Skip to content

M
MariaDB
Commit e5701d83 authored by Sergei Golubchik's avatar Sergei Golubchik
Browse files
Options

cleanup: Account_options 

move account options from LEX to Account_options structure
namely, mqh and ssl_*

Also, use LEX_CSTRING for ssl_*/x509_* strings and move
setting of ACL_USER::account_locked where it belongs
parent 6c8ce999
Show whitespace changes
Inline Side-by-side
Showing with 103 additions and 122 deletions
sql/sql_acl.cc
View file @ e5701d83
......@@ -3039,9 +3039,7 @@ static void acl_update_role(const char *rolename, ulong privileges)
static int acl_user_update(THD *thd, ACL_USER *acl_user, uint nauth,
const ACL_USER *from, const LEX_USER &combo,
const enum SSL_type ssl_type,
const char *ssl_cipher, const char *x509_issuer,
const char *x509_subject, const USER_RESOURCES *mqh,
const Account_options &options,
const ulong privileges)
{
if (from)
......@@ -3077,23 +3075,27 @@ static int acl_user_update(THD *thd, ACL_USER *acl_user, uint nauth,
}
acl_user->access= privileges;
if (mqh->specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
acl_user->user_resource.questions= mqh->questions;
if (mqh->specified_limits & USER_RESOURCES::UPDATES_PER_HOUR)
acl_user->user_resource.updates= mqh->updates;
if (mqh->specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR)
acl_user->user_resource.conn_per_hour= mqh->conn_per_hour;
if (mqh->specified_limits & USER_RESOURCES::USER_CONNECTIONS)
acl_user->user_resource.user_conn= mqh->user_conn;
if (mqh->specified_limits & USER_RESOURCES::MAX_STATEMENT_TIME)
acl_user->user_resource.max_statement_time= mqh->max_statement_time;
if (ssl_type != SSL_TYPE_NOT_SPECIFIED)
{
acl_user->ssl_type= ssl_type;
acl_user->ssl_cipher= safe_strdup_root(&acl_memroot, ssl_cipher);
acl_user->x509_issuer= safe_strdup_root(&acl_memroot, safe_str(x509_issuer));
acl_user->x509_subject= safe_strdup_root(&acl_memroot, safe_str(x509_subject));
}
if (options.specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
acl_user->user_resource.questions= options.questions;
if (options.specified_limits & USER_RESOURCES::UPDATES_PER_HOUR)
acl_user->user_resource.updates= options.updates;
if (options.specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR)
acl_user->user_resource.conn_per_hour= options.conn_per_hour;
if (options.specified_limits & USER_RESOURCES::USER_CONNECTIONS)
acl_user->user_resource.user_conn= options.user_conn;
if (options.specified_limits & USER_RESOURCES::MAX_STATEMENT_TIME)
acl_user->user_resource.max_statement_time= options.max_statement_time;
if (options.ssl_type != SSL_TYPE_NOT_SPECIFIED)
{
acl_user->ssl_type= options.ssl_type;
acl_user->ssl_cipher= safe_strdup_root(&acl_memroot, options.ssl_cipher.str);
acl_user->x509_issuer= safe_strdup_root(&acl_memroot,
safe_str(options.x509_issuer.str));
acl_user->x509_subject= safe_strdup_root(&acl_memroot,
safe_str(options.x509_subject.str));
}
if (options.account_locked != ACCOUNTLOCK_UNSPECIFIED)
acl_user->account_locked= options.account_locked == ACCOUNTLOCK_LOCKED;
return 0;
}
......@@ -4296,9 +4298,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,
}
if (acl_user_update(thd, &new_acl_user, nauth,
old_row_exists ? old_acl_user : NULL,
*combo, lex->ssl_type, lex->ssl_cipher,
lex->x509_issuer, lex->x509_subject, &lex->mqh,
rights))
*combo, lex->account_options, rights))
goto end;
if (user_table.set_auth(new_acl_user))
......@@ -4309,55 +4309,54 @@ static int replace_user_table(THD *thd, const User_table &user_table,
DBUG_RETURN(1);
}
switch (lex->ssl_type) {
switch (lex->account_options.ssl_type) {
case SSL_TYPE_NOT_SPECIFIED:
break;
case SSL_TYPE_NONE:
case SSL_TYPE_ANY:
case SSL_TYPE_X509:
user_table.set_ssl_type(lex->ssl_type);
user_table.set_ssl_type(lex->account_options.ssl_type);
user_table.set_ssl_cipher("", 0);
user_table.set_x509_issuer("", 0);
user_table.set_x509_subject("", 0);
break;
case SSL_TYPE_SPECIFIED:
user_table.set_ssl_type(lex->ssl_type);
if (lex->ssl_cipher)
user_table.set_ssl_cipher(lex->ssl_cipher, strlen(lex->ssl_cipher));
user_table.set_ssl_type(lex->account_options.ssl_type);
if (lex->account_options.ssl_cipher.str)
user_table.set_ssl_cipher(lex->account_options.ssl_cipher.str,
lex->account_options.ssl_cipher.length);
else
user_table.set_ssl_cipher("", 0);
if (lex->x509_issuer)
user_table.set_x509_issuer(lex->x509_issuer, strlen(lex->x509_issuer));
if (lex->account_options.x509_issuer.str)
user_table.set_x509_issuer(lex->account_options.x509_issuer.str,
lex->account_options.x509_issuer.length);
else
user_table.set_x509_issuer("", 0);
if (lex->x509_subject)
user_table.set_x509_subject(lex->x509_subject, strlen(lex->x509_subject));
if (lex->account_options.x509_subject.str)
user_table.set_x509_subject(lex->account_options.x509_subject.str,
lex->account_options.x509_subject.length);
else
user_table.set_x509_subject("", 0);
break;
}
if (lex->mqh.specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
user_table.set_max_questions(lex->mqh.questions);
if (lex->mqh.specified_limits & USER_RESOURCES::UPDATES_PER_HOUR)
user_table.set_max_updates(lex->mqh.updates);
if (lex->mqh.specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR)
user_table.set_max_connections(lex->mqh.conn_per_hour);
if (lex->mqh.specified_limits & USER_RESOURCES::USER_CONNECTIONS)
user_table.set_max_user_connections(lex->mqh.user_conn);
if (lex->mqh.specified_limits & USER_RESOURCES::MAX_STATEMENT_TIME)
user_table.set_max_statement_time(lex->mqh.max_statement_time);
if (lex->account_options.specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
user_table.set_max_questions(lex->account_options.questions);
if (lex->account_options.specified_limits & USER_RESOURCES::UPDATES_PER_HOUR)
user_table.set_max_updates(lex->account_options.updates);
if (lex->account_options.specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR)
user_table.set_max_connections(lex->account_options.conn_per_hour);
if (lex->account_options.specified_limits & USER_RESOURCES::USER_CONNECTIONS)
user_table.set_max_user_connections(lex->account_options.user_conn);
if (lex->account_options.specified_limits & USER_RESOURCES::MAX_STATEMENT_TIME)
user_table.set_max_statement_time(lex->account_options.max_statement_time);
mqh_used= (mqh_used || lex->mqh.questions || lex->mqh.updates ||
lex->mqh.conn_per_hour || lex->mqh.user_conn ||
lex->mqh.max_statement_time != 0.0);
mqh_used= (mqh_used || lex->account_options.questions || lex->account_options.updates ||
lex->account_options.conn_per_hour || lex->account_options.user_conn ||
lex->account_options.max_statement_time != 0.0);
if (lex->account_options.account_locked != ACCOUNTLOCK_UNSPECIFIED)
{
bool lock_value= lex->account_options.account_locked == ACCOUNTLOCK_LOCKED;
user_table.set_account_locked(lock_value);
new_acl_user.account_locked= lock_value;
}
user_table.set_account_locked(new_acl_user.account_locked);
}
if (old_row_exists)
......@@ -6543,8 +6542,11 @@ static bool merge_one_role_privileges(ACL_ROLE *grantee)
static bool has_auth(LEX_USER *user, LEX *lex)
{
return user->has_auth() ||
lex->ssl_type != SSL_TYPE_NOT_SPECIFIED || lex->ssl_cipher ||
lex->x509_issuer || lex->x509_subject || lex->mqh.specified_limits;
lex->account_options.ssl_type != SSL_TYPE_NOT_SPECIFIED ||
lex->account_options.ssl_cipher.str ||
lex->account_options.x509_issuer.str ||
lex->account_options.x509_subject.str ||
lex->account_options.specified_limits;
}
static bool copy_and_check_auth(LEX_USER *to, LEX_USER *from, THD *thd)
......@@ -11240,9 +11242,7 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
if (user_list.push_back(combo, thd->mem_root))
DBUG_RETURN(TRUE);
thd->lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
thd->lex->ssl_cipher= thd->lex->x509_subject= thd->lex->x509_issuer= 0;
bzero(&thd->lex->mqh, sizeof(thd->lex->mqh));
thd->lex->account_options.reset();
/*
Only care about whether the operation failed or succeeded
......
sql/sql_lex.h
View file @ e5701d83
......@@ -2946,7 +2946,7 @@ enum account_lock_type
ACCOUNTLOCK_UNLOCKED
};
struct Account_options
struct Account_options: public USER_RESOURCES
{
Account_options()
: account_locked(ACCOUNTLOCK_UNSPECIFIED)
......@@ -2954,9 +2954,12 @@ struct Account_options
void reset()
{
account_locked= ACCOUNTLOCK_UNSPECIFIED;
bzero(this, sizeof(*this));
ssl_type= SSL_TYPE_NOT_SPECIFIED;
}
enum SSL_type ssl_type; // defined in violite.h
LEX_CSTRING x509_subject, x509_issuer, ssl_cipher;
account_lock_type account_locked;
};
......@@ -3019,7 +3022,6 @@ struct LEX: public Query_tables_list
const char *help_arg;
const char *backup_dir; /* For RESTORE/BACKUP */
const char* to_log; /* For PURGE MASTER LOGS TO */
const char* x509_subject,*x509_issuer,*ssl_cipher;
String *wild; /* Wildcard in SHOW {something} LIKE 'wild'*/
sql_exchange *exchange;
select_result *result;
......@@ -3125,7 +3127,6 @@ struct LEX: public Query_tables_list
LEX_MASTER_INFO mi; // used by CHANGE MASTER
LEX_SERVER_OPTIONS server_options;
LEX_CSTRING relay_log_connection_name;
USER_RESOURCES mqh;
LEX_RESET_SLAVE reset_slave_info;
ulonglong type;
ulong next_binlog_file_number;
......@@ -3163,7 +3164,6 @@ struct LEX: public Query_tables_list
*/
bool parse_vcol_expr;
enum SSL_type ssl_type; // defined in violite.h
enum enum_duplicates duplicates;
enum enum_tx_isolation tx_isolation;
enum enum_ha_read_modes ha_read_mode;
......
sql/sql_yacc.yy
View file @ e5701d83
......@@ -3316,9 +3316,6 @@ clear_privileges:
lex->grant= lex->grant_tot_col= 0;
lex->all_privileges= 0;
lex->first_select_lex()->db= null_clex_str;
lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
bzero((char *)&(lex->mqh),sizeof(lex->mqh));
lex->account_options.reset();
}
;
......@@ -17071,23 +17068,23 @@ require_list_element:
SUBJECT_SYM TEXT_STRING
{
LEX *lex=Lex;
if (unlikely(lex->x509_subject))
if (lex->account_options.x509_subject.str)
my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "SUBJECT"));
lex->x509_subject=$2.str;
lex->account_options.x509_subject= $2;
}
| ISSUER_SYM TEXT_STRING
{
LEX *lex=Lex;
if (unlikely(lex->x509_issuer))
if (lex->account_options.x509_issuer.str)
my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "ISSUER"));
lex->x509_issuer=$2.str;
lex->account_options.x509_issuer= $2;
}
| CIPHER_SYM TEXT_STRING
{
LEX *lex=Lex;
if (unlikely(lex->ssl_cipher))
if (lex->account_options.ssl_cipher.str)
my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "CIPHER"));
lex->ssl_cipher=$2.str;
lex->account_options.ssl_cipher= $2;
}
;
......@@ -17284,52 +17281,47 @@ opt_require_clause:
/* empty */
| REQUIRE_SYM require_list
{
Lex->ssl_type=SSL_TYPE_SPECIFIED;
Lex->account_options.ssl_type= SSL_TYPE_SPECIFIED;
}
| REQUIRE_SYM SSL_SYM
{
Lex->ssl_type=SSL_TYPE_ANY;
Lex->account_options.ssl_type= SSL_TYPE_ANY;
}
| REQUIRE_SYM X509_SYM
{
Lex->ssl_type=SSL_TYPE_X509;
Lex->account_options.ssl_type= SSL_TYPE_X509;
}
| REQUIRE_SYM NONE_SYM
{
Lex->ssl_type=SSL_TYPE_NONE;
Lex->account_options.ssl_type= SSL_TYPE_NONE;
}
;
resource_option:
MAX_QUERIES_PER_HOUR ulong_num
{
LEX *lex=Lex;
lex->mqh.questions=$2;
lex->mqh.specified_limits|= USER_RESOURCES::QUERIES_PER_HOUR;
Lex->account_options.questions=$2;
Lex->account_options.specified_limits|= USER_RESOURCES::QUERIES_PER_HOUR;
}
| MAX_UPDATES_PER_HOUR ulong_num
{
LEX *lex=Lex;
lex->mqh.updates=$2;
lex->mqh.specified_limits|= USER_RESOURCES::UPDATES_PER_HOUR;
Lex->account_options.updates=$2;
Lex->account_options.specified_limits|= USER_RESOURCES::UPDATES_PER_HOUR;
}
| MAX_CONNECTIONS_PER_HOUR ulong_num
{
LEX *lex=Lex;
lex->mqh.conn_per_hour= $2;
lex->mqh.specified_limits|= USER_RESOURCES::CONNECTIONS_PER_HOUR;
Lex->account_options.conn_per_hour= $2;
Lex->account_options.specified_limits|= USER_RESOURCES::CONNECTIONS_PER_HOUR;
}
| MAX_USER_CONNECTIONS_SYM int_num
{
LEX *lex=Lex;
lex->mqh.user_conn= $2;
lex->mqh.specified_limits|= USER_RESOURCES::USER_CONNECTIONS;
Lex->account_options.user_conn= $2;
Lex->account_options.specified_limits|= USER_RESOURCES::USER_CONNECTIONS;
}
| MAX_STATEMENT_TIME_SYM NUM_literal
{
LEX *lex=Lex;
lex->mqh.max_statement_time= $2->val_real();
lex->mqh.specified_limits|= USER_RESOURCES::MAX_STATEMENT_TIME;
Lex->account_options.max_statement_time= $2->val_real();
Lex->account_options.specified_limits|= USER_RESOURCES::MAX_STATEMENT_TIME;
}
;
......@@ -17528,9 +17520,7 @@ definer:
DEFINER_SYM '=' user_or_role
{
Lex->definer= $3;
Lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
Lex->ssl_cipher= Lex->x509_subject= Lex->x509_issuer= 0;
bzero(&(Lex->mqh), sizeof(Lex->mqh));
Lex->account_options.reset();
}
;
......
sql/sql_yacc_ora.yy
View file @ e5701d83
......@@ -3040,9 +3040,7 @@ clear_privileges:
lex->grant= lex->grant_tot_col= 0;
lex->all_privileges= 0;
lex->first_select_lex()->db= null_clex_str;
lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
bzero((char *)&(lex->mqh),sizeof(lex->mqh));
lex->account_options.reset();
}
;
......@@ -17207,23 +17205,23 @@ require_list_element:
SUBJECT_SYM TEXT_STRING
{
LEX *lex=Lex;
if (unlikely(lex->x509_subject))
if (lex->account_options.x509_subject.str)
my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "SUBJECT"));
lex->x509_subject=$2.str;
lex->account_options.x509_subject= $2;
}
| ISSUER_SYM TEXT_STRING
{
LEX *lex=Lex;
if (unlikely(lex->x509_issuer))
if (lex->account_options.x509_issuer.str)
my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "ISSUER"));
lex->x509_issuer=$2.str;
lex->account_options.x509_issuer= $2;
}
| CIPHER_SYM TEXT_STRING
{
LEX *lex=Lex;
if (unlikely(lex->ssl_cipher))
if (lex->account_options.ssl_cipher.str)
my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "CIPHER"));
lex->ssl_cipher=$2.str;
lex->account_options.ssl_cipher= $2;
}
;
......@@ -17420,52 +17418,47 @@ opt_require_clause:
/* empty */
| REQUIRE_SYM require_list
{
Lex->ssl_type=SSL_TYPE_SPECIFIED;
Lex->account_options.ssl_type= SSL_TYPE_SPECIFIED;
}
| REQUIRE_SYM SSL_SYM
{
Lex->ssl_type=SSL_TYPE_ANY;
Lex->account_options.ssl_type= SSL_TYPE_ANY;
}
| REQUIRE_SYM X509_SYM
{
Lex->ssl_type=SSL_TYPE_X509;
Lex->account_options.ssl_type= SSL_TYPE_X509;
}
| REQUIRE_SYM NONE_SYM
{
Lex->ssl_type=SSL_TYPE_NONE;
Lex->account_options.ssl_type= SSL_TYPE_NONE;
}
;
resource_option:
MAX_QUERIES_PER_HOUR ulong_num
{
LEX *lex=Lex;
lex->mqh.questions=$2;
lex->mqh.specified_limits|= USER_RESOURCES::QUERIES_PER_HOUR;
Lex->account_options.questions=$2;
Lex->account_options.specified_limits|= USER_RESOURCES::QUERIES_PER_HOUR;
}
| MAX_UPDATES_PER_HOUR ulong_num
{
LEX *lex=Lex;
lex->mqh.updates=$2;
lex->mqh.specified_limits|= USER_RESOURCES::UPDATES_PER_HOUR;
Lex->account_options.updates=$2;
Lex->account_options.specified_limits|= USER_RESOURCES::UPDATES_PER_HOUR;
}
| MAX_CONNECTIONS_PER_HOUR ulong_num
{
LEX *lex=Lex;
lex->mqh.conn_per_hour= $2;
lex->mqh.specified_limits|= USER_RESOURCES::CONNECTIONS_PER_HOUR;
Lex->account_options.conn_per_hour= $2;
Lex->account_options.specified_limits|= USER_RESOURCES::CONNECTIONS_PER_HOUR;
}
| MAX_USER_CONNECTIONS_SYM int_num
{
LEX *lex=Lex;
lex->mqh.user_conn= $2;
lex->mqh.specified_limits|= USER_RESOURCES::USER_CONNECTIONS;
Lex->account_options.user_conn= $2;
Lex->account_options.specified_limits|= USER_RESOURCES::USER_CONNECTIONS;
}
| MAX_STATEMENT_TIME_SYM NUM_literal
{
LEX *lex=Lex;
lex->mqh.max_statement_time= $2->val_real();
lex->mqh.specified_limits|= USER_RESOURCES::MAX_STATEMENT_TIME;
Lex->account_options.max_statement_time= $2->val_real();
Lex->account_options.specified_limits|= USER_RESOURCES::MAX_STATEMENT_TIME;
}
;
......@@ -17665,9 +17658,7 @@ definer:
DEFINER_SYM '=' user_or_role
{
Lex->definer= $3;
Lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
Lex->ssl_cipher= Lex->x509_subject= Lex->x509_issuer= 0;
bzero(&(Lex->mqh), sizeof(Lex->mqh));
Lex->account_options.reset();
}
;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7