summaryrefslogtreecommitdiff
path: root/sql/sql_acl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r--sql/sql_acl.cc62
1 files changed, 36 insertions, 26 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 9c71f8b7149..2d7f62cd725 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -2168,24 +2168,26 @@ static bool has_validation_plugins()
MariaDB_PASSWORD_VALIDATION_PLUGIN, NULL);
}
-struct validation_data { const LEX_CSTRING *user, *password; };
+struct validation_data { const LEX_CSTRING *user, *password, *host; };
static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
{
struct validation_data *data= (struct validation_data *)arg;
struct st_mariadb_password_validation *handler=
(st_mariadb_password_validation *)plugin_decl(plugin)->info;
- return handler->validate_password(data->user, data->password);
+ return handler->validate_password(data->user, data->password, data->host);
}
static bool validate_password(THD *thd, const LEX_CSTRING &user,
+ const LEX_CSTRING &host,
const LEX_CSTRING &pwtext, bool has_hash)
{
if (pwtext.length || !has_hash)
{
struct validation_data data= { &user,
- pwtext.str ? &pwtext : &empty_clex_str };
+ pwtext.str ? &pwtext : &empty_clex_str,
+ &host };
if (plugin_foreach(NULL, do_validate,
MariaDB_PASSWORD_VALIDATION_PLUGIN, &data))
{
@@ -2239,6 +2241,7 @@ static int set_user_salt(ACL_USER::AUTH *auth, plugin_ref plugin)
not loaded, if the auth_string is invalid, if the password is not applicable
*/
static int set_user_auth(THD *thd, const LEX_CSTRING &user,
+ const LEX_CSTRING &host,
ACL_USER::AUTH *auth, const LEX_CSTRING &pwtext)
{
const char *plugin_name= auth->plugin.str;
@@ -2264,7 +2267,7 @@ static int set_user_auth(THD *thd, const LEX_CSTRING &user,
}
if (info->hash_password &&
- validate_password(thd, user, pwtext, auth->auth_string.length))
+ validate_password(thd, user, host, pwtext, auth->auth_string.length))
{
res= ER_NOT_VALID_PASSWORD;
goto end;
@@ -3374,7 +3377,9 @@ static int acl_user_update(THD *thd, ACL_USER *acl_user, uint nauth,
auth->auth_str);
if (fix_user_plugin_ptr(work_copy + i))
work_copy[i].plugin= safe_lexcstrdup_root(&acl_memroot, auth->plugin);
- if (set_user_auth(thd, acl_user->user, work_copy + i, auth->pwtext))
+ if (set_user_auth(thd, acl_user->user,
+ {acl_user->host.hostname, acl_user->hostname_length},
+ work_copy + i, auth->pwtext))
return 1;
}
}
@@ -3642,14 +3647,14 @@ static void init_check_host(void)
(my_hash_get_key) check_get_key, 0, 0);
if (!allow_all_hosts)
{
- for (uint i=0 ; i < acl_users.elements ; i++)
+ for (size_t i=0 ; i < acl_users.elements ; i++)
{
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
if (strchr(acl_user->host.hostname,wild_many) ||
strchr(acl_user->host.hostname,wild_one) ||
acl_user->host.ip_mask)
{ // Has wildcard
- uint j;
+ size_t j;
for (j=0 ; j < acl_wild_hosts.elements ; j++)
{ // Check if host already exists
acl_host_and_ip *acl=dynamic_element(&acl_wild_hosts,j,
@@ -3768,7 +3773,7 @@ static bool add_role_user_mapping(const char *uname, const char *hname,
static void remove_ptr_from_dynarray(DYNAMIC_ARRAY *array, void *ptr)
{
bool found __attribute__((unused))= false;
- for (uint i= 0; i < array->elements; i++)
+ for (size_t i= 0; i < array->elements; i++)
{
if (ptr == *dynamic_element(array, i, void**))
{
@@ -3817,7 +3822,7 @@ static void rebuild_role_grants(void)
/*
Reset every user's and role's role_grants array
*/
- for (uint i=0; i < acl_users.elements; i++) {
+ for (size_t i=0; i < acl_users.elements; i++) {
ACL_USER *user= dynamic_element(&acl_users, i, ACL_USER *);
reset_dynamic(&user->role_grants);
}
@@ -3843,7 +3848,7 @@ bool acl_check_host(const char *host, const char *ip)
mysql_mutex_unlock(&acl_cache->lock);
return 0; // Found host
}
- for (uint i=0 ; i < acl_wild_hosts.elements ; i++)
+ for (size_t i=0 ; i < acl_wild_hosts.elements ; i++)
{
acl_host_and_ip *acl=dynamic_element(&acl_wild_hosts,i,acl_host_and_ip*);
if (compare_hostname(acl, host, ip))
@@ -4000,7 +4005,8 @@ bool change_password(THD *thd, LEX_USER *user)
{
auth= acl_user->auth[i];
auth.auth_string= safe_lexcstrdup_root(&acl_memroot, user->auth->auth_str);
- int r= set_user_auth(thd, user->user, &auth, user->auth->pwtext);
+ int r= set_user_auth(thd, user->user, user->host,
+ &auth, user->auth->pwtext);
if (r == ER_SET_PASSWORD_AUTH_PLUGIN)
password_plugin= auth.plugin.str;
else if (r)
@@ -4283,14 +4289,18 @@ static ACL_USER * find_user_wild(const char *host, const char *user, const char
*/
static ACL_ROLE *find_acl_role(const char *role)
{
+ size_t length= strlen(role);
DBUG_ENTER("find_acl_role");
DBUG_PRINT("enter",("role: '%s'", role));
DBUG_PRINT("info", ("Hash elements: %ld", acl_roles.records));
mysql_mutex_assert_owner(&acl_cache->lock);
+ if (!length)
+ DBUG_RETURN(NULL);
+
ACL_ROLE *r= (ACL_ROLE *)my_hash_search(&acl_roles, (uchar *)role,
- strlen(role));
+ length);
DBUG_RETURN(r);
}
@@ -5042,7 +5052,7 @@ acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke)
mysql_mutex_assert_owner(&acl_cache->lock);
DBUG_ENTER("acl_update_proxy_user");
- for (uint i= 0; i < acl_proxy_users.elements; i++)
+ for (size_t i= 0; i < acl_proxy_users.elements; i++)
{
ACL_PROXY_USER *acl_user=
dynamic_element(&acl_proxy_users, i, ACL_PROXY_USER *);
@@ -6314,7 +6324,7 @@ static int traverse_role_graph_impl(ACL_USER_BASE *user, void *context,
end:
/* Cleanup */
- for (uint i= 0; i < to_clear.elements(); i++)
+ for (size_t i= 0; i < to_clear.elements(); i++)
{
ACL_USER_BASE *current= to_clear.at(i);
DBUG_ASSERT(current->flags & (ROLE_EXPLORED | ROLE_ON_STACK | ROLE_OPENED));
@@ -6382,7 +6392,7 @@ static bool merge_role_global_privileges(ACL_ROLE *grantee)
DBUG_EXECUTE_IF("role_merge_stats", role_global_merges++;);
- for (uint i= 0; i < grantee->role_grants.elements; i++)
+ for (size_t i= 0; i < grantee->role_grants.elements; i++)
{
ACL_ROLE *r= *dynamic_element(&grantee->role_grants, i, ACL_ROLE**);
grantee->access|= r->access;
@@ -6521,8 +6531,8 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
if (update_flags & 4)
{
// Remove elements marked for deletion.
- uint count= 0;
- for(uint i= 0; i < acl_dbs.elements(); i++)
+ size_t count= 0;
+ for(size_t i= 0; i < acl_dbs.elements(); i++)
{
ACL_DB *acl_db= &acl_dbs.at(i);
if (acl_db->sort)
@@ -6885,7 +6895,7 @@ static int merge_role_privileges(ACL_ROLE *role __attribute__((unused)),
if (data->what != PRIVS_TO_MERGE::GLOBAL)
{
role_hash.insert(grantee);
- for (uint i= 0; i < grantee->role_grants.elements; i++)
+ for (size_t i= 0; i < grantee->role_grants.elements; i++)
role_hash.insert(*dynamic_element(&grantee->role_grants, i, ACL_ROLE**));
}
@@ -9460,7 +9470,7 @@ static bool show_role_grants(THD *thd, const char *hostname,
ACL_USER_BASE *acl_entry,
char *buff, size_t buffsize)
{
- uint counter;
+ size_t counter;
Protocol *protocol= thd->protocol;
LEX_CSTRING host= {const_cast<char*>(hostname), strlen(hostname)};
@@ -9573,7 +9583,7 @@ static bool show_database_privileges(THD *thd, const char *username,
privilege_t want_access(NO_ACL);
Protocol *protocol= thd->protocol;
- for (uint i=0 ; i < acl_dbs.elements() ; i++)
+ for (size_t i=0 ; i < acl_dbs.elements() ; i++)
{
const char *user, *host;
@@ -10265,14 +10275,14 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
propagate_role_grants(acl_role, PRIVS_TO_MERGE::ALL);
// delete the role from cross-reference arrays
- for (uint i=0; i < acl_role->role_grants.elements; i++)
+ for (size_t i=0; i < acl_role->role_grants.elements; i++)
{
ACL_ROLE *grant= *dynamic_element(&acl_role->role_grants,
i, ACL_ROLE**);
remove_ptr_from_dynarray(&grant->parent_grantee, acl_role);
}
- for (uint i=0; i < acl_role->parent_grantee.elements; i++)
+ for (size_t i=0; i < acl_role->parent_grantee.elements; i++)
{
ACL_USER_BASE *grantee= *dynamic_element(&acl_role->parent_grantee,
i, ACL_USER_BASE**);
@@ -10293,7 +10303,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
/* Get the number of elements in the in-memory structure. */
switch (struct_no) {
case USER_ACL:
- elements= acl_users.elements;
+ elements= int(acl_users.elements);
break;
case DB_ACL:
elements= int(acl_dbs.elements());
@@ -10319,7 +10329,7 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
elements= grant_name_hash->records;
break;
case PROXY_USERS_ACL:
- elements= acl_proxy_users.elements;
+ elements= int(acl_proxy_users.elements);
break;
case ROLES_MAPPINGS_HASH:
roles_mappings_hash= &acl_roles_mappings;
@@ -12182,11 +12192,11 @@ SHOW_VAR acl_statistics[] = {
{"procedure_grants", (char*)&proc_priv_hash.records, SHOW_ULONG},
{"package_spec_grants", (char*)&package_spec_priv_hash.records, SHOW_ULONG},
{"package_body_grants", (char*)&package_body_priv_hash.records, SHOW_ULONG},
- {"proxy_users", (char*)&acl_proxy_users.elements, SHOW_UINT},
+ {"proxy_users", (char*)&acl_proxy_users.elements, SHOW_SIZE_T},
{"role_grants", (char*)&acl_roles_mappings.records, SHOW_ULONG},
{"roles", (char*)&acl_roles.records, SHOW_ULONG},
{"table_grants", (char*)&column_priv_hash.records, SHOW_ULONG},
- {"users", (char*)&acl_users.elements, SHOW_UINT},
+ {"users", (char*)&acl_users.elements, SHOW_SIZE_T},
#endif
{NullS, NullS, SHOW_LONG},
};
View Lorry Controller Status