Commit 39e5af0a authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Refactored ACL_USER:

Changed ACL_USER.user from char * to LEX_STRING.
Refactored every section that made use of ACL_USER.user as a char*.

This was done so as to be able to quickly check the hash_key of the acl_user.
parent b079d101
...@@ -218,7 +218,7 @@ class ACL_USER :public ACL_ACCESS ...@@ -218,7 +218,7 @@ class ACL_USER :public ACL_ACCESS
acl_host_and_ip host; acl_host_and_ip host;
uint hostname_length; uint hostname_length;
USER_RESOURCES user_resource; USER_RESOURCES user_resource;
char *user; LEX_STRING user;
uint8 salt[SCRAMBLE_LENGTH + 1]; // scrambled password in binary form uint8 salt[SCRAMBLE_LENGTH + 1]; // scrambled password in binary form
uint8 salt_len; // 0 - no password, 4 - 3.20, 8 - 4.0, 20 - 4.1.1 uint8 salt_len; // 0 - no password, 4 - 3.20, 8 - 4.0, 20 - 4.1.1
enum SSL_type ssl_type; enum SSL_type ssl_type;
...@@ -232,7 +232,8 @@ class ACL_USER :public ACL_ACCESS ...@@ -232,7 +232,8 @@ class ACL_USER :public ACL_ACCESS
if (!dst) if (!dst)
return 0; return 0;
*dst= *this; *dst= *this;
dst->user= safe_strdup_root(root, user); dst->user.str= safe_strdup_root(root, user.str);
dst->user.length= user.length;
dst->ssl_cipher= safe_strdup_root(root, ssl_cipher); dst->ssl_cipher= safe_strdup_root(root, ssl_cipher);
dst->x509_issuer= safe_strdup_root(root, x509_issuer); dst->x509_issuer= safe_strdup_root(root, x509_issuer);
dst->x509_subject= safe_strdup_root(root, x509_subject); dst->x509_subject= safe_strdup_root(root, x509_subject);
...@@ -523,8 +524,8 @@ static uchar* acl_entry_get_key(acl_entry *entry, size_t *length, ...@@ -523,8 +524,8 @@ static uchar* acl_entry_get_key(acl_entry *entry, size_t *length,
uchar* acl_role_get_key(ACL_USER *entry, size_t *length, uchar* acl_role_get_key(ACL_USER *entry, size_t *length,
my_bool not_used __attribute__((unused))) my_bool not_used __attribute__((unused)))
{ {
*length=(uint) (entry->user ? strlen(entry->user) : 0); *length=(uint) entry->user.length;
return (uchar*) entry->user; return (uchar*) entry->user.str;
} }
#define IP_ADDR_STRLEN (3 + 1 + 3 + 1 + 3 + 1 + 3) #define IP_ADDR_STRLEN (3 + 1 + 3 + 1 + 3 + 1 + 3)
...@@ -744,7 +745,7 @@ set_user_plugin (ACL_USER *user, int password_len) ...@@ -744,7 +745,7 @@ set_user_plugin (ACL_USER *user, int password_len)
return FALSE; return FALSE;
default: default:
sql_print_warning("Found invalid password for user: '%s@%s'; " sql_print_warning("Found invalid password for user: '%s@%s'; "
"Ignoring user", user->user ? user->user : "", "Ignoring user", user->user.str ? user->user.str : "",
user->host.hostname ? user->host.hostname : ""); user->host.hostname ? user->host.hostname : "");
return TRUE; return TRUE;
} }
...@@ -900,7 +901,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -900,7 +901,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
bool is_role= FALSE; bool is_role= FALSE;
bzero(&user, sizeof(user)); bzero(&user, sizeof(user));
update_hostname(&user.host, get_field(&mem, table->field[0])); update_hostname(&user.host, get_field(&mem, table->field[0]));
user.user= get_field(&mem, table->field[1]); char *username= get_field(&mem, table->field[1]);
user.user.str= username;
user.user.length= username? strlen(username) : 0;
/* If the user entry is a role, skip password and hostname checks /* If the user entry is a role, skip password and hostname checks
A user can not log in with a role so some checks are not necessary A user can not log in with a role so some checks are not necessary
...@@ -912,7 +915,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -912,7 +915,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
{ {
sql_print_warning("'user' entry '%s@%s' " sql_print_warning("'user' entry '%s@%s' "
"ignored in --skip-name-resolve mode.", "ignored in --skip-name-resolve mode.",
user.user ? user.user : "", user.user.str ? user.user.str : "",
user.host.hostname ? user.host.hostname : ""); user.host.hostname ? user.host.hostname : "");
continue; continue;
} }
...@@ -1016,7 +1019,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1016,7 +1019,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
sql_print_warning("'user' entry '%s@%s' has both a password " sql_print_warning("'user' entry '%s@%s' has both a password "
"and an authentication plugin specified. The " "and an authentication plugin specified. The "
"password will be ignored.", "password will be ignored.",
user.user ? user.user : "", user.user.str ? user.user.str : "",
user.host.hostname ? user.host.hostname : ""); user.host.hostname ? user.host.hostname : "");
} }
user.auth_string.str= get_field(&mem, table->field[next_field++]); user.auth_string.str= get_field(&mem, table->field[next_field++]);
...@@ -1046,12 +1049,12 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1046,12 +1049,12 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
#endif #endif
} }
if (is_role) { if (is_role) {
sql_print_information("Found role %s", user.user); sql_print_information("Found role %s", user.user.str);
my_hash_insert(&acl_roles, (uchar*) user.copy(&mem)); my_hash_insert(&acl_roles, (uchar*) user.copy(&mem));
} }
else else
{ {
sql_print_information("Found user %s", user.user); sql_print_information("Found user %s", user.user.str);
(void) push_dynamic(&acl_users,(uchar*) &user); (void) push_dynamic(&acl_users,(uchar*) &user);
} }
if (!user.host.hostname || if (!user.host.hostname ||
...@@ -1206,8 +1209,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1206,8 +1209,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
// push_dynamic(&role_grants, (uchar*) &p); // push_dynamic(&role_grants, (uchar*) &p);
sql_print_information("Found user %s@%s having role granted %s@%s\n", sql_print_information("Found user %s@%s having role granted %s@%s\n",
user->user, user->host.hostname, user->user.str, user->host.hostname,
role->user, role->host.hostname); role->user.str, role->host.hostname);
} }
end_read_record(&read_record_info); end_read_record(&read_record_info);
...@@ -1547,8 +1550,8 @@ bool acl_getroot(Security_context *sctx, char *user, char *host, ...@@ -1547,8 +1550,8 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
for (i=0 ; i < acl_users.elements ; i++) for (i=0 ; i < acl_users.elements ; i++)
{ {
ACL_USER *acl_user_tmp= dynamic_element(&acl_users,i,ACL_USER*); ACL_USER *acl_user_tmp= dynamic_element(&acl_users,i,ACL_USER*);
if ((!acl_user_tmp->user && !user[0]) || if ((!acl_user_tmp->user.str && !user[0]) ||
(acl_user_tmp->user && strcmp(user, acl_user_tmp->user) == 0)) (acl_user_tmp->user.str && strcmp(user, acl_user_tmp->user.str) == 0))
{ {
if (compare_hostname(&acl_user_tmp->host, host, ip)) if (compare_hostname(&acl_user_tmp->host, host, ip))
{ {
...@@ -1579,7 +1582,7 @@ bool acl_getroot(Security_context *sctx, char *user, char *host, ...@@ -1579,7 +1582,7 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
} }
sctx->master_access= acl_user->access; sctx->master_access= acl_user->access;
if (acl_user->user) if (acl_user->user.str)
strmake_buf(sctx->priv_user, user); strmake_buf(sctx->priv_user, user);
else else
*sctx->priv_user= 0; *sctx->priv_user= 0;
...@@ -1617,8 +1620,8 @@ static void acl_update_user(const char *user, const char *host, ...@@ -1617,8 +1620,8 @@ static void acl_update_user(const char *user, const char *host,
for (uint i=0 ; i < acl_users.elements ; i++) for (uint i=0 ; i < acl_users.elements ; i++)
{ {
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
if ((!acl_user->user && !user[0]) || if ((!acl_user->user.str && !user[0]) ||
(acl_user->user && !strcmp(user,acl_user->user))) (acl_user->user.str && !strcmp(user,acl_user->user.str)))
{ {
if ((!acl_user->host.hostname && !host[0]) || if ((!acl_user->host.hostname && !host[0]) ||
(acl_user->host.hostname && (acl_user->host.hostname &&
...@@ -1683,7 +1686,8 @@ static void acl_insert_user(const char *user, const char *host, ...@@ -1683,7 +1686,8 @@ static void acl_insert_user(const char *user, const char *host,
mysql_mutex_assert_owner(&acl_cache->lock); mysql_mutex_assert_owner(&acl_cache->lock);
acl_user.user=*user ? strdup_root(&mem,user) : 0; acl_user.user.str=*user ? strdup_root(&mem,user) : 0;
acl_user.user.length= strlen(user);
update_hostname(&acl_user.host, *host ? strdup_root(&mem, host): 0); update_hostname(&acl_user.host, *host ? strdup_root(&mem, host): 0);
if (plugin->str[0]) if (plugin->str[0])
{ {
...@@ -2120,7 +2124,7 @@ bool change_password(THD *thd, const char *host, const char *user, ...@@ -2120,7 +2124,7 @@ bool change_password(THD *thd, const char *host, const char *user,
if (update_user_table(thd, table, if (update_user_table(thd, table,
acl_user->host.hostname ? acl_user->host.hostname : "", acl_user->host.hostname ? acl_user->host.hostname : "",
acl_user->user ? acl_user->user : "", acl_user->user.str ? acl_user->user.str : "",
new_password, new_password_len)) new_password, new_password_len))
{ {
mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */ mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */
...@@ -2134,7 +2138,7 @@ bool change_password(THD *thd, const char *host, const char *user, ...@@ -2134,7 +2138,7 @@ bool change_password(THD *thd, const char *host, const char *user,
{ {
query_length= query_length=
sprintf(buff,"SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'", sprintf(buff,"SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'",
acl_user->user ? acl_user->user : "", acl_user->user.str ? acl_user->user.str : "",
acl_user->host.hostname ? acl_user->host.hostname : "", acl_user->host.hostname ? acl_user->host.hostname : "",
new_password); new_password);
thd->clear_error(); thd->clear_error();
...@@ -2192,12 +2196,12 @@ find_acl_user(const char *host, const char *user, my_bool exact) ...@@ -2192,12 +2196,12 @@ find_acl_user(const char *host, const char *user, my_bool exact)
{ {
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
DBUG_PRINT("info",("strcmp('%s','%s'), compare_hostname('%s','%s'),", DBUG_PRINT("info",("strcmp('%s','%s'), compare_hostname('%s','%s'),",
user, acl_user->user ? acl_user->user : "", user, acl_user->user.str ? acl_user->user.str : "",
host, host,
acl_user->host.hostname ? acl_user->host.hostname : acl_user->host.hostname ? acl_user->host.hostname :
"")); ""));
if ((!acl_user->user && !user[0]) || if ((!acl_user->user.str && !user[0]) ||
(acl_user->user && !strcmp(user,acl_user->user))) (acl_user->user.str && !strcmp(user,acl_user->user.str)))
{ {
if (exact ? !my_strcasecmp(system_charset_info, host, if (exact ? !my_strcasecmp(system_charset_info, host,
acl_user->host.hostname ? acl_user->host.hostname ?
...@@ -5996,7 +6000,7 @@ ACL_USER *check_acl_user(LEX_USER *user_name, ...@@ -5996,7 +6000,7 @@ ACL_USER *check_acl_user(LEX_USER *user_name,
{ {
const char *user,*host; const char *user,*host;
acl_user= dynamic_element(&acl_users, counter, ACL_USER*); acl_user= dynamic_element(&acl_users, counter, ACL_USER*);
if (!(user=acl_user->user)) if (!(user=acl_user->user.str))
user= ""; user= "";
if (!(host=acl_user->host.hostname)) if (!(host=acl_user->host.hostname))
host= ""; host= "";
...@@ -6304,7 +6308,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, ...@@ -6304,7 +6308,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
switch (struct_no) { switch (struct_no) {
case USER_ACL: case USER_ACL:
acl_user= dynamic_element(&acl_users, idx, ACL_USER*); acl_user= dynamic_element(&acl_users, idx, ACL_USER*);
user= acl_user->user; user= acl_user->user.str;
host= acl_user->host.hostname; host= acl_user->host.hostname;
break; break;
...@@ -6382,7 +6386,8 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, ...@@ -6382,7 +6386,8 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
{ {
switch ( struct_no ) { switch ( struct_no ) {
case USER_ACL: case USER_ACL:
acl_user->user= strdup_root(&mem, user_to->user.str); acl_user->user.str= strdup_root(&mem, user_to->user.str);
acl_user->user.length= user_to->user.length;
acl_user->host.hostname= strdup_root(&mem, user_to->host.str); acl_user->host.hostname= strdup_root(&mem, user_to->host.str);
break; break;
...@@ -7480,7 +7485,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) ...@@ -7480,7 +7485,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
{ {
const char *user,*host, *is_grantable="YES"; const char *user,*host, *is_grantable="YES";
acl_user=dynamic_element(&acl_users,counter,ACL_USER*); acl_user=dynamic_element(&acl_users,counter,ACL_USER*);
if (!(user=acl_user->user)) if (!(user=acl_user->user.str))
user= ""; user= "";
if (!(host=acl_user->host.hostname)) if (!(host=acl_user->host.hostname))
host= ""; host= "";
...@@ -8282,8 +8287,9 @@ static bool find_mpvio_user(MPVIO_EXT *mpvio) ...@@ -8282,8 +8287,9 @@ static bool find_mpvio_user(MPVIO_EXT *mpvio)
for (uint i=0; i < acl_users.elements; i++) for (uint i=0; i < acl_users.elements; i++)
{ {
ACL_USER *acl_user_tmp= dynamic_element(&acl_users, i, ACL_USER*); ACL_USER *acl_user_tmp= dynamic_element(&acl_users, i, ACL_USER*);
if ((!acl_user_tmp->user || !strcmp(sctx->user, acl_user_tmp->user)) && if ((!acl_user_tmp->user.str ||
compare_hostname(&acl_user_tmp->host, sctx->host, sctx->ip)) !strcmp(sctx->user, acl_user_tmp->user.str)) &&
compare_hostname(&acl_user_tmp->host, sctx->host, sctx->ip))
{ {
mpvio->acl_user= acl_user_tmp->copy(mpvio->thd->mem_root); mpvio->acl_user= acl_user_tmp->copy(mpvio->thd->mem_root);
break; break;
...@@ -8340,8 +8346,8 @@ static bool find_mpvio_user(MPVIO_EXT *mpvio) ...@@ -8340,8 +8346,8 @@ static bool find_mpvio_user(MPVIO_EXT *mpvio)
mpvio->auth_info.user_name_length= strlen(sctx->user); mpvio->auth_info.user_name_length= strlen(sctx->user);
mpvio->auth_info.auth_string= mpvio->acl_user->auth_string.str; mpvio->auth_info.auth_string= mpvio->acl_user->auth_string.str;
mpvio->auth_info.auth_string_length= (unsigned long) mpvio->acl_user->auth_string.length; mpvio->auth_info.auth_string_length= (unsigned long) mpvio->acl_user->auth_string.length;
strmake_buf(mpvio->auth_info.authenticated_as, mpvio->acl_user->user ? strmake_buf(mpvio->auth_info.authenticated_as, mpvio->acl_user->user.str ?
mpvio->acl_user->user : ""); mpvio->acl_user->user.str : "");
DBUG_PRINT("info", ("exit: user=%s, auth_string=%s, authenticated as=%s" DBUG_PRINT("info", ("exit: user=%s, auth_string=%s, authenticated as=%s"
"plugin=%s", "plugin=%s",
...@@ -9202,7 +9208,7 @@ bool acl_authenticate(THD *thd, uint connect_errors, ...@@ -9202,7 +9208,7 @@ bool acl_authenticate(THD *thd, uint connect_errors,
{ {
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
bool is_proxy_user= FALSE; bool is_proxy_user= FALSE;
const char *auth_user = acl_user->user ? acl_user->user : ""; const char *auth_user = acl_user->user.str ? acl_user->user.str : "";
ACL_PROXY_USER *proxy_user; ACL_PROXY_USER *proxy_user;
/* check if the user is allowed to proxy as another user */ /* check if the user is allowed to proxy as another user */
proxy_user= acl_find_proxy_user(auth_user, sctx->host, sctx->ip, proxy_user= acl_find_proxy_user(auth_user, sctx->host, sctx->ip,
...@@ -9242,8 +9248,8 @@ bool acl_authenticate(THD *thd, uint connect_errors, ...@@ -9242,8 +9248,8 @@ bool acl_authenticate(THD *thd, uint connect_errors,
#endif #endif
sctx->master_access= acl_user->access; sctx->master_access= acl_user->access;
if (acl_user->user) if (acl_user->user.str)
strmake_buf(sctx->priv_user, acl_user->user); strmake_buf(sctx->priv_user, acl_user->user.str);
else else
*sctx->priv_user= 0; *sctx->priv_user= 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment