Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
c96420d1
Commit
c96420d1
authored
Mar 26, 2005
by
unknown
Browse files
Options
Browse Files
Download
Plain Diff
Manual merge
parents
7870817e
43c3be4a
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
275 additions
and
23 deletions
+275
-23
VC++Files/mysys/mysys.dsp
VC++Files/mysys/mysys.dsp
+4
-0
include/my_sys.h
include/my_sys.h
+8
-0
mysys/Makefile.am
mysys/Makefile.am
+2
-1
mysys/my_windac.c
mysys/my_windac.c
+224
-0
sql-common/client.c
sql-common/client.c
+8
-7
sql/mysqld.cc
sql/mysqld.cc
+29
-15
No files found.
VC++Files/mysys/mysys.dsp
View file @
c96420d1
...
...
@@ -536,6 +536,10 @@ SOURCE=.\my_wincond.c
# End Source File
# Begin Source File
SOURCE=.\my_windac.c
# End Source File
# Begin Source File
SOURCE=.\my_winsem.c
# End Source File
# Begin Source File
...
...
include/my_sys.h
View file @
c96420d1
...
...
@@ -855,6 +855,14 @@ extern void thd_increment_net_big_packet_count(ulong length);
#ifdef __WIN__
extern
my_bool
have_tcpip
;
/* Is set if tcpip is used */
/* implemented in my_windac.c */
int
my_security_attr_create
(
SECURITY_ATTRIBUTES
**
psa
,
const
char
**
perror
,
DWORD
owner_rights
,
DWORD
everybody_rights
);
void
my_security_attr_free
(
SECURITY_ATTRIBUTES
*
sa
);
#endif
#ifdef __NETWARE__
void
netware_reg_user
(
const
char
*
ip
,
const
char
*
user
,
...
...
mysys/Makefile.am
View file @
c96420d1
...
...
@@ -52,7 +52,8 @@ libmysys_a_SOURCES = my_init.c my_getwd.c mf_getdate.c my_mmap.c \
my_net.c my_semaphore.c my_port.c my_sleep.c
\
charset.c charset-def.c my_bitmap.c my_bit.c md5.c
\
my_gethostbyname.c rijndael.c my_aes.c sha1.c
\
my_handler.c my_netware.c my_largepage.c
my_handler.c my_netware.c my_largepage.c
\
my_windac.c
EXTRA_DIST
=
thr_alarm.c thr_lock.c my_pthread.c my_thr_init.c
\
thr_mutex.c thr_rwlock.c
libmysys_a_LIBADD
=
@THREAD_LOBJECTS@
...
...
mysys/my_windac.c
0 → 100644
View file @
c96420d1
/* Copyright (C) 2000-2005 MySQL AB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#include "mysys_priv.h"
#include "m_string.h"
#ifdef __WIN__
/* Windows NT/2000 discretionary access control utility functions. */
/*
Check if the operating system is built on NT technology.
RETURN
0 Windows 95/98/Me
1 otherwise
*/
static
my_bool
is_nt
()
{
return
GetVersion
()
<
0x80000000
;
}
/*
Auxilary structure to store pointers to the data which we need to keep
around while SECURITY_ATTRIBUTES is in use.
*/
typedef
struct
st_my_security_attr
{
PSID
everyone_sid
;
PACL
dacl
;
}
My_security_attr
;
/*
Allocate and initialize SECURITY_ATTRIBUTES setting up access
rights for the owner and group `Everybody'.
SYNOPSIS
my_security_attr_create()
psa [OUT] pointer to store the pointer to SA in
perror [OUT] pointer to store error message if there was an
error
owner_rights [IN] access rights for the owner
everyone_rights [IN] access rights for group Everybody
DESCRIPTION
Set up the security attributes to provide clients with sufficient
access rights to a kernel object. We need this function
because if we simply grant all access to everybody (by installing
a NULL DACL) a mailicious user can attempt a denial of service
attack by taking ownership over the kernel object. Upon successful
return `psa' contains a pointer to SECUIRITY_ATTRIBUTES that can be used
to create kernel objects with proper access rights.
RETURN
0 success, psa is 0 or points to a valid SA structure,
perror is left intact
!0 error, SA is set to 0, error message is stored in perror
*/
int
my_security_attr_create
(
SECURITY_ATTRIBUTES
**
psa
,
const
char
**
perror
,
DWORD
owner_rights
,
DWORD
everyone_rights
)
{
/* Top-level SID authority */
SID_IDENTIFIER_AUTHORITY
world_auth
=
SECURITY_WORLD_SID_AUTHORITY
;
PSID
everyone_sid
=
0
;
HANDLE
htoken
=
0
;
SECURITY_ATTRIBUTES
*
sa
=
0
;
PACL
dacl
=
0
;
DWORD
owner_token_length
,
dacl_length
;
SECURITY_DESCRIPTOR
*
sd
;
PTOKEN_USER
owner_token
;
PSID
owner_sid
;
My_security_attr
*
attr
;
if
(
!
is_nt
())
{
*
psa
=
0
;
return
0
;
}
/*
Get SID of Everyone group. Easier to retrieve all SIDs each time
this function is called than worry about thread safety.
*/
if
(
!
AllocateAndInitializeSid
(
&
world_auth
,
1
,
SECURITY_WORLD_RID
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
&
everyone_sid
))
{
*
perror
=
"Failed to retrieve the SID of Everyone group"
;
goto
error
;
}
/*
Get SID of the owner. Using GetSecurityInfo this task can be done
in just one call instead of five, but GetSecurityInfo declared in
aclapi.h, so I hesitate to use it.
SIC: OpenThreadToken works only if there is an active impersonation
token, hence OpenProcessToken is used.
*/
if
(
!
OpenProcessToken
(
GetCurrentProcess
(),
TOKEN_QUERY
,
&
htoken
))
{
*
perror
=
"Failed to retrieve thread access token"
;
goto
error
;
}
GetTokenInformation
(
htoken
,
TokenUser
,
0
,
0
,
&
owner_token_length
);
if
(
!
my_multi_malloc
(
MYF
(
MY_WME
),
&
sa
,
ALIGN_SIZE
(
sizeof
(
SECURITY_ATTRIBUTES
))
+
sizeof
(
My_security_attr
),
&
sd
,
sizeof
(
SECURITY_DESCRIPTOR
),
&
owner_token
,
owner_token_length
,
0
))
{
*
perror
=
"Failed to allocate memory for SECURITY_ATTRIBUTES"
;
goto
error
;
}
bzero
(
owner_token
,
owner_token_length
);
if
(
!
GetTokenInformation
(
htoken
,
TokenUser
,
owner_token
,
owner_token_length
,
&
owner_token_length
))
{
*
perror
=
"GetTokenInformation failed"
;
goto
error
;
}
owner_sid
=
owner_token
->
User
.
Sid
;
if
(
!
IsValidSid
(
owner_sid
))
{
*
perror
=
"IsValidSid failed"
;
goto
error
;
}
/* Calculate the amount of memory that must be allocated for the DACL */
dacl_length
=
sizeof
(
ACL
)
+
(
sizeof
(
ACCESS_ALLOWED_ACE
)
-
sizeof
(
DWORD
))
*
2
+
GetLengthSid
(
everyone_sid
)
+
GetLengthSid
(
owner_sid
);
/* Create an ACL */
if
(
!
(
dacl
=
(
PACL
)
my_malloc
(
dacl_length
,
MYF
(
MY_ZEROFILL
|
MY_WME
))))
{
*
perror
=
"Failed to allocate memory for DACL"
;
goto
error
;
}
if
(
!
InitializeAcl
(
dacl
,
dacl_length
,
ACL_REVISION
))
{
*
perror
=
"Failed to initialize DACL"
;
goto
error
;
}
if
(
!
AddAccessAllowedAce
(
dacl
,
ACL_REVISION
,
everyone_rights
,
everyone_sid
))
{
*
perror
=
"Failed to set up DACL"
;
goto
error
;
}
if
(
!
AddAccessAllowedAce
(
dacl
,
ACL_REVISION
,
owner_rights
,
owner_sid
))
{
*
perror
=
"Failed to set up DACL"
;
goto
error
;
}
if
(
!
InitializeSecurityDescriptor
(
sd
,
SECURITY_DESCRIPTOR_REVISION
))
{
*
perror
=
"Could not initialize security descriptor"
;
goto
error
;
}
if
(
!
SetSecurityDescriptorDacl
(
sd
,
TRUE
,
dacl
,
FALSE
))
{
*
perror
=
"Failed to install DACL"
;
goto
error
;
}
sa
->
nLength
=
sizeof
(
*
sa
);
sa
->
bInheritHandle
=
TRUE
;
sa
->
lpSecurityDescriptor
=
sd
;
/* Save pointers to everyone_sid and dacl to be able to clean them up */
attr
=
(
My_security_attr
*
)
(((
char
*
)
sa
)
+
ALIGN_SIZE
(
sizeof
(
*
sa
)));
attr
->
everyone_sid
=
everyone_sid
;
attr
->
dacl
=
dacl
;
*
psa
=
sa
;
CloseHandle
(
htoken
);
return
0
;
error:
if
(
everyone_sid
)
FreeSid
(
everyone_sid
);
if
(
htoken
)
CloseHandle
(
htoken
);
my_free
((
gptr
)
sa
,
MYF
(
MY_ALLOW_ZERO_PTR
));
my_free
((
gptr
)
dacl
,
MYF
(
MY_ALLOW_ZERO_PTR
));
*
psa
=
0
;
return
1
;
}
/*
Cleanup security attributes freeing used memory.
SYNOPSIS
my_security_attr_free()
sa security attributes
*/
void
my_security_attr_free
(
SECURITY_ATTRIBUTES
*
sa
)
{
if
(
sa
)
{
My_security_attr
*
attr
=
(
My_security_attr
*
)
(((
char
*
)
sa
)
+
ALIGN_SIZE
(
sizeof
(
*
sa
)));
FreeSid
(
attr
->
everyone_sid
);
my_free
((
gptr
)
attr
->
dacl
,
MYF
(
0
));
my_free
((
gptr
)
sa
,
MYF
(
0
));
}
}
#endif
/* __WIN__ */
sql-common/client.c
View file @
c96420d1
...
...
@@ -405,6 +405,7 @@ HANDLE create_shared_memory(MYSQL *mysql,NET *net, uint connect_timeout)
char
*
suffix_pos
;
DWORD
error_allow
=
0
;
DWORD
error_code
=
0
;
DWORD
event_access_rights
=
SYNCHRONIZE
|
EVENT_MODIFY_STATE
;
char
*
shared_memory_base_name
=
mysql
->
options
.
shared_memory_base_name
;
/*
...
...
@@ -416,13 +417,13 @@ HANDLE create_shared_memory(MYSQL *mysql,NET *net, uint connect_timeout)
*/
suffix_pos
=
strxmov
(
tmp
,
shared_memory_base_name
,
"_"
,
NullS
);
strmov
(
suffix_pos
,
"CONNECT_REQUEST"
);
if
(
!
(
event_connect_request
=
OpenEvent
(
EVENT_ALL_ACCESS
,
FALSE
,
tmp
)))
if
(
!
(
event_connect_request
=
OpenEvent
(
event_access_rights
,
FALSE
,
tmp
)))
{
error_allow
=
CR_SHARED_MEMORY_CONNECT_REQUEST_ERROR
;
goto
err
;
}
strmov
(
suffix_pos
,
"CONNECT_ANSWER"
);
if
(
!
(
event_connect_answer
=
OpenEvent
(
EVENT_ALL_ACCESS
,
FALSE
,
tmp
)))
if
(
!
(
event_connect_answer
=
OpenEvent
(
event_access_rights
,
FALSE
,
tmp
)))
{
error_allow
=
CR_SHARED_MEMORY_CONNECT_ANSWER_ERROR
;
goto
err
;
...
...
@@ -484,35 +485,35 @@ HANDLE create_shared_memory(MYSQL *mysql,NET *net, uint connect_timeout)
}
strmov
(
suffix_pos
,
"SERVER_WROTE"
);
if
((
event_server_wrote
=
OpenEvent
(
EVENT_ALL_ACCESS
,
FALSE
,
tmp
))
==
NULL
)
if
((
event_server_wrote
=
OpenEvent
(
event_access_rights
,
FALSE
,
tmp
))
==
NULL
)
{
error_allow
=
CR_SHARED_MEMORY_EVENT_ERROR
;
goto
err2
;
}
strmov
(
suffix_pos
,
"SERVER_READ"
);
if
((
event_server_read
=
OpenEvent
(
EVENT_ALL_ACCESS
,
FALSE
,
tmp
))
==
NULL
)
if
((
event_server_read
=
OpenEvent
(
event_access_rights
,
FALSE
,
tmp
))
==
NULL
)
{
error_allow
=
CR_SHARED_MEMORY_EVENT_ERROR
;
goto
err2
;
}
strmov
(
suffix_pos
,
"CLIENT_WROTE"
);
if
((
event_client_wrote
=
OpenEvent
(
EVENT_ALL_ACCESS
,
FALSE
,
tmp
))
==
NULL
)
if
((
event_client_wrote
=
OpenEvent
(
event_access_rights
,
FALSE
,
tmp
))
==
NULL
)
{
error_allow
=
CR_SHARED_MEMORY_EVENT_ERROR
;
goto
err2
;
}
strmov
(
suffix_pos
,
"CLIENT_READ"
);
if
((
event_client_read
=
OpenEvent
(
EVENT_ALL_ACCESS
,
FALSE
,
tmp
))
==
NULL
)
if
((
event_client_read
=
OpenEvent
(
event_access_rights
,
FALSE
,
tmp
))
==
NULL
)
{
error_allow
=
CR_SHARED_MEMORY_EVENT_ERROR
;
goto
err2
;
}
strmov
(
suffix_pos
,
"CONNECTION_CLOSED"
);
if
((
event_conn_closed
=
OpenEvent
(
EVENT_ALL_ACCESS
,
FALSE
,
tmp
))
==
NULL
)
if
((
event_conn_closed
=
OpenEvent
(
event_access_rights
,
FALSE
,
tmp
))
==
NULL
)
{
error_allow
=
CR_SHARED_MEMORY_EVENT_ERROR
;
goto
err2
;
...
...
sql/mysqld.cc
View file @
c96420d1
...
...
@@ -3902,10 +3902,19 @@ pthread_handler_decl(handle_connections_shared_memory,arg)
char
*
suffix_pos
;
char
connect_number_char
[
22
],
*
p
;
const
char
*
errmsg
=
0
;
SECURITY_ATTRIBUTES
*
sa_event
=
0
,
*
sa_mapping
=
0
;
my_thread_init
();
DBUG_ENTER
(
"handle_connections_shared_memorys"
);
DBUG_PRINT
(
"general"
,(
"Waiting for allocated shared memory."
));
if
(
my_security_attr_create
(
&
sa_event
,
&
errmsg
,
GENERIC_ALL
,
SYNCHRONIZE
|
EVENT_MODIFY_STATE
))
goto
error
;
if
(
my_security_attr_create
(
&
sa_mapping
,
&
errmsg
,
GENERIC_ALL
,
FILE_MAP_READ
|
FILE_MAP_WRITE
))
goto
error
;
/*
The name of event and file-mapping events create agree next rule:
shared_memory_base_name+unique_part
...
...
@@ -3915,22 +3924,22 @@ pthread_handler_decl(handle_connections_shared_memory,arg)
*/
suffix_pos
=
strxmov
(
tmp
,
shared_memory_base_name
,
"_"
,
NullS
);
strmov
(
suffix_pos
,
"CONNECT_REQUEST"
);
if
((
smem_event_connect_request
=
CreateEvent
(
0
,
FALSE
,
FALSE
,
tmp
))
==
0
)
if
((
smem_event_connect_request
=
CreateEvent
(
sa_event
,
FALSE
,
FALSE
,
tmp
))
==
0
)
{
errmsg
=
"Could not create request event"
;
goto
error
;
}
strmov
(
suffix_pos
,
"CONNECT_ANSWER"
);
if
((
event_connect_answer
=
CreateEvent
(
0
,
FALSE
,
FALSE
,
tmp
))
==
0
)
if
((
event_connect_answer
=
CreateEvent
(
sa_event
,
FALSE
,
FALSE
,
tmp
))
==
0
)
{
errmsg
=
"Could not create answer event"
;
goto
error
;
}
strmov
(
suffix_pos
,
"CONNECT_DATA"
);
if
((
handle_connect_file_map
=
CreateFileMapping
(
INVALID_HANDLE_VALUE
,
0
,
PAGE_READWRITE
,
0
,
sizeof
(
connect_number
),
tmp
))
==
0
)
if
((
handle_connect_file_map
=
CreateFileMapping
(
INVALID_HANDLE_VALUE
,
sa_mapping
,
PAGE_READWRITE
,
0
,
sizeof
(
connect_number
),
tmp
))
==
0
)
{
errmsg
=
"Could not create file mapping"
;
goto
error
;
...
...
@@ -3975,10 +3984,9 @@ pthread_handler_decl(handle_connections_shared_memory,arg)
suffix_pos
=
strxmov
(
tmp
,
shared_memory_base_name
,
"_"
,
connect_number_char
,
"_"
,
NullS
);
strmov
(
suffix_pos
,
"DATA"
);
if
((
handle_client_file_map
=
CreateFileMapping
(
INVALID_HANDLE_VALUE
,
0
,
PAGE_READWRITE
,
0
,
smem_buffer_length
,
tmp
))
==
0
)
if
((
handle_client_file_map
=
CreateFileMapping
(
INVALID_HANDLE_VALUE
,
sa_mapping
,
PAGE_READWRITE
,
0
,
smem_buffer_length
,
tmp
))
==
0
)
{
errmsg
=
"Could not create file mapping"
;
goto
errorconn
;
...
...
@@ -3991,31 +3999,33 @@ pthread_handler_decl(handle_connections_shared_memory,arg)
goto
errorconn
;
}
strmov
(
suffix_pos
,
"CLIENT_WROTE"
);
if
((
event_client_wrote
=
CreateEvent
(
0
,
FALSE
,
FALSE
,
tmp
))
==
0
)
if
((
event_client_wrote
=
CreateEvent
(
sa_event
,
FALSE
,
FALSE
,
tmp
))
==
0
)
{
errmsg
=
"Could not create client write event"
;
goto
errorconn
;
}
strmov
(
suffix_pos
,
"CLIENT_READ"
);
if
((
event_client_read
=
CreateEvent
(
0
,
FALSE
,
FALSE
,
tmp
))
==
0
)
if
((
event_client_read
=
CreateEvent
(
sa_event
,
FALSE
,
FALSE
,
tmp
))
==
0
)
{
errmsg
=
"Could not create client read event"
;
goto
errorconn
;
}
strmov
(
suffix_pos
,
"SERVER_READ"
);
if
((
event_server_read
=
CreateEvent
(
0
,
FALSE
,
FALSE
,
tmp
))
==
0
)
if
((
event_server_read
=
CreateEvent
(
sa_event
,
FALSE
,
FALSE
,
tmp
))
==
0
)
{
errmsg
=
"Could not create server read event"
;
goto
errorconn
;
}
strmov
(
suffix_pos
,
"SERVER_WROTE"
);
if
((
event_server_wrote
=
CreateEvent
(
0
,
FALSE
,
FALSE
,
tmp
))
==
0
)
if
((
event_server_wrote
=
CreateEvent
(
sa_event
,
FALSE
,
FALSE
,
tmp
))
==
0
)
{
errmsg
=
"Could not create server write event"
;
goto
errorconn
;
}
strmov
(
suffix_pos
,
"CONNECTION_CLOSED"
);
if
((
event_conn_closed
=
CreateEvent
(
0
,
TRUE
,
FALSE
,
tmp
))
==
0
)
if
((
event_conn_closed
=
CreateEvent
(
sa_event
,
TRUE
,
FALSE
,
tmp
))
==
0
)
{
errmsg
=
"Could not create closed connection event"
;
goto
errorconn
;
...
...
@@ -4065,6 +4075,8 @@ pthread_handler_decl(handle_connections_shared_memory,arg)
NullS
);
sql_perror
(
buff
);
}
my_security_attr_free
(
sa_event
);
my_security_attr_free
(
sa_mapping
);
if
(
handle_client_file_map
)
CloseHandle
(
handle_client_file_map
);
if
(
handle_client_map
)
...
...
@@ -4090,6 +4102,8 @@ pthread_handler_decl(handle_connections_shared_memory,arg)
strxmov
(
buff
,
"Can't create shared memory service: "
,
errmsg
,
"."
,
NullS
);
sql_perror
(
buff
);
}
my_security_attr_free
(
sa_event
);
my_security_attr_free
(
sa_mapping
);
if
(
handle_connect_map
)
UnmapViewOfFile
(
handle_connect_map
);
if
(
handle_connect_file_map
)
CloseHandle
(
handle_connect_file_map
);
if
(
event_connect_answer
)
CloseHandle
(
event_connect_answer
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment