From 9c123d0c0b8637a91a1af87e93cc0b2428f3e9a7 Mon Sep 17 00:00:00 2001 From: "monty@mashka.mysql.fi" <> Date: Sun, 22 Sep 2002 18:02:39 +0300 Subject: Don't give the anonymous user create temp table or lock tables privileges. SET PASSWORD=... closed connection on error. --- sql/set_var.cc | 58 +++++++++++++++++++++++++++++--------------------------- sql/set_var.h | 18 +++++++++--------- sql/sql_acl.cc | 16 +++++++++++++++- sql/sql_db.cc | 2 +- sql/sql_parse.cc | 4 +--- 5 files changed, 56 insertions(+), 42 deletions(-) (limited to 'sql') diff --git a/sql/set_var.cc b/sql/set_var.cc index 3a78e2f45d4..98eb5ea52d8 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -896,7 +896,7 @@ byte *sys_var_thd_enum::value_ptr(THD *thd, enum_var_type type) bool sys_var_thd_bit::update(THD *thd, set_var *var) { - bool res= (*update_func)(thd, var); + int res= (*update_func)(thd, var); thd->lex.select_lex.options=thd->options; return res; } @@ -1010,7 +1010,7 @@ byte *sys_var_insert_id::value_ptr(THD *thd, enum_var_type type) bool sys_var_slave_skip_counter::check(THD *thd, set_var *var) { - bool result=0; + int result= 0; LOCK_ACTIVE_MI; pthread_mutex_lock(&active_mi->rli.run_lock); if (active_mi->rli.slave_running) @@ -1236,26 +1236,24 @@ sys_var *find_sys_var(const char *str, uint length) RETURN VALUE 0 ok - 1 Something got wrong (normally no variables was updated) + 1 ERROR, message sent (normally no variables was updated) + -1 ERROR, message not sent */ -bool sql_set_variables(THD *thd, List *var_list) +int sql_set_variables(THD *thd, List *var_list) { - bool error=0; + int error= 0; List_iterator it(*var_list); set_var_base *var; while ((var=it++)) { - if (var->check(thd)) - return 1; + if ((error=var->check(thd))) + return error; } it.rewind(); while ((var=it++)) - { - if (var->update(thd)) - error=1; - } + error|= var->update(thd); // Returns 0, -1 or 1 return error; } @@ -1264,14 +1262,14 @@ bool sql_set_variables(THD *thd, List *var_list) Functions to handle SET mysql_internal_variable=const_expr *****************************************************************************/ -bool set_var::check(THD *thd) +int set_var::check(THD *thd) { if (var->check_type(type)) { my_error(type == OPT_GLOBAL ? ER_LOCAL_VARIABLE : ER_GLOBAL_VARIABLE, MYF(0), var->name); - return 1; + return -1; } if ((type == OPT_GLOBAL && check_global_access(thd, SUPER_ACL))) return 1; @@ -1282,28 +1280,29 @@ bool set_var::check(THD *thd) if (var->check_default(type)) { my_error(ER_NO_DEFAULT, MYF(0), var->name); - return 1; + return -1; } return 0; } if (value->fix_fields(thd,0)) - return 1; + return -1; if (var->check_update_type(value->result_type())) { my_error(ER_WRONG_TYPE_FOR_VAR, MYF(0), var->name); - return 1; + return -1; } - return var->check(thd, this); + return var->check(thd, this) ? -1 : 0; } -bool set_var::update(THD *thd) +int set_var::update(THD *thd) { + int error; if (!value) var->set_default(thd, type); else if (var->update(thd, this)) - return 1; // should never happen + return -1; // should never happen if (var->after_update) (*var->after_update)(thd, type); return 0; @@ -1314,19 +1313,19 @@ bool set_var::update(THD *thd) Functions to handle SET @user_variable=const_expr *****************************************************************************/ -bool set_var_user::check(THD *thd) +int set_var_user::check(THD *thd) { - return user_var_item->fix_fields(thd,0); + return user_var_item->fix_fields(thd,0) ? -1 : 0; } -bool set_var_user::update(THD *thd) +int set_var_user::update(THD *thd) { if (user_var_item->update()) { /* Give an error if it's not given already */ - send_error(&thd->net, ER_SET_CONSTANTS_ONLY); - return 1; + my_error(ER_SET_CONSTANTS_ONLY, MYF(0)); + return -1; } return 0; } @@ -1336,16 +1335,19 @@ bool set_var_user::update(THD *thd) Functions to handle SET PASSWORD *****************************************************************************/ -bool set_var_password::check(THD *thd) +int set_var_password::check(THD *thd) { if (!user->host.str) user->host.str= (char*) thd->host_or_ip; - return check_change_password(thd, user->host.str, user->user.str); + /* Returns 1 as the function sends error to client */ + return check_change_password(thd, user->host.str, user->user.str) ? 1 : 0; } -bool set_var_password::update(THD *thd) +int set_var_password::update(THD *thd) { - return change_password(thd, user->host.str, user->user.str, password); + /* Returns 1 as the function sends error to client */ + return (change_password(thd, user->host.str, user->user.str, password) ? + 1 : 0); } /**************************************************************************** diff --git a/sql/set_var.h b/sql/set_var.h index cbe479b7902..c43cdbfd63e 100644 --- a/sql/set_var.h +++ b/sql/set_var.h @@ -359,8 +359,8 @@ class set_var_base :public Sql_alloc public: set_var_base() {} virtual ~set_var_base() {} - virtual bool check(THD *thd)=0; /* To check privileges etc. */ - virtual bool update(THD *thd)=0; /* To set the value */ + virtual int check(THD *thd)=0; /* To check privileges etc. */ + virtual int update(THD *thd)=0; /* To set the value */ }; @@ -394,8 +394,8 @@ public: else value=value_arg; } - bool check(THD *thd); - bool update(THD *thd); + int check(THD *thd); + int update(THD *thd); }; @@ -408,8 +408,8 @@ public: set_var_user(Item_func_set_user_var *item) :user_var_item(item) {} - bool check(THD *thd); - bool update(THD *thd); + int check(THD *thd); + int update(THD *thd); }; /* For SET PASSWORD */ @@ -422,8 +422,8 @@ public: set_var_password(LEX_USER *user_arg,char *password_arg) :user(user_arg), password(password_arg) {} - bool check(THD *thd); - bool update(THD *thd); + int check(THD *thd); + int update(THD *thd); }; @@ -434,7 +434,7 @@ public: void set_var_init(); void set_var_free(); sys_var *find_sys_var(const char *str, uint length=0); -bool sql_set_variables(THD *thd, List *var_list); +int sql_set_variables(THD *thd, List *var_list); void fix_delay_key_write(THD *thd, enum_var_type type); extern sys_var_str sys_charset; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 0705762e311..2113404446f 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -783,7 +783,6 @@ ulong acl_get(const char *host, const char *ip, const char *bin_ip, db_access=0; host_access= ~0; char key[ACL_KEY_LENGTH],*tmp_db,*end; acl_entry *entry; - THD *thd= current_thd; VOID(pthread_mutex_lock(&acl_cache->lock)); memcpy_fixed(&key,bin_ip,sizeof(struct in_addr)); @@ -1015,6 +1014,21 @@ bool check_change_password(THD *thd, const char *host, const char *user) } +/* + Change a password for a user + + SYNOPSIS + change_password() + thd Thread handle + host Hostname + user User name + new_password New password for host@user + + RETURN VALUES + 0 ok + 1 ERROR; In this case the error is sent to the client. +*/ + bool change_password(THD *thd, const char *host, const char *user, char *new_password) { diff --git a/sql/sql_db.cc b/sql/sql_db.cc index 0e2cfba1b30..6c2ba4b6429 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -332,7 +332,7 @@ bool mysql_change_db(THD *thd,const char *name) int length, db_length; char *dbname=my_strdup((char*) name,MYF(MY_WME)); char path[FN_REFLEN]; - uint db_access; + ulong db_access; DBUG_ENTER("mysql_change_db"); if (!dbname || !(db_length=strip_sp(dbname))) diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index b7aa826bf40..9e834e3cab9 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -2202,9 +2202,7 @@ mysql_execute_command(void) break; } case SQLCOM_SET_OPTION: - if (sql_set_variables(thd, &lex->var_list)) - res= -1; - else + if (!(res=sql_set_variables(thd, &lex->var_list))) send_ok(&thd->net); break; case SQLCOM_UNLOCK_TABLES: -- cgit v1.2.1