diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2018-08-21 10:07:26 +0200 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2018-08-21 10:07:26 +0200 |
| commit | b4210f364003fbea3ccd778b5f5f5dbfc2bfa2f8 (patch) | |
| tree | df1647a564cfe504d5ceae00e1bb09ba750bdf77 /sql/mysqld.cc | |
| parent | 75dfd4acb995789ca5f86ccbd361fff9d2797e79 (diff) | |
| parent | bcc677bb7264db08b22284998706b44c377ed8ec (diff) | |
| download | mariadb-git-b4210f364003fbea3ccd778b5f5f5dbfc2bfa2f8.tar.gz | |
Merge branch '10.0' into 10.1
Diffstat (limited to 'sql/mysqld.cc')
| -rw-r--r-- | sql/mysqld.cc | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/sql/mysqld.cc b/sql/mysqld.cc index d12cdb34e02..a65f430f74e 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -1413,9 +1413,9 @@ static NTService Service; ///< Service object for WinNT #endif /* __WIN__ */ #ifdef _WIN32 +#include <sddl.h> /* ConvertStringSecurityDescriptorToSecurityDescriptor */ static char pipe_name[512]; static SECURITY_ATTRIBUTES saPipeSecurity; -static SECURITY_DESCRIPTOR sdPipeDescriptor; static HANDLE hPipe = INVALID_HANDLE_VALUE; #endif @@ -2612,21 +2612,20 @@ static void network_init(void) strxnmov(pipe_name, sizeof(pipe_name)-1, "\\\\.\\pipe\\", mysqld_unix_port, NullS); - bzero((char*) &saPipeSecurity, sizeof(saPipeSecurity)); - bzero((char*) &sdPipeDescriptor, sizeof(sdPipeDescriptor)); - if (!InitializeSecurityDescriptor(&sdPipeDescriptor, - SECURITY_DESCRIPTOR_REVISION)) + /* + Create a security descriptor for pipe. + - Use low integrity level, so that it is possible to connect + from any process. + - Give Everyone read/write access to pipe. + */ + if (!ConvertStringSecurityDescriptorToSecurityDescriptor( + "S:(ML;; NW;;; LW) D:(A;; FRFW;;; WD)", + SDDL_REVISION_1, &saPipeSecurity.lpSecurityDescriptor, NULL)) { sql_perror("Can't start server : Initialize security descriptor"); unireg_abort(1); } - if (!SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE)) - { - sql_perror("Can't start server : Set security descriptor"); - unireg_abort(1); - } saPipeSecurity.nLength = sizeof(SECURITY_ATTRIBUTES); - saPipeSecurity.lpSecurityDescriptor = &sdPipeDescriptor; saPipeSecurity.bInheritHandle = FALSE; if ((hPipe= CreateNamedPipe(pipe_name, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE, @@ -6826,6 +6825,7 @@ pthread_handler_t handle_connections_namedpipes(void *arg) create_new_thread(thd); set_current_thd(0); } + LocalFree(saPipeSecurity.lpSecurityDescriptor); CloseHandle(connectOverlapped.hEvent); DBUG_LEAVE; decrement_handler_count(); |