Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
c97a67fb
Commit
c97a67fb
authored
Oct 17, 2013
by
Vicențiu Ciorbaru
Committed by
Sergei Golubchik
Oct 17, 2013
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added roles mapping internal structure creation
TODO: Free structures on flush
parent
af04333e
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
58 additions
and
17 deletions
+58
-17
sql/sql_acl.cc
sql/sql_acl.cc
+58
-17
No files found.
sql/sql_acl.cc
View file @
c97a67fb
...
@@ -566,6 +566,8 @@ static void init_check_host(void);
...
@@ -566,6 +566,8 @@ static void init_check_host(void);
static
void
rebuild_check_host
(
void
);
static
void
rebuild_check_host
(
void
);
static
ACL_USER
*
find_acl_user
(
const
char
*
host
,
const
char
*
user
,
static
ACL_USER
*
find_acl_user
(
const
char
*
host
,
const
char
*
user
,
my_bool
exact
);
my_bool
exact
);
static
ACL_USER
*
find_acl_role
(
const
char
*
host
,
const
char
*
user
,
my_bool
exact
);
static
bool
update_user_table
(
THD
*
thd
,
TABLE
*
table
,
const
char
*
host
,
static
bool
update_user_table
(
THD
*
thd
,
TABLE
*
table
,
const
char
*
host
,
const
char
*
user
,
const
char
*
new_password
,
const
char
*
user
,
const
char
*
new_password
,
uint
new_password_len
);
uint
new_password_len
);
...
@@ -587,8 +589,10 @@ enum enum_acl_lists
...
@@ -587,8 +589,10 @@ enum enum_acl_lists
typedef
struct
st_role_grant
typedef
struct
st_role_grant
{
{
ACL_USER
*
user
;
char
*
user_username
;
ACL_USER
*
role
;
char
*
user_hostname
;
char
*
role_username
;
char
*
role_hostname
;
}
ROLE_GRANT_PAIR
;
}
ROLE_GRANT_PAIR
;
/*
/*
Convert scrambled password to binary form, according to scramble type,
Convert scrambled password to binary form, according to scramble type,
...
@@ -1041,10 +1045,12 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
...
@@ -1041,10 +1045,12 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
#endif
#endif
}
}
if
(
is_role
)
{
if
(
is_role
)
{
sql_print_information
(
"Found role %s"
,
user
.
user
);
(
void
)
push_dynamic
(
&
acl_roles
,(
uchar
*
)
&
user
);
(
void
)
push_dynamic
(
&
acl_roles
,(
uchar
*
)
&
user
);
}
}
else
else
{
{
sql_print_information
(
"Found user %s"
,
user
.
user
);
(
void
)
push_dynamic
(
&
acl_users
,(
uchar
*
)
&
user
);
(
void
)
push_dynamic
(
&
acl_users
,(
uchar
*
)
&
user
);
}
}
if
(
!
user
.
host
.
hostname
||
if
(
!
user
.
host
.
hostname
||
...
@@ -1162,26 +1168,48 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
...
@@ -1162,26 +1168,48 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
goto
end
;
goto
end
;
table
->
use_all_columns
();
table
->
use_all_columns
();
/* account for every role mapping */
/* account for every role mapping */
/* acquire lock for the find_acl_user/role functions
XXX
Perhaps new wrapper functions should be created that do not check
for the lock in this case as it either is already taken or
it's the first initialisation so no race conditions possible
*/
if
(
!
initialized
)
mysql_mutex_lock
(
&
acl_cache
->
lock
);
mysql_mutex_lock
(
&
acl_cache
->
lock
);
(
void
)
my_init_dynamic_array
(
&
role_grants
,
sizeof
(
ROLE_GRANT_PAIR
),
50
,
100
,
MYF
(
0
));
while
(
!
(
read_record_info
.
read_record
(
&
read_record_info
)))
while
(
!
(
read_record_info
.
read_record
(
&
read_record_info
)))
{
{
char
*
user_hostname
=
get_field
(
&
mem
,
table
->
field
[
0
]);
ROLE_GRANT_PAIR
p
;
char
*
user_username
=
get_field
(
&
mem
,
table
->
field
[
1
]);
p
.
user_hostname
=
get_field
(
&
mem
,
table
->
field
[
0
]);
char
*
role_hostname
=
get_field
(
&
mem
,
table
->
field
[
2
]);
p
.
user_username
=
get_field
(
&
mem
,
table
->
field
[
1
]);
char
*
role_username
=
get_field
(
&
mem
,
table
->
field
[
3
]);
p
.
role_hostname
=
get_field
(
&
mem
,
table
->
field
[
2
]);
ACL_USER
*
user
=
find_acl_user
(
user_hostname
,
user_username
,
TRUE
);
p
.
role_username
=
get_field
(
&
mem
,
table
->
field
[
3
]);
ACL_USER
*
role
=
find_acl_user
(
role_hostname
,
role_username
,
TRUE
);
ACL_USER
*
user
=
find_acl_user
((
p
.
user_hostname
)
?
p
.
user_hostname
:
""
,
(
p
.
user_username
)
?
p
.
user_username
:
""
,
TRUE
);
ACL_USER
*
role
=
find_acl_role
((
p
.
role_hostname
)
?
p
.
role_hostname
:
""
,
(
p
.
role_username
)
?
p
.
role_username
:
""
,
TRUE
);
if
(
user
==
NULL
||
role
==
NULL
)
if
(
user
==
NULL
||
role
==
NULL
)
{
{
sql_print_error
(
"Warning: Invalid roles_mapping table entry"
);
sql_print_error
(
"Invalid roles_mapping table entry '%s@%s', '%s@%s'"
,
p
.
user_username
?
p
.
user_username
:
""
,
p
.
user_hostname
?
p
.
user_hostname
:
""
,
p
.
role_username
?
p
.
role_username
:
""
,
p
.
role_hostname
?
p
.
role_hostname
:
""
,
user
,
role
);
continue
;
continue
;
}
}
/* TEMPORARY */
push_dynamic
(
&
role_grants
,
(
uchar
*
)
&
p
);
sql_print_information
(
"Found user %s@%s having role granted %s@%s
\n
"
,
sql_print_information
(
"Found user %s@%s having role granted %s@%s
\n
"
,
user
->
user
,
user
->
host
.
hostname
,
user
->
user
,
user
->
host
.
hostname
,
role
->
user
,
role
->
host
.
hostname
);
role
->
user
,
role
->
host
.
hostname
);
}
}
end_read_record
(
&
read_record_info
);
end_read_record
(
&
read_record_info
);
if
(
!
initialized
)
mysql_mutex_unlock
(
&
acl_cache
->
lock
);
mysql_mutex_unlock
(
&
acl_cache
->
lock
);
}
}
...
@@ -2110,20 +2138,22 @@ bool is_acl_user(const char *host, const char *user)
...
@@ -2110,20 +2138,22 @@ bool is_acl_user(const char *host, const char *user)
/*
/*
Find first entry that matches the current user
Find first entry that matches the current user
or role
*/
*/
static
ACL_USER
*
static
ACL_USER
*
find_acl_user
(
const
char
*
host
,
const
char
*
user
,
my_bool
exact
)
find_acl_user_table_entry
(
const
char
*
host
,
const
char
*
user
,
my_bool
exact
,
my_bool
is_role
)
{
{
DBUG_ENTER
(
"find_acl_user"
);
DBUG_ENTER
(
"find_acl_user"
);
DBUG_PRINT
(
"enter"
,(
"host: '%s' user: '%s'"
,
host
,
user
));
DBUG_PRINT
(
"enter"
,(
"host: '%s' user: '%s'"
,
host
,
user
));
mysql_mutex_assert_owner
(
&
acl_cache
->
lock
);
mysql_mutex_assert_owner
(
&
acl_cache
->
lock
);
for
(
uint
i
=
0
;
i
<
acl_users
.
elements
;
i
++
)
DYNAMIC_ARRAY
*
target
=
(
is_role
)
?
&
acl_roles
:
&
acl_users
;
for
(
uint
i
=
0
;
i
<
target
->
elements
;
i
++
)
{
{
ACL_USER
*
acl_user
=
dynamic_element
(
&
acl_users
,
i
,
ACL_USER
*
);
ACL_USER
*
acl_user
=
dynamic_element
(
target
,
i
,
ACL_USER
*
);
DBUG_PRINT
(
"info"
,(
"strcmp('%s','%s'), compare_hostname('%s','%s'),"
,
DBUG_PRINT
(
"info"
,(
"strcmp('%s','%s'), compare_hostname('%s','%s'),"
,
user
,
acl_user
->
user
?
acl_user
->
user
:
""
,
user
,
acl_user
->
user
?
acl_user
->
user
:
""
,
host
,
host
,
...
@@ -2144,6 +2174,17 @@ find_acl_user(const char *host, const char *user, my_bool exact)
...
@@ -2144,6 +2174,17 @@ find_acl_user(const char *host, const char *user, my_bool exact)
DBUG_RETURN
(
0
);
DBUG_RETURN
(
0
);
}
}
static
ACL_USER
*
find_acl_role
(
const
char
*
host
,
const
char
*
user
,
my_bool
exact
)
{
return
find_acl_user_table_entry
(
host
,
user
,
exact
,
TRUE
);
}
static
ACL_USER
*
find_acl_user
(
const
char
*
host
,
const
char
*
user
,
my_bool
exact
)
{
return
find_acl_user_table_entry
(
host
,
user
,
exact
,
FALSE
);
}
/*
/*
Comparing of hostnames
Comparing of hostnames
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment