MDEV-13245 Add struct AUTHID
This commit is contained in:
Alexander Barkov
parent
5c0df0e4a8
commit
58dd72f18c
@ -1793,7 +1793,7 @@ sp_find_routine(THD *thd, stored_procedure_type type, const sp_name *name,
|
|||||||
if (db_load_routine(thd, type, name, &new_sp,
|
if (db_load_routine(thd, type, name, &new_sp,
|
||||||
sp->m_sql_mode, sp->m_params.str, returns,
|
sp->m_sql_mode, sp->m_params.str, returns,
|
||||||
sp->m_body.str, *sp->m_chistics,
|
sp->m_body.str, *sp->m_chistics,
|
||||||
&sp->m_definer_user, &sp->m_definer_host,
|
&sp->m_definer.user, &sp->m_definer.host,
|
||||||
sp->m_created, sp->m_modified,
|
sp->m_created, sp->m_modified,
|
||||||
sp->get_creation_ctx()) == SP_OK)
|
sp->get_creation_ctx()) == SP_OK)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -1430,8 +1430,8 @@ set_routine_security_ctx(THD *thd, sp_head *sp, bool is_proc,
|
|||||||
{
|
{
|
||||||
*save_ctx= 0;
|
*save_ctx= 0;
|
||||||
if (sp->m_chistics->suid != SP_IS_NOT_SUID &&
|
if (sp->m_chistics->suid != SP_IS_NOT_SUID &&
|
||||||
sp->m_security_ctx.change_security_context(thd, &sp->m_definer_user,
|
sp->m_security_ctx.change_security_context(thd, &sp->m_definer.user,
|
||||||
&sp->m_definer_host,
|
&sp->m_definer.host,
|
||||||
&sp->m_db,
|
&sp->m_db,
|
||||||
save_ctx))
|
save_ctx))
|
||||||
return TRUE;
|
return TRUE;
|
||||||
@ -1543,8 +1543,8 @@ sp_head::execute_trigger(THD *thd,
|
|||||||
|
|
||||||
if (m_chistics->suid != SP_IS_NOT_SUID &&
|
if (m_chistics->suid != SP_IS_NOT_SUID &&
|
||||||
m_security_ctx.change_security_context(thd,
|
m_security_ctx.change_security_context(thd,
|
||||||
&m_definer_user,
|
&m_definer.user,
|
||||||
&m_definer_host,
|
&m_definer.host,
|
||||||
&m_db,
|
&m_db,
|
||||||
&save_ctx))
|
&save_ctx))
|
||||||
DBUG_RETURN(TRUE);
|
DBUG_RETURN(TRUE);
|
||||||
@ -2492,17 +2492,6 @@ sp_head::set_definer(const char *definer, uint definerlen)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void
|
|
||||||
sp_head::set_definer(const LEX_CSTRING *user_name, const LEX_CSTRING *host_name)
|
|
||||||
{
|
|
||||||
m_definer_user.str= strmake_root(mem_root, user_name->str, user_name->length);
|
|
||||||
m_definer_user.length= user_name->length;
|
|
||||||
|
|
||||||
m_definer_host.str= strmake_root(mem_root, host_name->str, host_name->length);
|
|
||||||
m_definer_host.length= host_name->length;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
sp_head::reset_thd_mem_root(THD *thd)
|
sp_head::reset_thd_mem_root(THD *thd)
|
||||||
{
|
{
|
||||||
@ -2571,9 +2560,9 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access)
|
|||||||
*full_access= ((!check_table_access(thd, SELECT_ACL, &tables, FALSE,
|
*full_access= ((!check_table_access(thd, SELECT_ACL, &tables, FALSE,
|
||||||
1, TRUE) &&
|
1, TRUE) &&
|
||||||
(tables.grant.privilege & SELECT_ACL) != 0) ||
|
(tables.grant.privilege & SELECT_ACL) != 0) ||
|
||||||
(!strcmp(sp->m_definer_user.str,
|
(!strcmp(sp->m_definer.user.str,
|
||||||
thd->security_ctx->priv_user) &&
|
thd->security_ctx->priv_user) &&
|
||||||
!strcmp(sp->m_definer_host.str,
|
!strcmp(sp->m_definer.host.str,
|
||||||
thd->security_ctx->priv_host)));
|
thd->security_ctx->priv_host)));
|
||||||
if (!*full_access)
|
if (!*full_access)
|
||||||
return check_some_routine_access(thd, sp->m_db.str, sp->m_name.str,
|
return check_some_routine_access(thd, sp->m_db.str, sp->m_name.str,
|
||||||
|
|||||||
@ -187,8 +187,7 @@ public:
|
|||||||
LEX_CSTRING m_body;
|
LEX_CSTRING m_body;
|
||||||
LEX_CSTRING m_body_utf8;
|
LEX_CSTRING m_body_utf8;
|
||||||
LEX_CSTRING m_defstr;
|
LEX_CSTRING m_defstr;
|
||||||
LEX_CSTRING m_definer_user;
|
AUTHID m_definer;
|
||||||
LEX_CSTRING m_definer_host;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Is this routine being executed?
|
Is this routine being executed?
|
||||||
@ -676,7 +675,10 @@ public:
|
|||||||
const st_sp_chistics *chistics, sql_mode_t sql_mode);
|
const st_sp_chistics *chistics, sql_mode_t sql_mode);
|
||||||
|
|
||||||
void set_definer(const char *definer, uint definerlen);
|
void set_definer(const char *definer, uint definerlen);
|
||||||
void set_definer(const LEX_CSTRING *user_name, const LEX_CSTRING *host_name);
|
void set_definer(const LEX_CSTRING *user_name, const LEX_CSTRING *host_name)
|
||||||
|
{
|
||||||
|
m_definer.copy(mem_root, user_name, host_name);
|
||||||
|
}
|
||||||
|
|
||||||
void reset_thd_mem_root(THD *thd);
|
void reset_thd_mem_root(THD *thd);
|
||||||
|
|
||||||
|
|||||||
@ -10909,7 +10909,7 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
|
|||||||
Dummy_error_handler error_handler;
|
Dummy_error_handler error_handler;
|
||||||
DBUG_ENTER("sp_grant_privileges");
|
DBUG_ENTER("sp_grant_privileges");
|
||||||
|
|
||||||
if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
if (!(combo=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||||
DBUG_RETURN(TRUE);
|
DBUG_RETURN(TRUE);
|
||||||
|
|
||||||
combo->user.str= sctx->user;
|
combo->user.str= sctx->user;
|
||||||
|
|||||||
@ -939,8 +939,7 @@ THD::THD(my_thread_id id, bool is_wsrep_applier)
|
|||||||
|
|
||||||
m_internal_handler= NULL;
|
m_internal_handler= NULL;
|
||||||
m_binlog_invoker= INVOKER_NONE;
|
m_binlog_invoker= INVOKER_NONE;
|
||||||
memset(&invoker_user, 0, sizeof(invoker_user));
|
invoker.init();
|
||||||
memset(&invoker_host, 0, sizeof(invoker_host));
|
|
||||||
prepare_derived_at_open= FALSE;
|
prepare_derived_at_open= FALSE;
|
||||||
create_tmp_table_for_derived= FALSE;
|
create_tmp_table_for_derived= FALSE;
|
||||||
save_prep_leaf_list= FALSE;
|
save_prep_leaf_list= FALSE;
|
||||||
@ -5375,8 +5374,8 @@ void THD::get_definer(LEX_USER *definer, bool role)
|
|||||||
if (slave_thread && has_invoker())
|
if (slave_thread && has_invoker())
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
definer->user= invoker_user;
|
definer->user= invoker.user;
|
||||||
definer->host= invoker_host;
|
definer->host= invoker.host;
|
||||||
definer->reset_auth();
|
definer->reset_auth();
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -7446,4 +7445,16 @@ bool Discrete_intervals_list::append(Discrete_interval *new_interval)
|
|||||||
DBUG_RETURN(0);
|
DBUG_RETURN(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void AUTHID::copy(MEM_ROOT *mem_root, const LEX_CSTRING *user_name,
|
||||||
|
const LEX_CSTRING *host_name)
|
||||||
|
{
|
||||||
|
user.str= strmake_root(mem_root, user_name->str, user_name->length);
|
||||||
|
user.length= user_name->length;
|
||||||
|
|
||||||
|
host.str= strmake_root(mem_root, host_name->str, host_name->length);
|
||||||
|
host.length= host_name->length;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#endif /* !defined(MYSQL_CLIENT) */
|
#endif /* !defined(MYSQL_CLIENT) */
|
||||||
|
|||||||
@ -4080,12 +4080,12 @@ public:
|
|||||||
void get_definer(LEX_USER *definer, bool role);
|
void get_definer(LEX_USER *definer, bool role);
|
||||||
void set_invoker(const LEX_CSTRING *user, const LEX_CSTRING *host)
|
void set_invoker(const LEX_CSTRING *user, const LEX_CSTRING *host)
|
||||||
{
|
{
|
||||||
invoker_user= *user;
|
invoker.user= *user;
|
||||||
invoker_host= *host;
|
invoker.host= *host;
|
||||||
}
|
}
|
||||||
LEX_CSTRING get_invoker_user() { return invoker_user; }
|
LEX_CSTRING get_invoker_user() { return invoker.user; }
|
||||||
LEX_CSTRING get_invoker_host() { return invoker_host; }
|
LEX_CSTRING get_invoker_host() { return invoker.host; }
|
||||||
bool has_invoker() { return invoker_user.length > 0; }
|
bool has_invoker() { return invoker.user.length > 0; }
|
||||||
|
|
||||||
void print_aborted_warning(uint threshold, const char *reason)
|
void print_aborted_warning(uint threshold, const char *reason)
|
||||||
{
|
{
|
||||||
@ -4184,8 +4184,7 @@ private:
|
|||||||
TRIGGER or VIEW statements or current user in account management
|
TRIGGER or VIEW statements or current user in account management
|
||||||
statements if it is not NULL.
|
statements if it is not NULL.
|
||||||
*/
|
*/
|
||||||
LEX_CSTRING invoker_user;
|
AUTHID invoker;
|
||||||
LEX_CSTRING invoker_host;
|
|
||||||
|
|
||||||
public:
|
public:
|
||||||
#ifndef EMBEDDED_LIBRARY
|
#ifndef EMBEDDED_LIBRARY
|
||||||
|
|||||||
@ -57,7 +57,6 @@ public:
|
|||||||
|
|
||||||
|
|
||||||
class THD;
|
class THD;
|
||||||
typedef struct st_lex_user LEX_USER;
|
|
||||||
typedef struct user_conn USER_CONN;
|
typedef struct user_conn USER_CONN;
|
||||||
|
|
||||||
void init_max_user_conn(void);
|
void init_max_user_conn(void);
|
||||||
|
|||||||
@ -1697,8 +1697,8 @@ void Trigger::get_trigger_info(LEX_CSTRING *trigger_stmt,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
definer->length= strxmov(definer->str, body->m_definer_user.str, "@",
|
definer->length= strxmov(definer->str, body->m_definer.user.str, "@",
|
||||||
body->m_definer_host.str, NullS) - definer->str;
|
body->m_definer.host.str, NullS) - definer->str;
|
||||||
}
|
}
|
||||||
DBUG_VOID_RETURN;
|
DBUG_VOID_RETURN;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -14495,7 +14495,7 @@ ident_or_text:
|
|||||||
user_maybe_role:
|
user_maybe_role:
|
||||||
ident_or_text
|
ident_or_text
|
||||||
{
|
{
|
||||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||||
MYSQL_YYABORT;
|
MYSQL_YYABORT;
|
||||||
$$->user = $1;
|
$$->user = $1;
|
||||||
$$->host= null_clex_str; // User or Role, see get_current_user()
|
$$->host= null_clex_str; // User or Role, see get_current_user()
|
||||||
@ -14508,7 +14508,7 @@ user_maybe_role:
|
|||||||
}
|
}
|
||||||
| ident_or_text '@' ident_or_text
|
| ident_or_text '@' ident_or_text
|
||||||
{
|
{
|
||||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||||
MYSQL_YYABORT;
|
MYSQL_YYABORT;
|
||||||
$$->user = $1; $$->host=$3;
|
$$->user = $1; $$->host=$3;
|
||||||
$$->reset_auth();
|
$$->reset_auth();
|
||||||
@ -15735,7 +15735,7 @@ grant_role:
|
|||||||
((char*) $1.str)[$1.length] = '\0';
|
((char*) $1.str)[$1.length] = '\0';
|
||||||
if ($1.length == 0)
|
if ($1.length == 0)
|
||||||
my_yyabort_error((ER_INVALID_ROLE, MYF(0), ""));
|
my_yyabort_error((ER_INVALID_ROLE, MYF(0), ""));
|
||||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||||
MYSQL_YYABORT;
|
MYSQL_YYABORT;
|
||||||
$$->user= $1;
|
$$->user= $1;
|
||||||
$$->host= empty_clex_str;
|
$$->host= empty_clex_str;
|
||||||
|
|||||||
@ -14643,7 +14643,7 @@ ident_or_text:
|
|||||||
user_maybe_role:
|
user_maybe_role:
|
||||||
ident_or_text
|
ident_or_text
|
||||||
{
|
{
|
||||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||||
MYSQL_YYABORT;
|
MYSQL_YYABORT;
|
||||||
$$->user = $1;
|
$$->user = $1;
|
||||||
$$->host= null_clex_str; // User or Role, see get_current_user()
|
$$->host= null_clex_str; // User or Role, see get_current_user()
|
||||||
@ -14656,7 +14656,7 @@ user_maybe_role:
|
|||||||
}
|
}
|
||||||
| ident_or_text '@' ident_or_text
|
| ident_or_text '@' ident_or_text
|
||||||
{
|
{
|
||||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||||
MYSQL_YYABORT;
|
MYSQL_YYABORT;
|
||||||
$$->user = $1; $$->host=$3;
|
$$->user = $1; $$->host=$3;
|
||||||
$$->reset_auth();
|
$$->reset_auth();
|
||||||
@ -15980,7 +15980,7 @@ grant_role:
|
|||||||
((char*) $1.str)[$1.length] = '\0';
|
((char*) $1.str)[$1.length] = '\0';
|
||||||
if ($1.length == 0)
|
if ($1.length == 0)
|
||||||
my_yyabort_error((ER_INVALID_ROLE, MYF(0), ""));
|
my_yyabort_error((ER_INVALID_ROLE, MYF(0), ""));
|
||||||
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
if (!($$=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
||||||
MYSQL_YYABORT;
|
MYSQL_YYABORT;
|
||||||
$$->user= $1;
|
$$->user= $1;
|
||||||
$$->host= empty_clex_str;
|
$$->host= empty_clex_str;
|
||||||
|
|||||||
@ -204,9 +204,12 @@ extern const char *show_comp_option_name[];
|
|||||||
|
|
||||||
typedef int *(*update_var)(THD *, struct st_mysql_show_var *);
|
typedef int *(*update_var)(THD *, struct st_mysql_show_var *);
|
||||||
|
|
||||||
typedef struct st_lex_user {
|
|
||||||
LEX_CSTRING user, host, plugin, auth;
|
struct AUTHID
|
||||||
LEX_CSTRING pwtext, pwhash;
|
{
|
||||||
|
LEX_CSTRING user, host;
|
||||||
|
void init() { memset(this, 0, sizeof(*this)); }
|
||||||
|
void copy(MEM_ROOT *root, const LEX_CSTRING *usr, const LEX_CSTRING *host);
|
||||||
bool is_role() const { return user.str[0] && !host.str[0]; }
|
bool is_role() const { return user.str[0] && !host.str[0]; }
|
||||||
void set_lex_string(LEX_CSTRING *l, char *buf)
|
void set_lex_string(LEX_CSTRING *l, char *buf)
|
||||||
{
|
{
|
||||||
@ -218,13 +221,20 @@ typedef struct st_lex_user {
|
|||||||
l->length= strxmov(buf, user.str, "@", host.str, NullS) - buf;
|
l->length= strxmov(buf, user.str, "@", host.str, NullS) - buf;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
struct LEX_USER: public AUTHID
|
||||||
|
{
|
||||||
|
LEX_CSTRING plugin, auth;
|
||||||
|
LEX_CSTRING pwtext, pwhash;
|
||||||
void reset_auth()
|
void reset_auth()
|
||||||
{
|
{
|
||||||
pwtext.length= pwhash.length= plugin.length= auth.length= 0;
|
pwtext.length= pwhash.length= plugin.length= auth.length= 0;
|
||||||
pwtext.str= pwhash.str= 0;
|
pwtext.str= pwhash.str= 0;
|
||||||
plugin.str= auth.str= "";
|
plugin.str= auth.str= "";
|
||||||
}
|
}
|
||||||
} LEX_USER;
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
This structure specifies the maximum amount of resources which
|
This structure specifies the maximum amount of resources which
|
||||||
|
|||||||
@ -1993,7 +1993,7 @@ struct TABLE_LIST
|
|||||||
LEX_CSTRING view_db; /* saved view database */
|
LEX_CSTRING view_db; /* saved view database */
|
||||||
LEX_CSTRING view_name; /* saved view name */
|
LEX_CSTRING view_name; /* saved view name */
|
||||||
LEX_STRING timestamp; /* GMT time stamp of last operation */
|
LEX_STRING timestamp; /* GMT time stamp of last operation */
|
||||||
st_lex_user definer; /* definer of view */
|
LEX_USER definer; /* definer of view */
|
||||||
ulonglong file_version; /* version of file's field set */
|
ulonglong file_version; /* version of file's field set */
|
||||||
ulonglong mariadb_version; /* version of server on creation */
|
ulonglong mariadb_version; /* version of server on creation */
|
||||||
ulonglong updatable_view; /* VIEW can be updated */
|
ulonglong updatable_view; /* VIEW can be updated */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user