Skip to content

M
MariaDB
Commit 14e181a4 authored by Sergei Golubchik's avatar Sergei Golubchik
Browse files
Options

misc cleanups 

* remove dead code (from .yy)
* remove redundant commands from the test
* extract common code into a reusable function
  (get_auth_plugin, push_new_user)
* rename update_user_table->update_user_table_password
* simplify acl_update_user
* don't strdup a string that's already in a memroot
  (in ACL_ROLE::ACL_ROLE(ACL_USER*))
* create parent_grantee and role_grants dynamic arrays with size 0.
  to avoid any memory allocations when roles aren't used.
parent 76151f3c
Hide whitespace changes
Inline Side-by-side
Showing with 70 additions and 111 deletions
mysql-test/main/connect.result
View file @ 14e181a4
...@@ -102,7 +102,6 @@ update mysql.user set plugin="", authentication_string="", password=old_password ...@@ -102,7 +102,6 @@ update mysql.user set plugin="", authentication_string="", password=old_password
flush privileges; flush privileges;
connect con10,localhost,test,gambling2,; connect con10,localhost,test,gambling2,;
connect con5,localhost,test,gambling2,mysql; connect con5,localhost,test,gambling2,mysql;
connection con5;
set password=""; set password="";
set password='gambling3'; set password='gambling3';
ERROR HY000: Password hash should be a 41-digit hexadecimal number ERROR HY000: Password hash should be a 41-digit hexadecimal number
...@@ -161,7 +160,6 @@ ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES) ...@@ -161,7 +160,6 @@ ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
delete from mysql.user where user=_binary"test"; delete from mysql.user where user=_binary"test";
flush privileges; flush privileges;
connect con7,localhost,root,,test; connect con7,localhost,root,,test;
connection con7;
create table t1 (id integer not null auto_increment primary key); create table t1 (id integer not null auto_increment primary key);
create temporary table t2(id integer not null auto_increment primary key); create temporary table t2(id integer not null auto_increment primary key);
set @id := 1; set @id := 1;
...@@ -302,12 +300,10 @@ SET GLOBAL event_scheduler = OFF; ...@@ -302,12 +300,10 @@ SET GLOBAL event_scheduler = OFF;
# -- End of Bug#35074. # -- End of Bug#35074.
connect extracon,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,; connect extracon,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,;
connection extracon;
SELECT 'Connection on extra port ok'; SELECT 'Connection on extra port ok';
Connection on extra port ok Connection on extra port ok
Connection on extra port ok Connection on extra port ok
connect extracon2,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,; connect extracon2,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,;
connection extracon2;
SELECT 'Connection on extra port 2 ok'; SELECT 'Connection on extra port 2 ok';
Connection on extra port 2 ok Connection on extra port 2 ok
Connection on extra port 2 ok Connection on extra port 2 ok
...@@ -338,7 +334,6 @@ connect(localhost,mysqltest_up1,foo,test,MASTER_PORT,MASTER_SOCKET); ...@@ -338,7 +334,6 @@ connect(localhost,mysqltest_up1,foo,test,MASTER_PORT,MASTER_SOCKET);
connect pcon1,localhost,mysqltest_up1,foo,,$MASTER_MYPORT,; connect pcon1,localhost,mysqltest_up1,foo,,$MASTER_MYPORT,;
ERROR 28000: Access denied for user 'mysqltest_up1'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'mysqltest_up1'@'localhost' (using password: YES)
connect pcon2,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,; connect pcon2,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,;
connection pcon2;
select user(), current_user(); select user(), current_user();
user() current_user() user() current_user()
mysqltest_up1@localhost mysqltest_up1@% mysqltest_up1@localhost mysqltest_up1@%
...@@ -347,7 +342,6 @@ connect(localhost,mysqltest_up2,newpw,test,MASTER_PORT,MASTER_SOCKET); ...@@ -347,7 +342,6 @@ connect(localhost,mysqltest_up2,newpw,test,MASTER_PORT,MASTER_SOCKET);
connect pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,; connect pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,;
ERROR 28000: Access denied for user 'mysqltest_up2'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'mysqltest_up2'@'localhost' (using password: YES)
connect pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,; connect pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,;
connection pcon4;
select user(), current_user(); select user(), current_user();
user() current_user() user() current_user()
mysqltest_up2@localhost mysqltest_up2@% mysqltest_up2@localhost mysqltest_up2@%
...@@ -368,13 +362,11 @@ mysqltest_up1 mysql_native_password *E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB ...@@ -368,13 +362,11 @@ mysqltest_up1 mysql_native_password *E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB
mysqltest_up2 mysql_old_password 09301740536db389 mysqltest_up2 mysql_old_password 09301740536db389
flush privileges; flush privileges;
connect pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,; connect pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,;
connection pcon6;
select user(), current_user(); select user(), current_user();
user() current_user() user() current_user()
mysqltest_up1@localhost mysqltest_up1@% mysqltest_up1@localhost mysqltest_up1@%
disconnect pcon6; disconnect pcon6;
connect pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,; connect pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,;
connection pcon7;
select user(), current_user(); select user(), current_user();
user() current_user() user() current_user()
mysqltest_up2@localhost mysqltest_up2@% mysqltest_up2@localhost mysqltest_up2@%
......
mysql-test/main/connect.test
View file @ 14e181a4
...@@ -71,7 +71,6 @@ flush privileges; ...@@ -71,7 +71,6 @@ flush privileges;
connect (con10,localhost,test,gambling2,); connect (con10,localhost,test,gambling2,);
connect (con5,localhost,test,gambling2,mysql); connect (con5,localhost,test,gambling2,mysql);
connection con5;
set password=""; set password="";
--error ER_PASSWD_LENGTH --error ER_PASSWD_LENGTH
set password='gambling3'; set password='gambling3';
...@@ -108,7 +107,6 @@ flush privileges; ...@@ -108,7 +107,6 @@ flush privileges;
# Bug#12517 Clear user variables and replication events before # Bug#12517 Clear user variables and replication events before
# closing temp tables in thread cleanup. # closing temp tables in thread cleanup.
connect (con7,localhost,root,,test); connect (con7,localhost,root,,test);
connection con7;
let $connection_id= `select connection_id()`; let $connection_id= `select connection_id()`;
create table t1 (id integer not null auto_increment primary key); create table t1 (id integer not null auto_increment primary key);
create temporary table t2(id integer not null auto_increment primary key); create temporary table t2(id integer not null auto_increment primary key);
...@@ -314,11 +312,9 @@ SET GLOBAL event_scheduler = OFF; ...@@ -314,11 +312,9 @@ SET GLOBAL event_scheduler = OFF;
# Test connections to the extra port. # Test connections to the extra port.
connect(extracon,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,); connect(extracon,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,);
connection extracon;
SELECT 'Connection on extra port ok'; SELECT 'Connection on extra port ok';
connect(extracon2,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,); connect(extracon2,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,);
connection extracon2;
SELECT 'Connection on extra port 2 ok'; SELECT 'Connection on extra port 2 ok';
--disable_abort_on_error --disable_abort_on_error
...@@ -349,7 +345,6 @@ GRANT ALL ON test.* TO 'O1234567890123456789012345678901234567890123456789012345 ...@@ -349,7 +345,6 @@ GRANT ALL ON test.* TO 'O1234567890123456789012345678901234567890123456789012345
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect (con1,localhost,O1234567890123456789012345678901234567890123456789012345678901234567890123456789x,test123,test); connect (con1,localhost,O1234567890123456789012345678901234567890123456789012345678901234567890123456789x,test123,test);
disconnect con1; disconnect con1;
...@@ -380,18 +375,14 @@ CREATE USER mysqltest_up2 IDENTIFIED VIA mysql_old_password using '09301740536db ...@@ -380,18 +375,14 @@ CREATE USER mysqltest_up2 IDENTIFIED VIA mysql_old_password using '09301740536db
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR --error ER_ACCESS_DENIED_ERROR
connect(pcon1,localhost,mysqltest_up1,foo,,$MASTER_MYPORT,); connect(pcon1,localhost,mysqltest_up1,foo,,$MASTER_MYPORT,);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect(pcon2,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,); connect(pcon2,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,);
connection pcon2;
select user(), current_user(); select user(), current_user();
disconnect pcon2; disconnect pcon2;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR --error ER_ACCESS_DENIED_ERROR
connect(pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,); connect(pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect(pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,); connect(pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
connection pcon4;
select user(), current_user(); select user(), current_user();
disconnect pcon4; disconnect pcon4;
...@@ -421,15 +412,11 @@ select user, password, plugin, authentication_string from mysql.user ...@@ -421,15 +412,11 @@ select user, password, plugin, authentication_string from mysql.user
where user like 'mysqltest_up_'; where user like 'mysqltest_up_';
flush privileges; flush privileges;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect(pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,); connect(pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,);
connection pcon6;
select user(), current_user(); select user(), current_user();
disconnect pcon6; disconnect pcon6;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,); connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
connection pcon7;
select user(), current_user(); select user(), current_user();
disconnect pcon7; disconnect pcon7;
connection default; connection default;
......
sql/sql_acl.cc
View file @ 14e181a4
...@@ -85,11 +85,19 @@ LEX_CSTRING current_role= { STRING_WITH_LEN("*current_role") }; ...@@ -85,11 +85,19 @@ LEX_CSTRING current_role= { STRING_WITH_LEN("*current_role") };
LEX_CSTRING current_user_and_current_role= { STRING_WITH_LEN("*current_user_and_current_role") }; LEX_CSTRING current_user_and_current_role= { STRING_WITH_LEN("*current_user_and_current_role") };
#ifndef NO_EMBEDDED_ACCESS_CHECKS
static plugin_ref old_password_plugin; static plugin_ref old_password_plugin;
#endif
static plugin_ref native_password_plugin; static plugin_ref native_password_plugin;
static plugin_ref get_auth_plugin(THD *thd, const LEX_CSTRING &name, bool *locked)
{
if (name.str == native_password_plugin_name.str)
return native_password_plugin;
else if (name.str == old_password_plugin_name.str)
return old_password_plugin;
*locked=true;
return my_plugin_lock_by_name(thd, &name, MYSQL_AUTHENTICATION_PLUGIN);
}
/* Classes */ /* Classes */
struct acl_host_and_ip struct acl_host_and_ip
...@@ -610,8 +618,8 @@ static ACL_USER *find_user_wild(const char *host, const char *user, const char * ...@@ -610,8 +618,8 @@ static ACL_USER *find_user_wild(const char *host, const char *user, const char *
static ACL_ROLE *find_acl_role(const char *user); static ACL_ROLE *find_acl_role(const char *user);
static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_CSTRING *u, const LEX_CSTRING *h, const LEX_CSTRING *r); static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_CSTRING *u, const LEX_CSTRING *h, const LEX_CSTRING *r);
static ACL_USER_BASE *find_acl_user_base(const char *user, const char *host); static ACL_USER_BASE *find_acl_user_base(const char *user, const char *host);
static bool update_user_table(THD *, const User_table &, const char *, static bool update_user_table_password(THD *, const User_table &, const char *,
const char *, const LEX_CSTRING &); const char *, const LEX_CSTRING &);
static bool acl_load(THD *thd, const Grant_tables& grant_tables); static bool acl_load(THD *thd, const Grant_tables& grant_tables);
static inline void get_grantor(THD *thd, char* grantor); static inline void get_grantor(THD *thd, char* grantor);
static bool add_role_user_mapping(const char *uname, const char *hname, const char *rname); static bool add_role_user_mapping(const char *uname, const char *hname, const char *rname);
...@@ -1325,7 +1333,7 @@ ACL_ROLE::ACL_ROLE(ACL_USER *user, MEM_ROOT *root) : counter(0) ...@@ -1325,7 +1333,7 @@ ACL_ROLE::ACL_ROLE(ACL_USER *user, MEM_ROOT *root) : counter(0)
access= user->access; access= user->access;
/* set initial role access the same as the table row privileges */ /* set initial role access the same as the table row privileges */
initial_role_access= user->access; initial_role_access= user->access;
this->user= safe_lexcstrdup_root(root, user->user); this->user= user->user;
bzero(&role_grants, sizeof(role_grants)); bzero(&role_grants, sizeof(role_grants));
bzero(&parent_grantee, sizeof(parent_grantee)); bzero(&parent_grantee, sizeof(parent_grantee));
flags= IS_ROLE; flags= IS_ROLE;
...@@ -1645,6 +1653,15 @@ static bool set_user_plugin (ACL_USER *user, size_t password_len) ...@@ -1645,6 +1653,15 @@ static bool set_user_plugin (ACL_USER *user, size_t password_len)
} }
static void push_new_user(const ACL_USER &user)
{
push_dynamic(&acl_users, &user);
if (!user.host.hostname ||
(user.host.hostname[0] == wild_many && !user.host.hostname[1]))
allow_all_hosts=1; // Anyone can connect
}
/* /*
Initialize structures responsible for user/db-level privilege checking Initialize structures responsible for user/db-level privilege checking
and load information about grants from open privilege tables. and load information about grants from open privilege tables.
...@@ -1964,8 +1981,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables) ...@@ -1964,8 +1981,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
#endif #endif
} }
(void) my_init_dynamic_array(&user.role_grants,sizeof(ACL_ROLE *), my_init_dynamic_array(&user.role_grants, sizeof(ACL_ROLE *), 0, 8, MYF(0));
8, 8, MYF(0));
/* check default role, if any */ /* check default role, if any */
if (!is_role && user_table.default_role()) if (!is_role && user_table.default_role())
...@@ -1980,20 +1996,14 @@ static bool acl_load(THD *thd, const Grant_tables& tables) ...@@ -1980,20 +1996,14 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
DBUG_PRINT("info", ("Found role %s", user.user.str)); DBUG_PRINT("info", ("Found role %s", user.user.str));
ACL_ROLE *entry= new (&acl_memroot) ACL_ROLE(&user, &acl_memroot); ACL_ROLE *entry= new (&acl_memroot) ACL_ROLE(&user, &acl_memroot);
entry->role_grants = user.role_grants; entry->role_grants = user.role_grants;
(void) my_init_dynamic_array(&entry->parent_grantee, my_init_dynamic_array(&entry->parent_grantee,
sizeof(ACL_USER_BASE *), 8, 8, MYF(0)); sizeof(ACL_USER_BASE *), 0, 8, MYF(0));
my_hash_insert(&acl_roles, (uchar *)entry); my_hash_insert(&acl_roles, (uchar *)entry);
continue; continue;
} }
else DBUG_PRINT("info", ("Found user %s", user.user.str));
{ push_new_user(user);
DBUG_PRINT("info", ("Found user %s", user.user.str));
(void) push_dynamic(&acl_users,(uchar*) &user);
}
if (!user.host.hostname ||
(user.host.hostname[0] == wild_many && !user.host.hostname[1]))
allow_all_hosts=1; // Anyone can connect
} }
my_qsort((uchar*) dynamic_element(&acl_users,0,ACL_USER*),acl_users.elements, my_qsort((uchar*) dynamic_element(&acl_users,0,ACL_USER*),acl_users.elements,
sizeof(ACL_USER),(qsort_cmp) acl_compare); sizeof(ACL_USER),(qsort_cmp) acl_compare);
...@@ -2576,44 +2586,33 @@ static void acl_update_user(const LEX_USER &combo, enum SSL_type ssl_type, ...@@ -2576,44 +2586,33 @@ static void acl_update_user(const LEX_USER &combo, enum SSL_type ssl_type,
const char *x509_subject, USER_RESOURCES *mqh, const char *x509_subject, USER_RESOURCES *mqh,
ulong privileges) ulong privileges)
{ {
mysql_mutex_assert_owner(&acl_cache->lock); ACL_USER *acl_user= find_user_exact(combo.host.str, combo.user.str);
if (!acl_user)
for (uint i=0 ; i < acl_users.elements ; i++) return;
if (combo.plugin.length)
{ {
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); acl_user->plugin= combo.plugin;
if (acl_user->eq(combo.user.str, combo.host.str)) acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, combo.auth);
{ if (fix_user_plugin_ptr(acl_user))
if (combo.plugin.length) acl_user->plugin= safe_lexcstrdup_root(&acl_memroot, combo.plugin);
{ }
acl_user->plugin= combo.plugin; acl_user->access=privileges;
acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, combo.auth); if (mqh->specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
if (fix_user_plugin_ptr(acl_user)) acl_user->user_resource.questions=mqh->questions;
acl_user->plugin= safe_lexcstrdup_root(&acl_memroot, combo.plugin); if (mqh->specified_limits & USER_RESOURCES::UPDATES_PER_HOUR)
} acl_user->user_resource.updates=mqh->updates;
acl_user->access=privileges; if (mqh->specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR)
if (mqh->specified_limits & USER_RESOURCES::QUERIES_PER_HOUR) acl_user->user_resource.conn_per_hour= mqh->conn_per_hour;
acl_user->user_resource.questions=mqh->questions; if (mqh->specified_limits & USER_RESOURCES::USER_CONNECTIONS)
if (mqh->specified_limits & USER_RESOURCES::UPDATES_PER_HOUR) acl_user->user_resource.user_conn= mqh->user_conn;
acl_user->user_resource.updates=mqh->updates; if (mqh->specified_limits & USER_RESOURCES::MAX_STATEMENT_TIME)
if (mqh->specified_limits & USER_RESOURCES::CONNECTIONS_PER_HOUR) acl_user->user_resource.max_statement_time= mqh->max_statement_time;
acl_user->user_resource.conn_per_hour= mqh->conn_per_hour; if (ssl_type != SSL_TYPE_NOT_SPECIFIED)
if (mqh->specified_limits & USER_RESOURCES::USER_CONNECTIONS) {
acl_user->user_resource.user_conn= mqh->user_conn; acl_user->ssl_type= ssl_type;
if (mqh->specified_limits & USER_RESOURCES::MAX_STATEMENT_TIME) acl_user->ssl_cipher= safe_strdup_root(&acl_memroot,ssl_cipher);
acl_user->user_resource.max_statement_time= mqh->max_statement_time; acl_user->x509_issuer= safe_strdup_root(&acl_memroot,x509_issuer);
if (ssl_type != SSL_TYPE_NOT_SPECIFIED) acl_user->x509_subject= safe_strdup_root(&acl_memroot,x509_subject);
{
acl_user->ssl_type= ssl_type;
acl_user->ssl_cipher= (ssl_cipher ? strdup_root(&acl_memroot,ssl_cipher) :
0);
acl_user->x509_issuer= (x509_issuer ? strdup_root(&acl_memroot,x509_issuer) :
0);
acl_user->x509_subject= (x509_subject ?
strdup_root(&acl_memroot,x509_subject) : 0);
}
/* search complete: */
break;
}
} }
} }
...@@ -2624,10 +2623,9 @@ static void acl_insert_role(const char *rolename, ulong privileges) ...@@ -2624,10 +2623,9 @@ static void acl_insert_role(const char *rolename, ulong privileges)
mysql_mutex_assert_owner(&acl_cache->lock); mysql_mutex_assert_owner(&acl_cache->lock);
entry= new (&acl_memroot) ACL_ROLE(rolename, privileges, &acl_memroot); entry= new (&acl_memroot) ACL_ROLE(rolename, privileges, &acl_memroot);
(void) my_init_dynamic_array(&entry->parent_grantee, my_init_dynamic_array(&entry->parent_grantee,
sizeof(ACL_USER_BASE *), 8, 8, MYF(0)); sizeof(ACL_USER_BASE *), 0, 8, MYF(0));
(void) my_init_dynamic_array(&entry->role_grants,sizeof(ACL_ROLE *), my_init_dynamic_array(&entry->role_grants, sizeof(ACL_ROLE *), 0, 8, MYF(0));
8, 8, MYF(0));
my_hash_insert(&acl_roles, (uchar *)entry); my_hash_insert(&acl_roles, (uchar *)entry);
} }
...@@ -2669,14 +2667,10 @@ static void acl_insert_user(const LEX_USER &combo, enum SSL_type ssl_type, ...@@ -2669,14 +2667,10 @@ static void acl_insert_user(const LEX_USER &combo, enum SSL_type ssl_type,
acl_user.ssl_cipher= ssl_cipher ? strdup_root(&acl_memroot,ssl_cipher) : 0; acl_user.ssl_cipher= ssl_cipher ? strdup_root(&acl_memroot,ssl_cipher) : 0;
acl_user.x509_issuer= x509_issuer ? strdup_root(&acl_memroot,x509_issuer) : 0; acl_user.x509_issuer= x509_issuer ? strdup_root(&acl_memroot,x509_issuer) : 0;
acl_user.x509_subject=x509_subject ? strdup_root(&acl_memroot,x509_subject) : 0; acl_user.x509_subject=x509_subject ? strdup_root(&acl_memroot,x509_subject) : 0;
(void) my_init_dynamic_array(&acl_user.role_grants, sizeof(ACL_USER *), my_init_dynamic_array(&acl_user.role_grants, sizeof(ACL_USER *), 0, 8, MYF(0));
8, 8, MYF(0));
(void) push_dynamic(&acl_users,(uchar*) &acl_user); push_new_user(acl_user);
if (!acl_user.host.hostname || my_qsort(dynamic_element(&acl_users, 0, ACL_USER*), acl_users.elements,
(acl_user.host.hostname[0] == wild_many && !acl_user.host.hostname[1]))
allow_all_hosts=1; // Anyone can connect /* purecov: tested */
my_qsort((uchar*) dynamic_element(&acl_users,0,ACL_USER*),acl_users.elements,
sizeof(ACL_USER),(qsort_cmp) acl_compare); sizeof(ACL_USER),(qsort_cmp) acl_compare);
/* Rebuild 'acl_check_hosts' since 'acl_users' has been modified */ /* Rebuild 'acl_check_hosts' since 'acl_users' has been modified */
...@@ -3242,9 +3236,9 @@ bool change_password(THD *thd, LEX_USER *user) ...@@ -3242,9 +3236,9 @@ bool change_password(THD *thd, LEX_USER *user)
ER_SET_PASSWORD_AUTH_PLUGIN, ER_SET_PASSWORD_AUTH_PLUGIN,
ER_THD(thd, ER_SET_PASSWORD_AUTH_PLUGIN)); ER_THD(thd, ER_SET_PASSWORD_AUTH_PLUGIN));
if (update_user_table(thd, tables.user_table(), if (update_user_table_password(thd, tables.user_table(),
safe_str(acl_user->host.hostname), safe_str(acl_user->host.hostname),
acl_user->user.str, user->auth)) acl_user->user.str, user->auth))
{ {
mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */ mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */
goto end; goto end;
...@@ -3502,13 +3496,13 @@ static ACL_USER *find_user_or_anon(const char *host, const char *user, const cha ...@@ -3502,13 +3496,13 @@ static ACL_USER *find_user_or_anon(const char *host, const char *user, const cha
/* /*
Find first entry that matches the specified user@host pair Find first entry that matches the specified user@host pair
*/ */
static ACL_USER * find_user_exact(const char *host, const char *user) static ACL_USER *find_user_exact(const char *host, const char *user)
{ {
mysql_mutex_assert_owner(&acl_cache->lock); mysql_mutex_assert_owner(&acl_cache->lock);
for (uint i=0 ; i < acl_users.elements ; i++) for (uint i=0 ; i < acl_users.elements ; i++)
{ {
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); ACL_USER *acl_user=dynamic_element(&acl_users, i, ACL_USER*);
if (acl_user->eq(user, host)) if (acl_user->eq(user, host))
return acl_user; return acl_user;
} }
...@@ -3730,13 +3724,13 @@ static void set_plugin_from_password(const User_table& user_table, ...@@ -3730,13 +3724,13 @@ static void set_plugin_from_password(const User_table& user_table,
@see change_password @see change_password
*/ */
static bool update_user_table(THD *thd, const User_table& user_table, static bool update_user_table_password(THD *thd, const User_table& user_table,
const char *host, const char *user, const char *host, const char *user,
const LEX_CSTRING &new_password) const LEX_CSTRING &new_password)
{ {
char user_key[MAX_KEY_LENGTH]; char user_key[MAX_KEY_LENGTH];
int error; int error;
DBUG_ENTER("update_user_table"); DBUG_ENTER("update_user_table_password");
DBUG_PRINT("enter",("user: %s host: %s",user,host)); DBUG_PRINT("enter",("user: %s host: %s",user,host));
TABLE *table= user_table.table(); TABLE *table= user_table.table();
...@@ -11198,7 +11192,7 @@ bool check_role_is_granted(const char *username, ...@@ -11198,7 +11192,7 @@ bool check_role_is_granted(const char *username,
ACL_USER_BASE *root; ACL_USER_BASE *root;
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
if (hostname) if (hostname)
root= find_user_exact(username, hostname); root= find_user_exact(hostname, username);
else else
root= find_acl_role(username); root= find_acl_role(username);
...@@ -13027,17 +13021,7 @@ static int do_auth_once(THD *thd, const LEX_CSTRING *auth_plugin_name, ...@@ -13027,17 +13021,7 @@ static int do_auth_once(THD *thd, const LEX_CSTRING *auth_plugin_name,
{ {
int res= CR_OK, old_status= MPVIO_EXT::FAILURE; int res= CR_OK, old_status= MPVIO_EXT::FAILURE;
bool unlock_plugin= false; bool unlock_plugin= false;
plugin_ref plugin= NULL; plugin_ref plugin= get_auth_plugin(thd, *auth_plugin_name, &unlock_plugin);
if (auth_plugin_name->str == native_password_plugin_name.str)
plugin= native_password_plugin;
#ifndef EMBEDDED_LIBRARY
else if (auth_plugin_name->str == old_password_plugin_name.str)
plugin= old_password_plugin;
else if ((plugin= my_plugin_lock_by_name(thd, auth_plugin_name,
MYSQL_AUTHENTICATION_PLUGIN)))
unlock_plugin= true;
#endif
mpvio->plugin= plugin; mpvio->plugin= plugin;
old_status= mpvio->status; old_status= mpvio->status;
......
sql/sql_yacc.yy
View file @ 14e181a4
...@@ -16819,8 +16819,6 @@ grant_user: ...@@ -16819,8 +16819,6 @@ grant_user:
{ {
$$= $1; $$= $1;
$1->pwtext= $4; $1->pwtext= $4;
if (unlikely(Lex->sql_command == SQLCOM_REVOKE))
MYSQL_YYABORT;
} }
| user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING | user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING
{ {
......
sql/sql_yacc_ora.yy
View file @ 14e181a4
...@@ -17172,8 +17172,6 @@ grant_user: ...@@ -17172,8 +17172,6 @@ grant_user:
{ {
$$= $1; $$= $1;
$1->pwtext= $4; $1->pwtext= $4;
if (unlikely(Lex->sql_command == SQLCOM_REVOKE))
MYSQL_YYABORT;
} }
| user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING | user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7