mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-17 12:32:27 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge

Browse source
This commit is contained in:
hf@deer.(none) 2003-09-26 15:40:26 +05:00
commit 5f8e7fef27
24 changed files with 447 additions and 289 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/mysql.h
View file

@ -142,7 +142,7 @@ enum mysql_option
MYSQL_OPT_PROTOCOL, MYSQL_SHARED_MEMORY_BASE_NAME, MYSQL_OPT_READ_TIMEOUT,
MYSQL_OPT_WRITE_TIMEOUT, MYSQL_OPT_USE_RESULT,
MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION,
MYSQL_OPT_GUESS_CONNECTION
MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP
};
struct st_mysql_options {
@ -180,6 +180,7 @@ struct st_mysql_options {
my_bool separate_thread;
#endif
enum mysql_option methods_to_use;
char *client_ip;
};
enum mysql_status

1
libmysqld/Makefile.am
View file

@ -22,6 +22,7 @@ MYSQLSHAREdir = $(pkgdatadir)
MYSQLBASEdir= $(prefix)
DEFS = -DEMBEDDED_LIBRARY -DMYSQL_SERVER \
-DNO_EMBEDDED_ACCESS_CHECKS \
-DDEFAULT_MYSQL_HOME="\"$(MYSQLBASEdir)\"" \
-DDATADIR="\"$(MYSQLDATAdir)\"" \
-DSHAREDIR="\"$(MYSQLSHAREdir)\""

93
libmysqld/lib_sql.cc
View file

@ -33,6 +33,9 @@ static const char *fake_groups[] = { "server", "embedded", 0 };
#include "../sql/mysqld.cc"
#endif
int check_user(THD *thd, enum enum_server_command command,
const char *passwd, uint passwd_len, const char *db,
bool check_count);
C_MODE_START
#include <mysql.h>
#undef ER
@ -42,14 +45,6 @@ C_MODE_START
static my_bool org_my_init_done;
my_bool server_inited;
static int check_connections1(THD * thd);
static int check_connections2(THD * thd);
static bool check_user(THD *thd, enum_server_command command,
const char *user, const char *passwd, const char *db,
bool check_count);
char * get_mysql_home(){ return mysql_home;};
char * get_mysql_real_data_home(){ return mysql_real_data_home;};
static my_bool STDCALL
emb_advanced_command(MYSQL *mysql, enum enum_server_command command,
const char *header, ulong header_length,
@ -238,34 +233,6 @@ void THD::clear_error()
net.report_error= 0;
}
static bool check_user(THD *thd,enum_server_command command, const char *user,
const char *passwd, const char *db, bool check_count)
{
thd->db=0;
if (!(thd->user = my_strdup(user, MYF(0))))
{
send_error(thd,ER_OUT_OF_RESOURCES);
return 1;
}
thd->master_access= ~0L; // No user checking
thd->priv_user= thd->user;
mysql_log.write(thd,command,
(thd->priv_user == thd->user ?
(char*) "%s@%s on %s" :
(char*) "%s@%s as anonymous on %s"),
user,
thd->host_or_ip,
db ? db : (char*) "");
thd->db_access=0;
if (db && db[0])
return test(mysql_change_db(thd,db));
else
send_ok(thd); // Ready to handle questions
return 0; // ok
}
/*
Make a copy of array and the strings array points to
*/
@ -360,7 +327,7 @@ int STDCALL mysql_server_init(int argc, char **argv, char **groups)
error_handler_hook = my_message_sql;
opt_noacl = 1; // No permissions
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (acl_init((THD *)0, opt_noacl))
{
mysql_server_end();
@ -368,11 +335,16 @@ int STDCALL mysql_server_init(int argc, char **argv, char **groups)
}
if (!opt_noacl)
(void) grant_init((THD *)0);
#endif
init_max_user_conn();
init_update_queries();
#ifdef HAVE_DLOPEN
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!opt_noacl)
#endif
udf_init();
#endif
@ -465,8 +437,10 @@ void *create_embedded_thd(int client_flag, char *db)
thd->db= db;
thd->db_length= db ? strip_sp(db) : 0;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
thd->db_access= DB_ACLS;
thd->master_access= ~NO_ACCESS;
#endif
thd->net.query_cache_query= 0;
thd->data= 0;
@ -474,6 +448,51 @@ void *create_embedded_thd(int client_flag, char *db)
return thd;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
int check_embedded_connection(MYSQL *mysql)
{
THD *thd= (THD*)mysql->thd;
int result;
char scramble_buff[SCRAMBLE_LENGTH];
int passwd_len;
thd->host= mysql->options.client_ip ?
mysql->options.client_ip : (char*)my_localhost;
thd->ip= thd->host;
thd->host_or_ip= thd->host;
if (acl_check_host(thd->host,thd->ip))
{
result= ER_HOST_NOT_PRIVILEGED;
goto err;
}
thd->user= mysql->user;
if (mysql->passwd && mysql->passwd[0])
{
memset(thd->scramble, 55, SCRAMBLE_LENGTH); // dummy scramble
thd->scramble[SCRAMBLE_LENGTH]= 0;
scramble(scramble_buff, thd->scramble, mysql->passwd);
passwd_len= SCRAMBLE_LENGTH;
}
else
passwd_len= 0;
if((result= check_user(thd, COM_CONNECT,
scramble_buff, passwd_len, thd->db, true)))
goto err;
return 0;
err:
{
NET *net= &mysql->net;
memcpy(net->last_error, thd->net.last_error, sizeof(net->last_error));
memcpy(net->sqlstate, thd->net.sqlstate, sizeof(net->sqlstate));
}
return result;
}
#endif
void free_embedded_thd(MYSQL *mysql)
{
THD *thd= (THD*)mysql->thd;

86
libmysqld/libmysqld.c
View file

@ -146,12 +146,17 @@ static inline int mysql_init_charset(MYSQL *mysql)
return 0;
}
int check_embedded_connection(MYSQL *mysql);
MYSQL * STDCALL
mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
const char *passwd, const char *db,
uint port, const char *unix_socket,ulong client_flag)
{
char *db_name;
char *db_name;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
char name_buff[USERNAME_LENGTH];
#endif
DBUG_ENTER("mysql_real_connect");
DBUG_PRINT("enter",("host: %s db: %s user: %s",
host ? host : "(Null)",
@ -190,6 +195,29 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
if (!db || !db[0])
db=mysql->options.db;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!user || !user[0])
user=mysql->options.user;
if (!passwd)
{
passwd=mysql->options.password;
#if !defined(DONT_USE_MYSQL_PWD)
if (!passwd)
passwd=getenv("MYSQL_PWD"); /* get it from environment */
#endif
}
if (!user || !user[0])
{
read_user_name(name_buff);
if (!name_buff[0])
user= name_buff;
}
mysql->user=my_strdup(user,MYF(0));
mysql->passwd= passwd ? my_strdup(passwd,MYF(0)) : NULL;
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
port=0;
unix_socket=0;
db_name = db ? my_strdup(db,MYF(MY_WME)) : NULL;
@ -198,6 +226,11 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
init_embedded_mysql(mysql, client_flag, db_name);
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_embedded_connection(mysql))
goto error;
#endif
if (mysql_init_charset(mysql))
goto error;
@ -245,54 +278,3 @@ error:
DBUG_RETURN(0);
}
/*************************************************************************
** Send a QUIT to the server and close the connection
** If handle is alloced by mysql connect free it.
*************************************************************************/
void STDCALL mysql_close(MYSQL *mysql)
{
DBUG_ENTER("mysql_close");
if (mysql) /* Some simple safety */
{
if (mysql->methods != &embedded_methods)
{
cli_mysql_close(mysql);
DBUG_VOID_RETURN;
}
my_free(mysql->options.user,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.host,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.password,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.unix_socket,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.db,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.my_cnf_file,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.my_cnf_group,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.charset_dir,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.charset_name,MYF(MY_ALLOW_ZERO_PTR));
if (mysql->options.init_commands)
{
DYNAMIC_ARRAY *init_commands= mysql->options.init_commands;
char **ptr= (char**)init_commands->buffer;
char **end= ptr + init_commands->elements;
for (; ptr<end; ptr++)
my_free(*ptr,MYF(MY_WME));
delete_dynamic(init_commands);
my_free((char*)init_commands,MYF(MY_WME));
}
/* Clear pointers for better safety */
bzero((char*) &mysql->options,sizeof(mysql->options));
#ifdef HAVE_OPENSSL
((VioConnectorFd*)(mysql->connector_fd))->delete();
mysql->connector_fd = 0;
#endif /* HAVE_OPENSSL */
if (mysql->free_me)
my_free((gptr) mysql,MYF(0));
free_embedded_thd(mysql);
}
DBUG_VOID_RETURN;
}

7
sql-common/client.c
View file

@ -48,14 +48,12 @@
#endif
#define CLI_MYSQL_REAL_CONNECT cli_mysql_real_connect
#define CLI_MYSQL_CLOSE cli_mysql_close
#undef net_flush
my_bool net_flush(NET *net);
#else /*EMBEDDED_LIBRARY*/
#define CLI_MYSQL_REAL_CONNECT mysql_real_connect
#define CLI_MYSQL_CLOSE mysql_close
#endif /*EMBEDDED_LIBRARY*/
#if !defined(MYSQL_SERVER) && (defined(__WIN__) || defined(_WIN32) || defined(_WIN64))
@ -2130,6 +2128,7 @@ static void mysql_close_free_options(MYSQL *mysql)
my_free(mysql->options.my_cnf_group,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.charset_dir,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.charset_name,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.client_ip,MYF(MY_ALLOW_ZERO_PTR));
if (mysql->options.init_commands)
{
DYNAMIC_ARRAY *init_commands= mysql->options.init_commands;
@ -2162,7 +2161,7 @@ static void mysql_close_free(MYSQL *mysql)
}
void STDCALL CLI_MYSQL_CLOSE(MYSQL *mysql)
void STDCALL mysql_close(MYSQL *mysql)
{
DBUG_ENTER("mysql_close");
if (mysql) /* Some simple safety */
@ -2532,6 +2531,8 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const char *arg)
case MYSQL_OPT_GUESS_CONNECTION:
mysql->options.methods_to_use= option;
break;
case MYSQL_SET_CLIENT_IP:
mysql->options.client_ip= my_strdup(arg, MYF(MY_WME));
default:
DBUG_RETURN(1);
}

2
sql/item_strfunc.cc
View file

@ -2279,7 +2279,9 @@ String *Item_load_file::val_str(String *str)
DBUG_ENTER("load_file");
if (!(file_name= args[0]->val_str(str)) ||
#ifndef NO_EMBEDDED_ACCESS_CHECKS
!(current_thd->master_access & FILE_ACL) ||
#endif
!my_stat(file_name->c_ptr(), &stat_info, MYF(MY_WME)))
goto err;
if (!(stat_info.st_mode & S_IROTH))

14
sql/log.cc
View file

@ -1092,8 +1092,11 @@ bool MYSQL_LOG::write(THD *thd,enum enum_server_command command,
if (thd)
{ // Normal thread
if ((thd->options & OPTION_LOG_OFF) &&
(thd->master_access & SUPER_ACL))
if ((thd->options & OPTION_LOG_OFF)
#ifndef NO_EMBEDDED_ACCESS_CHECKS
&& (thd->master_access & SUPER_ACL)
#endif
)
{
VOID(pthread_mutex_unlock(&LOCK_log));
return 0; // No logging
@ -1552,8 +1555,11 @@ bool MYSQL_LOG::write(THD *thd,const char *query, uint query_length,
int tmp_errno=0;
char buff[80],*end;
end=buff;
if (!(thd->options & OPTION_UPDATE_LOG) &&
(thd->master_access & SUPER_ACL))
if (!(thd->options & OPTION_UPDATE_LOG)
#ifndef NO_EMBEDDED_ACCESS_CHECKS
&& (thd->master_access & SUPER_ACL)
#endif
)
{
VOID(pthread_mutex_unlock(&LOCK_log));
return 0;

18
sql/mysql_priv.h
View file

@ -393,18 +393,24 @@ bool check_stack_overrun(THD *thd,char *dummy);
#define check_stack_overrun(A, B) 0
#endif
bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
bool *write_to_binlog);
void table_cache_init(void);
void table_cache_free(void);
uint cached_tables(void);
void kill_mysql(void);
void close_connection(THD *thd, uint errcode, bool lock);
bool check_access(THD *thd, ulong access, const char *db=0, ulong *save_priv=0,
bool no_grant=0, bool no_errors=0);
#ifndef NO_EMBEDDED_ACCESS_CHECKS
bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
bool *write_to_binlog);
bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
bool no_grant, bool no_errors);
bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
bool no_errors=0);
bool no_errors);
bool check_global_access(THD *thd, ulong want_access);
#else
#define check_access(thd, access, db, save_priv, no_grant, no_errors) false
#define check_table_access(thd, want_access, tables, no_errors) false
#define check_global_access(thd, want_access) false
#endif
int mysql_backup_table(THD* thd, TABLE_LIST* table_list);
int mysql_restore_table(THD* thd, TABLE_LIST* table_list);
@ -720,7 +726,7 @@ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
#define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
extern MY_TMPDIR mysql_tmpdir_list;
extern const char *command_name[];
extern const char *first_keyword, *localhost, *delayed_user, *binary_keyword;
extern const char *first_keyword, *my_localhost, *delayed_user, *binary_keyword;
extern const char **errmesg; /* Error messages */
extern const char *myisam_recover_options_str;
extern const char *in_left_expr_name, *in_additional_cond;

12
sql/mysqld.cc
View file

@ -218,7 +218,7 @@ const char *sql_mode_names[] =
TYPELIB sql_mode_typelib= { array_elements(sql_mode_names)-1,"",
sql_mode_names };
const char *first_keyword= "first", *binary_keyword= "BINARY";
const char *localhost= "localhost", *delayed_user= "DELAYED";
const char *my_localhost= "localhost", *delayed_user= "DELAYED";
#if SIZEOF_OFF_T > 4 && defined(BIG_TABLES)
#define GET_HA_ROWS GET_ULL
#else
@ -875,8 +875,10 @@ void clean_up(bool print_message)
if (use_slave_mask)
bitmap_free(&slave_error_mask);
#endif
#ifndef NO_EMBEDDED_ACCESS_CHECKS
acl_free(1);
grant_free();
#endif
query_cache_destroy();
table_cache_free();
hostname_cache_free();
@ -1672,6 +1674,7 @@ static void init_signals(void)
}
#ifndef EMBEDDED_LIBRARY
static void start_signal_handler(void)
{
int error;
@ -1834,6 +1837,7 @@ extern "C" void *signal_hand(void *arg __attribute__((unused)))
}
return(0); /* purecov: deadcode */
}
#endif /*!EMBEDDED_LIBRARY*/
static void check_data_home(const char *path)
{}
@ -3111,7 +3115,7 @@ extern "C" pthread_handler_decl(handle_connections_sockets,
continue;
}
if (sock == unix_sock)
thd->host=(char*) localhost;
thd->host=(char*) my_localhost;
#ifdef __WIN__
/* Set default wait_timeout */
ulong wait_timeout= global_system_variables.net_wait_timeout * 1000;
@ -3201,7 +3205,7 @@ extern "C" pthread_handler_decl(handle_connections_namedpipes,arg)
continue;
}
/* host name is unknown */
thd->host = my_strdup(localhost,MYF(0)); /* Host is unknown */
thd->host = my_strdup(my_localhost,MYF(0)); /* Host is unknown */
create_new_thread(thd);
}
@ -3410,7 +3414,7 @@ errorconn:
if (!event_client_read) CloseHandle(event_client_read);
continue;
}
thd->host = my_strdup(localhost,MYF(0)); /* Host is unknown */
thd->host = my_strdup(my_localhost,MYF(0)); /* Host is unknown */
create_new_thread(thd);
uint4korr(connect_number++);
}

3
sql/repl_failsafe.cc
View file

@ -153,9 +153,8 @@ int register_slave(THD* thd, uchar* packet, uint packet_length)
SLAVE_INFO *si;
uchar *p= packet, *p_end= packet + packet_length;
if (check_access(thd, REPL_SLAVE_ACL, any_db))
if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0))
return 1;
if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME))))
goto err2;

13
sql/set_var.cc
View file

@ -1723,6 +1723,7 @@ byte *sys_var_insert_id::value_ptr(THD *thd, enum_var_type type,
bool sys_var_pseudo_thread_id::check(THD *thd, set_var *var)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (thd->master_access & SUPER_ACL)
return 0;
else
@ -1730,6 +1731,9 @@ bool sys_var_pseudo_thread_id::check(THD *thd, set_var *var)
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER");
return 1;
}
#else
return 0;
#endif
}
@ -2026,7 +2030,6 @@ int set_var::check(THD *thd)
}
if ((type == OPT_GLOBAL && check_global_access(thd, SUPER_ACL)))
return 1;
/* value is a NULL pointer if we are using SET ... = DEFAULT */
if (!value)
{
@ -2089,17 +2092,25 @@ int set_var_user::update(THD *thd)
int set_var_password::check(THD *thd)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!user->host.str)
user->host.str= (char*) thd->host_or_ip;
/* Returns 1 as the function sends error to client */
return check_change_password(thd, user->host.str, user->user.str) ? 1 : 0;
#else
return 0;
#endif
}
int set_var_password::update(THD *thd)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Returns 1 as the function sends error to client */
return (change_password(thd, user->host.str, user->user.str, password) ?
1 : 0);
#else
return 0;
#endif
}
/****************************************************************************

95
sql/sql_acl.cc
View file

@ -34,6 +34,7 @@
#include <m_ctype.h>
#include <stdarg.h>
#ifndef NO_EMBEDDED_ACCESS_CHECKS
class acl_entry :public hash_filo_element
{
@ -985,51 +986,6 @@ exit:
return (db_access & host_access);
}
int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr)
{
reg3 int flag;
DBUG_ENTER("wild_case_compare");
DBUG_PRINT("enter",("str: '%s' wildstr: '%s'",str,wildstr));
while (*wildstr)
{
while (*wildstr && *wildstr != wild_many && *wildstr != wild_one)
{
if (*wildstr == wild_prefix && wildstr[1])
wildstr++;
if (my_toupper(cs, *wildstr++) !=
my_toupper(cs, *str++)) DBUG_RETURN(1);
}
if (! *wildstr ) DBUG_RETURN (*str != 0);
if (*wildstr++ == wild_one)
{
if (! *str++) DBUG_RETURN (1); /* One char; skip */
}
else
{ /* Found '*' */
if (!*wildstr) DBUG_RETURN(0); /* '*' as last char: OK */
flag=(*wildstr != wild_many && *wildstr != wild_one);
do
{
if (flag)
{
char cmp;
if ((cmp= *wildstr) == wild_prefix && wildstr[1])
cmp=wildstr[1];
cmp=my_toupper(cs, cmp);
while (*str && my_toupper(cs, *str) != cmp)
str++;
if (!*str) DBUG_RETURN (1);
}
if (wild_case_compare(cs, str,wildstr) == 0) DBUG_RETURN (0);
} while (*str++);
DBUG_RETURN(1);
}
}
DBUG_RETURN (*str != '\0');
}
/*
Check if there are any possible matching entries for this host
@ -1136,7 +1092,7 @@ bool check_change_password(THD *thd, const char *host, const char *user)
(strcmp(thd->user,user) ||
my_strcasecmp(&my_charset_latin1, host, thd->host_or_ip)))
{
if (check_access(thd, UPDATE_ACL, "mysql",0,1))
if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
return(1);
}
if (!thd->slave_thread && !thd->user[0])
@ -3605,3 +3561,50 @@ template class List_iterator<LEX_USER>;
template class List<LEX_COLUMN>;
template class List<LEX_USER>;
#endif
#endif /*NO_EMBEDDED_ACCESS_CHECKS */
int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr)
{
reg3 int flag;
DBUG_ENTER("wild_case_compare");
DBUG_PRINT("enter",("str: '%s' wildstr: '%s'",str,wildstr));
while (*wildstr)
{
while (*wildstr && *wildstr != wild_many && *wildstr != wild_one)
{
if (*wildstr == wild_prefix && wildstr[1])
wildstr++;
if (my_toupper(cs, *wildstr++) !=
my_toupper(cs, *str++)) DBUG_RETURN(1);
}
if (! *wildstr ) DBUG_RETURN (*str != 0);
if (*wildstr++ == wild_one)
{
if (! *str++) DBUG_RETURN (1); /* One char; skip */
}
else
{ /* Found '*' */
if (!*wildstr) DBUG_RETURN(0); /* '*' as last char: OK */
flag=(*wildstr != wild_many && *wildstr != wild_one);
do
{
if (flag)
{
char cmp;
if ((cmp= *wildstr) == wild_prefix && wildstr[1])
cmp=wildstr[1];
cmp=my_toupper(cs, cmp);
while (*str && my_toupper(cs, *str) != cmp)
str++;
if (!*str) DBUG_RETURN (1);
}
if (wild_case_compare(cs, str,wildstr) == 0) DBUG_RETURN (0);
} while (*str++);
DBUG_RETURN(1);
}
}
DBUG_RETURN (*str != '\0');
}

6
sql/sql_acl.h
View file

@ -14,7 +14,6 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#define SELECT_ACL (1L << 0)
#define INSERT_ACL (1L << 1)
#define UPDATE_ACL (1L << 2)
@ -59,6 +58,8 @@
#define EXTRA_ACL (1L << 29)
#define NO_ACCESS (1L << 30)
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/*
Defines to change the above bits to how things are stored in tables
This is needed as the 'host' and 'db' table is missing a few privileges
@ -162,3 +163,6 @@ void get_privilege_desc(char *to, uint max_length, ulong access);
void get_mqh(const char *user, const char *host, USER_CONN *uc);
int mysql_drop_user(THD *thd, List <LEX_USER> &list);
int mysql_revoke_all(THD *thd, List <LEX_USER> &list);
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/

6
sql/sql_base.cc
View file

@ -158,7 +158,6 @@ OPEN_TABLE_LIST *list_open_tables(THD *thd, const char *wild)
table_list.grant.privilege=0;
if (check_table_access(thd,SELECT_ACL | EXTRA_ACL,&table_list,1))
continue;
/* need to check if we haven't already listed it */
for (table= open_list ; table ; table=table->next)
{
@ -1696,8 +1695,10 @@ Field *find_field_in_table(THD *thd,TABLE *table,const char *name,uint length,
else
thd->dupp_field=field;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_grants && check_grant_column(thd,table,name,length))
return WRONG_GRANT;
#endif
return field;
}
@ -2099,11 +2100,12 @@ insert_fields(THD *thd,TABLE_LIST *tables, const char *db_name,
tables->alias) &&
(!db_name || !strcmp(tables->db,db_name))))
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Ensure that we have access right to all columns */
if (!(table->grant.privilege & SELECT_ACL) &&
check_grant_all_columns(thd,SELECT_ACL,table))
DBUG_RETURN(-1);
#endif
Field **ptr=table->field,*field;
thd->used_tables|=table->map;
while ((field = *ptr++))

2
sql/sql_cache.cc
View file

@ -1002,6 +1002,7 @@ Query_cache::send_result_to_client(THD *thd, char *sql, uint query_length)
Query_cache_table *table = block_table->parent;
table_list.db = table->db();
table_list.alias= table_list.real_name= table->table();
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_table_access(thd,SELECT_ACL,&table_list,1))
{
DBUG_PRINT("qcache",
@ -1021,6 +1022,7 @@ Query_cache::send_result_to_client(THD *thd, char *sql, uint query_length)
thd->lex.safe_to_cache_query= 0; // Don't try to cache this
goto err_unlock; // Parse query
}
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
if (check_tables && !handler::caching_allowed(thd, table->db(),
table->key_length(),
table->type()))

4
sql/sql_class.cc
View file

@ -135,7 +135,9 @@ THD::THD():user_time(0), is_fatal_error(0),
slave_net = 0;
command=COM_CONNECT;
set_query_id=1;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
db_access=NO_ACCESS;
#endif
version=refresh_version; // For boot
*scramble= '\0';
@ -316,7 +318,7 @@ THD::~THD()
#endif
DBUG_PRINT("info", ("freeing host"));
if (host != localhost) // If not pointer to constant
if (host != my_localhost) // If not pointer to constant
safeFree(host);
if (user != delayed_user)
safeFree(user);

8
sql/sql_db.cc
View file

@ -592,6 +592,7 @@ bool mysql_change_db(THD *thd, const char *name)
DBUG_RETURN(1);
}
DBUG_PRINT("info",("Use database: %s", dbname));
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (test_all_bits(thd->master_access,DB_ACLS))
db_access=DB_ACLS;
else
@ -611,7 +612,7 @@ bool mysql_change_db(THD *thd, const char *name)
my_free(dbname,MYF(0));
DBUG_RETURN(1);
}
#endif
(void) sprintf(path,"%s/%s",mysql_data_home,dbname);
length=unpack_dirname(path,path); // Convert if not unix
if (length && path[length-1] == FN_LIBCHAR)
@ -626,8 +627,9 @@ bool mysql_change_db(THD *thd, const char *name)
x_free(thd->db);
thd->db=dbname; // THD::~THD will free this
thd->db_length=db_length;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
thd->db_access=db_access;
#endif
strmov(path+unpack_dirname(path,path), MY_DB_OPT_FILE);
load_db_opt(thd, path, &create);
thd->db_charset= create.table_charset ?
@ -656,6 +658,7 @@ int mysqld_show_create_db(THD *thd, char *dbname,
DBUG_RETURN(1);
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (test_all_bits(thd->master_access,DB_ACLS))
db_access=DB_ACLS;
else
@ -674,6 +677,7 @@ int mysqld_show_create_db(THD *thd, char *dbname,
dbname);
DBUG_RETURN(1);
}
#endif
(void) sprintf(path,"%s/%s",mysql_data_home, dbname);
length=unpack_dirname(path,path); // Convert if not unix

10
sql/sql_derived.cc
View file

@ -89,13 +89,15 @@ int mysql_derived(THD *thd, LEX *lex, SELECT_LEX_UNIT *unit,
We have to do access checks here as this code is executed before any
sql command is started to execute.
*/
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (tables)
res= check_table_access(thd,SELECT_ACL, tables);
res= check_table_access(thd,SELECT_ACL, tables,0);
else
res= check_access(thd, SELECT_ACL, any_db);
res= check_access(thd, SELECT_ACL, any_db,0,0,0);
if (res)
DBUG_RETURN(1);
#endif
if (!(res=open_and_lock_tables(thd,tables)))
{
if (is_union || is_subsel)
@ -201,7 +203,9 @@ int mysql_derived(THD *thd, LEX *lex, SELECT_LEX_UNIT *unit,
org_table_list->table=table;
table->derived_select_number= select_cursor->select_number;
table->tmp_table= TMP_TABLE;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
org_table_list->grant.privilege= SELECT_ACL;
#endif
if (lex->describe)
{
// to fix a problem in EXPLAIN

9
sql/sql_insert.cc
View file

@ -60,9 +60,11 @@ check_insert_fields(THD *thd,TABLE *table,List<Item> &fields,
MYF(0),counter);
return -1;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (grant_option &&
check_grant_all_columns(thd,INSERT_ACL,table))
return -1;
#endif
table->time_stamp=0; // This is saved by caller
}
else
@ -96,7 +98,9 @@ check_insert_fields(THD *thd,TABLE *table,List<Item> &fields,
table->time_stamp= table->timestamp_field->offset()+1;
}
// For the values we need select_priv
#ifndef NO_EMBEDDED_ACCESS_CHECKS
table->grant.want_privilege=(SELECT_ACL & ~table->grant.privilege);
#endif
return 0;
}
@ -130,14 +134,15 @@ int mysql_insert(THD *thd,TABLE_LIST *table_list,
thd->lex.select_lex.table_list.first;
DBUG_ENTER("mysql_insert");
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (thd->master_access & SUPER_ACL)
#endif
{
if (!(thd->options & OPTION_UPDATE_LOG))
log_on&= ~(int) DELAYED_LOG_UPDATE;
if (!(thd->options & OPTION_BIN_LOG))
log_on&= ~(int) DELAYED_LOG_BIN;
}
/*
in safe mode or with skip-new change delayed insert to be regular
if we are told to replace duplicates, the insert cannot be concurrent
@ -626,7 +631,7 @@ public:
group_count(0)
{
thd.user=thd.priv_user=(char*) delayed_user;
thd.host=(char*) localhost;
thd.host=(char*) my_localhost;
thd.current_tablenr=0;
thd.version=refresh_version;
thd.command=COM_DELAYED_INSERT;

294
sql/sql_parse.cc
View file

@ -52,15 +52,19 @@ extern "C" int gethostname(char *name, int namelen);
static int check_for_max_user_connections(THD *thd, USER_CONN *uc);
static void decrease_user_connections(USER_CONN *uc);
static bool check_db_used(THD *thd,TABLE_LIST *tables);
#ifndef NO_EMBEDDED_ACCESS_CHECKS
static bool check_merge_table_access(THD *thd, char *db, TABLE_LIST *tables);
static bool single_table_command_access(THD *thd, ulong privilege,
TABLE_LIST *tables, int *res);
#else
#define check_merge_table_access(thd, db, tables) false
#define single_table_command_access(thd, privilege, tables, res) false
#endif
static void remove_escape(char *name);
static void refresh_status(void);
static bool append_file_to_dir(THD *thd, char **filename_ptr,
char *table_name);
static bool single_table_command_access(THD *thd, ulong privilege,
TABLE_LIST *tables, int *res);
const char *any_db="*any*"; // Special symbol for check_access
const char *command_name[]={
@ -174,7 +178,7 @@ end:
}
#ifndef EMBEDDED_LIBRARY
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/*
Check if user exist and password supplied is correct.
@ -201,9 +205,9 @@ end:
>0 error, not sent to client
*/
static int check_user(THD *thd, enum enum_server_command command,
const char *passwd, uint passwd_len, const char *db,
bool check_count)
int check_user(THD *thd, enum enum_server_command command,
const char *passwd, uint passwd_len, const char *db,
bool check_count)
{
DBUG_ENTER("check_user");
@ -238,6 +242,7 @@ static int check_user(THD *thd, enum enum_server_command command,
USER_RESOURCES ur;
int res= acl_getroot(thd, &ur, passwd, passwd_len);
#ifndef EMBEDDED_LIBRARY
if (res == -1)
{
/*
@ -265,6 +270,7 @@ static int check_user(THD *thd, enum enum_server_command command,
/* So as passwd is short, errcode is always >= 0 */
res= acl_getroot(thd, &ur, (char *) net->read_pos, SCRAMBLE_LENGTH_323);
}
#endif /*EMBEDDED_LIBRARY*/
/* here res is always >= 0 */
if (res == 0)
{
@ -350,7 +356,7 @@ static int check_user(THD *thd, enum enum_server_command command,
DBUG_RETURN(-1);
}
#endif // EMBEDDED_LIBRARY
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
/*
@ -461,6 +467,7 @@ bool is_update_query(enum enum_sql_command command)
return uc_update_queries[command];
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/*
Check if maximum queries per hour limit has been reached
returns 0 if OK.
@ -551,7 +558,7 @@ static void reset_mqh(THD *thd, LEX_USER *lu, bool get_them= 0)
}
(void) pthread_mutex_unlock(&LOCK_user_conn);
}
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
/*
Perform handshake, authorize client and update thd ACL variables.
@ -565,9 +572,8 @@ static void reset_mqh(THD *thd, LEX_USER *lu, bool get_them= 0)
> 0 error code (not sent to user)
*/
#ifndef EMBEDDED_LIBRARY
static int
check_connection(THD *thd)
#ifndef EMBEDDED_LIBRARY
static int check_connection(THD *thd)
{
uint connect_errors= 0;
NET *net= &thd->net;
@ -588,8 +594,8 @@ check_connection(THD *thd)
/* Fast local hostname resolve for Win32 */
if (!strcmp(thd->ip,"127.0.0.1"))
{
thd->host= (char*) localhost;
thd->host_or_ip= localhost;
thd->host= (char*) my_localhost;
thd->host_or_ip= my_localhost;
}
else
#endif
@ -622,7 +628,6 @@ check_connection(THD *thd)
bzero((char*) &thd->remote, sizeof(struct sockaddr));
}
vio_keepalive(net->vio, TRUE);
ulong pkt_len= 0;
char *end;
{
@ -812,7 +817,6 @@ check_connection(THD *thd)
return check_user(thd, COM_CONNECT, passwd, passwd_len, db, true);
}
pthread_handler_decl(handle_one_connection,arg)
{
THD *thd=(THD*) arg;
@ -1038,11 +1042,12 @@ int mysql_table_dump(THD* thd, char* db, char* tbl_name, int fd)
if (!(table=open_ltable(thd, table_list, TL_READ_NO_INSERT)))
DBUG_RETURN(1);
if (check_access(thd, SELECT_ACL, db, &table_list->grant.privilege))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd, SELECT_ACL, db, &table_list->grant.privilege,0,0))
goto err;
if (grant_option && check_grant(thd, SELECT_ACL, table_list))
goto err;
#endif
thd->free_list = 0;
thd->query_length=(uint) strlen(tbl_name);
thd->query = tbl_name;
@ -1342,11 +1347,13 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
my_casedn_str(files_charset_info, table_list.real_name);
remove_escape(table_list.real_name); // This can't have wildcards
if (check_access(thd,SELECT_ACL,table_list.db,&thd->col_access))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,SELECT_ACL,table_list.db,&thd->col_access,0,0))
break;
table_list.grant.privilege=thd->col_access;
if (grant_option && check_grant(thd,SELECT_ACL,&table_list,2))
break;
#endif /*DONT_ALLOW_SHOW_COMMANDS*/
mysqld_list_fields(thd,&table_list,fields);
free_items(thd->free_list);
break;
@ -1369,7 +1376,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
net_printf(thd,ER_WRONG_DB_NAME, db ? db : "NULL");
break;
}
if (check_access(thd,CREATE_ACL,db,0,1))
if (check_access(thd,CREATE_ACL,db,0,1,0))
break;
mysql_log.write(thd,command,packet);
mysql_create_db(thd,db,0,0);
@ -1385,7 +1392,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
net_printf(thd,ER_WRONG_DB_NAME, db ? db : "NULL");
break;
}
if (check_access(thd,DROP_ACL,db,0,1))
if (check_access(thd,DROP_ACL,db,0,1,0))
break;
if (thd->locked_tables || thd->active_transaction())
{
@ -1423,6 +1430,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
break;
}
#endif
#ifndef NO_EMBEDDED_ACCESS_CHECKS
case COM_REFRESH:
{
statistic_increment(com_stat[SQLCOM_FLUSH],&LOCK_status);
@ -1436,6 +1444,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
send_ok(thd);
break;
}
#endif
#ifndef EMBEDDED_LIBRARY
case COM_SHUTDOWN:
statistic_increment(com_other,&LOCK_status);
@ -1488,11 +1497,19 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
break;
case COM_PROCESS_INFO:
statistic_increment(com_stat[SQLCOM_SHOW_PROCESSLIST],&LOCK_status);
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!thd->priv_user[0] && check_global_access(thd,PROCESS_ACL))
break;
#endif
mysql_log.write(thd,command,NullS);
mysqld_list_processes(thd,thd->master_access & PROCESS_ACL ? NullS :
thd->priv_user,0);
mysqld_list_processes(thd,
#ifndef NO_EMBEDDED_ACCESS_CHECKS
thd->master_access & PROCESS_ACL ?
NullS : thd->priv_user
#else
NullS
#endif
,0);
break;
case COM_PROCESS_KILL:
{
@ -1632,7 +1649,7 @@ mysql_execute_command(THD *thd)
*/
thd->old_total_warn_count= thd->total_warn_count;
#ifndef EMBEDDED_LIBRARY
#ifdef HAVE_REPLICATON
if (thd->slave_thread)
{
/*
@ -1658,7 +1675,7 @@ mysql_execute_command(THD *thd)
}
#endif
}
#endif /* !EMBEDDED_LIBRARY */
#endif /* !HAVE_REPLICATION */
/*
TODO: make derived tables processing 'inside' SELECT processing.
TODO: solve problem with depended derived tables in subselects
@ -1693,7 +1710,11 @@ mysql_execute_command(THD *thd)
Except for the replication thread and the 'super' users.
*/
if (opt_readonly &&
!(thd->slave_thread || (thd->master_access & SUPER_ACL)) &&
!(thd->slave_thread
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|| (thd->master_access & SUPER_ACL)
#endif
) &&
(uc_update_queries[lex->sql_command] > 0))
{
send_error(thd, ER_CANT_UPDATE_WITH_READLOCK);
@ -1705,22 +1726,23 @@ mysql_execute_command(THD *thd)
case SQLCOM_SELECT:
{
select_result *result=lex->result;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (tables)
{
res=check_table_access(thd,
lex->exchange ? SELECT_ACL | FILE_ACL :
SELECT_ACL,
tables);
tables,0);
}
else
res=check_access(thd, lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL,
any_db);
any_db,0,0,0);
if (res)
{
res=0;
break; // Error message is given
}
#endif
/*
In case of single SELECT unit->global_parameters points on first SELECT
TODO: move counters to SELECT_LEX
@ -1772,8 +1794,9 @@ mysql_execute_command(THD *thd)
}
break;
}
case SQLCOM_DO:
if (tables && ((res= check_table_access(thd, SELECT_ACL, tables)) ||
if (tables && ((res= check_table_access(thd, SELECT_ACL, tables,0)) ||
(res= open_and_lock_tables(thd,tables))))
break;
@ -1809,7 +1832,6 @@ mysql_execute_command(THD *thd)
break;
}
#endif
case SQLCOM_SHOW_WARNS:
{
res= mysqld_show_warnings(thd, (ulong)
@ -1859,7 +1881,7 @@ mysql_execute_command(THD *thd)
case SQLCOM_BACKUP_TABLE:
{
if (check_db_used(thd,tables) ||
check_table_access(thd,SELECT_ACL, tables) ||
check_table_access(thd,SELECT_ACL, tables,0) ||
check_global_access(thd, FILE_ACL))
goto error; /* purecov: inspected */
res = mysql_backup_table(thd, tables);
@ -1869,7 +1891,7 @@ mysql_execute_command(THD *thd)
case SQLCOM_RESTORE_TABLE:
{
if (check_db_used(thd,tables) ||
check_table_access(thd, INSERT_ACL, tables) ||
check_table_access(thd, INSERT_ACL, tables,0) ||
check_global_access(thd, FILE_ACL))
goto error; /* purecov: inspected */
res = mysql_restore_table(thd, tables);
@ -1878,7 +1900,7 @@ mysql_execute_command(THD *thd)
case SQLCOM_PRELOAD_KEYS:
{
if (check_db_used(thd, tables) ||
check_access(thd, INDEX_ACL, tables->db, &tables->grant.privilege))
check_access(thd, INDEX_ACL, tables->db, &tables->grant.privilege,0,0))
goto error;
res = mysql_preload_keys(thd, tables);
break;
@ -1935,7 +1957,8 @@ mysql_execute_command(THD *thd)
{
if (!tables->db)
tables->db=thd->db;
if (check_access(thd,CREATE_ACL,tables->db,&tables->grant.privilege))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,CREATE_ACL,tables->db,&tables->grant.privilege,0,0))
goto error; /* purecov: inspected */
if (grant_option)
{
@ -1947,6 +1970,7 @@ mysql_execute_command(THD *thd)
if (error)
goto error;
}
#endif
if (strlen(tables->real_name) > NAME_LEN)
{
net_printf(thd,ER_WRONG_TABLE_NAME,tables->real_name);
@ -1966,11 +1990,14 @@ mysql_execute_command(THD *thd)
case SQLCOM_CREATE_TABLE:
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
ulong want_priv= ((lex->create_info.options & HA_LEX_CREATE_TMP_TABLE) ?
CREATE_TMP_ACL : CREATE_ACL);
#endif
if (!tables->db)
tables->db=thd->db;
if (check_access(thd,want_priv,tables->db,&tables->grant.privilege) ||
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,want_priv,tables->db,&tables->grant.privilege,0,0) ||
check_merge_table_access(thd, tables->db,
(TABLE_LIST *)
lex->create_info.merge_list.first))
@ -1985,6 +2012,7 @@ mysql_execute_command(THD *thd)
if (error)
goto error;
}
#endif
if (strlen(tables->real_name) > NAME_LEN)
{
net_printf(thd, ER_WRONG_TABLE_NAME, tables->alias);
@ -2014,11 +2042,13 @@ mysql_execute_command(THD *thd)
net_printf(thd,ER_UPDATE_TABLE_USED,tables->real_name);
DBUG_VOID_RETURN;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (tables->next)
{
if (check_table_access(thd, SELECT_ACL, tables->next))
if (check_table_access(thd, SELECT_ACL, tables->next,0))
goto error; // Error message is given
}
#endif
select_lex->options|= SELECT_NO_UNLOCK;
unit->offset_limit_cnt= select_lex->offset_limit;
unit->select_limit_cnt= select_lex->select_limit+
@ -2061,10 +2091,12 @@ mysql_execute_command(THD *thd)
case SQLCOM_CREATE_INDEX:
if (!tables->db)
tables->db=thd->db;
if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege,0,0))
goto error; /* purecov: inspected */
if (grant_option && check_grant(thd,INDEX_ACL,tables))
goto error;
#endif
if (end_active_trans(thd))
res= -1;
else
@ -2123,14 +2155,15 @@ mysql_execute_command(THD *thd)
tables->db=thd->db;
if (!select_lex->db)
select_lex->db=tables->db;
if (check_access(thd,ALTER_ACL,tables->db,&tables->grant.privilege) ||
check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv) ||
if (check_access(thd,ALTER_ACL,tables->db,&tables->grant.privilege,0,0) ||
check_access(thd,INSERT_ACL | CREATE_ACL,select_lex->db,&priv,0,0)||
check_merge_table_access(thd, tables->db,
(TABLE_LIST *)
lex->create_info.merge_list.first))
goto error; /* purecov: inspected */
if (!tables->db)
tables->db=thd->db;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (grant_option)
{
if (check_grant(thd,ALTER_ACL,tables))
@ -2146,6 +2179,7 @@ mysql_execute_command(THD *thd)
goto error;
}
}
#endif
/* Don't yet allow changing of symlinks with ALTER TABLE */
lex->create_info.data_file_name=lex->create_info.index_file_name=0;
/* ALTER TABLE ends previous transaction */
@ -2164,18 +2198,19 @@ mysql_execute_command(THD *thd)
}
break;
}
#endif
#endif /*DONT_ALLOW_SHOW_COMMANDS*/
case SQLCOM_RENAME_TABLE:
{
TABLE_LIST *table;
if (check_db_used(thd,tables))
goto error;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
for (table=tables ; table ; table=table->next->next)
{
if (check_access(thd, ALTER_ACL | DROP_ACL, table->db,
&table->grant.privilege) ||
&table->grant.privilege,0,0) ||
check_access(thd, INSERT_ACL | CREATE_ACL, table->next->db,
&table->next->grant.privilege))
&table->next->grant.privilege,0,0))
goto error;
if (grant_option)
{
@ -2190,6 +2225,7 @@ mysql_execute_command(THD *thd)
goto error;
}
}
#endif
query_cache_invalidate3(thd, tables, 0);
if (end_active_trans(thd))
res= -1;
@ -2219,7 +2255,7 @@ mysql_execute_command(THD *thd)
{
if (check_db_used(thd, tables) ||
check_access(thd, SELECT_ACL | EXTRA_ACL, tables->db,
&tables->grant.privilege))
&tables->grant.privilege,0,0))
goto error;
res = mysqld_show_create(thd, tables);
break;
@ -2228,7 +2264,7 @@ mysql_execute_command(THD *thd)
case SQLCOM_CHECKSUM:
{
if (check_db_used(thd,tables) ||
check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables))
check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables,0))
goto error; /* purecov: inspected */
res = mysql_checksum_table(thd, tables, &lex->check_opt);
break;
@ -2236,7 +2272,7 @@ mysql_execute_command(THD *thd)
case SQLCOM_REPAIR:
{
if (check_db_used(thd,tables) ||
check_table_access(thd,SELECT_ACL | INSERT_ACL, tables))
check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0))
goto error; /* purecov: inspected */
res = mysql_repair_table(thd, tables, &lex->check_opt);
/* ! we write after unlocking the table */
@ -2254,7 +2290,7 @@ mysql_execute_command(THD *thd)
case SQLCOM_CHECK:
{
if (check_db_used(thd,tables) ||
check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables))
check_table_access(thd, SELECT_ACL | EXTRA_ACL , tables,0))
goto error; /* purecov: inspected */
res = mysql_check_table(thd, tables, &lex->check_opt);
break;
@ -2262,7 +2298,7 @@ mysql_execute_command(THD *thd)
case SQLCOM_ANALYZE:
{
if (check_db_used(thd,tables) ||
check_table_access(thd,SELECT_ACL | INSERT_ACL, tables))
check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0))
goto error; /* purecov: inspected */
res = mysql_analyze_table(thd, tables, &lex->check_opt);
/* ! we write after unlocking the table */
@ -2282,7 +2318,7 @@ mysql_execute_command(THD *thd)
{
HA_CREATE_INFO create_info;
if (check_db_used(thd,tables) ||
check_table_access(thd,SELECT_ACL | INSERT_ACL, tables))
check_table_access(thd,SELECT_ACL | INSERT_ACL, tables,0))
goto error; /* purecov: inspected */
if (specialflag & (SPECIAL_SAFE_MODE | SPECIAL_NO_NEW_FUNC))
{
@ -2322,7 +2358,6 @@ mysql_execute_command(THD *thd)
if (single_table_command_access(thd, UPDATE_ACL, tables, &res))
goto error;
if (select_lex->item_list.elements != lex->value_list.elements)
{
send_error(thd,ER_WRONG_VALUE_COUNT);
@ -2340,10 +2375,12 @@ mysql_execute_command(THD *thd)
res= -1;
break;
case SQLCOM_UPDATE_MULTI:
if (check_access(thd,UPDATE_ACL,tables->db,&tables->grant.privilege))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,UPDATE_ACL,tables->db,&tables->grant.privilege,0,0))
goto error;
if (grant_option && check_grant(thd,UPDATE_ACL,tables))
goto error;
#endif
if (select_lex->item_list.elements != lex->value_list.elements)
{
send_error(thd,ER_WRONG_VALUE_COUNT);
@ -2373,13 +2410,14 @@ mysql_execute_command(THD *thd)
case SQLCOM_REPLACE:
case SQLCOM_INSERT:
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
my_bool update=(lex->value_list.elements ? UPDATE_ACL : 0);
ulong privilege= (lex->duplicates == DUP_REPLACE ?
INSERT_ACL | DELETE_ACL : INSERT_ACL | update);
if (single_table_command_access(thd, privilege, tables, &res))
goto error;
#endif
if (select_lex->item_list.elements != lex->value_list.elements)
{
send_error(thd,ER_WRONG_VALUE_COUNT);
@ -2387,7 +2425,12 @@ mysql_execute_command(THD *thd)
}
res = mysql_insert(thd,tables,lex->field_list,lex->many_values,
select_lex->item_list, lex->value_list,
(update ? DUP_UPDATE : lex->duplicates));
#ifndef NO_EMBEDDED_ACCESS_CHECKS
(update ? DUP_UPDATE : lex->duplicates)
#else
DUP_UPDATE
#endif
);
if (thd->net.report_error)
res= -1;
break;
@ -2400,19 +2443,22 @@ mysql_execute_command(THD *thd)
Check that we have modify privileges for the first table and
select privileges for the rest
*/
#ifndef NO_EMBEDDED_ACCESS_CHECKS
{
ulong privilege= (lex->duplicates == DUP_REPLACE ?
INSERT_ACL | DELETE_ACL : INSERT_ACL);
TABLE_LIST *save_next=tables->next;
tables->next=0;
if (check_access(thd, privilege,
tables->db,&tables->grant.privilege) ||
tables->db,&tables->grant.privilege,0,0) ||
(grant_option && check_grant(thd, privilege, tables)))
goto error;
tables->next=save_next;
if ((res=check_table_access(thd, SELECT_ACL, save_next)))
if ((res=check_table_access(thd, SELECT_ACL, save_next,0)))
goto error;
}
#endif
/* Don't unlock tables until command is written to binary log */
select_lex->options|= SELECT_NO_UNLOCK;
@ -2446,10 +2492,12 @@ mysql_execute_command(THD *thd)
break;
}
case SQLCOM_TRUNCATE:
if (check_access(thd,DELETE_ACL,tables->db,&tables->grant.privilege))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,DELETE_ACL,tables->db,&tables->grant.privilege,0,0))
goto error; /* purecov: inspected */
if (grant_option && check_grant(thd,DELETE_ACL,tables))
goto error;
#endif
/*
Don't allow this within a transaction because we want to use
re-generate table
@ -2463,11 +2511,12 @@ mysql_execute_command(THD *thd)
break;
case SQLCOM_DELETE:
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (single_table_command_access(thd, DELETE_ACL, tables, &res))
goto error;
// Set privilege for the WHERE clause
tables->grant.want_privilege=(SELECT_ACL & ~tables->grant.privilege);
#endif
res = mysql_delete(thd,tables, select_lex->where,
(ORDER*) select_lex->order_list.first,
select_lex->select_limit, select_lex->options);
@ -2484,8 +2533,8 @@ mysql_execute_command(THD *thd)
/* sql_yacc guarantees that tables and aux_tables are not zero */
if (check_db_used(thd, tables) || check_db_used(thd,aux_tables) ||
check_table_access(thd,SELECT_ACL, tables) ||
check_table_access(thd,DELETE_ACL, aux_tables))
check_table_access(thd,SELECT_ACL, tables,0) ||
check_table_access(thd,DELETE_ACL, aux_tables,0))
goto error;
if ((thd->options & OPTION_SAFE_UPDATES) && !select_lex->where)
{
@ -2562,7 +2611,7 @@ mysql_execute_command(THD *thd)
{
if (!lex->drop_temporary)
{
if (check_table_access(thd,DROP_ACL,tables))
if (check_table_access(thd,DROP_ACL,tables,0))
goto error; /* purecov: inspected */
if (end_active_trans(thd))
{
@ -2589,10 +2638,12 @@ mysql_execute_command(THD *thd)
case SQLCOM_DROP_INDEX:
if (!tables->db)
tables->db=thd->db;
if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,INDEX_ACL,tables->db,&tables->grant.privilege,0,0))
goto error; /* purecov: inspected */
if (grant_option && check_grant(thd,INDEX_ACL,tables))
goto error;
#endif
if (end_active_trans(thd))
res= -1;
else
@ -2610,12 +2661,18 @@ mysql_execute_command(THD *thd)
break;
#endif
case SQLCOM_SHOW_PROCESSLIST:
#ifndef EMBEDDED_LIBRARY
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!thd->priv_user[0] && check_global_access(thd,PROCESS_ACL))
break;
#endif
mysqld_list_processes(thd,thd->master_access & PROCESS_ACL ? NullS :
thd->priv_user,lex->verbose);
mysqld_list_processes(thd,
#ifndef NO_EMBEDDED_ACCESS_CHECKS
thd->master_access & PROCESS_ACL ? NullS :
thd->priv_user
#else
NullS
#endif
,lex->verbose);
break;
case SQLCOM_SHOW_TABLE_TYPES:
res= mysqld_show_table_types(thd);
@ -2641,8 +2698,10 @@ mysql_execute_command(THD *thd)
DBUG_VOID_RETURN;
#else
{
if (grant_option && check_access(thd, FILE_ACL, any_db))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (grant_option && check_access(thd, FILE_ACL, any_db,0,0,0))
goto error;
#endif
res= mysqld_show_logs(thd);
break;
}
@ -2666,7 +2725,8 @@ mysql_execute_command(THD *thd)
net_printf(thd,ER_WRONG_DB_NAME, db);
goto error;
}
if (check_access(thd,SELECT_ACL,db,&thd->col_access))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0))
goto error; /* purecov: inspected */
if (!thd->col_access && check_grant_db(thd,db))
{
@ -2676,6 +2736,7 @@ mysql_execute_command(THD *thd)
db);
goto error;
}
#endif
/* grant is checked in mysqld_show_tables */
if (select_lex->options & SELECT_DESCRIBE)
res= mysqld_extend_show_tables(thd,db,
@ -2709,11 +2770,13 @@ mysql_execute_command(THD *thd)
}
remove_escape(db); // Fix escaped '_'
remove_escape(tables->real_name);
if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,&thd->col_access))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,SELECT_ACL | EXTRA_ACL,db,&thd->col_access,0,0))
goto error; /* purecov: inspected */
tables->grant.privilege=thd->col_access;
if (grant_option && check_grant(thd,SELECT_ACL,tables,2))
goto error;
#endif
res= mysqld_show_fields(thd,tables,
(lex->wild ? lex->wild->ptr() : NullS),
lex->verbose);
@ -2736,11 +2799,13 @@ mysql_execute_command(THD *thd)
remove_escape(tables->real_name);
if (!tables->db)
tables->db=thd->db;
if (check_access(thd,SELECT_ACL,db,&thd->col_access))
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,SELECT_ACL,db,&thd->col_access,0,0))
goto error; /* purecov: inspected */
tables->grant.privilege=thd->col_access;
if (grant_option && check_grant(thd,SELECT_ACL,tables,2))
goto error;
#endif
res= mysqld_show_keys(thd,tables);
break;
}
@ -2751,12 +2816,13 @@ mysql_execute_command(THD *thd)
case SQLCOM_LOAD:
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
uint privilege= (lex->duplicates == DUP_REPLACE ?
INSERT_ACL | DELETE_ACL : INSERT_ACL);
if (!lex->local_file)
{
if (check_access(thd,privilege | FILE_ACL,tables->db))
if (check_access(thd,privilege | FILE_ACL,tables->db,0,0,0))
goto error;
}
else
@ -2767,17 +2833,18 @@ mysql_execute_command(THD *thd)
send_error(thd,ER_NOT_ALLOWED_COMMAND);
goto error;
}
if (check_access(thd,privilege,tables->db,&tables->grant.privilege) ||
if (check_access(thd,privilege,tables->db,&tables->grant.privilege,0,0) ||
grant_option && check_grant(thd,privilege,tables))
goto error;
}
#endif /*NO_EMBEDDED_ACCESS_CHECKS*/
res=mysql_load(thd, lex->exchange, tables, lex->field_list,
lex->duplicates, (bool) lex->local_file, lex->lock_option);
break;
}
case SQLCOM_SET_OPTION:
if (tables && ((res= check_table_access(thd, SELECT_ACL, tables)) ||
if (tables && ((res= check_table_access(thd, SELECT_ACL, tables,0)) ||
(res= open_and_lock_tables(thd,tables))))
break;
fix_tables_pointers(lex->all_selects_list);
@ -2802,7 +2869,7 @@ mysql_execute_command(THD *thd)
unlock_locked_tables(thd);
if (check_db_used(thd,tables) || end_active_trans(thd))
goto error;
if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, tables))
if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, tables,0))
goto error;
thd->in_lock_tables=1;
thd->options|= OPTION_TABLE_LOCK;
@ -2839,7 +2906,7 @@ mysql_execute_command(THD *thd)
break;
}
#endif
if (check_access(thd,CREATE_ACL,lex->name,0,1))
if (check_access(thd,CREATE_ACL,lex->name,0,1,0))
break;
res=mysql_create_db(thd,lex->name,&lex->create_info,0);
break;
@ -2867,7 +2934,7 @@ mysql_execute_command(THD *thd)
break;
}
#endif
if (check_access(thd,DROP_ACL,lex->name,0,1))
if (check_access(thd,DROP_ACL,lex->name,0,1,0))
break;
if (thd->locked_tables || thd->active_transaction())
{
@ -2884,7 +2951,7 @@ mysql_execute_command(THD *thd)
net_printf(thd,ER_WRONG_DB_NAME, lex->name);
break;
}
if (check_access(thd,ALTER_ACL,lex->name,0,1))
if (check_access(thd,ALTER_ACL,lex->name,0,1,0))
break;
if (thd->locked_tables || thd->active_transaction())
{
@ -2901,7 +2968,7 @@ mysql_execute_command(THD *thd)
net_printf(thd,ER_WRONG_DB_NAME, lex->name);
break;
}
if (check_access(thd,DROP_ACL,lex->name,0,1))
if (check_access(thd,DROP_ACL,lex->name,0,1,0))
break;
if (thd->locked_tables || thd->active_transaction())
{
@ -2912,7 +2979,7 @@ mysql_execute_command(THD *thd)
break;
}
case SQLCOM_CREATE_FUNCTION:
if (check_access(thd,INSERT_ACL,"mysql",0,1))
if (check_access(thd,INSERT_ACL,"mysql",0,1,0))
break;
#ifdef HAVE_DLOPEN
if (!(res = mysql_create_function(thd,&lex->udf)))
@ -2922,7 +2989,7 @@ mysql_execute_command(THD *thd)
#endif
break;
case SQLCOM_DROP_FUNCTION:
if (check_access(thd,DELETE_ACL,"mysql",0,1))
if (check_access(thd,DELETE_ACL,"mysql",0,1,0))
break;
#ifdef HAVE_DLOPEN
if (!(res = mysql_drop_function(thd,&lex->udf.name)))
@ -2931,9 +2998,10 @@ mysql_execute_command(THD *thd)
res= -1;
#endif
break;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
case SQLCOM_DROP_USER:
{
if (check_access(thd, GRANT_ACL,"mysql",0,1))
if (check_access(thd, GRANT_ACL,"mysql",0,1,0))
break;
if (!(res= mysql_drop_user(thd, lex->users_list)))
{
@ -2949,7 +3017,7 @@ mysql_execute_command(THD *thd)
}
case SQLCOM_REVOKE_ALL:
{
if (check_access(thd, GRANT_ACL ,"mysql",0,1))
if (check_access(thd, GRANT_ACL ,"mysql",0,1,0))
break;
if (!(res = mysql_revoke_all(thd, lex->users_list)))
{
@ -2969,7 +3037,7 @@ mysql_execute_command(THD *thd)
if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL,
tables && tables->db ? tables->db : select_lex->db,
tables ? &tables->grant.privilege : 0,
tables ? 0 : 1))
tables ? 0 : 1,0))
goto error;
/*
@ -2989,7 +3057,7 @@ mysql_execute_command(THD *thd)
my_strcasecmp(&my_charset_latin1,
user->host.str, thd->host_or_ip)))
{
if (check_access(thd, UPDATE_ACL, "mysql",0,1))
if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
goto error;
break; // We are allowed to do changes
}
@ -3079,21 +3147,24 @@ mysql_execute_command(THD *thd)
}
break;
}
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
case SQLCOM_KILL:
kill_one_thread(thd,lex->thread_id);
break;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
case SQLCOM_SHOW_GRANTS:
res=0;
if ((thd->priv_user &&
!strcmp(thd->priv_user,lex->grant_user->user.str)) ||
!check_access(thd, SELECT_ACL, "mysql",0,1))
!check_access(thd, SELECT_ACL, "mysql",0,1,0))
{
res = mysql_show_grants(thd,lex->grant_user);
}
break;
#endif
case SQLCOM_HA_OPEN:
if (check_db_used(thd,tables) ||
check_table_access(thd,SELECT_ACL, tables))
check_table_access(thd,SELECT_ACL, tables,0))
goto error;
res = mysql_ha_open(thd, tables);
break;
@ -3203,6 +3274,7 @@ error:
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/*
Check grants for commands which work only with one table and all other
tables belong to subselects.
@ -3223,7 +3295,7 @@ static bool single_table_command_access(THD *thd, ulong privilege,
TABLE_LIST *tables, int *res)
{
if (check_access(thd, privilege, tables->db, &tables->grant.privilege))
if (check_access(thd, privilege, tables->db, &tables->grant.privilege,0,0))
return 1;
// Show only 1 table for check_grant
@ -3236,7 +3308,7 @@ static bool single_table_command_access(THD *thd, ulong privilege,
if (subselects_tables)
{
tables->next= subselects_tables;
if ((*res= check_table_access(thd, SELECT_ACL, subselects_tables)))
if ((*res= check_table_access(thd, SELECT_ACL, subselects_tables,0)))
return 1;
}
return 0;
@ -3407,6 +3479,26 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
return FALSE;
}
static bool check_merge_table_access(THD *thd, char *db,
TABLE_LIST *table_list)
{
int error=0;
if (table_list)
{
/* Check that all tables use the current database */
TABLE_LIST *tmp;
for (tmp=table_list; tmp ; tmp=tmp->next)
{
if (!tmp->db || !tmp->db[0])
tmp->db=db;
}
error=check_table_access(thd, SELECT_ACL | UPDATE_ACL | DELETE_ACL,
table_list,0);
}
return error;
}
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
static bool check_db_used(THD *thd,TABLE_LIST *tables)
{
@ -3424,27 +3516,6 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables)
return FALSE;
}
static bool check_merge_table_access(THD *thd, char *db,
TABLE_LIST *table_list)
{
int error=0;
if (table_list)
{
/* Check that all tables use the current database */
TABLE_LIST *tmp;
for (tmp=table_list; tmp ; tmp=tmp->next)
{
if (!tmp->db || !tmp->db[0])
tmp->db=db;
}
error=check_table_access(thd, SELECT_ACL | UPDATE_ACL | DELETE_ACL,
table_list);
}
return error;
}
/****************************************************************************
Check stack size; Send error if there isn't enough stack to continue
****************************************************************************/
@ -3669,12 +3740,14 @@ mysql_parse(THD *thd, char *inBuf, uint length)
LEX *lex=lex_start(thd, (uchar*) inBuf, length);
if (!yyparse((void *)thd) && ! thd->is_fatal_error)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (mqh_used && thd->user_connect &&
check_mqh(thd, lex->sql_command))
{
thd->net.error = 0;
}
else
#endif
{
if (thd->net.report_error)
send_error(thd, 0, NullS);
@ -4279,7 +4352,7 @@ void add_join_natural(TABLE_LIST *a,TABLE_LIST *b)
b->natural_join=a;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/*
Reload/resets privileges and the different caches.
@ -4409,6 +4482,7 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
*write_to_binlog= tmp_write_to_binlog;
return result;
}
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
/*
@ -4440,14 +4514,18 @@ void kill_one_thread(THD *thd, ulong id)
VOID(pthread_mutex_unlock(&LOCK_thread_count));
if (tmp)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if ((thd->master_access & SUPER_ACL) ||
!strcmp(thd->user,tmp->user))
#endif
{
tmp->awake(1 /*prepare to die*/);
error=0;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
else
error=ER_KILL_DENIED_ERROR;
#endif
pthread_mutex_unlock(&tmp->LOCK_delete);
}

27
sql/sql_prepare.cc
View file

@ -523,16 +523,18 @@ static bool mysql_test_insert_fields(PREP_STMT *stmt,
List_item *values;
DBUG_ENTER("mysql_test_insert_fields");
#ifndef NO_EMBEDDED_ACCESS_CHECKS
my_bool update=(thd->lex.value_list.elements ? UPDATE_ACL : 0);
ulong privilege= (thd->lex.duplicates == DUP_REPLACE ?
INSERT_ACL | DELETE_ACL : INSERT_ACL | update);
if (check_access(thd,privilege,table_list->db,
&table_list->grant.privilege) ||
(grant_option && check_grant(thd,privilege,table_list)) ||
open_and_lock_tables(thd, table_list))
&table_list->grant.privilege,0,0) ||
(grant_option && check_grant(thd,privilege,table_list)))
DBUG_RETURN(1);
#endif
if (open_and_lock_tables(thd, table_list))
DBUG_RETURN(1);
table= table_list->table;
if ((values= its++))
@ -580,12 +582,14 @@ static bool mysql_test_upd_fields(PREP_STMT *stmt, TABLE_LIST *table_list,
THD *thd= stmt->thd;
DBUG_ENTER("mysql_test_upd_fields");
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_access(thd,UPDATE_ACL,table_list->db,
&table_list->grant.privilege) ||
(grant_option && check_grant(thd,UPDATE_ACL,table_list)) ||
open_and_lock_tables(thd, table_list))
&table_list->grant.privilege,0,0) ||
(grant_option && check_grant(thd,UPDATE_ACL,table_list)))
DBUG_RETURN(1);
#endif
if (open_and_lock_tables(thd, table_list))
DBUG_RETURN(1);
if (setup_tables(table_list) ||
setup_fields(thd, 0, table_list, fields, 1, 0, 0) ||
setup_conds(thd, table_list, &conds) || thd->net.report_error)
@ -626,15 +630,16 @@ static bool mysql_test_select_fields(PREP_STMT *stmt, TABLE_LIST *tables,
select_result *result= thd->lex.result;
DBUG_ENTER("mysql_test_select_fields");
#ifndef NO_EMBEDDED_ACCESS_CHECKS
ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL;
if (tables)
{
if (check_table_access(thd, privilege, tables))
if (check_table_access(thd, privilege, tables,0))
DBUG_RETURN(1);
}
else if (check_access(thd, privilege, "*any*"))
else if (check_access(thd, privilege, "*any*",0,0,0))
DBUG_RETURN(1);
#endif
if ((&lex->select_lex != lex->all_selects_list &&
lex->unit.create_total_list(thd, lex, &tables, 0)))
DBUG_RETURN(1);

4
sql/sql_repl.cc
View file

@ -667,7 +667,7 @@ int start_slave(THD* thd , MASTER_INFO* mi, bool net_report)
int thread_mask;
DBUG_ENTER("start_slave");
if (check_access(thd, SUPER_ACL, any_db))
if (check_access(thd, SUPER_ACL, any_db,0,0,0))
DBUG_RETURN(1);
lock_slave_threads(mi); // this allows us to cleanly read slave_running
// Get a mask of _stopped_ threads
@ -789,7 +789,7 @@ int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report )
if (!thd)
thd = current_thd;
if (check_access(thd, SUPER_ACL, any_db))
if (check_access(thd, SUPER_ACL, any_db,0,0,0))
return 1;
thd->proc_info = "Killing slave";
int thread_mask;

11
sql/sql_show.cc
View file

@ -73,10 +73,12 @@ mysqld_show_dbs(THD *thd,const char *wild)
while ((file_name=it++))
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (thd->master_access & (DB_ACLS | SHOW_DB_ACL) ||
acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
thd->priv_user, file_name,0) ||
(grant_option && !check_grant_db(thd, file_name)))
#endif
{
protocol->prepare_for_resend();
protocol->store(file_name, system_charset_info);
@ -437,6 +439,7 @@ mysql_find_files(THD *thd,List<char> *files, const char *db,const char *path,
continue;
}
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Don't show tables where we don't have any privileges */
if (db && !(col_access & TABLE_ACLS))
{
@ -446,6 +449,7 @@ mysql_find_files(THD *thd,List<char> *files, const char *db,const char *path,
if (check_grant(thd,TABLE_ACLS,&table_list,1,1))
continue;
}
#endif
if (files->push_back(thd->strdup(file->name)))
{
my_dirend(dirp);
@ -674,8 +678,9 @@ mysqld_show_fields(THD *thd, TABLE_LIST *table_list,const char *wild,
}
file=table->file;
file->info(HA_STATUS_VARIABLE | HA_STATUS_NO_LOCK);
#ifndef NO_EMBEDDED_ACCESS_CHECKS
(void) get_table_grant(thd, table_list);
#endif
List<Item> field_list;
field_list.push_back(new Item_empty_string("Field",NAME_LEN));
field_list.push_back(new Item_empty_string("Type",40));
@ -755,6 +760,7 @@ mysqld_show_fields(THD *thd, TABLE_LIST *table_list,const char *wild,
{
/* Add grant options & comments */
end=tmp;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
col_access= get_column_grant(thd,table_list,field) & COL_ACLS;
for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
{
@ -764,6 +770,9 @@ mysqld_show_fields(THD *thd, TABLE_LIST *table_list,const char *wild,
end=strmov(end,grant_types.type_names[bitnr]);
}
}
#else
end=strmov(end,"");
#endif
protocol->store(tmp+1,end == tmp ? 0 : (uint) (end-tmp-1),
system_charset_info);
protocol->store(field->comment.str, field->comment.length,

8
sql/sql_update.cc
View file

@ -86,8 +86,10 @@ int mysql_update(THD *thd,
/* Calculate "table->used_keys" based on the WHERE */
table->used_keys=table->keys_in_use;
table->quick_keys=0;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
want_privilege=table->grant.want_privilege;
table->grant.want_privilege=(SELECT_ACL & ~table->grant.privilege);
#endif
bzero((char*) &tables,sizeof(tables)); // For ORDER BY
tables.table= table;
@ -122,7 +124,9 @@ int mysql_update(THD *thd,
}
/* Check the fields we are going to modify */
#ifndef NO_EMBEDDED_ACCESS_CHECKS
table->grant.want_privilege=want_privilege;
#endif
if (setup_fields(thd, 0, update_table_list, fields, 1, 0, 0))
DBUG_RETURN(-1); /* purecov: inspected */
if (table->timestamp_field)
@ -134,8 +138,10 @@ int mysql_update(THD *thd,
table->timestamp_field->query_id=timestamp_query_id;
}
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Check values */
table->grant.want_privilege=(SELECT_ACL & ~table->grant.privilege);
#endif
if (setup_fields(thd, 0, update_table_list, values, 0, 0, 0))
{
free_underlaid_joins(thd, &thd->lex.select_lex);
@ -418,7 +424,9 @@ int mysql_multi_update(THD *thd,
TABLE_LIST *tl;
DBUG_ENTER("mysql_multi_update");
#ifndef NO_EMBEDDED_ACCESS_CHECKS
table_list->grant.want_privilege=(SELECT_ACL & ~table_list->grant.privilege);
#endif
if ((res=open_and_lock_tables(thd,table_list)))
DBUG_RETURN(res);
fix_tables_pointers(thd->lex.all_selects_list);