diff options
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r-- | sql/sql_acl.cc | 51 |
1 files changed, 34 insertions, 17 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index c52463fbc91..d94016b7815 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8458,7 +8458,8 @@ bool check_grant_all_columns(THD *thd, privilege_t want_access_arg, grant_table= grant->grant_table_user; grant_table_role= grant->grant_table_role; - DBUG_ASSERT (grant_table || grant_table_role); + if (!grant_table && !grant_table_role) + goto err; } } @@ -12212,7 +12213,7 @@ int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr) #ifndef NO_EMBEDDED_ACCESS_CHECKS -static bool update_schema_privilege(THD *thd, TABLE *table, char *buff, +static bool update_schema_privilege(THD *thd, TABLE *table, const char *buff, const char* db, const char* t_name, const char* column, uint col_length, const char *priv, uint priv_length, @@ -12236,13 +12237,27 @@ static bool update_schema_privilege(THD *thd, TABLE *table, char *buff, #endif +#ifndef NO_EMBEDDED_ACCESS_CHECKS +class Grantee_str +{ + char m_buff[USER_HOST_BUFF_SIZE + 6 /* 4 quotes, @, '\0' */]; +public: + Grantee_str(const char *user, const char *host) + { + DBUG_ASSERT(strlen(user) + strlen(host) + 6 < sizeof(m_buff)); + strxmov(m_buff, "'", user, "'@'", host, "'", NullS); + } + operator const char *() const { return m_buff; } +}; +#endif + + int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) { #ifndef NO_EMBEDDED_ACCESS_CHECKS int error= 0; uint counter; ACL_USER *acl_user; - char buff[100]; TABLE *table= tables->table; bool no_global_access= check_access(thd, SELECT_ACL, "mysql", NULL, NULL, 1, 1); @@ -12267,10 +12282,10 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) if (!(want_access & GRANT_ACL)) is_grantable= "NO"; - strxmov(buff,"'",user,"'@'",host,"'",NullS); + Grantee_str grantee(user, host); if (!(want_access & ~GRANT_ACL)) { - if (update_schema_privilege(thd, table, buff, 0, 0, 0, 0, + if (update_schema_privilege(thd, table, grantee, 0, 0, 0, 0, STRING_WITH_LEN("USAGE"), is_grantable)) { error= 1; @@ -12286,7 +12301,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) { if (test_access & j) { - if (update_schema_privilege(thd, table, buff, 0, 0, 0, 0, + if (update_schema_privilege(thd, table, grantee, 0, 0, 0, 0, command_array[priv_id], command_lengths[priv_id], is_grantable)) { @@ -12313,7 +12328,6 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) int error= 0; uint counter; ACL_DB *acl_db; - char buff[100]; TABLE *table= tables->table; bool no_global_access= check_access(thd, SELECT_ACL, "mysql", NULL, NULL, 1, 1); @@ -12342,10 +12356,10 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) { is_grantable= "NO"; } - strxmov(buff,"'",user,"'@'",host,"'",NullS); + Grantee_str grantee(user, host); if (!(want_access & ~GRANT_ACL)) { - if (update_schema_privilege(thd, table, buff, acl_db->db, 0, 0, + if (update_schema_privilege(thd, table, grantee, acl_db->db, 0, 0, 0, STRING_WITH_LEN("USAGE"), is_grantable)) { error= 1; @@ -12360,7 +12374,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) for (cnt=0, j = SELECT_ACL; j <= DB_ACLS; cnt++,j <<= 1) if (test_access & j) { - if (update_schema_privilege(thd, table, buff, acl_db->db, 0, 0, 0, + if (update_schema_privilege(thd, table, + grantee, acl_db->db, 0, 0, 0, command_array[cnt], command_lengths[cnt], is_grantable)) { @@ -12386,7 +12401,6 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) #ifndef NO_EMBEDDED_ACCESS_CHECKS int error= 0; uint index; - char buff[100]; TABLE *table= tables->table; bool no_global_access= check_access(thd, SELECT_ACL, "mysql", NULL, NULL, 1, 1); @@ -12419,10 +12433,11 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) if (!(table_access & GRANT_ACL)) is_grantable= "NO"; - strxmov(buff, "'", user, "'@'", host, "'", NullS); + Grantee_str grantee(user, host); if (!test_access) { - if (update_schema_privilege(thd, table, buff, grant_table->db, + if (update_schema_privilege(thd, table, + grantee, grant_table->db, grant_table->tname, 0, 0, STRING_WITH_LEN("USAGE"), is_grantable)) { @@ -12438,7 +12453,8 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) { if (test_access & j) { - if (update_schema_privilege(thd, table, buff, grant_table->db, + if (update_schema_privilege(thd, table, + grantee, grant_table->db, grant_table->tname, 0, 0, command_array[cnt], command_lengths[cnt], is_grantable)) @@ -12466,7 +12482,6 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) #ifndef NO_EMBEDDED_ACCESS_CHECKS int error= 0; uint index; - char buff[100]; TABLE *table= tables->table; bool no_global_access= check_access(thd, SELECT_ACL, "mysql", NULL, NULL, 1, 1); @@ -12493,7 +12508,7 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) is_grantable= "NO"; privilege_t test_access(table_access & ~GRANT_ACL); - strxmov(buff, "'", user, "'@'", host, "'", NullS); + Grantee_str grantee(user, host); if (!test_access) continue; else @@ -12512,7 +12527,9 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) my_hash_element(&grant_table->hash_columns,col_index); if ((grant_column->rights & j) && (table_access & j)) { - if (update_schema_privilege(thd, table, buff, grant_table->db, + if (update_schema_privilege(thd, table, + grantee, + grant_table->db, grant_table->tname, grant_column->column, grant_column->key_length, |