MDEV-13245 Add struct AUTHID
This commit is contained in:
Alexander Barkov
parent
5c0df0e4a8
commit
58dd72f18c
@ -1793,7 +1793,7 @@ sp_find_routine(THD *thd, stored_procedure_type type, const sp_name *name,
|
||||
if (db_load_routine(thd, type, name, &new_sp,
|
||||
sp->m_sql_mode, sp->m_params.str, returns,
|
||||
sp->m_body.str, *sp->m_chistics,
|
||||
&sp->m_definer_user, &sp->m_definer_host,
|
||||
&sp->m_definer.user, &sp->m_definer.host,
|
||||
sp->m_created, sp->m_modified,
|
||||
sp->get_creation_ctx()) == SP_OK)
|
||||
{
|
||||
|
||||
@ -1430,8 +1430,8 @@ set_routine_security_ctx(THD *thd, sp_head *sp, bool is_proc,
|
||||
{
|
||||
*save_ctx= 0;
|
||||
if (sp->m_chistics->suid != SP_IS_NOT_SUID &&
|
||||
sp->m_security_ctx.change_security_context(thd, &sp->m_definer_user,
|
||||
&sp->m_definer_host,
|
||||
sp->m_security_ctx.change_security_context(thd, &sp->m_definer.user,
|
||||
&sp->m_definer.host,
|
||||
&sp->m_db,
|
||||
save_ctx))
|
||||
return TRUE;
|
||||
@ -1543,8 +1543,8 @@ sp_head::execute_trigger(THD *thd,
|
||||
|
||||
if (m_chistics->suid != SP_IS_NOT_SUID &&
|
||||
m_security_ctx.change_security_context(thd,
|
||||
&m_definer_user,
|
||||
&m_definer_host,
|
||||
&m_definer.user,
|
||||
&m_definer.host,
|
||||
&m_db,
|
||||
&save_ctx))
|
||||
DBUG_RETURN(TRUE);
|
||||
@ -2492,17 +2492,6 @@ sp_head::set_definer(const char *definer, uint definerlen)
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
sp_head::set_definer(const LEX_CSTRING *user_name, const LEX_CSTRING *host_name)
|
||||
{
|
||||
m_definer_user.str= strmake_root(mem_root, user_name->str, user_name->length);
|
||||
m_definer_user.length= user_name->length;
|
||||
|
||||
m_definer_host.str= strmake_root(mem_root, host_name->str, host_name->length);
|
||||
m_definer_host.length= host_name->length;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
sp_head::reset_thd_mem_root(THD *thd)
|
||||
{
|
||||
@ -2571,9 +2560,9 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access)
|
||||
*full_access= ((!check_table_access(thd, SELECT_ACL, &tables, FALSE,
|
||||
1, TRUE) &&
|
||||
(tables.grant.privilege & SELECT_ACL) != 0) ||
|
||||
(!strcmp(sp->m_definer_user.str,
|
||||
(!strcmp(sp->m_definer.user.str,
|
||||
thd->security_ctx->priv_user) &&
|
||||
!strcmp(sp->m_definer_host.str,
|
||||
!strcmp(sp->m_definer.host.str,
|
||||
thd->security_ctx->priv_host)));
|
||||
if (!*full_access)
|
||||
return check_some_routine_access(thd, sp->m_db.str, sp->m_name.str,
|
||||
|
||||
@ -187,8 +187,7 @@ public:
|
||||
LEX_CSTRING m_body;
|
||||
LEX_CSTRING m_body_utf8;
|
||||
LEX_CSTRING m_defstr;
|
||||
LEX_CSTRING m_definer_user;
|
||||
LEX_CSTRING m_definer_host;
|
||||
AUTHID m_definer;
|
||||
|
||||
/**
|
||||
Is this routine being executed?
|
||||
@ -676,7 +675,10 @@ public:
|
||||
const st_sp_chistics *chistics, sql_mode_t sql_mode);
|
||||
|
||||
void set_definer(const char *definer, uint definerlen);
|
||||
void set_definer(const LEX_CSTRING *user_name, const LEX_CSTRING *host_name);
|
||||
void set_definer(const LEX_CSTRING *user_name, const LEX_CSTRING *host_name)
|
||||
{
|
||||
m_definer.copy(mem_root, user_name, host_name);
|
||||
}
|
||||
|
||||
void reset_thd_mem_root(THD *thd);
|
||||
|
||||
|
||||
@ -10909,7 +10909,7 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
|
||||
Dummy_error_handler error_handler;
|
||||
DBUG_ENTER("sp_grant_privileges");
|
||||
|
||||
if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
||||
if (!(combo=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||
DBUG_RETURN(TRUE);
|
||||
|
||||
combo->user.str= sctx->user;
|
||||
|
||||
@ -939,8 +939,7 @@ THD::THD(my_thread_id id, bool is_wsrep_applier)
|
||||
|
||||
m_internal_handler= NULL;
|
||||
m_binlog_invoker= INVOKER_NONE;
|
||||
memset(&invoker_user, 0, sizeof(invoker_user));
|
||||
memset(&invoker_host, 0, sizeof(invoker_host));
|
||||
invoker.init();
|
||||
prepare_derived_at_open= FALSE;
|
||||
create_tmp_table_for_derived= FALSE;
|
||||
save_prep_leaf_list= FALSE;
|
||||
@ -5375,8 +5374,8 @@ void THD::get_definer(LEX_USER *definer, bool role)
|
||||
if (slave_thread && has_invoker())
|
||||
#endif
|
||||
{
|
||||
definer->user= invoker_user;
|
||||
definer->host= invoker_host;
|
||||
definer->user= invoker.user;
|
||||
definer->host= invoker.host;
|
||||
definer->reset_auth();
|
||||
}
|
||||
else
|
||||
@ -7446,4 +7445,16 @@ bool Discrete_intervals_list::append(Discrete_interval *new_interval)
|
||||
DBUG_RETURN(0);
|
||||
}
|
||||
|
||||
|
||||
void AUTHID::copy(MEM_ROOT *mem_root, const LEX_CSTRING *user_name,
|
||||
const LEX_CSTRING *host_name)
|
||||
{
|
||||
user.str= strmake_root(mem_root, user_name->str, user_name->length);
|
||||
user.length= user_name->length;
|
||||
|
||||
host.str= strmake_root(mem_root, host_name->str, host_name->length);
|
||||
host.length= host_name->length;
|
||||
}
|
||||
|
||||
|
||||
#endif /* !defined(MYSQL_CLIENT) */
|
||||
|
||||
@ -4080,12 +4080,12 @@ public:
|
||||
void get_definer(LEX_USER *definer, bool role);
|
||||
void set_invoker(const LEX_CSTRING *user, const LEX_CSTRING *host)
|
||||
{
|
||||
invoker_user= *user;
|
||||
invoker_host= *host;
|
||||
invoker.user= *user;
|
||||
invoker.host= *host;
|
||||
}
|
||||
LEX_CSTRING get_invoker_user() { return invoker_user; }
|
||||
LEX_CSTRING get_invoker_host() { return invoker_host; }
|
||||
bool has_invoker() { return invoker_user.length > 0; }
|
||||
LEX_CSTRING get_invoker_user() { return invoker.user; }
|
||||
LEX_CSTRING get_invoker_host() { return invoker.host; }
|
||||
bool has_invoker() { return invoker.user.length > 0; }
|
||||
|
||||
void print_aborted_warning(uint threshold, const char *reason)
|
||||
{
|
||||
@ -4184,8 +4184,7 @@ private:
|
||||
TRIGGER or VIEW statements or current user in account management
|
||||
statements if it is not NULL.
|
||||
*/
|
||||
LEX_CSTRING invoker_user;
|
||||
LEX_CSTRING invoker_host;
|
||||
AUTHID invoker;
|
||||
|
||||
public:
|
||||
#ifndef EMBEDDED_LIBRARY
|
||||
|
||||
@ -57,7 +57,6 @@ public:
|
||||
|
||||
|
||||
class THD;
|
||||
typedef struct st_lex_user LEX_USER;
|
||||
typedef struct user_conn USER_CONN;
|
||||
|
||||
void init_max_user_conn(void);
|
||||
|
||||
@ -1697,8 +1697,8 @@ void Trigger::get_trigger_info(LEX_CSTRING *trigger_stmt,
|
||||
}
|
||||
else
|
||||
{
|
||||
definer->length= strxmov(definer->str, body->m_definer_user.str, "@",
|
||||
body->m_definer_host.str, NullS) - definer->str;
|
||||
definer->length= strxmov(definer->str, body->m_definer.user.str, "@",
|
||||
body->m_definer.host.str, NullS) - definer->str;
|
||||
}
|
||||
DBUG_VOID_RETURN;
|
||||
}
|
||||
|
||||
@ -14495,7 +14495,7 @@ ident_or_text:
|
||||
user_maybe_role:
|
||||
ident_or_text
|
||||
{
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||
MYSQL_YYABORT;
|
||||
$$->user = $1;
|
||||
$$->host= null_clex_str; // User or Role, see get_current_user()
|
||||
@ -14508,7 +14508,7 @@ user_maybe_role:
|
||||
}
|
||||
| ident_or_text '@' ident_or_text
|
||||
{
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||
MYSQL_YYABORT;
|
||||
$$->user = $1; $$->host=$3;
|
||||
$$->reset_auth();
|
||||
@ -15735,7 +15735,7 @@ grant_role:
|
||||
((char*) $1.str)[$1.length] = '\0';
|
||||
if ($1.length == 0)
|
||||
my_yyabort_error((ER_INVALID_ROLE, MYF(0), ""));
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||
MYSQL_YYABORT;
|
||||
$$->user= $1;
|
||||
$$->host= empty_clex_str;
|
||||
|
||||
@ -14643,7 +14643,7 @@ ident_or_text:
|
||||
user_maybe_role:
|
||||
ident_or_text
|
||||
{
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||
MYSQL_YYABORT;
|
||||
$$->user = $1;
|
||||
$$->host= null_clex_str; // User or Role, see get_current_user()
|
||||
@ -14656,7 +14656,7 @@ user_maybe_role:
|
||||
}
|
||||
| ident_or_text '@' ident_or_text
|
||||
{
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||
MYSQL_YYABORT;
|
||||
$$->user = $1; $$->host=$3;
|
||||
$$->reset_auth();
|
||||
@ -15980,7 +15980,7 @@ grant_role:
|
||||
((char*) $1.str)[$1.length] = '\0';
|
||||
if ($1.length == 0)
|
||||
my_yyabort_error((ER_INVALID_ROLE, MYF(0), ""));
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||
MYSQL_YYABORT;
|
||||
$$->user= $1;
|
||||
$$->host= empty_clex_str;
|
||||
|
||||
@ -204,9 +204,12 @@ extern const char *show_comp_option_name[];
|
||||
|
||||
typedef int *(*update_var)(THD *, struct st_mysql_show_var *);
|
||||
|
||||
typedef struct st_lex_user {
|
||||
LEX_CSTRING user, host, plugin, auth;
|
||||
LEX_CSTRING pwtext, pwhash;
|
||||
|
||||
struct AUTHID
|
||||
{
|
||||
LEX_CSTRING user, host;
|
||||
void init() { memset(this, 0, sizeof(*this)); }
|
||||
void copy(MEM_ROOT *root, const LEX_CSTRING *usr, const LEX_CSTRING *host);
|
||||
bool is_role() const { return user.str[0] && !host.str[0]; }
|
||||
void set_lex_string(LEX_CSTRING *l, char *buf)
|
||||
{
|
||||
@ -218,13 +221,20 @@ typedef struct st_lex_user {
|
||||
l->length= strxmov(buf, user.str, "@", host.str, NullS) - buf;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
struct LEX_USER: public AUTHID
|
||||
{
|
||||
LEX_CSTRING plugin, auth;
|
||||
LEX_CSTRING pwtext, pwhash;
|
||||
void reset_auth()
|
||||
{
|
||||
pwtext.length= pwhash.length= plugin.length= auth.length= 0;
|
||||
pwtext.str= pwhash.str= 0;
|
||||
plugin.str= auth.str= "";
|
||||
}
|
||||
} LEX_USER;
|
||||
};
|
||||
|
||||
/*
|
||||
This structure specifies the maximum amount of resources which
|
||||
|
||||
@ -1993,7 +1993,7 @@ struct TABLE_LIST
|
||||
LEX_CSTRING view_db; /* saved view database */
|
||||
LEX_CSTRING view_name; /* saved view name */
|
||||
LEX_STRING timestamp; /* GMT time stamp of last operation */
|
||||
st_lex_user definer; /* definer of view */
|
||||
LEX_USER definer; /* definer of view */
|
||||
ulonglong file_version; /* version of file's field set */
|
||||
ulonglong mariadb_version; /* version of server on creation */
|
||||
ulonglong updatable_view; /* VIEW can be updated */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user