (find_user_no_anon(user_from->host.str, user_from->user.str, TRUE)) if (find_user_exact(user_from->host.str, user_from->user.str))
goto end; // looking for a role, found a user goto end; // looking for a role, found a user
} }
else else
...@@ -9337,7 +9324,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) ...@@ -9337,7 +9324,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
result= -1; result= -1;
continue; continue;
} }
if (!find_user_no_anon(lex_user->host.str, lex_user->user.str, TRUE)) if (!find_user_exact(lex_user->host.str, lex_user->user.str))
{ {
result= -1; result= -1;
continue; continue;
...@@ -9640,17 +9627,13 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, ...@@ -9640,17 +9627,13 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
if ((au= find_user_no_anon(combo->host.str=(char*)sctx->host_or_ip, if ((au= find_user_wild(combo->host.str=(char*)sctx->host_or_ip, combo->user.str)))
combo->user.str,FALSE)))
goto found_acl; goto found_acl;
if ((au= find_user_no_anon(combo->host.str=(char*)sctx->host, if ((au= find_user_wild(combo->host.str=(char*)sctx->host, combo->user.str)))
combo->user.str,FALSE)))
goto found_acl; goto found_acl;
if ((au= find_user_no_anon(combo->host.str=(char*)sctx->ip, if ((au= find_user_wild(combo->host.str=(char*)sctx->ip, combo->user.str)))
combo->user.str,FALSE)))
goto found_acl; goto found_acl;
if ((au= find_user_no_anon(combo->host.str=(char*)"%", if ((au= find_user_wild(combo->host.str=(char*)"%", combo->user.str)))
combo->user.str, FALSE)))
goto found_acl; goto found_acl;
mysql_mutex_unlock(&acl_cache->lock); mysql_mutex_unlock(&acl_cache->lock);
...@@ -9947,7 +9930,7 @@ int fill_schema_applicable_roles(THD *thd, TABLE_LIST *tables, COND *cond) ...@@ -9947,7 +9930,7 @@ int fill_schema_applicable_roles(THD *thd, TABLE_LIST *tables, COND *cond)
Security_context *sctx= thd->security_ctx; Security_context *sctx= thd->security_ctx;
mysql_rwlock_rdlock(&LOCK_grant); mysql_rwlock_rdlock(&LOCK_grant);
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
ACL_USER *user= find_user_no_anon(sctx->priv_host, sctx->priv_user, true); ACL_USER *user= find_user_exact(sctx->priv_host, sctx->priv_user);
char buff[USER_HOST_BUFF_SIZE+10]; char buff[USER_HOST_BUFF_SIZE+10];
DBUG_ASSERT(user->user.length + user->hostname_length +2 < sizeof(buff)); DBUG_ASSERT(user->user.length + user->hostname_length +2 < sizeof(buff));
...@@ -10902,9 +10885,6 @@ static bool send_plugin_request_packet(MPVIO_EXT *mpvio, ...@@ -10902,9 +10885,6 @@ static bool send_plugin_request_packet(MPVIO_EXT *mpvio,
Finds a user and copies it into mpvio. Creates a fake user Finds a user and copies it into mpvio. Creates a fake user
if no matching user account is found. if no matching user account is found.
@note find_user_no_anon is not the same, because it doesn't take into
account the case when user is not empty, but acl_user->user is empty
@retval 0 found @retval 0 found
@retval 1 error @retval 1 error
*/ */
...@@ -10916,7 +10896,7 @@ static bool find_mpvio_user(MPVIO_EXT *mpvio) ...@@ -10916,7 +10896,7 @@ static bool find_mpvio_user(MPVIO_EXT *mpvio)
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
ACL_USER *user= find_user(sctx->host, sctx->user, sctx->ip); ACL_USER *user= find_user_or_anon(sctx->host, sctx->user, sctx->ip);
if (user) if (user)
mpvio->acl_user= user->copy(&mem); mpvio->acl_user= user->copy(&mem);
...@@ -11856,9 +11836,8 @@ bool acl_authenticate(THD *thd, uint connect_errors, ...@@ -11856,9 +11836,8 @@ bool acl_authenticate(THD *thd, uint connect_errors,
/* we're proxying : find the proxy user definition */ /* we're proxying : find the proxy user definition */
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
acl_proxy_user= find_user_no_anon(safe_str(proxy_user->get_proxied_host()), acl_proxy_user= find_user_exact(safe_str(proxy_user->get_proxied_host()),
mpvio.auth_info.authenticated_as, mpvio.auth_info.authenticated_as);
TRUE);
if (!acl_proxy_user) if (!acl_proxy_user)
{ {
if (!thd->is_error()) if (!thd->is_error())
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment