1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cannot use lex->grant_user= &current_user, where LEX_USER current_user is a global constant,

Browse Source 
because parser might modify the lex->user (e.g. set lex->user-password).
switch to use LEX_STRING current_user string, and also change other similar constants
to be LEX_STRING's for consistency.
This commit is contained in:
Sergei Golubchik 2013-10-18 08:17:56 -07:00
parent cdb5510204
commit 06e16b8c97
8 changed files with 67 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mysql-test/r/acl_roles_show_grants.result
View File

@ -61,9 +61,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_user'@'localhost'
show grants for test_user@localhost; show grants for test_user@localhost;
Grants for test_user@localhost Grants for test_user@localhost
GRANT test_role2 TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
show grants for test_role1; show grants for test_role1;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql' ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
show grants for test_role2; show grants for test_role2;

1
mysql-test/t/acl_roles_show_grants.test
View File

@ -40,6 +40,7 @@ select current_user(), current_role();
--sorted_result --sorted_result
show grants; show grants;
--sorted_result
show grants for test_user@localhost; show grants for test_user@localhost;
--error ER_DBACCESS_DENIED_ERROR --error ER_DBACCESS_DENIED_ERROR
show grants for test_role1; show grants for test_role1;

11
sql/item_strfunc.cc
View File

@ -2345,9 +2345,16 @@ bool Item_func_current_role::fix_fields(THD *thd, Item **ref)
Security_context *ctx= context->security_ctx Security_context *ctx= context->security_ctx
? context->security_ctx : thd->security_ctx; ? context->security_ctx : thd->security_ctx;
const char *role= ctx->priv_role[0] ? ctx->priv_role : NONE_ROLE; LEX_STRING role;
if (ctx->priv_role[0])
{
role.str= ctx->priv_role;
role.length= strlen(role.str);
}
else
role= none_role;
if (str_value.copy(role, strlen(role), system_charset_info)) if (str_value.copy(role.str, role.length, system_charset_info))
return 1; return 1;
str_value.mark_as_const(); str_value.mark_as_const();

7
sql/set_var.cc
View File

@ -841,12 +841,9 @@ int set_var_password::check(THD *thd)
user->host.length= strlen(thd->security_ctx->priv_host); user->host.length= strlen(thd->security_ctx->priv_host);
} }
else else
{ user->host= host_not_specified;
user->host.str= (char *)"%";
user->host.length= 1;
}
} }
if (!user->user.str) if (user->user.str == current_user.str)
{ {
DBUG_ASSERT(thd->security_ctx->user); DBUG_ASSERT(thd->security_ctx->user);
user->user.str= (char *) thd->security_ctx->user; user->user.str= (char *) thd->security_ctx->user;

39
sql/sql_acl.cc
View File

@ -188,17 +188,19 @@ LEX_STRING *default_auth_plugin_name= &native_password_plugin_name;
Constant used for differentiating specified user names and non specified Constant used for differentiating specified user names and non specified
usernames. Example: userA -- userA@% usernames. Example: userA -- userA@%
*/ */
const char *HOST_NOT_SPECIFIED= "%"; LEX_STRING host_not_specified= { C_STRING_WITH_LEN("%") };
/* /*
Constant used in the SET ROLE NONE command Constant used in the SET ROLE NONE command
*/ */
const char *NONE_ROLE= "NONE"; LEX_STRING none_role= { C_STRING_WITH_LEN("NONE") };
/* /*
Constants, used in the SHOW GRANTS command Constants, used in the SHOW GRANTS command.
Their actual string values are irrelevant, they're always compared
as pointers to these string constants.
*/ */
LEX_USER current_user; LEX_STRING current_user= { C_STRING_WITH_LEN("*current_user") };
LEX_USER current_role; LEX_STRING current_role= { C_STRING_WITH_LEN("*current_role") };
LEX_USER current_user_and_current_role; LEX_STRING current_user_and_current_role= { C_STRING_WITH_LEN("*current_user_and_current_role") };
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
@ -5178,7 +5180,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list)
List_iterator <LEX_USER> user_list(list); List_iterator <LEX_USER> user_list(list);
granted_role= user_list++; granted_role= user_list++;
if (granted_role == &current_role) if (granted_role->user.str == current_role.str)
{ {
rolename= thd->security_ctx->priv_role; rolename= thd->security_ctx->priv_role;
if (!rolename[0]) if (!rolename[0])
@ -5206,7 +5208,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list)
{ {
handle_as_role= FALSE; handle_as_role= FALSE;
/* current_role is treated slightly different */ /* current_role is treated slightly different */
if (user == &current_role) if (user->user.str == current_role.str)
{ {
handle_as_role= TRUE; handle_as_role= TRUE;
/* current_role is NONE */ /* current_role is NONE */
@ -5223,7 +5225,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list)
continue; continue;
} }
/* can not grant current_role to current_role */ /* can not grant current_role to current_role */
if (granted_role == &current_role) if (granted_role->user.str == current_role.str)
{ {
append_user(&wrong_users, thd->security_ctx->priv_role, "", TRUE); append_user(&wrong_users, thd->security_ctx->priv_role, "", TRUE);
result= 1; result= 1;
@ -5236,7 +5238,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list)
{ {
username= user->user.str; username= user->user.str;
hostname= user->host.str; hostname= user->host.str;
if (hostname == HOST_NOT_SPECIFIED) if (user->host.str == host_not_specified.str)
{ {
if ((role_as_user= find_acl_role(username))) if ((role_as_user= find_acl_role(username)))
{ {
@ -5388,7 +5390,7 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
They did GRANT ... TO CURRENT_USER() IDENTIFIED BY ... ! They did GRANT ... TO CURRENT_USER() IDENTIFIED BY ... !
Get the current user, and shallow-copy the new password to them! Get the current user, and shallow-copy the new password to them!
*/ */
if (!tmp_Str->user.str && tmp_Str->password.str) if (tmp_Str->user.str == current_user.str && tmp_Str->password.str)
Str->password= tmp_Str->password; Str->password= tmp_Str->password;
if (replace_user_table(thd, tables[0].table, *Str, if (replace_user_table(thd, tables[0].table, *Str,
(!db ? rights : 0), revoke_grant, create_new_users, (!db ? rights : 0), revoke_grant, create_new_users,
@ -6708,23 +6710,24 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
mysql_rwlock_rdlock(&LOCK_grant); mysql_rwlock_rdlock(&LOCK_grant);
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
if (lex_user == &current_user || lex_user == &current_role || if (lex_user->user.str == current_user.str ||
lex_user == &current_user_and_current_role) lex_user->user.str == current_role.str ||
lex_user->user.str == current_user_and_current_role.str)
{ {
username= thd->security_ctx->priv_user; username= thd->security_ctx->priv_user;
hostname= thd->security_ctx->priv_host; hostname= thd->security_ctx->priv_host;
rolename= thd->security_ctx->priv_role; rolename= thd->security_ctx->priv_role;
} }
if (lex_user == &current_user) if (lex_user->user.str == current_user.str)
{ {
print_user_entry= TRUE; print_user_entry= TRUE;
} }
else if (lex_user == &current_role) else if (lex_user->user.str == current_role.str)
{ {
print_role_entry= TRUE; print_role_entry= TRUE;
} }
else if (lex_user == &current_user_and_current_role) else if (lex_user->user.str == current_user_and_current_role.str)
{ {
print_user_entry= TRUE; print_user_entry= TRUE;
print_role_entry= TRUE; print_role_entry= TRUE;
@ -6732,7 +6735,7 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
else else
{ {
/* this lex_user could represent a role */ /* this lex_user could represent a role */
if (lex_user->host.str == HOST_NOT_SPECIFIED && if (lex_user->host.str == host_not_specified.str &&
find_acl_role(lex_user->user.str)) find_acl_role(lex_user->user.str))
{ {
rolename= lex_user->user.str; rolename= lex_user->user.str;
@ -6854,7 +6857,7 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
} }
else else
{ {
if (lex_user == &current_role) if (lex_user->user.str == current_role.str)
{ {
mysql_mutex_unlock(&acl_cache->lock); mysql_mutex_unlock(&acl_cache->lock);
mysql_rwlock_unlock(&LOCK_grant); mysql_rwlock_unlock(&LOCK_grant);

10
sql/sql_acl.h
View File

@ -173,11 +173,11 @@ enum mysql_db_table_field
extern const TABLE_FIELD_DEF mysql_db_table_def; extern const TABLE_FIELD_DEF mysql_db_table_def;
extern bool mysql_user_table_is_in_short_password_format; extern bool mysql_user_table_is_in_short_password_format;
extern const char *HOST_NOT_SPECIFIED; extern LEX_STRING host_not_specified;
extern const char *NONE_ROLE; extern LEX_STRING none_role;
extern LEX_USER current_user; extern LEX_STRING current_user;
extern LEX_USER current_role; extern LEX_STRING current_role;
extern LEX_USER current_user_and_current_role; extern LEX_STRING current_user_and_current_role;
static inline int access_denied_error_code(int passwd_used) static inline int access_denied_error_code(int passwd_used)

10
sql/sql_parse.cc
View File

@ -4004,11 +4004,11 @@ end_with_restore_list:
if (grant_user->user.str && if (grant_user->user.str &&
!strcmp(thd->security_ctx->priv_user, grant_user->user.str)) !strcmp(thd->security_ctx->priv_user, grant_user->user.str))
grant_user= &current_user; grant_user->user= current_user;
if (grant_user == &current_user || if (grant_user->user.str == current_user.str ||
grant_user == &current_role || grant_user->user.str == current_role.str ||
grant_user == &current_user_and_current_role || grant_user->user.str == current_user_and_current_role.str ||
!check_access(thd, SELECT_ACL, "mysql", NULL, NULL, 1, 0)) !check_access(thd, SELECT_ACL, "mysql", NULL, NULL, 1, 0))
{ {
res = mysql_show_grants(thd, grant_user); res = mysql_show_grants(thd, grant_user);
@ -7757,7 +7757,7 @@ LEX_USER *create_definer(THD *thd, LEX_STRING *user_name, LEX_STRING *host_name)
LEX_USER *get_current_user(THD *thd, LEX_USER *user) LEX_USER *get_current_user(THD *thd, LEX_USER *user)
{ {
if (user == &current_user) // current_user if (user->user.str == current_user.str) // current_user
return create_default_definer(thd); return create_default_definer(thd);
return user; return user;

52
sql/sql_yacc.yy
View File

@ -1570,7 +1570,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
%type <symbol> keyword keyword_sp %type <symbol> keyword keyword_sp
%type <lex_user> user grant_user grant_role user_or_role %type <lex_user> user grant_user grant_role user_or_role current_role
%type <charset> %type <charset>
opt_collate opt_collate
@ -11766,22 +11766,16 @@ show_param:
} }
| GRANTS | GRANTS
{ {
LEX *lex=Lex; Lex->sql_command= SQLCOM_SHOW_GRANTS;
lex->sql_command= SQLCOM_SHOW_GRANTS; if (!(Lex->grant_user= (LEX_USER*)thd->alloc(sizeof(LEX_USER))))
lex->grant_user= &current_user_and_current_role; MYSQL_YYABORT;
Lex->grant_user->user= current_user_and_current_role;
} }
| GRANTS FOR_SYM user | GRANTS FOR_SYM user_or_role
{ {
LEX *lex=Lex; LEX *lex=Lex;
lex->sql_command= SQLCOM_SHOW_GRANTS; lex->sql_command= SQLCOM_SHOW_GRANTS;
lex->grant_user=$3; lex->grant_user=$3;
lex->grant_user->password=null_lex_str;
}
| GRANTS FOR_SYM CURRENT_ROLE optional_braces
{
LEX *lex=Lex;
lex->sql_command= SQLCOM_SHOW_GRANTS;
lex->grant_user= &current_role;
} }
| CREATE DATABASE opt_if_not_exists ident | CREATE DATABASE opt_if_not_exists ident
{ {
@ -13179,8 +13173,7 @@ user:
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user)))) if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
MYSQL_YYABORT; MYSQL_YYABORT;
$$->user = $1; $$->user = $1;
$$->host.str= (char *)HOST_NOT_SPECIFIED; $$->host= host_not_specified;
$$->host.length= 1;
$$->password= null_lex_str; $$->password= null_lex_str;
$$->plugin= empty_lex_str; $$->plugin= empty_lex_str;
$$->auth= empty_lex_str; $$->auth= empty_lex_str;
@ -13213,19 +13206,13 @@ user:
} }
| CURRENT_USER optional_braces | CURRENT_USER optional_braces
{ {
$$= &current_user; if (!($$=(LEX_USER*)thd->calloc(sizeof(LEX_USER))))
MYSQL_YYABORT;
$$->user= current_user;
} }
; ;
user_or_role: user_or_role: user | current_role;
user
{
$$=$1;
}
| CURRENT_ROLE optional_braces
{
$$= &current_role;
}
/* Keyword that we allow for identifiers (except SP labels) */ /* Keyword that we allow for identifiers (except SP labels) */
keyword: keyword:
@ -14337,14 +14324,22 @@ role_list:
} }
; ;
current_role:
CURRENT_ROLE optional_braces
{
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
MYSQL_YYABORT;
$$->user= current_role;
}
;
grant_role: grant_role:
ident_or_text ident_or_text
{ {
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user)))) if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
MYSQL_YYABORT; MYSQL_YYABORT;
$$->user = $1; $$->user = $1;
$$->host.str= (char *)HOST_NOT_SPECIFIED; $$->host= host_not_specified;
$$->host.length= 1;
$$->password= null_lex_str; $$->password= null_lex_str;
$$->plugin= empty_lex_str; $$->plugin= empty_lex_str;
$$->auth= empty_lex_str; $$->auth= empty_lex_str;
@ -14354,10 +14349,7 @@ grant_role:
system_charset_info, 0)) system_charset_info, 0))
MYSQL_YYABORT; MYSQL_YYABORT;
} }
| CURRENT_ROLE optional_braces | current_role
{
$$=&current_role;
}
; ;
opt_table: opt_table: