Commit 334860cc authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Added roles mapping internal structure creation

TODO: Free structures on flush
parent 875617c0
...@@ -566,6 +566,8 @@ static void init_check_host(void); ...@@ -566,6 +566,8 @@ static void init_check_host(void);
static void rebuild_check_host(void); static void rebuild_check_host(void);
static ACL_USER *find_acl_user(const char *host, const char *user, static ACL_USER *find_acl_user(const char *host, const char *user,
my_bool exact); my_bool exact);
static ACL_USER *find_acl_role(const char *host, const char *user,
my_bool exact);
static bool update_user_table(THD *thd, TABLE *table, const char *host, static bool update_user_table(THD *thd, TABLE *table, const char *host,
const char *user, const char *new_password, const char *user, const char *new_password,
uint new_password_len); uint new_password_len);
...@@ -587,8 +589,10 @@ enum enum_acl_lists ...@@ -587,8 +589,10 @@ enum enum_acl_lists
typedef struct st_role_grant typedef struct st_role_grant
{ {
ACL_USER *user; char *user_username;
ACL_USER *role; char *user_hostname;
char *role_username;
char *role_hostname;
} ROLE_GRANT_PAIR; } ROLE_GRANT_PAIR;
/* /*
Convert scrambled password to binary form, according to scramble type, Convert scrambled password to binary form, according to scramble type,
...@@ -1041,10 +1045,12 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1041,10 +1045,12 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
#endif #endif
} }
if (is_role) { if (is_role) {
sql_print_information("Found role %s", user.user);
(void) push_dynamic(&acl_roles,(uchar*) &user); (void) push_dynamic(&acl_roles,(uchar*) &user);
} }
else else
{ {
sql_print_information("Found user %s", user.user);
(void) push_dynamic(&acl_users,(uchar*) &user); (void) push_dynamic(&acl_users,(uchar*) &user);
} }
if (!user.host.hostname || if (!user.host.hostname ||
...@@ -1162,26 +1168,48 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1162,26 +1168,48 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
goto end; goto end;
table->use_all_columns(); table->use_all_columns();
/* account for every role mapping */ /* account for every role mapping */
/* acquire lock for the find_acl_user/role functions
XXX
Perhaps new wrapper functions should be created that do not check
for the lock in this case as it either is already taken or
it's the first initialisation so no race conditions possible
*/
if (!initialized)
mysql_mutex_lock(&acl_cache->lock); mysql_mutex_lock(&acl_cache->lock);
(void) my_init_dynamic_array(&role_grants,sizeof(ROLE_GRANT_PAIR), 50, 100,
MYF(0));
while (!(read_record_info.read_record(&read_record_info))) while (!(read_record_info.read_record(&read_record_info)))
{ {
char *user_hostname= get_field(&mem, table->field[0]); ROLE_GRANT_PAIR p;
char *user_username= get_field(&mem, table->field[1]); p.user_hostname= get_field(&mem, table->field[0]);
char *role_hostname= get_field(&mem, table->field[2]); p.user_username= get_field(&mem, table->field[1]);
char *role_username= get_field(&mem, table->field[3]); p.role_hostname= get_field(&mem, table->field[2]);
ACL_USER *user = find_acl_user(user_hostname, user_username, TRUE); p.role_username= get_field(&mem, table->field[3]);
ACL_USER *role = find_acl_user(role_hostname, role_username, TRUE); ACL_USER *user = find_acl_user((p.user_hostname) ? p.user_hostname: "",
(p.user_username) ? p.user_username: "",
TRUE);
ACL_USER *role = find_acl_role((p.role_hostname) ? p.role_hostname: "",
(p.role_username) ? p.role_username: "",
TRUE);
if (user == NULL || role == NULL) if (user == NULL || role == NULL)
{ {
sql_print_error("Warning: Invalid roles_mapping table entry"); sql_print_error("Invalid roles_mapping table entry '%s@%s', '%s@%s'",
p.user_username ? p.user_username : "",
p.user_hostname ? p.user_hostname : "",
p.role_username ? p.role_username : "",
p.role_hostname ? p.role_hostname : "",
user, role);
continue; continue;
} }
/* TEMPORARY */
push_dynamic(&role_grants, (uchar*) &p);
sql_print_information("Found user %s@%s having role granted %s@%s\n", sql_print_information("Found user %s@%s having role granted %s@%s\n",
user->user, user->host.hostname, user->user, user->host.hostname,
role->user, role->host.hostname); role->user, role->host.hostname);
} }
end_read_record(&read_record_info); end_read_record(&read_record_info);
if (!initialized)
mysql_mutex_unlock(&acl_cache->lock); mysql_mutex_unlock(&acl_cache->lock);
} }
...@@ -2110,20 +2138,22 @@ bool is_acl_user(const char *host, const char *user) ...@@ -2110,20 +2138,22 @@ bool is_acl_user(const char *host, const char *user)
/* /*
Find first entry that matches the current user Find first entry that matches the current user or role
*/ */
static ACL_USER * static ACL_USER *
find_acl_user(const char *host, const char *user, my_bool exact) find_acl_user_table_entry(const char *host, const char *user, my_bool exact,
my_bool is_role)
{ {
DBUG_ENTER("find_acl_user"); DBUG_ENTER("find_acl_user");
DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user)); DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user));
mysql_mutex_assert_owner(&acl_cache->lock); mysql_mutex_assert_owner(&acl_cache->lock);
for (uint i=0 ; i < acl_users.elements ; i++) DYNAMIC_ARRAY *target = (is_role) ? &acl_roles : &acl_users;
for (uint i=0 ; i < target->elements ; i++)
{ {
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); ACL_USER *acl_user=dynamic_element(target,i,ACL_USER*);
DBUG_PRINT("info",("strcmp('%s','%s'), compare_hostname('%s','%s'),", DBUG_PRINT("info",("strcmp('%s','%s'), compare_hostname('%s','%s'),",
user, acl_user->user ? acl_user->user : "", user, acl_user->user ? acl_user->user : "",
host, host,
...@@ -2144,6 +2174,17 @@ find_acl_user(const char *host, const char *user, my_bool exact) ...@@ -2144,6 +2174,17 @@ find_acl_user(const char *host, const char *user, my_bool exact)
DBUG_RETURN(0); DBUG_RETURN(0);
} }
static ACL_USER *
find_acl_role(const char *host, const char *user, my_bool exact)
{
return find_acl_user_table_entry(host, user, exact, TRUE);
}
static ACL_USER *
find_acl_user(const char *host, const char *user, my_bool exact)
{
return find_acl_user_table_entry(host, user, exact, FALSE);
}
/* /*
Comparing of hostnames Comparing of hostnames
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment