Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
994a682a
Commit
994a682a
authored
Oct 17, 2013
by
Vicențiu Ciorbaru
Committed by
Sergei Golubchik
Oct 17, 2013
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Stripped whitespaces on all lines from sql/sql_acl.cc
parent
49b4bae3
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
114 additions
and
108 deletions
+114
-108
sql/sql_acl.cc
sql/sql_acl.cc
+114
-108
No files found.
sql/sql_acl.cc
View file @
994a682a
...
...
@@ -59,15 +59,15 @@ bool mysql_user_table_is_in_short_password_format= false;
static
const
TABLE_FIELD_TYPE
mysql_db_table_fields
[
MYSQL_DB_FIELD_COUNT
]
=
{
{
{
C_STRING_WITH_LEN
(
"Host"
)
},
{
C_STRING_WITH_LEN
(
"Host"
)
},
{
C_STRING_WITH_LEN
(
"char(60)"
)
},
{
NULL
,
0
}
},
},
{
{
C_STRING_WITH_LEN
(
"Db"
)
},
{
C_STRING_WITH_LEN
(
"Db"
)
},
{
C_STRING_WITH_LEN
(
"char(64)"
)
},
{
NULL
,
0
}
},
},
{
{
C_STRING_WITH_LEN
(
"User"
)
},
{
C_STRING_WITH_LEN
(
"char("
)
},
...
...
@@ -176,11 +176,11 @@ mysql_db_table_def= {MYSQL_DB_FIELD_COUNT, mysql_db_table_fields, 0, (uint*) 0 }
static
LEX_STRING
native_password_plugin_name
=
{
C_STRING_WITH_LEN
(
"mysql_native_password"
)
};
static
LEX_STRING
old_password_plugin_name
=
{
C_STRING_WITH_LEN
(
"mysql_old_password"
)
};
/// @todo make it configurable
LEX_STRING
*
default_auth_plugin_name
=
&
native_password_plugin_name
;
...
...
@@ -220,11 +220,17 @@ class ACL_USER :public ACL_ACCESS
USER_RESOURCES
user_resource
;
LEX_STRING
user
;
uint8
salt
[
SCRAMBLE_LENGTH
+
1
];
// scrambled password in binary form
uint8
salt_len
;
// 0 - no password, 4 - 3.20, 8 - 4.0, 20 - 4.1.1
uint8
salt_len
;
// 0 - no password, 4 - 3.20, 8 - 4.0, 20 - 4.1.1
enum
SSL_type
ssl_type
;
const
char
*
ssl_cipher
,
*
x509_issuer
,
*
x509_subject
;
LEX_STRING
plugin
;
LEX_STRING
auth_string
;
/*
list to hold references to granted roles (ACL_USER instances)
if the instance of the class represents a user, or a user if the
instance of the class represents a role.
*/
DYNAMIC_ARRAY
role_grants
;
ACL_USER
*
copy
(
MEM_ROOT
*
root
)
{
...
...
@@ -272,11 +278,11 @@ class ACL_PROXY_USER :public ACL_ACCESS
const
char
*
proxied_user
;
bool
with_grant
;
typedef
enum
{
MYSQL_PROXIES_PRIV_HOST
,
MYSQL_PROXIES_PRIV_USER
,
typedef
enum
{
MYSQL_PROXIES_PRIV_HOST
,
MYSQL_PROXIES_PRIV_USER
,
MYSQL_PROXIES_PRIV_PROXIED_HOST
,
MYSQL_PROXIES_PRIV_PROXIED_USER
,
MYSQL_PROXIES_PRIV_PROXIED_USER
,
MYSQL_PROXIES_PRIV_WITH_GRANT
,
MYSQL_PROXIES_PRIV_GRANTOR
,
MYSQL_PROXIES_PRIV_TIMESTAMP
}
old_acl_proxy_users
;
...
...
@@ -288,11 +294,11 @@ class ACL_PROXY_USER :public ACL_ACCESS
bool
with_grant_arg
)
{
user
=
(
user_arg
&&
*
user_arg
)
?
user_arg
:
NULL
;
update_hostname
(
&
host
,
update_hostname
(
&
host
,
(
host_arg
&&
*
host_arg
)
?
host_arg
:
NULL
);
proxied_user
=
(
proxied_user_arg
&&
*
proxied_user_arg
)
?
proxied_user
=
(
proxied_user_arg
&&
*
proxied_user_arg
)
?
proxied_user_arg
:
NULL
;
update_hostname
(
&
proxied_host
,
update_hostname
(
&
proxied_host
,
(
proxied_host_arg
&&
*
proxied_host_arg
)
?
proxied_host_arg
:
NULL
);
with_grant
=
with_grant_arg
;
...
...
@@ -306,9 +312,9 @@ class ACL_PROXY_USER :public ACL_ACCESS
{
init
((
host_arg
&&
*
host_arg
)
?
strdup_root
(
mem
,
host_arg
)
:
NULL
,
(
user_arg
&&
*
user_arg
)
?
strdup_root
(
mem
,
user_arg
)
:
NULL
,
(
proxied_host_arg
&&
*
proxied_host_arg
)
?
(
proxied_host_arg
&&
*
proxied_host_arg
)
?
strdup_root
(
mem
,
proxied_host_arg
)
:
NULL
,
(
proxied_user_arg
&&
*
proxied_user_arg
)
?
(
proxied_user_arg
&&
*
proxied_user_arg
)
?
strdup_root
(
mem
,
proxied_user_arg
)
:
NULL
,
with_grant_arg
);
}
...
...
@@ -327,20 +333,20 @@ class ACL_PROXY_USER :public ACL_ACCESS
const
char
*
get_host
()
{
return
host
.
hostname
;
}
const
char
*
get_proxied_user
()
{
return
proxied_user
;
}
const
char
*
get_proxied_host
()
{
return
proxied_host
.
hostname
;
}
void
set_user
(
MEM_ROOT
*
mem
,
const
char
*
user_arg
)
{
void
set_user
(
MEM_ROOT
*
mem
,
const
char
*
user_arg
)
{
user
=
user_arg
&&
*
user_arg
?
strdup_root
(
mem
,
user_arg
)
:
NULL
;
}
void
set_host
(
MEM_ROOT
*
mem
,
const
char
*
host_arg
)
{
update_hostname
(
&
host
,
(
host_arg
&&
*
host_arg
)
?
void
set_host
(
MEM_ROOT
*
mem
,
const
char
*
host_arg
)
{
update_hostname
(
&
host
,
(
host_arg
&&
*
host_arg
)
?
strdup_root
(
mem
,
host_arg
)
:
NULL
);
}
bool
check_validity
(
bool
check_no_resolve
)
{
if
(
check_no_resolve
&&
if
(
check_no_resolve
&&
(
hostname_requires_resolving
(
host
.
hostname
)
||
hostname_requires_resolving
(
proxied_host
.
hostname
)))
{
...
...
@@ -377,8 +383,8 @@ class ACL_PROXY_USER :public ACL_ACCESS
compare_hostname
(
&
proxied_host
,
host_arg
,
ip_arg
)
&&
(
!
user
||
(
user_arg
&&
!
wild_compare
(
user_arg
,
user
,
TRUE
)))
&&
(
!
proxied_user
||
(
proxied_user
&&
!
wild_compare
(
proxied_user_arg
,
(
!
proxied_user
||
(
proxied_user
&&
!
wild_compare
(
proxied_user_arg
,
proxied_user
,
TRUE
))));
}
...
...
@@ -403,13 +409,13 @@ class ACL_PROXY_USER :public ACL_ACCESS
host
.
hostname
?
host
.
hostname
:
"<NULL>"
,
grant
->
host
.
hostname
?
grant
->
host
.
hostname
:
"<NULL>"
,
proxied_host
.
hostname
?
proxied_host
.
hostname
:
"<NULL>"
,
grant
->
proxied_host
.
hostname
?
grant
->
proxied_host
.
hostname
?
grant
->
proxied_host
.
hostname
:
"<NULL>"
));
DBUG_RETURN
(
auth_element_equals
(
user
,
grant
->
user
)
&&
auth_element_equals
(
proxied_user
,
grant
->
proxied_user
)
&&
auth_element_equals
(
host
.
hostname
,
grant
->
host
.
hostname
)
&&
auth_element_equals
(
proxied_host
.
hostname
,
auth_element_equals
(
proxied_host
.
hostname
,
grant
->
proxied_host
.
hostname
));
}
...
...
@@ -447,10 +453,10 @@ class ACL_PROXY_USER :public ACL_ACCESS
with_grant
=
grant
->
with_grant
;
}
static
int
store_pk
(
TABLE
*
table
,
const
LEX_STRING
*
host
,
static
int
store_pk
(
TABLE
*
table
,
const
LEX_STRING
*
host
,
const
LEX_STRING
*
user
,
const
LEX_STRING
*
proxied_host
,
const
LEX_STRING
*
proxied_host
,
const
LEX_STRING
*
proxied_user
)
{
DBUG_ENTER
(
"ACL_PROXY_USER::store_pk"
);
...
...
@@ -459,11 +465,11 @@ class ACL_PROXY_USER :public ACL_ACCESS
user
->
str
?
user
->
str
:
"<NULL>"
,
proxied_host
->
str
?
proxied_host
->
str
:
"<NULL>"
,
proxied_user
->
str
?
proxied_user
->
str
:
"<NULL>"
));
if
(
table
->
field
[
MYSQL_PROXIES_PRIV_HOST
]
->
store
(
host
->
str
,
if
(
table
->
field
[
MYSQL_PROXIES_PRIV_HOST
]
->
store
(
host
->
str
,
host
->
length
,
system_charset_info
))
DBUG_RETURN
(
TRUE
);
if
(
table
->
field
[
MYSQL_PROXIES_PRIV_USER
]
->
store
(
user
->
str
,
if
(
table
->
field
[
MYSQL_PROXIES_PRIV_USER
]
->
store
(
user
->
str
,
user
->
length
,
system_charset_info
))
DBUG_RETURN
(
TRUE
);
...
...
@@ -491,10 +497,10 @@ class ACL_PROXY_USER :public ACL_ACCESS
if
(
store_pk
(
table
,
host
,
user
,
proxied_host
,
proxied_user
))
DBUG_RETURN
(
TRUE
);
DBUG_PRINT
(
"info"
,
(
"with_grant=%s"
,
with_grant
?
"TRUE"
:
"FALSE"
));
if
(
table
->
field
[
MYSQL_PROXIES_PRIV_WITH_GRANT
]
->
store
(
with_grant
?
1
:
0
,
TRUE
))
if
(
table
->
field
[
MYSQL_PROXIES_PRIV_WITH_GRANT
]
->
store
(
with_grant
?
1
:
0
,
TRUE
))
DBUG_RETURN
(
TRUE
);
if
(
table
->
field
[
MYSQL_PROXIES_PRIV_GRANTOR
]
->
store
(
grantor
,
if
(
table
->
field
[
MYSQL_PROXIES_PRIV_GRANTOR
]
->
store
(
grantor
,
strlen
(
grantor
),
system_charset_info
))
DBUG_RETURN
(
TRUE
);
...
...
@@ -597,7 +603,7 @@ typedef struct st_role_grant
char
*
role_hostname
;
}
ROLE_GRANT_PAIR
;
/*
Convert scrambled password to binary form, according to scramble type,
Convert scrambled password to binary form, according to scramble type,
Binary form is stored in user.salt.
*/
...
...
@@ -657,7 +663,7 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
user
->
plugin
=
old_password_plugin_name
;
else
return
true
;
set_user_salt
(
user
,
user
->
auth_string
.
str
,
user
->
auth_string
.
length
);
return
false
;
}
...
...
@@ -734,7 +740,7 @@ my_bool acl_init(bool dont_read_acl_tables)
static
bool
set_user_plugin
(
ACL_USER
*
user
,
int
password_len
)
{
switch
(
password_len
)
switch
(
password_len
)
{
case
0
:
/* no password */
case
SCRAMBLED_PASSWORD_CHAR_LENGTH
:
...
...
@@ -1134,7 +1140,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
end_read_record
(
&
read_record_info
);
freeze_size
(
&
acl_dbs
);
(
void
)
my_init_dynamic_array
(
&
acl_proxy_users
,
sizeof
(
ACL_PROXY_USER
),
(
void
)
my_init_dynamic_array
(
&
acl_proxy_users
,
sizeof
(
ACL_PROXY_USER
),
50
,
100
,
MYF
(
0
));
if
(
tables
[
3
].
table
)
{
...
...
@@ -2110,7 +2116,7 @@ bool change_password(THD *thd, const char *host, const char *user,
}
/* update loaded acl entry: */
if
(
acl_user
->
plugin
.
str
==
native_password_plugin_name
.
str
||
if
(
acl_user
->
plugin
.
str
==
native_password_plugin_name
.
str
||
acl_user
->
plugin
.
str
==
old_password_plugin_name
.
str
)
{
acl_user
->
auth_string
.
str
=
strmake_root
(
&
mem
,
new_password
,
new_password_len
);
...
...
@@ -2811,7 +2817,7 @@ static int replace_db_table(TABLE *table, const char *db,
}
static
void
static
void
acl_update_proxy_user
(
ACL_PROXY_USER
*
new_value
,
bool
is_revoke
)
{
mysql_mutex_assert_owner
(
&
acl_cache
->
lock
);
...
...
@@ -2819,7 +2825,7 @@ acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke)
DBUG_ENTER
(
"acl_update_proxy_user"
);
for
(
uint
i
=
0
;
i
<
acl_proxy_users
.
elements
;
i
++
)
{
ACL_PROXY_USER
*
acl_user
=
ACL_PROXY_USER
*
acl_user
=
dynamic_element
(
&
acl_proxy_users
,
i
,
ACL_PROXY_USER
*
);
if
(
acl_user
->
pk_equals
(
new_value
))
...
...
@@ -2841,7 +2847,7 @@ acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke)
}
static
void
static
void
acl_insert_proxy_user
(
ACL_PROXY_USER
*
new_value
)
{
DBUG_ENTER
(
"acl_insert_proxy_user"
);
...
...
@@ -2854,9 +2860,9 @@ acl_insert_proxy_user(ACL_PROXY_USER *new_value)
}
static
int
static
int
replace_proxies_priv_table
(
THD
*
thd
,
TABLE
*
table
,
const
LEX_USER
*
user
,
const
LEX_USER
*
proxied_user
,
bool
with_grant_arg
,
const
LEX_USER
*
proxied_user
,
bool
with_grant_arg
,
bool
revoke_grant
)
{
bool
old_row_exists
=
0
;
...
...
@@ -2881,7 +2887,7 @@ replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user,
}
table
->
use_all_columns
();
ACL_PROXY_USER
::
store_pk
(
table
,
&
user
->
host
,
&
user
->
user
,
ACL_PROXY_USER
::
store_pk
(
table
,
&
user
->
host
,
&
user
->
user
,
&
proxied_user
->
host
,
&
proxied_user
->
user
);
key_copy
(
user_key
,
table
->
record
[
0
],
table
->
key_info
,
...
...
@@ -3866,7 +3872,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
}
#endif
/*
/*
The lock api is depending on the thd->lex variable which needs to be
re-initialized.
*/
...
...
@@ -3901,7 +3907,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
{
result
=
TRUE
;
continue
;
}
}
/* Create user if needed */
error
=
replace_user_table
(
thd
,
tables
[
0
].
table
,
*
Str
,
0
,
revoke_grant
,
create_new_users
,
...
...
@@ -4107,7 +4113,7 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc,
{
result
=
TRUE
;
continue
;
}
}
/* Create user if needed */
error
=
replace_user_table
(
thd
,
tables
[
0
].
table
,
*
Str
,
0
,
revoke_grant
,
create_new_users
,
...
...
@@ -4146,7 +4152,7 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc,
}
if
(
replace_routine_table
(
thd
,
grant_name
,
tables
[
1
].
table
,
*
Str
,
db_name
,
table_name
,
is_proc
,
rights
,
db_name
,
table_name
,
is_proc
,
rights
,
revoke_grant
)
!=
0
)
{
result
=
TRUE
;
...
...
@@ -4212,12 +4218,12 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
tables
[
1
].
init_one_table
(
C_STRING_WITH_LEN
(
"mysql"
),
C_STRING_WITH_LEN
(
"proxies_priv"
),
"proxies_priv"
,
"proxies_priv"
,
TL_WRITE
);
else
tables
[
1
].
init_one_table
(
C_STRING_WITH_LEN
(
"mysql"
),
C_STRING_WITH_LEN
(
"db"
),
"db"
,
C_STRING_WITH_LEN
(
"db"
),
"db"
,
TL_WRITE
);
tables
[
0
].
next_local
=
tables
[
0
].
next_global
=
tables
+
1
;
...
...
@@ -4289,7 +4295,7 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
else
if
(
is_proxy
)
{
if
(
replace_proxies_priv_table
(
thd
,
tables
[
1
].
table
,
Str
,
proxied_user
,
rights
&
GRANT_ACL
?
TRUE
:
FALSE
,
rights
&
GRANT_ACL
?
TRUE
:
FALSE
,
revoke_grant
))
result
=
-
1
;
}
...
...
@@ -4973,7 +4979,7 @@ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref,
grant
=
&
(
table_ref
->
grant
);
db_name
=
table_ref
->
view_db
.
str
;
table_name
=
table_ref
->
view_name
.
str
;
if
(
table_ref
->
belong_to_view
&&
if
(
table_ref
->
belong_to_view
&&
thd
->
lex
->
sql_command
==
SQLCOM_SHOW_FIELDS
)
{
view_privs
=
get_column_grant
(
thd
,
grant
,
db_name
,
table_name
,
name
);
...
...
@@ -5005,7 +5011,7 @@ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref,
}
/**
/**
@brief check if a query can access a set of columns
@param thd the current thread
...
...
@@ -5014,24 +5020,24 @@ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref,
@return Operation status
@retval 0 Success
@retval 1 Falure
@details This function walks over the columns of a table reference
@details This function walks over the columns of a table reference
The columns may originate from different tables, depending on the kind of
table reference, e.g. join, view.
For each table it will retrieve the grant information and will use it
to check the required access privileges for the fields requested from it.
*/
bool
check_grant_all_columns
(
THD
*
thd
,
ulong
want_access_arg
,
*/
bool
check_grant_all_columns
(
THD
*
thd
,
ulong
want_access_arg
,
Field_iterator_table_ref
*
fields
)
{
Security_context
*
sctx
=
thd
->
security_ctx
;
ulong
want_access
=
want_access_arg
;
const
char
*
table_name
=
NULL
;
const
char
*
db_name
;
const
char
*
db_name
;
GRANT_INFO
*
grant
;
/* Initialized only to make gcc happy */
GRANT_TABLE
*
grant_table
=
NULL
;
/*
/*
Flag that gets set if privilege checking has to be performed on column
level.
*/
...
...
@@ -5069,7 +5075,7 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
if
(
want_access
)
{
GRANT_COLUMN
*
grant_column
=
GRANT_COLUMN
*
grant_column
=
column_hash_search
(
grant_table
,
field_name
,
(
uint
)
strlen
(
field_name
));
if
(
grant_column
)
...
...
@@ -5093,7 +5099,7 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
if
(
using_column_privileges
)
my_error
(
ER_TABLEACCESS_DENIED_ERROR
,
MYF
(
0
),
command
,
sctx
->
priv_user
,
sctx
->
host_or_ip
,
table_name
);
sctx
->
host_or_ip
,
table_name
);
else
my_error
(
ER_COLUMNACCESS_DENIED_ERROR
,
MYF
(
0
),
command
,
...
...
@@ -5240,9 +5246,9 @@ bool check_grant_routine(THD *thd, ulong want_access,
/*
Check if routine has any of the
Check if routine has any of the
routine level grants
SYNPOSIS
bool check_routine_level_acl()
thd Thread handler
...
...
@@ -5250,11 +5256,11 @@ bool check_grant_routine(THD *thd, ulong want_access,
name Routine name
RETURN
0 Ok
0 Ok
1 error
*/
bool
check_routine_level_acl
(
THD
*
thd
,
const
char
*
db
,
const
char
*
name
,
bool
check_routine_level_acl
(
THD
*
thd
,
const
char
*
db
,
const
char
*
name
,
bool
is_proc
)
{
bool
no_routine_acl
=
1
;
...
...
@@ -5747,7 +5753,7 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
}
}
if
(
show_routine_grants
(
thd
,
lex_user
,
&
proc_priv_hash
,
if
(
show_routine_grants
(
thd
,
lex_user
,
&
proc_priv_hash
,
STRING_WITH_LEN
(
"PROCEDURE"
),
buff
,
sizeof
(
buff
)))
{
error
=
-
1
;
...
...
@@ -6049,7 +6055,7 @@ static int modify_grant_table(TABLE *table, Field *host_field,
system_charset_info
);
user_field
->
store
(
user_to
->
user
.
str
,
user_to
->
user
.
length
,
system_charset_info
);
if
((
error
=
table
->
file
->
ha_update_row
(
table
->
record
[
1
],
if
((
error
=
table
->
file
->
ha_update_row
(
table
->
record
[
1
],
table
->
record
[
0
]))
&&
error
!=
HA_ERR_RECORD_IS_THE_SAME
)
table
->
file
->
print_error
(
error
,
MYF
(
0
));
...
...
@@ -6173,7 +6179,7 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
DBUG_PRINT
(
"info"
,(
"scan table: '%s' search: '%s'@'%s'"
,
table
->
s
->
table_name
.
str
,
user_str
,
host_str
));
#endif
while
((
error
=
table
->
file
->
ha_rnd_next
(
table
->
record
[
0
]))
!=
while
((
error
=
table
->
file
->
ha_rnd_next
(
table
->
record
[
0
]))
!=
HA_ERR_END_OF_FILE
)
{
if
(
error
)
...
...
@@ -6723,7 +6729,7 @@ bool mysql_drop_user(THD *thd, List <LEX_USER> &list)
{
result
=
TRUE
;
continue
;
}
}
if
(
handle_grant_data
(
tables
,
1
,
user_name
,
NULL
)
<=
0
)
{
append_user
(
&
wrong_users
,
user_name
);
...
...
@@ -6789,13 +6795,13 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
{
result
=
TRUE
;
continue
;
}
}
tmp_user_to
=
user_list
++
;
if
(
!
(
user_to
=
get_current_user
(
thd
,
tmp_user_to
)))
{
result
=
TRUE
;
continue
;
}
}
DBUG_ASSERT
(
user_to
!=
0
);
/* Syntax enforces pairs of users. */
/*
...
...
@@ -6811,7 +6817,7 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
}
some_users_renamed
=
TRUE
;
}
/* Rebuild 'acl_check_hosts' since 'acl_users' has been modified */
rebuild_check_host
();
...
...
@@ -6819,7 +6825,7 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
if
(
result
)
my_error
(
ER_CANNOT_USER
,
MYF
(
0
),
"RENAME USER"
,
wrong_users
.
c_ptr_safe
());
if
(
some_users_renamed
&&
mysql_bin_log
.
is_open
())
result
|=
write_bin_log
(
thd
,
FALSE
,
thd
->
query
(),
thd
->
query_length
());
...
...
@@ -6866,7 +6872,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
{
result
=
-
1
;
continue
;
}
}
if
(
!
find_acl_user
(
lex_user
->
host
.
str
,
lex_user
->
user
.
str
,
TRUE
))
{
result
=
-
1
;
...
...
@@ -7262,7 +7268,7 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
@thd current thread
@param user the logged in user (proxy user)
@param authenticated_as the effective user a plugin is trying to
@param authenticated_as the effective user a plugin is trying to
impersonate as (proxied user)
@return proxy user definition
@retval NULL proxy user definition not found or not applicable
...
...
@@ -7270,7 +7276,7 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
*/
static
ACL_PROXY_USER
*
acl_find_proxy_user
(
const
char
*
user
,
const
char
*
host
,
const
char
*
ip
,
acl_find_proxy_user
(
const
char
*
user
,
const
char
*
host
,
const
char
*
ip
,
const
char
*
authenticated_as
,
bool
*
proxy_used
)
{
uint
i
;
...
...
@@ -7285,10 +7291,10 @@ acl_find_proxy_user(const char *user, const char *host, const char *ip,
DBUG_RETURN
(
NULL
);
}
*
proxy_used
=
TRUE
;
*
proxy_used
=
TRUE
;
for
(
i
=
0
;
i
<
acl_proxy_users
.
elements
;
i
++
)
{
ACL_PROXY_USER
*
proxy
=
dynamic_element
(
&
acl_proxy_users
,
i
,
ACL_PROXY_USER
*
proxy
=
dynamic_element
(
&
acl_proxy_users
,
i
,
ACL_PROXY_USER
*
);
if
(
proxy
->
matches
(
host
,
user
,
ip
,
authenticated_as
))
DBUG_RETURN
(
proxy
);
...
...
@@ -7303,7 +7309,7 @@ acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
bool
with_grant
)
{
DBUG_ENTER
(
"acl_check_proxy_grant_access"
);
DBUG_PRINT
(
"info"
,
(
"user=%s host=%s with_grant=%d"
,
user
,
host
,
DBUG_PRINT
(
"info"
,
(
"user=%s host=%s with_grant=%d"
,
user
,
host
,
(
int
)
with_grant
));
if
(
!
initialized
)
{
...
...
@@ -7334,7 +7340,7 @@ acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
!
my_strcasecmp
(
system_charset_info
,
host
,
thd
->
security_ctx
->
priv_host
))
{
DBUG_PRINT
(
"info"
,
(
"strcmp (%s, %s) my_casestrcmp (%s, %s) equal"
,
DBUG_PRINT
(
"info"
,
(
"strcmp (%s, %s) my_casestrcmp (%s, %s) equal"
,
thd
->
security_ctx
->
priv_user
,
user
,
host
,
thd
->
security_ctx
->
priv_host
));
DBUG_RETURN
(
FALSE
);
...
...
@@ -7343,7 +7349,7 @@ acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
/* check for matching WITH PROXY rights */
for
(
uint
i
=
0
;
i
<
acl_proxy_users
.
elements
;
i
++
)
{
ACL_PROXY_USER
*
proxy
=
dynamic_element
(
&
acl_proxy_users
,
i
,
ACL_PROXY_USER
*
proxy
=
dynamic_element
(
&
acl_proxy_users
,
i
,
ACL_PROXY_USER
*
);
if
(
proxy
->
matches
(
thd
->
security_ctx
->
host
,
thd
->
security_ctx
->
user
,
...
...
@@ -7494,7 +7500,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
(
strcmp
(
thd
->
security_ctx
->
priv_user
,
user
)
||
my_strcasecmp
(
system_charset_info
,
curr_host
,
host
)))
continue
;
want_access
=
acl_user
->
access
;
if
(
!
(
want_access
&
GRANT_ACL
))
is_grantable
=
"NO"
;
...
...
@@ -7517,7 +7523,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
{
if
(
test_access
&
j
)
{
if
(
update_schema_privilege
(
thd
,
table
,
buff
,
0
,
0
,
0
,
0
,
if
(
update_schema_privilege
(
thd
,
table
,
buff
,
0
,
0
,
0
,
0
,
command_array
[
priv_id
],
command_lengths
[
priv_id
],
is_grantable
))
{
...
...
@@ -7688,7 +7694,7 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
}
}
}
}
}
}
err:
mysql_rwlock_unlock
(
&
LOCK_grant
);
...
...
@@ -8022,9 +8028,9 @@ static void login_failed_error(THD *thd)
thd
->
main_security_ctx
.
host_or_ip
,
thd
->
password
?
ER
(
ER_YES
)
:
ER
(
ER_NO
));
status_var_increment
(
thd
->
status_var
.
access_denied_errors
);
/*
/*
Log access denied messages to the error log when log-warnings = 2
so that the overhead of the general query log is not required to track
so that the overhead of the general query log is not required to track
failed connections.
*/
if
(
global_system_variables
.
log_warnings
>
1
)
...
...
@@ -8032,7 +8038,7 @@ static void login_failed_error(THD *thd)
sql_print_warning
(
ER
(
access_denied_error_code
(
thd
->
password
)),
thd
->
main_security_ctx
.
user
,
thd
->
main_security_ctx
.
host_or_ip
,
thd
->
password
?
ER
(
ER_YES
)
:
ER
(
ER_NO
));
thd
->
password
?
ER
(
ER_YES
)
:
ER
(
ER_NO
));
}
}
...
...
@@ -8041,7 +8047,7 @@ static void login_failed_error(THD *thd)
after the connection was established
Packet format:
Bytes Content
----- ----
1 protocol version (always 10)
...
...
@@ -8135,7 +8141,7 @@ static bool send_server_handshake_packet(MPVIO_EXT *mpvio,
end
=
(
char
*
)
memcpy
(
end
,
data
,
SCRAMBLE_LENGTH_323
);
end
+=
SCRAMBLE_LENGTH_323
;
*
end
++=
0
;
int2store
(
end
,
thd
->
client_capabilities
);
/* write server characteristics: up to 16 bytes allowed */
end
[
2
]
=
(
char
)
default_charset_info
->
number
;
...
...
@@ -8165,7 +8171,7 @@ static bool secure_auth(THD *thd)
return
0
;
/*
If the server is running in secure auth mode, short scrambles are
If the server is running in secure auth mode, short scrambles are
forbidden. Extra juggling to report the same error as the old code.
*/
if
(
thd
->
client_capabilities
&
CLIENT_PROTOCOL_41
)
...
...
@@ -8190,7 +8196,7 @@ static bool secure_auth(THD *thd)
using a different authentication plugin
Packet format:
Bytes Content
----- ----
1 byte with the value 254
...
...
@@ -8256,7 +8262,7 @@ static bool send_plugin_request_packet(MPVIO_EXT *mpvio,
DBUG_RETURN
(
1
);
}
DBUG_PRINT
(
"info"
,
(
"requesting client to use the %s plugin"
,
DBUG_PRINT
(
"info"
,
(
"requesting client to use the %s plugin"
,
client_auth_plugin
));
DBUG_RETURN
(
net_write_command
(
net
,
switch_plugin_request_buf
[
0
],
(
uchar
*
)
client_auth_plugin
,
...
...
@@ -8267,7 +8273,7 @@ static bool send_plugin_request_packet(MPVIO_EXT *mpvio,
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/**
Finds acl entry in user database for authentication purposes.
Finds a user and copies it into mpvio. Creates a fake user
if no matching user account is found.
...
...
@@ -8476,7 +8482,7 @@ static bool parse_com_change_user_packet(MPVIO_EXT *mpvio, uint packet_length)
/*
For a passwordless accounts we use native_password_plugin.
But when an old 4.0 client connects to it, we change it to
old_password_plugin, otherwise MySQL will think that server
old_password_plugin, otherwise MySQL will think that server
and client plugins don't match.
*/
if
(
mpvio
->
acl_user
->
auth_string
.
length
==
0
)
...
...
@@ -8485,9 +8491,9 @@ static bool parse_com_change_user_packet(MPVIO_EXT *mpvio, uint packet_length)
}
DBUG_PRINT
(
"info"
,
(
"client_plugin=%s, restart"
,
client_plugin
));
/*
Remember the data part of the packet, to present it to plugin in
read_packet()
/*
Remember the data part of the packet, to present it to plugin in
read_packet()
*/
mpvio
->
cached_client_reply
.
pkt
=
passwd
;
mpvio
->
cached_client_reply
.
pkt_len
=
passwd_len
;
...
...
@@ -8703,14 +8709,14 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
/*
For a passwordless accounts we use native_password_plugin.
But when an old 4.0 client connects to it, we change it to
old_password_plugin, otherwise MySQL will think that server
old_password_plugin, otherwise MySQL will think that server
and client plugins don't match.
*/
if
(
mpvio
->
acl_user
->
auth_string
.
length
==
0
)
mpvio
->
acl_user
->
plugin
=
old_password_plugin_name
;
}
}
/*
if the acl_user needs a different plugin to authenticate
(specified in GRANT ... AUTHENTICATED VIA plugin_name ..)
...
...
@@ -9016,7 +9022,7 @@ static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
#else
/* HAVE_OPENSSL */
default:
/*
If we don't have SSL but SSL is required for this user the
If we don't have SSL but SSL is required for this user the
authentication should fail.
*/
return
1
;
...
...
@@ -9122,7 +9128,7 @@ bool acl_authenticate(THD *thd, uint connect_errors,
mpvio
.
status
=
MPVIO_EXT
::
FAILURE
;
mpvio
.
make_it_fail
=
false
;
mpvio
.
auth_info
.
host_or_ip
=
thd
->
security_ctx
->
host_or_ip
;
mpvio
.
auth_info
.
host_or_ip_length
=
mpvio
.
auth_info
.
host_or_ip_length
=
(
unsigned
int
)
strlen
(
thd
->
security_ctx
->
host_or_ip
);
DBUG_PRINT
(
"info"
,
(
"com_change_user_pkt_len=%u"
,
com_change_user_pkt_len
));
...
...
@@ -9150,7 +9156,7 @@ bool acl_authenticate(THD *thd, uint connect_errors,
the correct plugin.
*/
res
=
do_auth_once
(
thd
,
auth_plugin_name
,
&
mpvio
);
res
=
do_auth_once
(
thd
,
auth_plugin_name
,
&
mpvio
);
}
/*
...
...
@@ -9170,7 +9176,7 @@ bool acl_authenticate(THD *thd, uint connect_errors,
Security_context
*
sctx
=
thd
->
security_ctx
;
const
ACL_USER
*
acl_user
=
mpvio
.
acl_user
;
thd
->
password
=
mpvio
.
auth_info
.
password_used
;
// remember for error messages
thd
->
password
=
mpvio
.
auth_info
.
password_used
;
// remember for error messages
/*
Log the command here so that the user can check the log
...
...
@@ -9232,7 +9238,7 @@ bool acl_authenticate(THD *thd, uint connect_errors,
/* we're proxying : find the proxy user definition */
mysql_mutex_lock
(
&
acl_cache
->
lock
);
acl_proxy_user
=
find_acl_user
(
proxy_user
->
get_proxied_host
()
?
acl_proxy_user
=
find_acl_user
(
proxy_user
->
get_proxied_host
()
?
proxy_user
->
get_proxied_host
()
:
""
,
mpvio
.
auth_info
.
authenticated_as
,
TRUE
);
if
(
!
acl_proxy_user
)
...
...
@@ -9447,7 +9453,7 @@ static int native_password_authenticate(MYSQL_PLUGIN_VIO *vio,
DBUG_RETURN
(
CR_ERROR
);
}
static
int
old_password_authenticate
(
MYSQL_PLUGIN_VIO
*
vio
,
static
int
old_password_authenticate
(
MYSQL_PLUGIN_VIO
*
vio
,
MYSQL_SERVER_AUTH_INFO
*
info
)
{
uchar
*
pkt
;
...
...
@@ -9494,7 +9500,7 @@ static int old_password_authenticate(MYSQL_PLUGIN_VIO *vio,
return
CR_ERROR
;
return
check_scramble_323
(
pkt
,
thd
->
scramble
,
(
ulong
*
)
mpvio
->
acl_user
->
salt
)
?
(
ulong
*
)
mpvio
->
acl_user
->
salt
)
?
CR_ERROR
:
CR_OK
;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment