Commit db25d8f9 authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Modified set_role_var to implement both a role check in the check() function,

as well as only set privileges in the update() function.
parent 494f0117
...@@ -876,14 +876,20 @@ int set_var_password::update(THD *thd) ...@@ -876,14 +876,20 @@ int set_var_password::update(THD *thd)
*****************************************************************************/ *****************************************************************************/
int set_var_role::check(THD *thd) int set_var_role::check(THD *thd)
{ {
/* nothing to check */ #ifndef NO_EMBEDDED_ACCESS_CHECKS
ulonglong access;
int status= acl_check_setrole(thd, base.str, &access);
save_result.ulonglong_value= access;
return status;
#else
return 0; return 0;
#endif
} }
int set_var_role::update(THD *thd) int set_var_role::update(THD *thd)
{ {
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
return acl_setrole(thd, this->role.str); return acl_setrole(thd, base.str, save_result.ulonglong_value);
#else #else
return 0; return 0;
#endif #endif
......
...@@ -278,11 +278,11 @@ class set_var_password: public set_var_base ...@@ -278,11 +278,11 @@ class set_var_password: public set_var_base
/* For SET ROLE */ /* For SET ROLE */
class set_var_role: public set_var_base class set_var_role: public set_var
{ {
LEX_STRING role;
public: public:
set_var_role(LEX_STRING role_arg) : role(role_arg) {}; set_var_role(LEX_STRING role_arg) :
set_var(OPT_SESSION, NULL, &role_arg, NULL){};
int check(THD *thd); int check(THD *thd);
int update(THD *thd); int update(THD *thd);
}; };
......
...@@ -1672,7 +1672,7 @@ bool acl_getroot(Security_context *sctx, char *user, char *host, ...@@ -1672,7 +1672,7 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
DBUG_RETURN(res); DBUG_RETURN(res);
} }
bool acl_setrole(THD *thd, char *rolename) int acl_check_setrole(THD *thd, char *rolename, ulonglong *access)
{ {
bool is_granted; bool is_granted;
int result= 0; int result= 0;
...@@ -1693,8 +1693,8 @@ bool acl_setrole(THD *thd, char *rolename) ...@@ -1693,8 +1693,8 @@ bool acl_setrole(THD *thd, char *rolename)
my_error(ER_INVALID_CURRENT_USER, MYF(0), rolename); my_error(ER_INVALID_CURRENT_USER, MYF(0), rolename);
result= -1; result= -1;
} }
else else if (access)
thd->security_ctx->master_access= acl_user->access; *access= acl_user->access;
goto end; goto end;
} }
...@@ -1728,16 +1728,26 @@ bool acl_setrole(THD *thd, char *rolename) ...@@ -1728,16 +1728,26 @@ bool acl_setrole(THD *thd, char *rolename)
goto end; goto end;
} }
/* merge the privileges */ if (access)
thd->security_ctx->master_access= acl_user->access | role->access; {
/* mark the current role */ *access = acl_user->access | role->access;
strcpy(thd->security_ctx->priv_role, rolename); }
end: end:
mysql_mutex_unlock(&acl_cache->lock); mysql_mutex_unlock(&acl_cache->lock);
return result; return result;
} }
int acl_setrole(THD *thd, char *rolename, ulonglong access) {
/* merge the privileges */
thd->security_ctx->master_access= access;
/* mark the current role */
strmake(thd->security_ctx->priv_role, rolename,
sizeof(thd->security_ctx->priv_role)-1);
return 0;
}
static uchar* check_get_key(ACL_USER *buff, size_t *length, static uchar* check_get_key(ACL_USER *buff, size_t *length,
my_bool not_used __attribute__((unused))) my_bool not_used __attribute__((unused)))
{ {
......
...@@ -382,5 +382,6 @@ get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info, ...@@ -382,5 +382,6 @@ get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info,
bool acl_check_proxy_grant_access (THD *thd, const char *host, const char *user, bool acl_check_proxy_grant_access (THD *thd, const char *host, const char *user,
bool with_grant); bool with_grant);
bool acl_setrole(THD *thd, char *rolename); int acl_setrole(THD *thd, char *rolename, ulonglong access);
int acl_check_setrole(THD *thd, char *rolename, ulonglong *access);
#endif /* SQL_ACL_INCLUDED */ #endif /* SQL_ACL_INCLUDED */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment