mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 20:12:31 +01:00
ac6877d420
* work as documented, use CURRENT_USER() * move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
11958 lines
362 KiB
C++
11958 lines
362 KiB
C++
/* Copyright (c) 2000, 2011, Oracle and/or its affiliates.
|
|
Copyright (c) 2009, 2013, Monty Program Ab
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; version 2 of the License.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */
|
|
|
|
|
|
/*
|
|
The privileges are saved in the following tables:
|
|
mysql/user ; super user who are allowed to do almost anything
|
|
mysql/host ; host privileges. This is used if host is empty in mysql/db.
|
|
mysql/db ; database privileges / user
|
|
|
|
data in tables is sorted according to how many not-wild-cards there is
|
|
in the relevant fields. Empty strings comes last.
|
|
*/
|
|
|
|
#include "my_global.h" /* NO_EMBEDDED_ACCESS_CHECKS */
|
|
#include "sql_priv.h"
|
|
#include "sql_acl.h" // MYSQL_DB_FIELD_COUNT, ACL_ACCESS
|
|
#include "sql_base.h" // close_mysql_tables
|
|
#include "key.h" // key_copy, key_cmp_if_same, key_restore
|
|
#include "sql_show.h" // append_identifier
|
|
#include "sql_table.h" // build_table_filename
|
|
#include "hash_filo.h"
|
|
#include "sql_parse.h" // check_access
|
|
#include "sql_view.h" // VIEW_ANY_ACL
|
|
#include "records.h" // READ_RECORD, read_record_info,
|
|
// init_read_record, end_read_record
|
|
#include "rpl_filter.h" // rpl_filter
|
|
#include <m_ctype.h>
|
|
#include <stdarg.h>
|
|
#include "sp_head.h"
|
|
#include "sp.h"
|
|
#include "transaction.h"
|
|
#include "lock.h" // MYSQL_LOCK_IGNORE_TIMEOUT
|
|
#include "records.h" // init_read_record, end_read_record
|
|
#include <sql_common.h>
|
|
#include <mysql/plugin_auth.h>
|
|
#include "sql_connect.h"
|
|
#include "hostname.h"
|
|
#include "sql_db.h"
|
|
#include "sql_array.h"
|
|
|
|
#include "sql_plugin_compat.h"
|
|
|
|
bool mysql_user_table_is_in_short_password_format= false;
|
|
|
|
static const
|
|
TABLE_FIELD_TYPE mysql_db_table_fields[MYSQL_DB_FIELD_COUNT] = {
|
|
{
|
|
{ C_STRING_WITH_LEN("Host") },
|
|
{ C_STRING_WITH_LEN("char(60)") },
|
|
{NULL, 0}
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Db") },
|
|
{ C_STRING_WITH_LEN("char(64)") },
|
|
{NULL, 0}
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("User") },
|
|
{ C_STRING_WITH_LEN("char(") },
|
|
{NULL, 0}
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Select_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Insert_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Update_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Delete_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Create_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Drop_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Grant_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("References_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Index_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Alter_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Create_tmp_table_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Lock_tables_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Create_view_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Show_view_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Create_routine_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Alter_routine_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Execute_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Event_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
},
|
|
{
|
|
{ C_STRING_WITH_LEN("Trigger_priv") },
|
|
{ C_STRING_WITH_LEN("enum('N','Y')") },
|
|
{ C_STRING_WITH_LEN("utf8") }
|
|
}
|
|
};
|
|
|
|
const TABLE_FIELD_DEF
|
|
mysql_db_table_def= {MYSQL_DB_FIELD_COUNT, mysql_db_table_fields, 0, (uint*) 0 };
|
|
|
|
static LEX_STRING native_password_plugin_name= {
|
|
C_STRING_WITH_LEN("mysql_native_password")
|
|
};
|
|
|
|
static LEX_STRING old_password_plugin_name= {
|
|
C_STRING_WITH_LEN("mysql_old_password")
|
|
};
|
|
|
|
/// @todo make it configurable
|
|
LEX_STRING *default_auth_plugin_name= &native_password_plugin_name;
|
|
|
|
/*
|
|
Constant used for differentiating specified user names and non specified
|
|
usernames. Example: userA -- userA@%
|
|
*/
|
|
LEX_STRING host_not_specified= { C_STRING_WITH_LEN("%") };
|
|
/*
|
|
Constant used in the SET ROLE NONE command
|
|
*/
|
|
LEX_STRING none_role= { C_STRING_WITH_LEN("NONE") };
|
|
/*
|
|
Constants, used in the SHOW GRANTS command.
|
|
Their actual string values are irrelevant, they're always compared
|
|
as pointers to these string constants.
|
|
*/
|
|
LEX_STRING current_user= { C_STRING_WITH_LEN("*current_user") };
|
|
LEX_STRING current_role= { C_STRING_WITH_LEN("*current_role") };
|
|
LEX_STRING current_user_and_current_role= { C_STRING_WITH_LEN("*current_user_and_current_role") };
|
|
|
|
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
static plugin_ref old_password_plugin;
|
|
#endif
|
|
static plugin_ref native_password_plugin;
|
|
|
|
/* Classes */
|
|
|
|
struct acl_host_and_ip
|
|
{
|
|
char *hostname;
|
|
long ip, ip_mask; // Used with masked ip:s
|
|
};
|
|
|
|
class ACL_ACCESS {
|
|
public:
|
|
ulong sort;
|
|
ulong access;
|
|
};
|
|
|
|
/* ACL_HOST is used if no host is specified */
|
|
|
|
class ACL_HOST :public ACL_ACCESS
|
|
{
|
|
public:
|
|
acl_host_and_ip host;
|
|
char *db;
|
|
};
|
|
|
|
class ACL_USER_BASE :public ACL_ACCESS
|
|
{
|
|
|
|
public:
|
|
static void *operator new(size_t size, MEM_ROOT *mem_root)
|
|
{ return (void*) alloc_root(mem_root, size); }
|
|
|
|
uchar flags; // field used to store various state information
|
|
LEX_STRING user;
|
|
/*
|
|
list to hold references to granted roles (ACL_USER instances)
|
|
*/
|
|
DYNAMIC_ARRAY role_grants;
|
|
};
|
|
|
|
class ACL_USER :public ACL_USER_BASE
|
|
{
|
|
public:
|
|
acl_host_and_ip host;
|
|
uint hostname_length;
|
|
USER_RESOURCES user_resource;
|
|
uint8 salt[SCRAMBLE_LENGTH + 1]; // scrambled password in binary form
|
|
uint8 salt_len; // 0 - no password, 4 - 3.20, 8 - 4.0, 20 - 4.1.1
|
|
enum SSL_type ssl_type;
|
|
const char *ssl_cipher, *x509_issuer, *x509_subject;
|
|
LEX_STRING plugin;
|
|
LEX_STRING auth_string;
|
|
|
|
ACL_USER *copy(MEM_ROOT *root)
|
|
{
|
|
ACL_USER *dst= (ACL_USER *) alloc_root(root, sizeof(ACL_USER));
|
|
if (!dst)
|
|
return 0;
|
|
*dst= *this;
|
|
dst->user.str= safe_strdup_root(root, user.str);
|
|
dst->user.length= user.length;
|
|
dst->ssl_cipher= safe_strdup_root(root, ssl_cipher);
|
|
dst->x509_issuer= safe_strdup_root(root, x509_issuer);
|
|
dst->x509_subject= safe_strdup_root(root, x509_subject);
|
|
if (plugin.str == native_password_plugin_name.str ||
|
|
plugin.str == old_password_plugin_name.str)
|
|
dst->plugin= plugin;
|
|
else
|
|
dst->plugin.str= strmake_root(root, plugin.str, plugin.length);
|
|
dst->auth_string.str= safe_strdup_root(root, auth_string.str);
|
|
dst->host.hostname= safe_strdup_root(root, host.hostname);
|
|
bzero(&dst->role_grants, sizeof(role_grants));
|
|
return dst;
|
|
}
|
|
|
|
};
|
|
|
|
class ACL_ROLE :public ACL_USER_BASE
|
|
{
|
|
public:
|
|
/*
|
|
In case of granting a role to a role, the access bits are merged together
|
|
via a bit OR operation and placed in the ACL_USER::access field.
|
|
|
|
When rebuilding role_grants via the rebuild_role_grant function,
|
|
the ACL_USER::access field needs to be reset aswell. The field
|
|
initial_role_access holds the initial grants present in the table row.
|
|
*/
|
|
ulong initial_role_access;
|
|
DYNAMIC_ARRAY parent_grantee; // array of backlinks to elements granted
|
|
|
|
ACL_ROLE(ACL_USER * user, MEM_ROOT *mem);
|
|
ACL_ROLE(const char * rolename, ulong privileges, MEM_ROOT *mem);
|
|
|
|
};
|
|
|
|
class ACL_DB :public ACL_ACCESS
|
|
{
|
|
public:
|
|
acl_host_and_ip host;
|
|
char *user,*db;
|
|
ulong initial_access; /* access bits present in the table */
|
|
};
|
|
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
static void update_hostname(acl_host_and_ip *host, const char *hostname);
|
|
static ulong get_sort(uint count,...);
|
|
static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
|
|
const char *ip);
|
|
static bool show_proxy_grants (THD *thd,
|
|
const char *username, const char *hostname,
|
|
char *buff, size_t buffsize);
|
|
static bool show_role_grants(THD *thd, const char *username, const char *hostname,
|
|
ACL_USER_BASE *acl_entry,
|
|
char *buff, size_t buffsize);
|
|
static bool show_global_privileges(THD *thd, ACL_USER_BASE *acl_entry,
|
|
bool handle_as_role,
|
|
char *buff, size_t buffsize);
|
|
static bool show_database_privileges(THD *thd,
|
|
const char *username,
|
|
const char *hostname,
|
|
bool handle_as_role,
|
|
char *buff, size_t buffsize);
|
|
static bool show_table_and_column_privileges(THD *thd,
|
|
const char *username,
|
|
const char *hostname,
|
|
bool handle_as_role,
|
|
char *buff, size_t buffsize);
|
|
|
|
class ACL_PROXY_USER :public ACL_ACCESS
|
|
{
|
|
acl_host_and_ip host;
|
|
const char *user;
|
|
acl_host_and_ip proxied_host;
|
|
const char *proxied_user;
|
|
bool with_grant;
|
|
|
|
typedef enum {
|
|
MYSQL_PROXIES_PRIV_HOST,
|
|
MYSQL_PROXIES_PRIV_USER,
|
|
MYSQL_PROXIES_PRIV_PROXIED_HOST,
|
|
MYSQL_PROXIES_PRIV_PROXIED_USER,
|
|
MYSQL_PROXIES_PRIV_WITH_GRANT,
|
|
MYSQL_PROXIES_PRIV_GRANTOR,
|
|
MYSQL_PROXIES_PRIV_TIMESTAMP } old_acl_proxy_users;
|
|
public:
|
|
ACL_PROXY_USER () {};
|
|
|
|
void init(const char *host_arg, const char *user_arg,
|
|
const char *proxied_host_arg, const char *proxied_user_arg,
|
|
bool with_grant_arg)
|
|
{
|
|
user= (user_arg && *user_arg) ? user_arg : NULL;
|
|
update_hostname (&host,
|
|
(host_arg && *host_arg) ? host_arg : NULL);
|
|
proxied_user= (proxied_user_arg && *proxied_user_arg) ?
|
|
proxied_user_arg : NULL;
|
|
update_hostname (&proxied_host,
|
|
(proxied_host_arg && *proxied_host_arg) ?
|
|
proxied_host_arg : NULL);
|
|
with_grant= with_grant_arg;
|
|
sort= get_sort(4, host.hostname, user,
|
|
proxied_host.hostname, proxied_user);
|
|
}
|
|
|
|
void init(MEM_ROOT *mem, const char *host_arg, const char *user_arg,
|
|
const char *proxied_host_arg, const char *proxied_user_arg,
|
|
bool with_grant_arg)
|
|
{
|
|
init ((host_arg && *host_arg) ? strdup_root (mem, host_arg) : NULL,
|
|
(user_arg && *user_arg) ? strdup_root (mem, user_arg) : NULL,
|
|
(proxied_host_arg && *proxied_host_arg) ?
|
|
strdup_root (mem, proxied_host_arg) : NULL,
|
|
(proxied_user_arg && *proxied_user_arg) ?
|
|
strdup_root (mem, proxied_user_arg) : NULL,
|
|
with_grant_arg);
|
|
}
|
|
|
|
void init(TABLE *table, MEM_ROOT *mem)
|
|
{
|
|
init (get_field(mem, table->field[MYSQL_PROXIES_PRIV_HOST]),
|
|
get_field(mem, table->field[MYSQL_PROXIES_PRIV_USER]),
|
|
get_field(mem, table->field[MYSQL_PROXIES_PRIV_PROXIED_HOST]),
|
|
get_field(mem, table->field[MYSQL_PROXIES_PRIV_PROXIED_USER]),
|
|
table->field[MYSQL_PROXIES_PRIV_WITH_GRANT]->val_int() != 0);
|
|
}
|
|
|
|
bool get_with_grant() { return with_grant; }
|
|
const char *get_user() { return user; }
|
|
const char *get_host() { return host.hostname; }
|
|
const char *get_proxied_user() { return proxied_user; }
|
|
const char *get_proxied_host() { return proxied_host.hostname; }
|
|
void set_user(MEM_ROOT *mem, const char *user_arg)
|
|
{
|
|
user= user_arg && *user_arg ? strdup_root(mem, user_arg) : NULL;
|
|
}
|
|
void set_host(MEM_ROOT *mem, const char *host_arg)
|
|
{
|
|
update_hostname(&host, safe_strdup_root(mem, host_arg));
|
|
}
|
|
|
|
bool check_validity(bool check_no_resolve)
|
|
{
|
|
if (check_no_resolve &&
|
|
(hostname_requires_resolving(host.hostname) ||
|
|
hostname_requires_resolving(proxied_host.hostname)))
|
|
{
|
|
sql_print_warning("'proxies_priv' entry '%s@%s %s@%s' "
|
|
"ignored in --skip-name-resolve mode.",
|
|
proxied_user ? proxied_user : "",
|
|
proxied_host.hostname ? proxied_host.hostname : "",
|
|
user ? user : "",
|
|
host.hostname ? host.hostname : "");
|
|
return TRUE;
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
bool matches(const char *host_arg, const char *user_arg, const char *ip_arg,
|
|
const char *proxied_user_arg)
|
|
{
|
|
DBUG_ENTER("ACL_PROXY_USER::matches");
|
|
DBUG_PRINT("info", ("compare_hostname(%s,%s,%s) &&"
|
|
"compare_hostname(%s,%s,%s) &&"
|
|
"wild_compare (%s,%s) &&"
|
|
"wild_compare (%s,%s)",
|
|
host.hostname ? host.hostname : "<NULL>",
|
|
host_arg ? host_arg : "<NULL>",
|
|
ip_arg ? ip_arg : "<NULL>",
|
|
proxied_host.hostname ? proxied_host.hostname : "<NULL>",
|
|
host_arg ? host_arg : "<NULL>",
|
|
ip_arg ? ip_arg : "<NULL>",
|
|
user_arg ? user_arg : "<NULL>",
|
|
user ? user : "<NULL>",
|
|
proxied_user_arg ? proxied_user_arg : "<NULL>",
|
|
proxied_user ? proxied_user : "<NULL>"));
|
|
DBUG_RETURN(compare_hostname(&host, host_arg, ip_arg) &&
|
|
compare_hostname(&proxied_host, host_arg, ip_arg) &&
|
|
(!user ||
|
|
(user_arg && !wild_compare(user_arg, user, TRUE))) &&
|
|
(!proxied_user ||
|
|
(proxied_user && !wild_compare(proxied_user_arg,
|
|
proxied_user, TRUE))));
|
|
}
|
|
|
|
|
|
inline static bool auth_element_equals(const char *a, const char *b)
|
|
{
|
|
return (a == b || (a != NULL && b != NULL && !strcmp(a,b)));
|
|
}
|
|
|
|
|
|
bool pk_equals(ACL_PROXY_USER *grant)
|
|
{
|
|
DBUG_ENTER("pk_equals");
|
|
DBUG_PRINT("info", ("strcmp(%s,%s) &&"
|
|
"strcmp(%s,%s) &&"
|
|
"wild_compare (%s,%s) &&"
|
|
"wild_compare (%s,%s)",
|
|
user ? user : "<NULL>",
|
|
grant->user ? grant->user : "<NULL>",
|
|
proxied_user ? proxied_user : "<NULL>",
|
|
grant->proxied_user ? grant->proxied_user : "<NULL>",
|
|
host.hostname ? host.hostname : "<NULL>",
|
|
grant->host.hostname ? grant->host.hostname : "<NULL>",
|
|
proxied_host.hostname ? proxied_host.hostname : "<NULL>",
|
|
grant->proxied_host.hostname ?
|
|
grant->proxied_host.hostname : "<NULL>"));
|
|
|
|
DBUG_RETURN(auth_element_equals(user, grant->user) &&
|
|
auth_element_equals(proxied_user, grant->proxied_user) &&
|
|
auth_element_equals(host.hostname, grant->host.hostname) &&
|
|
auth_element_equals(proxied_host.hostname,
|
|
grant->proxied_host.hostname));
|
|
}
|
|
|
|
|
|
bool granted_on(const char *host_arg, const char *user_arg)
|
|
{
|
|
return (((!user && (!user_arg || !user_arg[0])) ||
|
|
(user && user_arg && !strcmp(user, user_arg))) &&
|
|
((!host.hostname && (!host_arg || !host_arg[0])) ||
|
|
(host.hostname && host_arg && !strcmp(host.hostname, host_arg))));
|
|
}
|
|
|
|
|
|
void print_grant(String *str)
|
|
{
|
|
str->append(STRING_WITH_LEN("GRANT PROXY ON '"));
|
|
if (proxied_user)
|
|
str->append(proxied_user, strlen(proxied_user));
|
|
str->append(STRING_WITH_LEN("'@'"));
|
|
if (proxied_host.hostname)
|
|
str->append(proxied_host.hostname, strlen(proxied_host.hostname));
|
|
str->append(STRING_WITH_LEN("' TO '"));
|
|
if (user)
|
|
str->append(user, strlen(user));
|
|
str->append(STRING_WITH_LEN("'@'"));
|
|
if (host.hostname)
|
|
str->append(host.hostname, strlen(host.hostname));
|
|
str->append(STRING_WITH_LEN("'"));
|
|
if (with_grant)
|
|
str->append(STRING_WITH_LEN(" WITH GRANT OPTION"));
|
|
}
|
|
|
|
void set_data(ACL_PROXY_USER *grant)
|
|
{
|
|
with_grant= grant->with_grant;
|
|
}
|
|
|
|
static int store_pk(TABLE *table,
|
|
const LEX_STRING *host,
|
|
const LEX_STRING *user,
|
|
const LEX_STRING *proxied_host,
|
|
const LEX_STRING *proxied_user)
|
|
{
|
|
DBUG_ENTER("ACL_PROXY_USER::store_pk");
|
|
DBUG_PRINT("info", ("host=%s, user=%s, proxied_host=%s, proxied_user=%s",
|
|
host->str ? host->str : "<NULL>",
|
|
user->str ? user->str : "<NULL>",
|
|
proxied_host->str ? proxied_host->str : "<NULL>",
|
|
proxied_user->str ? proxied_user->str : "<NULL>"));
|
|
if (table->field[MYSQL_PROXIES_PRIV_HOST]->store(host->str,
|
|
host->length,
|
|
system_charset_info))
|
|
DBUG_RETURN(TRUE);
|
|
if (table->field[MYSQL_PROXIES_PRIV_USER]->store(user->str,
|
|
user->length,
|
|
system_charset_info))
|
|
DBUG_RETURN(TRUE);
|
|
if (table->field[MYSQL_PROXIES_PRIV_PROXIED_HOST]->store(proxied_host->str,
|
|
proxied_host->length,
|
|
system_charset_info))
|
|
DBUG_RETURN(TRUE);
|
|
if (table->field[MYSQL_PROXIES_PRIV_PROXIED_USER]->store(proxied_user->str,
|
|
proxied_user->length,
|
|
system_charset_info))
|
|
DBUG_RETURN(TRUE);
|
|
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
|
|
static int store_data_record(TABLE *table,
|
|
const LEX_STRING *host,
|
|
const LEX_STRING *user,
|
|
const LEX_STRING *proxied_host,
|
|
const LEX_STRING *proxied_user,
|
|
bool with_grant,
|
|
const char *grantor)
|
|
{
|
|
DBUG_ENTER("ACL_PROXY_USER::store_pk");
|
|
if (store_pk(table, host, user, proxied_host, proxied_user))
|
|
DBUG_RETURN(TRUE);
|
|
DBUG_PRINT("info", ("with_grant=%s", with_grant ? "TRUE" : "FALSE"));
|
|
if (table->field[MYSQL_PROXIES_PRIV_WITH_GRANT]->store(with_grant ? 1 : 0,
|
|
TRUE))
|
|
DBUG_RETURN(TRUE);
|
|
if (table->field[MYSQL_PROXIES_PRIV_GRANTOR]->store(grantor,
|
|
strlen(grantor),
|
|
system_charset_info))
|
|
DBUG_RETURN(TRUE);
|
|
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
};
|
|
|
|
#define FIRST_NON_YN_FIELD 26
|
|
|
|
class acl_entry :public hash_filo_element
|
|
{
|
|
public:
|
|
ulong access;
|
|
uint16 length;
|
|
char key[1]; // Key will be stored here
|
|
};
|
|
|
|
|
|
static uchar* acl_entry_get_key(acl_entry *entry, size_t *length,
|
|
my_bool not_used __attribute__((unused)))
|
|
{
|
|
*length=(uint) entry->length;
|
|
return (uchar*) entry->key;
|
|
}
|
|
|
|
static uchar* acl_role_get_key(ACL_ROLE *entry, size_t *length,
|
|
my_bool not_used __attribute__((unused)))
|
|
{
|
|
*length=(uint) entry->user.length;
|
|
return (uchar*) entry->user.str;
|
|
}
|
|
|
|
typedef struct st_role_grant
|
|
{
|
|
char *u_uname;
|
|
char *u_hname;
|
|
char *r_uname;
|
|
LEX_STRING hashkey;
|
|
} ROLE_GRANT_PAIR;
|
|
/*
|
|
Struct to hold the state of a node during a Depth First Search exploration
|
|
*/
|
|
class NODE_STATE
|
|
{
|
|
public:
|
|
ACL_ROLE *node_data; /* pointer to the node data */
|
|
uint neigh_idx; /* the neighbour that needs to be evaluated next */
|
|
};
|
|
|
|
static uchar* acl_role_map_get_key(ROLE_GRANT_PAIR *entry, size_t *length,
|
|
my_bool not_used __attribute__((unused)))
|
|
{
|
|
*length=(uint) entry->hashkey.length;
|
|
return (uchar*) entry->hashkey.str;
|
|
}
|
|
|
|
static void init_role_grant_pair(MEM_ROOT *mem, ROLE_GRANT_PAIR *entry,
|
|
char *username, char *hostname, char *rolename)
|
|
{
|
|
size_t uname_l = username ? strlen(username) : 0;
|
|
size_t hname_l = hostname ? strlen(hostname) : 0;
|
|
size_t rname_l = rolename ? strlen(rolename) : 0;
|
|
/*
|
|
Create a buffer that holds all 3 NULL terminated strings in succession
|
|
To save memory space, the same buffer is used as the hashkey
|
|
*/
|
|
size_t bufflen = uname_l + hname_l + rname_l + 3; //add the '\0' aswell
|
|
char *buff= (char *)alloc_root(mem, bufflen);
|
|
/*
|
|
Offsets in the buffer for all 3 strings
|
|
*/
|
|
char *username_pos= buff;
|
|
char *hostname_pos= buff + uname_l + 1;
|
|
char *rolename_pos= buff + uname_l + hname_l + 2;
|
|
|
|
if (username) //prevent undefined behaviour
|
|
memcpy(username_pos, username, uname_l);
|
|
username_pos[uname_l]= '\0'; //#1 string terminator
|
|
entry->u_uname= username_pos;
|
|
|
|
if (hostname) //prevent undefined behaviour
|
|
memcpy(hostname_pos, hostname, hname_l);
|
|
hostname_pos[hname_l]= '\0'; //#2 string terminator
|
|
entry->u_hname= hostname_pos;
|
|
|
|
if (rolename) //prevent undefined behaviour
|
|
memcpy(rolename_pos, rolename, rname_l);
|
|
rolename_pos[rname_l]= '\0'; //#3 string terminator
|
|
entry->r_uname= rolename_pos;
|
|
|
|
entry->hashkey.str = buff;
|
|
entry->hashkey.length = bufflen;
|
|
}
|
|
|
|
#define IP_ADDR_STRLEN (3 + 1 + 3 + 1 + 3 + 1 + 3)
|
|
#define ACL_KEY_LENGTH (IP_ADDR_STRLEN + 1 + NAME_LEN + \
|
|
1 + USERNAME_LENGTH + 1)
|
|
|
|
#if defined(HAVE_OPENSSL)
|
|
/*
|
|
Without SSL the handshake consists of one packet. This packet
|
|
has both client capabilities and scrambled password.
|
|
With SSL the handshake might consist of two packets. If the first
|
|
packet (client capabilities) has CLIENT_SSL flag set, we have to
|
|
switch to SSL and read the second packet. The scrambled password
|
|
is in the second packet and client_capabilities field will be ignored.
|
|
Maybe it is better to accept flags other than CLIENT_SSL from the
|
|
second packet?
|
|
*/
|
|
#define SSL_HANDSHAKE_SIZE 2
|
|
#define MIN_HANDSHAKE_SIZE 2
|
|
#else
|
|
#define MIN_HANDSHAKE_SIZE 6
|
|
#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
|
|
#define NORMAL_HANDSHAKE_SIZE 6
|
|
|
|
#define ROLE_ASSIGN_COLUMN_IDX 42
|
|
/* various flags valid for ACL_USER */
|
|
#define IS_ROLE (1L << 0)
|
|
/* Flag to mark that a ROLE has been visited in a DEPTH_FIRST_SEARCH */
|
|
#define ROLE_VISITED (1L << 1)
|
|
/*
|
|
Flag to mark that a ROLE and all it's children (granted roles) have
|
|
been visited
|
|
*/
|
|
#define ROLE_EXPLORED (1L << 2)
|
|
/*
|
|
Flag to mark that the ROLE's access bits are final, having been inherited
|
|
from other granted roles
|
|
*/
|
|
#define ROLE_GRANTS_FINAL (1L << 3)
|
|
|
|
|
|
static DYNAMIC_ARRAY acl_hosts, acl_users, acl_dbs, acl_proxy_users;
|
|
static HASH acl_roles;
|
|
/*
|
|
An hash containing mappings user <--> role
|
|
|
|
A hash is used so as to make updates quickly
|
|
The hashkey used represents all the entries combined
|
|
*/
|
|
static HASH acl_roles_mappings;
|
|
static MEM_ROOT mem, memex;
|
|
static bool initialized=0;
|
|
static bool allow_all_hosts=1;
|
|
static HASH acl_check_hosts, column_priv_hash, proc_priv_hash, func_priv_hash;
|
|
static DYNAMIC_ARRAY acl_wild_hosts;
|
|
static hash_filo *acl_cache;
|
|
static uint grant_version=0; /* Version of priv tables. incremented by acl_load */
|
|
static ulong get_access(TABLE *form,uint fieldnr, uint *next_field=0);
|
|
static bool check_is_role(TABLE *form);
|
|
static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b);
|
|
static ulong get_sort(uint count,...);
|
|
static void init_check_host(void);
|
|
static void rebuild_check_host(void);
|
|
static void rebuild_role_grants(void);
|
|
static void free_acl_user(ACL_USER *acl_user);
|
|
static void free_acl_role(ACL_ROLE *acl_role);
|
|
static ACL_USER *find_user_no_anon(const char *host, const char *user, bool exact);
|
|
static ACL_USER *find_user(const char *host, const char *user, const char *ip);
|
|
static ACL_ROLE *find_acl_role(const char *user);
|
|
static bool update_user_table(THD *thd, TABLE *table, const char *host,
|
|
const char *user, const char *new_password,
|
|
uint new_password_len);
|
|
static my_bool acl_load(THD *thd, TABLE_LIST *tables);
|
|
static my_bool grant_load(THD *thd, TABLE_LIST *tables);
|
|
static inline void get_grantor(THD *thd, char* grantor);
|
|
static my_bool acl_user_reset_grant(ACL_USER *user,
|
|
void * not_used __attribute__((unused)));
|
|
static my_bool acl_role_reset_grant(ACL_ROLE *role,
|
|
void * not_used __attribute__((unused)));
|
|
static my_bool acl_role_propagate_grants(ACL_ROLE *role,
|
|
void * not_used __attribute__((unused)));
|
|
static int add_role_user_mapping(ROLE_GRANT_PAIR *mapping);
|
|
|
|
static void reset_role_db_privileges(ACL_ROLE *role);
|
|
static void reset_role_table_and_column_privileges(ACL_ROLE *role);
|
|
static void reset_role_routine_grant_privileges(ACL_ROLE *role);
|
|
static void role_explore_create_list(ACL_ROLE *unused,
|
|
ACL_ROLE *role,
|
|
void *context_data);
|
|
static bool role_explore_start_access_check(ACL_ROLE *role, void *unused);
|
|
static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
|
|
void *unused);
|
|
static void role_explore_set_final_access_bits(ACL_ROLE *parent,
|
|
ACL_ROLE *current,
|
|
void *unused);
|
|
static bool role_explore_detect_cycle(ACL_ROLE *current,
|
|
ACL_ROLE *neighbour,
|
|
void *context_data);
|
|
static int traverse_role_graph(ACL_ROLE *role, void *context_data,
|
|
bool (*on_start) (ACL_ROLE *role,
|
|
void *context_data),
|
|
bool (*on_open) (ACL_ROLE *current,
|
|
ACL_ROLE *neighbour,
|
|
void *context_data),
|
|
bool (*on_cycle) (ACL_ROLE *current,
|
|
ACL_ROLE *neighbour,
|
|
void *context_data),
|
|
void (*on_finish)(ACL_ROLE *parent,
|
|
ACL_ROLE *current,
|
|
void *context_data));
|
|
|
|
static void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source);
|
|
|
|
/*
|
|
Enumeration of various ACL's and Hashes used in handle_grant_struct()
|
|
*/
|
|
enum enum_acl_lists
|
|
{
|
|
USER_ACL= 0,
|
|
ROLE_ACL,
|
|
DB_ACL,
|
|
COLUMN_PRIVILEGES_HASH,
|
|
PROC_PRIVILEGES_HASH,
|
|
FUNC_PRIVILEGES_HASH,
|
|
PROXY_USERS_ACL,
|
|
ROLES_MAPPINGS_HASH
|
|
};
|
|
|
|
ACL_ROLE::ACL_ROLE(ACL_USER *user, MEM_ROOT *root)
|
|
{
|
|
|
|
access= user->access;
|
|
/* set initial role access the same as the table row privileges */
|
|
initial_role_access= user->access;
|
|
this->user.str= safe_strdup_root(root, user->user.str);
|
|
this->user.length= user->user.length;
|
|
bzero(&role_grants, sizeof(role_grants));
|
|
bzero(&parent_grantee, sizeof(parent_grantee));
|
|
flags= IS_ROLE;
|
|
}
|
|
|
|
ACL_ROLE::ACL_ROLE(const char * rolename, ulong privileges, MEM_ROOT *root) :
|
|
initial_role_access(privileges)
|
|
{
|
|
this->access= initial_role_access;
|
|
this->user.str= safe_strdup_root(root, rolename);
|
|
this->user.length= strlen(rolename);
|
|
bzero(&role_grants, sizeof(role_grants));
|
|
bzero(&parent_grantee, sizeof(parent_grantee));
|
|
flags= IS_ROLE;
|
|
}
|
|
|
|
|
|
static
|
|
void
|
|
free_acl_user(ACL_USER *user)
|
|
{
|
|
delete_dynamic(&(user->role_grants));
|
|
}
|
|
|
|
static
|
|
void
|
|
free_acl_role(ACL_ROLE *role)
|
|
{
|
|
delete_dynamic(&(role->role_grants));
|
|
delete_dynamic(&(role->parent_grantee));
|
|
}
|
|
|
|
/*
|
|
Convert scrambled password to binary form, according to scramble type,
|
|
Binary form is stored in user.salt.
|
|
*/
|
|
|
|
static
|
|
void
|
|
set_user_salt(ACL_USER *acl_user, const char *password, uint password_len)
|
|
{
|
|
if (password_len == SCRAMBLED_PASSWORD_CHAR_LENGTH)
|
|
{
|
|
get_salt_from_password(acl_user->salt, password);
|
|
acl_user->salt_len= SCRAMBLE_LENGTH;
|
|
}
|
|
else if (password_len == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
|
|
{
|
|
get_salt_from_password_323((ulong *) acl_user->salt, password);
|
|
acl_user->salt_len= SCRAMBLE_LENGTH_323;
|
|
}
|
|
else
|
|
acl_user->salt_len= 0;
|
|
}
|
|
|
|
static char *fix_plugin_ptr(char *name)
|
|
{
|
|
if (my_strcasecmp(system_charset_info, name,
|
|
native_password_plugin_name.str) == 0)
|
|
return native_password_plugin_name.str;
|
|
else
|
|
if (my_strcasecmp(system_charset_info, name,
|
|
old_password_plugin_name.str) == 0)
|
|
return old_password_plugin_name.str;
|
|
else
|
|
return name;
|
|
}
|
|
|
|
/**
|
|
Fix ACL::plugin pointer to point to a hard-coded string, if appropriate
|
|
|
|
Make sure that if ACL_USER's plugin is a built-in, then it points
|
|
to a hard coded string, not to an allocated copy. Run-time, for
|
|
authentication, we want to be able to detect built-ins by comparing
|
|
pointers, not strings.
|
|
|
|
Additionally - update the salt if the plugin is built-in.
|
|
|
|
@retval 0 the pointers were fixed
|
|
@retval 1 this ACL_USER uses a not built-in plugin
|
|
*/
|
|
static bool fix_user_plugin_ptr(ACL_USER *user)
|
|
{
|
|
user->salt_len= 0;
|
|
if (my_strcasecmp(system_charset_info, user->plugin.str,
|
|
native_password_plugin_name.str) == 0)
|
|
user->plugin= native_password_plugin_name;
|
|
else
|
|
if (my_strcasecmp(system_charset_info, user->plugin.str,
|
|
old_password_plugin_name.str) == 0)
|
|
user->plugin= old_password_plugin_name;
|
|
else
|
|
return true;
|
|
|
|
set_user_salt(user, user->auth_string.str, user->auth_string.length);
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
Initialize structures responsible for user/db-level privilege checking and
|
|
load privilege information for them from tables in the 'mysql' database.
|
|
|
|
SYNOPSIS
|
|
acl_init()
|
|
dont_read_acl_tables TRUE if we want to skip loading data from
|
|
privilege tables and disable privilege checking.
|
|
|
|
NOTES
|
|
This function is mostly responsible for preparatory steps, main work
|
|
on initialization and grants loading is done in acl_reload().
|
|
|
|
RETURN VALUES
|
|
0 ok
|
|
1 Could not initialize grant's
|
|
*/
|
|
|
|
my_bool acl_init(bool dont_read_acl_tables)
|
|
{
|
|
THD *thd;
|
|
my_bool return_val;
|
|
DBUG_ENTER("acl_init");
|
|
|
|
acl_cache= new hash_filo(ACL_CACHE_SIZE, 0, 0,
|
|
(my_hash_get_key) acl_entry_get_key,
|
|
(my_hash_free_key) free,
|
|
&my_charset_utf8_bin);
|
|
|
|
/*
|
|
cache built-in native authentication plugins,
|
|
to avoid hash searches and a global mutex lock on every connect
|
|
*/
|
|
native_password_plugin= my_plugin_lock_by_name(0,
|
|
&native_password_plugin_name, MYSQL_AUTHENTICATION_PLUGIN);
|
|
old_password_plugin= my_plugin_lock_by_name(0,
|
|
&old_password_plugin_name, MYSQL_AUTHENTICATION_PLUGIN);
|
|
|
|
if (!native_password_plugin || !old_password_plugin)
|
|
DBUG_RETURN(1);
|
|
|
|
if (dont_read_acl_tables)
|
|
{
|
|
DBUG_RETURN(0); /* purecov: tested */
|
|
}
|
|
|
|
/*
|
|
To be able to run this from boot, we allocate a temporary THD
|
|
*/
|
|
if (!(thd=new THD))
|
|
DBUG_RETURN(1); /* purecov: inspected */
|
|
thd->thread_stack= (char*) &thd;
|
|
thd->store_globals();
|
|
/*
|
|
It is safe to call acl_reload() since acl_* arrays and hashes which
|
|
will be freed there are global static objects and thus are initialized
|
|
by zeros at startup.
|
|
*/
|
|
return_val= acl_reload(thd);
|
|
delete thd;
|
|
/* Remember that we don't have a THD */
|
|
set_current_thd(0);
|
|
DBUG_RETURN(return_val);
|
|
}
|
|
|
|
/**
|
|
Choose from either native or old password plugins when assigning a password
|
|
*/
|
|
|
|
static bool
|
|
set_user_plugin (ACL_USER *user, int password_len)
|
|
{
|
|
switch (password_len)
|
|
{
|
|
case 0: /* no password */
|
|
case SCRAMBLED_PASSWORD_CHAR_LENGTH:
|
|
user->plugin= native_password_plugin_name;
|
|
return FALSE;
|
|
case SCRAMBLED_PASSWORD_CHAR_LENGTH_323:
|
|
user->plugin= old_password_plugin_name;
|
|
return FALSE;
|
|
default:
|
|
sql_print_warning("Found invalid password for user: '%s@%s'; "
|
|
"Ignoring user", user->user.str ? user->user.str : "",
|
|
user->host.hostname ? user->host.hostname : "");
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
Initialize structures responsible for user/db-level privilege checking
|
|
and load information about grants from open privilege tables.
|
|
|
|
SYNOPSIS
|
|
acl_load()
|
|
thd Current thread
|
|
tables List containing open "mysql.host", "mysql.user",
|
|
"mysql.db", "mysql.proxies_priv" and "mysql.roles_mapping"
|
|
tables.
|
|
|
|
RETURN VALUES
|
|
FALSE Success
|
|
TRUE Error
|
|
*/
|
|
|
|
static my_bool acl_load(THD *thd, TABLE_LIST *tables)
|
|
{
|
|
TABLE *table;
|
|
READ_RECORD read_record_info;
|
|
my_bool return_val= TRUE;
|
|
bool check_no_resolve= specialflag & SPECIAL_NO_RESOLVE;
|
|
char tmp_name[SAFE_NAME_LEN+1];
|
|
int password_length;
|
|
ulonglong old_sql_mode= thd->variables.sql_mode;
|
|
DBUG_ENTER("acl_load");
|
|
|
|
thd->variables.sql_mode&= ~MODE_PAD_CHAR_TO_FULL_LENGTH;
|
|
|
|
grant_version++; /* Privileges updated */
|
|
|
|
acl_cache->clear(1); // Clear locked hostname cache
|
|
|
|
init_sql_alloc(&mem, ACL_ALLOC_BLOCK_SIZE, 0, MYF(0));
|
|
if (init_read_record(&read_record_info,thd,table= tables[0].table,NULL,1,0,
|
|
FALSE))
|
|
goto end;
|
|
|
|
table->use_all_columns();
|
|
(void) my_init_dynamic_array(&acl_hosts,sizeof(ACL_HOST), 20, 50, MYF(0));
|
|
while (!(read_record_info.read_record(&read_record_info)))
|
|
{
|
|
ACL_HOST host;
|
|
update_hostname(&host.host,get_field(&mem, table->field[0]));
|
|
host.db= get_field(&mem, table->field[1]);
|
|
if (lower_case_table_names && host.db)
|
|
{
|
|
/*
|
|
convert db to lower case and give a warning if the db wasn't
|
|
already in lower case
|
|
*/
|
|
char *end = strnmov(tmp_name, host.db, sizeof(tmp_name));
|
|
if (end >= tmp_name + sizeof(tmp_name))
|
|
{
|
|
sql_print_warning(ER(ER_WRONG_DB_NAME), host.db);
|
|
continue;
|
|
}
|
|
my_casedn_str(files_charset_info, host.db);
|
|
if (strcmp(host.db, tmp_name) != 0)
|
|
sql_print_warning("'host' entry '%s|%s' had database in mixed "
|
|
"case that has been forced to lowercase because "
|
|
"lower_case_table_names is set. It will not be "
|
|
"possible to remove this privilege using REVOKE.",
|
|
host.host.hostname ? host.host.hostname : "",
|
|
host.db ? host.db : "");
|
|
}
|
|
host.access= get_access(table,2);
|
|
host.access= fix_rights_for_db(host.access);
|
|
host.sort= get_sort(2,host.host.hostname,host.db);
|
|
if (check_no_resolve && hostname_requires_resolving(host.host.hostname))
|
|
{
|
|
sql_print_warning("'host' entry '%s|%s' "
|
|
"ignored in --skip-name-resolve mode.",
|
|
host.host.hostname ? host.host.hostname : "",
|
|
host.db ? host.db : "");
|
|
continue;
|
|
}
|
|
#ifndef TO_BE_REMOVED
|
|
if (table->s->fields == 8)
|
|
{ // Without grant
|
|
if (host.access & CREATE_ACL)
|
|
host.access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL;
|
|
}
|
|
#endif
|
|
(void) push_dynamic(&acl_hosts,(uchar*) &host);
|
|
}
|
|
my_qsort((uchar*) dynamic_element(&acl_hosts,0,ACL_HOST*),acl_hosts.elements,
|
|
sizeof(ACL_HOST),(qsort_cmp) acl_compare);
|
|
end_read_record(&read_record_info);
|
|
freeze_size(&acl_hosts);
|
|
|
|
if (init_read_record(&read_record_info,thd,table=tables[1].table,NULL,1,0,
|
|
FALSE))
|
|
goto end;
|
|
|
|
table->use_all_columns();
|
|
(void) my_init_dynamic_array(&acl_users,sizeof(ACL_USER), 50, 100, MYF(0));
|
|
(void) my_hash_init2(&acl_roles,50, &my_charset_utf8_bin,
|
|
0,0,0, (my_hash_get_key) acl_role_get_key,
|
|
(void (*)(void *))free_acl_role, 0);
|
|
|
|
username_char_length= min(table->field[1]->char_length(), USERNAME_CHAR_LENGTH);
|
|
password_length= table->field[2]->field_length /
|
|
table->field[2]->charset()->mbmaxlen;
|
|
if (password_length < SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
|
|
{
|
|
sql_print_error("Fatal error: mysql.user table is damaged or in "
|
|
"unsupported 3.20 format.");
|
|
goto end;
|
|
}
|
|
|
|
DBUG_PRINT("info",("user table fields: %d, password length: %d",
|
|
table->s->fields, password_length));
|
|
|
|
mysql_mutex_lock(&LOCK_global_system_variables);
|
|
if (password_length < SCRAMBLED_PASSWORD_CHAR_LENGTH)
|
|
{
|
|
if (opt_secure_auth)
|
|
{
|
|
mysql_mutex_unlock(&LOCK_global_system_variables);
|
|
sql_print_error("Fatal error: mysql.user table is in old format, "
|
|
"but server started with --secure-auth option.");
|
|
goto end;
|
|
}
|
|
mysql_user_table_is_in_short_password_format= true;
|
|
if (global_system_variables.old_passwords)
|
|
mysql_mutex_unlock(&LOCK_global_system_variables);
|
|
else
|
|
{
|
|
global_system_variables.old_passwords= 1;
|
|
mysql_mutex_unlock(&LOCK_global_system_variables);
|
|
sql_print_warning("mysql.user table is not updated to new password format; "
|
|
"Disabling new password usage until "
|
|
"mysql_fix_privilege_tables is run");
|
|
}
|
|
thd->variables.old_passwords= 1;
|
|
}
|
|
else
|
|
{
|
|
mysql_user_table_is_in_short_password_format= false;
|
|
mysql_mutex_unlock(&LOCK_global_system_variables);
|
|
}
|
|
|
|
allow_all_hosts=0;
|
|
while (!(read_record_info.read_record(&read_record_info)))
|
|
{
|
|
ACL_USER user;
|
|
bool is_role= FALSE;
|
|
bzero(&user, sizeof(user));
|
|
update_hostname(&user.host, get_field(&mem, table->field[0]));
|
|
char *username= get_field(&mem, table->field[1]);
|
|
user.user.str= username;
|
|
user.user.length= username? strlen(username) : 0;
|
|
|
|
/*
|
|
If the user entry is a role, skip password and hostname checks
|
|
A user can not log in with a role so some checks are not necessary
|
|
*/
|
|
is_role= check_is_role(table);
|
|
|
|
if (!is_role && check_no_resolve &&
|
|
hostname_requires_resolving(user.host.hostname))
|
|
{
|
|
sql_print_warning("'user' entry '%s@%s' "
|
|
"ignored in --skip-name-resolve mode.",
|
|
user.user.str ? user.user.str : "",
|
|
user.host.hostname ? user.host.hostname : "");
|
|
continue;
|
|
}
|
|
|
|
char *password= get_field(&mem, table->field[2]);
|
|
uint password_len= password ? strlen(password) : 0;
|
|
user.auth_string.str= password ? password : const_cast<char*>("");
|
|
user.auth_string.length= password_len;
|
|
set_user_salt(&user, password, password_len);
|
|
|
|
if (!is_role && set_user_plugin(&user, password_len))
|
|
continue;
|
|
|
|
{
|
|
uint next_field;
|
|
user.access= get_access(table,3,&next_field) & GLOBAL_ACLS;
|
|
/*
|
|
if it is pre 5.0.1 privilege table then map CREATE privilege on
|
|
CREATE VIEW & SHOW VIEW privileges
|
|
*/
|
|
if (table->s->fields <= 31 && (user.access & CREATE_ACL))
|
|
user.access|= (CREATE_VIEW_ACL | SHOW_VIEW_ACL);
|
|
|
|
/*
|
|
if it is pre 5.0.2 privilege table then map CREATE/ALTER privilege on
|
|
CREATE PROCEDURE & ALTER PROCEDURE privileges
|
|
*/
|
|
if (table->s->fields <= 33 && (user.access & CREATE_ACL))
|
|
user.access|= CREATE_PROC_ACL;
|
|
if (table->s->fields <= 33 && (user.access & ALTER_ACL))
|
|
user.access|= ALTER_PROC_ACL;
|
|
|
|
/*
|
|
pre 5.0.3 did not have CREATE_USER_ACL
|
|
*/
|
|
if (table->s->fields <= 36 && (user.access & GRANT_ACL))
|
|
user.access|= CREATE_USER_ACL;
|
|
|
|
|
|
/*
|
|
if it is pre 5.1.6 privilege table then map CREATE privilege on
|
|
CREATE|ALTER|DROP|EXECUTE EVENT
|
|
*/
|
|
if (table->s->fields <= 37 && (user.access & SUPER_ACL))
|
|
user.access|= EVENT_ACL;
|
|
|
|
/*
|
|
if it is pre 5.1.6 privilege then map TRIGGER privilege on CREATE.
|
|
*/
|
|
if (table->s->fields <= 38 && (user.access & SUPER_ACL))
|
|
user.access|= TRIGGER_ACL;
|
|
|
|
user.sort= get_sort(2,user.host.hostname,user.user);
|
|
user.hostname_length= (user.host.hostname ?
|
|
(uint) strlen(user.host.hostname) : 0);
|
|
|
|
/* Starting from 4.0.2 we have more fields */
|
|
if (table->s->fields >= 31)
|
|
{
|
|
char *ssl_type=get_field(thd->mem_root, table->field[next_field++]);
|
|
if (!ssl_type)
|
|
user.ssl_type=SSL_TYPE_NONE;
|
|
else if (!strcmp(ssl_type, "ANY"))
|
|
user.ssl_type=SSL_TYPE_ANY;
|
|
else if (!strcmp(ssl_type, "X509"))
|
|
user.ssl_type=SSL_TYPE_X509;
|
|
else /* !strcmp(ssl_type, "SPECIFIED") */
|
|
user.ssl_type=SSL_TYPE_SPECIFIED;
|
|
|
|
user.ssl_cipher= get_field(&mem, table->field[next_field++]);
|
|
user.x509_issuer= get_field(&mem, table->field[next_field++]);
|
|
user.x509_subject= get_field(&mem, table->field[next_field++]);
|
|
|
|
char *ptr = get_field(thd->mem_root, table->field[next_field++]);
|
|
user.user_resource.questions=ptr ? atoi(ptr) : 0;
|
|
ptr = get_field(thd->mem_root, table->field[next_field++]);
|
|
user.user_resource.updates=ptr ? atoi(ptr) : 0;
|
|
ptr = get_field(thd->mem_root, table->field[next_field++]);
|
|
user.user_resource.conn_per_hour= ptr ? atoi(ptr) : 0;
|
|
if (user.user_resource.questions || user.user_resource.updates ||
|
|
user.user_resource.conn_per_hour)
|
|
mqh_used=1;
|
|
|
|
if (table->s->fields >= 36)
|
|
{
|
|
/* Starting from 5.0.3 we have max_user_connections field */
|
|
ptr= get_field(thd->mem_root, table->field[next_field++]);
|
|
user.user_resource.user_conn= ptr ? atoi(ptr) : 0;
|
|
}
|
|
|
|
if (!is_role && table->s->fields >= 41)
|
|
{
|
|
/* We may have plugin & auth_String fields */
|
|
char *tmpstr= get_field(&mem, table->field[next_field++]);
|
|
if (tmpstr)
|
|
{
|
|
user.plugin.str= tmpstr;
|
|
user.plugin.length= strlen(user.plugin.str);
|
|
if (user.auth_string.length)
|
|
{
|
|
sql_print_warning("'user' entry '%s@%s' has both a password "
|
|
"and an authentication plugin specified. The "
|
|
"password will be ignored.",
|
|
user.user.str ? user.user.str : "",
|
|
user.host.hostname ? user.host.hostname : "");
|
|
}
|
|
user.auth_string.str= get_field(&mem, table->field[next_field++]);
|
|
if (!user.auth_string.str)
|
|
user.auth_string.str= const_cast<char*>("");
|
|
user.auth_string.length= strlen(user.auth_string.str);
|
|
|
|
fix_user_plugin_ptr(&user);
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
user.ssl_type=SSL_TYPE_NONE;
|
|
#ifndef TO_BE_REMOVED
|
|
if (table->s->fields <= 13)
|
|
{ // Without grant
|
|
if (user.access & CREATE_ACL)
|
|
user.access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL;
|
|
}
|
|
/* Convert old privileges */
|
|
user.access|= LOCK_TABLES_ACL | CREATE_TMP_ACL | SHOW_DB_ACL;
|
|
if (user.access & FILE_ACL)
|
|
user.access|= REPL_CLIENT_ACL | REPL_SLAVE_ACL;
|
|
if (user.access & PROCESS_ACL)
|
|
user.access|= SUPER_ACL | EXECUTE_ACL;
|
|
#endif
|
|
}
|
|
|
|
(void) my_init_dynamic_array(&user.role_grants,sizeof(ACL_ROLE *),
|
|
50, 100, MYF(0));
|
|
|
|
if (is_role) {
|
|
DBUG_PRINT("info", ("Found role %s", user.user.str));
|
|
ACL_ROLE *entry= new (&mem) ACL_ROLE(&user, &mem);
|
|
entry->role_grants = user.role_grants;
|
|
(void) my_init_dynamic_array(&entry->parent_grantee,
|
|
sizeof(ACL_USER_BASE *), 50, 100, MYF(0));
|
|
my_hash_insert(&acl_roles, (uchar *)entry);
|
|
|
|
continue;
|
|
}
|
|
else
|
|
{
|
|
DBUG_PRINT("info", ("Found user %s", user.user.str));
|
|
(void) push_dynamic(&acl_users,(uchar*) &user);
|
|
}
|
|
if (!user.host.hostname ||
|
|
(user.host.hostname[0] == wild_many && !user.host.hostname[1]))
|
|
allow_all_hosts=1; // Anyone can connect
|
|
}
|
|
}
|
|
my_qsort((uchar*) dynamic_element(&acl_users,0,ACL_USER*),acl_users.elements,
|
|
sizeof(ACL_USER),(qsort_cmp) acl_compare);
|
|
end_read_record(&read_record_info);
|
|
freeze_size(&acl_users);
|
|
|
|
if (init_read_record(&read_record_info,thd,table=tables[2].table,NULL,1,0,
|
|
FALSE))
|
|
goto end;
|
|
|
|
table->use_all_columns();
|
|
(void) my_init_dynamic_array(&acl_dbs,sizeof(ACL_DB), 50, 100, MYF(0));
|
|
while (!(read_record_info.read_record(&read_record_info)))
|
|
{
|
|
ACL_DB db;
|
|
db.user=get_field(&mem, table->field[MYSQL_DB_FIELD_USER]);
|
|
const char *hostname= get_field(&mem, table->field[MYSQL_DB_FIELD_HOST]);
|
|
if (!hostname && find_acl_role(db.user))
|
|
hostname= "";
|
|
update_hostname(&db.host, hostname);
|
|
db.db=get_field(&mem, table->field[MYSQL_DB_FIELD_DB]);
|
|
if (!db.db)
|
|
{
|
|
sql_print_warning("Found an entry in the 'db' table with empty database name; Skipped");
|
|
continue;
|
|
}
|
|
if (check_no_resolve && hostname_requires_resolving(db.host.hostname))
|
|
{
|
|
sql_print_warning("'db' entry '%s %s@%s' "
|
|
"ignored in --skip-name-resolve mode.",
|
|
db.db,
|
|
db.user ? db.user : "",
|
|
db.host.hostname ? db.host.hostname : "");
|
|
continue;
|
|
}
|
|
db.access=get_access(table,3);
|
|
db.access=fix_rights_for_db(db.access);
|
|
db.initial_access= db.access;
|
|
if (lower_case_table_names)
|
|
{
|
|
/*
|
|
convert db to lower case and give a warning if the db wasn't
|
|
already in lower case
|
|
*/
|
|
char *end = strnmov(tmp_name, db.db, sizeof(tmp_name));
|
|
if (end >= tmp_name + sizeof(tmp_name))
|
|
{
|
|
sql_print_warning(ER(ER_WRONG_DB_NAME), db.db);
|
|
continue;
|
|
}
|
|
my_casedn_str(files_charset_info, db.db);
|
|
if (strcmp(db.db, tmp_name) != 0)
|
|
{
|
|
sql_print_warning("'db' entry '%s %s@%s' had database in mixed "
|
|
"case that has been forced to lowercase because "
|
|
"lower_case_table_names is set. It will not be "
|
|
"possible to remove this privilege using REVOKE.",
|
|
db.db,
|
|
db.user ? db.user : "",
|
|
db.host.hostname ? db.host.hostname : "");
|
|
}
|
|
}
|
|
db.sort=get_sort(3,db.host.hostname,db.db,db.user);
|
|
#ifndef TO_BE_REMOVED
|
|
if (table->s->fields <= 9)
|
|
{ // Without grant
|
|
if (db.access & CREATE_ACL)
|
|
db.access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL;
|
|
}
|
|
#endif
|
|
(void) push_dynamic(&acl_dbs,(uchar*) &db);
|
|
}
|
|
my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements,
|
|
sizeof(ACL_DB),(qsort_cmp) acl_compare);
|
|
end_read_record(&read_record_info);
|
|
freeze_size(&acl_dbs);
|
|
|
|
(void) my_init_dynamic_array(&acl_proxy_users, sizeof(ACL_PROXY_USER),
|
|
50, 100, MYF(0));
|
|
if (tables[3].table)
|
|
{
|
|
init_read_record(&read_record_info, thd, table= tables[3].table, NULL, 1,
|
|
0, FALSE);
|
|
table->use_all_columns();
|
|
while (!(read_record_info.read_record(&read_record_info)))
|
|
{
|
|
ACL_PROXY_USER proxy;
|
|
proxy.init(table, &mem);
|
|
if (proxy.check_validity(check_no_resolve))
|
|
continue;
|
|
if (push_dynamic(&acl_proxy_users, (uchar*) &proxy))
|
|
{
|
|
end_read_record(&read_record_info);
|
|
goto end;
|
|
}
|
|
}
|
|
my_qsort((uchar*) dynamic_element(&acl_proxy_users, 0, ACL_PROXY_USER*),
|
|
acl_proxy_users.elements,
|
|
sizeof(ACL_PROXY_USER), (qsort_cmp) acl_compare);
|
|
end_read_record(&read_record_info);
|
|
}
|
|
else
|
|
{
|
|
sql_print_error("Missing system table mysql.proxies_priv; "
|
|
"please run mysql_upgrade to create it");
|
|
}
|
|
freeze_size(&acl_proxy_users);
|
|
|
|
if (tables[4].table)
|
|
{
|
|
if (init_read_record(&read_record_info, thd, table= tables[4].table,
|
|
NULL, 1, 1, FALSE))
|
|
goto end;
|
|
table->use_all_columns();
|
|
/* account for every role mapping */
|
|
|
|
/* acquire lock for the find_user_no_anon functions */
|
|
if (!initialized)
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
(void) my_hash_init2(&acl_roles_mappings,50,system_charset_info,
|
|
0,0,0, (my_hash_get_key) acl_role_map_get_key, 0,0);
|
|
MEM_ROOT temp_root;
|
|
init_alloc_root(&temp_root, ACL_ALLOC_BLOCK_SIZE, 0, MYF(0));
|
|
while (!(read_record_info.read_record(&read_record_info)))
|
|
{
|
|
ROLE_GRANT_PAIR *mapping= (ROLE_GRANT_PAIR *)alloc_root(
|
|
&mem,
|
|
sizeof(ROLE_GRANT_PAIR));
|
|
char *hostname= get_field(&temp_root, table->field[0]);
|
|
char *username= get_field(&temp_root, table->field[1]);
|
|
char *rolename= get_field(&temp_root, table->field[2]);
|
|
init_role_grant_pair(&mem, mapping, username, hostname, rolename);
|
|
if (add_role_user_mapping(mapping) == -1) {
|
|
sql_print_error("Invalid roles_mapping table entry user:'%s@%s', rolename:'%s'",
|
|
mapping->u_uname ? mapping->u_uname : "",
|
|
mapping->u_hname ? mapping->u_hname : "",
|
|
mapping->r_uname ? mapping->r_uname : "");
|
|
continue;
|
|
}
|
|
|
|
my_hash_insert(&acl_roles_mappings, (uchar*) mapping);
|
|
}
|
|
|
|
free_root(&temp_root, MYF(0));
|
|
end_read_record(&read_record_info);
|
|
|
|
if (!initialized)
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
}
|
|
|
|
init_check_host();
|
|
|
|
initialized=1;
|
|
return_val= FALSE;
|
|
|
|
end:
|
|
thd->variables.sql_mode= old_sql_mode;
|
|
DBUG_RETURN(return_val);
|
|
}
|
|
|
|
|
|
void acl_free(bool end)
|
|
{
|
|
my_hash_free(&acl_roles);
|
|
free_root(&mem,MYF(0));
|
|
delete_dynamic(&acl_hosts);
|
|
delete_dynamic_recursive(&acl_users, (FREE_FUNC) free_acl_user);
|
|
delete_dynamic(&acl_dbs);
|
|
delete_dynamic(&acl_wild_hosts);
|
|
delete_dynamic(&acl_proxy_users);
|
|
my_hash_free(&acl_check_hosts);
|
|
my_hash_free(&acl_roles_mappings);
|
|
plugin_unlock(0, native_password_plugin);
|
|
plugin_unlock(0, old_password_plugin);
|
|
if (!end)
|
|
acl_cache->clear(1); /* purecov: inspected */
|
|
else
|
|
{
|
|
delete acl_cache;
|
|
acl_cache=0;
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
Forget current user/db-level privileges and read new privileges
|
|
from the privilege tables.
|
|
|
|
SYNOPSIS
|
|
acl_reload()
|
|
thd Current thread
|
|
|
|
NOTE
|
|
All tables of calling thread which were open and locked by LOCK TABLES
|
|
statement will be unlocked and closed.
|
|
This function is also used for initialization of structures responsible
|
|
for user/db-level privilege checking.
|
|
|
|
RETURN VALUE
|
|
FALSE Success
|
|
TRUE Failure
|
|
*/
|
|
|
|
my_bool acl_reload(THD *thd)
|
|
{
|
|
TABLE_LIST tables[5];
|
|
DYNAMIC_ARRAY old_acl_hosts, old_acl_users, old_acl_dbs, old_acl_proxy_users;
|
|
HASH old_acl_roles, old_acl_roles_mappings;
|
|
MEM_ROOT old_mem;
|
|
bool old_initialized;
|
|
my_bool return_val= TRUE;
|
|
DBUG_ENTER("acl_reload");
|
|
|
|
/*
|
|
To avoid deadlocks we should obtain table locks before
|
|
obtaining acl_cache->lock mutex.
|
|
*/
|
|
tables[0].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("host"), "host", TL_READ);
|
|
tables[1].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("user"), "user", TL_READ);
|
|
tables[2].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("db"), "db", TL_READ);
|
|
tables[3].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("proxies_priv"),
|
|
"proxies_priv", TL_READ);
|
|
tables[4].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("roles_mapping"),
|
|
"roles_mapping", TL_READ);
|
|
tables[0].next_local= tables[0].next_global= tables + 1;
|
|
tables[1].next_local= tables[1].next_global= tables + 2;
|
|
tables[2].next_local= tables[2].next_global= tables + 3;
|
|
tables[3].next_local= tables[3].next_global= tables + 4;
|
|
tables[0].open_type= tables[1].open_type= tables[2].open_type=
|
|
tables[3].open_type= tables[4].open_type= OT_BASE_ONLY;
|
|
tables[0].open_strategy= tables[3].open_strategy=
|
|
tables[4].open_strategy= TABLE_LIST::OPEN_IF_EXISTS;
|
|
|
|
|
|
if (open_and_lock_tables(thd, tables, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
|
{
|
|
/*
|
|
Execution might have been interrupted; only print the error message
|
|
if an error condition has been raised.
|
|
*/
|
|
if (thd->stmt_da->is_error())
|
|
sql_print_error("Fatal error: Can't open and lock privilege tables: %s",
|
|
thd->stmt_da->message());
|
|
goto end;
|
|
}
|
|
|
|
if ((old_initialized=initialized))
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
old_acl_hosts= acl_hosts;
|
|
old_acl_users= acl_users;
|
|
old_acl_roles= acl_roles;
|
|
old_acl_roles_mappings= acl_roles_mappings;
|
|
old_acl_proxy_users= acl_proxy_users;
|
|
old_acl_dbs= acl_dbs;
|
|
old_mem= mem;
|
|
delete_dynamic(&acl_wild_hosts);
|
|
my_hash_free(&acl_check_hosts);
|
|
|
|
if ((return_val= acl_load(thd, tables)))
|
|
{ // Error. Revert to old list
|
|
DBUG_PRINT("error",("Reverting to old privileges"));
|
|
acl_free(); /* purecov: inspected */
|
|
acl_hosts= old_acl_hosts;
|
|
acl_users= old_acl_users;
|
|
acl_roles= old_acl_roles;
|
|
acl_roles_mappings= old_acl_roles_mappings;
|
|
acl_proxy_users= old_acl_proxy_users;
|
|
acl_dbs= old_acl_dbs;
|
|
mem= old_mem;
|
|
init_check_host();
|
|
}
|
|
else
|
|
{
|
|
my_hash_free(&old_acl_roles);
|
|
free_root(&old_mem,MYF(0));
|
|
delete_dynamic(&old_acl_hosts);
|
|
delete_dynamic_recursive(&old_acl_users, (FREE_FUNC) free_acl_user);
|
|
delete_dynamic(&old_acl_proxy_users);
|
|
delete_dynamic(&old_acl_dbs);
|
|
my_hash_free(&old_acl_roles_mappings);
|
|
my_hash_free(&old_acl_roles_mappings);
|
|
}
|
|
if (old_initialized)
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
end:
|
|
close_mysql_tables(thd);
|
|
DBUG_RETURN(return_val);
|
|
}
|
|
|
|
|
|
/*
|
|
Get all access bits from table after fieldnr
|
|
|
|
IMPLEMENTATION
|
|
We know that the access privileges ends when there is no more fields
|
|
or the field is not an enum with two elements.
|
|
|
|
SYNOPSIS
|
|
get_access()
|
|
form an open table to read privileges from.
|
|
The record should be already read in table->record[0]
|
|
fieldnr number of the first privilege (that is ENUM('N','Y') field
|
|
next_field on return - number of the field next to the last ENUM
|
|
(unless next_field == 0)
|
|
|
|
RETURN VALUE
|
|
privilege mask
|
|
*/
|
|
|
|
static ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
|
|
{
|
|
ulong access_bits=0,bit;
|
|
char buff[2];
|
|
String res(buff,sizeof(buff),&my_charset_latin1);
|
|
Field **pos;
|
|
|
|
for (pos=form->field+fieldnr, bit=1;
|
|
*pos && (*pos)->real_type() == MYSQL_TYPE_ENUM &&
|
|
((Field_enum*) (*pos))->typelib->count == 2 ;
|
|
pos++, fieldnr++, bit<<=1)
|
|
{
|
|
(*pos)->val_str(&res);
|
|
if (my_toupper(&my_charset_latin1, res[0]) == 'Y')
|
|
access_bits|= bit;
|
|
}
|
|
if (next_field)
|
|
*next_field=fieldnr;
|
|
return access_bits;
|
|
}
|
|
|
|
/*
|
|
Check if a user entry in the user table is marked as being a role entry
|
|
|
|
IMPLEMENTATION
|
|
Access the coresponding column and check the coresponding ENUM of the form
|
|
ENUM('N', 'Y')
|
|
|
|
SYNOPSIS
|
|
check_is_role()
|
|
form an open table to read the entry from.
|
|
The record should be already read in table->record[0]
|
|
|
|
RETURN VALUE
|
|
TRUE if the user is marked as a role
|
|
FALSE otherwise
|
|
*/
|
|
|
|
static inline bool check_is_role(TABLE *form)
|
|
{
|
|
char buff[2];
|
|
String res(buff, sizeof(buff), &my_charset_latin1);
|
|
/* Table version does not support roles */
|
|
if (form->s->fields <= 42)
|
|
return FALSE;
|
|
|
|
form->field[ROLE_ASSIGN_COLUMN_IDX]->val_str(&res);
|
|
if (my_toupper(&my_charset_latin1, res[0]) == 'Y')
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
/*
|
|
Return a number which, if sorted 'desc', puts strings in this order:
|
|
no wildcards
|
|
wildcards
|
|
empty string
|
|
*/
|
|
|
|
static ulong get_sort(uint count,...)
|
|
{
|
|
va_list args;
|
|
va_start(args,count);
|
|
ulong sort=0;
|
|
|
|
/* Should not use this function with more than 4 arguments for compare. */
|
|
DBUG_ASSERT(count <= 4);
|
|
|
|
while (count--)
|
|
{
|
|
char *start, *str= va_arg(args,char*);
|
|
uint chars= 0;
|
|
uint wild_pos= 0; /* first wildcard position */
|
|
|
|
if ((start= str))
|
|
{
|
|
for (; *str ; str++)
|
|
{
|
|
if (*str == wild_prefix && str[1])
|
|
str++;
|
|
else if (*str == wild_many || *str == wild_one)
|
|
{
|
|
wild_pos= (uint) (str - start) + 1;
|
|
break;
|
|
}
|
|
chars= 128; // Marker that chars existed
|
|
}
|
|
}
|
|
sort= (sort << 8) + (wild_pos ? min(wild_pos, 127) : chars);
|
|
}
|
|
va_end(args);
|
|
return sort;
|
|
}
|
|
|
|
|
|
static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b)
|
|
{
|
|
if (a->sort > b->sort)
|
|
return -1;
|
|
if (a->sort < b->sort)
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
|
|
/*
|
|
Gets user credentials without authentication and resource limit checks.
|
|
|
|
SYNOPSIS
|
|
acl_getroot()
|
|
sctx Context which should be initialized
|
|
user user name
|
|
host host name
|
|
ip IP
|
|
db current data base name
|
|
|
|
RETURN
|
|
FALSE OK
|
|
TRUE Error
|
|
*/
|
|
|
|
bool acl_getroot(Security_context *sctx, char *user, char *host,
|
|
char *ip, char *db)
|
|
{
|
|
int res= 1;
|
|
uint i;
|
|
ACL_USER *acl_user= 0;
|
|
DBUG_ENTER("acl_getroot");
|
|
|
|
DBUG_PRINT("enter", ("Host: '%s', Ip: '%s', User: '%s', db: '%s'",
|
|
host, ip, user, db));
|
|
sctx->user= user;
|
|
sctx->host= host;
|
|
sctx->ip= ip;
|
|
sctx->host_or_ip= host ? host : (ip ? ip : "");
|
|
|
|
if (!initialized)
|
|
{
|
|
/*
|
|
here if mysqld's been started with --skip-grant-tables option.
|
|
*/
|
|
sctx->skip_grants();
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
sctx->master_access= 0;
|
|
sctx->db_access= 0;
|
|
*sctx->priv_user= *sctx->priv_host= *sctx->priv_role= 0;
|
|
|
|
/*
|
|
Find acl entry in user database.
|
|
This is specially tailored to suit the check we do for CALL of
|
|
a stored procedure; user is set to what is actually a
|
|
priv_user, which can be ''.
|
|
*/
|
|
for (i=0 ; i < acl_users.elements ; i++)
|
|
{
|
|
ACL_USER *acl_user_tmp= dynamic_element(&acl_users,i,ACL_USER*);
|
|
if ((!acl_user_tmp->user.str && !user[0]) ||
|
|
(acl_user_tmp->user.str && strcmp(user, acl_user_tmp->user.str) == 0))
|
|
{
|
|
if (compare_hostname(&acl_user_tmp->host, host, ip))
|
|
{
|
|
acl_user= acl_user_tmp;
|
|
res= 0;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (acl_user)
|
|
{
|
|
for (i=0 ; i < acl_dbs.elements ; i++)
|
|
{
|
|
ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*);
|
|
if (!acl_db->user ||
|
|
(user && user[0] && !strcmp(user, acl_db->user)))
|
|
{
|
|
if (compare_hostname(&acl_db->host, host, ip))
|
|
{
|
|
if (!acl_db->db || (db && !wild_compare(db, acl_db->db, 0)))
|
|
{
|
|
sctx->db_access= acl_db->access;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
sctx->master_access= acl_user->access;
|
|
|
|
if (acl_user->user.str)
|
|
strmake_buf(sctx->priv_user, user);
|
|
else
|
|
*sctx->priv_user= 0;
|
|
|
|
if (acl_user->host.hostname)
|
|
strmake_buf(sctx->priv_host, acl_user->host.hostname);
|
|
else
|
|
*sctx->priv_host= 0;
|
|
}
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
DBUG_RETURN(res);
|
|
}
|
|
|
|
int acl_check_setrole(THD *thd, char *rolename, ulonglong *access)
|
|
{
|
|
bool is_granted;
|
|
int result= 0;
|
|
|
|
/* clear role privileges */
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
ACL_ROLE *role= find_acl_role(rolename);
|
|
ACL_USER_BASE *acl_user_base;
|
|
ACL_USER *acl_user;
|
|
|
|
if (!strcasecmp(rolename, "NONE")) {
|
|
/* have to clear the privileges */
|
|
/* get the current user */
|
|
acl_user= find_user(thd->security_ctx->host, thd->security_ctx->user,
|
|
thd->security_ctx->ip);
|
|
if (acl_user == NULL)
|
|
{
|
|
my_error(ER_INVALID_CURRENT_USER, MYF(0), rolename);
|
|
result= -1;
|
|
}
|
|
else if (access)
|
|
*access= acl_user->access;
|
|
|
|
goto end;
|
|
}
|
|
|
|
/* According to SQL standard, the same error message must be presented */
|
|
if (role == NULL) {
|
|
my_error(ER_INVALID_ROLE, MYF(0), rolename);
|
|
result= -1;
|
|
goto end;
|
|
}
|
|
|
|
for (uint i=0 ; i < role->parent_grantee.elements ; i++)
|
|
{
|
|
acl_user_base= *(dynamic_element(&role->parent_grantee, i, ACL_USER_BASE**));
|
|
if (acl_user_base->flags & IS_ROLE)
|
|
continue;
|
|
|
|
acl_user= (ACL_USER *)acl_user_base;
|
|
if ((!acl_user->user.str && !thd->security_ctx->user[0]) ||
|
|
(acl_user->user.str && !strcmp(thd->security_ctx->user,
|
|
acl_user->user.str)))
|
|
{
|
|
if (compare_hostname(&acl_user->host, thd->security_ctx->host,
|
|
thd->security_ctx->host))
|
|
{
|
|
is_granted= TRUE;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
/* According to SQL standard, the same error message must be presented */
|
|
if (!is_granted)
|
|
{
|
|
my_error(ER_INVALID_ROLE, MYF(0), rolename);
|
|
result= 1;
|
|
goto end;
|
|
}
|
|
|
|
if (access)
|
|
{
|
|
*access = acl_user->access | role->access;
|
|
}
|
|
end:
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
return result;
|
|
}
|
|
|
|
int acl_setrole(THD *thd, char *rolename, ulonglong access) {
|
|
/* merge the privileges */
|
|
Security_context *sctx= thd->security_ctx;
|
|
sctx->master_access= access;
|
|
if (thd->db)
|
|
{
|
|
sctx->db_access= acl_get(sctx->host,
|
|
sctx->ip, sctx->user, thd->db, FALSE);
|
|
sctx->db_access= acl_get("", "", rolename, thd->db, FALSE);
|
|
}
|
|
if (!strcasecmp(rolename, "NONE"))
|
|
{
|
|
thd->security_ctx->priv_role[0]= 0;
|
|
}
|
|
else
|
|
{
|
|
/* mark the current role */
|
|
strmake(thd->security_ctx->priv_role, rolename,
|
|
sizeof(thd->security_ctx->priv_role)-1);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
|
|
static uchar* check_get_key(ACL_USER *buff, size_t *length,
|
|
my_bool not_used __attribute__((unused)))
|
|
{
|
|
*length=buff->hostname_length;
|
|
return (uchar*) buff->host.hostname;
|
|
}
|
|
|
|
|
|
static void acl_update_role_entry(ACL_ROLE *role, ulong privileges)
|
|
{
|
|
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
/*
|
|
Changing privileges of a role causes all other roles that had
|
|
this role granted to them to have their rights invalidated.
|
|
|
|
We need to rebuild all roles' related access bits.
|
|
*/
|
|
|
|
role->initial_role_access= privileges;
|
|
role->flags&= ~ROLE_GRANTS_FINAL;
|
|
role->access= role->initial_role_access;
|
|
traverse_role_graph(role,
|
|
NULL,
|
|
role_explore_start_access_check,
|
|
role_explore_merge_if_final, NULL,
|
|
role_explore_set_final_access_bits);
|
|
|
|
for (uint i= 0; i < role->parent_grantee.elements; i++)
|
|
{
|
|
ACL_USER_BASE *acl_user_base;
|
|
ACL_ROLE *grantee;
|
|
acl_user_base= *(dynamic_element(&role->parent_grantee, i, ACL_USER_BASE**));
|
|
if (acl_user_base->flags & IS_ROLE)
|
|
{
|
|
grantee= (ACL_ROLE *)acl_user_base;
|
|
grantee->flags&= ~ROLE_GRANTS_FINAL;
|
|
grantee->access= grantee->initial_role_access;
|
|
}
|
|
}
|
|
/*
|
|
This needs to be run again after resetting the ROLE_GRANTS_FINAL flag,
|
|
because otherwise diamond shaped grants will interfere with the reset
|
|
process.
|
|
|
|
Example: RoleA -> RoleB; RoleA -> RoleC; RoleB -> RoleC;
|
|
We are updating RoleC, and we reset RoleA first. If we were to run
|
|
traverse_role_graph without resetting RoleB on RoleA, we would get the old
|
|
privileges from RoleC via RoleB into RoleA.
|
|
*/
|
|
for (uint i= 0; i < role->parent_grantee.elements; i++)
|
|
{
|
|
ACL_USER_BASE *acl_user_base;
|
|
ACL_ROLE *grantee;
|
|
acl_user_base= *(dynamic_element(&role->parent_grantee, i, ACL_USER_BASE**));
|
|
if (acl_user_base->flags & IS_ROLE)
|
|
{
|
|
grantee= (ACL_ROLE *)acl_user_base;
|
|
traverse_role_graph(grantee,
|
|
NULL,
|
|
role_explore_start_access_check,
|
|
role_explore_merge_if_final, NULL,
|
|
role_explore_set_final_access_bits);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
static void acl_update_role(const char *rolename,
|
|
ulong privileges)
|
|
{
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
ACL_ROLE *role= find_acl_role(rolename);
|
|
if (!role)
|
|
{
|
|
return;
|
|
}
|
|
acl_update_role_entry(role, privileges);
|
|
}
|
|
|
|
|
|
static void acl_update_user(const char *user, const char *host,
|
|
const char *password, uint password_len,
|
|
enum SSL_type ssl_type,
|
|
const char *ssl_cipher,
|
|
const char *x509_issuer,
|
|
const char *x509_subject,
|
|
USER_RESOURCES *mqh,
|
|
ulong privileges,
|
|
const LEX_STRING *plugin,
|
|
const LEX_STRING *auth)
|
|
{
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
for (uint i=0 ; i < acl_users.elements ; i++)
|
|
{
|
|
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
|
|
if ((!acl_user->user.str && !user[0]) ||
|
|
(acl_user->user.str && !strcmp(user,acl_user->user.str)))
|
|
{
|
|
if ((!acl_user->host.hostname && !host[0]) ||
|
|
(acl_user->host.hostname &&
|
|
!my_strcasecmp(system_charset_info, host, acl_user->host.hostname)))
|
|
{
|
|
if (plugin->str[0])
|
|
{
|
|
acl_user->plugin= *plugin;
|
|
acl_user->auth_string.str= auth->str ?
|
|
strmake_root(&mem, auth->str, auth->length) : const_cast<char*>("");
|
|
acl_user->auth_string.length= auth->length;
|
|
if (fix_user_plugin_ptr(acl_user))
|
|
acl_user->plugin.str= strmake_root(&mem, plugin->str, plugin->length);
|
|
}
|
|
else
|
|
if (password[0])
|
|
{
|
|
acl_user->auth_string.str= strmake_root(&mem, password, password_len);
|
|
acl_user->auth_string.length= password_len;
|
|
set_user_salt(acl_user, password, password_len);
|
|
set_user_plugin(acl_user, password_len);
|
|
}
|
|
acl_user->access=privileges;
|
|
if (mqh->specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
|
|
acl_user->user_resource.questions=mqh->questions;
|
|
if (mqh->specified_limits & USER_RESOURCES::UPDATES_PER_HOUR)
|
|
acl_user->user_resource.updates=mqh->updates;
|
|
if (mqh->specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR)
|
|
acl_user->user_resource.conn_per_hour= mqh->conn_per_hour;
|
|
if (mqh->specified_limits & USER_RESOURCES::USER_CONNECTIONS)
|
|
acl_user->user_resource.user_conn= mqh->user_conn;
|
|
if (ssl_type != SSL_TYPE_NOT_SPECIFIED)
|
|
{
|
|
acl_user->ssl_type= ssl_type;
|
|
acl_user->ssl_cipher= (ssl_cipher ? strdup_root(&mem,ssl_cipher) :
|
|
0);
|
|
acl_user->x509_issuer= (x509_issuer ? strdup_root(&mem,x509_issuer) :
|
|
0);
|
|
acl_user->x509_subject= (x509_subject ?
|
|
strdup_root(&mem,x509_subject) : 0);
|
|
}
|
|
/* search complete: */
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
static void acl_insert_role(const char *rolename, ulong privileges)
|
|
{
|
|
ACL_ROLE *entry;
|
|
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
entry= new (&mem) ACL_ROLE(rolename, privileges, &mem);
|
|
(void) my_init_dynamic_array(&entry->parent_grantee,
|
|
sizeof(ACL_USER_BASE *), 50, 100, MYF(0));
|
|
(void) my_init_dynamic_array(&entry->role_grants,sizeof(ACL_ROLE *),
|
|
50, 100, MYF(0));
|
|
|
|
|
|
|
|
my_hash_insert(&acl_roles, (uchar *)entry);
|
|
}
|
|
|
|
static void acl_insert_user(const char *user, const char *host,
|
|
const char *password, uint password_len,
|
|
enum SSL_type ssl_type,
|
|
const char *ssl_cipher,
|
|
const char *x509_issuer,
|
|
const char *x509_subject,
|
|
USER_RESOURCES *mqh,
|
|
ulong privileges,
|
|
const LEX_STRING *plugin,
|
|
const LEX_STRING *auth)
|
|
{
|
|
ACL_USER acl_user;
|
|
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
acl_user.user.str=*user ? strdup_root(&mem,user) : 0;
|
|
acl_user.user.length= strlen(user);
|
|
update_hostname(&acl_user.host, safe_strdup_root(&mem, host));
|
|
if (plugin->str[0])
|
|
{
|
|
acl_user.plugin= *plugin;
|
|
acl_user.auth_string.str= auth->str ?
|
|
strmake_root(&mem, auth->str, auth->length) : const_cast<char*>("");
|
|
acl_user.auth_string.length= auth->length;
|
|
if (fix_user_plugin_ptr(&acl_user))
|
|
acl_user.plugin.str= strmake_root(&mem, plugin->str, plugin->length);
|
|
}
|
|
else
|
|
{
|
|
acl_user.auth_string.str= strmake_root(&mem, password, password_len);
|
|
acl_user.auth_string.length= password_len;
|
|
set_user_salt(&acl_user, password, password_len);
|
|
set_user_plugin(&acl_user, password_len);
|
|
}
|
|
|
|
acl_user.access=privileges;
|
|
acl_user.user_resource = *mqh;
|
|
acl_user.sort=get_sort(2,acl_user.host.hostname,acl_user.user);
|
|
acl_user.hostname_length=(uint) strlen(host);
|
|
acl_user.ssl_type= (ssl_type != SSL_TYPE_NOT_SPECIFIED ?
|
|
ssl_type : SSL_TYPE_NONE);
|
|
acl_user.ssl_cipher= ssl_cipher ? strdup_root(&mem,ssl_cipher) : 0;
|
|
acl_user.x509_issuer= x509_issuer ? strdup_root(&mem,x509_issuer) : 0;
|
|
acl_user.x509_subject=x509_subject ? strdup_root(&mem,x509_subject) : 0;
|
|
(void) my_init_dynamic_array(&acl_user.role_grants, sizeof(ACL_USER *),
|
|
50, 100, MYF(0));
|
|
|
|
(void) push_dynamic(&acl_users,(uchar*) &acl_user);
|
|
if (!acl_user.host.hostname ||
|
|
(acl_user.host.hostname[0] == wild_many && !acl_user.host.hostname[1]))
|
|
allow_all_hosts=1; // Anyone can connect /* purecov: tested */
|
|
my_qsort((uchar*) dynamic_element(&acl_users,0,ACL_USER*),acl_users.elements,
|
|
sizeof(ACL_USER),(qsort_cmp) acl_compare);
|
|
|
|
/* Rebuild 'acl_check_hosts' since 'acl_users' has been modified */
|
|
rebuild_check_host();
|
|
/* Rebuild every user's role_grants because the acl_user has been modified
|
|
and some grants might now be invalid */
|
|
rebuild_role_grants();
|
|
}
|
|
|
|
|
|
static void acl_update_db(const char *user, const char *host, const char *db,
|
|
ulong privileges, bool set_initial_access)
|
|
{
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
for (uint i=0 ; i < acl_dbs.elements ; i++)
|
|
{
|
|
ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*);
|
|
if ((!acl_db->user && !user[0]) ||
|
|
(acl_db->user &&
|
|
!strcmp(user,acl_db->user)))
|
|
{
|
|
if ((!acl_db->host.hostname && !host[0]) ||
|
|
(acl_db->host.hostname &&
|
|
!strcmp(host, acl_db->host.hostname)))
|
|
{
|
|
if ((!acl_db->db && !db[0]) ||
|
|
(acl_db->db && !strcmp(db,acl_db->db)))
|
|
|
|
{
|
|
if (privileges)
|
|
{
|
|
acl_db->access= privileges;
|
|
if (set_initial_access)
|
|
acl_db->initial_access= acl_db->access;
|
|
}
|
|
else
|
|
delete_dynamic_element(&acl_dbs,i);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
Insert a user/db/host combination into the global acl_cache
|
|
|
|
SYNOPSIS
|
|
acl_insert_db()
|
|
user User name
|
|
host Host name
|
|
db Database name
|
|
privileges Bitmap of privileges
|
|
set_initial_access If marked true, will set the initial_access field
|
|
to be set to the same value as privileges.
|
|
|
|
NOTES
|
|
acl_cache->lock must be locked when calling this
|
|
*/
|
|
|
|
static void acl_insert_db(const char *user, const char *host, const char *db,
|
|
ulong privileges, bool set_initial_access)
|
|
{
|
|
ACL_DB acl_db;
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
acl_db.user=strdup_root(&mem,user);
|
|
update_hostname(&acl_db.host, safe_strdup_root(&mem, host));
|
|
acl_db.db=strdup_root(&mem,db);
|
|
acl_db.access=privileges;
|
|
if (set_initial_access)
|
|
acl_db.initial_access= acl_db.access;
|
|
else
|
|
acl_db.initial_access= 0;
|
|
acl_db.sort=get_sort(3,acl_db.host.hostname,acl_db.db,acl_db.user);
|
|
(void) push_dynamic(&acl_dbs,(uchar*) &acl_db);
|
|
my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements,
|
|
sizeof(ACL_DB),(qsort_cmp) acl_compare);
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
Get privilege for a host, user and db combination
|
|
|
|
as db_is_pattern changes the semantics of comparison,
|
|
acl_cache is not used if db_is_pattern is set.
|
|
*/
|
|
|
|
ulong acl_get(const char *host, const char *ip,
|
|
const char *user, const char *db, my_bool db_is_pattern)
|
|
{
|
|
ulong host_access= ~(ulong)0, db_access= 0;
|
|
uint i;
|
|
size_t key_length;
|
|
char key[ACL_KEY_LENGTH],*tmp_db,*end;
|
|
acl_entry *entry;
|
|
DBUG_ENTER("acl_get");
|
|
|
|
tmp_db= strmov(strmov(key, ip ? ip : "") + 1, user) + 1;
|
|
end= strnmov(tmp_db, db, key + sizeof(key) - tmp_db);
|
|
|
|
if (end >= key + sizeof(key)) // db name was truncated
|
|
DBUG_RETURN(0); // no privileges for an invalid db name
|
|
|
|
if (lower_case_table_names)
|
|
{
|
|
my_casedn_str(files_charset_info, tmp_db);
|
|
db=tmp_db;
|
|
}
|
|
key_length= (size_t) (end-key);
|
|
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
if (!db_is_pattern && (entry=(acl_entry*) acl_cache->search((uchar*) key,
|
|
key_length)))
|
|
{
|
|
db_access=entry->access;
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
DBUG_PRINT("exit", ("access: 0x%lx", db_access));
|
|
DBUG_RETURN(db_access);
|
|
}
|
|
|
|
/*
|
|
Check if there are some access rights for database and user
|
|
*/
|
|
for (i=0 ; i < acl_dbs.elements ; i++)
|
|
{
|
|
ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*);
|
|
if (!acl_db->user || !strcmp(user,acl_db->user))
|
|
{
|
|
if (compare_hostname(&acl_db->host,host,ip))
|
|
{
|
|
if (!acl_db->db || !wild_compare(db,acl_db->db,db_is_pattern))
|
|
{
|
|
db_access=acl_db->access;
|
|
if (acl_db->host.hostname)
|
|
goto exit; // Fully specified. Take it
|
|
/* the host table is not used for roles */
|
|
if ((!host || !host[0]) && !acl_db->host.hostname && find_acl_role(user))
|
|
goto exit;
|
|
break; /* purecov: tested */
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if (!db_access)
|
|
goto exit; // Can't be better
|
|
|
|
/*
|
|
No host specified for user. Get hostdata from host table
|
|
*/
|
|
host_access=0; // Host must be found
|
|
for (i=0 ; i < acl_hosts.elements ; i++)
|
|
{
|
|
ACL_HOST *acl_host=dynamic_element(&acl_hosts,i,ACL_HOST*);
|
|
if (compare_hostname(&acl_host->host,host,ip))
|
|
{
|
|
if (!acl_host->db || !wild_compare(db,acl_host->db,db_is_pattern))
|
|
{
|
|
host_access=acl_host->access; // Fully specified. Take it
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
exit:
|
|
/* Save entry in cache for quick retrieval */
|
|
if (!db_is_pattern &&
|
|
(entry= (acl_entry*) malloc(sizeof(acl_entry)+key_length)))
|
|
{
|
|
entry->access=(db_access & host_access);
|
|
entry->length=key_length;
|
|
memcpy((uchar*) entry->key,key,key_length);
|
|
acl_cache->add(entry);
|
|
}
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
DBUG_PRINT("exit", ("access: 0x%lx", db_access & host_access));
|
|
DBUG_RETURN(db_access & host_access);
|
|
}
|
|
|
|
/*
|
|
Check if there are any possible matching entries for this host
|
|
|
|
NOTES
|
|
All host names without wild cards are stored in a hash table,
|
|
entries with wildcards are stored in a dynamic array
|
|
*/
|
|
|
|
static void init_check_host(void)
|
|
{
|
|
DBUG_ENTER("init_check_host");
|
|
(void) my_init_dynamic_array(&acl_wild_hosts,sizeof(struct acl_host_and_ip),
|
|
acl_users.elements, 1, MYF(0));
|
|
(void) my_hash_init(&acl_check_hosts,system_charset_info,
|
|
acl_users.elements, 0, 0,
|
|
(my_hash_get_key) check_get_key, 0, 0);
|
|
if (!allow_all_hosts)
|
|
{
|
|
for (uint i=0 ; i < acl_users.elements ; i++)
|
|
{
|
|
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
|
|
if (strchr(acl_user->host.hostname,wild_many) ||
|
|
strchr(acl_user->host.hostname,wild_one) ||
|
|
acl_user->host.ip_mask)
|
|
{ // Has wildcard
|
|
uint j;
|
|
for (j=0 ; j < acl_wild_hosts.elements ; j++)
|
|
{ // Check if host already exists
|
|
acl_host_and_ip *acl=dynamic_element(&acl_wild_hosts,j,
|
|
acl_host_and_ip *);
|
|
if (!my_strcasecmp(system_charset_info,
|
|
acl_user->host.hostname, acl->hostname))
|
|
break; // already stored
|
|
}
|
|
if (j == acl_wild_hosts.elements) // If new
|
|
(void) push_dynamic(&acl_wild_hosts,(uchar*) &acl_user->host);
|
|
}
|
|
else if (!my_hash_search(&acl_check_hosts,(uchar*)
|
|
acl_user->host.hostname,
|
|
strlen(acl_user->host.hostname)))
|
|
{
|
|
if (my_hash_insert(&acl_check_hosts,(uchar*) acl_user))
|
|
{ // End of memory
|
|
allow_all_hosts=1; // Should never happen
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
freeze_size(&acl_wild_hosts);
|
|
freeze_size(&acl_check_hosts.array);
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
|
|
|
|
/*
|
|
Rebuild lists used for checking of allowed hosts
|
|
|
|
We need to rebuild 'acl_check_hosts' and 'acl_wild_hosts' after adding,
|
|
dropping or renaming user, since they contain pointers to elements of
|
|
'acl_user' array, which are invalidated by drop operation, and use
|
|
ACL_USER::host::hostname as a key, which is changed by rename.
|
|
*/
|
|
void rebuild_check_host(void)
|
|
{
|
|
delete_dynamic(&acl_wild_hosts);
|
|
my_hash_free(&acl_check_hosts);
|
|
init_check_host();
|
|
}
|
|
|
|
static my_bool acl_role_propagate_grants(ACL_ROLE *role,
|
|
void * not_used __attribute__((unused)))
|
|
{
|
|
traverse_role_graph(role,
|
|
NULL,
|
|
role_explore_start_access_check,
|
|
role_explore_merge_if_final, NULL,
|
|
role_explore_set_final_access_bits);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
Reset a role role_grants dynamic array.
|
|
Also, the role's access bits are reset to the ones present in the table.
|
|
|
|
The function can be used as a walk action for hash elements aswell.
|
|
*/
|
|
my_bool acl_role_reset_grant(ACL_ROLE *role,
|
|
void * not_used __attribute__((unused)))
|
|
{
|
|
reset_dynamic(&role->role_grants);
|
|
reset_dynamic(&role->parent_grantee);
|
|
/* Also reset the role access bits */
|
|
role->access= role->initial_role_access;
|
|
role->flags&= ~ROLE_GRANTS_FINAL;
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
Reset a users role_grants dynamic array.
|
|
|
|
The function can be used as a walk action for hash elements aswell.
|
|
*/
|
|
my_bool acl_user_reset_grant(ACL_USER *user,
|
|
void * not_used __attribute__((unused)))
|
|
{
|
|
reset_dynamic(&user->role_grants);
|
|
return 0;
|
|
}
|
|
|
|
|
|
static void role_explore_create_list(ACL_ROLE *unused __attribute__((unused)),
|
|
ACL_ROLE *role, void *context_data)
|
|
{
|
|
DYNAMIC_ARRAY *list= (DYNAMIC_ARRAY *)context_data;
|
|
push_dynamic(list, (uchar*)&role);
|
|
}
|
|
|
|
static bool role_explore_start_access_check(ACL_ROLE *role,
|
|
void *unused __attribute__((unused)))
|
|
{
|
|
/*
|
|
There exists the possibility that the role's access bits are final
|
|
and we can just get the access bits without doing the more expensive
|
|
search operation
|
|
*/
|
|
if (role->flags & ROLE_GRANTS_FINAL)
|
|
return TRUE;
|
|
/*
|
|
This function is called when the node is first opened by DFS.
|
|
If it's ROLE_GRANTS were not final, then it means that it's existing
|
|
privilege entries should be placed on their initial grant access state.
|
|
*/
|
|
|
|
reset_role_db_privileges(role);
|
|
reset_role_table_and_column_privileges(role);
|
|
reset_role_routine_grant_privileges(role);
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
|
|
void *unused __attribute__((unused)))
|
|
{
|
|
if (neighbour->flags & ROLE_GRANTS_FINAL)
|
|
{
|
|
DBUG_PRINT("info", ("Neighbour access is final, merging"));
|
|
merge_role_grant_privileges(current, neighbour);
|
|
return TRUE;
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
static void role_explore_set_final_access_bits(ACL_ROLE *parent,
|
|
ACL_ROLE *current,
|
|
void *unused __attribute__((unused)))
|
|
{
|
|
current->flags|= ROLE_GRANTS_FINAL;
|
|
/* Add the own role's rights once it's finished exploring */
|
|
current->access|= current->initial_role_access;
|
|
DBUG_PRINT("info",
|
|
("Setting final access for node: %s %lu",
|
|
current->user.str, current->access));
|
|
if (parent)
|
|
{
|
|
merge_role_grant_privileges(parent, current);
|
|
}
|
|
}
|
|
|
|
static bool role_explore_detect_cycle(ACL_ROLE *unused __attribute__((unused)),
|
|
ACL_ROLE *unused2 __attribute__((unused)),
|
|
void *unused3 __attribute__((unused)))
|
|
{
|
|
return TRUE;
|
|
}
|
|
|
|
/*
|
|
The function scans through all roles granted to the role passed as argument
|
|
and places the permissions in the access variable. The traverse method is
|
|
a DEPTH FIRST SEARCH.
|
|
|
|
The functions passed as parameters (if they are not NULL) are called during
|
|
specific events:
|
|
|
|
on_start - called before initializing the stack.
|
|
on_open - called the first time a neighbour is opened.
|
|
on_cycle - called when an an attempt was made to open an already opened
|
|
neighbour
|
|
on_finish - called when a node has had all it's neighbours explored
|
|
|
|
NOTES:
|
|
If on_start returns TRUE, the whole exploration stops.
|
|
If on_open returns TRUE, the neighbour is ignored and not placed on the stack
|
|
If on_cycle returns TRUE, the whole exploration stops.
|
|
|
|
|
|
Return values:
|
|
0: Exploration finished after complete exploration;
|
|
1: Exploration finished due to on_start returning TRUE;
|
|
2: Exploration finished due to on_cycle returning TRUE;
|
|
*/
|
|
static int traverse_role_graph(ACL_ROLE *role,
|
|
void *context_data,
|
|
bool (*on_start) (ACL_ROLE *role,
|
|
void *context_data),
|
|
bool (*on_open) (ACL_ROLE *current,
|
|
ACL_ROLE *neighbour,
|
|
void *context_data),
|
|
bool (*on_cycle) (ACL_ROLE *current,
|
|
ACL_ROLE *neighbour,
|
|
void *context_data),
|
|
void (*on_finish)(ACL_ROLE *parent,
|
|
ACL_ROLE *current,
|
|
void *context_data))
|
|
{
|
|
|
|
DBUG_ENTER("traverse_role_graph");
|
|
DBUG_ASSERT(role);
|
|
DBUG_PRINT("enter",("role: '%s'", role->user.str));
|
|
/*
|
|
The search operation should always leave the ROLE_VISITED and ROLE_EXPLORED
|
|
flags clean for all nodes involved in the search
|
|
*/
|
|
DBUG_ASSERT(!(role->flags & ROLE_VISITED));
|
|
DBUG_ASSERT(!(role->flags & ROLE_EXPLORED));
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
if (on_start && on_start(role, context_data))
|
|
DBUG_RETURN(1);
|
|
|
|
/*
|
|
Stack used to simulate the recursive calls of DFS.
|
|
It uses a DYNAMIC_ARRAY to reduce the number of
|
|
malloc calls to a minimum
|
|
*/
|
|
DYNAMIC_ARRAY stack;
|
|
DYNAMIC_ARRAY to_clear;
|
|
NODE_STATE state; /* variable used to insert elements in the stack */
|
|
uint result= 0;
|
|
|
|
state.neigh_idx= 0;
|
|
state.node_data= role;
|
|
role->flags|= ROLE_VISITED;
|
|
|
|
(void) my_init_dynamic_array(&stack, sizeof(NODE_STATE), 20, 50, MYF(0));
|
|
(void) my_init_dynamic_array(&to_clear, sizeof(ACL_ROLE *), 20, 50, MYF(0));
|
|
push_dynamic(&stack, (uchar*)&state);
|
|
push_dynamic(&to_clear, (uchar*)&role);
|
|
|
|
while (stack.elements)
|
|
{
|
|
NODE_STATE *curr_state= dynamic_element(&stack, stack.elements - 1,
|
|
NODE_STATE *);
|
|
|
|
DBUG_ASSERT(curr_state->node_data->flags & ROLE_VISITED);
|
|
|
|
ACL_ROLE *current= curr_state->node_data;
|
|
ACL_ROLE *neighbour= NULL;
|
|
DBUG_PRINT("info", ("Examining role %s", current->user.str));
|
|
/*
|
|
Iterate through the neighbours until a first valid jump-to
|
|
neighbour is found
|
|
*/
|
|
my_bool found= FALSE;
|
|
uint i;
|
|
for (i= curr_state->neigh_idx; i < current->role_grants.elements; i++)
|
|
{
|
|
neighbour= *(dynamic_element(¤t->role_grants, i, ACL_ROLE**));
|
|
DBUG_PRINT("info", ("Examining neighbour role %s", neighbour->user.str));
|
|
|
|
/* check if it forms a cycle */
|
|
if (neighbour->flags & ROLE_VISITED)
|
|
{
|
|
DBUG_PRINT("info", ("Found cycle"));
|
|
if (on_cycle && on_cycle(current, neighbour, context_data))
|
|
{
|
|
result= 2;
|
|
goto end;
|
|
}
|
|
continue;
|
|
}
|
|
|
|
/*
|
|
Check if it was already explored, in that case, move on
|
|
*/
|
|
if (neighbour->flags & ROLE_EXPLORED)
|
|
continue;
|
|
/*
|
|
Set the current state search index to the next index
|
|
this needs to be done before inserting, so as to make sure that the
|
|
pointer is valid
|
|
*/
|
|
found= TRUE;
|
|
break;
|
|
}
|
|
|
|
/* found states that we have found a node to jump next into */
|
|
if (found)
|
|
{
|
|
/*
|
|
we're going to have to take a look at the same neighbour again
|
|
once it is done being explored, thus, set the neigh_idx to "i"
|
|
which is the current neighbour that will be added on the stack
|
|
*/
|
|
curr_state->neigh_idx= i;
|
|
push_dynamic(&to_clear, (uchar*)&neighbour);
|
|
|
|
/* some sanity checks */
|
|
DBUG_ASSERT(!(neighbour->flags & ROLE_VISITED));
|
|
if (on_open && on_open(current, neighbour, context_data))
|
|
{
|
|
/* on_open returned TRUE, mark the neighbour as being explored */
|
|
neighbour->flags|= ROLE_EXPLORED;
|
|
continue;
|
|
}
|
|
|
|
/* add the neighbour on the stack */
|
|
neighbour->flags|= ROLE_VISITED;
|
|
state.neigh_idx= 0;
|
|
state.node_data= neighbour;
|
|
push_dynamic(&stack, (uchar*)&state);
|
|
}
|
|
else
|
|
{
|
|
/* Make sure we got a correct node */
|
|
DBUG_ASSERT(curr_state->node_data->flags & ROLE_VISITED);
|
|
/* Finished with exploring the current node, pop it off the stack */
|
|
curr_state= (NODE_STATE *)pop_dynamic(&stack);
|
|
curr_state->node_data->flags&= ~ROLE_VISITED; /* clear the visited bit */
|
|
curr_state->node_data->flags|= ROLE_EXPLORED;
|
|
if (on_finish)
|
|
{
|
|
NODE_STATE *parent= NULL;
|
|
if (stack.elements)
|
|
{
|
|
parent= dynamic_element(&stack, stack.elements - 1, NODE_STATE *);
|
|
on_finish(parent->node_data, curr_state->node_data, context_data);
|
|
}
|
|
else
|
|
{
|
|
/* no parent node, this is the starting node */
|
|
on_finish(NULL, curr_state->node_data, context_data);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
end:
|
|
/* Cleanup */
|
|
for (uint i= 0; i < to_clear.elements; i++)
|
|
{
|
|
ACL_ROLE *current= *dynamic_element(&to_clear, i,
|
|
ACL_ROLE **);
|
|
DBUG_ASSERT(current->flags & (ROLE_EXPLORED | ROLE_VISITED));
|
|
current->flags&= ~(ROLE_EXPLORED | ROLE_VISITED);
|
|
}
|
|
delete_dynamic(&stack);
|
|
delete_dynamic(&to_clear);
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
/*
|
|
Add a the coresponding pointers present in the mapping to the entries in
|
|
acl_users and acl_roles
|
|
|
|
Return values:
|
|
0: The entry is valid and was added.
|
|
-1: The entry is invalid and was not added.
|
|
1: The entry represents a mapping between two roles.
|
|
*/
|
|
int add_role_user_mapping(ROLE_GRANT_PAIR *mapping)
|
|
{
|
|
|
|
ACL_USER_BASE *user= find_user_no_anon((mapping->u_hname) ? mapping->u_hname: "",
|
|
(mapping->u_uname) ? mapping->u_uname: "",
|
|
TRUE);
|
|
ACL_ROLE *role= find_acl_role(mapping->r_uname ? mapping->r_uname: "");
|
|
|
|
|
|
int result= 0;
|
|
|
|
if (user == NULL || role == NULL)
|
|
{
|
|
/* There still exists the possibility that the user is actually a role */
|
|
if (user == NULL && role && (!mapping->u_hname || !mapping->u_hname[0])
|
|
&& /* in this case the grantee is a role */
|
|
((user= find_acl_role(mapping->u_uname ? mapping->u_uname: ""))))
|
|
{
|
|
result= 1;
|
|
}
|
|
else
|
|
{
|
|
DBUG_PRINT("warning", ("Invalid add_role_user_mapping '%s'@'%s' %s %p %p",
|
|
mapping->u_uname, mapping->u_hname,
|
|
mapping->r_uname, user, role));
|
|
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
push_dynamic(&user->role_grants, (uchar*) &role);
|
|
push_dynamic(&role->parent_grantee, (uchar*) &user);
|
|
|
|
DBUG_PRINT("info", ("Found %s %s@%s having role granted %s\n",
|
|
(result) ? "role" : "user",
|
|
user->user.str,
|
|
(result) ? "" : ((ACL_USER *)user)->host.hostname,
|
|
role->user.str));
|
|
return result;
|
|
}
|
|
|
|
int remove_role_user_mapping(ROLE_GRANT_PAIR *mapping)
|
|
{
|
|
ACL_USER_BASE *user= find_user_no_anon((mapping->u_hname) ? mapping->u_hname: "",
|
|
(mapping->u_uname) ? mapping->u_uname: "",
|
|
TRUE);
|
|
ACL_ROLE *role= find_acl_role(mapping->r_uname ? mapping->r_uname: "");
|
|
|
|
|
|
int result= 0;
|
|
uint idx_user, idx_role;
|
|
bool deleted_role= FALSE, deleted_user= FALSE;
|
|
|
|
if (user == NULL || role == NULL)
|
|
{
|
|
/* There still exists the possibility that the user is actually a role */
|
|
if (user == NULL && role && (!mapping->u_hname || !mapping->u_hname[0])
|
|
&& /* in this case the grantee is a role */
|
|
((user= find_acl_role(mapping->u_uname ? mapping->u_uname: ""))))
|
|
{
|
|
result= 1;
|
|
}
|
|
else
|
|
{
|
|
DBUG_PRINT("warning", ("Invalid remove_role_user_mapping '%s'@'%s' %s %p %p",
|
|
mapping->u_uname, mapping->u_hname,
|
|
mapping->r_uname, user, role));
|
|
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
/* scan both arrays to find and delete both links */
|
|
for (idx_user=0; idx_user < user->role_grants.elements; idx_user++)
|
|
{
|
|
if (role == *dynamic_element(&user->role_grants, idx_user, ACL_ROLE**))
|
|
{
|
|
delete_dynamic_element(&user->role_grants, idx_user);
|
|
deleted_user= TRUE;
|
|
}
|
|
}
|
|
|
|
for (idx_role=0; idx_role < role->parent_grantee.elements; idx_role++)
|
|
{
|
|
if (user == *dynamic_element(&role->parent_grantee, idx_role,
|
|
ACL_USER_BASE**))
|
|
{
|
|
delete_dynamic_element(&role->parent_grantee, idx_role);
|
|
deleted_role= TRUE;
|
|
}
|
|
}
|
|
|
|
/* we should always get to delete from both arrays */
|
|
DBUG_ASSERT(deleted_role && deleted_user);
|
|
return result;
|
|
}
|
|
|
|
|
|
/*
|
|
Rebuild the role grants every time the acl_users is modified
|
|
|
|
The role grants in the ACL_USER class need to be rebuilt, as they contain
|
|
pointers to elements of the acl_users array.
|
|
*/
|
|
|
|
void rebuild_role_grants(void)
|
|
{
|
|
DBUG_ENTER("rebuild_role_grants");
|
|
/*
|
|
Reset every user's and role's role_grants array
|
|
*/
|
|
for (uint i=0; i < acl_users.elements; i++) {
|
|
ACL_USER *user= dynamic_element(&acl_users, i, ACL_USER *);
|
|
acl_user_reset_grant(user, NULL);
|
|
}
|
|
my_hash_iterate(&acl_roles,
|
|
(my_hash_walk_action) acl_role_reset_grant, NULL);
|
|
|
|
/*
|
|
Rebuild the direct links between users and roles in ACL_USER::role_grants
|
|
*/
|
|
for (uint i=0; i < acl_roles_mappings.records; i++) {
|
|
ROLE_GRANT_PAIR *mapping= (ROLE_GRANT_PAIR*)
|
|
my_hash_element(&acl_roles_mappings, i);
|
|
my_bool status = add_role_user_mapping(mapping);
|
|
/*
|
|
The invariant chosen is that acl_roles_mappings should _always_
|
|
only contain valid entries, referencing correct user and role grants.
|
|
If add_role_user_mapping detects an invalid entry, it will not add
|
|
the mapping into the ACL_USER::role_grants array.
|
|
*/
|
|
DBUG_ASSERT(status >= 0);
|
|
}
|
|
|
|
my_hash_iterate(&acl_roles,
|
|
(my_hash_walk_action) acl_role_propagate_grants, NULL);
|
|
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
/* Return true if there is no users that can match the given host */
|
|
|
|
bool acl_check_host(const char *host, const char *ip)
|
|
{
|
|
if (allow_all_hosts)
|
|
return 0;
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
if ((host && my_hash_search(&acl_check_hosts,(uchar*) host,strlen(host))) ||
|
|
(ip && my_hash_search(&acl_check_hosts,(uchar*) ip, strlen(ip))))
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
return 0; // Found host
|
|
}
|
|
for (uint i=0 ; i < acl_wild_hosts.elements ; i++)
|
|
{
|
|
acl_host_and_ip *acl=dynamic_element(&acl_wild_hosts,i,acl_host_and_ip*);
|
|
if (compare_hostname(acl, host, ip))
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
return 0; // Host ok
|
|
}
|
|
}
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
return 1; // Host is not allowed
|
|
}
|
|
|
|
|
|
/*
|
|
Check if the user is allowed to change password
|
|
|
|
SYNOPSIS:
|
|
check_change_password()
|
|
thd THD
|
|
host hostname for the user
|
|
user user name
|
|
new_password new password
|
|
|
|
NOTE:
|
|
new_password cannot be NULL
|
|
|
|
RETURN VALUE
|
|
0 OK
|
|
1 ERROR ; In this case the error is sent to the client.
|
|
*/
|
|
|
|
int check_change_password(THD *thd, const char *host, const char *user,
|
|
char *new_password, uint new_password_len)
|
|
{
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
|
|
return(1);
|
|
}
|
|
if (!thd->slave_thread && !thd->security_ctx->priv_user[0])
|
|
{
|
|
my_message(ER_PASSWORD_ANONYMOUS_USER, ER(ER_PASSWORD_ANONYMOUS_USER),
|
|
MYF(0));
|
|
return(1);
|
|
}
|
|
if (!host) // Role
|
|
{
|
|
my_error(ER_PASSWORD_NO_MATCH, MYF(0));
|
|
return 1;
|
|
}
|
|
if (!thd->slave_thread &&
|
|
(strcmp(thd->security_ctx->priv_user, user) ||
|
|
my_strcasecmp(system_charset_info, host,
|
|
thd->security_ctx->priv_host)))
|
|
{
|
|
if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 0))
|
|
return(1);
|
|
}
|
|
size_t len= strlen(new_password);
|
|
if (len && len != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
|
|
len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
|
|
{
|
|
my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
|
|
return -1;
|
|
}
|
|
return(0);
|
|
}
|
|
|
|
|
|
/*
|
|
Change a password for a user
|
|
|
|
SYNOPSIS
|
|
change_password()
|
|
thd Thread handle
|
|
host Hostname
|
|
user User name
|
|
new_password New password for host@user
|
|
|
|
RETURN VALUES
|
|
0 ok
|
|
1 ERROR; In this case the error is sent to the client.
|
|
*/
|
|
|
|
bool change_password(THD *thd, const char *host, const char *user,
|
|
char *new_password)
|
|
{
|
|
TABLE_LIST tables;
|
|
TABLE *table;
|
|
Rpl_filter *rpl_filter= thd->rpl_filter;
|
|
/* Buffer should be extended when password length is extended. */
|
|
char buff[512];
|
|
ulong query_length;
|
|
enum_binlog_format save_binlog_format;
|
|
uint new_password_len= (uint) strlen(new_password);
|
|
bool result= 1;
|
|
DBUG_ENTER("change_password");
|
|
DBUG_PRINT("enter",("host: '%s' user: '%s' new_password: '%s'",
|
|
host,user,new_password));
|
|
DBUG_ASSERT(host != 0); // Ensured by parent
|
|
|
|
if (check_change_password(thd, host, user, new_password, new_password_len))
|
|
DBUG_RETURN(1);
|
|
|
|
tables.init_one_table("mysql", 5, "user", 4, "user", TL_WRITE);
|
|
|
|
#ifdef HAVE_REPLICATION
|
|
/*
|
|
GRANT and REVOKE are applied the slave in/exclusion rules as they are
|
|
some kind of updates to the mysql.% tables.
|
|
*/
|
|
if (thd->slave_thread && rpl_filter->is_on())
|
|
{
|
|
/*
|
|
The tables must be marked "updating" so that tables_ok() takes them into
|
|
account in tests. It's ok to leave 'updating' set after tables_ok.
|
|
*/
|
|
tables.updating= 1;
|
|
/* Thanks to bzero, tables.next==0 */
|
|
if (!(thd->spcont || rpl_filter->tables_ok(0, &tables)))
|
|
DBUG_RETURN(0);
|
|
}
|
|
#endif
|
|
if (!(table= open_ltable(thd, &tables, TL_WRITE, MYSQL_LOCK_IGNORE_TIMEOUT)))
|
|
DBUG_RETURN(1);
|
|
|
|
/*
|
|
This statement will be replicated as a statement, even when using
|
|
row-based replication. The flag will be reset at the end of the
|
|
statement.
|
|
This has to be handled here as it's called by set_var.cc, which is
|
|
not automaticly handled by sql_parse.cc
|
|
*/
|
|
save_binlog_format= thd->set_current_stmt_binlog_format_stmt();
|
|
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
ACL_USER *acl_user;
|
|
if (!(acl_user= find_user_no_anon(host, user, TRUE)))
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0));
|
|
goto end;
|
|
}
|
|
|
|
/* update loaded acl entry: */
|
|
if (acl_user->plugin.str == native_password_plugin_name.str ||
|
|
acl_user->plugin.str == old_password_plugin_name.str)
|
|
{
|
|
acl_user->auth_string.str= strmake_root(&mem, new_password, new_password_len);
|
|
acl_user->auth_string.length= new_password_len;
|
|
set_user_salt(acl_user, new_password, new_password_len);
|
|
set_user_plugin(acl_user, new_password_len);
|
|
}
|
|
else
|
|
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
|
|
ER_SET_PASSWORD_AUTH_PLUGIN, ER(ER_SET_PASSWORD_AUTH_PLUGIN));
|
|
|
|
if (update_user_table(thd, table,
|
|
acl_user->host.hostname ? acl_user->host.hostname : "",
|
|
acl_user->user.str ? acl_user->user.str : "",
|
|
new_password, new_password_len))
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */
|
|
goto end;
|
|
}
|
|
|
|
acl_cache->clear(1); // Clear locked hostname cache
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
result= 0;
|
|
if (mysql_bin_log.is_open())
|
|
{
|
|
query_length=
|
|
sprintf(buff,"SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'",
|
|
acl_user->user.str ? acl_user->user.str : "",
|
|
acl_user->host.hostname ? acl_user->host.hostname : "",
|
|
new_password);
|
|
thd->clear_error();
|
|
result= thd->binlog_query(THD::STMT_QUERY_TYPE, buff, query_length,
|
|
FALSE, FALSE, FALSE, 0);
|
|
}
|
|
end:
|
|
close_mysql_tables(thd);
|
|
thd->restore_stmt_binlog_format(save_binlog_format);
|
|
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
/*
|
|
Find user in ACL
|
|
|
|
SYNOPSIS
|
|
is_acl_user()
|
|
host host name
|
|
user user name
|
|
|
|
RETURN
|
|
FALSE user not fond
|
|
TRUE there is such user
|
|
*/
|
|
|
|
bool is_acl_user(const char *host, const char *user)
|
|
{
|
|
bool res;
|
|
|
|
/* --skip-grants */
|
|
if (!initialized)
|
|
return TRUE;
|
|
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
res= find_user_no_anon(host, user, TRUE) != NULL;
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
return res;
|
|
}
|
|
|
|
|
|
static ACL_USER *
|
|
find_user(const char *host, const char *user, const char *ip)
|
|
{
|
|
ACL_USER *result= NULL;
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
for (uint i=0; i < acl_users.elements; i++)
|
|
{
|
|
ACL_USER *acl_user_tmp= dynamic_element(&acl_users, i, ACL_USER*);
|
|
if ((!acl_user_tmp->user.str ||
|
|
!strcmp(user, acl_user_tmp->user.str)) &&
|
|
compare_hostname(&acl_user_tmp->host, host, ip))
|
|
{
|
|
result= acl_user_tmp;
|
|
break;
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
|
|
/*
|
|
Find first entry that matches the current user
|
|
*/
|
|
static ACL_USER *
|
|
find_user_no_anon(const char *host, const char *user, bool exact)
|
|
{
|
|
DBUG_ENTER("find_user_no_anon");
|
|
DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user));
|
|
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
for (uint i=0 ; i < acl_users.elements ; i++)
|
|
{
|
|
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
|
|
DBUG_PRINT("info",("strcmp('%s','%s'), compare_hostname('%s','%s'),",
|
|
user, acl_user->user.str ? acl_user->user.str : "",
|
|
host,
|
|
acl_user->host.hostname ? acl_user->host.hostname :
|
|
""));
|
|
if ((!acl_user->user.str && !user[0]) ||
|
|
(acl_user->user.str && !strcmp(user,acl_user->user.str)))
|
|
{
|
|
if (exact ? !my_strcasecmp(system_charset_info, host,
|
|
acl_user->host.hostname ?
|
|
acl_user->host.hostname : "") :
|
|
compare_hostname(&acl_user->host,host,host))
|
|
{
|
|
DBUG_RETURN(acl_user);
|
|
}
|
|
}
|
|
}
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
/*
|
|
Find first entry that matches the current user
|
|
*/
|
|
static ACL_ROLE *
|
|
find_acl_role(const char *user)
|
|
{
|
|
DBUG_ENTER("find_acl_role");
|
|
DBUG_PRINT("enter",("user: '%s'", user));
|
|
DBUG_PRINT("info", ("Hash elements: %ld", acl_roles.records));
|
|
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
DBUG_RETURN((ACL_ROLE *)my_hash_search(&acl_roles, (uchar *)user,
|
|
user ? strlen(user) : 0));
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
Comparing of hostnames
|
|
|
|
NOTES
|
|
A hostname may be of type:
|
|
hostname (May include wildcards); monty.pp.sci.fi
|
|
ip (May include wildcards); 192.168.0.0
|
|
ip/netmask 192.168.0.0/255.255.255.0
|
|
|
|
A net mask of 0.0.0.0 is not allowed.
|
|
*/
|
|
|
|
static const char *calc_ip(const char *ip, long *val, char end)
|
|
{
|
|
long ip_val,tmp;
|
|
if (!(ip=str2int(ip,10,0,255,&ip_val)) || *ip != '.')
|
|
return 0;
|
|
ip_val<<=24;
|
|
if (!(ip=str2int(ip+1,10,0,255,&tmp)) || *ip != '.')
|
|
return 0;
|
|
ip_val+=tmp<<16;
|
|
if (!(ip=str2int(ip+1,10,0,255,&tmp)) || *ip != '.')
|
|
return 0;
|
|
ip_val+=tmp<<8;
|
|
if (!(ip=str2int(ip+1,10,0,255,&tmp)) || *ip != end)
|
|
return 0;
|
|
*val=ip_val+tmp;
|
|
return ip;
|
|
}
|
|
|
|
|
|
static void update_hostname(acl_host_and_ip *host, const char *hostname)
|
|
{
|
|
// fix historical undocumented convention that empty host is the same as '%'
|
|
hostname=const_cast<char*>(hostname ? hostname : host_not_specified.str);
|
|
host->hostname=(char*) hostname; // This will not be modified!
|
|
if (!(hostname= calc_ip(hostname,&host->ip,'/')) ||
|
|
!(hostname= calc_ip(hostname+1,&host->ip_mask,'\0')))
|
|
{
|
|
host->ip= host->ip_mask=0; // Not a masked ip
|
|
}
|
|
}
|
|
|
|
|
|
static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
|
|
const char *ip)
|
|
{
|
|
long tmp;
|
|
if (host->ip_mask && ip && calc_ip(ip,&tmp,'\0'))
|
|
{
|
|
return (tmp & host->ip_mask) == host->ip;
|
|
}
|
|
return (!host->hostname ||
|
|
(hostname && !wild_case_compare(system_charset_info,
|
|
hostname, host->hostname)) ||
|
|
(ip && !wild_compare(ip, host->hostname, 0)));
|
|
}
|
|
|
|
/**
|
|
Check if the given host name needs to be resolved or not.
|
|
Host name has to be resolved if it actually contains *name*.
|
|
|
|
For example:
|
|
192.168.1.1 --> FALSE
|
|
192.168.1.0/255.255.255.0 --> FALSE
|
|
% --> FALSE
|
|
192.168.1.% --> FALSE
|
|
AB% --> FALSE
|
|
|
|
AAAAFFFF --> TRUE (Hostname)
|
|
AAAA:FFFF:1234:5678 --> FALSE
|
|
::1 --> FALSE
|
|
|
|
This function does not check if the given string is a valid host name or
|
|
not. It assumes that the argument is a valid host name.
|
|
|
|
@param hostname the string to check.
|
|
|
|
@return a flag telling if the argument needs to be resolved or not.
|
|
@retval TRUE the argument is a host name and needs to be resolved.
|
|
@retval FALSE the argument is either an IP address, or a patter and
|
|
should not be resolved.
|
|
*/
|
|
|
|
bool hostname_requires_resolving(const char *hostname)
|
|
{
|
|
if (!hostname)
|
|
return FALSE;
|
|
|
|
/* Check if hostname is the localhost. */
|
|
|
|
size_t hostname_len= strlen(hostname);
|
|
size_t localhost_len= strlen(my_localhost);
|
|
|
|
if (hostname == my_localhost ||
|
|
(hostname_len == localhost_len &&
|
|
!my_strnncoll(system_charset_info,
|
|
(const uchar *) hostname, hostname_len,
|
|
(const uchar *) my_localhost, strlen(my_localhost))))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
/*
|
|
If the string contains any of {':', '%', '_', '/'}, it is definitely
|
|
not a host name:
|
|
- ':' means that the string is an IPv6 address;
|
|
- '%' or '_' means that the string is a pattern;
|
|
- '/' means that the string is an IPv4 network address;
|
|
*/
|
|
|
|
for (const char *p= hostname; *p; ++p)
|
|
{
|
|
switch (*p) {
|
|
case ':':
|
|
case '%':
|
|
case '_':
|
|
case '/':
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
/*
|
|
Now we have to tell a host name (ab.cd, 12.ab) from an IPv4 address
|
|
(12.34.56.78). The assumption is that if the string contains only
|
|
digits and dots, it is an IPv4 address. Otherwise -- a host name.
|
|
*/
|
|
|
|
for (const char *p= hostname; *p; ++p)
|
|
{
|
|
if (*p != '.' && !my_isdigit(&my_charset_latin1, *p))
|
|
return TRUE; /* a "letter" has been found. */
|
|
}
|
|
|
|
return FALSE; /* all characters are either dots or digits. */
|
|
}
|
|
|
|
|
|
/*
|
|
Update record for user in mysql.user privilege table with new password.
|
|
|
|
SYNOPSIS
|
|
update_user_table()
|
|
thd Thread handle
|
|
table Pointer to TABLE object for open mysql.user table
|
|
host/user Hostname/username pair identifying user for which
|
|
new password should be set
|
|
new_password New password
|
|
new_password_len Length of new password
|
|
*/
|
|
|
|
static bool update_user_table(THD *thd, TABLE *table,
|
|
const char *host, const char *user,
|
|
const char *new_password, uint new_password_len)
|
|
{
|
|
char user_key[MAX_KEY_LENGTH];
|
|
int error;
|
|
DBUG_ENTER("update_user_table");
|
|
DBUG_PRINT("enter",("user: %s host: %s",user,host));
|
|
|
|
table->use_all_columns();
|
|
table->field[0]->store(host,(uint) strlen(host), system_charset_info);
|
|
table->field[1]->store(user,(uint) strlen(user), system_charset_info);
|
|
key_copy((uchar *) user_key, table->record[0], table->key_info,
|
|
table->key_info->key_length);
|
|
|
|
if (table->file->ha_index_read_idx_map(table->record[0], 0,
|
|
(uchar *) user_key, HA_WHOLE_KEY,
|
|
HA_READ_KEY_EXACT))
|
|
{
|
|
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH),
|
|
MYF(0)); /* purecov: deadcode */
|
|
DBUG_RETURN(1); /* purecov: deadcode */
|
|
}
|
|
store_record(table,record[1]);
|
|
table->field[2]->store(new_password, new_password_len, system_charset_info);
|
|
if ((error=table->file->ha_update_row(table->record[1],table->record[0])) &&
|
|
error != HA_ERR_RECORD_IS_THE_SAME)
|
|
{
|
|
table->file->print_error(error,MYF(0)); /* purecov: deadcode */
|
|
DBUG_RETURN(1);
|
|
}
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
|
|
/*
|
|
Return 1 if we are allowed to create new users
|
|
the logic here is: INSERT_ACL is sufficient.
|
|
It's also a requirement in opt_safe_user_create,
|
|
otherwise CREATE_USER_ACL is enough.
|
|
*/
|
|
|
|
static bool test_if_create_new_users(THD *thd)
|
|
{
|
|
Security_context *sctx= thd->security_ctx;
|
|
bool create_new_users= test(sctx->master_access & INSERT_ACL) ||
|
|
(!opt_safe_user_create &&
|
|
test(sctx->master_access & CREATE_USER_ACL));
|
|
if (!create_new_users)
|
|
{
|
|
TABLE_LIST tl;
|
|
ulong db_access;
|
|
tl.init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("user"), "user", TL_WRITE);
|
|
create_new_users= 1;
|
|
|
|
db_access=acl_get(sctx->host, sctx->ip,
|
|
sctx->priv_user, tl.db, 0);
|
|
if (sctx->priv_role[0])
|
|
db_access|= acl_get("", "", sctx->priv_role, tl.db, 0);
|
|
if (!(db_access & INSERT_ACL))
|
|
{
|
|
if (check_grant(thd, INSERT_ACL, &tl, FALSE, UINT_MAX, TRUE))
|
|
create_new_users=0;
|
|
}
|
|
}
|
|
return create_new_users;
|
|
}
|
|
|
|
|
|
/****************************************************************************
|
|
Handle GRANT commands
|
|
****************************************************************************/
|
|
|
|
static int replace_user_table(THD *thd, TABLE *table, LEX_USER &combo,
|
|
ulong rights, bool revoke_grant,
|
|
bool can_create_user, bool no_auto_create,
|
|
bool handle_as_role)
|
|
{
|
|
int error = -1;
|
|
bool old_row_exists=0;
|
|
char what= (revoke_grant) ? 'N' : 'Y';
|
|
uchar user_key[MAX_KEY_LENGTH];
|
|
LEX *lex= thd->lex;
|
|
DBUG_ENTER("replace_user_table");
|
|
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
if (combo.password.str && combo.password.str[0])
|
|
{
|
|
if (combo.password.length != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
|
|
combo.password.length != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
|
|
{
|
|
my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
|
|
DBUG_RETURN(-1);
|
|
}
|
|
}
|
|
else
|
|
combo.password= empty_lex_str;
|
|
|
|
/* if the user table is not up to date, we can't handle role updates */
|
|
if (table->s->fields <= 42 && handle_as_role)
|
|
{
|
|
my_error(ER_COL_COUNT_DOESNT_MATCH_PLEASE_UPDATE, MYF(0), table->alias.c_ptr(),
|
|
43, table->s->fields,
|
|
static_cast<int>(table->s->mysql_version), MYSQL_VERSION_ID);
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
table->use_all_columns();
|
|
table->field[0]->store(combo.host.str,combo.host.length,
|
|
system_charset_info);
|
|
table->field[1]->store(combo.user.str,combo.user.length,
|
|
system_charset_info);
|
|
key_copy(user_key, table->record[0], table->key_info,
|
|
table->key_info->key_length);
|
|
|
|
if (table->file->ha_index_read_idx_map(table->record[0], 0, user_key,
|
|
HA_WHOLE_KEY,
|
|
HA_READ_KEY_EXACT))
|
|
{
|
|
/* what == 'N' means revoke */
|
|
if (what == 'N')
|
|
{
|
|
my_error(ER_NONEXISTING_GRANT, MYF(0), combo.user.str, combo.host.str);
|
|
goto end;
|
|
}
|
|
/*
|
|
There are four options which affect the process of creation of
|
|
a new user (mysqld option --safe-create-user, 'insert' privilege
|
|
on 'mysql.user' table, using 'GRANT' with 'IDENTIFIED BY' and
|
|
SQL_MODE flag NO_AUTO_CREATE_USER). Below is the simplified rule
|
|
how it should work.
|
|
if (safe-user-create && ! INSERT_priv) => reject
|
|
else if (identified_by) => create
|
|
else if (no_auto_create_user) => reject
|
|
else create
|
|
|
|
see also test_if_create_new_users()
|
|
*/
|
|
else if (!combo.password.length && !combo.plugin.length && no_auto_create)
|
|
{
|
|
my_error(ER_PASSWORD_NO_MATCH, MYF(0));
|
|
goto end;
|
|
}
|
|
else if (!can_create_user)
|
|
{
|
|
my_error(ER_CANT_CREATE_USER_WITH_GRANT, MYF(0));
|
|
goto end;
|
|
}
|
|
else if (combo.plugin.str[0])
|
|
{
|
|
if (!plugin_is_ready(&combo.plugin, MYSQL_AUTHENTICATION_PLUGIN))
|
|
{
|
|
my_error(ER_PLUGIN_IS_NOT_LOADED, MYF(0), combo.plugin.str);
|
|
goto end;
|
|
}
|
|
}
|
|
|
|
old_row_exists = 0;
|
|
restore_record(table,s->default_values);
|
|
table->field[0]->store(combo.host.str,combo.host.length,
|
|
system_charset_info);
|
|
table->field[1]->store(combo.user.str,combo.user.length,
|
|
system_charset_info);
|
|
}
|
|
else
|
|
{
|
|
old_row_exists = 1;
|
|
store_record(table,record[1]); // Save copy for update
|
|
}
|
|
|
|
/* Update table columns with new privileges */
|
|
|
|
Field **tmp_field;
|
|
ulong priv;
|
|
uint next_field;
|
|
for (tmp_field= table->field+3, priv = SELECT_ACL;
|
|
*tmp_field && (*tmp_field)->real_type() == MYSQL_TYPE_ENUM &&
|
|
((Field_enum*) (*tmp_field))->typelib->count == 2 ;
|
|
tmp_field++, priv <<= 1)
|
|
{
|
|
if (priv & rights) // set requested privileges
|
|
(*tmp_field)->store(&what, 1, &my_charset_latin1);
|
|
}
|
|
rights= get_access(table, 3, &next_field);
|
|
DBUG_PRINT("info",("table fields: %d",table->s->fields));
|
|
if (combo.password.str[0])
|
|
table->field[2]->store(combo.password.str, combo.password.length, system_charset_info);
|
|
if (table->s->fields >= 31) /* From 4.0.0 we have more fields */
|
|
{
|
|
/* We write down SSL related ACL stuff */
|
|
switch (lex->ssl_type) {
|
|
case SSL_TYPE_ANY:
|
|
table->field[next_field]->store(STRING_WITH_LEN("ANY"),
|
|
&my_charset_latin1);
|
|
table->field[next_field+1]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+2]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+3]->store("", 0, &my_charset_latin1);
|
|
break;
|
|
case SSL_TYPE_X509:
|
|
table->field[next_field]->store(STRING_WITH_LEN("X509"),
|
|
&my_charset_latin1);
|
|
table->field[next_field+1]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+2]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+3]->store("", 0, &my_charset_latin1);
|
|
break;
|
|
case SSL_TYPE_SPECIFIED:
|
|
table->field[next_field]->store(STRING_WITH_LEN("SPECIFIED"),
|
|
&my_charset_latin1);
|
|
table->field[next_field+1]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+2]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+3]->store("", 0, &my_charset_latin1);
|
|
if (lex->ssl_cipher)
|
|
table->field[next_field+1]->store(lex->ssl_cipher,
|
|
strlen(lex->ssl_cipher), system_charset_info);
|
|
if (lex->x509_issuer)
|
|
table->field[next_field+2]->store(lex->x509_issuer,
|
|
strlen(lex->x509_issuer), system_charset_info);
|
|
if (lex->x509_subject)
|
|
table->field[next_field+3]->store(lex->x509_subject,
|
|
strlen(lex->x509_subject), system_charset_info);
|
|
break;
|
|
case SSL_TYPE_NOT_SPECIFIED:
|
|
break;
|
|
case SSL_TYPE_NONE:
|
|
table->field[next_field]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+1]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+2]->store("", 0, &my_charset_latin1);
|
|
table->field[next_field+3]->store("", 0, &my_charset_latin1);
|
|
break;
|
|
}
|
|
next_field+=4;
|
|
|
|
USER_RESOURCES mqh= lex->mqh;
|
|
if (mqh.specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
|
|
table->field[next_field]->store((longlong) mqh.questions, TRUE);
|
|
if (mqh.specified_limits & USER_RESOURCES::UPDATES_PER_HOUR)
|
|
table->field[next_field+1]->store((longlong) mqh.updates, TRUE);
|
|
if (mqh.specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR)
|
|
table->field[next_field+2]->store((longlong) mqh.conn_per_hour, TRUE);
|
|
if (table->s->fields >= 36 &&
|
|
(mqh.specified_limits & USER_RESOURCES::USER_CONNECTIONS))
|
|
table->field[next_field+3]->store((longlong) mqh.user_conn, FALSE);
|
|
mqh_used= mqh_used || mqh.questions || mqh.updates || mqh.conn_per_hour;
|
|
|
|
next_field+= 4;
|
|
if (table->s->fields >= 41)
|
|
{
|
|
table->field[next_field]->set_notnull();
|
|
table->field[next_field + 1]->set_notnull();
|
|
if (combo.plugin.str[0])
|
|
{
|
|
DBUG_ASSERT(combo.password.str[0] == 0);
|
|
table->field[2]->reset();
|
|
table->field[next_field]->store(combo.plugin.str, combo.plugin.length,
|
|
system_charset_info);
|
|
table->field[next_field + 1]->store(combo.auth.str, combo.auth.length,
|
|
system_charset_info);
|
|
}
|
|
if (combo.password.str[0])
|
|
{
|
|
DBUG_ASSERT(combo.plugin.str[0] == 0);
|
|
table->field[next_field]->reset();
|
|
table->field[next_field + 1]->reset();
|
|
}
|
|
}
|
|
|
|
/* table format checked earlier */
|
|
if (handle_as_role)
|
|
{
|
|
if (old_row_exists && !check_is_role(table))
|
|
{
|
|
goto end;
|
|
}
|
|
table->field[ROLE_ASSIGN_COLUMN_IDX]->store("Y", 1, system_charset_info);
|
|
}
|
|
}
|
|
|
|
if (old_row_exists)
|
|
{
|
|
/*
|
|
We should NEVER delete from the user table, as a uses can still
|
|
use mysqld even if he doesn't have any privileges in the user table!
|
|
*/
|
|
if (cmp_record(table,record[1]))
|
|
{
|
|
if ((error=
|
|
table->file->ha_update_row(table->record[1],table->record[0])) &&
|
|
error != HA_ERR_RECORD_IS_THE_SAME)
|
|
{ // This should never happen
|
|
table->file->print_error(error,MYF(0)); /* purecov: deadcode */
|
|
error= -1; /* purecov: deadcode */
|
|
goto end; /* purecov: deadcode */
|
|
}
|
|
else
|
|
error= 0;
|
|
}
|
|
}
|
|
else if ((error=table->file->ha_write_row(table->record[0]))) // insert
|
|
{ // This should never happen
|
|
if (table->file->is_fatal_error(error, HA_CHECK_DUP))
|
|
{
|
|
table->file->print_error(error,MYF(0)); /* purecov: deadcode */
|
|
error= -1; /* purecov: deadcode */
|
|
goto end; /* purecov: deadcode */
|
|
}
|
|
}
|
|
error=0; // Privileges granted / revoked
|
|
|
|
end:
|
|
if (!error)
|
|
{
|
|
acl_cache->clear(1); // Clear privilege cache
|
|
if (old_row_exists)
|
|
{
|
|
if (handle_as_role)
|
|
acl_update_role(combo.user.str, rights);
|
|
else
|
|
acl_update_user(combo.user.str, combo.host.str,
|
|
combo.password.str, combo.password.length,
|
|
lex->ssl_type,
|
|
lex->ssl_cipher,
|
|
lex->x509_issuer,
|
|
lex->x509_subject,
|
|
&lex->mqh,
|
|
rights,
|
|
&combo.plugin,
|
|
&combo.auth);
|
|
}
|
|
else
|
|
{
|
|
if (handle_as_role)
|
|
acl_insert_role(combo.user.str, rights);
|
|
else
|
|
acl_insert_user(combo.user.str, combo.host.str,
|
|
combo.password.str, combo.password.length,
|
|
lex->ssl_type,
|
|
lex->ssl_cipher,
|
|
lex->x509_issuer,
|
|
lex->x509_subject,
|
|
&lex->mqh,
|
|
rights,
|
|
&combo.plugin,
|
|
&combo.auth);
|
|
}
|
|
}
|
|
DBUG_RETURN(error);
|
|
}
|
|
|
|
|
|
/*
|
|
change grants in the mysql.db table
|
|
*/
|
|
|
|
static int replace_db_table(TABLE *table, const char *db,
|
|
const LEX_USER &combo,
|
|
ulong rights, bool revoke_grant)
|
|
{
|
|
uint i;
|
|
ulong priv,store_rights;
|
|
bool old_row_exists=0;
|
|
int error;
|
|
char what= (revoke_grant) ? 'N' : 'Y';
|
|
uchar user_key[MAX_KEY_LENGTH];
|
|
DBUG_ENTER("replace_db_table");
|
|
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
/* Check if there is such a user in user table in memory? */
|
|
if (!find_user_no_anon(combo.host.str,combo.user.str, FALSE))
|
|
{
|
|
/* The user could be a role, check if the user is registered as a role */
|
|
if (!combo.host.length && !find_acl_role(combo.user.str))
|
|
{
|
|
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0));
|
|
DBUG_RETURN(-1);
|
|
}
|
|
}
|
|
|
|
table->use_all_columns();
|
|
table->field[0]->store(combo.host.str,combo.host.length,
|
|
system_charset_info);
|
|
table->field[1]->store(db,(uint) strlen(db), system_charset_info);
|
|
table->field[2]->store(combo.user.str,combo.user.length,
|
|
system_charset_info);
|
|
key_copy(user_key, table->record[0], table->key_info,
|
|
table->key_info->key_length);
|
|
|
|
if (table->file->ha_index_read_idx_map(table->record[0],0, user_key,
|
|
HA_WHOLE_KEY,
|
|
HA_READ_KEY_EXACT))
|
|
{
|
|
if (what == 'N')
|
|
{ // no row, no revoke
|
|
my_error(ER_NONEXISTING_GRANT, MYF(0), combo.user.str, combo.host.str);
|
|
goto abort;
|
|
}
|
|
old_row_exists = 0;
|
|
restore_record(table, s->default_values);
|
|
table->field[0]->store(combo.host.str,combo.host.length,
|
|
system_charset_info);
|
|
table->field[1]->store(db,(uint) strlen(db), system_charset_info);
|
|
table->field[2]->store(combo.user.str,combo.user.length,
|
|
system_charset_info);
|
|
}
|
|
else
|
|
{
|
|
old_row_exists = 1;
|
|
store_record(table,record[1]);
|
|
}
|
|
|
|
store_rights=get_rights_for_db(rights);
|
|
for (i= 3, priv= 1; i < table->s->fields; i++, priv <<= 1)
|
|
{
|
|
if (priv & store_rights) // do it if priv is chosen
|
|
table->field [i]->store(&what,1, &my_charset_latin1);// set requested privileges
|
|
}
|
|
rights=get_access(table,3);
|
|
rights=fix_rights_for_db(rights);
|
|
|
|
if (old_row_exists)
|
|
{
|
|
/* update old existing row */
|
|
if (rights)
|
|
{
|
|
if ((error= table->file->ha_update_row(table->record[1],
|
|
table->record[0])) &&
|
|
error != HA_ERR_RECORD_IS_THE_SAME)
|
|
goto table_error; /* purecov: deadcode */
|
|
}
|
|
else /* must have been a revoke of all privileges */
|
|
{
|
|
if ((error= table->file->ha_delete_row(table->record[1])))
|
|
goto table_error; /* purecov: deadcode */
|
|
}
|
|
}
|
|
else if (rights && (error= table->file->ha_write_row(table->record[0])))
|
|
{
|
|
if (table->file->is_fatal_error(error, HA_CHECK_DUP_KEY))
|
|
goto table_error; /* purecov: deadcode */
|
|
}
|
|
|
|
acl_cache->clear(1); // Clear privilege cache
|
|
if (old_row_exists)
|
|
acl_update_db(combo.user.str,combo.host.str,db,rights, TRUE);
|
|
else
|
|
if (rights)
|
|
acl_insert_db(combo.user.str,combo.host.str,db,rights, TRUE);
|
|
DBUG_RETURN(0);
|
|
|
|
/* This could only happen if the grant tables got corrupted */
|
|
table_error:
|
|
table->file->print_error(error,MYF(0)); /* purecov: deadcode */
|
|
|
|
abort:
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
static int
|
|
replace_roles_mapping_table(TABLE *table, ROLE_GRANT_PAIR *pair,
|
|
bool revoke_grant)
|
|
{
|
|
DBUG_ENTER("replace_roles_mapping_table");
|
|
|
|
uchar row_key[MAX_KEY_LENGTH];
|
|
int error;
|
|
ROLE_GRANT_PAIR *hash_entry;
|
|
table->use_all_columns();
|
|
table->field[0]->store(pair->u_hname, strlen(pair->u_hname),
|
|
system_charset_info);
|
|
table->field[1]->store(pair->u_uname, strlen(pair->u_uname),
|
|
system_charset_info);
|
|
table->field[2]->store(pair->r_uname, strlen(pair->r_uname),
|
|
system_charset_info);
|
|
key_copy(row_key, table->record[0], table->key_info,
|
|
table->key_info->key_length);
|
|
|
|
if (table->file->ha_index_read_idx_map(table->record[0], 0, row_key,
|
|
HA_WHOLE_KEY, HA_READ_KEY_EXACT))
|
|
{
|
|
/* No match */
|
|
if (revoke_grant)
|
|
{
|
|
DBUG_RETURN(1);
|
|
}
|
|
}
|
|
if (revoke_grant)
|
|
{
|
|
if ((error= table->file->ha_delete_row(table->record[0])))
|
|
{
|
|
DBUG_PRINT("info", ("error deleting row '%s' '%s' '%s'",
|
|
pair->u_hname, pair->u_uname, pair->r_uname));
|
|
goto table_error;
|
|
}
|
|
/* find the entry to delete from the hash */
|
|
hash_entry= (ROLE_GRANT_PAIR *)my_hash_search(&acl_roles_mappings,
|
|
(uchar *)pair->hashkey.str,
|
|
pair->hashkey.length);
|
|
/*
|
|
This should always return something, as the check was performed
|
|
earlier
|
|
*/
|
|
DBUG_ASSERT(hash_entry != NULL);
|
|
my_hash_delete(&acl_roles_mappings, (uchar*)hash_entry);
|
|
}
|
|
else
|
|
{
|
|
if ((error= table->file->ha_write_row(table->record[0])))
|
|
{
|
|
DBUG_PRINT("info", ("error inserting row '%s' '%s' '%s'",
|
|
pair->u_hname, pair->u_uname, pair->r_uname));
|
|
if (table->file->is_fatal_error(error, HA_CHECK_DUP_KEY))
|
|
goto table_error;
|
|
}
|
|
/* don't add duplicate entries */
|
|
if (!my_hash_search(&acl_roles_mappings,
|
|
(uchar *)pair->hashkey.str,
|
|
pair->hashkey.length))
|
|
{
|
|
/* allocate a new entry that will go in the hash */
|
|
hash_entry= (ROLE_GRANT_PAIR *)alloc_root(&mem, sizeof(ROLE_GRANT_PAIR));
|
|
init_role_grant_pair(&mem, hash_entry,
|
|
pair->u_uname, pair->u_hname, pair->r_uname);
|
|
my_hash_insert(&acl_roles_mappings, (uchar*) hash_entry);
|
|
}
|
|
else
|
|
{
|
|
DBUG_RETURN(1);
|
|
}
|
|
}
|
|
|
|
/* all ok */
|
|
DBUG_RETURN(0);
|
|
|
|
table_error:
|
|
DBUG_PRINT("info", ("table error"));
|
|
table->file->print_error(error, MYF(0));
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
static void
|
|
acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke)
|
|
{
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
DBUG_ENTER("acl_update_proxy_user");
|
|
for (uint i= 0; i < acl_proxy_users.elements; i++)
|
|
{
|
|
ACL_PROXY_USER *acl_user=
|
|
dynamic_element(&acl_proxy_users, i, ACL_PROXY_USER *);
|
|
|
|
if (acl_user->pk_equals(new_value))
|
|
{
|
|
if (is_revoke)
|
|
{
|
|
DBUG_PRINT("info", ("delting ACL_PROXY_USER"));
|
|
delete_dynamic_element(&acl_proxy_users, i);
|
|
}
|
|
else
|
|
{
|
|
DBUG_PRINT("info", ("updating ACL_PROXY_USER"));
|
|
acl_user->set_data(new_value);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
|
|
|
|
static void
|
|
acl_insert_proxy_user(ACL_PROXY_USER *new_value)
|
|
{
|
|
DBUG_ENTER("acl_insert_proxy_user");
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
(void) push_dynamic(&acl_proxy_users, (uchar *) new_value);
|
|
my_qsort((uchar*) dynamic_element(&acl_proxy_users, 0, ACL_PROXY_USER *),
|
|
acl_proxy_users.elements,
|
|
sizeof(ACL_PROXY_USER), (qsort_cmp) acl_compare);
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
|
|
|
|
static int
|
|
replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user,
|
|
const LEX_USER *proxied_user, bool with_grant_arg,
|
|
bool revoke_grant)
|
|
{
|
|
bool old_row_exists= 0;
|
|
int error;
|
|
uchar user_key[MAX_KEY_LENGTH];
|
|
ACL_PROXY_USER new_grant;
|
|
char grantor[USER_HOST_BUFF_SIZE];
|
|
|
|
DBUG_ENTER("replace_proxies_priv_table");
|
|
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
/* Check if there is such a user in user table in memory? */
|
|
if (!find_user_no_anon(user->host.str,user->user.str, FALSE))
|
|
{
|
|
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0));
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
table->use_all_columns();
|
|
ACL_PROXY_USER::store_pk (table, &user->host, &user->user,
|
|
&proxied_user->host, &proxied_user->user);
|
|
|
|
key_copy(user_key, table->record[0], table->key_info,
|
|
table->key_info->key_length);
|
|
|
|
get_grantor(thd, grantor);
|
|
|
|
if ((error= table->file->ha_index_init(0, 1)))
|
|
{
|
|
table->file->print_error(error, MYF(0));
|
|
DBUG_PRINT("info", ("ha_index_init error"));
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
if (table->file->ha_index_read_map(table->record[0], user_key,
|
|
HA_WHOLE_KEY,
|
|
HA_READ_KEY_EXACT))
|
|
{
|
|
DBUG_PRINT ("info", ("Row not found"));
|
|
if (revoke_grant)
|
|
{ // no row, no revoke
|
|
my_error(ER_NONEXISTING_GRANT, MYF(0), user->user.str, user->host.str);
|
|
goto abort;
|
|
}
|
|
old_row_exists= 0;
|
|
restore_record(table, s->default_values);
|
|
ACL_PROXY_USER::store_data_record(table, &user->host, &user->user,
|
|
&proxied_user->host,
|
|
&proxied_user->user,
|
|
with_grant_arg,
|
|
grantor);
|
|
}
|
|
else
|
|
{
|
|
DBUG_PRINT("info", ("Row found"));
|
|
old_row_exists= 1;
|
|
store_record(table, record[1]);
|
|
}
|
|
|
|
if (old_row_exists)
|
|
{
|
|
/* update old existing row */
|
|
if (!revoke_grant)
|
|
{
|
|
if ((error= table->file->ha_update_row(table->record[1],
|
|
table->record[0])) &&
|
|
error != HA_ERR_RECORD_IS_THE_SAME)
|
|
goto table_error; /* purecov: inspected */
|
|
}
|
|
else
|
|
{
|
|
if ((error= table->file->ha_delete_row(table->record[1])))
|
|
goto table_error; /* purecov: inspected */
|
|
}
|
|
}
|
|
else if ((error= table->file->ha_write_row(table->record[0])))
|
|
{
|
|
DBUG_PRINT("info", ("error inserting the row"));
|
|
if (table->file->is_fatal_error(error, HA_CHECK_DUP_KEY))
|
|
goto table_error; /* purecov: inspected */
|
|
}
|
|
|
|
acl_cache->clear(1); // Clear privilege cache
|
|
if (old_row_exists)
|
|
{
|
|
new_grant.init(user->host.str, user->user.str,
|
|
proxied_user->host.str, proxied_user->user.str,
|
|
with_grant_arg);
|
|
acl_update_proxy_user(&new_grant, revoke_grant);
|
|
}
|
|
else
|
|
{
|
|
new_grant.init(&mem, user->host.str, user->user.str,
|
|
proxied_user->host.str, proxied_user->user.str,
|
|
with_grant_arg);
|
|
acl_insert_proxy_user(&new_grant);
|
|
}
|
|
|
|
table->file->ha_index_end();
|
|
DBUG_RETURN(0);
|
|
|
|
/* This could only happen if the grant tables got corrupted */
|
|
table_error:
|
|
DBUG_PRINT("info", ("table error"));
|
|
table->file->print_error(error, MYF(0)); /* purecov: inspected */
|
|
|
|
abort:
|
|
DBUG_PRINT("info", ("aborting replace_proxies_priv_table"));
|
|
table->file->ha_index_end();
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
|
|
class GRANT_COLUMN :public Sql_alloc
|
|
{
|
|
public:
|
|
char *column;
|
|
ulong rights;
|
|
ulong init_rights;
|
|
uint key_length;
|
|
GRANT_COLUMN(String &c, ulong y) :rights (y), init_rights(y)
|
|
{
|
|
column= (char*) memdup_root(&memex,c.ptr(), key_length=c.length());
|
|
}
|
|
|
|
GRANT_COLUMN(GRANT_COLUMN *source) : rights (source->rights), init_rights(0)
|
|
{
|
|
column= (char *) memdup_root(&memex, source->column,
|
|
key_length=source->key_length);
|
|
}
|
|
};
|
|
|
|
|
|
static uchar* get_key_column(GRANT_COLUMN *buff, size_t *length,
|
|
my_bool not_used __attribute__((unused)))
|
|
{
|
|
*length=buff->key_length;
|
|
return (uchar*) buff->column;
|
|
}
|
|
|
|
static void merge_grant_table_hash_columns(HASH *target, HASH *source)
|
|
{
|
|
MEM_ROOT *memex_ptr= &memex;
|
|
for (uint i=0 ; i < source->records ; i++)
|
|
{
|
|
GRANT_COLUMN *source_col = (GRANT_COLUMN *)my_hash_element(source, i);
|
|
GRANT_COLUMN *target_col = (GRANT_COLUMN *)
|
|
my_hash_search(target,
|
|
(uchar *)source_col->column,
|
|
source_col->key_length);
|
|
/* target has the column in the hashtable */
|
|
if (target_col)
|
|
{
|
|
target_col->rights|= source_col->rights;
|
|
}
|
|
else
|
|
{
|
|
GRANT_COLUMN *target_col = new (memex_ptr) GRANT_COLUMN(source_col);
|
|
my_hash_insert(target, (uchar *)target_col);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* same as merge_grant_table_hash_columns, but without
|
|
the existing hash check */
|
|
static void copy_grant_table_hash_columns(HASH *target, HASH *source)
|
|
{
|
|
|
|
MEM_ROOT *memex_ptr= &memex;
|
|
for (uint i=0 ; i < source->records ; i++)
|
|
{
|
|
GRANT_COLUMN *source_col = (GRANT_COLUMN *)my_hash_element(source, i);
|
|
GRANT_COLUMN *target_col = new (memex_ptr) GRANT_COLUMN(source_col);
|
|
my_hash_insert(target, (uchar *)target_col);
|
|
}
|
|
}
|
|
|
|
|
|
class GRANT_NAME :public Sql_alloc
|
|
{
|
|
public:
|
|
acl_host_and_ip host;
|
|
char *db, *user, *tname, *hash_key;
|
|
ulong privs;
|
|
ulong init_privs; /* privileges found in physical table */
|
|
ulong sort;
|
|
size_t key_length;
|
|
GRANT_NAME(const char *h, const char *d,const char *u,
|
|
const char *t, ulong p, bool is_routine);
|
|
GRANT_NAME (TABLE *form, bool is_routine);
|
|
/* copy from an inherited GRANT_NAME */
|
|
GRANT_NAME(GRANT_NAME *source, char *u, bool is_routine);
|
|
virtual ~GRANT_NAME() {};
|
|
virtual bool ok() { return privs != 0; }
|
|
void set_user_details(const char *h, const char *d,
|
|
const char *u, const char *t,
|
|
bool is_routine);
|
|
};
|
|
|
|
|
|
class GRANT_TABLE :public GRANT_NAME
|
|
{
|
|
public:
|
|
ulong cols;
|
|
ulong init_cols; /* privileges found in physical table */
|
|
HASH hash_columns;
|
|
|
|
GRANT_TABLE(const char *h, const char *d,const char *u,
|
|
const char *t, ulong p, ulong c);
|
|
GRANT_TABLE (TABLE *form, TABLE *col_privs);
|
|
GRANT_TABLE(GRANT_TABLE *source, char *u);
|
|
~GRANT_TABLE();
|
|
bool ok() { return privs != 0 || cols != 0; }
|
|
};
|
|
|
|
|
|
void GRANT_NAME::set_user_details(const char *h, const char *d,
|
|
const char *u, const char *t,
|
|
bool is_routine)
|
|
{
|
|
/* Host given by user */
|
|
update_hostname(&host, strdup_root(&memex, h));
|
|
if (db != d)
|
|
{
|
|
db= strdup_root(&memex, d);
|
|
if (lower_case_table_names)
|
|
my_casedn_str(files_charset_info, db);
|
|
}
|
|
user = strdup_root(&memex,u);
|
|
sort= get_sort(3,host.hostname,db,user);
|
|
if (tname != t)
|
|
{
|
|
tname= strdup_root(&memex, t);
|
|
if (lower_case_table_names || is_routine)
|
|
my_casedn_str(files_charset_info, tname);
|
|
}
|
|
key_length= strlen(d) + strlen(u)+ strlen(t)+3;
|
|
hash_key= (char*) alloc_root(&memex,key_length);
|
|
strmov(strmov(strmov(hash_key,user)+1,db)+1,tname);
|
|
}
|
|
|
|
GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u,
|
|
const char *t, ulong p, bool is_routine)
|
|
:db(0), tname(0), privs(p), init_privs(p)
|
|
{
|
|
set_user_details(h, d, u, t, is_routine);
|
|
}
|
|
|
|
GRANT_NAME::GRANT_NAME(GRANT_NAME *source, char *u, bool is_routine)
|
|
:db(0), tname(0), privs(source->privs), init_privs(0)
|
|
{
|
|
set_user_details("", source->db, u, source->tname, is_routine);
|
|
}
|
|
|
|
GRANT_TABLE::GRANT_TABLE(const char *h, const char *d,const char *u,
|
|
const char *t, ulong p, ulong c)
|
|
:GRANT_NAME(h,d,u,t,p, FALSE), cols(c)
|
|
{
|
|
(void) my_hash_init2(&hash_columns,4,system_charset_info,
|
|
0,0,0, (my_hash_get_key) get_key_column,0,0);
|
|
}
|
|
|
|
/*
|
|
create a new GRANT_TABLE entry for role inheritance. init_* fields are set
|
|
to 0
|
|
*/
|
|
GRANT_TABLE::GRANT_TABLE(GRANT_TABLE *source, char *u)
|
|
:GRANT_NAME("", source->db, u, source->tname,
|
|
source->privs, FALSE), cols(source->cols)
|
|
{
|
|
this->init_cols= 0;
|
|
this->init_privs= 0;
|
|
(void) my_hash_init2(&hash_columns,4,system_charset_info,
|
|
0,0,0, (my_hash_get_key) get_key_column,0,0);
|
|
copy_grant_table_hash_columns(&hash_columns, &source->hash_columns);
|
|
}
|
|
|
|
|
|
GRANT_NAME::GRANT_NAME(TABLE *form, bool is_routine)
|
|
{
|
|
user= get_field(&memex,form->field[2]);
|
|
if (!user)
|
|
user= (char*) "";
|
|
|
|
const char *hostname= get_field(&memex, form->field[0]);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
if (!hostname && find_acl_role(user))
|
|
hostname= "";
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
update_hostname(&host, hostname);
|
|
|
|
db= get_field(&memex,form->field[1]);
|
|
sort= get_sort(3, host.hostname, db, user);
|
|
tname= get_field(&memex,form->field[3]);
|
|
if (!db || !tname)
|
|
{
|
|
/* Wrong table row; Ignore it */
|
|
privs= 0;
|
|
return; /* purecov: inspected */
|
|
}
|
|
if (lower_case_table_names)
|
|
{
|
|
my_casedn_str(files_charset_info, db);
|
|
}
|
|
if (lower_case_table_names || is_routine)
|
|
{
|
|
my_casedn_str(files_charset_info, tname);
|
|
}
|
|
key_length= (strlen(db) + strlen(user) + strlen(tname) + 3);
|
|
hash_key= (char*) alloc_root(&memex, key_length);
|
|
strmov(strmov(strmov(hash_key,user)+1,db)+1,tname);
|
|
privs = (ulong) form->field[6]->val_int();
|
|
privs = fix_rights_for_table(privs);
|
|
init_privs= privs;
|
|
}
|
|
|
|
|
|
GRANT_TABLE::GRANT_TABLE(TABLE *form, TABLE *col_privs)
|
|
:GRANT_NAME(form, FALSE)
|
|
{
|
|
uchar key[MAX_KEY_LENGTH];
|
|
|
|
if (!db || !tname)
|
|
{
|
|
/* Wrong table row; Ignore it */
|
|
my_hash_clear(&hash_columns); /* allow for destruction */
|
|
cols= 0;
|
|
return;
|
|
}
|
|
cols= (ulong) form->field[7]->val_int();
|
|
cols= fix_rights_for_column(cols);
|
|
/*
|
|
Initial columns privileges are the same as column privileges on creation.
|
|
In case of roles, the cols privilege bits can get inherited and thus
|
|
cause the cols field to change. The init_cols field is always the same
|
|
as the physical table entry
|
|
*/
|
|
init_cols= cols;
|
|
|
|
(void) my_hash_init2(&hash_columns,4,system_charset_info,
|
|
0,0,0, (my_hash_get_key) get_key_column,0,0);
|
|
|
|
if (cols)
|
|
{
|
|
uint key_prefix_len;
|
|
KEY_PART_INFO *key_part= col_privs->key_info->key_part;
|
|
col_privs->field[0]->store(host.hostname,
|
|
host.hostname ? (uint) strlen(host.hostname) :
|
|
0,
|
|
system_charset_info);
|
|
col_privs->field[1]->store(db,(uint) strlen(db), system_charset_info);
|
|
col_privs->field[2]->store(user,(uint) strlen(user), system_charset_info);
|
|
col_privs->field[3]->store(tname,(uint) strlen(tname), system_charset_info);
|
|
|
|
key_prefix_len= (key_part[0].store_length +
|
|
key_part[1].store_length +
|
|
key_part[2].store_length +
|
|
key_part[3].store_length);
|
|
key_copy(key, col_privs->record[0], col_privs->key_info, key_prefix_len);
|
|
col_privs->field[4]->store("",0, &my_charset_latin1);
|
|
|
|
if (col_privs->file->ha_index_init(0, 1))
|
|
{
|
|
cols= 0;
|
|
init_cols= 0;
|
|
return;
|
|
}
|
|
|
|
if (col_privs->file->ha_index_read_map(col_privs->record[0], (uchar*) key,
|
|
(key_part_map)15,
|
|
HA_READ_KEY_EXACT))
|
|
{
|
|
cols= 0; /* purecov: deadcode */
|
|
init_cols= 0;
|
|
col_privs->file->ha_index_end();
|
|
return;
|
|
}
|
|
do
|
|
{
|
|
String *res,column_name;
|
|
GRANT_COLUMN *mem_check;
|
|
/* As column name is a string, we don't have to supply a buffer */
|
|
res=col_privs->field[4]->val_str(&column_name);
|
|
ulong priv= (ulong) col_privs->field[6]->val_int();
|
|
if (!(mem_check = new GRANT_COLUMN(*res,
|
|
fix_rights_for_column(priv))))
|
|
{
|
|
/* Don't use this entry */
|
|
privs= cols= init_privs= init_cols=0; /* purecov: deadcode */
|
|
return; /* purecov: deadcode */
|
|
}
|
|
if (my_hash_insert(&hash_columns, (uchar *) mem_check))
|
|
{
|
|
/* Invalidate this entry */
|
|
privs= cols= init_privs= init_cols=0;
|
|
return;
|
|
}
|
|
} while (!col_privs->file->ha_index_next(col_privs->record[0]) &&
|
|
!key_cmp_if_same(col_privs,key,0,key_prefix_len));
|
|
col_privs->file->ha_index_end();
|
|
}
|
|
}
|
|
|
|
|
|
GRANT_TABLE::~GRANT_TABLE()
|
|
{
|
|
my_hash_free(&hash_columns);
|
|
}
|
|
|
|
|
|
static uchar* get_grant_table(GRANT_NAME *buff, size_t *length,
|
|
my_bool not_used __attribute__((unused)))
|
|
{
|
|
*length=buff->key_length;
|
|
return (uchar*) buff->hash_key;
|
|
}
|
|
|
|
|
|
void free_grant_table(GRANT_TABLE *grant_table)
|
|
{
|
|
my_hash_free(&grant_table->hash_columns);
|
|
}
|
|
|
|
|
|
/* Search after a matching grant. Prefer exact grants before not exact ones */
|
|
|
|
static GRANT_NAME *name_hash_search(HASH *name_hash,
|
|
const char *host,const char* ip,
|
|
const char *db,
|
|
const char *user, const char *tname,
|
|
bool exact, bool name_tolower)
|
|
{
|
|
char helping[SAFE_NAME_LEN*2+USERNAME_LENGTH+3];
|
|
char *hend = helping + sizeof(helping);
|
|
uint len;
|
|
GRANT_NAME *grant_name,*found=0;
|
|
HASH_SEARCH_STATE state;
|
|
|
|
char *db_ptr= strmov(helping, user) + 1;
|
|
char *tname_ptr= strnmov(db_ptr, db, hend - db_ptr) + 1;
|
|
if (tname_ptr > hend)
|
|
return 0; // invalid name = not found
|
|
char *end= strnmov(tname_ptr, tname, hend - tname_ptr) + 1;
|
|
if (end > hend)
|
|
return 0; // invalid name = not found
|
|
|
|
len = (uint) (end - helping);
|
|
if (name_tolower)
|
|
my_casedn_str(files_charset_info, tname_ptr);
|
|
for (grant_name= (GRANT_NAME*) my_hash_first(name_hash, (uchar*) helping,
|
|
len, &state);
|
|
grant_name ;
|
|
grant_name= (GRANT_NAME*) my_hash_next(name_hash,(uchar*) helping,
|
|
len, &state))
|
|
{
|
|
if (exact)
|
|
{
|
|
if (!grant_name->host.hostname ||
|
|
(host &&
|
|
!my_strcasecmp(system_charset_info, host,
|
|
grant_name->host.hostname)) ||
|
|
(ip && !strcmp(ip, grant_name->host.hostname)))
|
|
return grant_name;
|
|
}
|
|
else
|
|
{
|
|
if (compare_hostname(&grant_name->host, host, ip) &&
|
|
(!found || found->sort < grant_name->sort))
|
|
found=grant_name; // Host ok
|
|
}
|
|
}
|
|
return found;
|
|
}
|
|
|
|
|
|
inline GRANT_NAME *
|
|
routine_hash_search(const char *host, const char *ip, const char *db,
|
|
const char *user, const char *tname, bool proc, bool exact)
|
|
{
|
|
return (GRANT_TABLE*)
|
|
name_hash_search(proc ? &proc_priv_hash : &func_priv_hash,
|
|
host, ip, db, user, tname, exact, TRUE);
|
|
}
|
|
|
|
|
|
inline GRANT_TABLE *
|
|
table_hash_search(const char *host, const char *ip, const char *db,
|
|
const char *user, const char *tname, bool exact)
|
|
{
|
|
return (GRANT_TABLE*) name_hash_search(&column_priv_hash, host, ip, db,
|
|
user, tname, exact, FALSE);
|
|
}
|
|
|
|
|
|
inline GRANT_COLUMN *
|
|
column_hash_search(GRANT_TABLE *t, const char *cname, uint length)
|
|
{
|
|
return (GRANT_COLUMN*) my_hash_search(&t->hash_columns,
|
|
(uchar*) cname, length);
|
|
}
|
|
|
|
|
|
static int replace_column_table(GRANT_TABLE *g_t,
|
|
TABLE *table, const LEX_USER &combo,
|
|
List <LEX_COLUMN> &columns,
|
|
const char *db, const char *table_name,
|
|
ulong rights, bool revoke_grant)
|
|
{
|
|
int result=0;
|
|
uchar key[MAX_KEY_LENGTH];
|
|
uint key_prefix_length;
|
|
KEY_PART_INFO *key_part= table->key_info->key_part;
|
|
DBUG_ENTER("replace_column_table");
|
|
|
|
table->use_all_columns();
|
|
table->field[0]->store(combo.host.str,combo.host.length,
|
|
system_charset_info);
|
|
table->field[1]->store(db,(uint) strlen(db),
|
|
system_charset_info);
|
|
table->field[2]->store(combo.user.str,combo.user.length,
|
|
system_charset_info);
|
|
table->field[3]->store(table_name,(uint) strlen(table_name),
|
|
system_charset_info);
|
|
|
|
/* Get length of 4 first key parts */
|
|
key_prefix_length= (key_part[0].store_length + key_part[1].store_length +
|
|
key_part[2].store_length + key_part[3].store_length);
|
|
key_copy(key, table->record[0], table->key_info, key_prefix_length);
|
|
|
|
rights&= COL_ACLS; // Only ACL for columns
|
|
|
|
/* first fix privileges for all columns in column list */
|
|
|
|
List_iterator <LEX_COLUMN> iter(columns);
|
|
class LEX_COLUMN *column;
|
|
int error= table->file->ha_index_init(0, 1);
|
|
if (error)
|
|
{
|
|
table->file->print_error(error, MYF(0));
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
while ((column= iter++))
|
|
{
|
|
ulong privileges= column->rights;
|
|
bool old_row_exists=0;
|
|
uchar user_key[MAX_KEY_LENGTH];
|
|
|
|
key_restore(table->record[0],key,table->key_info,
|
|
key_prefix_length);
|
|
table->field[4]->store(column->column.ptr(), column->column.length(),
|
|
system_charset_info);
|
|
/* Get key for the first 4 columns */
|
|
key_copy(user_key, table->record[0], table->key_info,
|
|
table->key_info->key_length);
|
|
|
|
if (table->file->ha_index_read_map(table->record[0], user_key,
|
|
HA_WHOLE_KEY, HA_READ_KEY_EXACT))
|
|
{
|
|
if (revoke_grant)
|
|
{
|
|
my_error(ER_NONEXISTING_TABLE_GRANT, MYF(0),
|
|
combo.user.str, combo.host.str,
|
|
table_name); /* purecov: inspected */
|
|
result= -1; /* purecov: inspected */
|
|
continue; /* purecov: inspected */
|
|
}
|
|
old_row_exists = 0;
|
|
restore_record(table, s->default_values); // Get empty record
|
|
key_restore(table->record[0],key,table->key_info,
|
|
key_prefix_length);
|
|
table->field[4]->store(column->column.ptr(),column->column.length(),
|
|
system_charset_info);
|
|
}
|
|
else
|
|
{
|
|
ulong tmp= (ulong) table->field[6]->val_int();
|
|
tmp=fix_rights_for_column(tmp);
|
|
|
|
if (revoke_grant)
|
|
privileges = tmp & ~(privileges | rights);
|
|
else
|
|
privileges |= tmp;
|
|
old_row_exists = 1;
|
|
store_record(table,record[1]); // copy original row
|
|
}
|
|
|
|
table->field[6]->store((longlong) get_rights_for_column(privileges), TRUE);
|
|
|
|
if (old_row_exists)
|
|
{
|
|
GRANT_COLUMN *grant_column;
|
|
if (privileges)
|
|
error=table->file->ha_update_row(table->record[1],table->record[0]);
|
|
else
|
|
error=table->file->ha_delete_row(table->record[1]);
|
|
if (error && error != HA_ERR_RECORD_IS_THE_SAME)
|
|
{
|
|
table->file->print_error(error,MYF(0)); /* purecov: inspected */
|
|
result= -1; /* purecov: inspected */
|
|
goto end; /* purecov: inspected */
|
|
}
|
|
else
|
|
error= 0;
|
|
grant_column= column_hash_search(g_t, column->column.ptr(),
|
|
column->column.length());
|
|
if (grant_column) // Should always be true
|
|
grant_column->rights= privileges; // Update hash
|
|
}
|
|
else // new grant
|
|
{
|
|
GRANT_COLUMN *grant_column;
|
|
if ((error=table->file->ha_write_row(table->record[0])))
|
|
{
|
|
table->file->print_error(error,MYF(0)); /* purecov: inspected */
|
|
result= -1; /* purecov: inspected */
|
|
goto end; /* purecov: inspected */
|
|
}
|
|
grant_column= new GRANT_COLUMN(column->column,privileges);
|
|
if (my_hash_insert(&g_t->hash_columns,(uchar*) grant_column))
|
|
{
|
|
result= -1;
|
|
goto end;
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
If revoke of privileges on the table level, remove all such privileges
|
|
for all columns
|
|
*/
|
|
|
|
if (revoke_grant)
|
|
{
|
|
uchar user_key[MAX_KEY_LENGTH];
|
|
key_copy(user_key, table->record[0], table->key_info,
|
|
key_prefix_length);
|
|
|
|
if (table->file->ha_index_read_map(table->record[0], user_key,
|
|
(key_part_map)15,
|
|
HA_READ_KEY_EXACT))
|
|
goto end;
|
|
|
|
/* Scan through all rows with the same host,db,user and table */
|
|
do
|
|
{
|
|
ulong privileges = (ulong) table->field[6]->val_int();
|
|
privileges=fix_rights_for_column(privileges);
|
|
store_record(table,record[1]);
|
|
|
|
if (privileges & rights) // is in this record the priv to be revoked ??
|
|
{
|
|
GRANT_COLUMN *grant_column = NULL;
|
|
char colum_name_buf[HOSTNAME_LENGTH+1];
|
|
String column_name(colum_name_buf,sizeof(colum_name_buf),
|
|
system_charset_info);
|
|
|
|
privileges&= ~rights;
|
|
table->field[6]->store((longlong)
|
|
get_rights_for_column(privileges), TRUE);
|
|
table->field[4]->val_str(&column_name);
|
|
grant_column = column_hash_search(g_t,
|
|
column_name.ptr(),
|
|
column_name.length());
|
|
if (privileges)
|
|
{
|
|
int tmp_error;
|
|
if ((tmp_error=table->file->ha_update_row(table->record[1],
|
|
table->record[0])) &&
|
|
tmp_error != HA_ERR_RECORD_IS_THE_SAME)
|
|
{ /* purecov: deadcode */
|
|
table->file->print_error(tmp_error,MYF(0)); /* purecov: deadcode */
|
|
result= -1; /* purecov: deadcode */
|
|
goto end; /* purecov: deadcode */
|
|
}
|
|
if (grant_column)
|
|
{
|
|
grant_column->rights = privileges; // Update hash
|
|
grant_column->init_rights = privileges;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
int tmp_error;
|
|
if ((tmp_error = table->file->ha_delete_row(table->record[1])))
|
|
{ /* purecov: deadcode */
|
|
table->file->print_error(tmp_error,MYF(0)); /* purecov: deadcode */
|
|
result= -1; /* purecov: deadcode */
|
|
goto end; /* purecov: deadcode */
|
|
}
|
|
if (grant_column)
|
|
my_hash_delete(&g_t->hash_columns,(uchar*) grant_column);
|
|
}
|
|
}
|
|
} while (!table->file->ha_index_next(table->record[0]) &&
|
|
!key_cmp_if_same(table, key, 0, key_prefix_length));
|
|
}
|
|
|
|
end:
|
|
table->file->ha_index_end();
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
static inline void get_grantor(THD *thd, char *grantor)
|
|
{
|
|
const char *user= thd->security_ctx->user;
|
|
const char *host= thd->security_ctx->host_or_ip;
|
|
|
|
#if defined(HAVE_REPLICATION)
|
|
if (thd->slave_thread && thd->has_invoker())
|
|
{
|
|
user= thd->get_invoker_user().str;
|
|
host= thd->get_invoker_host().str;
|
|
}
|
|
#endif
|
|
strxmov(grantor, user, "@", host, NullS);
|
|
}
|
|
|
|
static int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
|
|
TABLE *table, const LEX_USER &combo,
|
|
const char *db, const char *table_name,
|
|
ulong rights, ulong col_rights,
|
|
bool revoke_grant)
|
|
{
|
|
char grantor[USER_HOST_BUFF_SIZE];
|
|
int old_row_exists = 1;
|
|
int error=0;
|
|
ulong store_table_rights, store_col_rights;
|
|
uchar user_key[MAX_KEY_LENGTH];
|
|
DBUG_ENTER("replace_table_table");
|
|
|
|
get_grantor(thd, grantor);
|
|
/*
|
|
The following should always succeed as new users are created before
|
|
this function is called!
|
|
*/
|
|
if (!find_user_no_anon(combo.host.str,combo.user.str, FALSE))
|
|
{
|
|
if (!combo.host.length && !find_acl_role(combo.user.str))
|
|
{
|
|
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH),
|
|
MYF(0)); /* purecov: deadcode */
|
|
DBUG_RETURN(-1); /* purecov: deadcode */
|
|
}
|
|
}
|
|
|
|
table->use_all_columns();
|
|
restore_record(table, s->default_values); // Get empty record
|
|
table->field[0]->store(combo.host.str,combo.host.length,
|
|
system_charset_info);
|
|
table->field[1]->store(db,(uint) strlen(db), system_charset_info);
|
|
table->field[2]->store(combo.user.str,combo.user.length,
|
|
system_charset_info);
|
|
table->field[3]->store(table_name,(uint) strlen(table_name),
|
|
system_charset_info);
|
|
store_record(table,record[1]); // store at pos 1
|
|
key_copy(user_key, table->record[0], table->key_info,
|
|
table->key_info->key_length);
|
|
|
|
if (table->file->ha_index_read_idx_map(table->record[0], 0, user_key,
|
|
HA_WHOLE_KEY,
|
|
HA_READ_KEY_EXACT))
|
|
{
|
|
/*
|
|
The following should never happen as we first check the in memory
|
|
grant tables for the user. There is however always a small change that
|
|
the user has modified the grant tables directly.
|
|
*/
|
|
if (revoke_grant)
|
|
{ // no row, no revoke
|
|
my_error(ER_NONEXISTING_TABLE_GRANT, MYF(0),
|
|
combo.user.str, combo.host.str,
|
|
table_name); /* purecov: deadcode */
|
|
DBUG_RETURN(-1); /* purecov: deadcode */
|
|
}
|
|
old_row_exists = 0;
|
|
restore_record(table,record[1]); // Get saved record
|
|
}
|
|
|
|
store_table_rights= get_rights_for_table(rights);
|
|
store_col_rights= get_rights_for_column(col_rights);
|
|
if (old_row_exists)
|
|
{
|
|
ulong j,k;
|
|
store_record(table,record[1]);
|
|
j = (ulong) table->field[6]->val_int();
|
|
k = (ulong) table->field[7]->val_int();
|
|
|
|
if (revoke_grant)
|
|
{
|
|
/* column rights are already fixed in mysql_table_grant */
|
|
store_table_rights=j & ~store_table_rights;
|
|
}
|
|
else
|
|
{
|
|
store_table_rights|= j;
|
|
store_col_rights|= k;
|
|
}
|
|
}
|
|
|
|
table->field[4]->store(grantor,(uint) strlen(grantor), system_charset_info);
|
|
table->field[6]->store((longlong) store_table_rights, TRUE);
|
|
table->field[7]->store((longlong) store_col_rights, TRUE);
|
|
rights=fix_rights_for_table(store_table_rights);
|
|
col_rights=fix_rights_for_column(store_col_rights);
|
|
|
|
if (old_row_exists)
|
|
{
|
|
if (store_table_rights || store_col_rights)
|
|
{
|
|
if ((error=table->file->ha_update_row(table->record[1],
|
|
table->record[0])) &&
|
|
error != HA_ERR_RECORD_IS_THE_SAME)
|
|
goto table_error; /* purecov: deadcode */
|
|
}
|
|
else if ((error = table->file->ha_delete_row(table->record[1])))
|
|
goto table_error; /* purecov: deadcode */
|
|
}
|
|
else
|
|
{
|
|
error=table->file->ha_write_row(table->record[0]);
|
|
if (table->file->is_fatal_error(error, HA_CHECK_DUP_KEY))
|
|
goto table_error; /* purecov: deadcode */
|
|
}
|
|
|
|
if (rights | col_rights)
|
|
{
|
|
grant_table->init_privs= rights;
|
|
grant_table->init_cols= col_rights;
|
|
|
|
grant_table->privs= rights;
|
|
grant_table->cols= col_rights;
|
|
}
|
|
else
|
|
{
|
|
my_hash_delete(&column_priv_hash,(uchar*) grant_table);
|
|
}
|
|
DBUG_RETURN(0);
|
|
|
|
/* This should never happen */
|
|
table_error:
|
|
table->file->print_error(error,MYF(0)); /* purecov: deadcode */
|
|
DBUG_RETURN(-1); /* purecov: deadcode */
|
|
}
|
|
|
|
|
|
/**
|
|
@retval 0 success
|
|
@retval -1 error
|
|
*/
|
|
static int replace_routine_table(THD *thd, GRANT_NAME *grant_name,
|
|
TABLE *table, const LEX_USER &combo,
|
|
const char *db, const char *routine_name,
|
|
bool is_proc, ulong rights, bool revoke_grant)
|
|
{
|
|
char grantor[USER_HOST_BUFF_SIZE];
|
|
int old_row_exists= 1;
|
|
int error=0;
|
|
ulong store_proc_rights;
|
|
DBUG_ENTER("replace_routine_table");
|
|
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
get_grantor(thd, grantor);
|
|
/*
|
|
New users are created before this function is called.
|
|
|
|
There may be some cases where a routine's definer is removed but the
|
|
routine remains.
|
|
*/
|
|
|
|
table->use_all_columns();
|
|
restore_record(table, s->default_values); // Get empty record
|
|
table->field[0]->store(combo.host.str,combo.host.length, &my_charset_latin1);
|
|
table->field[1]->store(db,(uint) strlen(db), &my_charset_latin1);
|
|
table->field[2]->store(combo.user.str,combo.user.length, &my_charset_latin1);
|
|
table->field[3]->store(routine_name,(uint) strlen(routine_name),
|
|
&my_charset_latin1);
|
|
table->field[4]->store((longlong)(is_proc ?
|
|
TYPE_ENUM_PROCEDURE : TYPE_ENUM_FUNCTION),
|
|
TRUE);
|
|
store_record(table,record[1]); // store at pos 1
|
|
|
|
if (table->file->ha_index_read_idx_map(table->record[0], 0,
|
|
(uchar*) table->field[0]->ptr,
|
|
HA_WHOLE_KEY,
|
|
HA_READ_KEY_EXACT))
|
|
{
|
|
/*
|
|
The following should never happen as we first check the in memory
|
|
grant tables for the user. There is however always a small change that
|
|
the user has modified the grant tables directly.
|
|
*/
|
|
if (revoke_grant)
|
|
{ // no row, no revoke
|
|
my_error(ER_NONEXISTING_PROC_GRANT, MYF(0),
|
|
combo.user.str, combo.host.str, routine_name);
|
|
DBUG_RETURN(-1);
|
|
}
|
|
old_row_exists= 0;
|
|
restore_record(table,record[1]); // Get saved record
|
|
}
|
|
|
|
store_proc_rights= get_rights_for_procedure(rights);
|
|
if (old_row_exists)
|
|
{
|
|
ulong j;
|
|
store_record(table,record[1]);
|
|
j= (ulong) table->field[6]->val_int();
|
|
|
|
if (revoke_grant)
|
|
{
|
|
/* column rights are already fixed in mysql_table_grant */
|
|
store_proc_rights=j & ~store_proc_rights;
|
|
}
|
|
else
|
|
{
|
|
store_proc_rights|= j;
|
|
}
|
|
}
|
|
|
|
table->field[5]->store(grantor,(uint) strlen(grantor), &my_charset_latin1);
|
|
table->field[6]->store((longlong) store_proc_rights, TRUE);
|
|
rights=fix_rights_for_procedure(store_proc_rights);
|
|
|
|
if (old_row_exists)
|
|
{
|
|
if (store_proc_rights)
|
|
{
|
|
if ((error=table->file->ha_update_row(table->record[1],
|
|
table->record[0])) &&
|
|
error != HA_ERR_RECORD_IS_THE_SAME)
|
|
goto table_error;
|
|
}
|
|
else if ((error= table->file->ha_delete_row(table->record[1])))
|
|
goto table_error;
|
|
}
|
|
else
|
|
{
|
|
error=table->file->ha_write_row(table->record[0]);
|
|
if (table->file->is_fatal_error(error, HA_CHECK_DUP_KEY))
|
|
goto table_error;
|
|
}
|
|
|
|
if (rights)
|
|
{
|
|
grant_name->init_privs= rights;
|
|
grant_name->privs= rights;
|
|
}
|
|
else
|
|
{
|
|
my_hash_delete(is_proc ? &proc_priv_hash : &func_priv_hash,(uchar*)
|
|
grant_name);
|
|
}
|
|
DBUG_RETURN(0);
|
|
|
|
/* This should never happen */
|
|
table_error:
|
|
table->file->print_error(error,MYF(0));
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
|
|
/*
|
|
A user name specified without a host can be either a
|
|
username@% (where '@%' is added automatically by the parser)
|
|
or a role name. Treat it as a role, if such a role exists.
|
|
*/
|
|
static ACL_ROLE *find_and_mark_as_role(LEX_USER *user)
|
|
{
|
|
if (user->host.str == host_not_specified.str)
|
|
{
|
|
ACL_ROLE *role= find_acl_role(user->user.str);
|
|
if (role)
|
|
{
|
|
user->host= empty_lex_str;
|
|
return role;
|
|
}
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
|
|
/*
|
|
Store table level and column level grants in the privilege tables
|
|
|
|
SYNOPSIS
|
|
mysql_table_grant()
|
|
thd Thread handle
|
|
table_list List of tables to give grant
|
|
user_list List of users to give grant
|
|
columns List of columns to give grant
|
|
rights Table level grant
|
|
revoke_grant Set to 1 if this is a REVOKE command
|
|
|
|
RETURN
|
|
FALSE ok
|
|
TRUE error
|
|
*/
|
|
|
|
int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
|
|
List <LEX_USER> &user_list,
|
|
List <LEX_COLUMN> &columns, ulong rights,
|
|
bool revoke_grant)
|
|
{
|
|
ulong column_priv= 0;
|
|
List_iterator <LEX_USER> str_list (user_list);
|
|
LEX_USER *Str, *tmp_Str;
|
|
TABLE_LIST tables[3];
|
|
bool create_new_users=0;
|
|
char *db_name, *table_name;
|
|
Rpl_filter *rpl_filter= thd->rpl_filter;
|
|
DBUG_ENTER("mysql_table_grant");
|
|
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0),
|
|
"--skip-grant-tables"); /* purecov: inspected */
|
|
DBUG_RETURN(TRUE); /* purecov: inspected */
|
|
}
|
|
if (rights & ~TABLE_ACLS)
|
|
{
|
|
my_message(ER_ILLEGAL_GRANT_FOR_TABLE, ER(ER_ILLEGAL_GRANT_FOR_TABLE),
|
|
MYF(0));
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
if (!revoke_grant)
|
|
{
|
|
if (columns.elements)
|
|
{
|
|
class LEX_COLUMN *column;
|
|
List_iterator <LEX_COLUMN> column_iter(columns);
|
|
|
|
if (open_normal_and_derived_tables(thd, table_list, 0, DT_PREPARE))
|
|
DBUG_RETURN(TRUE);
|
|
|
|
while ((column = column_iter++))
|
|
{
|
|
uint unused_field_idx= NO_CACHED_FIELD_INDEX;
|
|
TABLE_LIST *dummy;
|
|
Field *f=find_field_in_table_ref(thd, table_list, column->column.ptr(),
|
|
column->column.length(),
|
|
column->column.ptr(), NULL, NULL,
|
|
NULL, TRUE, FALSE,
|
|
&unused_field_idx, FALSE, &dummy);
|
|
if (f == (Field*)0)
|
|
{
|
|
my_error(ER_BAD_FIELD_ERROR, MYF(0),
|
|
column->column.c_ptr(), table_list->alias);
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
if (f == (Field *)-1)
|
|
DBUG_RETURN(TRUE);
|
|
column_priv|= column->rights;
|
|
}
|
|
close_mysql_tables(thd);
|
|
}
|
|
else
|
|
{
|
|
if (!(rights & CREATE_ACL))
|
|
{
|
|
char buf[FN_REFLEN + 1];
|
|
build_table_filename(buf, sizeof(buf) - 1, table_list->db,
|
|
table_list->table_name, reg_ext, 0);
|
|
fn_format(buf, buf, "", "", MY_UNPACK_FILENAME | MY_RESOLVE_SYMLINKS |
|
|
MY_RETURN_REAL_PATH | MY_APPEND_EXT);
|
|
if (access(buf,F_OK))
|
|
{
|
|
my_error(ER_NO_SUCH_TABLE, MYF(0), table_list->db, table_list->alias);
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
}
|
|
if (table_list->grant.want_privilege)
|
|
{
|
|
char command[128];
|
|
get_privilege_desc(command, sizeof(command),
|
|
table_list->grant.want_privilege);
|
|
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
|
|
command, thd->security_ctx->priv_user,
|
|
thd->security_ctx->host_or_ip, table_list->alias);
|
|
DBUG_RETURN(-1);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* open the mysql.tables_priv and mysql.columns_priv tables */
|
|
|
|
tables[0].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("user"), "user", TL_WRITE);
|
|
tables[1].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("tables_priv"),
|
|
"tables_priv", TL_WRITE);
|
|
tables[2].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("columns_priv"),
|
|
"columns_priv", TL_WRITE);
|
|
tables[0].next_local= tables[0].next_global= tables+1;
|
|
/* Don't open column table if we don't need it ! */
|
|
if (column_priv || (revoke_grant && ((rights & COL_ACLS) || columns.elements)))
|
|
tables[1].next_local= tables[1].next_global= tables+2;
|
|
|
|
#ifdef HAVE_REPLICATION
|
|
/*
|
|
GRANT and REVOKE are applied the slave in/exclusion rules as they are
|
|
some kind of updates to the mysql.% tables.
|
|
*/
|
|
if (thd->slave_thread && rpl_filter->is_on())
|
|
{
|
|
/*
|
|
The tables must be marked "updating" so that tables_ok() takes them into
|
|
account in tests.
|
|
*/
|
|
tables[0].updating= tables[1].updating= tables[2].updating= 1;
|
|
if (!(thd->spcont || rpl_filter->tables_ok(0, tables)))
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
The lock api is depending on the thd->lex variable which needs to be
|
|
re-initialized.
|
|
*/
|
|
Query_tables_list backup;
|
|
thd->lex->reset_n_backup_query_tables_list(&backup);
|
|
/*
|
|
Restore Query_tables_list::sql_command value, which was reset
|
|
above, as the code writing query to the binary log assumes that
|
|
this value corresponds to the statement being executed.
|
|
*/
|
|
thd->lex->sql_command= backup.sql_command;
|
|
if (open_and_lock_tables(thd, tables, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
|
{ // Should never happen
|
|
thd->lex->restore_backup_query_tables_list(&backup);
|
|
DBUG_RETURN(TRUE); /* purecov: deadcode */
|
|
}
|
|
|
|
if (!revoke_grant)
|
|
create_new_users= test_if_create_new_users(thd);
|
|
bool result= FALSE;
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
MEM_ROOT *old_root= thd->mem_root;
|
|
thd->mem_root= &memex;
|
|
grant_version++;
|
|
|
|
while ((tmp_Str = str_list++))
|
|
{
|
|
int error;
|
|
GRANT_TABLE *grant_table;
|
|
if (!(Str= get_current_user(thd, tmp_Str)))
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
|
|
bool handle_as_role= FALSE;
|
|
if (find_and_mark_as_role(Str))
|
|
handle_as_role= TRUE;
|
|
|
|
/* Create user if needed */
|
|
error=replace_user_table(thd, tables[0].table, *Str,
|
|
0, revoke_grant, create_new_users,
|
|
test(thd->variables.sql_mode &
|
|
MODE_NO_AUTO_CREATE_USER), handle_as_role);
|
|
if (error)
|
|
{
|
|
result= TRUE; // Remember error
|
|
continue; // Add next user
|
|
}
|
|
|
|
db_name= table_list->get_db_name();
|
|
table_name= table_list->get_table_name();
|
|
|
|
/* Find/create cached table grant */
|
|
grant_table= table_hash_search(Str->host.str, NullS, db_name,
|
|
Str->user.str, table_name, 1);
|
|
if (!grant_table)
|
|
{
|
|
if (revoke_grant)
|
|
{
|
|
my_error(ER_NONEXISTING_TABLE_GRANT, MYF(0),
|
|
Str->user.str, Str->host.str, table_list->table_name);
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
grant_table = new GRANT_TABLE (Str->host.str, db_name,
|
|
Str->user.str, table_name,
|
|
rights,
|
|
column_priv);
|
|
if (!grant_table ||
|
|
my_hash_insert(&column_priv_hash,(uchar*) grant_table))
|
|
{
|
|
result= TRUE; /* purecov: deadcode */
|
|
continue; /* purecov: deadcode */
|
|
}
|
|
}
|
|
|
|
/* If revoke_grant, calculate the new column privilege for tables_priv */
|
|
if (revoke_grant)
|
|
{
|
|
class LEX_COLUMN *column;
|
|
List_iterator <LEX_COLUMN> column_iter(columns);
|
|
GRANT_COLUMN *grant_column;
|
|
|
|
/* Fix old grants */
|
|
while ((column = column_iter++))
|
|
{
|
|
grant_column = column_hash_search(grant_table,
|
|
column->column.ptr(),
|
|
column->column.length());
|
|
if (grant_column)
|
|
grant_column->rights&= ~(column->rights | rights);
|
|
}
|
|
/* scan trough all columns to get new column grant */
|
|
column_priv= 0;
|
|
for (uint idx=0 ; idx < grant_table->hash_columns.records ; idx++)
|
|
{
|
|
grant_column= (GRANT_COLUMN*)
|
|
my_hash_element(&grant_table->hash_columns, idx);
|
|
grant_column->rights&= ~rights; // Fix other columns
|
|
column_priv|= grant_column->rights;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
column_priv|= grant_table->cols;
|
|
}
|
|
|
|
|
|
/* update table and columns */
|
|
|
|
if (replace_table_table(thd, grant_table, tables[1].table, *Str,
|
|
db_name, table_name,
|
|
rights, column_priv, revoke_grant))
|
|
{
|
|
/* Should only happen if table is crashed */
|
|
result= TRUE; /* purecov: deadcode */
|
|
}
|
|
else if (tables[2].table)
|
|
{
|
|
if ((replace_column_table(grant_table, tables[2].table, *Str,
|
|
columns,
|
|
db_name, table_name,
|
|
rights, revoke_grant)))
|
|
{
|
|
result= TRUE;
|
|
}
|
|
}
|
|
}
|
|
thd->mem_root= old_root;
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
if (!result) /* success */
|
|
{
|
|
result= write_bin_log(thd, TRUE, thd->query(), thd->query_length());
|
|
}
|
|
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
if (!result) /* success */
|
|
my_ok(thd);
|
|
|
|
/* Tables are automatically closed */
|
|
thd->lex->restore_backup_query_tables_list(&backup);
|
|
/* Restore the state of binlog format */
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
/**
|
|
Store routine level grants in the privilege tables
|
|
|
|
@param thd Thread handle
|
|
@param table_list List of routines to give grant
|
|
@param is_proc Is this a list of procedures?
|
|
@param user_list List of users to give grant
|
|
@param rights Table level grant
|
|
@param revoke_grant Is this is a REVOKE command?
|
|
|
|
@return
|
|
@retval FALSE Success.
|
|
@retval TRUE An error occurred.
|
|
*/
|
|
|
|
bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc,
|
|
List <LEX_USER> &user_list, ulong rights,
|
|
bool revoke_grant, bool write_to_binlog)
|
|
{
|
|
List_iterator <LEX_USER> str_list (user_list);
|
|
LEX_USER *Str, *tmp_Str;
|
|
TABLE_LIST tables[2];
|
|
bool create_new_users=0, result=0;
|
|
char *db_name, *table_name;
|
|
Rpl_filter *rpl_filter= thd->rpl_filter;
|
|
DBUG_ENTER("mysql_routine_grant");
|
|
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0),
|
|
"--skip-grant-tables");
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
if (rights & ~PROC_ACLS)
|
|
{
|
|
my_message(ER_ILLEGAL_GRANT_FOR_TABLE, ER(ER_ILLEGAL_GRANT_FOR_TABLE),
|
|
MYF(0));
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
if (!revoke_grant)
|
|
{
|
|
if (sp_exist_routines(thd, table_list, is_proc))
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
/* open the mysql.user and mysql.procs_priv tables */
|
|
|
|
tables[0].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("user"), "user", TL_WRITE);
|
|
tables[1].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("procs_priv"), "procs_priv", TL_WRITE);
|
|
tables[0].next_local= tables[0].next_global= tables+1;
|
|
|
|
#ifdef HAVE_REPLICATION
|
|
/*
|
|
GRANT and REVOKE are applied the slave in/exclusion rules as they are
|
|
some kind of updates to the mysql.% tables.
|
|
*/
|
|
if (thd->slave_thread && rpl_filter->is_on())
|
|
{
|
|
/*
|
|
The tables must be marked "updating" so that tables_ok() takes them into
|
|
account in tests.
|
|
*/
|
|
tables[0].updating= tables[1].updating= 1;
|
|
if (!(thd->spcont || rpl_filter->tables_ok(0, tables)))
|
|
{
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
}
|
|
#endif
|
|
|
|
if (open_and_lock_tables(thd, tables, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
|
DBUG_RETURN(TRUE);
|
|
|
|
DBUG_ASSERT(!thd->is_current_stmt_binlog_format_row());
|
|
|
|
if (!revoke_grant)
|
|
create_new_users= test_if_create_new_users(thd);
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
MEM_ROOT *old_root= thd->mem_root;
|
|
thd->mem_root= &memex;
|
|
|
|
DBUG_PRINT("info",("now time to iterate and add users"));
|
|
|
|
while ((tmp_Str= str_list++))
|
|
{
|
|
int error;
|
|
GRANT_NAME *grant_name;
|
|
if (!(Str= get_current_user(thd, tmp_Str)))
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
|
|
bool handle_as_role= FALSE;
|
|
if (find_and_mark_as_role(Str))
|
|
handle_as_role=TRUE;
|
|
|
|
/* Create user if needed */
|
|
error=replace_user_table(thd, tables[0].table, *Str,
|
|
0, revoke_grant, create_new_users,
|
|
test(thd->variables.sql_mode &
|
|
MODE_NO_AUTO_CREATE_USER), handle_as_role);
|
|
if (error)
|
|
{
|
|
result= TRUE; // Remember error
|
|
continue; // Add next user
|
|
}
|
|
|
|
db_name= table_list->db;
|
|
table_name= table_list->table_name;
|
|
|
|
grant_name= routine_hash_search(Str->host.str, NullS, db_name,
|
|
Str->user.str, table_name, is_proc, 1);
|
|
if (!grant_name)
|
|
{
|
|
if (revoke_grant)
|
|
{
|
|
my_error(ER_NONEXISTING_PROC_GRANT, MYF(0),
|
|
Str->user.str, Str->host.str, table_name);
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
grant_name= new GRANT_NAME(Str->host.str, db_name,
|
|
Str->user.str, table_name,
|
|
rights, TRUE);
|
|
if (!grant_name ||
|
|
my_hash_insert(is_proc ?
|
|
&proc_priv_hash : &func_priv_hash,(uchar*) grant_name))
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if (replace_routine_table(thd, grant_name, tables[1].table, *Str,
|
|
db_name, table_name, is_proc, rights,
|
|
revoke_grant) != 0)
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
}
|
|
thd->mem_root= old_root;
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
if (write_to_binlog)
|
|
{
|
|
if (write_bin_log(thd, FALSE, thd->query(), thd->query_length()))
|
|
result= TRUE;
|
|
}
|
|
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
/* Tables are automatically closed */
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
static void append_user(String *str, const char *u, const char *h,
|
|
bool handle_as_role)
|
|
{
|
|
if (str->length())
|
|
str->append(',');
|
|
str->append('\'');
|
|
str->append(u);
|
|
/* hostname part is not relevant for roles, it is always empty */
|
|
if (!handle_as_role)
|
|
{
|
|
str->append(STRING_WITH_LEN("'@'"));
|
|
str->append(h);
|
|
}
|
|
str->append('\'');
|
|
}
|
|
|
|
|
|
bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
|
|
{
|
|
DBUG_ENTER("mysql_grant_role");
|
|
/*
|
|
The first entry in the list is the granted role. Need at least two
|
|
entries for the command to be valid
|
|
*/
|
|
DBUG_ASSERT(list.elements >= 2);
|
|
bool result= 0;
|
|
String wrong_users;
|
|
LEX_USER *user, *granted_role;
|
|
char *rolename;
|
|
char *username;
|
|
char *hostname;
|
|
ACL_ROLE *role, *role_as_user;
|
|
|
|
List_iterator <LEX_USER> user_list(list);
|
|
granted_role= user_list++;
|
|
if (granted_role->user.str == current_role.str)
|
|
{
|
|
rolename= thd->security_ctx->priv_role;
|
|
if (!rolename[0])
|
|
{
|
|
my_error(ER_RESERVED_ROLE, MYF(0), "NONE");
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
rolename= granted_role->user.str;
|
|
}
|
|
|
|
TABLE_LIST tables;
|
|
tables.init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("roles_mapping"),
|
|
"roles_mapping", TL_WRITE);
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
if (!(role= find_acl_role(rolename)))
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
my_error(ER_INVALID_ROLE, MYF(0), rolename);
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
if (open_and_lock_tables(thd, &tables, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
|
{ // Should never happen
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
my_error(ER_NO_SUCH_TABLE, MYF(0), "mysql", "roles_mapping");
|
|
DBUG_RETURN(TRUE); /* purecov: deadcode */
|
|
}
|
|
|
|
MEM_ROOT temp_root;
|
|
init_alloc_root(&temp_root, ACL_ALLOC_BLOCK_SIZE, 0, MYF(0));
|
|
|
|
while ((user= user_list++))
|
|
{
|
|
role_as_user= NULL;
|
|
/* current_role is treated slightly different */
|
|
if (user->user.str == current_role.str)
|
|
{
|
|
/* current_role is NONE */
|
|
if (!thd->security_ctx->priv_role[0])
|
|
{
|
|
append_user(&wrong_users, "NONE", "", TRUE);
|
|
result= 1;
|
|
continue;
|
|
}
|
|
if (!(role_as_user= find_acl_role(thd->security_ctx->priv_role)))
|
|
{
|
|
append_user(&wrong_users, thd->security_ctx->priv_role, "", TRUE);
|
|
result= 1;
|
|
continue;
|
|
}
|
|
|
|
/* can not grant current_role to current_role */
|
|
if (granted_role->user.str == current_role.str)
|
|
{
|
|
append_user(&wrong_users, thd->security_ctx->priv_role, "", TRUE);
|
|
result= 1;
|
|
continue;
|
|
}
|
|
username= thd->security_ctx->priv_role;
|
|
hostname= (char *)"";
|
|
}
|
|
else
|
|
{
|
|
role_as_user= find_and_mark_as_role(user);
|
|
username= user->user.str;
|
|
hostname= user->host.str;
|
|
}
|
|
|
|
ROLE_GRANT_PAIR *mapping, *hash_entry;
|
|
mapping= (ROLE_GRANT_PAIR *)
|
|
alloc_root(&temp_root, sizeof(ROLE_GRANT_PAIR));
|
|
|
|
init_role_grant_pair(&temp_root, mapping,
|
|
username, hostname, rolename);
|
|
if (!revoke)
|
|
{
|
|
int res= add_role_user_mapping(mapping);
|
|
/* role or user does not exist*/
|
|
if (res == -1)
|
|
{
|
|
append_user(&wrong_users, username, hostname, role_as_user != NULL);
|
|
result= 1;
|
|
continue;
|
|
}
|
|
|
|
/*
|
|
Check if this grant would cause a cycle. It only needs to be run
|
|
if we're granting a role to a role
|
|
*/
|
|
if (role_as_user &&
|
|
traverse_role_graph(role, NULL, NULL, NULL, role_explore_detect_cycle,
|
|
NULL) == 2)
|
|
{
|
|
append_user(&wrong_users, username, hostname, TRUE);
|
|
result= 1;
|
|
/* need to rollback the mapping added previously */
|
|
remove_role_user_mapping(mapping);
|
|
continue;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
hash_entry = (ROLE_GRANT_PAIR *) my_hash_search(&acl_roles_mappings,
|
|
(uchar *)mapping->hashkey.str,
|
|
mapping->hashkey.length);
|
|
|
|
/* grant was already removed or never existed */
|
|
if (!hash_entry)
|
|
{
|
|
append_user(&wrong_users, username, hostname, role_as_user != NULL);
|
|
result= 1;
|
|
continue;
|
|
}
|
|
/* revoke a role grant */
|
|
int res= remove_role_user_mapping(mapping);
|
|
if (res == -1)
|
|
{
|
|
append_user(&wrong_users, username, hostname, role_as_user != NULL);
|
|
result= 1;
|
|
continue;
|
|
}
|
|
}
|
|
|
|
/* write into the roles_mapping table */
|
|
if (replace_roles_mapping_table(tables.table, mapping, revoke))
|
|
{
|
|
append_user(&wrong_users, username, hostname, TRUE);
|
|
result= 1;
|
|
if (!revoke)
|
|
{
|
|
/* need to rollback the mapping added previously */
|
|
remove_role_user_mapping(mapping);
|
|
}
|
|
else
|
|
{
|
|
/* need to rollback the mapping deleted previously */
|
|
add_role_user_mapping(mapping);
|
|
}
|
|
continue;
|
|
}
|
|
|
|
/*
|
|
Only need to propagate grants when granting/revoking a role to/from
|
|
a role
|
|
*/
|
|
if (role_as_user)
|
|
{
|
|
acl_update_role_entry(role_as_user, role_as_user->initial_role_access);
|
|
}
|
|
}
|
|
|
|
free_root(&temp_root, MYF(0));
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
if (result)
|
|
{
|
|
if (!revoke)
|
|
{
|
|
my_error(ER_CANNOT_GRANT_ROLE, MYF(0),
|
|
rolename,
|
|
wrong_users.c_ptr_safe());
|
|
}
|
|
else
|
|
{
|
|
my_error(ER_CANNOT_REVOKE_ROLE, MYF(0),
|
|
rolename,
|
|
wrong_users.c_ptr_safe());
|
|
}
|
|
}
|
|
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
|
|
ulong rights, bool revoke_grant, bool is_proxy)
|
|
{
|
|
List_iterator <LEX_USER> str_list (list);
|
|
LEX_USER *Str, *tmp_Str, *proxied_user= NULL;
|
|
char tmp_db[SAFE_NAME_LEN+1];
|
|
bool create_new_users=0;
|
|
TABLE_LIST tables[2];
|
|
Rpl_filter *rpl_filter= thd->rpl_filter;
|
|
DBUG_ENTER("mysql_grant");
|
|
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0),
|
|
"--skip-grant-tables"); /* purecov: tested */
|
|
DBUG_RETURN(TRUE); /* purecov: tested */
|
|
}
|
|
|
|
if (lower_case_table_names && db)
|
|
{
|
|
char *end= strnmov(tmp_db,db, sizeof(tmp_db));
|
|
if (end >= tmp_db + sizeof(tmp_db))
|
|
{
|
|
my_error(ER_WRONG_DB_NAME ,MYF(0), db);
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
my_casedn_str(files_charset_info, tmp_db);
|
|
db=tmp_db;
|
|
}
|
|
|
|
if (is_proxy)
|
|
{
|
|
DBUG_ASSERT(!db);
|
|
proxied_user= str_list++;
|
|
}
|
|
|
|
/* open the mysql.user and mysql.db or mysql.proxies_priv tables */
|
|
tables[0].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("user"), "user", TL_WRITE);
|
|
if (is_proxy)
|
|
|
|
tables[1].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("proxies_priv"),
|
|
"proxies_priv",
|
|
TL_WRITE);
|
|
else
|
|
tables[1].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("db"),
|
|
"db",
|
|
TL_WRITE);
|
|
tables[0].next_local= tables[0].next_global= tables+1;
|
|
|
|
#ifdef HAVE_REPLICATION
|
|
/*
|
|
GRANT and REVOKE are applied the slave in/exclusion rules as they are
|
|
some kind of updates to the mysql.% tables.
|
|
*/
|
|
if (thd->slave_thread && rpl_filter->is_on())
|
|
{
|
|
/*
|
|
The tables must be marked "updating" so that tables_ok() takes them into
|
|
account in tests.
|
|
*/
|
|
tables[0].updating= tables[1].updating= 1;
|
|
if (!(thd->spcont || rpl_filter->tables_ok(0, tables)))
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
#endif
|
|
|
|
if (open_and_lock_tables(thd, tables, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
|
DBUG_RETURN(TRUE); /* purecov: deadcode */
|
|
|
|
DBUG_ASSERT(!thd->is_current_stmt_binlog_format_row());
|
|
|
|
if (!revoke_grant)
|
|
create_new_users= test_if_create_new_users(thd);
|
|
|
|
/* go through users in user_list */
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
grant_version++;
|
|
|
|
int result=0;
|
|
while ((tmp_Str = str_list++))
|
|
{
|
|
if (!(Str= get_current_user(thd, tmp_Str)))
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
/*
|
|
No User, but a password?
|
|
They did GRANT ... TO CURRENT_USER() IDENTIFIED BY ... !
|
|
Get the current user, and shallow-copy the new password to them!
|
|
*/
|
|
if (tmp_Str->user.str == current_user.str && tmp_Str->password.str)
|
|
Str->password= tmp_Str->password;
|
|
|
|
bool handle_as_role= FALSE;
|
|
if (find_and_mark_as_role(Str))
|
|
handle_as_role= TRUE;
|
|
|
|
if (replace_user_table(thd, tables[0].table, *Str,
|
|
(!db ? rights : 0), revoke_grant, create_new_users,
|
|
test(thd->variables.sql_mode &
|
|
MODE_NO_AUTO_CREATE_USER), handle_as_role))
|
|
result= -1;
|
|
else if (db)
|
|
{
|
|
ulong db_rights= rights & DB_ACLS;
|
|
if (db_rights == rights)
|
|
{
|
|
if (replace_db_table(tables[1].table, db, *Str, db_rights,
|
|
revoke_grant))
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
my_error(ER_WRONG_USAGE, MYF(0), "DB GRANT", "GLOBAL PRIVILEGES");
|
|
result= -1;
|
|
}
|
|
}
|
|
else if (is_proxy)
|
|
{
|
|
if (replace_proxies_priv_table (thd, tables[1].table, Str, proxied_user,
|
|
rights & GRANT_ACL ? TRUE : FALSE,
|
|
revoke_grant))
|
|
result= -1;
|
|
}
|
|
}
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
if (!result)
|
|
{
|
|
result= write_bin_log(thd, TRUE, thd->query(), thd->query_length());
|
|
}
|
|
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
if (!result)
|
|
my_ok(thd);
|
|
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
/* Free grant array if possible */
|
|
|
|
void grant_free(void)
|
|
{
|
|
DBUG_ENTER("grant_free");
|
|
my_hash_free(&column_priv_hash);
|
|
my_hash_free(&proc_priv_hash);
|
|
my_hash_free(&func_priv_hash);
|
|
free_root(&memex,MYF(0));
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
|
|
|
|
/**
|
|
@brief Initialize structures responsible for table/column-level privilege
|
|
checking and load information for them from tables in the 'mysql' database.
|
|
|
|
@return Error status
|
|
@retval 0 OK
|
|
@retval 1 Could not initialize grant subsystem.
|
|
*/
|
|
|
|
my_bool grant_init()
|
|
{
|
|
THD *thd;
|
|
my_bool return_val;
|
|
DBUG_ENTER("grant_init");
|
|
|
|
if (!(thd= new THD))
|
|
DBUG_RETURN(1); /* purecov: deadcode */
|
|
thd->thread_stack= (char*) &thd;
|
|
thd->store_globals();
|
|
return_val= grant_reload(thd);
|
|
delete thd;
|
|
/* Remember that we don't have a THD */
|
|
set_current_thd(0);
|
|
DBUG_RETURN(return_val);
|
|
}
|
|
|
|
|
|
/**
|
|
@brief Helper function to grant_reload_procs_priv
|
|
|
|
Reads the procs_priv table into memory hash.
|
|
|
|
@param table A pointer to the procs_priv table structure.
|
|
|
|
@see grant_reload
|
|
@see grant_reload_procs_priv
|
|
|
|
@return Error state
|
|
@retval TRUE An error occurred
|
|
@retval FALSE Success
|
|
*/
|
|
|
|
static my_bool grant_load_procs_priv(TABLE *p_table)
|
|
{
|
|
MEM_ROOT *memex_ptr;
|
|
my_bool return_val= 1;
|
|
bool check_no_resolve= specialflag & SPECIAL_NO_RESOLVE;
|
|
MEM_ROOT **save_mem_root_ptr= my_pthread_getspecific_ptr(MEM_ROOT**,
|
|
THR_MALLOC);
|
|
DBUG_ENTER("grant_load_procs_priv");
|
|
(void) my_hash_init(&proc_priv_hash, &my_charset_utf8_bin,
|
|
0,0,0, (my_hash_get_key) get_grant_table,
|
|
0,0);
|
|
(void) my_hash_init(&func_priv_hash, &my_charset_utf8_bin,
|
|
0,0,0, (my_hash_get_key) get_grant_table,
|
|
0,0);
|
|
|
|
if (p_table->file->ha_index_init(0, 1))
|
|
DBUG_RETURN(TRUE);
|
|
|
|
p_table->use_all_columns();
|
|
|
|
if (!p_table->file->ha_index_first(p_table->record[0]))
|
|
{
|
|
memex_ptr= &memex;
|
|
my_pthread_setspecific_ptr(THR_MALLOC, &memex_ptr);
|
|
do
|
|
{
|
|
GRANT_NAME *mem_check;
|
|
HASH *hash;
|
|
if (!(mem_check=new (memex_ptr) GRANT_NAME(p_table, TRUE)))
|
|
{
|
|
/* This could only happen if we are out memory */
|
|
goto end_unlock;
|
|
}
|
|
|
|
if (check_no_resolve)
|
|
{
|
|
if (hostname_requires_resolving(mem_check->host.hostname))
|
|
{
|
|
sql_print_warning("'procs_priv' entry '%s %s@%s' "
|
|
"ignored in --skip-name-resolve mode.",
|
|
mem_check->tname, mem_check->user,
|
|
mem_check->host.hostname ?
|
|
mem_check->host.hostname : "");
|
|
continue;
|
|
}
|
|
}
|
|
if (p_table->field[4]->val_int() == TYPE_ENUM_PROCEDURE)
|
|
{
|
|
hash= &proc_priv_hash;
|
|
}
|
|
else
|
|
if (p_table->field[4]->val_int() == TYPE_ENUM_FUNCTION)
|
|
{
|
|
hash= &func_priv_hash;
|
|
}
|
|
else
|
|
{
|
|
sql_print_warning("'procs_priv' entry '%s' "
|
|
"ignored, bad routine type",
|
|
mem_check->tname);
|
|
continue;
|
|
}
|
|
|
|
mem_check->privs= fix_rights_for_procedure(mem_check->privs);
|
|
mem_check->init_privs= mem_check->privs;
|
|
if (! mem_check->ok())
|
|
delete mem_check;
|
|
else if (my_hash_insert(hash, (uchar*) mem_check))
|
|
{
|
|
delete mem_check;
|
|
goto end_unlock;
|
|
}
|
|
}
|
|
while (!p_table->file->ha_index_next(p_table->record[0]));
|
|
}
|
|
/* Return ok */
|
|
return_val= 0;
|
|
|
|
end_unlock:
|
|
p_table->file->ha_index_end();
|
|
my_pthread_setspecific_ptr(THR_MALLOC, save_mem_root_ptr);
|
|
DBUG_RETURN(return_val);
|
|
}
|
|
|
|
|
|
/**
|
|
@brief Initialize structures responsible for table/column-level privilege
|
|
checking and load information about grants from open privilege tables.
|
|
|
|
@param thd Current thread
|
|
@param tables List containing open "mysql.tables_priv" and
|
|
"mysql.columns_priv" tables.
|
|
|
|
@see grant_reload
|
|
|
|
@return Error state
|
|
@retval FALSE Success
|
|
@retval TRUE Error
|
|
*/
|
|
|
|
static my_bool grant_load(THD *thd, TABLE_LIST *tables)
|
|
{
|
|
MEM_ROOT *memex_ptr;
|
|
my_bool return_val= 1;
|
|
TABLE *t_table= 0, *c_table= 0;
|
|
bool check_no_resolve= specialflag & SPECIAL_NO_RESOLVE;
|
|
MEM_ROOT **save_mem_root_ptr= my_pthread_getspecific_ptr(MEM_ROOT**,
|
|
THR_MALLOC);
|
|
ulonglong old_sql_mode= thd->variables.sql_mode;
|
|
DBUG_ENTER("grant_load");
|
|
|
|
thd->variables.sql_mode&= ~MODE_PAD_CHAR_TO_FULL_LENGTH;
|
|
|
|
(void) my_hash_init(&column_priv_hash, &my_charset_utf8_bin,
|
|
0,0,0, (my_hash_get_key) get_grant_table,
|
|
(my_hash_free_key) free_grant_table,0);
|
|
|
|
t_table = tables[0].table;
|
|
c_table = tables[1].table;
|
|
|
|
if (t_table->file->ha_index_init(0, 1))
|
|
goto end_index_init;
|
|
|
|
t_table->use_all_columns();
|
|
c_table->use_all_columns();
|
|
|
|
if (!t_table->file->ha_index_first(t_table->record[0]))
|
|
{
|
|
memex_ptr= &memex;
|
|
my_pthread_setspecific_ptr(THR_MALLOC, &memex_ptr);
|
|
do
|
|
{
|
|
GRANT_TABLE *mem_check;
|
|
if (!(mem_check=new (memex_ptr) GRANT_TABLE(t_table,c_table)))
|
|
{
|
|
/* This could only happen if we are out memory */
|
|
goto end_unlock;
|
|
}
|
|
|
|
if (check_no_resolve)
|
|
{
|
|
if (hostname_requires_resolving(mem_check->host.hostname))
|
|
{
|
|
sql_print_warning("'tables_priv' entry '%s %s@%s' "
|
|
"ignored in --skip-name-resolve mode.",
|
|
mem_check->tname,
|
|
mem_check->user ? mem_check->user : "",
|
|
mem_check->host.hostname ?
|
|
mem_check->host.hostname : "");
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if (! mem_check->ok())
|
|
delete mem_check;
|
|
else if (my_hash_insert(&column_priv_hash,(uchar*) mem_check))
|
|
{
|
|
delete mem_check;
|
|
goto end_unlock;
|
|
}
|
|
}
|
|
while (!t_table->file->ha_index_next(t_table->record[0]));
|
|
}
|
|
|
|
return_val=0; // Return ok
|
|
|
|
end_unlock:
|
|
t_table->file->ha_index_end();
|
|
my_pthread_setspecific_ptr(THR_MALLOC, save_mem_root_ptr);
|
|
end_index_init:
|
|
thd->variables.sql_mode= old_sql_mode;
|
|
DBUG_RETURN(return_val);
|
|
}
|
|
|
|
|
|
/**
|
|
@brief Helper function to grant_reload. Reloads procs_priv table is it
|
|
exists.
|
|
|
|
@param thd A pointer to the thread handler object.
|
|
|
|
@see grant_reload
|
|
|
|
@return Error state
|
|
@retval FALSE Success
|
|
@retval TRUE An error has occurred.
|
|
*/
|
|
|
|
static my_bool grant_reload_procs_priv(THD *thd)
|
|
{
|
|
HASH old_proc_priv_hash, old_func_priv_hash;
|
|
TABLE_LIST table;
|
|
my_bool return_val= FALSE;
|
|
DBUG_ENTER("grant_reload_procs_priv");
|
|
|
|
table.init_one_table("mysql", 5, "procs_priv",
|
|
strlen("procs_priv"), "procs_priv",
|
|
TL_READ);
|
|
table.open_type= OT_BASE_ONLY;
|
|
|
|
if (open_and_lock_tables(thd, &table, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
|
DBUG_RETURN(TRUE);
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
/* Save a copy of the current hash if we need to undo the grant load */
|
|
old_proc_priv_hash= proc_priv_hash;
|
|
old_func_priv_hash= func_priv_hash;
|
|
|
|
if ((return_val= grant_load_procs_priv(table.table)))
|
|
{
|
|
/* Error; Reverting to old hash */
|
|
DBUG_PRINT("error",("Reverting to old privileges"));
|
|
grant_free();
|
|
proc_priv_hash= old_proc_priv_hash;
|
|
func_priv_hash= old_func_priv_hash;
|
|
}
|
|
else
|
|
{
|
|
my_hash_free(&old_proc_priv_hash);
|
|
my_hash_free(&old_func_priv_hash);
|
|
}
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
close_mysql_tables(thd);
|
|
DBUG_RETURN(return_val);
|
|
}
|
|
|
|
|
|
/**
|
|
@brief Reload information about table and column level privileges if possible
|
|
|
|
@param thd Current thread
|
|
|
|
Locked tables are checked by acl_reload() and doesn't have to be checked
|
|
in this call.
|
|
This function is also used for initialization of structures responsible
|
|
for table/column-level privilege checking.
|
|
|
|
@return Error state
|
|
@retval FALSE Success
|
|
@retval TRUE Error
|
|
*/
|
|
|
|
my_bool grant_reload(THD *thd)
|
|
{
|
|
TABLE_LIST tables[2];
|
|
HASH old_column_priv_hash;
|
|
MEM_ROOT old_mem;
|
|
my_bool return_val= 1;
|
|
DBUG_ENTER("grant_reload");
|
|
|
|
/* Don't do anything if running with --skip-grant-tables */
|
|
if (!initialized)
|
|
DBUG_RETURN(0);
|
|
|
|
tables[0].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("tables_priv"),
|
|
"tables_priv", TL_READ);
|
|
tables[1].init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("columns_priv"),
|
|
"columns_priv", TL_READ);
|
|
tables[0].next_local= tables[0].next_global= tables+1;
|
|
tables[0].open_type= tables[1].open_type= OT_BASE_ONLY;
|
|
|
|
/*
|
|
To avoid deadlocks we should obtain table locks before
|
|
obtaining LOCK_grant rwlock.
|
|
*/
|
|
if (open_and_lock_tables(thd, tables, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
|
goto end;
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
old_column_priv_hash= column_priv_hash;
|
|
|
|
/*
|
|
Create a new memory pool but save the current memory pool to make an undo
|
|
opertion possible in case of failure.
|
|
*/
|
|
old_mem= memex;
|
|
init_sql_alloc(&memex, ACL_ALLOC_BLOCK_SIZE, 0, MYF(0));
|
|
|
|
if ((return_val= grant_load(thd, tables)))
|
|
{ // Error. Revert to old hash
|
|
DBUG_PRINT("error",("Reverting to old privileges"));
|
|
grant_free(); /* purecov: deadcode */
|
|
column_priv_hash= old_column_priv_hash; /* purecov: deadcode */
|
|
memex= old_mem; /* purecov: deadcode */
|
|
}
|
|
else
|
|
{
|
|
my_hash_free(&old_column_priv_hash);
|
|
free_root(&old_mem,MYF(0));
|
|
}
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
close_mysql_tables(thd);
|
|
|
|
/*
|
|
It is OK failing to load procs_priv table because we may be
|
|
working with 4.1 privilege tables.
|
|
*/
|
|
if (grant_reload_procs_priv(thd))
|
|
return_val= 1;
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
my_hash_iterate(&acl_roles,
|
|
(my_hash_walk_action) acl_role_propagate_grants, NULL);
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
grant_version++;
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
end:
|
|
DBUG_RETURN(return_val);
|
|
}
|
|
|
|
|
|
/**
|
|
@brief Check table level grants
|
|
|
|
@param thd Thread handler
|
|
@param want_access Bits of privileges user needs to have.
|
|
@param tables List of tables to check. The user should have
|
|
'want_access' to all tables in list.
|
|
@param any_combination_will_do TRUE if it's enough to have any privilege for
|
|
any combination of the table columns.
|
|
@param number Check at most this number of tables.
|
|
@param no_errors TRUE if no error should be sent directly to the client.
|
|
|
|
If table->grant.want_privilege != 0 then the requested privileges where
|
|
in the set of COL_ACLS but access was not granted on the table level. As
|
|
a consequence an extra check of column privileges is required.
|
|
|
|
Specifically if this function returns FALSE the user has some kind of
|
|
privilege on a combination of columns in each table.
|
|
|
|
This function is usually preceeded by check_access which establish the
|
|
User-, Db- and Host access rights.
|
|
|
|
@see check_access
|
|
@see check_table_access
|
|
|
|
@note
|
|
This functions assumes that either number of tables to be inspected
|
|
by it is limited explicitly (i.e. is is not UINT_MAX) or table list
|
|
used and thd->lex->query_tables_own_last value correspond to each
|
|
other (the latter should be either 0 or point to next_global member
|
|
of one of elements of this table list).
|
|
|
|
We delay locking of LOCK_grant until we really need it as we assume that
|
|
most privileges be resolved with user or db level accesses.
|
|
|
|
@return Access status
|
|
@retval FALSE Access granted; But column privileges might need to be
|
|
checked.
|
|
@retval TRUE The user did not have the requested privileges on any of the
|
|
tables.
|
|
|
|
*/
|
|
|
|
bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
|
|
bool any_combination_will_do, uint number, bool no_errors)
|
|
{
|
|
TABLE_LIST *tl;
|
|
TABLE_LIST *first_not_own_table= thd->lex->first_not_own_table();
|
|
Security_context *sctx= thd->security_ctx;
|
|
uint i;
|
|
ulong orig_want_access= want_access;
|
|
my_bool locked= 0;
|
|
GRANT_TABLE *grant_table;
|
|
GRANT_TABLE *grant_table_role= NULL;
|
|
DBUG_ENTER("check_grant");
|
|
DBUG_ASSERT(number > 0);
|
|
|
|
/*
|
|
Walk through the list of tables that belong to the query and save the
|
|
requested access (orig_want_privilege) to be able to use it when
|
|
checking access rights to the underlying tables of a view. Our grant
|
|
system gradually eliminates checked bits from want_privilege and thus
|
|
after all checks are done we can no longer use it.
|
|
The check that first_not_own_table is not reached is for the case when
|
|
the given table list refers to the list for prelocking (contains tables
|
|
of other queries). For simple queries first_not_own_table is 0.
|
|
*/
|
|
for (i= 0, tl= tables;
|
|
i < number && tl != first_not_own_table;
|
|
tl= tl->next_global, i++)
|
|
{
|
|
/*
|
|
Save a copy of the privileges without the SHOW_VIEW_ACL attribute.
|
|
It will be checked during making view.
|
|
*/
|
|
tl->grant.orig_want_privilege= (want_access & ~SHOW_VIEW_ACL);
|
|
}
|
|
number= i;
|
|
|
|
for (tl= tables; number-- ; tl= tl->next_global)
|
|
{
|
|
sctx = test(tl->security_ctx) ? tl->security_ctx : thd->security_ctx;
|
|
|
|
const ACL_internal_table_access *access=
|
|
get_cached_table_access(&tl->grant.m_internal,
|
|
tl->get_db_name(),
|
|
tl->get_table_name());
|
|
|
|
if (access)
|
|
{
|
|
switch(access->check(orig_want_access, &tl->grant.privilege))
|
|
{
|
|
case ACL_INTERNAL_ACCESS_GRANTED:
|
|
/*
|
|
Currently,
|
|
- the information_schema does not subclass ACL_internal_table_access,
|
|
there are no per table privilege checks for I_S,
|
|
- the performance schema does use per tables checks, but at most
|
|
returns 'CHECK_GRANT', and never 'ACCESS_GRANTED'.
|
|
so this branch is not used.
|
|
*/
|
|
DBUG_ASSERT(0);
|
|
case ACL_INTERNAL_ACCESS_DENIED:
|
|
goto err;
|
|
case ACL_INTERNAL_ACCESS_CHECK_GRANT:
|
|
break;
|
|
}
|
|
}
|
|
|
|
want_access= orig_want_access;
|
|
want_access&= ~sctx->master_access;
|
|
if (!want_access)
|
|
continue; // ok
|
|
|
|
if (!(~tl->grant.privilege & want_access) ||
|
|
tl->is_anonymous_derived_table() || tl->schema_table)
|
|
{
|
|
/*
|
|
It is subquery in the FROM clause. VIEW set tl->derived after
|
|
table opening, but this function always called before table opening.
|
|
*/
|
|
if (!tl->referencing_view)
|
|
{
|
|
/*
|
|
If it's a temporary table created for a subquery in the FROM
|
|
clause, or an INFORMATION_SCHEMA table, drop the request for
|
|
a privilege.
|
|
*/
|
|
tl->grant.want_privilege= 0;
|
|
}
|
|
continue;
|
|
}
|
|
|
|
if (!locked)
|
|
{
|
|
locked= 1;
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
}
|
|
|
|
grant_table= table_hash_search(sctx->host, sctx->ip,
|
|
tl->get_db_name(),
|
|
sctx->priv_user,
|
|
tl->get_table_name(),
|
|
FALSE);
|
|
if (sctx->priv_role[0])
|
|
grant_table_role= table_hash_search("", NULL, tl->get_db_name(),
|
|
sctx->priv_role,
|
|
tl->get_table_name(),
|
|
TRUE);
|
|
|
|
if (!grant_table && !grant_table_role)
|
|
{
|
|
want_access&= ~tl->grant.privilege;
|
|
goto err;
|
|
}
|
|
|
|
/*
|
|
For SHOW COLUMNS, SHOW INDEX it is enough to have some
|
|
privileges on any column combination on the table.
|
|
*/
|
|
if (any_combination_will_do)
|
|
continue;
|
|
|
|
tl->grant.grant_table_user= grant_table; // Remember for column test
|
|
tl->grant.grant_table_role= grant_table_role;
|
|
tl->grant.version= grant_version;
|
|
tl->grant.privilege|= grant_table ? grant_table->privs : 0;
|
|
tl->grant.privilege|= grant_table_role ? grant_table_role->privs : 0;
|
|
tl->grant.want_privilege= ((want_access & COL_ACLS) & ~tl->grant.privilege);
|
|
|
|
if (!(~tl->grant.privilege & want_access))
|
|
continue;
|
|
|
|
if ((want_access&= ~((grant_table ? grant_table->cols : 0) |
|
|
(grant_table_role ? grant_table_role->cols : 0) |
|
|
tl->grant.privilege)))
|
|
{
|
|
goto err; // impossible
|
|
}
|
|
}
|
|
if (locked)
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
DBUG_RETURN(FALSE);
|
|
|
|
err:
|
|
if (locked)
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
if (!no_errors) // Not a silent skip of table
|
|
{
|
|
char command[128];
|
|
get_privilege_desc(command, sizeof(command), want_access);
|
|
status_var_increment(thd->status_var.access_denied_errors);
|
|
|
|
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
|
|
command,
|
|
sctx->priv_user,
|
|
sctx->host_or_ip,
|
|
tl ? tl->get_table_name() : "unknown");
|
|
}
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
|
|
/*
|
|
Check column rights in given security context
|
|
|
|
SYNOPSIS
|
|
check_grant_column()
|
|
thd thread handler
|
|
grant grant information structure
|
|
db_name db name
|
|
table_name table name
|
|
name column name
|
|
length column name length
|
|
sctx security context
|
|
|
|
RETURN
|
|
FALSE OK
|
|
TRUE access denied
|
|
*/
|
|
|
|
bool check_grant_column(THD *thd, GRANT_INFO *grant,
|
|
const char *db_name, const char *table_name,
|
|
const char *name, uint length, Security_context *sctx)
|
|
{
|
|
GRANT_TABLE *grant_table;
|
|
GRANT_TABLE *grant_table_role;
|
|
GRANT_COLUMN *grant_column;
|
|
ulong want_access= grant->want_privilege & ~grant->privilege;
|
|
DBUG_ENTER("check_grant_column");
|
|
DBUG_PRINT("enter", ("table: %s want_access: %lu", table_name, want_access));
|
|
|
|
if (!want_access)
|
|
DBUG_RETURN(0); // Already checked
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
|
|
/* reload table if someone has modified any grants */
|
|
|
|
if (grant->version != grant_version)
|
|
{
|
|
grant->grant_table_user=
|
|
table_hash_search(sctx->host, sctx->ip, db_name,
|
|
sctx->priv_user,
|
|
table_name, 0); /* purecov: inspected */
|
|
grant->grant_table_role=
|
|
sctx->priv_role[0] ? table_hash_search("", NULL, db_name,
|
|
sctx->priv_role,
|
|
table_name, TRUE) : NULL;
|
|
grant->version= grant_version; /* purecov: inspected */
|
|
}
|
|
|
|
grant_table= grant->grant_table_user;
|
|
grant_table_role= grant->grant_table_role;
|
|
|
|
if (!grant_table && !grant_table_role)
|
|
goto err;
|
|
|
|
if (grant_table)
|
|
{
|
|
grant_column= column_hash_search(grant_table, name, length);
|
|
if (grant_column)
|
|
{
|
|
want_access&= ~grant_column->rights;
|
|
}
|
|
}
|
|
if (grant_table_role)
|
|
{
|
|
grant_column= column_hash_search(grant_table_role, name, length);
|
|
if (grant_column)
|
|
{
|
|
want_access&= ~grant_column->rights;
|
|
}
|
|
}
|
|
if (!want_access)
|
|
{
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
err:
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
char command[128];
|
|
get_privilege_desc(command, sizeof(command), want_access);
|
|
/* TODO perhaps error should print current rolename aswell */
|
|
my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
|
|
command,
|
|
sctx->priv_user,
|
|
sctx->host_or_ip,
|
|
name,
|
|
table_name);
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
|
|
/*
|
|
Check the access right to a column depending on the type of table.
|
|
|
|
SYNOPSIS
|
|
check_column_grant_in_table_ref()
|
|
thd thread handler
|
|
table_ref table reference where to check the field
|
|
name name of field to check
|
|
length length of name
|
|
|
|
DESCRIPTION
|
|
Check the access rights to a column depending on the type of table
|
|
reference where the column is checked. The function provides a
|
|
generic interface to check column access rights that hides the
|
|
heterogeneity of the column representation - whether it is a view
|
|
or a stored table colum.
|
|
|
|
RETURN
|
|
FALSE OK
|
|
TRUE access denied
|
|
*/
|
|
|
|
bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref,
|
|
const char *name, uint length)
|
|
{
|
|
GRANT_INFO *grant;
|
|
const char *db_name;
|
|
const char *table_name;
|
|
Security_context *sctx= test(table_ref->security_ctx) ?
|
|
table_ref->security_ctx : thd->security_ctx;
|
|
|
|
if (table_ref->view || table_ref->field_translation)
|
|
{
|
|
/* View or derived information schema table. */
|
|
ulong view_privs;
|
|
grant= &(table_ref->grant);
|
|
db_name= table_ref->view_db.str;
|
|
table_name= table_ref->view_name.str;
|
|
if (table_ref->belong_to_view &&
|
|
thd->lex->sql_command == SQLCOM_SHOW_FIELDS)
|
|
{
|
|
view_privs= get_column_grant(thd, grant, db_name, table_name, name);
|
|
if (view_privs & VIEW_ANY_ACL)
|
|
{
|
|
table_ref->belong_to_view->allowed_show= TRUE;
|
|
return FALSE;
|
|
}
|
|
table_ref->belong_to_view->allowed_show= FALSE;
|
|
my_message(ER_VIEW_NO_EXPLAIN, ER(ER_VIEW_NO_EXPLAIN), MYF(0));
|
|
return TRUE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* Normal or temporary table. */
|
|
TABLE *table= table_ref->table;
|
|
grant= &(table->grant);
|
|
db_name= table->s->db.str;
|
|
table_name= table->s->table_name.str;
|
|
}
|
|
|
|
if (grant->want_privilege)
|
|
return check_grant_column(thd, grant, db_name, table_name, name,
|
|
length, sctx);
|
|
else
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
/**
|
|
@brief check if a query can access a set of columns
|
|
|
|
@param thd the current thread
|
|
@param want_access_arg the privileges requested
|
|
@param fields an iterator over the fields of a table reference.
|
|
@return Operation status
|
|
@retval 0 Success
|
|
@retval 1 Falure
|
|
@details This function walks over the columns of a table reference
|
|
The columns may originate from different tables, depending on the kind of
|
|
table reference, e.g. join, view.
|
|
For each table it will retrieve the grant information and will use it
|
|
to check the required access privileges for the fields requested from it.
|
|
*/
|
|
bool check_grant_all_columns(THD *thd, ulong want_access_arg,
|
|
Field_iterator_table_ref *fields)
|
|
{
|
|
Security_context *sctx= thd->security_ctx;
|
|
ulong UNINIT_VAR(want_access);
|
|
const char *table_name= NULL;
|
|
const char* db_name;
|
|
GRANT_INFO *grant;
|
|
GRANT_TABLE *UNINIT_VAR(grant_table);
|
|
GRANT_TABLE *UNINIT_VAR(grant_table_role);
|
|
/*
|
|
Flag that gets set if privilege checking has to be performed on column
|
|
level.
|
|
*/
|
|
bool using_column_privileges= FALSE;
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
|
|
for (; !fields->end_of_fields(); fields->next())
|
|
{
|
|
const char *field_name= fields->name();
|
|
|
|
if (table_name != fields->get_table_name())
|
|
{
|
|
table_name= fields->get_table_name();
|
|
db_name= fields->get_db_name();
|
|
grant= fields->grant();
|
|
/* get a fresh one for each table */
|
|
want_access= want_access_arg & ~grant->privilege;
|
|
if (want_access)
|
|
{
|
|
/* reload table if someone has modified any grants */
|
|
if (grant->version != grant_version)
|
|
{
|
|
grant->grant_table_user=
|
|
table_hash_search(sctx->host, sctx->ip, db_name,
|
|
sctx->priv_user,
|
|
table_name, 0); /* purecov: inspected */
|
|
grant->grant_table_role=
|
|
sctx->priv_role[0] ? table_hash_search("", NULL, db_name,
|
|
sctx->priv_role,
|
|
table_name, TRUE) : NULL;
|
|
grant->version= grant_version; /* purecov: inspected */
|
|
}
|
|
|
|
grant_table= grant->grant_table_user;
|
|
grant_table_role= grant->grant_table_role;
|
|
DBUG_ASSERT (grant_table || grant_table_role);
|
|
}
|
|
}
|
|
|
|
if (want_access)
|
|
{
|
|
ulong have_access= 0;
|
|
if (grant_table)
|
|
{
|
|
GRANT_COLUMN *grant_column=
|
|
column_hash_search(grant_table, field_name,
|
|
(uint) strlen(field_name));
|
|
if (grant_column)
|
|
have_access= grant_column->rights;
|
|
}
|
|
if (grant_table_role)
|
|
{
|
|
GRANT_COLUMN *grant_column=
|
|
column_hash_search(grant_table_role, field_name,
|
|
(uint) strlen(field_name));
|
|
if (grant_column)
|
|
have_access|= grant_column->rights;
|
|
}
|
|
|
|
if (have_access)
|
|
using_column_privileges= TRUE;
|
|
if (want_access & ~have_access)
|
|
goto err;
|
|
}
|
|
}
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
return 0;
|
|
|
|
err:
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
char command[128];
|
|
get_privilege_desc(command, sizeof(command), want_access);
|
|
/*
|
|
Do not give an error message listing a column name unless the user has
|
|
privilege to see all columns.
|
|
*/
|
|
if (using_column_privileges)
|
|
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
|
|
command, sctx->priv_user,
|
|
sctx->host_or_ip, table_name);
|
|
else
|
|
my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
|
|
command,
|
|
sctx->priv_user,
|
|
sctx->host_or_ip,
|
|
fields->name(),
|
|
table_name);
|
|
return 1;
|
|
}
|
|
|
|
|
|
static bool check_grant_db_routine(THD *thd, const char *db, HASH *hash)
|
|
{
|
|
Security_context *sctx= thd->security_ctx;
|
|
|
|
for (uint idx= 0; idx < hash->records; ++idx)
|
|
{
|
|
GRANT_NAME *item= (GRANT_NAME*) my_hash_element(hash, idx);
|
|
|
|
if (strcmp(item->user, sctx->priv_user) == 0 &&
|
|
strcmp(item->db, db) == 0 &&
|
|
compare_hostname(&item->host, sctx->host, sctx->ip))
|
|
{
|
|
return FALSE;
|
|
}
|
|
if (sctx->priv_role[0] && strcmp(item->user, sctx->priv_role) == 0 &&
|
|
strcmp(item->db, db) == 0 &&
|
|
(!item->host.hostname || !item->host.hostname[0]))
|
|
{
|
|
return FALSE; /* Found current role match */
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/*
|
|
Check if a user has the right to access a database
|
|
Access is accepted if he has a grant for any table/routine in the database
|
|
Return 1 if access is denied
|
|
*/
|
|
|
|
bool check_grant_db(THD *thd, const char *db)
|
|
{
|
|
Security_context *sctx= thd->security_ctx;
|
|
char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2], *end;
|
|
char helping2 [SAFE_NAME_LEN + USERNAME_LENGTH+2];
|
|
uint len, len2;
|
|
bool error= TRUE;
|
|
|
|
end= strmov(helping, sctx->priv_user) + 1;
|
|
end= strnmov(end, db, helping + sizeof(helping) - end);
|
|
|
|
if (end >= helping + sizeof(helping)) // db name was truncated
|
|
return 1; // no privileges for an invalid db name
|
|
|
|
len= (uint) (end - helping) + 1;
|
|
|
|
/*
|
|
If a role is set, we need to check for privileges
|
|
here aswell
|
|
*/
|
|
if (sctx->priv_role[0])
|
|
{
|
|
end= strmov(helping2, sctx->priv_role) + 1;
|
|
end= strnmov(end, db, helping2 + sizeof(helping2) - end);
|
|
len2= (uint) (end - helping2) + 1;
|
|
}
|
|
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
|
|
for (uint idx=0 ; idx < column_priv_hash.records ; idx++)
|
|
{
|
|
GRANT_TABLE *grant_table= (GRANT_TABLE*)
|
|
my_hash_element(&column_priv_hash,
|
|
idx);
|
|
if (len < grant_table->key_length &&
|
|
!memcmp(grant_table->hash_key,helping,len) &&
|
|
compare_hostname(&grant_table->host, sctx->host, sctx->ip))
|
|
{
|
|
error= FALSE; /* Found match. */
|
|
break;
|
|
}
|
|
if (sctx->priv_role[0] &&
|
|
len2 < grant_table->key_length &&
|
|
!memcmp(grant_table->hash_key,helping2,len) &&
|
|
(!grant_table->host.hostname || !grant_table->host.hostname[0]))
|
|
{
|
|
error= FALSE; /* Found role match */
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (error)
|
|
error= check_grant_db_routine(thd, db, &proc_priv_hash) &&
|
|
check_grant_db_routine(thd, db, &func_priv_hash);
|
|
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
return error;
|
|
}
|
|
|
|
|
|
/****************************************************************************
|
|
Check routine level grants
|
|
|
|
SYNPOSIS
|
|
bool check_grant_routine()
|
|
thd Thread handler
|
|
want_access Bits of privileges user needs to have
|
|
procs List of routines to check. The user should have 'want_access'
|
|
is_proc True if the list is all procedures, else functions
|
|
no_errors If 0 then we write an error. The error is sent directly to
|
|
the client
|
|
|
|
RETURN
|
|
0 ok
|
|
1 Error: User did not have the requested privielges
|
|
****************************************************************************/
|
|
|
|
bool check_grant_routine(THD *thd, ulong want_access,
|
|
TABLE_LIST *procs, bool is_proc, bool no_errors)
|
|
{
|
|
TABLE_LIST *table;
|
|
Security_context *sctx= thd->security_ctx;
|
|
char *user= sctx->priv_user;
|
|
char *host= sctx->priv_host;
|
|
char *role= sctx->priv_role;
|
|
DBUG_ENTER("check_grant_routine");
|
|
|
|
want_access&= ~sctx->master_access;
|
|
if (!want_access)
|
|
DBUG_RETURN(0); // ok
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
for (table= procs; table; table= table->next_global)
|
|
{
|
|
GRANT_NAME *grant_proc;
|
|
if ((grant_proc= routine_hash_search(host, sctx->ip, table->db, user,
|
|
table->table_name, is_proc, 0)))
|
|
table->grant.privilege|= grant_proc->privs;
|
|
if (role[0]) /* current role set check */
|
|
{
|
|
if ((grant_proc= routine_hash_search("", NULL, table->db, role,
|
|
table->table_name, is_proc, 0)))
|
|
table->grant.privilege|= grant_proc->privs;
|
|
}
|
|
|
|
if (want_access & ~table->grant.privilege)
|
|
{
|
|
want_access &= ~table->grant.privilege;
|
|
goto err;
|
|
}
|
|
}
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
DBUG_RETURN(0);
|
|
err:
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
if (!no_errors)
|
|
{
|
|
char buff[1024];
|
|
const char *command="";
|
|
if (table)
|
|
strxmov(buff, table->db, ".", table->table_name, NullS);
|
|
if (want_access & EXECUTE_ACL)
|
|
command= "execute";
|
|
else if (want_access & ALTER_PROC_ACL)
|
|
command= "alter routine";
|
|
else if (want_access & GRANT_ACL)
|
|
command= "grant";
|
|
my_error(ER_PROCACCESS_DENIED_ERROR, MYF(0),
|
|
command, user, host, table ? buff : "unknown");
|
|
}
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
|
|
/*
|
|
Check if routine has any of the
|
|
routine level grants
|
|
|
|
SYNPOSIS
|
|
bool check_routine_level_acl()
|
|
thd Thread handler
|
|
db Database name
|
|
name Routine name
|
|
|
|
RETURN
|
|
0 Ok
|
|
1 error
|
|
*/
|
|
|
|
bool check_routine_level_acl(THD *thd, const char *db, const char *name,
|
|
bool is_proc)
|
|
{
|
|
bool no_routine_acl= 1;
|
|
GRANT_NAME *grant_proc;
|
|
Security_context *sctx= thd->security_ctx;
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
if ((grant_proc= routine_hash_search(sctx->priv_host,
|
|
sctx->ip, db,
|
|
sctx->priv_user,
|
|
name, is_proc, 0)))
|
|
no_routine_acl= !(grant_proc->privs & SHOW_PROC_ACLS);
|
|
|
|
if (sctx->priv_role[0]) /* current set role check */
|
|
{
|
|
if ((grant_proc= routine_hash_search("",
|
|
NULL, db,
|
|
sctx->priv_role,
|
|
name, is_proc, 0)))
|
|
no_routine_acl= !(grant_proc->privs & SHOW_PROC_ACLS);
|
|
}
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
return no_routine_acl;
|
|
}
|
|
|
|
|
|
/*****************************************************************************
|
|
Functions to retrieve the grant for a table/column (for SHOW functions)
|
|
*****************************************************************************/
|
|
|
|
ulong get_table_grant(THD *thd, TABLE_LIST *table)
|
|
{
|
|
ulong privilege;
|
|
Security_context *sctx= thd->security_ctx;
|
|
const char *db = table->db ? table->db : thd->db;
|
|
GRANT_TABLE *grant_table;
|
|
GRANT_TABLE *grant_table_role= NULL;
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
#ifdef EMBEDDED_LIBRARY
|
|
grant_table= NULL;
|
|
grant_table_role= NULL;
|
|
#else
|
|
grant_table= table_hash_search(sctx->host, sctx->ip, db, sctx->priv_user,
|
|
table->table_name, 0);
|
|
if (sctx->priv_role[0])
|
|
grant_table_role= table_hash_search("", "", db, sctx->priv_role,
|
|
table->table_name, 0);
|
|
#endif
|
|
table->grant.grant_table_user= grant_table; // Remember for column test
|
|
table->grant.grant_table_role= grant_table_role;
|
|
table->grant.version=grant_version;
|
|
if (grant_table)
|
|
table->grant.privilege|= grant_table->privs;
|
|
if (grant_table_role)
|
|
table->grant.privilege|= grant_table_role->privs;
|
|
privilege= table->grant.privilege;
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
return privilege;
|
|
}
|
|
|
|
|
|
/*
|
|
Determine the access priviliges for a field.
|
|
|
|
SYNOPSIS
|
|
get_column_grant()
|
|
thd thread handler
|
|
grant grants table descriptor
|
|
db_name name of database that the field belongs to
|
|
table_name name of table that the field belongs to
|
|
field_name name of field
|
|
|
|
DESCRIPTION
|
|
The procedure may also modify: grant->grant_table and grant->version.
|
|
|
|
RETURN
|
|
The access priviliges for the field db_name.table_name.field_name
|
|
*/
|
|
|
|
ulong get_column_grant(THD *thd, GRANT_INFO *grant,
|
|
const char *db_name, const char *table_name,
|
|
const char *field_name)
|
|
{
|
|
GRANT_TABLE *grant_table;
|
|
GRANT_TABLE *grant_table_role;
|
|
GRANT_COLUMN *grant_column;
|
|
ulong priv= 0;
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
/* reload table if someone has modified any grants */
|
|
if (grant->version != grant_version)
|
|
{
|
|
Security_context *sctx= thd->security_ctx;
|
|
grant->grant_table_user=
|
|
table_hash_search(sctx->host, sctx->ip,
|
|
db_name, sctx->priv_user,
|
|
table_name, 0); /* purecov: inspected */
|
|
grant->grant_table_role=
|
|
sctx->priv_role[0] ? table_hash_search("", "", db_name,
|
|
sctx->priv_role,
|
|
table_name, TRUE) : NULL;
|
|
grant->version= grant_version; /* purecov: inspected */
|
|
}
|
|
|
|
grant_table= grant->grant_table_user;
|
|
grant_table_role= grant->grant_table_role;
|
|
|
|
if (!grant_table && !grant_table_role)
|
|
priv= grant->privilege;
|
|
else
|
|
{
|
|
if (grant_table)
|
|
{
|
|
grant_column= column_hash_search(grant_table, field_name,
|
|
(uint) strlen(field_name));
|
|
if (!grant_column)
|
|
priv= (grant->privilege | grant_table->privs);
|
|
else
|
|
priv= (grant->privilege | grant_table->privs | grant_column->rights);
|
|
}
|
|
|
|
if (grant_table_role)
|
|
{
|
|
grant_column= column_hash_search(grant_table_role, field_name,
|
|
(uint) strlen(field_name));
|
|
if (!grant_column)
|
|
priv|= (grant->privilege | grant_table_role->privs);
|
|
else
|
|
priv|= (grant->privilege | grant_table->privs | grant_column->rights);
|
|
}
|
|
}
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
return priv;
|
|
}
|
|
|
|
|
|
/* Help function for mysql_show_grants */
|
|
|
|
static void add_user_option(String *grant, long value, const char *name,
|
|
my_bool is_signed)
|
|
{
|
|
if (value)
|
|
{
|
|
char buff[22], *p; // just as in int2str
|
|
grant->append(' ');
|
|
grant->append(name, strlen(name));
|
|
grant->append(' ');
|
|
p=int10_to_str(value, buff, is_signed ? -10 : 10);
|
|
grant->append(buff,p-buff);
|
|
}
|
|
}
|
|
|
|
static const char *command_array[]=
|
|
{
|
|
"SELECT", "INSERT", "UPDATE", "DELETE", "CREATE", "DROP", "RELOAD",
|
|
"SHUTDOWN", "PROCESS","FILE", "GRANT", "REFERENCES", "INDEX",
|
|
"ALTER", "SHOW DATABASES", "SUPER", "CREATE TEMPORARY TABLES",
|
|
"LOCK TABLES", "EXECUTE", "REPLICATION SLAVE", "REPLICATION CLIENT",
|
|
"CREATE VIEW", "SHOW VIEW", "CREATE ROUTINE", "ALTER ROUTINE",
|
|
"CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE"
|
|
};
|
|
|
|
static uint command_lengths[]=
|
|
{
|
|
6, 6, 6, 6, 6, 4, 6, 8, 7, 4, 5, 10, 5, 5, 14, 5, 23, 11, 7, 17, 18, 11, 9,
|
|
14, 13, 11, 5, 7, 17
|
|
};
|
|
|
|
|
|
static int show_routine_grants(THD *thd,
|
|
const char *username,
|
|
const char *hostname,
|
|
HASH *hash,
|
|
const char *type, int typelen,
|
|
bool handle_as_role,
|
|
char *buff, int buffsize);
|
|
|
|
bool print_grants_for_role(THD *thd, ACL_ROLE * role,
|
|
char *buff, size_t buffsize)
|
|
{
|
|
if (show_role_grants(thd, role->user.str, "", role, buff, sizeof(buff)))
|
|
return TRUE;
|
|
|
|
if (show_global_privileges(thd, role, TRUE, buff, buffsize))
|
|
return TRUE;
|
|
|
|
if (show_database_privileges(thd, role->user.str, "", TRUE, buff, buffsize))
|
|
return TRUE;
|
|
|
|
if (show_table_and_column_privileges(thd, role->user.str, "", TRUE, buff, buffsize))
|
|
return TRUE;
|
|
|
|
if (show_routine_grants(thd, role->user.str, "", &proc_priv_hash,
|
|
STRING_WITH_LEN("PROCEDURE"), TRUE, buff, buffsize))
|
|
return TRUE;
|
|
|
|
if (show_routine_grants(thd, role->user.str, "", &func_priv_hash,
|
|
STRING_WITH_LEN("FUNCTION"), TRUE, buff, buffsize))
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
/*
|
|
SHOW GRANTS; Send grants for a user to the client
|
|
|
|
IMPLEMENTATION
|
|
Send to client grant-like strings depicting user@host privileges
|
|
*/
|
|
|
|
bool mysql_show_grants(THD *thd, LEX_USER *lex_user)
|
|
{
|
|
int error = 0;
|
|
ACL_USER *acl_user;
|
|
ACL_ROLE *acl_role= NULL;
|
|
char buff[1024];
|
|
Protocol *protocol= thd->protocol;
|
|
char *username= NULL;
|
|
char *hostname= NULL;
|
|
char *rolename= NULL;
|
|
DBUG_ENTER("mysql_show_grants");
|
|
|
|
LINT_INIT(acl_user);
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
if (lex_user->user.str == current_user.str)
|
|
{
|
|
username= thd->security_ctx->priv_user;
|
|
hostname= thd->security_ctx->priv_host;
|
|
}
|
|
else if (lex_user->user.str == current_role.str)
|
|
{
|
|
rolename= thd->security_ctx->priv_role;
|
|
}
|
|
else if (lex_user->user.str == current_user_and_current_role.str)
|
|
{
|
|
username= thd->security_ctx->priv_user;
|
|
hostname= thd->security_ctx->priv_host;
|
|
rolename= thd->security_ctx->priv_role;
|
|
}
|
|
else
|
|
{
|
|
if (find_and_mark_as_role(lex_user))
|
|
{
|
|
rolename= lex_user->user.str;
|
|
}
|
|
else
|
|
{
|
|
username= lex_user->user.str;
|
|
hostname= lex_user->host.str;
|
|
}
|
|
}
|
|
DBUG_ASSERT(rolename || username);
|
|
|
|
Item_string *field=new Item_string("",0,&my_charset_latin1);
|
|
List<Item> field_list;
|
|
field->name=buff;
|
|
field->max_length=1024;
|
|
if (!username)
|
|
strxmov(buff,"Grants for ",rolename, NullS);
|
|
else
|
|
strxmov(buff,"Grants for ",username,"@",hostname, NullS);
|
|
field_list.push_back(field);
|
|
if (protocol->send_result_set_metadata(&field_list,
|
|
Protocol::SEND_NUM_ROWS | Protocol::SEND_EOF))
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
if (username)
|
|
{
|
|
acl_user= find_user_no_anon(hostname, username, TRUE);
|
|
if (!acl_user)
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
my_error(ER_NONEXISTING_GRANT, MYF(0),
|
|
username, hostname);
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
|
|
/* Show granted roles to acl_user */
|
|
if (show_role_grants(thd, username, hostname, acl_user, buff, sizeof(buff)))
|
|
{
|
|
error= -1;
|
|
goto end;
|
|
}
|
|
|
|
/* Add first global access grants */
|
|
if (show_global_privileges(thd, acl_user, FALSE, buff, sizeof(buff)))
|
|
{
|
|
error= -1;
|
|
goto end;
|
|
};
|
|
|
|
/* Add database access */
|
|
if (show_database_privileges(thd, username, hostname, FALSE, buff, sizeof(buff)))
|
|
{
|
|
error= -1;
|
|
goto end;
|
|
}
|
|
|
|
/* Add table & column access */
|
|
if (show_table_and_column_privileges(thd, username, hostname, FALSE, buff, sizeof(buff)))
|
|
{
|
|
error= -1;
|
|
goto end;
|
|
}
|
|
|
|
if (show_routine_grants(thd, username, hostname, &proc_priv_hash,
|
|
STRING_WITH_LEN("PROCEDURE"), FALSE, buff, sizeof(buff)))
|
|
{
|
|
error= -1;
|
|
goto end;
|
|
}
|
|
|
|
if (show_routine_grants(thd, username, hostname, &func_priv_hash,
|
|
STRING_WITH_LEN("FUNCTION"), FALSE, buff, sizeof(buff)))
|
|
{
|
|
error= -1;
|
|
goto end;
|
|
}
|
|
|
|
if (show_proxy_grants(thd, username, hostname, buff, sizeof(buff)))
|
|
{
|
|
error= -1;
|
|
goto end;
|
|
}
|
|
}
|
|
|
|
if (rolename)
|
|
{
|
|
acl_role= find_acl_role(rolename);
|
|
if (acl_role)
|
|
{
|
|
DYNAMIC_ARRAY role_list;
|
|
(void) my_init_dynamic_array(&role_list,sizeof(ACL_ROLE *),
|
|
50, 100, MYF(0));
|
|
/* get a list of all inherited roles */
|
|
traverse_role_graph(acl_role,
|
|
&role_list, NULL, NULL, NULL,
|
|
role_explore_create_list);
|
|
for (uint i= 0; i < role_list.elements; i++)
|
|
{
|
|
if (print_grants_for_role(thd,
|
|
*dynamic_element(&role_list, i, ACL_ROLE **),
|
|
buff, sizeof(buff)))
|
|
{
|
|
error= -1;
|
|
goto end;
|
|
}
|
|
}
|
|
delete_dynamic(&role_list);
|
|
}
|
|
else
|
|
{
|
|
if (lex_user->user.str == current_role.str)
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
my_error(ER_NONEXISTING_GRANT, MYF(0),
|
|
thd->security_ctx->priv_user,
|
|
thd->security_ctx->priv_host);
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
}
|
|
}
|
|
|
|
end:
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
my_eof(thd);
|
|
DBUG_RETURN(error);
|
|
}
|
|
|
|
static bool show_role_grants(THD *thd,
|
|
const char *username,
|
|
const char *hostname,
|
|
ACL_USER_BASE *acl_entry,
|
|
char *buff, size_t buffsize)
|
|
{
|
|
uint counter;
|
|
Protocol *protocol= thd->protocol;
|
|
uint hostname_length = strlen(hostname);
|
|
|
|
String grant(buff,sizeof(buff),system_charset_info);
|
|
for (counter= 0; counter < acl_entry->role_grants.elements; counter++)
|
|
{
|
|
grant.length(0);
|
|
grant.append(STRING_WITH_LEN("GRANT "));
|
|
ACL_ROLE *acl_role= *(dynamic_element(&acl_entry->role_grants, counter,
|
|
ACL_ROLE**));
|
|
grant.append(acl_role->user.str, acl_role->user.length,
|
|
system_charset_info);
|
|
grant.append(STRING_WITH_LEN(" TO '"));
|
|
grant.append(acl_entry->user.str, acl_entry->user.length,
|
|
system_charset_info);
|
|
if (!(acl_entry->flags & IS_ROLE))
|
|
{
|
|
grant.append(STRING_WITH_LEN("'@'"));
|
|
grant.append(hostname, hostname_length,
|
|
system_charset_info);
|
|
}
|
|
grant.append('\'');
|
|
protocol->prepare_for_resend();
|
|
protocol->store(grant.ptr(),grant.length(),grant.charset());
|
|
if (protocol->write())
|
|
{
|
|
return TRUE;
|
|
}
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
static bool show_global_privileges(THD *thd, ACL_USER_BASE *acl_entry,
|
|
bool handle_as_role,
|
|
char *buff, size_t buffsize)
|
|
{
|
|
uint counter;
|
|
ulong want_access;
|
|
Protocol *protocol= thd->protocol;
|
|
|
|
String global(buff,sizeof(buff),system_charset_info);
|
|
global.length(0);
|
|
global.append(STRING_WITH_LEN("GRANT "));
|
|
|
|
if (handle_as_role)
|
|
want_access= ((ACL_ROLE *)acl_entry)->initial_role_access;
|
|
else
|
|
want_access= acl_entry->access;
|
|
if (test_all_bits(want_access, (GLOBAL_ACLS & ~ GRANT_ACL)))
|
|
global.append(STRING_WITH_LEN("ALL PRIVILEGES"));
|
|
else if (!(want_access & ~GRANT_ACL))
|
|
global.append(STRING_WITH_LEN("USAGE"));
|
|
else
|
|
{
|
|
bool found=0;
|
|
ulong j,test_access= want_access & ~GRANT_ACL;
|
|
for (counter=0, j = SELECT_ACL;j <= GLOBAL_ACLS;counter++,j <<= 1)
|
|
{
|
|
if (test_access & j)
|
|
{
|
|
if (found)
|
|
global.append(STRING_WITH_LEN(", "));
|
|
found=1;
|
|
global.append(command_array[counter],command_lengths[counter]);
|
|
}
|
|
}
|
|
}
|
|
global.append (STRING_WITH_LEN(" ON *.* TO '"));
|
|
global.append(acl_entry->user.str, acl_entry->user.length,
|
|
system_charset_info);
|
|
global.append('\'');
|
|
|
|
if (!handle_as_role)
|
|
{
|
|
ACL_USER *acl_user= (ACL_USER *)acl_entry;
|
|
|
|
global.append (STRING_WITH_LEN("@'"));
|
|
global.append(acl_user->host.hostname, acl_user->hostname_length,
|
|
system_charset_info);
|
|
global.append ('\'');
|
|
|
|
if (acl_user->plugin.str == native_password_plugin_name.str ||
|
|
acl_user->plugin.str == old_password_plugin_name.str)
|
|
{
|
|
if (acl_user->auth_string.length)
|
|
{
|
|
DBUG_ASSERT(acl_user->salt_len);
|
|
global.append(STRING_WITH_LEN(" IDENTIFIED BY PASSWORD '"));
|
|
global.append(acl_user->auth_string.str, acl_user->auth_string.length);
|
|
global.append('\'');
|
|
}
|
|
}
|
|
else
|
|
{
|
|
global.append(STRING_WITH_LEN(" IDENTIFIED VIA "));
|
|
global.append(acl_user->plugin.str, acl_user->plugin.length);
|
|
if (acl_user->auth_string.length)
|
|
{
|
|
global.append(STRING_WITH_LEN(" USING '"));
|
|
global.append(acl_user->auth_string.str, acl_user->auth_string.length);
|
|
global.append('\'');
|
|
}
|
|
}
|
|
/* "show grants" SSL related stuff */
|
|
if (acl_user->ssl_type == SSL_TYPE_ANY)
|
|
global.append(STRING_WITH_LEN(" REQUIRE SSL"));
|
|
else if (acl_user->ssl_type == SSL_TYPE_X509)
|
|
global.append(STRING_WITH_LEN(" REQUIRE X509"));
|
|
else if (acl_user->ssl_type == SSL_TYPE_SPECIFIED)
|
|
{
|
|
int ssl_options = 0;
|
|
global.append(STRING_WITH_LEN(" REQUIRE "));
|
|
if (acl_user->x509_issuer)
|
|
{
|
|
ssl_options++;
|
|
global.append(STRING_WITH_LEN("ISSUER \'"));
|
|
global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
|
|
global.append('\'');
|
|
}
|
|
if (acl_user->x509_subject)
|
|
{
|
|
if (ssl_options++)
|
|
global.append(' ');
|
|
global.append(STRING_WITH_LEN("SUBJECT \'"));
|
|
global.append(acl_user->x509_subject,strlen(acl_user->x509_subject),
|
|
system_charset_info);
|
|
global.append('\'');
|
|
}
|
|
if (acl_user->ssl_cipher)
|
|
{
|
|
if (ssl_options++)
|
|
global.append(' ');
|
|
global.append(STRING_WITH_LEN("CIPHER '"));
|
|
global.append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher),
|
|
system_charset_info);
|
|
global.append('\'');
|
|
}
|
|
}
|
|
if ((want_access & GRANT_ACL) ||
|
|
(acl_user->user_resource.questions ||
|
|
acl_user->user_resource.updates ||
|
|
acl_user->user_resource.conn_per_hour ||
|
|
acl_user->user_resource.user_conn))
|
|
{
|
|
global.append(STRING_WITH_LEN(" WITH"));
|
|
if (want_access & GRANT_ACL)
|
|
global.append(STRING_WITH_LEN(" GRANT OPTION"));
|
|
add_user_option(&global, acl_user->user_resource.questions,
|
|
"MAX_QUERIES_PER_HOUR", 0);
|
|
add_user_option(&global, acl_user->user_resource.updates,
|
|
"MAX_UPDATES_PER_HOUR", 0);
|
|
add_user_option(&global, acl_user->user_resource.conn_per_hour,
|
|
"MAX_CONNECTIONS_PER_HOUR", 0);
|
|
add_user_option(&global, acl_user->user_resource.user_conn,
|
|
"MAX_USER_CONNECTIONS", 1);
|
|
}
|
|
}
|
|
|
|
protocol->prepare_for_resend();
|
|
protocol->store(global.ptr(),global.length(),global.charset());
|
|
if (protocol->write())
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
static bool show_database_privileges(THD *thd,
|
|
const char *username,
|
|
const char *hostname,
|
|
bool handle_as_role,
|
|
char *buff, size_t buffsize)
|
|
{
|
|
ACL_DB *acl_db;
|
|
ulong want_access;
|
|
uint counter;
|
|
Protocol *protocol= thd->protocol;
|
|
|
|
for (counter=0 ; counter < acl_dbs.elements ; counter++)
|
|
{
|
|
const char *user, *host;
|
|
|
|
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
|
|
if (!(user=acl_db->user))
|
|
user= "";
|
|
if (!(host=acl_db->host.hostname))
|
|
host= "";
|
|
|
|
/*
|
|
We do not make SHOW GRANTS case-sensitive here (like REVOKE),
|
|
but make it case-insensitive because that's the way they are
|
|
actually applied, and showing fewer privileges than are applied
|
|
would be wrong from a security point of view.
|
|
*/
|
|
|
|
if (!strcmp(username, user) &&
|
|
!my_strcasecmp(system_charset_info, hostname, host))
|
|
{
|
|
/* do not print inherited access bits, the role bits present in the
|
|
table are what matters */
|
|
if (handle_as_role)
|
|
want_access=acl_db->initial_access;
|
|
else
|
|
want_access=acl_db->access;
|
|
if (want_access)
|
|
{
|
|
String db(buff,sizeof(buff),system_charset_info);
|
|
db.length(0);
|
|
db.append(STRING_WITH_LEN("GRANT "));
|
|
|
|
if (test_all_bits(want_access,(DB_ACLS & ~GRANT_ACL)))
|
|
db.append(STRING_WITH_LEN("ALL PRIVILEGES"));
|
|
else if (!(want_access & ~GRANT_ACL))
|
|
db.append(STRING_WITH_LEN("USAGE"));
|
|
else
|
|
{
|
|
int found=0, cnt;
|
|
ulong j,test_access= want_access & ~GRANT_ACL;
|
|
for (cnt=0, j = SELECT_ACL; j <= DB_ACLS; cnt++,j <<= 1)
|
|
{
|
|
if (test_access & j)
|
|
{
|
|
if (found)
|
|
db.append(STRING_WITH_LEN(", "));
|
|
found = 1;
|
|
db.append(command_array[cnt],command_lengths[cnt]);
|
|
}
|
|
}
|
|
}
|
|
db.append (STRING_WITH_LEN(" ON "));
|
|
append_identifier(thd, &db, acl_db->db, strlen(acl_db->db));
|
|
db.append (STRING_WITH_LEN(".* TO '"));
|
|
db.append(username, strlen(username),
|
|
system_charset_info);
|
|
if (!handle_as_role)
|
|
{
|
|
db.append (STRING_WITH_LEN("'@'"));
|
|
// host and lex_user->host are equal except for case
|
|
db.append(host, strlen(host), system_charset_info);
|
|
}
|
|
db.append ('\'');
|
|
if (want_access & GRANT_ACL)
|
|
db.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
|
|
protocol->prepare_for_resend();
|
|
protocol->store(db.ptr(),db.length(),db.charset());
|
|
if (protocol->write())
|
|
{
|
|
return TRUE;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
static bool show_table_and_column_privileges(THD *thd,
|
|
const char *username,
|
|
const char *hostname,
|
|
bool handle_as_role,
|
|
char *buff, size_t buffsize)
|
|
{
|
|
uint counter, index;
|
|
Protocol *protocol= thd->protocol;
|
|
|
|
for (index=0 ; index < column_priv_hash.records ; index++)
|
|
{
|
|
const char *user, *host;
|
|
GRANT_TABLE *grant_table= (GRANT_TABLE*)
|
|
my_hash_element(&column_priv_hash, index);
|
|
|
|
if (!(user=grant_table->user))
|
|
user= "";
|
|
if (!(host= grant_table->host.hostname))
|
|
host= "";
|
|
|
|
/*
|
|
We do not make SHOW GRANTS case-sensitive here (like REVOKE),
|
|
but make it case-insensitive because that's the way they are
|
|
actually applied, and showing fewer privileges than are applied
|
|
would be wrong from a security point of view.
|
|
*/
|
|
|
|
if (!strcmp(username,user) &&
|
|
!my_strcasecmp(system_charset_info, hostname, host))
|
|
{
|
|
ulong table_access;
|
|
ulong cols_access;
|
|
if (handle_as_role)
|
|
{
|
|
table_access= grant_table->init_privs;
|
|
cols_access= grant_table->init_cols;
|
|
}
|
|
else
|
|
{
|
|
table_access= grant_table->privs;
|
|
cols_access= grant_table->cols;
|
|
}
|
|
|
|
if ((table_access | cols_access) != 0)
|
|
{
|
|
String global(buff, sizeof(buff), system_charset_info);
|
|
ulong test_access= (table_access | cols_access) & ~GRANT_ACL;
|
|
|
|
global.length(0);
|
|
global.append(STRING_WITH_LEN("GRANT "));
|
|
|
|
if (test_all_bits(table_access, (TABLE_ACLS & ~GRANT_ACL)))
|
|
global.append(STRING_WITH_LEN("ALL PRIVILEGES"));
|
|
else if (!test_access)
|
|
global.append(STRING_WITH_LEN("USAGE"));
|
|
else
|
|
{
|
|
/* Add specific column access */
|
|
int found= 0;
|
|
ulong j;
|
|
|
|
for (counter= 0, j= SELECT_ACL; j <= TABLE_ACLS; counter++, j<<= 1)
|
|
{
|
|
if (test_access & j)
|
|
{
|
|
if (found)
|
|
global.append(STRING_WITH_LEN(", "));
|
|
found= 1;
|
|
global.append(command_array[counter],command_lengths[counter]);
|
|
|
|
if (grant_table->cols)
|
|
{
|
|
uint found_col= 0;
|
|
HASH *hash_columns;
|
|
hash_columns= &grant_table->hash_columns;
|
|
|
|
for (uint col_index=0 ;
|
|
col_index < hash_columns->records ;
|
|
col_index++)
|
|
{
|
|
GRANT_COLUMN *grant_column = (GRANT_COLUMN*)
|
|
my_hash_element(hash_columns,col_index);
|
|
if ((!handle_as_role && (grant_column->rights & j)) ||
|
|
(handle_as_role && (grant_column->init_rights & j)))
|
|
{
|
|
if (!found_col)
|
|
{
|
|
found_col= 1;
|
|
/*
|
|
If we have a duplicated table level privilege, we
|
|
must write the access privilege name again.
|
|
*/
|
|
if (table_access & j)
|
|
{
|
|
global.append(STRING_WITH_LEN(", "));
|
|
global.append(command_array[counter],
|
|
command_lengths[counter]);
|
|
}
|
|
global.append(STRING_WITH_LEN(" ("));
|
|
}
|
|
else
|
|
global.append(STRING_WITH_LEN(", "));
|
|
global.append(grant_column->column,
|
|
grant_column->key_length,
|
|
system_charset_info);
|
|
}
|
|
}
|
|
if (found_col)
|
|
global.append(')');
|
|
}
|
|
}
|
|
}
|
|
}
|
|
global.append(STRING_WITH_LEN(" ON "));
|
|
append_identifier(thd, &global, grant_table->db,
|
|
strlen(grant_table->db));
|
|
global.append('.');
|
|
append_identifier(thd, &global, grant_table->tname,
|
|
strlen(grant_table->tname));
|
|
global.append(STRING_WITH_LEN(" TO '"));
|
|
global.append(username, strlen(username),
|
|
system_charset_info);
|
|
if (!handle_as_role)
|
|
{
|
|
global.append(STRING_WITH_LEN("'@'"));
|
|
// host and lex_user->host are equal except for case
|
|
global.append(host, strlen(host), system_charset_info);
|
|
}
|
|
global.append('\'');
|
|
if (table_access & GRANT_ACL)
|
|
global.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
|
|
protocol->prepare_for_resend();
|
|
protocol->store(global.ptr(),global.length(),global.charset());
|
|
if (protocol->write())
|
|
{
|
|
return TRUE;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
static int show_routine_grants(THD* thd,
|
|
const char *username, const char *hostname,
|
|
HASH *hash,
|
|
const char *type, int typelen,
|
|
bool handle_as_role,
|
|
char *buff, int buffsize)
|
|
{
|
|
uint counter, index;
|
|
int error= 0;
|
|
Protocol *protocol= thd->protocol;
|
|
/* Add routine access */
|
|
for (index=0 ; index < hash->records ; index++)
|
|
{
|
|
const char *user, *host;
|
|
GRANT_NAME *grant_proc= (GRANT_NAME*) my_hash_element(hash, index);
|
|
|
|
if (!(user=grant_proc->user))
|
|
user= "";
|
|
if (!(host= grant_proc->host.hostname))
|
|
host= "";
|
|
|
|
/*
|
|
We do not make SHOW GRANTS case-sensitive here (like REVOKE),
|
|
but make it case-insensitive because that's the way they are
|
|
actually applied, and showing fewer privileges than are applied
|
|
would be wrong from a security point of view.
|
|
*/
|
|
|
|
if (!strcmp(username, user) &&
|
|
!my_strcasecmp(system_charset_info, hostname, host))
|
|
{
|
|
ulong proc_access;
|
|
if (handle_as_role)
|
|
proc_access= grant_proc->init_privs;
|
|
else
|
|
proc_access= grant_proc->privs;
|
|
|
|
if (proc_access != 0)
|
|
{
|
|
String global(buff, buffsize, system_charset_info);
|
|
ulong test_access= proc_access & ~GRANT_ACL;
|
|
|
|
global.length(0);
|
|
global.append(STRING_WITH_LEN("GRANT "));
|
|
|
|
if (!test_access)
|
|
global.append(STRING_WITH_LEN("USAGE"));
|
|
else
|
|
{
|
|
/* Add specific procedure access */
|
|
int found= 0;
|
|
ulong j;
|
|
|
|
for (counter= 0, j= SELECT_ACL; j <= PROC_ACLS; counter++, j<<= 1)
|
|
{
|
|
if (test_access & j)
|
|
{
|
|
if (found)
|
|
global.append(STRING_WITH_LEN(", "));
|
|
found= 1;
|
|
global.append(command_array[counter],command_lengths[counter]);
|
|
}
|
|
}
|
|
}
|
|
global.append(STRING_WITH_LEN(" ON "));
|
|
global.append(type,typelen);
|
|
global.append(' ');
|
|
append_identifier(thd, &global, grant_proc->db,
|
|
strlen(grant_proc->db));
|
|
global.append('.');
|
|
append_identifier(thd, &global, grant_proc->tname,
|
|
strlen(grant_proc->tname));
|
|
global.append(STRING_WITH_LEN(" TO '"));
|
|
global.append(username, strlen(username),
|
|
system_charset_info);
|
|
if (!handle_as_role)
|
|
{
|
|
global.append(STRING_WITH_LEN("'@'"));
|
|
// host and lex_user->host are equal except for case
|
|
global.append(host, strlen(host), system_charset_info);
|
|
}
|
|
global.append('\'');
|
|
if (proc_access & GRANT_ACL)
|
|
global.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
|
|
protocol->prepare_for_resend();
|
|
protocol->store(global.ptr(),global.length(),global.charset());
|
|
if (protocol->write())
|
|
{
|
|
error= -1;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return error;
|
|
}
|
|
|
|
|
|
static void reset_role_db_privileges(ACL_ROLE *role)
|
|
{
|
|
char *rolename= role->user.str;
|
|
for (uint i=0 ; i < acl_dbs.elements; i++)
|
|
{
|
|
ACL_DB *acl_db= dynamic_element(&acl_dbs,i,ACL_DB*);
|
|
if (acl_db->user && (!acl_db->host.hostname || !acl_db->host.hostname[0])
|
|
&& (!strcmp(rolename, acl_db->user)))
|
|
{
|
|
acl_db->access= acl_db->initial_access;
|
|
}
|
|
/* this is only an inherited entry that needs to be removed */
|
|
if (!acl_db->access)
|
|
{
|
|
delete_dynamic_element(&acl_dbs, i);
|
|
i--;
|
|
}
|
|
}
|
|
}
|
|
|
|
static void reset_role_table_and_column_privileges(ACL_ROLE *role)
|
|
{
|
|
char *rolename= role->user.str;
|
|
for (uint i=0 ; i < column_priv_hash.records ; i++)
|
|
{
|
|
GRANT_TABLE *grant_table= (GRANT_TABLE *)
|
|
my_hash_element(&column_priv_hash, i);
|
|
if (grant_table->user && (!grant_table->host.hostname ||
|
|
!grant_table->host.hostname[0]) &&
|
|
!strcmp(rolename, grant_table->user))
|
|
{
|
|
grant_table->privs= grant_table->init_privs;
|
|
grant_table->cols= grant_table->init_cols;
|
|
if (grant_table->privs | grant_table->cols)
|
|
{
|
|
for (uint j=0 ; j < grant_table->hash_columns.records ; j++)
|
|
{
|
|
GRANT_COLUMN *grant_column= (GRANT_COLUMN *)
|
|
my_hash_element(&grant_table->hash_columns, j);
|
|
if (grant_column->init_rights == 0)
|
|
{
|
|
my_hash_delete(&grant_table->hash_columns, (uchar *)grant_column);
|
|
j--;
|
|
}
|
|
else
|
|
{
|
|
grant_column->rights= grant_column->init_rights;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* delete the record altogether as we have no privileges left */
|
|
my_hash_delete(&column_priv_hash, (uchar *)grant_table);
|
|
i--;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
static void reset_role_routine_grant_privileges(ACL_ROLE *role)
|
|
{
|
|
char *rolename= role->user.str;
|
|
for (uint is_proc= 0; is_proc < 2; is_proc++) {
|
|
HASH *hash;
|
|
if (is_proc)
|
|
hash= &proc_priv_hash;
|
|
else
|
|
hash= &func_priv_hash;
|
|
|
|
for (uint i=0 ; i < hash->records ; i++)
|
|
{
|
|
GRANT_NAME *grant_name= (GRANT_NAME *) my_hash_element(hash, i);
|
|
if (grant_name->user && (!grant_name->host.hostname ||
|
|
!grant_name->host.hostname[0]) &&
|
|
!strcmp(rolename, grant_name->user))
|
|
{
|
|
if (grant_name->init_privs == 0)
|
|
{
|
|
my_hash_delete(hash, (uchar *)grant_name);
|
|
i--;
|
|
}
|
|
else
|
|
{
|
|
grant_name->privs= grant_name->init_privs;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
/*
|
|
Make a clear-text version of the requested privilege.
|
|
*/
|
|
|
|
void get_privilege_desc(char *to, uint max_length, ulong access)
|
|
{
|
|
uint pos;
|
|
char *start=to;
|
|
DBUG_ASSERT(max_length >= 30); // For end ',' removal
|
|
|
|
if (access)
|
|
{
|
|
max_length--; // Reserve place for end-zero
|
|
for (pos=0 ; access ; pos++, access>>=1)
|
|
{
|
|
if ((access & 1) &&
|
|
command_lengths[pos] + (uint) (to-start) < max_length)
|
|
{
|
|
to= strmov(to, command_array[pos]);
|
|
*to++=',';
|
|
}
|
|
}
|
|
to--; // Remove end ','
|
|
}
|
|
*to=0;
|
|
}
|
|
|
|
|
|
void get_mqh(const char *user, const char *host, USER_CONN *uc)
|
|
{
|
|
ACL_USER *acl_user;
|
|
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
if (initialized && (acl_user= find_user_no_anon(host,user, FALSE)))
|
|
uc->user_resources= acl_user->user_resource;
|
|
else
|
|
bzero((char*) &uc->user_resources, sizeof(uc->user_resources));
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
}
|
|
|
|
/*
|
|
Open the grant tables.
|
|
|
|
SYNOPSIS
|
|
open_grant_tables()
|
|
thd The current thread.
|
|
tables (out) The 7 elements array for the opened tables.
|
|
|
|
DESCRIPTION
|
|
Tables are numbered as follows:
|
|
0 user
|
|
1 db
|
|
2 tables_priv
|
|
3 columns_priv
|
|
4 procs_priv
|
|
5 proxies_priv
|
|
6 roles_mapping
|
|
|
|
RETURN
|
|
1 Skip GRANT handling during replication.
|
|
0 OK.
|
|
< 0 Error.
|
|
*/
|
|
|
|
#define GRANT_TABLES 7
|
|
int open_grant_tables(THD *thd, TABLE_LIST *tables)
|
|
{
|
|
Rpl_filter *rpl_filter= thd->rpl_filter;
|
|
DBUG_ENTER("open_grant_tables");
|
|
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
tables->init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("user"), "user", TL_WRITE);
|
|
(tables+1)->init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("db"), "db", TL_WRITE);
|
|
(tables+2)->init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("tables_priv"),
|
|
"tables_priv", TL_WRITE);
|
|
(tables+3)->init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("columns_priv"),
|
|
"columns_priv", TL_WRITE);
|
|
(tables+4)->init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("procs_priv"),
|
|
"procs_priv", TL_WRITE);
|
|
(tables+5)->init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("proxies_priv"),
|
|
"proxies_priv", TL_WRITE);
|
|
(tables+5)->open_strategy= TABLE_LIST::OPEN_IF_EXISTS;
|
|
(tables+6)->init_one_table(C_STRING_WITH_LEN("mysql"),
|
|
C_STRING_WITH_LEN("roles_mapping"),
|
|
"roles_mapping", TL_WRITE);
|
|
(tables+6)->open_strategy= TABLE_LIST::OPEN_IF_EXISTS;
|
|
|
|
|
|
tables->next_local= tables->next_global= tables + 1;
|
|
(tables+1)->next_local= (tables+1)->next_global= tables + 2;
|
|
(tables+2)->next_local= (tables+2)->next_global= tables + 3;
|
|
(tables+3)->next_local= (tables+3)->next_global= tables + 4;
|
|
(tables+4)->next_local= (tables+4)->next_global= tables + 5;
|
|
(tables+5)->next_local= (tables+5)->next_global= tables + 6;
|
|
|
|
#ifdef HAVE_REPLICATION
|
|
/*
|
|
GRANT and REVOKE are applied the slave in/exclusion rules as they are
|
|
some kind of updates to the mysql.% tables.
|
|
*/
|
|
if (thd->slave_thread && rpl_filter->is_on())
|
|
{
|
|
/*
|
|
The tables must be marked "updating" so that tables_ok() takes them into
|
|
account in tests.
|
|
*/
|
|
tables[0].updating= tables[1].updating= tables[2].updating=
|
|
tables[3].updating= tables[4].updating= tables[5].updating= 1;
|
|
if (!(thd->spcont || rpl_filter->tables_ok(0, tables)))
|
|
DBUG_RETURN(1);
|
|
tables[0].updating= tables[1].updating= tables[2].updating=
|
|
tables[3].updating= tables[4].updating= tables[5].updating= 0;
|
|
}
|
|
#endif
|
|
|
|
if (open_and_lock_tables(thd, tables, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
|
{ // This should never happen
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
ACL_USER *check_acl_user(LEX_USER *user_name,
|
|
uint *acl_acl_userdx)
|
|
{
|
|
ACL_USER *acl_user= 0;
|
|
uint counter;
|
|
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
for (counter= 0 ; counter < acl_users.elements ; counter++)
|
|
{
|
|
const char *user,*host;
|
|
acl_user= dynamic_element(&acl_users, counter, ACL_USER*);
|
|
if (!(user=acl_user->user.str))
|
|
user= "";
|
|
if (!(host=acl_user->host.hostname))
|
|
host= "";
|
|
if (!strcmp(user_name->user.str,user) &&
|
|
!my_strcasecmp(system_charset_info, user_name->host.str, host))
|
|
break;
|
|
}
|
|
if (counter == acl_users.elements)
|
|
return 0;
|
|
|
|
*acl_acl_userdx= counter;
|
|
return acl_user;
|
|
}
|
|
|
|
/*
|
|
Modify a privilege table.
|
|
|
|
SYNOPSIS
|
|
modify_grant_table()
|
|
table The table to modify.
|
|
host_field The host name field.
|
|
user_field The user name field.
|
|
user_to The new name for the user if to be renamed,
|
|
NULL otherwise.
|
|
|
|
DESCRIPTION
|
|
Update user/host in the current record if user_to is not NULL.
|
|
Delete the current record if user_to is NULL.
|
|
|
|
RETURN
|
|
0 OK.
|
|
!= 0 Error.
|
|
*/
|
|
|
|
static int modify_grant_table(TABLE *table, Field *host_field,
|
|
Field *user_field, LEX_USER *user_to)
|
|
{
|
|
int error;
|
|
DBUG_ENTER("modify_grant_table");
|
|
|
|
if (user_to)
|
|
{
|
|
/* rename */
|
|
store_record(table, record[1]);
|
|
host_field->store(user_to->host.str, user_to->host.length,
|
|
system_charset_info);
|
|
user_field->store(user_to->user.str, user_to->user.length,
|
|
system_charset_info);
|
|
if ((error= table->file->ha_update_row(table->record[1],
|
|
table->record[0])) &&
|
|
error != HA_ERR_RECORD_IS_THE_SAME)
|
|
table->file->print_error(error, MYF(0));
|
|
else
|
|
error= 0;
|
|
}
|
|
else
|
|
{
|
|
/* delete */
|
|
if ((error=table->file->ha_delete_row(table->record[0])))
|
|
table->file->print_error(error, MYF(0));
|
|
}
|
|
|
|
DBUG_RETURN(error);
|
|
}
|
|
|
|
/*
|
|
The function merges access bits from a granted role to a grantee.
|
|
|
|
It creates data structures if they don't exist for the grantee.
|
|
This includes data structures related to database privileges, tables
|
|
privileges, column privileges, function and procedures privileges
|
|
*/
|
|
|
|
void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source)
|
|
{
|
|
DBUG_ASSERT(source->flags & ROLE_GRANTS_FINAL);
|
|
|
|
/* Merge global access rights */
|
|
target->access|= source->access;
|
|
|
|
/* Merge database privileges */
|
|
DYNAMIC_ARRAY target_objs, source_objs; /* arrays of pointers to priv objects */
|
|
|
|
/* elements of the arrays */
|
|
ACL_DB *target_db, *source_db;
|
|
GRANT_TABLE *target_table, *source_table;
|
|
GRANT_NAME *target_name, *source_name;
|
|
MEM_ROOT *memex_ptr = &memex;
|
|
|
|
(void) my_init_dynamic_array(&target_objs,sizeof(void *), 50, 100, MYF(0));
|
|
(void) my_init_dynamic_array(&source_objs,sizeof(void *), 50, 100, MYF(0));
|
|
|
|
/* get all acl_db elements for the source and the target */
|
|
for (uint i=0 ; i < acl_dbs.elements ; i++)
|
|
{
|
|
ACL_DB *acl_db= dynamic_element(&acl_dbs,i,ACL_DB*);
|
|
if (acl_db->user && (!acl_db->host.hostname || !acl_db->host.hostname[0]))
|
|
{
|
|
if (!strcmp(target->user.str, acl_db->user))
|
|
push_dynamic(&target_objs, (uchar*)&acl_db);
|
|
if (!strcmp(source->user.str, acl_db->user))
|
|
push_dynamic(&source_objs, (uchar*)&acl_db);
|
|
}
|
|
}
|
|
|
|
for (uint i=0 ; i < source_objs.elements; i++)
|
|
{
|
|
source_db= (ACL_DB *)*dynamic_element(&source_objs, i, void **);
|
|
target_db= NULL;
|
|
for (uint j=0; j < target_objs.elements; j++)
|
|
{
|
|
ACL_DB *acl_db= (ACL_DB *)*dynamic_element(&target_objs, i, void **);
|
|
if (!strcmp(source_db->db, acl_db->db)) /* only need to compare DB here */
|
|
target_db= acl_db;
|
|
}
|
|
|
|
/* acl_db element found for the target, only need to update acces bits */
|
|
if (target_db)
|
|
{
|
|
target_db->access|= source_db->access;
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
Need to create an acl_db element as this role inherits database
|
|
privileges
|
|
*/
|
|
acl_insert_db(target->user.str, "", source_db->db,
|
|
source_db->access, FALSE);
|
|
}
|
|
}
|
|
|
|
reset_dynamic(&source_objs);
|
|
reset_dynamic(&target_objs);
|
|
|
|
/* Merge table and column privileges */
|
|
for (uint i=0 ; i < column_priv_hash.records ; i++)
|
|
{
|
|
GRANT_TABLE *grant_table= (GRANT_TABLE *)
|
|
my_hash_element(&column_priv_hash, i);
|
|
if (grant_table->user && (!grant_table->host.hostname ||
|
|
!grant_table->host.hostname[0]))
|
|
{
|
|
if (!strcmp(target->user.str, grant_table->user))
|
|
push_dynamic(&target_objs, (uchar*)&grant_table);
|
|
if (!strcmp(source->user.str, grant_table->user))
|
|
push_dynamic(&source_objs, (uchar*)&grant_table);
|
|
}
|
|
}
|
|
|
|
|
|
for (uint i=0 ; i < source_objs.elements; i++)
|
|
{
|
|
source_table= (GRANT_TABLE *)*dynamic_element(&source_objs, i, void **);
|
|
target_table= NULL;
|
|
for (uint j=0; j < target_objs.elements; j++)
|
|
{
|
|
GRANT_TABLE *grant_table= (GRANT_TABLE *)*dynamic_element(&target_objs, i,
|
|
void **);
|
|
if (!strcmp(source_table->db, grant_table->db) &&
|
|
!strcmp(source_table->tname, grant_table->tname))
|
|
target_table= grant_table;
|
|
}
|
|
|
|
if (target_table)
|
|
{
|
|
target_table->privs|= source_table->privs;
|
|
target_table->cols|= source_table->cols;
|
|
merge_grant_table_hash_columns(&target_table->hash_columns,
|
|
&source_table->hash_columns);
|
|
}
|
|
else
|
|
{
|
|
target_table= new (memex_ptr) GRANT_TABLE(source_table, target->user.str);
|
|
my_hash_insert(&column_priv_hash, (uchar *) target_table);
|
|
}
|
|
|
|
}
|
|
|
|
reset_dynamic(&source_objs);
|
|
reset_dynamic(&target_objs);
|
|
|
|
/* Merge function and procedure privileges */
|
|
for (uint is_proc= 0; is_proc < 2; is_proc++) {
|
|
HASH *hash;
|
|
if (is_proc)
|
|
hash= &proc_priv_hash;
|
|
else
|
|
hash= &func_priv_hash;
|
|
|
|
for (uint i=0 ; i < hash->records ; i++)
|
|
{
|
|
GRANT_NAME *grant_name= (GRANT_NAME *) my_hash_element(hash, i);
|
|
if (grant_name->user && (!grant_name->host.hostname ||
|
|
!grant_name->host.hostname[0]))
|
|
{
|
|
if (!strcmp(target->user.str, grant_name->user))
|
|
push_dynamic(&target_objs, (uchar*)&grant_name);
|
|
if (!strcmp(source->user.str, grant_name->user))
|
|
push_dynamic(&source_objs, (uchar*)&grant_name);
|
|
}
|
|
}
|
|
|
|
for (uint i=0 ; i < source_objs.elements; i++)
|
|
{
|
|
source_name= (GRANT_NAME *)*dynamic_element(&source_objs, i, void **);
|
|
target_name= NULL;
|
|
for (uint j=0; j < target_objs.elements; j++)
|
|
{
|
|
GRANT_NAME *grant_name= (GRANT_NAME *)*dynamic_element(&target_objs, i,
|
|
void **);
|
|
if (!strcmp(source_name->db, grant_name->db) &&
|
|
!strcmp(source_name->tname, grant_name->tname))
|
|
target_name= grant_name;
|
|
}
|
|
|
|
if (target_name)
|
|
{
|
|
target_name->privs|= source_name->privs;
|
|
}
|
|
else
|
|
{
|
|
target_name= new (memex_ptr) GRANT_NAME(source_name, target->user.str,
|
|
is_proc);
|
|
my_hash_insert(hash, (uchar *) target_name);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* cleanup */
|
|
delete_dynamic(&source_objs);
|
|
delete_dynamic(&target_objs);
|
|
}
|
|
|
|
/*
|
|
Handle the roles_mappings privilege table
|
|
*/
|
|
static int handle_roles_mappings_table(TABLE *table, bool drop,
|
|
LEX_USER *user_from, LEX_USER *user_to)
|
|
{
|
|
/*
|
|
All entries (HostFK, UserFk) that match user_from will be renamed,
|
|
as well as all RoleFk entries that match if user_from.host.str == ""
|
|
|
|
Otherwise, only matching (HostFk, UserFk) will be renamed.
|
|
*/
|
|
DBUG_ENTER("handle_roles_mappings_table");
|
|
|
|
int error;
|
|
int result= 0;
|
|
THD *thd= current_thd;
|
|
const char *host, *user, *role;
|
|
Field *host_field= table->field[0];
|
|
Field *user_field= table->field[1];
|
|
Field *role_field= table->field[2];
|
|
|
|
DBUG_PRINT("info", ("Rewriting entry in roles_mappings table: %s@%s",
|
|
user_from->user.str,
|
|
user_from->host.str));
|
|
table->use_all_columns();
|
|
if ((error= table->file->ha_rnd_init(1)))
|
|
{
|
|
table->file->print_error(error, MYF(0));
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
while((error= table->file->ha_rnd_next(table->record[0])) !=
|
|
HA_ERR_END_OF_FILE)
|
|
{
|
|
if (error)
|
|
{
|
|
DBUG_PRINT("info", ("scan error: %d", error));
|
|
continue;
|
|
}
|
|
|
|
if (! (host= get_field(thd->mem_root, host_field)))
|
|
host= "";
|
|
if (! (user= get_field(thd->mem_root, user_field)))
|
|
user= "";
|
|
|
|
if (!(strcmp(user_from->user.str, user) ||
|
|
my_strcasecmp(system_charset_info, user_from->host.str, host)))
|
|
result= ((drop || user_to) &&
|
|
modify_grant_table(table, host_field, user_field, user_to)) ?
|
|
-1 : result ? result : 1; /* Error or keep result or found. */
|
|
else
|
|
{
|
|
if (! (role= get_field(thd->mem_root, role_field)))
|
|
role= "";
|
|
|
|
if (strcmp(user_from->user.str, role))
|
|
continue;
|
|
|
|
error= 0;
|
|
|
|
if (drop) /* drop if requested */
|
|
{
|
|
if ((error= table->file->ha_delete_row(table->record[0])))
|
|
table->file->print_error(error, MYF(0));
|
|
}
|
|
else if (user_to)
|
|
{
|
|
store_record(table, record[1]);
|
|
role_field->store(user_to->user.str, user_to->user.length,
|
|
system_charset_info);
|
|
if ((error= table->file->ha_update_row(table->record[1],
|
|
table->record[0])) &&
|
|
error != HA_ERR_RECORD_IS_THE_SAME)
|
|
table->file->print_error(error, MYF(0));
|
|
}
|
|
|
|
/* Error or keep result or found. */
|
|
result= error ? -1 : result ? result : 1;
|
|
}
|
|
}
|
|
table->file->ha_rnd_end();
|
|
}
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
/*
|
|
Handle a privilege table.
|
|
|
|
SYNOPSIS
|
|
handle_grant_table()
|
|
tables The array with the four open tables.
|
|
table_no The number of the table to handle (0..4).
|
|
drop If user_from is to be dropped.
|
|
user_from The the user to be searched/dropped/renamed.
|
|
user_to The new name for the user if to be renamed,
|
|
NULL otherwise.
|
|
|
|
DESCRIPTION
|
|
Scan through all records in a grant table and apply the requested
|
|
operation. For the "user" table, a single index access is sufficient,
|
|
since there is an unique index on (host, user).
|
|
Delete from grant table if drop is true.
|
|
Update in grant table if drop is false and user_to is not NULL.
|
|
Search in grant table if drop is false and user_to is NULL.
|
|
Tables are numbered as follows:
|
|
0 user
|
|
1 db
|
|
2 tables_priv
|
|
3 columns_priv
|
|
4 procs_priv
|
|
|
|
RETURN
|
|
> 0 At least one record matched.
|
|
0 OK, but no record matched.
|
|
< 0 Error.
|
|
*/
|
|
|
|
static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
|
|
LEX_USER *user_from, LEX_USER *user_to)
|
|
{
|
|
int result= 0;
|
|
int error;
|
|
TABLE *table= tables[table_no].table;
|
|
Field *host_field= table->field[0];
|
|
Field *user_field= table->field[table_no && table_no != 5 ? 2 : 1];
|
|
char *host_str= user_from->host.str;
|
|
char *user_str= user_from->user.str;
|
|
const char *host;
|
|
const char *user;
|
|
uchar user_key[MAX_KEY_LENGTH];
|
|
uint key_prefix_length;
|
|
DBUG_ENTER("handle_grant_table");
|
|
THD *thd= current_thd;
|
|
|
|
if (table_no == 6)
|
|
{
|
|
result= handle_roles_mappings_table(table, drop, user_from, user_to);
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
table->use_all_columns();
|
|
if (! table_no) // mysql.user table
|
|
{
|
|
/*
|
|
The 'user' table has an unique index on (host, user).
|
|
Thus, we can handle everything with a single index access.
|
|
The host- and user fields are consecutive in the user table records.
|
|
So we set host- and user fields of table->record[0] and use the
|
|
pointer to the host field as key.
|
|
index_read_idx() will replace table->record[0] (its first argument)
|
|
by the searched record, if it exists.
|
|
*/
|
|
DBUG_PRINT("info",("read table: '%s' search: '%s'@'%s'",
|
|
table->s->table_name.str, user_str, host_str));
|
|
host_field->store(host_str, user_from->host.length, system_charset_info);
|
|
user_field->store(user_str, user_from->user.length, system_charset_info);
|
|
|
|
key_prefix_length= (table->key_info->key_part[0].store_length +
|
|
table->key_info->key_part[1].store_length);
|
|
key_copy(user_key, table->record[0], table->key_info, key_prefix_length);
|
|
|
|
if ((error= table->file->ha_index_read_idx_map(table->record[0], 0,
|
|
user_key, (key_part_map)3,
|
|
HA_READ_KEY_EXACT)))
|
|
{
|
|
if (error != HA_ERR_KEY_NOT_FOUND && error != HA_ERR_END_OF_FILE)
|
|
{
|
|
table->file->print_error(error, MYF(0));
|
|
result= -1;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* If requested, delete or update the record. */
|
|
result= ((drop || user_to) &&
|
|
modify_grant_table(table, host_field, user_field, user_to)) ?
|
|
-1 : 1; /* Error or found. */
|
|
}
|
|
DBUG_PRINT("info",("read result: %d", result));
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
The non-'user' table do not have indexes on (host, user).
|
|
And their host- and user fields are not consecutive.
|
|
Thus, we need to do a table scan to find all matching records.
|
|
*/
|
|
if ((error= table->file->ha_rnd_init(1)))
|
|
{
|
|
table->file->print_error(error, MYF(0));
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
#ifdef EXTRA_DEBUG
|
|
DBUG_PRINT("info",("scan table: '%s' search: '%s'@'%s'",
|
|
table->s->table_name.str, user_str, host_str));
|
|
#endif
|
|
while ((error= table->file->ha_rnd_next(table->record[0])) !=
|
|
HA_ERR_END_OF_FILE)
|
|
{
|
|
if (error)
|
|
{
|
|
/* Most probable 'deleted record'. */
|
|
DBUG_PRINT("info",("scan error: %d", error));
|
|
continue;
|
|
}
|
|
if (! (host= get_field(thd->mem_root, host_field)))
|
|
host= "";
|
|
if (! (user= get_field(thd->mem_root, user_field)))
|
|
user= "";
|
|
|
|
#ifdef EXTRA_DEBUG
|
|
if (table_no != 5)
|
|
{
|
|
DBUG_PRINT("loop",("scan fields: '%s'@'%s' '%s' '%s' '%s'",
|
|
user, host,
|
|
get_field(thd->mem_root, table->field[1]) /*db*/,
|
|
get_field(thd->mem_root, table->field[3]) /*table*/,
|
|
get_field(thd->mem_root,
|
|
table->field[4]) /*column*/));
|
|
}
|
|
#endif
|
|
if (strcmp(user_str, user) ||
|
|
my_strcasecmp(system_charset_info, host_str, host))
|
|
continue;
|
|
|
|
/* If requested, delete or update the record. */
|
|
result= ((drop || user_to) &&
|
|
modify_grant_table(table, host_field, user_field, user_to)) ?
|
|
-1 : result ? result : 1; /* Error or keep result or found. */
|
|
/* If search is requested, we do not need to search further. */
|
|
if (! drop && ! user_to)
|
|
break ;
|
|
}
|
|
(void) table->file->ha_rnd_end();
|
|
DBUG_PRINT("info",("scan result: %d", result));
|
|
}
|
|
}
|
|
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
/**
|
|
Handle an in-memory privilege structure.
|
|
|
|
@param struct_no The number of the structure to handle (0..6).
|
|
@param drop If user_from is to be dropped.
|
|
@param user_from The the user to be searched/dropped/renamed.
|
|
@param user_to The new name for the user if to be renamed, NULL otherwise.
|
|
|
|
@note
|
|
Scan through all elements in an in-memory grant structure and apply
|
|
the requested operation.
|
|
Delete from grant structure if drop is true.
|
|
Update in grant structure if drop is false and user_to is not NULL.
|
|
Search in grant structure if drop is false and user_to is NULL.
|
|
Structures are enumerated as follows:
|
|
0 ACL_USER
|
|
1 ACL_DB
|
|
2 COLUMN_PRIVILEGES_HASH
|
|
3 PROC_PRIVILEGES_HASH
|
|
4 FUNC_PRIVILEGES_HASH
|
|
5 PROXY_USERS_ACL
|
|
6 ROLES_MAPPINGS_HASH
|
|
|
|
@retval > 0 At least one element matched.
|
|
@retval 0 OK, but no element matched.
|
|
*/
|
|
|
|
static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
|
|
LEX_USER *user_from, LEX_USER *user_to)
|
|
{
|
|
int result= 0;
|
|
int idx;
|
|
int elements;
|
|
const char *user;
|
|
const char *host;
|
|
const char *role;
|
|
uint role_not_matched= 1;
|
|
ACL_USER *acl_user= NULL;
|
|
ACL_ROLE *acl_role= NULL;
|
|
ACL_DB *acl_db= NULL;
|
|
ACL_PROXY_USER *acl_proxy_user= NULL;
|
|
GRANT_NAME *grant_name= NULL;
|
|
ROLE_GRANT_PAIR *role_grant_pair;
|
|
HASH *grant_name_hash= NULL;
|
|
HASH *roles_mappings_hash= NULL;
|
|
DBUG_ENTER("handle_grant_struct");
|
|
DBUG_PRINT("info",("scan struct: %u search: '%s'@'%s'",
|
|
struct_no, user_from->user.str, user_from->host.str));
|
|
|
|
LINT_INIT(user);
|
|
LINT_INIT(host);
|
|
LINT_INIT(role);
|
|
|
|
mysql_mutex_assert_owner(&acl_cache->lock);
|
|
|
|
/* No point in querying ROLE ACL if the user_from is not a role */
|
|
if (struct_no == ROLE_ACL && user_from->host.length)
|
|
DBUG_RETURN(0);
|
|
|
|
if (struct_no == ROLE_ACL) //no need to scan the structures in this case
|
|
{
|
|
acl_role= find_acl_role(user_from->user.str);
|
|
if (!acl_role)
|
|
DBUG_RETURN(0);
|
|
|
|
if (!drop && !user_to) //role was found
|
|
DBUG_RETURN(1);
|
|
|
|
/* this calls for a role update */
|
|
char *old_key= acl_role->user.str;
|
|
size_t old_key_length= acl_role->user.length;
|
|
if (drop)
|
|
{
|
|
my_hash_delete(&acl_roles, (uchar*) acl_role);
|
|
DBUG_RETURN(1);
|
|
}
|
|
acl_role->user.str= strdup_root(&mem, user_to->user.str);
|
|
acl_role->user.length= user_to->user.length;
|
|
|
|
my_hash_update(&acl_roles, (uchar*) acl_role, (uchar*) old_key,
|
|
old_key_length);
|
|
DBUG_RETURN(1);
|
|
|
|
}
|
|
|
|
/* Get the number of elements in the in-memory structure. */
|
|
switch (struct_no) {
|
|
case USER_ACL:
|
|
elements= acl_users.elements;
|
|
break;
|
|
case DB_ACL:
|
|
elements= acl_dbs.elements;
|
|
break;
|
|
case COLUMN_PRIVILEGES_HASH:
|
|
grant_name_hash= &column_priv_hash;
|
|
elements= grant_name_hash->records;
|
|
break;
|
|
case PROC_PRIVILEGES_HASH:
|
|
grant_name_hash= &proc_priv_hash;
|
|
elements= grant_name_hash->records;
|
|
break;
|
|
case FUNC_PRIVILEGES_HASH:
|
|
grant_name_hash= &func_priv_hash;
|
|
elements= grant_name_hash->records;
|
|
break;
|
|
case PROXY_USERS_ACL:
|
|
elements= acl_proxy_users.elements;
|
|
break;
|
|
case ROLES_MAPPINGS_HASH:
|
|
roles_mappings_hash= &acl_roles_mappings;
|
|
elements= roles_mappings_hash->records;
|
|
break;
|
|
default:
|
|
DBUG_ASSERT(0);
|
|
return -1;
|
|
}
|
|
|
|
#ifdef EXTRA_DEBUG
|
|
DBUG_PRINT("loop",("scan struct: %u search user: '%s' host: '%s'",
|
|
struct_no, user_from->user.str, user_from->host.str));
|
|
#endif
|
|
/* Loop over all elements *backwards* (see the comment below). */
|
|
for (idx= elements - 1; idx >= 0; idx--)
|
|
{
|
|
/*
|
|
Get a pointer to the element.
|
|
*/
|
|
switch (struct_no) {
|
|
case USER_ACL:
|
|
acl_user= dynamic_element(&acl_users, idx, ACL_USER*);
|
|
user= acl_user->user.str;
|
|
host= acl_user->host.hostname;
|
|
break;
|
|
|
|
case DB_ACL:
|
|
acl_db= dynamic_element(&acl_dbs, idx, ACL_DB*);
|
|
user= acl_db->user;
|
|
host= acl_db->host.hostname;
|
|
break;
|
|
|
|
case COLUMN_PRIVILEGES_HASH:
|
|
case PROC_PRIVILEGES_HASH:
|
|
case FUNC_PRIVILEGES_HASH:
|
|
grant_name= (GRANT_NAME*) my_hash_element(grant_name_hash, idx);
|
|
user= grant_name->user;
|
|
host= grant_name->host.hostname;
|
|
break;
|
|
|
|
case PROXY_USERS_ACL:
|
|
acl_proxy_user= dynamic_element(&acl_proxy_users, idx, ACL_PROXY_USER*);
|
|
user= acl_proxy_user->get_user();
|
|
host= acl_proxy_user->get_host();
|
|
break;
|
|
|
|
case ROLES_MAPPINGS_HASH:
|
|
role_grant_pair= (ROLE_GRANT_PAIR *) my_hash_element(roles_mappings_hash, idx);
|
|
user= role_grant_pair->u_uname;
|
|
host= role_grant_pair->u_hname;
|
|
role= role_grant_pair->r_uname;
|
|
break;
|
|
|
|
default:
|
|
DBUG_ASSERT(0);
|
|
}
|
|
if (! user)
|
|
user= "";
|
|
if (! host)
|
|
host= "";
|
|
if (! role)
|
|
role= "";
|
|
|
|
#ifdef EXTRA_DEBUG
|
|
DBUG_PRINT("loop",("scan struct: %u index: %u user: '%s' host: '%s'",
|
|
struct_no, idx, user, host));
|
|
#endif
|
|
|
|
if (struct_no == ROLES_MAPPINGS_HASH)
|
|
{
|
|
role_not_matched= strcmp(user_from->user.str, role);
|
|
if (role_not_matched &&
|
|
(strcmp(user_from->user.str, user) ||
|
|
my_strcasecmp(system_charset_info, user_from->host.str, host)))
|
|
continue;
|
|
}
|
|
else
|
|
{
|
|
if (strcmp(user_from->user.str, user) ||
|
|
my_strcasecmp(system_charset_info, user_from->host.str, host))
|
|
continue;
|
|
}
|
|
|
|
result= 1; /* At least one element found. */
|
|
if ( drop )
|
|
{
|
|
elements--;
|
|
switch ( struct_no ) {
|
|
case USER_ACL:
|
|
free_acl_user(dynamic_element(&acl_users, idx, ACL_USER*));
|
|
delete_dynamic_element(&acl_users, idx);
|
|
break;
|
|
|
|
case DB_ACL:
|
|
delete_dynamic_element(&acl_dbs, idx);
|
|
break;
|
|
|
|
case COLUMN_PRIVILEGES_HASH:
|
|
case PROC_PRIVILEGES_HASH:
|
|
case FUNC_PRIVILEGES_HASH:
|
|
my_hash_delete(grant_name_hash, (uchar*) grant_name);
|
|
/*
|
|
In our HASH implementation on deletion one elements
|
|
is moved into a place where a deleted element was,
|
|
and the last element is moved into the empty space.
|
|
Thus we need to re-examine the current element, but
|
|
we don't have to restart the search from the beginning.
|
|
*/
|
|
if (idx != elements)
|
|
idx++;
|
|
break;
|
|
|
|
case PROXY_USERS_ACL:
|
|
delete_dynamic_element(&acl_proxy_users, idx);
|
|
break;
|
|
|
|
case ROLES_MAPPINGS_HASH:
|
|
my_hash_delete(roles_mappings_hash, (uchar*) role_grant_pair);
|
|
break;
|
|
|
|
default:
|
|
DBUG_ASSERT(0);
|
|
break;
|
|
}
|
|
}
|
|
else if ( user_to )
|
|
{
|
|
switch ( struct_no ) {
|
|
case USER_ACL:
|
|
acl_user->user.str= strdup_root(&mem, user_to->user.str);
|
|
acl_user->user.length= user_to->user.length;
|
|
acl_user->host.hostname= strdup_root(&mem, user_to->host.str);
|
|
break;
|
|
|
|
case DB_ACL:
|
|
acl_db->user= strdup_root(&mem, user_to->user.str);
|
|
acl_db->host.hostname= strdup_root(&mem, user_to->host.str);
|
|
break;
|
|
|
|
case COLUMN_PRIVILEGES_HASH:
|
|
case PROC_PRIVILEGES_HASH:
|
|
case FUNC_PRIVILEGES_HASH:
|
|
{
|
|
/*
|
|
Save old hash key and its length to be able to properly update
|
|
element position in hash.
|
|
*/
|
|
char *old_key= grant_name->hash_key;
|
|
size_t old_key_length= grant_name->key_length;
|
|
|
|
/*
|
|
Update the grant structure with the new user name and host name.
|
|
*/
|
|
grant_name->set_user_details(user_to->host.str, grant_name->db,
|
|
user_to->user.str, grant_name->tname,
|
|
TRUE);
|
|
|
|
/*
|
|
Since username is part of the hash key, when the user name
|
|
is renamed, the hash key is changed. Update the hash to
|
|
ensure that the position matches the new hash key value
|
|
*/
|
|
my_hash_update(grant_name_hash, (uchar*) grant_name, (uchar*) old_key,
|
|
old_key_length);
|
|
/*
|
|
hash_update() operation could have moved element from the tail or
|
|
the head of the hash to the current position. But it can never
|
|
move an element from the head to the tail or from the tail to the
|
|
head over the current element.
|
|
So we need to examine the current element once again, but
|
|
we don't need to restart the search from the beginning.
|
|
*/
|
|
if (idx != elements)
|
|
idx++;
|
|
break;
|
|
}
|
|
|
|
case PROXY_USERS_ACL:
|
|
acl_proxy_user->set_user (&mem, user_to->user.str);
|
|
acl_proxy_user->set_host (&mem, user_to->host.str);
|
|
break;
|
|
|
|
case ROLES_MAPPINGS_HASH:
|
|
{
|
|
/*
|
|
Save old hash key and its length to be able to properly update
|
|
element position in hash.
|
|
*/
|
|
char *old_key= role_grant_pair->hashkey.str;
|
|
size_t old_key_length= role_grant_pair->hashkey.length;
|
|
|
|
if (role_not_matched)
|
|
init_role_grant_pair(&mem, role_grant_pair,
|
|
user_to->user.str, user_to->host.str,
|
|
role_grant_pair->r_uname);
|
|
else
|
|
init_role_grant_pair(&mem, role_grant_pair,
|
|
role_grant_pair->u_uname,
|
|
role_grant_pair->u_hname,
|
|
user_to->user.str);
|
|
|
|
my_hash_update(roles_mappings_hash, (uchar*) role_grant_pair,
|
|
(uchar*) old_key, old_key_length);
|
|
break;
|
|
}
|
|
|
|
default:
|
|
DBUG_ASSERT(0);
|
|
break;
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
/* If search is requested, we do not need to search further. */
|
|
break;
|
|
}
|
|
}
|
|
#ifdef EXTRA_DEBUG
|
|
DBUG_PRINT("loop",("scan struct: %u result %d", struct_no, result));
|
|
#endif
|
|
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
/*
|
|
Handle all privilege tables and in-memory privilege structures.
|
|
|
|
SYNOPSIS
|
|
handle_grant_data()
|
|
tables The array with the four open tables.
|
|
drop If user_from is to be dropped.
|
|
user_from The the user to be searched/dropped/renamed.
|
|
user_to The new name for the user if to be renamed,
|
|
NULL otherwise.
|
|
|
|
DESCRIPTION
|
|
Go through all grant tables and in-memory grant structures and apply
|
|
the requested operation.
|
|
Delete from grant data if drop is true.
|
|
Update in grant data if drop is false and user_to is not NULL.
|
|
Search in grant data if drop is false and user_to is NULL.
|
|
|
|
RETURN
|
|
> 0 At least one element matched.
|
|
0 OK, but no element matched.
|
|
< 0 Error.
|
|
*/
|
|
|
|
static int handle_grant_data(TABLE_LIST *tables, bool drop,
|
|
LEX_USER *user_from, LEX_USER *user_to)
|
|
{
|
|
int result= 0;
|
|
int found;
|
|
DBUG_ENTER("handle_grant_data");
|
|
|
|
/* Handle user table. */
|
|
if ((found= handle_grant_table(tables, 0, drop, user_from, user_to)) < 0)
|
|
{
|
|
/* Handle of table failed, don't touch the in-memory array. */
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
/* Handle user array. */
|
|
if ((handle_grant_struct(USER_ACL, drop, user_from, user_to)) || found)
|
|
{
|
|
result= 1; /* At least one record/element found. */
|
|
/* If search is requested, we do not need to search further. */
|
|
if (! drop && ! user_to)
|
|
goto end;
|
|
}
|
|
if ((handle_grant_struct(ROLE_ACL, drop, user_from, user_to)) || found)
|
|
{
|
|
result= 1; /* At least one record/element found. */
|
|
/* If search is requested, we do not need to search further. */
|
|
if (! drop && ! user_to)
|
|
goto end;
|
|
}
|
|
}
|
|
|
|
/* Handle db table. */
|
|
if ((found= handle_grant_table(tables, 1, drop, user_from, user_to)) < 0)
|
|
{
|
|
/* Handle of table failed, don't touch the in-memory array. */
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
/* Handle db array. */
|
|
if (((handle_grant_struct(DB_ACL, drop, user_from, user_to) && ! result) ||
|
|
found) && ! result)
|
|
{
|
|
result= 1; /* At least one record/element found. */
|
|
/* If search is requested, we do not need to search further. */
|
|
if (! drop && ! user_to)
|
|
goto end;
|
|
}
|
|
}
|
|
|
|
/* Handle stored routines table. */
|
|
if ((found= handle_grant_table(tables, 4, drop, user_from, user_to)) < 0)
|
|
{
|
|
/* Handle of table failed, don't touch in-memory array. */
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
/* Handle procs array. */
|
|
if (((handle_grant_struct(PROC_PRIVILEGES_HASH, drop, user_from, user_to) && ! result) ||
|
|
found) && ! result)
|
|
{
|
|
result= 1; /* At least one record/element found. */
|
|
/* If search is requested, we do not need to search further. */
|
|
if (! drop && ! user_to)
|
|
goto end;
|
|
}
|
|
/* Handle funcs array. */
|
|
if (((handle_grant_struct(FUNC_PRIVILEGES_HASH, drop, user_from, user_to) && ! result) ||
|
|
found) && ! result)
|
|
{
|
|
result= 1; /* At least one record/element found. */
|
|
/* If search is requested, we do not need to search further. */
|
|
if (! drop && ! user_to)
|
|
goto end;
|
|
}
|
|
}
|
|
|
|
/* Handle tables table. */
|
|
if ((found= handle_grant_table(tables, 2, drop, user_from, user_to)) < 0)
|
|
{
|
|
/* Handle of table failed, don't touch columns and in-memory array. */
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
if (found && ! result)
|
|
{
|
|
result= 1; /* At least one record found. */
|
|
/* If search is requested, we do not need to search further. */
|
|
if (! drop && ! user_to)
|
|
goto end;
|
|
}
|
|
|
|
/* Handle columns table. */
|
|
if ((found= handle_grant_table(tables, 3, drop, user_from, user_to)) < 0)
|
|
{
|
|
/* Handle of table failed, don't touch the in-memory array. */
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
/* Handle columns hash. */
|
|
if (((handle_grant_struct(COLUMN_PRIVILEGES_HASH, drop, user_from, user_to) && ! result) ||
|
|
found) && ! result)
|
|
result= 1; /* At least one record/element found. */
|
|
}
|
|
}
|
|
|
|
/* Handle proxies_priv table. */
|
|
if (tables[5].table)
|
|
{
|
|
if ((found= handle_grant_table(tables, 5, drop, user_from, user_to)) < 0)
|
|
{
|
|
/* Handle of table failed, don't touch the in-memory array. */
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
/* Handle proxies_priv array. */
|
|
if ((handle_grant_struct(PROXY_USERS_ACL, drop, user_from, user_to) && !result) ||
|
|
found)
|
|
result= 1; /* At least one record/element found. */
|
|
}
|
|
}
|
|
|
|
/* Handle roles_mappings table. */
|
|
if (tables[6].table)
|
|
{
|
|
if ((found= handle_grant_table(tables, 6, drop, user_from, user_to)) < 0)
|
|
{
|
|
/* Handle of table failed, don't touch the in-memory array. */
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
/* Handle acl_roles_mappings array */
|
|
if ((handle_grant_struct(ROLES_MAPPINGS_HASH, drop, user_from, user_to) && !result) ||
|
|
found)
|
|
result= 1; /* At least one record/element found */
|
|
}
|
|
}
|
|
|
|
end:
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
static void append_user(String *str, LEX_USER *user, bool handle_as_role)
|
|
{
|
|
if (str->length())
|
|
str->append(',');
|
|
str->append('\'');
|
|
str->append(user->user.str);
|
|
/* hostname part is not relevant for roles, it is always empty */
|
|
if (!handle_as_role)
|
|
{
|
|
str->append(STRING_WITH_LEN("'@'"));
|
|
str->append(user->host.str);
|
|
}
|
|
str->append('\'');
|
|
}
|
|
|
|
/*
|
|
Create a list of users.
|
|
|
|
SYNOPSIS
|
|
mysql_create_user()
|
|
thd The current thread.
|
|
list The users to create.
|
|
handle_as_role Handle the user list as roles if true
|
|
|
|
RETURN
|
|
FALSE OK.
|
|
TRUE Error.
|
|
*/
|
|
|
|
bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
|
|
{
|
|
int result;
|
|
String wrong_users;
|
|
LEX_USER *user_name, *tmp_user_name;
|
|
List_iterator <LEX_USER> user_list(list);
|
|
TABLE_LIST tables[GRANT_TABLES];
|
|
bool some_users_created= FALSE;
|
|
DBUG_ENTER("mysql_create_user");
|
|
DBUG_PRINT("entry", ("Handle as %s", handle_as_role ? "role" : "user"));
|
|
|
|
/* CREATE USER may be skipped on replication client. */
|
|
if ((result= open_grant_tables(thd, tables)))
|
|
DBUG_RETURN(result != 1);
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
while ((tmp_user_name= user_list++))
|
|
{
|
|
if (handle_as_role)
|
|
{
|
|
user_name= tmp_user_name;
|
|
user_name->host.str= (char *)"";
|
|
user_name->host.length= 0;
|
|
/* role already exists */
|
|
if (find_acl_role(user_name->user.str))
|
|
{
|
|
append_user(&wrong_users, user_name, TRUE);
|
|
result = TRUE;
|
|
continue;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (!(user_name= get_current_user(thd, tmp_user_name)))
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if (!user_name->host.str)
|
|
user_name->host= host_not_specified;
|
|
|
|
/*
|
|
Search all in-memory structures and grant tables
|
|
for a mention of the new user/role name.
|
|
*/
|
|
if (handle_grant_data(tables, 0, user_name, NULL))
|
|
{
|
|
append_user(&wrong_users, user_name, handle_as_role);
|
|
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
|
|
some_users_created= TRUE;
|
|
if (replace_user_table(thd, tables[0].table, *user_name, 0, 0, 1, 0,
|
|
handle_as_role))
|
|
{
|
|
append_user(&wrong_users, user_name, handle_as_role);
|
|
result= TRUE;
|
|
}
|
|
}
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
if (result)
|
|
my_error(ER_CANNOT_USER, MYF(0),
|
|
(handle_as_role) ? "CREATE ROLE" : "CREATE USER",
|
|
wrong_users.c_ptr_safe());
|
|
|
|
if (some_users_created)
|
|
result |= write_bin_log(thd, FALSE, thd->query(), thd->query_length());
|
|
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
/*
|
|
Drop a list of users and all their privileges.
|
|
|
|
SYNOPSIS
|
|
mysql_drop_user()
|
|
thd The current thread.
|
|
list The users to drop.
|
|
|
|
RETURN
|
|
FALSE OK.
|
|
TRUE Error.
|
|
*/
|
|
|
|
bool mysql_drop_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
|
|
{
|
|
int result;
|
|
String wrong_users;
|
|
LEX_USER *user_name, *tmp_user_name;
|
|
List_iterator <LEX_USER> user_list(list);
|
|
TABLE_LIST tables[GRANT_TABLES];
|
|
bool some_users_deleted= FALSE;
|
|
ulonglong old_sql_mode= thd->variables.sql_mode;
|
|
DBUG_ENTER("mysql_drop_user");
|
|
DBUG_PRINT("entry", ("Handle as %s", handle_as_role ? "role" : "user"));
|
|
|
|
/* DROP USER may be skipped on replication client. */
|
|
if ((result= open_grant_tables(thd, tables)))
|
|
DBUG_RETURN(result != 1);
|
|
|
|
thd->variables.sql_mode&= ~MODE_PAD_CHAR_TO_FULL_LENGTH;
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
while ((tmp_user_name= user_list++))
|
|
{
|
|
if (handle_as_role)
|
|
{
|
|
|
|
user_name= tmp_user_name;
|
|
user_name->host.str= (char *)"";
|
|
user_name->host.length= 0;
|
|
if (!find_acl_role(user_name->user.str))
|
|
{
|
|
append_user(&wrong_users, user_name, TRUE);
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (!(user_name= get_current_user(thd, tmp_user_name)))
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if (handle_grant_data(tables, 1, user_name, NULL) <= 0)
|
|
{
|
|
append_user(&wrong_users, user_name, handle_as_role);
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
|
|
some_users_deleted= TRUE;
|
|
}
|
|
|
|
if (!handle_as_role)
|
|
{
|
|
/* Rebuild 'acl_check_hosts' since 'acl_users' has been modified */
|
|
rebuild_check_host();
|
|
}
|
|
|
|
/* Rebuild every user's role_grants because the acl_user has been modified
|
|
and some grants might now be invalid */
|
|
rebuild_role_grants();
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
if (result)
|
|
my_error(ER_CANNOT_USER, MYF(0),
|
|
(handle_as_role) ? "DROP ROLE" : "DROP USER",
|
|
wrong_users.c_ptr_safe());
|
|
|
|
if (some_users_deleted)
|
|
result |= write_bin_log(thd, FALSE, thd->query(), thd->query_length());
|
|
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
thd->variables.sql_mode= old_sql_mode;
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
/*
|
|
Rename a user.
|
|
|
|
SYNOPSIS
|
|
mysql_rename_user()
|
|
thd The current thread.
|
|
list The user name pairs: (from, to).
|
|
|
|
RETURN
|
|
FALSE OK.
|
|
TRUE Error.
|
|
*/
|
|
|
|
bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
|
|
{
|
|
int result;
|
|
String wrong_users;
|
|
LEX_USER *user_from, *tmp_user_from;
|
|
LEX_USER *user_to, *tmp_user_to;
|
|
List_iterator <LEX_USER> user_list(list);
|
|
TABLE_LIST tables[GRANT_TABLES];
|
|
bool some_users_renamed= FALSE;
|
|
DBUG_ENTER("mysql_rename_user");
|
|
|
|
/* RENAME USER may be skipped on replication client. */
|
|
if ((result= open_grant_tables(thd, tables)))
|
|
DBUG_RETURN(result != 1);
|
|
|
|
DBUG_ASSERT(!thd->is_current_stmt_binlog_format_row());
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
while ((tmp_user_from= user_list++))
|
|
{
|
|
if (!(user_from= get_current_user(thd, tmp_user_from)))
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
tmp_user_to= user_list++;
|
|
if (!(user_to= get_current_user(thd, tmp_user_to)))
|
|
{
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
DBUG_ASSERT(user_to != 0); /* Syntax enforces pairs of users. */
|
|
|
|
/*
|
|
Search all in-memory structures and grant tables
|
|
for a mention of the new user name.
|
|
*/
|
|
if (handle_grant_data(tables, 0, user_to, NULL) ||
|
|
handle_grant_data(tables, 0, user_from, user_to) <= 0)
|
|
{
|
|
/* NOTE TODO renaming roles is not yet implemented */
|
|
append_user(&wrong_users, user_from, FALSE);
|
|
result= TRUE;
|
|
continue;
|
|
}
|
|
some_users_renamed= TRUE;
|
|
}
|
|
|
|
/* Rebuild 'acl_check_hosts' since 'acl_users' has been modified */
|
|
rebuild_check_host();
|
|
/* Rebuild every user's role_grants because the acl_user has been modified
|
|
and some grants might now be invalid */
|
|
rebuild_role_grants();
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
if (result)
|
|
my_error(ER_CANNOT_USER, MYF(0), "RENAME USER", wrong_users.c_ptr_safe());
|
|
|
|
if (some_users_renamed && mysql_bin_log.is_open())
|
|
result |= write_bin_log(thd, FALSE, thd->query(), thd->query_length());
|
|
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
/*
|
|
Revoke all privileges from a list of users.
|
|
|
|
SYNOPSIS
|
|
mysql_revoke_all()
|
|
thd The current thread.
|
|
list The users to revoke all privileges from.
|
|
|
|
RETURN
|
|
> 0 Error. Error message already sent.
|
|
0 OK.
|
|
< 0 Error. Error message not yet sent.
|
|
*/
|
|
|
|
bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
|
|
{
|
|
uint counter, revoked, is_proc;
|
|
int result;
|
|
ACL_DB *acl_db;
|
|
TABLE_LIST tables[GRANT_TABLES];
|
|
DBUG_ENTER("mysql_revoke_all");
|
|
|
|
if ((result= open_grant_tables(thd, tables)))
|
|
DBUG_RETURN(result != 1);
|
|
|
|
DBUG_ASSERT(!thd->is_current_stmt_binlog_format_row());
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
LEX_USER *lex_user, *tmp_lex_user;
|
|
List_iterator <LEX_USER> user_list(list);
|
|
while ((tmp_lex_user= user_list++))
|
|
{
|
|
if (!(lex_user= get_current_user(thd, tmp_lex_user)))
|
|
{
|
|
result= -1;
|
|
continue;
|
|
}
|
|
if (!find_user_no_anon(lex_user->host.str, lex_user->user.str, TRUE))
|
|
{
|
|
result= -1;
|
|
continue;
|
|
}
|
|
|
|
if (replace_user_table(thd, tables[0].table,
|
|
*lex_user, ~(ulong)0, 1, 0, 0, 0))
|
|
{
|
|
result= -1;
|
|
continue;
|
|
}
|
|
|
|
/* Remove db access privileges */
|
|
/*
|
|
Because acl_dbs and column_priv_hash shrink and may re-order
|
|
as privileges are removed, removal occurs in a repeated loop
|
|
until no more privileges are revoked.
|
|
*/
|
|
do
|
|
{
|
|
for (counter= 0, revoked= 0 ; counter < acl_dbs.elements ; )
|
|
{
|
|
const char *user,*host;
|
|
|
|
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
|
|
if (!(user=acl_db->user))
|
|
user= "";
|
|
if (!(host=acl_db->host.hostname))
|
|
host= "";
|
|
|
|
if (!strcmp(lex_user->user.str,user) &&
|
|
!strcmp(lex_user->host.str, host))
|
|
{
|
|
if (!replace_db_table(tables[1].table, acl_db->db, *lex_user,
|
|
~(ulong)0, 1))
|
|
{
|
|
/*
|
|
Don't increment counter as replace_db_table deleted the
|
|
current element in acl_dbs.
|
|
*/
|
|
revoked= 1;
|
|
continue;
|
|
}
|
|
result= -1; // Something went wrong
|
|
}
|
|
counter++;
|
|
}
|
|
} while (revoked);
|
|
|
|
/* Remove column access */
|
|
do
|
|
{
|
|
for (counter= 0, revoked= 0 ; counter < column_priv_hash.records ; )
|
|
{
|
|
const char *user,*host;
|
|
GRANT_TABLE *grant_table=
|
|
(GRANT_TABLE*) my_hash_element(&column_priv_hash, counter);
|
|
if (!(user=grant_table->user))
|
|
user= "";
|
|
if (!(host=grant_table->host.hostname))
|
|
host= "";
|
|
|
|
if (!strcmp(lex_user->user.str,user) &&
|
|
!strcmp(lex_user->host.str, host))
|
|
{
|
|
if (replace_table_table(thd,grant_table,tables[2].table,*lex_user,
|
|
grant_table->db,
|
|
grant_table->tname,
|
|
~(ulong)0, 0, 1))
|
|
{
|
|
result= -1;
|
|
}
|
|
else
|
|
{
|
|
if (!grant_table->cols)
|
|
{
|
|
revoked= 1;
|
|
continue;
|
|
}
|
|
List<LEX_COLUMN> columns;
|
|
if (!replace_column_table(grant_table,tables[3].table, *lex_user,
|
|
columns,
|
|
grant_table->db,
|
|
grant_table->tname,
|
|
~(ulong)0, 1))
|
|
{
|
|
revoked= 1;
|
|
continue;
|
|
}
|
|
result= -1;
|
|
}
|
|
}
|
|
counter++;
|
|
}
|
|
} while (revoked);
|
|
|
|
/* Remove procedure access */
|
|
for (is_proc=0; is_proc<2; is_proc++) do {
|
|
HASH *hash= is_proc ? &proc_priv_hash : &func_priv_hash;
|
|
for (counter= 0, revoked= 0 ; counter < hash->records ; )
|
|
{
|
|
const char *user,*host;
|
|
GRANT_NAME *grant_proc= (GRANT_NAME*) my_hash_element(hash, counter);
|
|
if (!(user=grant_proc->user))
|
|
user= "";
|
|
if (!(host=grant_proc->host.hostname))
|
|
host= "";
|
|
|
|
if (!strcmp(lex_user->user.str,user) &&
|
|
!strcmp(lex_user->host.str, host))
|
|
{
|
|
if (replace_routine_table(thd,grant_proc,tables[4].table,*lex_user,
|
|
grant_proc->db,
|
|
grant_proc->tname,
|
|
is_proc,
|
|
~(ulong)0, 1) == 0)
|
|
{
|
|
revoked= 1;
|
|
continue;
|
|
}
|
|
result= -1; // Something went wrong
|
|
}
|
|
counter++;
|
|
}
|
|
} while (revoked);
|
|
}
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
if (result)
|
|
my_message(ER_REVOKE_GRANTS, ER(ER_REVOKE_GRANTS), MYF(0));
|
|
|
|
result= result |
|
|
write_bin_log(thd, FALSE, thd->query(), thd->query_length());
|
|
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
If the defining user for a routine does not exist, then the ACL lookup
|
|
code should raise two errors which we should intercept. We convert the more
|
|
descriptive error into a warning, and consume the other.
|
|
|
|
If any other errors are raised, then we set a flag that should indicate
|
|
that there was some failure we should complain at a higher level.
|
|
*/
|
|
class Silence_routine_definer_errors : public Internal_error_handler
|
|
{
|
|
public:
|
|
Silence_routine_definer_errors()
|
|
: is_grave(FALSE)
|
|
{}
|
|
|
|
virtual ~Silence_routine_definer_errors()
|
|
{}
|
|
|
|
virtual bool handle_condition(THD *thd,
|
|
uint sql_errno,
|
|
const char* sqlstate,
|
|
MYSQL_ERROR::enum_warning_level level,
|
|
const char* msg,
|
|
MYSQL_ERROR ** cond_hdl);
|
|
|
|
bool has_errors() { return is_grave; }
|
|
|
|
private:
|
|
bool is_grave;
|
|
};
|
|
|
|
bool
|
|
Silence_routine_definer_errors::handle_condition(
|
|
THD *thd,
|
|
uint sql_errno,
|
|
const char*,
|
|
MYSQL_ERROR::enum_warning_level level,
|
|
const char* msg,
|
|
MYSQL_ERROR ** cond_hdl)
|
|
{
|
|
*cond_hdl= NULL;
|
|
if (level == MYSQL_ERROR::WARN_LEVEL_ERROR)
|
|
{
|
|
switch (sql_errno)
|
|
{
|
|
case ER_NONEXISTING_PROC_GRANT:
|
|
/* Convert the error into a warning. */
|
|
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
|
|
sql_errno, msg);
|
|
return TRUE;
|
|
default:
|
|
is_grave= TRUE;
|
|
}
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
/**
|
|
Revoke privileges for all users on a stored procedure. Use an error handler
|
|
that converts errors about missing grants into warnings.
|
|
|
|
@param
|
|
thd The current thread.
|
|
@param
|
|
db DB of the stored procedure
|
|
@param
|
|
name Name of the stored procedure
|
|
|
|
@retval
|
|
0 OK.
|
|
@retval
|
|
< 0 Error. Error message not yet sent.
|
|
*/
|
|
|
|
bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
|
|
bool is_proc)
|
|
{
|
|
uint counter, revoked;
|
|
int result;
|
|
TABLE_LIST tables[GRANT_TABLES];
|
|
HASH *hash= is_proc ? &proc_priv_hash : &func_priv_hash;
|
|
Silence_routine_definer_errors error_handler;
|
|
DBUG_ENTER("sp_revoke_privileges");
|
|
|
|
if ((result= open_grant_tables(thd, tables)))
|
|
DBUG_RETURN(result != 1);
|
|
|
|
DBUG_ASSERT(!thd->is_current_stmt_binlog_format_row());
|
|
|
|
/* Be sure to pop this before exiting this scope! */
|
|
thd->push_internal_handler(&error_handler);
|
|
|
|
mysql_rwlock_wrlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
/* Remove procedure access */
|
|
do
|
|
{
|
|
for (counter= 0, revoked= 0 ; counter < hash->records ; )
|
|
{
|
|
GRANT_NAME *grant_proc= (GRANT_NAME*) my_hash_element(hash, counter);
|
|
if (!my_strcasecmp(&my_charset_utf8_bin, grant_proc->db, sp_db) &&
|
|
!my_strcasecmp(system_charset_info, grant_proc->tname, sp_name))
|
|
{
|
|
LEX_USER lex_user;
|
|
lex_user.user.str= grant_proc->user;
|
|
lex_user.user.length= strlen(grant_proc->user);
|
|
lex_user.host.str= grant_proc->host.hostname ?
|
|
grant_proc->host.hostname : (char*)"";
|
|
lex_user.host.length= grant_proc->host.hostname ?
|
|
strlen(grant_proc->host.hostname) : 0;
|
|
|
|
if (replace_routine_table(thd,grant_proc,tables[4].table,lex_user,
|
|
grant_proc->db, grant_proc->tname,
|
|
is_proc, ~(ulong)0, 1) == 0)
|
|
{
|
|
revoked= 1;
|
|
continue;
|
|
}
|
|
}
|
|
counter++;
|
|
}
|
|
} while (revoked);
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
thd->pop_internal_handler();
|
|
|
|
DBUG_RETURN(error_handler.has_errors());
|
|
}
|
|
|
|
|
|
/**
|
|
Grant EXECUTE,ALTER privilege for a stored procedure
|
|
|
|
@param thd The current thread.
|
|
@param sp_db
|
|
@param sp_name
|
|
@param is_proc
|
|
|
|
@return
|
|
@retval FALSE Success
|
|
@retval TRUE An error occured. Error message not yet sent.
|
|
*/
|
|
|
|
bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
|
|
bool is_proc)
|
|
{
|
|
Security_context *sctx= thd->security_ctx;
|
|
LEX_USER *combo;
|
|
TABLE_LIST tables[1];
|
|
List<LEX_USER> user_list;
|
|
bool result;
|
|
ACL_USER *au;
|
|
char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
|
|
Dummy_error_handler error_handler;
|
|
DBUG_ENTER("sp_grant_privileges");
|
|
|
|
if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
|
DBUG_RETURN(TRUE);
|
|
|
|
combo->user.str= sctx->user;
|
|
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
if ((au= find_user_no_anon(combo->host.str=(char*)sctx->host_or_ip,
|
|
combo->user.str,FALSE)))
|
|
goto found_acl;
|
|
if ((au= find_user_no_anon(combo->host.str=(char*)sctx->host,
|
|
combo->user.str,FALSE)))
|
|
goto found_acl;
|
|
if ((au= find_user_no_anon(combo->host.str=(char*)sctx->ip,
|
|
combo->user.str,FALSE)))
|
|
goto found_acl;
|
|
if ((au= find_user_no_anon(combo->host.str=(char*)"%",
|
|
combo->user.str, FALSE)))
|
|
goto found_acl;
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
DBUG_RETURN(TRUE);
|
|
|
|
found_acl:
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
bzero((char*)tables, sizeof(TABLE_LIST));
|
|
user_list.empty();
|
|
|
|
tables->db= (char*)sp_db;
|
|
tables->table_name= tables->alias= (char*)sp_name;
|
|
|
|
thd->make_lex_string(&combo->user, combo->user.str, strlen(combo->user.str));
|
|
thd->make_lex_string(&combo->host, combo->host.str, strlen(combo->host.str));
|
|
|
|
combo->password= empty_lex_str;
|
|
combo->plugin= empty_lex_str;
|
|
combo->auth= empty_lex_str;
|
|
|
|
if(au)
|
|
{
|
|
if (au->salt_len)
|
|
{
|
|
if (au->salt_len == SCRAMBLE_LENGTH)
|
|
{
|
|
make_password_from_salt(passwd_buff, au->salt);
|
|
combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
|
|
}
|
|
else if (au->salt_len == SCRAMBLE_LENGTH_323)
|
|
{
|
|
make_password_from_salt_323(passwd_buff, (ulong *) au->salt);
|
|
combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
|
|
}
|
|
else
|
|
{
|
|
push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN, ER_PASSWD_LENGTH,
|
|
ER(ER_PASSWD_LENGTH), SCRAMBLED_PASSWORD_CHAR_LENGTH);
|
|
return TRUE;
|
|
}
|
|
combo->password.str= passwd_buff;
|
|
}
|
|
|
|
if (au->plugin.str != native_password_plugin_name.str &&
|
|
au->plugin.str != old_password_plugin_name.str)
|
|
{
|
|
combo->plugin= au->plugin;
|
|
combo->auth= au->auth_string;
|
|
}
|
|
}
|
|
|
|
if (user_list.push_back(combo))
|
|
DBUG_RETURN(TRUE);
|
|
|
|
thd->lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
|
|
thd->lex->ssl_cipher= thd->lex->x509_subject= thd->lex->x509_issuer= 0;
|
|
bzero((char*) &thd->lex->mqh, sizeof(thd->lex->mqh));
|
|
|
|
/*
|
|
Only care about whether the operation failed or succeeded
|
|
as all errors will be handled later.
|
|
*/
|
|
thd->push_internal_handler(&error_handler);
|
|
result= mysql_routine_grant(thd, tables, is_proc, user_list,
|
|
DEFAULT_CREATE_PROC_ACLS, FALSE, FALSE);
|
|
thd->pop_internal_handler();
|
|
DBUG_RETURN(result);
|
|
}
|
|
|
|
|
|
/**
|
|
Validate if a user can proxy as another user
|
|
|
|
@thd current thread
|
|
@param user the logged in user (proxy user)
|
|
@param authenticated_as the effective user a plugin is trying to
|
|
impersonate as (proxied user)
|
|
@return proxy user definition
|
|
@retval NULL proxy user definition not found or not applicable
|
|
@retval non-null the proxy user data
|
|
*/
|
|
|
|
static ACL_PROXY_USER *
|
|
acl_find_proxy_user(const char *user, const char *host, const char *ip,
|
|
const char *authenticated_as, bool *proxy_used)
|
|
{
|
|
uint i;
|
|
/* if the proxied and proxy user are the same return OK */
|
|
DBUG_ENTER("acl_find_proxy_user");
|
|
DBUG_PRINT("info", ("user=%s host=%s ip=%s authenticated_as=%s",
|
|
user, host, ip, authenticated_as));
|
|
|
|
if (!strcmp(authenticated_as, user))
|
|
{
|
|
DBUG_PRINT ("info", ("user is the same as authenticated_as"));
|
|
DBUG_RETURN (NULL);
|
|
}
|
|
|
|
*proxy_used= TRUE;
|
|
for (i=0; i < acl_proxy_users.elements; i++)
|
|
{
|
|
ACL_PROXY_USER *proxy= dynamic_element(&acl_proxy_users, i,
|
|
ACL_PROXY_USER *);
|
|
if (proxy->matches(host, user, ip, authenticated_as))
|
|
DBUG_RETURN(proxy);
|
|
}
|
|
|
|
DBUG_RETURN(NULL);
|
|
}
|
|
|
|
|
|
bool
|
|
acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
|
|
bool with_grant)
|
|
{
|
|
DBUG_ENTER("acl_check_proxy_grant_access");
|
|
DBUG_PRINT("info", ("user=%s host=%s with_grant=%d", user, host,
|
|
(int) with_grant));
|
|
if (!initialized)
|
|
{
|
|
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
/* replication slave thread can do anything */
|
|
if (thd->slave_thread)
|
|
{
|
|
DBUG_PRINT("info", ("replication slave"));
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
|
|
/*
|
|
one can grant proxy for self to others.
|
|
Security context in THD contains two pairs of (user,host):
|
|
1. (user,host) pair referring to inbound connection.
|
|
2. (priv_user,priv_host) pair obtained from mysql.user table after doing
|
|
authnetication of incoming connection.
|
|
Privileges should be checked wrt (priv_user, priv_host) tuple, because
|
|
(user,host) pair obtained from inbound connection may have different
|
|
values than what is actually stored in mysql.user table and while granting
|
|
or revoking proxy privilege, user is expected to provide entries mentioned
|
|
in mysql.user table.
|
|
*/
|
|
if (!strcmp(thd->security_ctx->priv_user, user) &&
|
|
!my_strcasecmp(system_charset_info, host,
|
|
thd->security_ctx->priv_host))
|
|
{
|
|
DBUG_PRINT("info", ("strcmp (%s, %s) my_casestrcmp (%s, %s) equal",
|
|
thd->security_ctx->priv_user, user,
|
|
host, thd->security_ctx->priv_host));
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
|
|
/* check for matching WITH PROXY rights */
|
|
for (uint i=0; i < acl_proxy_users.elements; i++)
|
|
{
|
|
ACL_PROXY_USER *proxy= dynamic_element(&acl_proxy_users, i,
|
|
ACL_PROXY_USER *);
|
|
if (proxy->matches(thd->security_ctx->host,
|
|
thd->security_ctx->user,
|
|
thd->security_ctx->ip,
|
|
user) &&
|
|
proxy->get_with_grant())
|
|
{
|
|
DBUG_PRINT("info", ("found"));
|
|
DBUG_RETURN(FALSE);
|
|
}
|
|
}
|
|
|
|
my_error(ER_ACCESS_DENIED_NO_PASSWORD_ERROR, MYF(0),
|
|
thd->security_ctx->user,
|
|
thd->security_ctx->host_or_ip);
|
|
DBUG_RETURN(TRUE);
|
|
}
|
|
|
|
|
|
static bool
|
|
show_proxy_grants(THD *thd, const char *username, const char *hostname,
|
|
char *buff, size_t buffsize)
|
|
{
|
|
Protocol *protocol= thd->protocol;
|
|
int error= 0;
|
|
|
|
for (uint i=0; i < acl_proxy_users.elements; i++)
|
|
{
|
|
ACL_PROXY_USER *proxy= dynamic_element(&acl_proxy_users, i,
|
|
ACL_PROXY_USER *);
|
|
if (proxy->granted_on(hostname, username))
|
|
{
|
|
String global(buff, buffsize, system_charset_info);
|
|
global.length(0);
|
|
proxy->print_grant(&global);
|
|
protocol->prepare_for_resend();
|
|
protocol->store(global.ptr(), global.length(), global.charset());
|
|
if (protocol->write())
|
|
{
|
|
error= -1;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
return error;
|
|
}
|
|
|
|
|
|
static void
|
|
fill_schema_enabled_roles_insert(ACL_ROLE *unused __attribute__((unused)),
|
|
ACL_ROLE *role, void *context_data)
|
|
{
|
|
TABLE *table= (TABLE*) context_data;
|
|
restore_record(table, s->default_values);
|
|
table->field[0]->set_notnull();
|
|
table->field[0]->store(role->user.str, role->user.length,
|
|
system_charset_info);
|
|
/*return*/ schema_table_store_record(table->in_use, table);
|
|
}
|
|
|
|
static int fill_schema_applicable_roles_insert_data(ACL_USER_BASE *grantee,
|
|
LEX_STRING *name, TABLE *table);
|
|
|
|
static void
|
|
fill_schema_applicable_roles_insert(ACL_ROLE *unused __attribute__((unused)),
|
|
ACL_ROLE *role, void *context_data)
|
|
{
|
|
/*return*/ fill_schema_applicable_roles_insert_data(role, &role->user,
|
|
(TABLE*)context_data);
|
|
}
|
|
|
|
static int
|
|
fill_schema_applicable_roles_insert_data(ACL_USER_BASE *grantee,
|
|
LEX_STRING *name, TABLE *table)
|
|
{
|
|
CHARSET_INFO *cs= system_charset_info;
|
|
|
|
for (uint i= 0; i < grantee->role_grants.elements; i++)
|
|
{
|
|
ACL_ROLE *role= *(dynamic_element(&grantee->role_grants, i, ACL_ROLE**));
|
|
restore_record(table, s->default_values);
|
|
table->field[0]->store(name->str, name->length, cs);
|
|
table->field[1]->store(role->user.str, role->user.length, cs);
|
|
table->field[2]->store(STRING_WITH_LEN("YES"), cs); // TODO FIXME
|
|
if (schema_table_store_record(table->in_use, table))
|
|
return 1;
|
|
if (! (grantee->flags & IS_ROLE))
|
|
traverse_role_graph(role, table, NULL, NULL, NULL,
|
|
fill_schema_applicable_roles_insert);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
#endif /*NO_EMBEDDED_ACCESS_CHECKS */
|
|
|
|
int fill_schema_enabled_roles(THD *thd, TABLE_LIST *tables, COND *cond)
|
|
{
|
|
TABLE *table= tables->table;
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
if (thd->security_ctx->priv_role[0])
|
|
{
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
ACL_ROLE *acl_role= find_acl_role(thd->security_ctx->priv_role);
|
|
DBUG_ASSERT(acl_role);
|
|
traverse_role_graph(acl_role, table, NULL, NULL, NULL,
|
|
fill_schema_enabled_roles_insert);
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
restore_record(table, s->default_values);
|
|
table->field[0]->set_null();
|
|
return schema_table_store_record(table->in_use, table);
|
|
}
|
|
|
|
|
|
/*
|
|
This shows all roles granted to current user
|
|
and recursively all roles granted to those roles
|
|
*/
|
|
int fill_schema_applicable_roles(THD *thd, TABLE_LIST *tables, COND *cond)
|
|
{
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
if (initialized)
|
|
{
|
|
TABLE *table= tables->table;
|
|
Security_context *sctx= thd->security_ctx;
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
ACL_USER *user= find_user_no_anon(sctx->priv_host, sctx->priv_user, true);
|
|
|
|
char buff[USER_HOST_BUFF_SIZE+10];
|
|
DBUG_ASSERT(user->user.length + user->hostname_length +2 < sizeof(buff));
|
|
char *end= strxmov(buff, user->user.str, "@", user->host.hostname, NULL);
|
|
LEX_STRING name= { buff, (size_t)(end - buff) };
|
|
|
|
int res= fill_schema_applicable_roles_insert_data(user, &name, table);
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
return res;
|
|
}
|
|
#endif
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr)
|
|
{
|
|
reg3 int flag;
|
|
DBUG_ENTER("wild_case_compare");
|
|
DBUG_PRINT("enter",("str: '%s' wildstr: '%s'",str,wildstr));
|
|
while (*wildstr)
|
|
{
|
|
while (*wildstr && *wildstr != wild_many && *wildstr != wild_one)
|
|
{
|
|
if (*wildstr == wild_prefix && wildstr[1])
|
|
wildstr++;
|
|
if (my_toupper(cs, *wildstr++) !=
|
|
my_toupper(cs, *str++)) DBUG_RETURN(1);
|
|
}
|
|
if (! *wildstr ) DBUG_RETURN (*str != 0);
|
|
if (*wildstr++ == wild_one)
|
|
{
|
|
if (! *str++) DBUG_RETURN (1); /* One char; skip */
|
|
}
|
|
else
|
|
{ /* Found '*' */
|
|
if (!*wildstr) DBUG_RETURN(0); /* '*' as last char: OK */
|
|
flag=(*wildstr != wild_many && *wildstr != wild_one);
|
|
do
|
|
{
|
|
if (flag)
|
|
{
|
|
char cmp;
|
|
if ((cmp= *wildstr) == wild_prefix && wildstr[1])
|
|
cmp=wildstr[1];
|
|
cmp=my_toupper(cs, cmp);
|
|
while (*str && my_toupper(cs, *str) != cmp)
|
|
str++;
|
|
if (!*str) DBUG_RETURN (1);
|
|
}
|
|
if (wild_case_compare(cs, str,wildstr) == 0) DBUG_RETURN (0);
|
|
} while (*str++);
|
|
DBUG_RETURN(1);
|
|
}
|
|
}
|
|
DBUG_RETURN (*str != '\0');
|
|
}
|
|
|
|
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
static bool update_schema_privilege(THD *thd, TABLE *table, char *buff,
|
|
const char* db, const char* t_name,
|
|
const char* column, uint col_length,
|
|
const char *priv, uint priv_length,
|
|
const char* is_grantable)
|
|
{
|
|
int i= 2;
|
|
CHARSET_INFO *cs= system_charset_info;
|
|
restore_record(table, s->default_values);
|
|
table->field[0]->store(buff, (uint) strlen(buff), cs);
|
|
table->field[1]->store(STRING_WITH_LEN("def"), cs);
|
|
if (db)
|
|
table->field[i++]->store(db, (uint) strlen(db), cs);
|
|
if (t_name)
|
|
table->field[i++]->store(t_name, (uint) strlen(t_name), cs);
|
|
if (column)
|
|
table->field[i++]->store(column, col_length, cs);
|
|
table->field[i++]->store(priv, priv_length, cs);
|
|
table->field[i]->store(is_grantable, strlen(is_grantable), cs);
|
|
return schema_table_store_record(thd, table);
|
|
}
|
|
#endif
|
|
|
|
|
|
int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
|
|
{
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
int error= 0;
|
|
uint counter;
|
|
ACL_USER *acl_user;
|
|
ulong want_access;
|
|
char buff[100];
|
|
TABLE *table= tables->table;
|
|
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",
|
|
NULL, NULL, 1, 1);
|
|
char *curr_host= thd->security_ctx->priv_host_name();
|
|
DBUG_ENTER("fill_schema_user_privileges");
|
|
|
|
if (!initialized)
|
|
DBUG_RETURN(0);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
for (counter=0 ; counter < acl_users.elements ; counter++)
|
|
{
|
|
const char *user,*host, *is_grantable="YES";
|
|
acl_user=dynamic_element(&acl_users,counter,ACL_USER*);
|
|
if (!(user=acl_user->user.str))
|
|
user= "";
|
|
if (!(host=acl_user->host.hostname))
|
|
host= "";
|
|
|
|
if (no_global_access &&
|
|
(strcmp(thd->security_ctx->priv_user, user) ||
|
|
my_strcasecmp(system_charset_info, curr_host, host)))
|
|
continue;
|
|
|
|
want_access= acl_user->access;
|
|
if (!(want_access & GRANT_ACL))
|
|
is_grantable= "NO";
|
|
|
|
strxmov(buff,"'",user,"'@'",host,"'",NullS);
|
|
if (!(want_access & ~GRANT_ACL))
|
|
{
|
|
if (update_schema_privilege(thd, table, buff, 0, 0, 0, 0,
|
|
STRING_WITH_LEN("USAGE"), is_grantable))
|
|
{
|
|
error= 1;
|
|
goto err;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
uint priv_id;
|
|
ulong j,test_access= want_access & ~GRANT_ACL;
|
|
for (priv_id=0, j = SELECT_ACL;j <= GLOBAL_ACLS; priv_id++,j <<= 1)
|
|
{
|
|
if (test_access & j)
|
|
{
|
|
if (update_schema_privilege(thd, table, buff, 0, 0, 0, 0,
|
|
command_array[priv_id],
|
|
command_lengths[priv_id], is_grantable))
|
|
{
|
|
error= 1;
|
|
goto err;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
err:
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
DBUG_RETURN(error);
|
|
#else
|
|
return(0);
|
|
#endif
|
|
}
|
|
|
|
|
|
int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
|
|
{
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
int error= 0;
|
|
uint counter;
|
|
ACL_DB *acl_db;
|
|
ulong want_access;
|
|
char buff[100];
|
|
TABLE *table= tables->table;
|
|
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",
|
|
NULL, NULL, 1, 1);
|
|
char *curr_host= thd->security_ctx->priv_host_name();
|
|
DBUG_ENTER("fill_schema_schema_privileges");
|
|
|
|
if (!initialized)
|
|
DBUG_RETURN(0);
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
for (counter=0 ; counter < acl_dbs.elements ; counter++)
|
|
{
|
|
const char *user, *host, *is_grantable="YES";
|
|
|
|
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
|
|
if (!(user=acl_db->user))
|
|
user= "";
|
|
if (!(host=acl_db->host.hostname))
|
|
host= "";
|
|
|
|
if (no_global_access &&
|
|
(strcmp(thd->security_ctx->priv_user, user) ||
|
|
my_strcasecmp(system_charset_info, curr_host, host)))
|
|
continue;
|
|
|
|
want_access=acl_db->access;
|
|
if (want_access)
|
|
{
|
|
if (!(want_access & GRANT_ACL))
|
|
{
|
|
is_grantable= "NO";
|
|
}
|
|
strxmov(buff,"'",user,"'@'",host,"'",NullS);
|
|
if (!(want_access & ~GRANT_ACL))
|
|
{
|
|
if (update_schema_privilege(thd, table, buff, acl_db->db, 0, 0,
|
|
0, STRING_WITH_LEN("USAGE"), is_grantable))
|
|
{
|
|
error= 1;
|
|
goto err;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
int cnt;
|
|
ulong j,test_access= want_access & ~GRANT_ACL;
|
|
for (cnt=0, j = SELECT_ACL; j <= DB_ACLS; cnt++,j <<= 1)
|
|
if (test_access & j)
|
|
{
|
|
if (update_schema_privilege(thd, table, buff, acl_db->db, 0, 0, 0,
|
|
command_array[cnt], command_lengths[cnt],
|
|
is_grantable))
|
|
{
|
|
error= 1;
|
|
goto err;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
err:
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
DBUG_RETURN(error);
|
|
#else
|
|
return (0);
|
|
#endif
|
|
}
|
|
|
|
|
|
int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
|
|
{
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
int error= 0;
|
|
uint index;
|
|
char buff[100];
|
|
TABLE *table= tables->table;
|
|
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",
|
|
NULL, NULL, 1, 1);
|
|
char *curr_host= thd->security_ctx->priv_host_name();
|
|
DBUG_ENTER("fill_schema_table_privileges");
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
|
|
for (index=0 ; index < column_priv_hash.records ; index++)
|
|
{
|
|
const char *user, *host, *is_grantable= "YES";
|
|
GRANT_TABLE *grant_table= (GRANT_TABLE*) my_hash_element(&column_priv_hash,
|
|
index);
|
|
if (!(user=grant_table->user))
|
|
user= "";
|
|
if (!(host= grant_table->host.hostname))
|
|
host= "";
|
|
|
|
if (no_global_access &&
|
|
(strcmp(thd->security_ctx->priv_user, user) ||
|
|
my_strcasecmp(system_charset_info, curr_host, host)))
|
|
continue;
|
|
|
|
ulong table_access= grant_table->privs;
|
|
if (table_access)
|
|
{
|
|
ulong test_access= table_access & ~GRANT_ACL;
|
|
/*
|
|
We should skip 'usage' privilege on table if
|
|
we have any privileges on column(s) of this table
|
|
*/
|
|
if (!test_access && grant_table->cols)
|
|
continue;
|
|
if (!(table_access & GRANT_ACL))
|
|
is_grantable= "NO";
|
|
|
|
strxmov(buff, "'", user, "'@'", host, "'", NullS);
|
|
if (!test_access)
|
|
{
|
|
if (update_schema_privilege(thd, table, buff, grant_table->db,
|
|
grant_table->tname, 0, 0,
|
|
STRING_WITH_LEN("USAGE"), is_grantable))
|
|
{
|
|
error= 1;
|
|
goto err;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
ulong j;
|
|
int cnt;
|
|
for (cnt= 0, j= SELECT_ACL; j <= TABLE_ACLS; cnt++, j<<= 1)
|
|
{
|
|
if (test_access & j)
|
|
{
|
|
if (update_schema_privilege(thd, table, buff, grant_table->db,
|
|
grant_table->tname, 0, 0,
|
|
command_array[cnt],
|
|
command_lengths[cnt], is_grantable))
|
|
{
|
|
error= 1;
|
|
goto err;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
err:
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
DBUG_RETURN(error);
|
|
#else
|
|
return (0);
|
|
#endif
|
|
}
|
|
|
|
|
|
int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
|
|
{
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
int error= 0;
|
|
uint index;
|
|
char buff[100];
|
|
TABLE *table= tables->table;
|
|
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",
|
|
NULL, NULL, 1, 1);
|
|
char *curr_host= thd->security_ctx->priv_host_name();
|
|
DBUG_ENTER("fill_schema_table_privileges");
|
|
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
|
|
for (index=0 ; index < column_priv_hash.records ; index++)
|
|
{
|
|
const char *user, *host, *is_grantable= "YES";
|
|
GRANT_TABLE *grant_table= (GRANT_TABLE*) my_hash_element(&column_priv_hash,
|
|
index);
|
|
if (!(user=grant_table->user))
|
|
user= "";
|
|
if (!(host= grant_table->host.hostname))
|
|
host= "";
|
|
|
|
if (no_global_access &&
|
|
(strcmp(thd->security_ctx->priv_user, user) ||
|
|
my_strcasecmp(system_charset_info, curr_host, host)))
|
|
continue;
|
|
|
|
ulong table_access= grant_table->cols;
|
|
if (table_access != 0)
|
|
{
|
|
if (!(grant_table->privs & GRANT_ACL))
|
|
is_grantable= "NO";
|
|
|
|
ulong test_access= table_access & ~GRANT_ACL;
|
|
strxmov(buff, "'", user, "'@'", host, "'", NullS);
|
|
if (!test_access)
|
|
continue;
|
|
else
|
|
{
|
|
ulong j;
|
|
int cnt;
|
|
for (cnt= 0, j= SELECT_ACL; j <= TABLE_ACLS; cnt++, j<<= 1)
|
|
{
|
|
if (test_access & j)
|
|
{
|
|
for (uint col_index=0 ;
|
|
col_index < grant_table->hash_columns.records ;
|
|
col_index++)
|
|
{
|
|
GRANT_COLUMN *grant_column = (GRANT_COLUMN*)
|
|
my_hash_element(&grant_table->hash_columns,col_index);
|
|
if ((grant_column->rights & j) && (table_access & j))
|
|
{
|
|
if (update_schema_privilege(thd, table, buff, grant_table->db,
|
|
grant_table->tname,
|
|
grant_column->column,
|
|
grant_column->key_length,
|
|
command_array[cnt],
|
|
command_lengths[cnt], is_grantable))
|
|
{
|
|
error= 1;
|
|
goto err;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
err:
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
DBUG_RETURN(error);
|
|
#else
|
|
return (0);
|
|
#endif
|
|
}
|
|
|
|
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
/*
|
|
fill effective privileges for table
|
|
|
|
SYNOPSIS
|
|
fill_effective_table_privileges()
|
|
thd thread handler
|
|
grant grants table descriptor
|
|
db db name
|
|
table table name
|
|
*/
|
|
|
|
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
|
|
const char *db, const char *table)
|
|
{
|
|
Security_context *sctx= thd->security_ctx;
|
|
DBUG_ENTER("fill_effective_table_privileges");
|
|
DBUG_PRINT("enter", ("Host: '%s', Ip: '%s', User: '%s', table: `%s`.`%s`",
|
|
sctx->priv_host, (sctx->ip ? sctx->ip : "(NULL)"),
|
|
(sctx->priv_user ? sctx->priv_user : "(NULL)"),
|
|
db, table));
|
|
/* --skip-grants */
|
|
if (!initialized)
|
|
{
|
|
DBUG_PRINT("info", ("skip grants"));
|
|
grant->privilege= ~NO_ACCESS; // everything is allowed
|
|
DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege));
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
|
|
/* global privileges */
|
|
grant->privilege= sctx->master_access;
|
|
|
|
if (!sctx->priv_user)
|
|
{
|
|
DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege));
|
|
DBUG_VOID_RETURN; // it is slave
|
|
}
|
|
|
|
/* db privileges */
|
|
grant->privilege|= acl_get(sctx->host, sctx->ip, sctx->priv_user, db, 0);
|
|
/* db privileges for role */
|
|
if (sctx->priv_role[0])
|
|
grant->privilege|= acl_get("", "", sctx->priv_role, db, 0);
|
|
|
|
/* table privileges */
|
|
mysql_rwlock_rdlock(&LOCK_grant);
|
|
if (grant->version != grant_version)
|
|
{
|
|
grant->grant_table_user=
|
|
table_hash_search(sctx->host, sctx->ip, db,
|
|
sctx->priv_user,
|
|
table, 0); /* purecov: inspected */
|
|
grant->grant_table_role=
|
|
sctx->priv_role[0] ? table_hash_search("", "", db,
|
|
sctx->priv_role,
|
|
table, TRUE) : NULL;
|
|
grant->version= grant_version; /* purecov: inspected */
|
|
}
|
|
if (grant->grant_table_user != 0)
|
|
{
|
|
grant->privilege|= grant->grant_table_user->privs;
|
|
}
|
|
if (grant->grant_table_role != 0)
|
|
{
|
|
grant->privilege|= grant->grant_table_role->privs;
|
|
}
|
|
mysql_rwlock_unlock(&LOCK_grant);
|
|
|
|
DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege));
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
|
|
#else /* NO_EMBEDDED_ACCESS_CHECKS */
|
|
|
|
/****************************************************************************
|
|
Dummy wrappers when we don't have any access checks
|
|
****************************************************************************/
|
|
|
|
bool check_routine_level_acl(THD *thd, const char *db, const char *name,
|
|
bool is_proc)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
#endif
|
|
|
|
struct ACL_internal_schema_registry_entry
|
|
{
|
|
const LEX_STRING *m_name;
|
|
const ACL_internal_schema_access *m_access;
|
|
};
|
|
|
|
/**
|
|
Internal schema registered.
|
|
Currently, this is only:
|
|
- performance_schema
|
|
- information_schema,
|
|
This can be reused later for:
|
|
- mysql
|
|
*/
|
|
static ACL_internal_schema_registry_entry registry_array[2];
|
|
static uint m_registry_array_size= 0;
|
|
|
|
/**
|
|
Add an internal schema to the registry.
|
|
@param name the schema name
|
|
@param access the schema ACL specific rules
|
|
*/
|
|
void ACL_internal_schema_registry::register_schema
|
|
(const LEX_STRING *name, const ACL_internal_schema_access *access)
|
|
{
|
|
DBUG_ASSERT(m_registry_array_size < array_elements(registry_array));
|
|
|
|
/* Not thread safe, and does not need to be. */
|
|
registry_array[m_registry_array_size].m_name= name;
|
|
registry_array[m_registry_array_size].m_access= access;
|
|
m_registry_array_size++;
|
|
}
|
|
|
|
/**
|
|
Search per internal schema ACL by name.
|
|
@param name a schema name
|
|
@return per schema rules, or NULL
|
|
*/
|
|
const ACL_internal_schema_access *
|
|
ACL_internal_schema_registry::lookup(const char *name)
|
|
{
|
|
DBUG_ASSERT(name != NULL);
|
|
|
|
uint i;
|
|
|
|
for (i= 0; i<m_registry_array_size; i++)
|
|
{
|
|
if (my_strcasecmp(system_charset_info, registry_array[i].m_name->str,
|
|
name) == 0)
|
|
return registry_array[i].m_access;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
Get a cached internal schema access.
|
|
@param grant_internal_info the cache
|
|
@param schema_name the name of the internal schema
|
|
*/
|
|
const ACL_internal_schema_access *
|
|
get_cached_schema_access(GRANT_INTERNAL_INFO *grant_internal_info,
|
|
const char *schema_name)
|
|
{
|
|
if (grant_internal_info)
|
|
{
|
|
if (! grant_internal_info->m_schema_lookup_done)
|
|
{
|
|
grant_internal_info->m_schema_access=
|
|
ACL_internal_schema_registry::lookup(schema_name);
|
|
grant_internal_info->m_schema_lookup_done= TRUE;
|
|
}
|
|
return grant_internal_info->m_schema_access;
|
|
}
|
|
return ACL_internal_schema_registry::lookup(schema_name);
|
|
}
|
|
|
|
/**
|
|
Get a cached internal table access.
|
|
@param grant_internal_info the cache
|
|
@param schema_name the name of the internal schema
|
|
@param table_name the name of the internal table
|
|
*/
|
|
const ACL_internal_table_access *
|
|
get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info,
|
|
const char *schema_name,
|
|
const char *table_name)
|
|
{
|
|
DBUG_ASSERT(grant_internal_info);
|
|
if (! grant_internal_info->m_table_lookup_done)
|
|
{
|
|
const ACL_internal_schema_access *schema_access;
|
|
schema_access= get_cached_schema_access(grant_internal_info, schema_name);
|
|
if (schema_access)
|
|
grant_internal_info->m_table_access= schema_access->lookup(table_name);
|
|
grant_internal_info->m_table_lookup_done= TRUE;
|
|
}
|
|
return grant_internal_info->m_table_access;
|
|
}
|
|
|
|
|
|
/****************************************************************************
|
|
AUTHENTICATION CODE
|
|
including initial connect handshake, invoking appropriate plugins,
|
|
client-server plugin negotiation, COM_CHANGE_USER, and native
|
|
MySQL authentication plugins.
|
|
****************************************************************************/
|
|
|
|
/* few defines to have less ifdef's in the code below */
|
|
#ifdef EMBEDDED_LIBRARY
|
|
#undef HAVE_OPENSSL
|
|
#ifdef NO_EMBEDDED_ACCESS_CHECKS
|
|
#define initialized 0
|
|
#define check_for_max_user_connections(X,Y) 0
|
|
#define get_or_create_user_conn(A,B,C,D) 0
|
|
#endif
|
|
#endif
|
|
#ifndef HAVE_OPENSSL
|
|
#define ssl_acceptor_fd 0
|
|
#define sslaccept(A,B,C,D) 1
|
|
#endif
|
|
|
|
/**
|
|
The internal version of what plugins know as MYSQL_PLUGIN_VIO,
|
|
basically the context of the authentication session
|
|
*/
|
|
struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
|
|
{
|
|
MYSQL_SERVER_AUTH_INFO auth_info;
|
|
THD *thd;
|
|
ACL_USER *acl_user; ///< a copy, independent from acl_users array
|
|
plugin_ref plugin; ///< what plugin we're under
|
|
LEX_STRING db; ///< db name from the handshake packet
|
|
/** when restarting a plugin this caches the last client reply */
|
|
struct {
|
|
char *plugin, *pkt; ///< pointers into NET::buff
|
|
uint pkt_len;
|
|
} cached_client_reply;
|
|
/** this caches the first plugin packet for restart request on the client */
|
|
struct {
|
|
char *pkt;
|
|
uint pkt_len;
|
|
} cached_server_packet;
|
|
int packets_read, packets_written; ///< counters for send/received packets
|
|
uint connect_errors; ///< if there were connect errors for this host
|
|
bool make_it_fail;
|
|
/** when plugin returns a failure this tells us what really happened */
|
|
enum { SUCCESS, FAILURE, RESTART } status;
|
|
};
|
|
|
|
/**
|
|
a helper function to report an access denied error in all the proper places
|
|
*/
|
|
static void login_failed_error(THD *thd)
|
|
{
|
|
my_error(access_denied_error_code(thd->password), MYF(0),
|
|
thd->main_security_ctx.user,
|
|
thd->main_security_ctx.host_or_ip,
|
|
thd->password ? ER(ER_YES) : ER(ER_NO));
|
|
general_log_print(thd, COM_CONNECT,
|
|
ER(access_denied_error_code(thd->password)),
|
|
thd->main_security_ctx.user,
|
|
thd->main_security_ctx.host_or_ip,
|
|
thd->password ? ER(ER_YES) : ER(ER_NO));
|
|
status_var_increment(thd->status_var.access_denied_errors);
|
|
/*
|
|
Log access denied messages to the error log when log-warnings = 2
|
|
so that the overhead of the general query log is not required to track
|
|
failed connections.
|
|
*/
|
|
if (global_system_variables.log_warnings > 1)
|
|
{
|
|
sql_print_warning(ER(access_denied_error_code(thd->password)),
|
|
thd->main_security_ctx.user,
|
|
thd->main_security_ctx.host_or_ip,
|
|
thd->password ? ER(ER_YES) : ER(ER_NO));
|
|
}
|
|
}
|
|
|
|
/**
|
|
sends a server handshake initialization packet, the very first packet
|
|
after the connection was established
|
|
|
|
Packet format:
|
|
|
|
Bytes Content
|
|
----- ----
|
|
1 protocol version (always 10)
|
|
n server version string, \0-terminated
|
|
4 thread id
|
|
8 first 8 bytes of the plugin provided data (scramble)
|
|
1 \0 byte, terminating the first part of a scramble
|
|
2 server capabilities (two lower bytes)
|
|
1 server character set
|
|
2 server status
|
|
2 server capabilities (two upper bytes)
|
|
1 length of the scramble
|
|
10 reserved, always 0
|
|
n rest of the plugin provided data (at least 12 bytes)
|
|
1 \0 byte, terminating the second part of a scramble
|
|
|
|
@retval 0 ok
|
|
@retval 1 error
|
|
*/
|
|
static bool send_server_handshake_packet(MPVIO_EXT *mpvio,
|
|
const char *data, uint data_len)
|
|
{
|
|
DBUG_ASSERT(mpvio->status == MPVIO_EXT::FAILURE);
|
|
DBUG_ASSERT(data_len <= 255);
|
|
|
|
THD *thd= mpvio->thd;
|
|
char *buff= (char *) my_alloca(1 + SERVER_VERSION_LENGTH + 1 + data_len + 64);
|
|
char scramble_buf[SCRAMBLE_LENGTH];
|
|
char *end= buff;
|
|
DBUG_ENTER("send_server_handshake_packet");
|
|
|
|
*end++= protocol_version;
|
|
|
|
thd->client_capabilities= CLIENT_BASIC_FLAGS;
|
|
|
|
if (opt_using_transactions)
|
|
thd->client_capabilities|= CLIENT_TRANSACTIONS;
|
|
|
|
thd->client_capabilities|= CAN_CLIENT_COMPRESS;
|
|
|
|
if (ssl_acceptor_fd)
|
|
{
|
|
thd->client_capabilities |= CLIENT_SSL;
|
|
thd->client_capabilities |= CLIENT_SSL_VERIFY_SERVER_CERT;
|
|
}
|
|
|
|
if (data_len)
|
|
{
|
|
mpvio->cached_server_packet.pkt= (char*)thd->memdup(data, data_len);
|
|
mpvio->cached_server_packet.pkt_len= data_len;
|
|
}
|
|
|
|
if (data_len < SCRAMBLE_LENGTH)
|
|
{
|
|
if (data_len)
|
|
{
|
|
/*
|
|
the first packet *must* have at least 20 bytes of a scramble.
|
|
if a plugin provided less, we pad it to 20 with zeros
|
|
*/
|
|
memcpy(scramble_buf, data, data_len);
|
|
bzero(scramble_buf + data_len, SCRAMBLE_LENGTH - data_len);
|
|
data= scramble_buf;
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
if the default plugin does not provide the data for the scramble at
|
|
all, we generate a scramble internally anyway, just in case the
|
|
user account (that will be known only later) uses a
|
|
native_password_plugin (which needs a scramble). If we don't send a
|
|
scramble now - wasting 20 bytes in the packet -
|
|
native_password_plugin will have to send it in a separate packet,
|
|
adding one more round trip.
|
|
*/
|
|
create_random_string(thd->scramble, SCRAMBLE_LENGTH, &thd->rand);
|
|
data= thd->scramble;
|
|
}
|
|
data_len= SCRAMBLE_LENGTH;
|
|
}
|
|
|
|
end= strxnmov(end, SERVER_VERSION_LENGTH, RPL_VERSION_HACK, server_version, NullS) + 1;
|
|
int4store((uchar*) end, mpvio->thd->thread_id);
|
|
end+= 4;
|
|
|
|
/*
|
|
Old clients does not understand long scrambles, but can ignore packet
|
|
tail: that's why first part of the scramble is placed here, and second
|
|
part at the end of packet.
|
|
*/
|
|
end= (char*) memcpy(end, data, SCRAMBLE_LENGTH_323);
|
|
end+= SCRAMBLE_LENGTH_323;
|
|
*end++= 0;
|
|
|
|
int2store(end, thd->client_capabilities);
|
|
/* write server characteristics: up to 16 bytes allowed */
|
|
end[2]= (char) default_charset_info->number;
|
|
int2store(end+3, mpvio->thd->server_status);
|
|
int2store(end+5, thd->client_capabilities >> 16);
|
|
end[7]= data_len;
|
|
DBUG_EXECUTE_IF("poison_srv_handshake_scramble_len", end[7]= -100;);
|
|
bzero(end + 8, 10);
|
|
end+= 18;
|
|
/* write scramble tail */
|
|
end= (char*) memcpy(end, data + SCRAMBLE_LENGTH_323,
|
|
data_len - SCRAMBLE_LENGTH_323);
|
|
end+= data_len - SCRAMBLE_LENGTH_323;
|
|
end= strmake(end, plugin_name(mpvio->plugin)->str,
|
|
plugin_name(mpvio->plugin)->length);
|
|
|
|
int res= my_net_write(&mpvio->thd->net, (uchar*) buff,
|
|
(size_t) (end - buff + 1)) ||
|
|
net_flush(&mpvio->thd->net);
|
|
my_afree(buff);
|
|
DBUG_RETURN (res);
|
|
}
|
|
|
|
static bool secure_auth(THD *thd)
|
|
{
|
|
if (!opt_secure_auth)
|
|
return 0;
|
|
|
|
/*
|
|
If the server is running in secure auth mode, short scrambles are
|
|
forbidden. Extra juggling to report the same error as the old code.
|
|
*/
|
|
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
|
|
{
|
|
my_error(ER_SERVER_IS_IN_SECURE_AUTH_MODE, MYF(0),
|
|
thd->security_ctx->user,
|
|
thd->security_ctx->host_or_ip);
|
|
general_log_print(thd, COM_CONNECT, ER(ER_SERVER_IS_IN_SECURE_AUTH_MODE),
|
|
thd->security_ctx->user,
|
|
thd->security_ctx->host_or_ip);
|
|
}
|
|
else
|
|
{
|
|
my_error(ER_NOT_SUPPORTED_AUTH_MODE, MYF(0));
|
|
general_log_print(thd, COM_CONNECT, ER(ER_NOT_SUPPORTED_AUTH_MODE));
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
/**
|
|
sends a "change plugin" packet, requesting a client to restart authentication
|
|
using a different authentication plugin
|
|
|
|
Packet format:
|
|
|
|
Bytes Content
|
|
----- ----
|
|
1 byte with the value 254
|
|
n client plugin to use, \0-terminated
|
|
n plugin provided data
|
|
|
|
In a special case of switching from native_password_plugin to
|
|
old_password_plugin, the packet contains only one - the first - byte,
|
|
plugin name is omitted, plugin data aren't needed as the scramble was
|
|
already sent. This one-byte packet is identical to the "use the short
|
|
scramble" packet in the protocol before plugins were introduced.
|
|
|
|
@retval 0 ok
|
|
@retval 1 error
|
|
*/
|
|
static bool send_plugin_request_packet(MPVIO_EXT *mpvio,
|
|
const uchar *data, uint data_len)
|
|
{
|
|
DBUG_ASSERT(mpvio->packets_written == 1);
|
|
DBUG_ASSERT(mpvio->packets_read == 1);
|
|
NET *net= &mpvio->thd->net;
|
|
static uchar switch_plugin_request_buf[]= { 254 };
|
|
DBUG_ENTER("send_plugin_request_packet");
|
|
|
|
mpvio->status= MPVIO_EXT::FAILURE; // the status is no longer RESTART
|
|
|
|
const char *client_auth_plugin=
|
|
((st_mysql_auth *) (plugin_decl(mpvio->plugin)->info))->client_auth_plugin;
|
|
|
|
DBUG_ASSERT(client_auth_plugin);
|
|
|
|
/*
|
|
we send an old "short 4.0 scramble request", if we need to request a
|
|
client to use 4.0 auth plugin (short scramble) and the scramble was
|
|
already sent to the client
|
|
|
|
below, cached_client_reply.plugin is the plugin name that client has used,
|
|
client_auth_plugin is derived from mysql.user table, for the given
|
|
user account, it's the plugin that the client need to use to login.
|
|
*/
|
|
bool switch_from_long_to_short_scramble=
|
|
native_password_plugin_name.str == mpvio->cached_client_reply.plugin &&
|
|
client_auth_plugin == old_password_plugin_name.str;
|
|
|
|
if (switch_from_long_to_short_scramble)
|
|
DBUG_RETURN (secure_auth(mpvio->thd) ||
|
|
my_net_write(net, switch_plugin_request_buf, 1) ||
|
|
net_flush(net));
|
|
|
|
/*
|
|
We never request a client to switch from a short to long scramble.
|
|
Plugin-aware clients can do that, but traditionally it meant to
|
|
ask an old 4.0 client to use the new 4.1 authentication protocol.
|
|
*/
|
|
bool switch_from_short_to_long_scramble=
|
|
old_password_plugin_name.str == mpvio->cached_client_reply.plugin &&
|
|
client_auth_plugin == native_password_plugin_name.str;
|
|
|
|
if (switch_from_short_to_long_scramble)
|
|
{
|
|
my_error(ER_NOT_SUPPORTED_AUTH_MODE, MYF(0));
|
|
general_log_print(mpvio->thd, COM_CONNECT, ER(ER_NOT_SUPPORTED_AUTH_MODE));
|
|
DBUG_RETURN (1);
|
|
}
|
|
|
|
DBUG_PRINT("info", ("requesting client to use the %s plugin",
|
|
client_auth_plugin));
|
|
DBUG_RETURN(net_write_command(net, switch_plugin_request_buf[0],
|
|
(uchar*) client_auth_plugin,
|
|
strlen(client_auth_plugin) + 1,
|
|
(uchar*) data, data_len));
|
|
}
|
|
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
/**
|
|
Finds acl entry in user database for authentication purposes.
|
|
|
|
Finds a user and copies it into mpvio. Creates a fake user
|
|
if no matching user account is found.
|
|
|
|
@note find_user_no_anon is not the same, because it doesn't take into
|
|
account the case when user is not empty, but acl_user->user is empty
|
|
|
|
@retval 0 found
|
|
@retval 1 error
|
|
*/
|
|
static bool find_mpvio_user(MPVIO_EXT *mpvio)
|
|
{
|
|
Security_context *sctx= mpvio->thd->security_ctx;
|
|
DBUG_ENTER("find_mpvio_user");
|
|
DBUG_ASSERT(mpvio->acl_user == 0);
|
|
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
|
|
ACL_USER *user= find_user(sctx->host, sctx->user, sctx->ip);
|
|
if (user)
|
|
mpvio->acl_user= user->copy(&mem);
|
|
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
if (!mpvio->acl_user)
|
|
{
|
|
/*
|
|
A matching user was not found. Fake it. Take any user, make the
|
|
authentication fail later.
|
|
This way we get a realistically looking failure, with occasional
|
|
"change auth plugin" requests even for nonexistent users. The ratio
|
|
of "change auth plugin" request will be the same for real and
|
|
nonexistent users.
|
|
Note, that we cannot pick any user at random, it must always be
|
|
the same user account for the incoming sctx->user name.
|
|
*/
|
|
ulong nr1=1, nr2=4;
|
|
CHARSET_INFO *cs= &my_charset_latin1;
|
|
cs->coll->hash_sort(cs, (uchar*) sctx->user, strlen(sctx->user), &nr1, &nr2);
|
|
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
if (!acl_users.elements)
|
|
{
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
login_failed_error(mpvio->thd);
|
|
DBUG_RETURN(1);
|
|
}
|
|
uint i= nr1 % acl_users.elements;
|
|
ACL_USER *acl_user_tmp= dynamic_element(&acl_users, i, ACL_USER*);
|
|
mpvio->acl_user= acl_user_tmp->copy(mpvio->thd->mem_root);
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
|
|
mpvio->make_it_fail= true;
|
|
}
|
|
|
|
/* user account requires non-default plugin and the client is too old */
|
|
if (mpvio->acl_user->plugin.str != native_password_plugin_name.str &&
|
|
mpvio->acl_user->plugin.str != old_password_plugin_name.str &&
|
|
!(mpvio->thd->client_capabilities & CLIENT_PLUGIN_AUTH))
|
|
{
|
|
DBUG_ASSERT(my_strcasecmp(system_charset_info, mpvio->acl_user->plugin.str,
|
|
native_password_plugin_name.str));
|
|
DBUG_ASSERT(my_strcasecmp(system_charset_info, mpvio->acl_user->plugin.str,
|
|
old_password_plugin_name.str));
|
|
my_error(ER_NOT_SUPPORTED_AUTH_MODE, MYF(0));
|
|
general_log_print(mpvio->thd, COM_CONNECT, ER(ER_NOT_SUPPORTED_AUTH_MODE));
|
|
DBUG_RETURN (1);
|
|
}
|
|
|
|
mpvio->auth_info.user_name= sctx->user;
|
|
mpvio->auth_info.user_name_length= strlen(sctx->user);
|
|
mpvio->auth_info.auth_string= mpvio->acl_user->auth_string.str;
|
|
mpvio->auth_info.auth_string_length= (unsigned long) mpvio->acl_user->auth_string.length;
|
|
strmake_buf(mpvio->auth_info.authenticated_as, mpvio->acl_user->user.str ?
|
|
mpvio->acl_user->user.str : "");
|
|
|
|
DBUG_PRINT("info", ("exit: user=%s, auth_string=%s, authenticated as=%s"
|
|
"plugin=%s",
|
|
mpvio->auth_info.user_name,
|
|
mpvio->auth_info.auth_string,
|
|
mpvio->auth_info.authenticated_as,
|
|
mpvio->acl_user->plugin.str));
|
|
DBUG_RETURN(0);
|
|
}
|
|
#endif
|
|
|
|
/* the packet format is described in send_change_user_packet() */
|
|
static bool parse_com_change_user_packet(MPVIO_EXT *mpvio, uint packet_length)
|
|
{
|
|
THD *thd= mpvio->thd;
|
|
NET *net= &thd->net;
|
|
Security_context *sctx= thd->security_ctx;
|
|
|
|
char *user= (char*) net->read_pos;
|
|
char *end= user + packet_length;
|
|
/* Safe because there is always a trailing \0 at the end of the packet */
|
|
char *passwd= strend(user) + 1;
|
|
uint user_len= passwd - user - 1;
|
|
char *db= passwd;
|
|
char db_buff[SAFE_NAME_LEN + 1]; // buffer to store db in utf8
|
|
char user_buff[USERNAME_LENGTH + 1]; // buffer to store user in utf8
|
|
uint dummy_errors;
|
|
DBUG_ENTER ("parse_com_change_user_packet");
|
|
|
|
if (passwd >= end)
|
|
{
|
|
my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));
|
|
DBUG_RETURN (1);
|
|
}
|
|
|
|
/*
|
|
Old clients send null-terminated string as password; new clients send
|
|
the size (1 byte) + string (not null-terminated). Hence in case of empty
|
|
password both send '\0'.
|
|
|
|
This strlen() can't be easily deleted without changing protocol.
|
|
|
|
Cast *passwd to an unsigned char, so that it doesn't extend the sign for
|
|
*passwd > 127 and become 2**32-127+ after casting to uint.
|
|
*/
|
|
uint passwd_len= (thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
|
|
(uchar) (*passwd++) : strlen(passwd));
|
|
|
|
db+= passwd_len + 1;
|
|
/*
|
|
Database name is always NUL-terminated, so in case of empty database
|
|
the packet must contain at least the trailing '\0'.
|
|
*/
|
|
if (db >= end)
|
|
{
|
|
my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));
|
|
DBUG_RETURN (1);
|
|
}
|
|
|
|
uint db_len= strlen(db);
|
|
|
|
char *ptr= db + db_len + 1;
|
|
|
|
if (ptr + 1 < end)
|
|
{
|
|
if (thd_init_client_charset(thd, uint2korr(ptr)))
|
|
DBUG_RETURN(1);
|
|
thd->update_charset();
|
|
}
|
|
|
|
/* Convert database and user names to utf8 */
|
|
db_len= copy_and_convert(db_buff, sizeof(db_buff) - 1, system_charset_info,
|
|
db, db_len, thd->charset(), &dummy_errors);
|
|
|
|
user_len= copy_and_convert(user_buff, sizeof(user_buff) - 1,
|
|
system_charset_info, user, user_len,
|
|
thd->charset(), &dummy_errors);
|
|
|
|
if (!(sctx->user= my_strndup(user_buff, user_len, MYF(MY_WME))))
|
|
DBUG_RETURN(1);
|
|
|
|
/* Clear variables that are allocated */
|
|
thd->user_connect= 0;
|
|
strmake_buf(sctx->priv_user, sctx->user);
|
|
|
|
if (thd->make_lex_string(&mpvio->db, db_buff, db_len) == 0)
|
|
DBUG_RETURN(1); /* The error is set by make_lex_string(). */
|
|
|
|
/*
|
|
Clear thd->db as it points to something, that will be freed when
|
|
connection is closed. We don't want to accidentally free a wrong
|
|
pointer if connect failed.
|
|
*/
|
|
thd->reset_db(NULL, 0);
|
|
|
|
if (!initialized)
|
|
{
|
|
// if mysqld's been started with --skip-grant-tables option
|
|
mpvio->status= MPVIO_EXT::SUCCESS;
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
thd->password= passwd_len > 0;
|
|
if (find_mpvio_user(mpvio))
|
|
DBUG_RETURN(1);
|
|
|
|
char *client_plugin;
|
|
if (thd->client_capabilities & CLIENT_PLUGIN_AUTH)
|
|
{
|
|
client_plugin= ptr + 2;
|
|
if (client_plugin >= end)
|
|
{
|
|
my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));
|
|
DBUG_RETURN(1);
|
|
}
|
|
client_plugin= fix_plugin_ptr(client_plugin);
|
|
}
|
|
else
|
|
{
|
|
if (thd->client_capabilities & CLIENT_SECURE_CONNECTION)
|
|
client_plugin= native_password_plugin_name.str;
|
|
else
|
|
{
|
|
client_plugin= old_password_plugin_name.str;
|
|
/*
|
|
For a passwordless accounts we use native_password_plugin.
|
|
But when an old 4.0 client connects to it, we change it to
|
|
old_password_plugin, otherwise MySQL will think that server
|
|
and client plugins don't match.
|
|
*/
|
|
if (mpvio->acl_user->auth_string.length == 0)
|
|
mpvio->acl_user->plugin= old_password_plugin_name;
|
|
}
|
|
}
|
|
|
|
DBUG_PRINT("info", ("client_plugin=%s, restart", client_plugin));
|
|
/*
|
|
Remember the data part of the packet, to present it to plugin in
|
|
read_packet()
|
|
*/
|
|
mpvio->cached_client_reply.pkt= passwd;
|
|
mpvio->cached_client_reply.pkt_len= passwd_len;
|
|
mpvio->cached_client_reply.plugin= client_plugin;
|
|
mpvio->status= MPVIO_EXT::RESTART;
|
|
#endif
|
|
|
|
DBUG_RETURN (0);
|
|
}
|
|
|
|
|
|
/* the packet format is described in send_client_reply_packet() */
|
|
static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
|
|
uchar **buff, ulong pkt_len)
|
|
{
|
|
#ifndef EMBEDDED_LIBRARY
|
|
THD *thd= mpvio->thd;
|
|
NET *net= &thd->net;
|
|
char *end;
|
|
DBUG_ASSERT(mpvio->status == MPVIO_EXT::FAILURE);
|
|
|
|
if (pkt_len < MIN_HANDSHAKE_SIZE)
|
|
return packet_error;
|
|
|
|
/*
|
|
Protocol buffer is guaranteed to always end with \0. (see my_net_read())
|
|
As the code below depends on this, lets check that.
|
|
*/
|
|
DBUG_ASSERT(net->read_pos[pkt_len] == 0);
|
|
|
|
if (mpvio->connect_errors)
|
|
reset_host_errors(thd->main_security_ctx.ip);
|
|
|
|
ulong client_capabilities= uint2korr(net->read_pos);
|
|
if (client_capabilities & CLIENT_PROTOCOL_41)
|
|
{
|
|
if (pkt_len < 4)
|
|
return packet_error;
|
|
client_capabilities|= ((ulong) uint2korr(net->read_pos+2)) << 16;
|
|
}
|
|
|
|
/* Disable those bits which are not supported by the client. */
|
|
thd->client_capabilities&= client_capabilities;
|
|
|
|
DBUG_PRINT("info", ("client capabilities: %lu", thd->client_capabilities));
|
|
if (thd->client_capabilities & CLIENT_SSL)
|
|
{
|
|
unsigned long errptr __attribute__((unused));
|
|
|
|
/* Do the SSL layering. */
|
|
if (!ssl_acceptor_fd)
|
|
return packet_error;
|
|
|
|
DBUG_PRINT("info", ("IO layer change in progress..."));
|
|
if (sslaccept(ssl_acceptor_fd, net->vio, net->read_timeout, &errptr))
|
|
{
|
|
DBUG_PRINT("error", ("Failed to accept new SSL connection"));
|
|
return packet_error;
|
|
}
|
|
|
|
DBUG_PRINT("info", ("Reading user information over SSL layer"));
|
|
pkt_len= my_net_read(net);
|
|
if (pkt_len == packet_error || pkt_len < NORMAL_HANDSHAKE_SIZE)
|
|
{
|
|
DBUG_PRINT("error", ("Failed to read user information (pkt_len= %lu)",
|
|
pkt_len));
|
|
return packet_error;
|
|
}
|
|
}
|
|
|
|
if (client_capabilities & CLIENT_PROTOCOL_41)
|
|
{
|
|
if (pkt_len < 32)
|
|
return packet_error;
|
|
thd->max_client_packet_length= uint4korr(net->read_pos+4);
|
|
DBUG_PRINT("info", ("client_character_set: %d", (uint) net->read_pos[8]));
|
|
if (thd_init_client_charset(thd, (uint) net->read_pos[8]))
|
|
return packet_error;
|
|
thd->update_charset();
|
|
end= (char*) net->read_pos+32;
|
|
}
|
|
else
|
|
{
|
|
if (pkt_len < 5)
|
|
return packet_error;
|
|
thd->max_client_packet_length= uint3korr(net->read_pos+2);
|
|
end= (char*) net->read_pos+5;
|
|
}
|
|
|
|
if (end >= (char*) net->read_pos+ pkt_len +2)
|
|
return packet_error;
|
|
|
|
if (thd->client_capabilities & CLIENT_IGNORE_SPACE)
|
|
thd->variables.sql_mode|= MODE_IGNORE_SPACE;
|
|
if (thd->client_capabilities & CLIENT_INTERACTIVE)
|
|
thd->variables.net_wait_timeout= thd->variables.net_interactive_timeout;
|
|
|
|
if (end >= (char*) net->read_pos+ pkt_len +2)
|
|
return packet_error;
|
|
|
|
if ((thd->client_capabilities & CLIENT_TRANSACTIONS) &&
|
|
opt_using_transactions)
|
|
net->return_status= &thd->server_status;
|
|
|
|
char *user= end;
|
|
char *passwd= strend(user)+1;
|
|
uint user_len= passwd - user - 1, db_len;
|
|
char *db= passwd;
|
|
char db_buff[SAFE_NAME_LEN + 1]; // buffer to store db in utf8
|
|
char user_buff[USERNAME_LENGTH + 1]; // buffer to store user in utf8
|
|
uint dummy_errors;
|
|
|
|
/*
|
|
Old clients send null-terminated string as password; new clients send
|
|
the size (1 byte) + string (not null-terminated). Hence in case of empty
|
|
password both send '\0'.
|
|
|
|
This strlen() can't be easily deleted without changing protocol.
|
|
|
|
Cast *passwd to an unsigned char, so that it doesn't extend the sign for
|
|
*passwd > 127 and become 2**32-127+ after casting to uint.
|
|
*/
|
|
uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
|
|
(uchar)(*passwd++) : strlen(passwd);
|
|
|
|
db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
|
|
db + passwd_len + 1 : 0;
|
|
|
|
if (passwd + passwd_len + test(db) > (char *)net->read_pos + pkt_len)
|
|
return packet_error;
|
|
|
|
/* strlen() can't be easily deleted without changing protocol */
|
|
db_len= db ? strlen(db) : 0;
|
|
|
|
char *client_plugin= passwd + passwd_len + (db ? db_len + 1 : 0);
|
|
|
|
/* Since 4.1 all database names are stored in utf8 */
|
|
if (db)
|
|
{
|
|
db_len= copy_and_convert(db_buff, sizeof(db_buff) - 1, system_charset_info,
|
|
db, db_len, thd->charset(), &dummy_errors);
|
|
db= db_buff;
|
|
}
|
|
|
|
user_len= copy_and_convert(user_buff, sizeof(user_buff) - 1,
|
|
system_charset_info, user, user_len,
|
|
thd->charset(), &dummy_errors);
|
|
user= user_buff;
|
|
|
|
/* If username starts and ends in "'", chop them off */
|
|
if (user_len > 1 && user[0] == '\'' && user[user_len - 1] == '\'')
|
|
{
|
|
user++;
|
|
user_len-= 2;
|
|
}
|
|
|
|
/*
|
|
Clip username to allowed length in characters (not bytes). This is
|
|
mostly for backward compatibility (to truncate long usernames, as
|
|
old 5.1 did)
|
|
*/
|
|
{
|
|
CHARSET_INFO *cs= system_charset_info;
|
|
int err;
|
|
|
|
user_len= (uint) cs->cset->well_formed_len(cs, user, user + user_len,
|
|
username_char_length, &err);
|
|
user[user_len]= '\0';
|
|
}
|
|
|
|
Security_context *sctx= thd->security_ctx;
|
|
|
|
if (thd->make_lex_string(&mpvio->db, db, db_len) == 0)
|
|
return packet_error; /* The error is set by make_lex_string(). */
|
|
my_free(sctx->user);
|
|
if (!(sctx->user= my_strndup(user, user_len, MYF(MY_WME))))
|
|
return packet_error; /* The error is set by my_strdup(). */
|
|
|
|
|
|
/*
|
|
Clear thd->db as it points to something, that will be freed when
|
|
connection is closed. We don't want to accidentally free a wrong
|
|
pointer if connect failed.
|
|
*/
|
|
thd->reset_db(NULL, 0);
|
|
|
|
if (!initialized)
|
|
{
|
|
// if mysqld's been started with --skip-grant-tables option
|
|
mpvio->status= MPVIO_EXT::SUCCESS;
|
|
return packet_error;
|
|
}
|
|
|
|
thd->password= passwd_len > 0;
|
|
if (find_mpvio_user(mpvio))
|
|
return packet_error;
|
|
|
|
if ((thd->client_capabilities & CLIENT_PLUGIN_AUTH) &&
|
|
(client_plugin < (char *)net->read_pos + pkt_len))
|
|
{
|
|
client_plugin= fix_plugin_ptr(client_plugin);
|
|
}
|
|
else
|
|
{
|
|
/* Some clients lie. Sad, but true */
|
|
thd->client_capabilities &= ~CLIENT_PLUGIN_AUTH;
|
|
|
|
if (thd->client_capabilities & CLIENT_SECURE_CONNECTION)
|
|
client_plugin= native_password_plugin_name.str;
|
|
else
|
|
{
|
|
client_plugin= old_password_plugin_name.str;
|
|
/*
|
|
For a passwordless accounts we use native_password_plugin.
|
|
But when an old 4.0 client connects to it, we change it to
|
|
old_password_plugin, otherwise MySQL will think that server
|
|
and client plugins don't match.
|
|
*/
|
|
if (mpvio->acl_user->auth_string.length == 0)
|
|
mpvio->acl_user->plugin= old_password_plugin_name;
|
|
}
|
|
}
|
|
|
|
/*
|
|
if the acl_user needs a different plugin to authenticate
|
|
(specified in GRANT ... AUTHENTICATED VIA plugin_name ..)
|
|
we need to restart the authentication in the server.
|
|
But perhaps the client has already used the correct plugin -
|
|
in that case the authentication on the client may not need to be
|
|
restarted and a server auth plugin will read the data that the client
|
|
has just send. Cache them to return in the next server_mpvio_read_packet().
|
|
*/
|
|
if (my_strcasecmp(system_charset_info, mpvio->acl_user->plugin.str,
|
|
plugin_name(mpvio->plugin)->str) != 0)
|
|
{
|
|
mpvio->cached_client_reply.pkt= passwd;
|
|
mpvio->cached_client_reply.pkt_len= passwd_len;
|
|
mpvio->cached_client_reply.plugin= client_plugin;
|
|
mpvio->status= MPVIO_EXT::RESTART;
|
|
return packet_error;
|
|
}
|
|
|
|
/*
|
|
ok, we don't need to restart the authentication on the server.
|
|
but if the client used the wrong plugin, we need to restart
|
|
the authentication on the client. Do it here, the server plugin
|
|
doesn't need to know.
|
|
*/
|
|
const char *client_auth_plugin=
|
|
((st_mysql_auth *) (plugin_decl(mpvio->plugin)->info))->client_auth_plugin;
|
|
|
|
if (client_auth_plugin &&
|
|
my_strcasecmp(system_charset_info, client_plugin, client_auth_plugin))
|
|
{
|
|
mpvio->cached_client_reply.plugin= client_plugin;
|
|
if (send_plugin_request_packet(mpvio,
|
|
(uchar*) mpvio->cached_server_packet.pkt,
|
|
mpvio->cached_server_packet.pkt_len))
|
|
return packet_error;
|
|
|
|
passwd_len= my_net_read(&thd->net);
|
|
passwd= (char*)thd->net.read_pos;
|
|
}
|
|
|
|
*buff= (uchar*) passwd;
|
|
return passwd_len;
|
|
#else
|
|
return 0;
|
|
#endif
|
|
}
|
|
|
|
|
|
/**
|
|
vio->write_packet() callback method for server authentication plugins
|
|
|
|
This function is called by a server authentication plugin, when it wants
|
|
to send data to the client.
|
|
|
|
It transparently wraps the data into a handshake packet,
|
|
and handles plugin negotiation with the client. If necessary,
|
|
it escapes the plugin data, if it starts with a mysql protocol packet byte.
|
|
*/
|
|
static int server_mpvio_write_packet(MYSQL_PLUGIN_VIO *param,
|
|
const uchar *packet, int packet_len)
|
|
{
|
|
MPVIO_EXT *mpvio= (MPVIO_EXT *) param;
|
|
int res;
|
|
DBUG_ENTER("server_mpvio_write_packet");
|
|
|
|
/* reset cached_client_reply */
|
|
mpvio->cached_client_reply.pkt= 0;
|
|
|
|
/* for the 1st packet we wrap plugin data into the handshake packet */
|
|
if (mpvio->packets_written == 0)
|
|
res= send_server_handshake_packet(mpvio, (char*) packet, packet_len);
|
|
else if (mpvio->status == MPVIO_EXT::RESTART)
|
|
res= send_plugin_request_packet(mpvio, packet, packet_len);
|
|
else if (packet_len > 0 && (*packet == 1 || *packet == 255 || *packet == 254))
|
|
{
|
|
/*
|
|
we cannot allow plugin data packet to start from 255 or 254 -
|
|
as the client will treat it as an error or "change plugin" packet.
|
|
We'll escape these bytes with \1. Consequently, we
|
|
have to escape \1 byte too.
|
|
*/
|
|
res= net_write_command(&mpvio->thd->net, 1, (uchar*)"", 0,
|
|
packet, packet_len);
|
|
}
|
|
else
|
|
{
|
|
res= my_net_write(&mpvio->thd->net, packet, packet_len) ||
|
|
net_flush(&mpvio->thd->net);
|
|
}
|
|
mpvio->packets_written++;
|
|
DBUG_RETURN(res);
|
|
}
|
|
|
|
/**
|
|
vio->read_packet() callback method for server authentication plugins
|
|
|
|
This function is called by a server authentication plugin, when it wants
|
|
to read data from the client.
|
|
|
|
It transparently extracts the client plugin data, if embedded into
|
|
a client authentication handshake packet, and handles plugin negotiation
|
|
with the client, if necessary.
|
|
*/
|
|
static int server_mpvio_read_packet(MYSQL_PLUGIN_VIO *param, uchar **buf)
|
|
{
|
|
MPVIO_EXT *mpvio= (MPVIO_EXT *) param;
|
|
ulong pkt_len;
|
|
DBUG_ENTER("server_mpvio_read_packet");
|
|
if (mpvio->packets_written == 0)
|
|
{
|
|
/*
|
|
plugin wants to read the data without sending anything first.
|
|
send an empty packet to force a server handshake packet to be sent
|
|
*/
|
|
if (server_mpvio_write_packet(mpvio, 0, 0))
|
|
pkt_len= packet_error;
|
|
else
|
|
pkt_len= my_net_read(&mpvio->thd->net);
|
|
}
|
|
else if (mpvio->cached_client_reply.pkt)
|
|
{
|
|
DBUG_ASSERT(mpvio->status == MPVIO_EXT::RESTART);
|
|
DBUG_ASSERT(mpvio->packets_read > 0);
|
|
/*
|
|
if the have the data cached from the last server_mpvio_read_packet
|
|
(which can be the case if it's a restarted authentication)
|
|
and a client has used the correct plugin, then we can return the
|
|
cached data straight away and avoid one round trip.
|
|
*/
|
|
const char *client_auth_plugin=
|
|
((st_mysql_auth *) (plugin_decl(mpvio->plugin)->info))->client_auth_plugin;
|
|
if (client_auth_plugin == 0 ||
|
|
my_strcasecmp(system_charset_info, mpvio->cached_client_reply.plugin,
|
|
client_auth_plugin) == 0)
|
|
{
|
|
mpvio->status= MPVIO_EXT::FAILURE;
|
|
*buf= (uchar*) mpvio->cached_client_reply.pkt;
|
|
mpvio->cached_client_reply.pkt= 0;
|
|
mpvio->packets_read++;
|
|
|
|
if (mpvio->make_it_fail)
|
|
goto err;
|
|
|
|
DBUG_RETURN ((int) mpvio->cached_client_reply.pkt_len);
|
|
}
|
|
|
|
/*
|
|
But if the client has used the wrong plugin, the cached data are
|
|
useless. Furthermore, we have to send a "change plugin" request
|
|
to the client.
|
|
*/
|
|
if (server_mpvio_write_packet(mpvio, 0, 0))
|
|
pkt_len= packet_error;
|
|
else
|
|
pkt_len= my_net_read(&mpvio->thd->net);
|
|
}
|
|
else
|
|
pkt_len= my_net_read(&mpvio->thd->net);
|
|
|
|
if (pkt_len == packet_error)
|
|
goto err;
|
|
|
|
mpvio->packets_read++;
|
|
|
|
/*
|
|
the 1st packet has the plugin data wrapped into the client authentication
|
|
handshake packet
|
|
*/
|
|
if (mpvio->packets_read == 1)
|
|
{
|
|
pkt_len= parse_client_handshake_packet(mpvio, buf, pkt_len);
|
|
if (pkt_len == packet_error)
|
|
goto err;
|
|
}
|
|
else
|
|
*buf= mpvio->thd->net.read_pos;
|
|
|
|
if (mpvio->make_it_fail)
|
|
goto err;
|
|
|
|
DBUG_RETURN((int)pkt_len);
|
|
|
|
err:
|
|
if (mpvio->status == MPVIO_EXT::FAILURE)
|
|
{
|
|
inc_host_errors(mpvio->thd->security_ctx->ip);
|
|
if (!mpvio->thd->is_error())
|
|
{
|
|
if (mpvio->make_it_fail)
|
|
login_failed_error(mpvio->thd);
|
|
else
|
|
my_error(ER_HANDSHAKE_ERROR, MYF(0));
|
|
}
|
|
}
|
|
DBUG_RETURN(-1);
|
|
}
|
|
|
|
/**
|
|
fills MYSQL_PLUGIN_VIO_INFO structure with the information about the
|
|
connection
|
|
*/
|
|
static void server_mpvio_info(MYSQL_PLUGIN_VIO *vio,
|
|
MYSQL_PLUGIN_VIO_INFO *info)
|
|
{
|
|
MPVIO_EXT *mpvio= (MPVIO_EXT *) vio;
|
|
mpvio_info(mpvio->thd->net.vio, info);
|
|
}
|
|
|
|
static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
|
|
{
|
|
#ifdef HAVE_OPENSSL
|
|
Vio *vio= thd->net.vio;
|
|
SSL *ssl= (SSL *) vio->ssl_arg;
|
|
X509 *cert;
|
|
#endif
|
|
|
|
/*
|
|
At this point we know that user is allowed to connect
|
|
from given host by given username/password pair. Now
|
|
we check if SSL is required, if user is using SSL and
|
|
if X509 certificate attributes are OK
|
|
*/
|
|
switch (acl_user->ssl_type) {
|
|
case SSL_TYPE_NOT_SPECIFIED: // Impossible
|
|
case SSL_TYPE_NONE: // SSL is not required
|
|
return 0;
|
|
#ifdef HAVE_OPENSSL
|
|
case SSL_TYPE_ANY: // Any kind of SSL is ok
|
|
return vio_type(vio) != VIO_TYPE_SSL;
|
|
case SSL_TYPE_X509: /* Client should have any valid certificate. */
|
|
/*
|
|
Connections with non-valid certificates are dropped already
|
|
in sslaccept() anyway, so we do not check validity here.
|
|
|
|
We need to check for absence of SSL because without SSL
|
|
we should reject connection.
|
|
*/
|
|
if (vio_type(vio) == VIO_TYPE_SSL &&
|
|
SSL_get_verify_result(ssl) == X509_V_OK &&
|
|
(cert= SSL_get_peer_certificate(ssl)))
|
|
{
|
|
X509_free(cert);
|
|
return 0;
|
|
}
|
|
return 1;
|
|
case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
|
|
/* If a cipher name is specified, we compare it to actual cipher in use. */
|
|
if (vio_type(vio) != VIO_TYPE_SSL ||
|
|
SSL_get_verify_result(ssl) != X509_V_OK)
|
|
return 1;
|
|
if (acl_user->ssl_cipher)
|
|
{
|
|
DBUG_PRINT("info", ("comparing ciphers: '%s' and '%s'",
|
|
acl_user->ssl_cipher, SSL_get_cipher(ssl)));
|
|
if (strcmp(acl_user->ssl_cipher, SSL_get_cipher(ssl)))
|
|
{
|
|
if (global_system_variables.log_warnings)
|
|
sql_print_information("X509 ciphers mismatch: should be '%s' but is '%s'",
|
|
acl_user->ssl_cipher, SSL_get_cipher(ssl));
|
|
return 1;
|
|
}
|
|
}
|
|
/* Prepare certificate (if exists) */
|
|
if (!(cert= SSL_get_peer_certificate(ssl)))
|
|
return 1;
|
|
/* If X509 issuer is specified, we check it... */
|
|
if (acl_user->x509_issuer)
|
|
{
|
|
char *ptr= X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
|
|
DBUG_PRINT("info", ("comparing issuers: '%s' and '%s'",
|
|
acl_user->x509_issuer, ptr));
|
|
if (strcmp(acl_user->x509_issuer, ptr))
|
|
{
|
|
if (global_system_variables.log_warnings)
|
|
sql_print_information("X509 issuer mismatch: should be '%s' "
|
|
"but is '%s'", acl_user->x509_issuer, ptr);
|
|
free(ptr);
|
|
X509_free(cert);
|
|
return 1;
|
|
}
|
|
free(ptr);
|
|
}
|
|
/* X509 subject is specified, we check it .. */
|
|
if (acl_user->x509_subject)
|
|
{
|
|
char *ptr= X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
|
|
DBUG_PRINT("info", ("comparing subjects: '%s' and '%s'",
|
|
acl_user->x509_subject, ptr));
|
|
if (strcmp(acl_user->x509_subject, ptr))
|
|
{
|
|
if (global_system_variables.log_warnings)
|
|
sql_print_information("X509 subject mismatch: should be '%s' but is '%s'",
|
|
acl_user->x509_subject, ptr);
|
|
free(ptr);
|
|
X509_free(cert);
|
|
return 1;
|
|
}
|
|
free(ptr);
|
|
}
|
|
X509_free(cert);
|
|
return 0;
|
|
#else /* HAVE_OPENSSL */
|
|
default:
|
|
/*
|
|
If we don't have SSL but SSL is required for this user the
|
|
authentication should fail.
|
|
*/
|
|
return 1;
|
|
#endif /* HAVE_OPENSSL */
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
|
|
static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name,
|
|
MPVIO_EXT *mpvio)
|
|
{
|
|
int res= CR_OK, old_status= MPVIO_EXT::FAILURE;
|
|
bool unlock_plugin= false;
|
|
plugin_ref plugin= NULL;
|
|
|
|
if (auth_plugin_name->str == native_password_plugin_name.str)
|
|
plugin= native_password_plugin;
|
|
#ifndef EMBEDDED_LIBRARY
|
|
else if (auth_plugin_name->str == old_password_plugin_name.str)
|
|
plugin= old_password_plugin;
|
|
else if ((plugin= my_plugin_lock_by_name(thd, auth_plugin_name,
|
|
MYSQL_AUTHENTICATION_PLUGIN)))
|
|
unlock_plugin= true;
|
|
#endif
|
|
|
|
mpvio->plugin= plugin;
|
|
old_status= mpvio->status;
|
|
|
|
if (plugin)
|
|
{
|
|
st_mysql_auth *auth= (st_mysql_auth *) plugin_decl(plugin)->info;
|
|
switch (auth->interface_version) {
|
|
case 0x0200:
|
|
res= auth->authenticate_user(mpvio, &mpvio->auth_info);
|
|
break;
|
|
case 0x0100:
|
|
{
|
|
MYSQL_SERVER_AUTH_INFO_0x0100 compat;
|
|
compat.downgrade(&mpvio->auth_info);
|
|
res= auth->authenticate_user(mpvio, (MYSQL_SERVER_AUTH_INFO *)&compat);
|
|
compat.upgrade(&mpvio->auth_info);
|
|
}
|
|
break;
|
|
default: DBUG_ASSERT(0);
|
|
}
|
|
|
|
if (unlock_plugin)
|
|
plugin_unlock(thd, plugin);
|
|
}
|
|
else
|
|
{
|
|
/* Server cannot load the required plugin. */
|
|
my_error(ER_PLUGIN_IS_NOT_LOADED, MYF(0), auth_plugin_name->str);
|
|
res= CR_ERROR;
|
|
}
|
|
|
|
/*
|
|
If the status was MPVIO_EXT::RESTART before the authenticate_user() call
|
|
it can never be MPVIO_EXT::RESTART after the call, because any call
|
|
to write_packet() or read_packet() will reset the status.
|
|
|
|
But (!) if a plugin never called a read_packet() or write_packet(), the
|
|
status will stay unchanged. We'll fix it, by resetting the status here.
|
|
*/
|
|
if (old_status == MPVIO_EXT::RESTART && mpvio->status == MPVIO_EXT::RESTART)
|
|
mpvio->status= MPVIO_EXT::FAILURE; // reset to the default
|
|
|
|
return res;
|
|
}
|
|
|
|
|
|
/**
|
|
Perform the handshake, authorize the client and update thd sctx variables.
|
|
|
|
@param thd thread handle
|
|
@param connect_errors number of previous failed connect attemps
|
|
from this host
|
|
@param com_change_user_pkt_len size of the COM_CHANGE_USER packet
|
|
(without the first, command, byte) or 0
|
|
if it's not a COM_CHANGE_USER (that is, if
|
|
it's a new connection)
|
|
|
|
@retval 0 success, thd is updated.
|
|
@retval 1 error
|
|
*/
|
|
bool acl_authenticate(THD *thd, uint connect_errors,
|
|
uint com_change_user_pkt_len)
|
|
{
|
|
int res= CR_OK;
|
|
MPVIO_EXT mpvio;
|
|
const LEX_STRING *auth_plugin_name= default_auth_plugin_name;
|
|
enum enum_server_command command= com_change_user_pkt_len ? COM_CHANGE_USER
|
|
: COM_CONNECT;
|
|
DBUG_ENTER("acl_authenticate");
|
|
|
|
bzero(&mpvio, sizeof(mpvio));
|
|
mpvio.read_packet= server_mpvio_read_packet;
|
|
mpvio.write_packet= server_mpvio_write_packet;
|
|
mpvio.info= server_mpvio_info;
|
|
mpvio.thd= thd;
|
|
mpvio.connect_errors= connect_errors;
|
|
mpvio.status= MPVIO_EXT::FAILURE;
|
|
mpvio.make_it_fail= false;
|
|
mpvio.auth_info.host_or_ip= thd->security_ctx->host_or_ip;
|
|
mpvio.auth_info.host_or_ip_length=
|
|
(unsigned int) strlen(thd->security_ctx->host_or_ip);
|
|
|
|
DBUG_PRINT("info", ("com_change_user_pkt_len=%u", com_change_user_pkt_len));
|
|
|
|
if (command == COM_CHANGE_USER)
|
|
{
|
|
mpvio.packets_written++; // pretend that a server handshake packet was sent
|
|
mpvio.packets_read++; // take COM_CHANGE_USER packet into account
|
|
|
|
if (parse_com_change_user_packet(&mpvio, com_change_user_pkt_len))
|
|
DBUG_RETURN(1);
|
|
|
|
DBUG_ASSERT(mpvio.status == MPVIO_EXT::RESTART ||
|
|
mpvio.status == MPVIO_EXT::SUCCESS);
|
|
}
|
|
else
|
|
{
|
|
/* mark the thd as having no scramble yet */
|
|
thd->scramble[SCRAMBLE_LENGTH]= 1;
|
|
|
|
/*
|
|
perform the first authentication attempt, with the default plugin.
|
|
This sends the server handshake packet, reads the client reply
|
|
with a user name, and performs the authentication if everyone has used
|
|
the correct plugin.
|
|
*/
|
|
|
|
res= do_auth_once(thd, auth_plugin_name, &mpvio);
|
|
}
|
|
|
|
/*
|
|
retry the authentication, if - after receiving the user name -
|
|
we found that we need to switch to a non-default plugin
|
|
*/
|
|
if (mpvio.status == MPVIO_EXT::RESTART)
|
|
{
|
|
DBUG_ASSERT(mpvio.acl_user);
|
|
DBUG_ASSERT(command == COM_CHANGE_USER ||
|
|
my_strcasecmp(system_charset_info, auth_plugin_name->str,
|
|
mpvio.acl_user->plugin.str));
|
|
auth_plugin_name= &mpvio.acl_user->plugin;
|
|
res= do_auth_once(thd, auth_plugin_name, &mpvio);
|
|
}
|
|
|
|
Security_context *sctx= thd->security_ctx;
|
|
const ACL_USER *acl_user= mpvio.acl_user;
|
|
|
|
thd->password= mpvio.auth_info.password_used; // remember for error messages
|
|
|
|
/*
|
|
Log the command here so that the user can check the log
|
|
for the tried logins and also to detect break-in attempts.
|
|
|
|
if sctx->user is unset it's protocol failure, bad packet.
|
|
*/
|
|
if (sctx->user)
|
|
{
|
|
if (strcmp(sctx->priv_user, sctx->user))
|
|
{
|
|
general_log_print(thd, command, "%s@%s as %s on %s",
|
|
sctx->user, sctx->host_or_ip,
|
|
sctx->priv_user[0] ? sctx->priv_user : "anonymous",
|
|
mpvio.db.str ? mpvio.db.str : (char*) "");
|
|
}
|
|
else
|
|
general_log_print(thd, command, (char*) "%s@%s on %s",
|
|
sctx->user, sctx->host_or_ip,
|
|
mpvio.db.str ? mpvio.db.str : (char*) "");
|
|
}
|
|
|
|
if (res > CR_OK && mpvio.status != MPVIO_EXT::SUCCESS)
|
|
{
|
|
DBUG_ASSERT(mpvio.status == MPVIO_EXT::FAILURE);
|
|
|
|
if (!thd->is_error())
|
|
login_failed_error(thd);
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
sctx->proxy_user[0]= 0;
|
|
|
|
if (initialized) // if not --skip-grant-tables
|
|
{
|
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
|
bool is_proxy_user= FALSE;
|
|
const char *auth_user = acl_user->user.str ? acl_user->user.str : "";
|
|
ACL_PROXY_USER *proxy_user;
|
|
/* check if the user is allowed to proxy as another user */
|
|
proxy_user= acl_find_proxy_user(auth_user, sctx->host, sctx->ip,
|
|
mpvio.auth_info.authenticated_as,
|
|
&is_proxy_user);
|
|
if (is_proxy_user)
|
|
{
|
|
ACL_USER *acl_proxy_user;
|
|
|
|
/* we need to find the proxy user, but there was none */
|
|
if (!proxy_user)
|
|
{
|
|
if (!thd->is_error())
|
|
login_failed_error(thd);
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
my_snprintf(sctx->proxy_user, sizeof(sctx->proxy_user) - 1,
|
|
"'%s'@'%s'", auth_user,
|
|
acl_user->host.hostname ? acl_user->host.hostname : "");
|
|
|
|
/* we're proxying : find the proxy user definition */
|
|
mysql_mutex_lock(&acl_cache->lock);
|
|
acl_proxy_user= find_user_no_anon(proxy_user->get_proxied_host() ?
|
|
proxy_user->get_proxied_host() : "",
|
|
mpvio.auth_info.authenticated_as,
|
|
TRUE);
|
|
if (!acl_proxy_user)
|
|
{
|
|
if (!thd->is_error())
|
|
login_failed_error(thd);
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
DBUG_RETURN(1);
|
|
}
|
|
acl_user= acl_proxy_user->copy(thd->mem_root);
|
|
mysql_mutex_unlock(&acl_cache->lock);
|
|
}
|
|
#endif
|
|
|
|
sctx->master_access= acl_user->access;
|
|
if (acl_user->user.str)
|
|
strmake_buf(sctx->priv_user, acl_user->user.str);
|
|
else
|
|
*sctx->priv_user= 0;
|
|
|
|
if (acl_user->host.hostname)
|
|
strmake_buf(sctx->priv_host, acl_user->host.hostname);
|
|
else
|
|
*sctx->priv_host= 0;
|
|
|
|
/*
|
|
OK. Let's check the SSL. Historically it was checked after the password,
|
|
as an additional layer, not instead of the password
|
|
(in which case it would've been a plugin too).
|
|
*/
|
|
if (acl_check_ssl(thd, acl_user))
|
|
{
|
|
login_failed_error(thd);
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
/*
|
|
Don't allow the user to connect if he has done too many queries.
|
|
As we are testing max_user_connections == 0 here, it means that we
|
|
can't let the user change max_user_connections from 0 in the server
|
|
without a restart as it would lead to wrong connect counting.
|
|
*/
|
|
if ((acl_user->user_resource.questions ||
|
|
acl_user->user_resource.updates ||
|
|
acl_user->user_resource.conn_per_hour ||
|
|
acl_user->user_resource.user_conn || max_user_connections_checking) &&
|
|
get_or_create_user_conn(thd,
|
|
(opt_old_style_user_limits ? sctx->user : sctx->priv_user),
|
|
(opt_old_style_user_limits ? sctx->host_or_ip : sctx->priv_host),
|
|
&acl_user->user_resource))
|
|
DBUG_RETURN(1); // The error is set by get_or_create_user_conn()
|
|
}
|
|
else
|
|
sctx->skip_grants();
|
|
|
|
if (thd->user_connect &&
|
|
(thd->user_connect->user_resources.conn_per_hour ||
|
|
thd->user_connect->user_resources.user_conn ||
|
|
max_user_connections_checking) &&
|
|
check_for_max_user_connections(thd, thd->user_connect))
|
|
{
|
|
/* Ensure we don't decrement thd->user_connections->connections twice */
|
|
thd->user_connect= 0;
|
|
status_var_increment(denied_connections);
|
|
DBUG_RETURN(1); // The error is set in check_for_max_user_connections()
|
|
}
|
|
|
|
DBUG_PRINT("info",
|
|
("Capabilities: %lu packet_length: %ld Host: '%s' "
|
|
"Login user: '%s' Priv_user: '%s' Using password: %s "
|
|
"Access: %lu db: '%s'",
|
|
thd->client_capabilities, thd->max_client_packet_length,
|
|
sctx->host_or_ip, sctx->user, sctx->priv_user,
|
|
thd->password ? "yes": "no",
|
|
sctx->master_access, mpvio.db.str));
|
|
|
|
if (command == COM_CONNECT &&
|
|
!(thd->main_security_ctx.master_access & SUPER_ACL))
|
|
{
|
|
mysql_mutex_lock(&LOCK_connection_count);
|
|
bool count_ok= (*thd->scheduler->connection_count <=
|
|
*thd->scheduler->max_connections);
|
|
mysql_mutex_unlock(&LOCK_connection_count);
|
|
if (!count_ok)
|
|
{ // too many connections
|
|
my_error(ER_CON_COUNT_ERROR, MYF(0));
|
|
DBUG_RETURN(1);
|
|
}
|
|
}
|
|
|
|
/*
|
|
This is the default access rights for the current database. It's
|
|
set to 0 here because we don't have an active database yet (and we
|
|
may not have an active database to set.
|
|
*/
|
|
sctx->db_access=0;
|
|
|
|
/* Change a database if necessary */
|
|
if (mpvio.db.length)
|
|
{
|
|
if (mysql_change_db(thd, &mpvio.db, FALSE))
|
|
{
|
|
/* mysql_change_db() has pushed the error message. */
|
|
status_var_increment(thd->status_var.access_denied_errors);
|
|
DBUG_RETURN(1);
|
|
}
|
|
}
|
|
|
|
thd->net.net_skip_rest_factor= 2; // skip at most 2*max_packet_size
|
|
|
|
if (mpvio.auth_info.external_user[0])
|
|
sctx->external_user= my_strdup(mpvio.auth_info.external_user, MYF(0));
|
|
|
|
if (res == CR_OK_HANDSHAKE_COMPLETE)
|
|
thd->stmt_da->disable_status();
|
|
else
|
|
my_ok(thd);
|
|
|
|
/* Ready to handle queries */
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
/**
|
|
MySQL Server Password Authentication Plugin
|
|
|
|
In the MySQL authentication protocol:
|
|
1. the server sends the random scramble to the client
|
|
2. client sends the encrypted password back to the server
|
|
3. the server checks the password.
|
|
*/
|
|
static int native_password_authenticate(MYSQL_PLUGIN_VIO *vio,
|
|
MYSQL_SERVER_AUTH_INFO *info)
|
|
{
|
|
uchar *pkt;
|
|
int pkt_len;
|
|
MPVIO_EXT *mpvio= (MPVIO_EXT *) vio;
|
|
THD *thd=mpvio->thd;
|
|
DBUG_ENTER("native_password_authenticate");
|
|
|
|
/* generate the scramble, or reuse the old one */
|
|
if (thd->scramble[SCRAMBLE_LENGTH])
|
|
{
|
|
create_random_string(thd->scramble, SCRAMBLE_LENGTH, &thd->rand);
|
|
/* and send it to the client */
|
|
if (mpvio->write_packet(mpvio, (uchar*)thd->scramble, SCRAMBLE_LENGTH + 1))
|
|
DBUG_RETURN(CR_ERROR);
|
|
}
|
|
|
|
/* reply and authenticate */
|
|
|
|
/*
|
|
<digression>
|
|
This is more complex than it looks.
|
|
|
|
The plugin (we) may be called right after the client was connected -
|
|
and will need to send a scramble, read reply, authenticate.
|
|
|
|
Or the plugin may be called after another plugin has sent a scramble,
|
|
and read the reply. If the client has used the correct client-plugin,
|
|
we won't need to read anything here from the client, the client
|
|
has already sent a reply with everything we need for authentication.
|
|
|
|
Or the plugin may be called after another plugin has sent a scramble,
|
|
and read the reply, but the client has used the wrong client-plugin.
|
|
We'll need to sent a "switch to another plugin" packet to the
|
|
client and read the reply. "Use the short scramble" packet is a special
|
|
case of "switch to another plugin" packet.
|
|
|
|
Or, perhaps, the plugin may be called after another plugin has
|
|
done the handshake but did not send a useful scramble. We'll need
|
|
to send a scramble (and perhaps a "switch to another plugin" packet)
|
|
and read the reply.
|
|
|
|
Besides, a client may be an old one, that doesn't understand plugins.
|
|
Or doesn't even understand 4.0 scramble.
|
|
|
|
And we want to keep the same protocol on the wire unless non-native
|
|
plugins are involved.
|
|
|
|
Anyway, it still looks simple from a plugin point of view:
|
|
"send the scramble, read the reply and authenticate".
|
|
All the magic is transparently handled by the server.
|
|
</digression>
|
|
*/
|
|
|
|
/* read the reply with the encrypted password */
|
|
if ((pkt_len= mpvio->read_packet(mpvio, &pkt)) < 0)
|
|
DBUG_RETURN(CR_ERROR);
|
|
DBUG_PRINT("info", ("reply read : pkt_len=%d", pkt_len));
|
|
|
|
#ifdef NO_EMBEDDED_ACCESS_CHECKS
|
|
DBUG_RETURN(CR_OK);
|
|
#endif
|
|
|
|
if (pkt_len == 0) /* no password */
|
|
DBUG_RETURN(info->auth_string[0] ? CR_ERROR : CR_OK);
|
|
|
|
info->password_used= PASSWORD_USED_YES;
|
|
if (pkt_len == SCRAMBLE_LENGTH)
|
|
{
|
|
if (!mpvio->acl_user->salt_len)
|
|
DBUG_RETURN(CR_ERROR);
|
|
|
|
if (check_scramble(pkt, thd->scramble, mpvio->acl_user->salt))
|
|
DBUG_RETURN(CR_ERROR);
|
|
else
|
|
DBUG_RETURN(CR_OK);
|
|
}
|
|
|
|
inc_host_errors(mpvio->thd->security_ctx->ip);
|
|
my_error(ER_HANDSHAKE_ERROR, MYF(0));
|
|
DBUG_RETURN(CR_ERROR);
|
|
}
|
|
|
|
static int old_password_authenticate(MYSQL_PLUGIN_VIO *vio,
|
|
MYSQL_SERVER_AUTH_INFO *info)
|
|
{
|
|
uchar *pkt;
|
|
int pkt_len;
|
|
MPVIO_EXT *mpvio= (MPVIO_EXT *) vio;
|
|
THD *thd=mpvio->thd;
|
|
|
|
/* generate the scramble, or reuse the old one */
|
|
if (thd->scramble[SCRAMBLE_LENGTH])
|
|
{
|
|
create_random_string(thd->scramble, SCRAMBLE_LENGTH, &thd->rand);
|
|
/* and send it to the client */
|
|
if (mpvio->write_packet(mpvio, (uchar*)thd->scramble, SCRAMBLE_LENGTH + 1))
|
|
return CR_ERROR;
|
|
}
|
|
|
|
/* read the reply and authenticate */
|
|
if ((pkt_len= mpvio->read_packet(mpvio, &pkt)) < 0)
|
|
return CR_ERROR;
|
|
|
|
#ifdef NO_EMBEDDED_ACCESS_CHECKS
|
|
return CR_OK;
|
|
#endif
|
|
|
|
/*
|
|
legacy: if switch_from_long_to_short_scramble,
|
|
the password is sent \0-terminated, the pkt_len is always 9 bytes.
|
|
We need to figure out the correct scramble length here.
|
|
*/
|
|
if (pkt_len == SCRAMBLE_LENGTH_323 + 1)
|
|
pkt_len= strnlen((char*)pkt, pkt_len);
|
|
|
|
if (pkt_len == 0) /* no password */
|
|
return info->auth_string[0] ? CR_ERROR : CR_OK;
|
|
|
|
if (secure_auth(thd))
|
|
return CR_ERROR;
|
|
|
|
info->password_used= PASSWORD_USED_YES;
|
|
|
|
if (pkt_len == SCRAMBLE_LENGTH_323)
|
|
{
|
|
if (!mpvio->acl_user->salt_len)
|
|
return CR_ERROR;
|
|
|
|
return check_scramble_323(pkt, thd->scramble,
|
|
(ulong *) mpvio->acl_user->salt) ?
|
|
CR_ERROR : CR_OK;
|
|
}
|
|
|
|
inc_host_errors(mpvio->thd->security_ctx->ip);
|
|
my_error(ER_HANDSHAKE_ERROR, MYF(0));
|
|
return CR_ERROR;
|
|
}
|
|
|
|
static struct st_mysql_auth native_password_handler=
|
|
{
|
|
MYSQL_AUTHENTICATION_INTERFACE_VERSION,
|
|
native_password_plugin_name.str,
|
|
native_password_authenticate
|
|
};
|
|
|
|
static struct st_mysql_auth old_password_handler=
|
|
{
|
|
MYSQL_AUTHENTICATION_INTERFACE_VERSION,
|
|
old_password_plugin_name.str,
|
|
old_password_authenticate
|
|
};
|
|
|
|
maria_declare_plugin(mysql_password)
|
|
{
|
|
MYSQL_AUTHENTICATION_PLUGIN, /* type constant */
|
|
&native_password_handler, /* type descriptor */
|
|
native_password_plugin_name.str, /* Name */
|
|
"R.J.Silk, Sergei Golubchik", /* Author */
|
|
"Native MySQL authentication", /* Description */
|
|
PLUGIN_LICENSE_GPL, /* License */
|
|
NULL, /* Init function */
|
|
NULL, /* Deinit function */
|
|
0x0100, /* Version (1.0) */
|
|
NULL, /* status variables */
|
|
NULL, /* system variables */
|
|
"1.0", /* String version */
|
|
MariaDB_PLUGIN_MATURITY_BETA /* Maturity */
|
|
},
|
|
{
|
|
MYSQL_AUTHENTICATION_PLUGIN, /* type constant */
|
|
&old_password_handler, /* type descriptor */
|
|
old_password_plugin_name.str, /* Name */
|
|
"R.J.Silk, Sergei Golubchik", /* Author */
|
|
"Old MySQL-4.0 authentication", /* Description */
|
|
PLUGIN_LICENSE_GPL, /* License */
|
|
NULL, /* Init function */
|
|
NULL, /* Deinit function */
|
|
0x0100, /* Version (1.0) */
|
|
NULL, /* status variables */
|
|
NULL, /* system variables */
|
|
"1.0", /* String version */
|
|
MariaDB_PLUGIN_MATURITY_BETA /* Maturity */
|
|
}
|
|
maria_declare_plugin_end;
|