diff options
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r-- | sql/sql_acl.cc | 63 |
1 files changed, 44 insertions, 19 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 5d2f5d55a7b..41b9257059d 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -67,7 +67,8 @@ static ulong get_access(TABLE *form,uint fieldnr, uint *next_field=0); static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b); static ulong get_sort(uint count,...); static void init_check_host(void); -static ACL_USER *find_acl_user(const char *host, const char *user); +static ACL_USER *find_acl_user(const char *host, const char *user, + my_bool exact); static bool update_user_table(THD *thd, const char *host, const char *user, const char *new_password, uint new_password_len); static void update_hostname(acl_host_and_ip *host, const char *hostname); @@ -1288,7 +1289,7 @@ bool check_change_password(THD *thd, const char *host, const char *user, } if (!thd->slave_thread && (strcmp(thd->user,user) || - my_strcasecmp(system_charset_info, host, thd->host_or_ip))) + my_strcasecmp(system_charset_info, host, thd->priv_host))) { if (check_access(thd, UPDATE_ACL, "mysql",0,1,0)) return(1); @@ -1339,7 +1340,7 @@ bool change_password(THD *thd, const char *host, const char *user, VOID(pthread_mutex_lock(&acl_cache->lock)); ACL_USER *acl_user; - if (!(acl_user= find_acl_user(host, user))) + if (!(acl_user= find_acl_user(host, user, TRUE))) { VOID(pthread_mutex_unlock(&acl_cache->lock)); my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0)); @@ -1379,7 +1380,7 @@ bool change_password(THD *thd, const char *host, const char *user, */ static ACL_USER * -find_acl_user(const char *host, const char *user) +find_acl_user(const char *host, const char *user, my_bool exact) { DBUG_ENTER("find_acl_user"); DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user)); @@ -1395,7 +1396,9 @@ find_acl_user(const char *host, const char *user) if (!acl_user->user && !user[0] || acl_user->user && !strcmp(user,acl_user->user)) { - if (compare_hostname(&acl_user->host,host,host)) + if (exact ? !my_strcasecmp(&my_charset_latin1, host, + acl_user->host.hostname) : + compare_hostname(&acl_user->host,host,host)) { DBUG_RETURN(acl_user); } @@ -1821,7 +1824,7 @@ static int replace_db_table(TABLE *table, const char *db, } /* Check if there is such a user in user table in memory? */ - if (!find_acl_user(combo.host.str,combo.user.str)) + if (!find_acl_user(combo.host.str,combo.user.str, FALSE)) { my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0)); DBUG_RETURN(-1); @@ -2368,7 +2371,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, The following should always succeed as new users are created before this function is called! */ - if (!find_acl_user(combo.host.str,combo.user.str)) + if (!find_acl_user(combo.host.str,combo.user.str, FALSE)) { my_message(ER_PASSWORD_NO_MATCH, ER(ER_PASSWORD_NO_MATCH), MYF(0)); /* purecov: deadcode */ @@ -2490,7 +2493,7 @@ static int replace_routine_table(THD *thd, GRANT_NAME *grant_name, The following should always succeed as new users are created before this function is called! */ - if (!find_acl_user(combo.host.str,combo.user.str)) + if (!find_acl_user(combo.host.str, combo.user.str, FALSE)) { my_error(ER_PASSWORD_NO_MATCH,MYF(0)); DBUG_RETURN(-1); @@ -2637,10 +2640,11 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list, while ((column = column_iter++)) { uint unused_field_idx= NO_CACHED_FIELD_INDEX; - Field *f=find_field_in_table(thd, table_list, column->column.ptr(), - column->column.ptr(), - column->column.length(), 0, 1, 1, 0, - &unused_field_idx, FALSE); + TABLE_LIST *dummy; + Field *f=find_field_in_table_ref(thd, table_list, column->column.ptr(), + column->column.ptr(), NULL, NULL, + column->column.length(), 0, 1, 1, 0, + &unused_field_idx, FALSE, &dummy); if (f == (Field*)0) { my_error(ER_BAD_FIELD_ERROR, MYF(0), @@ -3695,6 +3699,24 @@ ulong get_table_grant(THD *thd, TABLE_LIST *table) } +/* + Determine the access priviliges for a field. + + SYNOPSIS + get_column_grant() + thd thread handler + grant grants table descriptor + db_name name of database that the field belongs to + table_name name of table that the field belongs to + field_name name of field + + DESCRIPTION + The procedure may also modify: grant->grant_table and grant->version. + + RETURN + The access priviliges for the field db_name.table_name.field_name +*/ + ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *field_name) @@ -4244,7 +4266,7 @@ void get_privilege_desc(char *to, uint max_length, ulong access) void get_mqh(const char *user, const char *host, USER_CONN *uc) { ACL_USER *acl_user; - if (initialized && (acl_user= find_acl_user(host,user))) + if (initialized && (acl_user= find_acl_user(host,user, FALSE))) uc->user_resources= acl_user->user_resource; else bzero((char*) &uc->user_resources, sizeof(uc->user_resources)); @@ -4589,11 +4611,12 @@ static int handle_grant_struct(uint struct_no, bool drop, ACL_DB *acl_db; GRANT_NAME *grant_name; DBUG_ENTER("handle_grant_struct"); + DBUG_PRINT("info",("scan struct: %u search: '%s'@'%s'", + struct_no, user_from->user.str, user_from->host.str)); + LINT_INIT(acl_user); LINT_INIT(acl_db); LINT_INIT(grant_name); - DBUG_PRINT("info",("scan struct: %u search: '%s'@'%s'", - struct_no, user_from->user.str, user_from->host.str)); /* Get the number of elements in the in-memory structure. */ switch (struct_no) { @@ -5289,10 +5312,12 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, combo->user.str= thd->user; - if (!find_acl_user(combo->host.str=(char*)thd->host_or_ip, combo->user.str) && - !find_acl_user(combo->host.str=(char*)thd->host, combo->user.str) && - !find_acl_user(combo->host.str=(char*)thd->ip, combo->user.str) && - !find_acl_user(combo->host.str=(char*)"%", combo->user.str)) + if (!find_acl_user(combo->host.str=(char*)thd->host_or_ip, combo->user.str, + FALSE) && + !find_acl_user(combo->host.str=(char*)thd->host, combo->user.str, + FALSE) && + !find_acl_user(combo->host.str=(char*)thd->ip, combo->user.str, FALSE) && + !find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE)) DBUG_RETURN(TRUE); bzero((char*)tables, sizeof(TABLE_LIST)); |