summaryrefslogtreecommitdiff
path: root/sql/sql_acl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r--sql/sql_acl.cc63
1 files changed, 44 insertions, 19 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 5d2f5d55a7b..41b9257059d 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -67,7 +67,8 @@ static ulong get_access(TABLE *form,uint fieldnr, uint *next_field=0);
static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b);
static ulong get_sort(uint count,...);
static void init_check_host(void);
-static ACL_USER *find_acl_user(const char *host, const char *user);
+static ACL_USER *find_acl_user(const char *host, const char *user,
+ my_bool exact);
static bool update_user_table(THD *thd, const char *host, const char *user,
const char *new_password, uint new_password_len);
static void update_hostname(acl_host_and_ip *host, const char *hostname);
@@ -1288,7 +1289,7 @@ bool check_change_password(THD *thd, const char *host, const char *user,
}
if (!thd->slave_thread &&
(strcmp(thd->user,user) ||
- my_strcasecmp(system_charset_info, host, thd->host_or_ip)))
+ my_strcasecmp(system_charset_info, host, thd->priv_host)))
{
if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
return(1);
@@ -1339,7 +1340,7 @@ bool change_password(THD *thd, const char *host, const char *user,
VOID(pthread_mutex_lock(&acl_cache->lock));
ACL_USER *acl_user;
- if (!(acl_user= find_acl_user(host, user)))
+ if (!(acl_user= find_acl_user(host, user, TRUE)))
{
VOID(pthread_mutex_unlock(&acl_cache->lock));
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0));
@@ -1379,7 +1380,7 @@ bool change_password(THD *thd, const char *host, const char *user,
*/
static ACL_USER *
-find_acl_user(const char *host, const char *user)
+find_acl_user(const char *host, const char *user, my_bool exact)
{
DBUG_ENTER("find_acl_user");
DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user));
@@ -1395,7 +1396,9 @@ find_acl_user(const char *host, const char *user)
if (!acl_user->user && !user[0] ||
acl_user->user && !strcmp(user,acl_user->user))
{
- if (compare_hostname(&acl_user->host,host,host))
+ if (exact ? !my_strcasecmp(&my_charset_latin1, host,
+ acl_user->host.hostname) :
+ compare_hostname(&acl_user->host,host,host))
{
DBUG_RETURN(acl_user);
}
@@ -1821,7 +1824,7 @@ static int replace_db_table(TABLE *table, const char *db,
}
/* Check if there is such a user in user table in memory? */
- if (!find_acl_user(combo.host.str,combo.user.str))
+ if (!find_acl_user(combo.host.str,combo.user.str, FALSE))
{
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0));
DBUG_RETURN(-1);
@@ -2368,7 +2371,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
The following should always succeed as new users are created before
this function is called!
*/
- if (!find_acl_user(combo.host.str,combo.user.str))
+ if (!find_acl_user(combo.host.str,combo.user.str, FALSE))
{
my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH),
MYF(0)); /* purecov: deadcode */
@@ -2490,7 +2493,7 @@ static int replace_routine_table(THD *thd, GRANT_NAME *grant_name,
The following should always succeed as new users are created before
this function is called!
*/
- if (!find_acl_user(combo.host.str,combo.user.str))
+ if (!find_acl_user(combo.host.str, combo.user.str, FALSE))
{
my_error(ER_PASSWORD_NO_MATCH,MYF(0));
DBUG_RETURN(-1);
@@ -2637,10 +2640,11 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list,
while ((column = column_iter++))
{
uint unused_field_idx= NO_CACHED_FIELD_INDEX;
- Field *f=find_field_in_table(thd, table_list, column->column.ptr(),
- column->column.ptr(),
- column->column.length(), 0, 1, 1, 0,
- &unused_field_idx, FALSE);
+ TABLE_LIST *dummy;
+ Field *f=find_field_in_table_ref(thd, table_list, column->column.ptr(),
+ column->column.ptr(), NULL, NULL,
+ column->column.length(), 0, 1, 1, 0,
+ &unused_field_idx, FALSE, &dummy);
if (f == (Field*)0)
{
my_error(ER_BAD_FIELD_ERROR, MYF(0),
@@ -3695,6 +3699,24 @@ ulong get_table_grant(THD *thd, TABLE_LIST *table)
}
+/*
+ Determine the access priviliges for a field.
+
+ SYNOPSIS
+ get_column_grant()
+ thd thread handler
+ grant grants table descriptor
+ db_name name of database that the field belongs to
+ table_name name of table that the field belongs to
+ field_name name of field
+
+ DESCRIPTION
+ The procedure may also modify: grant->grant_table and grant->version.
+
+ RETURN
+ The access priviliges for the field db_name.table_name.field_name
+*/
+
ulong get_column_grant(THD *thd, GRANT_INFO *grant,
const char *db_name, const char *table_name,
const char *field_name)
@@ -4244,7 +4266,7 @@ void get_privilege_desc(char *to, uint max_length, ulong access)
void get_mqh(const char *user, const char *host, USER_CONN *uc)
{
ACL_USER *acl_user;
- if (initialized && (acl_user= find_acl_user(host,user)))
+ if (initialized && (acl_user= find_acl_user(host,user, FALSE)))
uc->user_resources= acl_user->user_resource;
else
bzero((char*) &uc->user_resources, sizeof(uc->user_resources));
@@ -4589,11 +4611,12 @@ static int handle_grant_struct(uint struct_no, bool drop,
ACL_DB *acl_db;
GRANT_NAME *grant_name;
DBUG_ENTER("handle_grant_struct");
+ DBUG_PRINT("info",("scan struct: %u search: '%s'@'%s'",
+ struct_no, user_from->user.str, user_from->host.str));
+
LINT_INIT(acl_user);
LINT_INIT(acl_db);
LINT_INIT(grant_name);
- DBUG_PRINT("info",("scan struct: %u search: '%s'@'%s'",
- struct_no, user_from->user.str, user_from->host.str));
/* Get the number of elements in the in-memory structure. */
switch (struct_no) {
@@ -5289,10 +5312,12 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
combo->user.str= thd->user;
- if (!find_acl_user(combo->host.str=(char*)thd->host_or_ip, combo->user.str) &&
- !find_acl_user(combo->host.str=(char*)thd->host, combo->user.str) &&
- !find_acl_user(combo->host.str=(char*)thd->ip, combo->user.str) &&
- !find_acl_user(combo->host.str=(char*)"%", combo->user.str))
+ if (!find_acl_user(combo->host.str=(char*)thd->host_or_ip, combo->user.str,
+ FALSE) &&
+ !find_acl_user(combo->host.str=(char*)thd->host, combo->user.str,
+ FALSE) &&
+ !find_acl_user(combo->host.str=(char*)thd->ip, combo->user.str, FALSE) &&
+ !find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE))
DBUG_RETURN(TRUE);
bzero((char*)tables, sizeof(TABLE_LIST));