Commit 9dcc6430 authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Modified add_role_user_mapping to also handle granting a role to a role.

parent c968a59d
...@@ -1288,7 +1288,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1288,7 +1288,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
char *username= get_field(&temp_root, table->field[1]); char *username= get_field(&temp_root, table->field[1]);
char *rolename= get_field(&temp_root, table->field[2]); char *rolename= get_field(&temp_root, table->field[2]);
init_role_grant_pair(&mem, mapping, username, hostname, rolename); init_role_grant_pair(&mem, mapping, username, hostname, rolename);
if (add_role_user_mapping(mapping) == 1) { if (add_role_user_mapping(mapping) == -1) {
sql_print_error("Invalid roles_mapping table entry user:'%s@%s', rolename:'%s'", sql_print_error("Invalid roles_mapping table entry user:'%s@%s', rolename:'%s'",
mapping->u_uname ? mapping->u_uname : "", mapping->u_uname ? mapping->u_uname : "",
mapping->u_hname ? mapping->u_hname : "", mapping->u_hname ? mapping->u_hname : "",
...@@ -2152,29 +2152,48 @@ my_bool acl_user_reset_grant(ACL_USER *user, ...@@ -2152,29 +2152,48 @@ my_bool acl_user_reset_grant(ACL_USER *user,
/* /*
Add a the coresponding pointers present in the mapping to the entries in Add a the coresponding pointers present in the mapping to the entries in
acl_users and acl_roles acl_users and acl_roles
*/
my_bool add_role_user_mapping(ROLE_GRANT_PAIR *mapping) Return values:
0: The entry is valid and was added.
-1: The entry is invalid and was not added.
1: The entry represents a mapping between two roles.
*/
int add_role_user_mapping(ROLE_GRANT_PAIR *mapping)
{ {
ACL_USER *user= find_user_no_anon((mapping->u_hname) ? mapping->u_hname: "", ACL_USER *user= find_user_no_anon((mapping->u_hname) ? mapping->u_hname: "",
(mapping->u_uname) ? mapping->u_uname: "", (mapping->u_uname) ? mapping->u_uname: "",
TRUE); TRUE);
ACL_USER *role= find_acl_role(mapping->r_uname ? mapping->r_uname: ""); ACL_USER *role= find_acl_role(mapping->r_uname ? mapping->r_uname: "");
int result= 0;
if (user == NULL || role == NULL) if (user == NULL || role == NULL)
{ {
DBUG_PRINT("warning", ("Invalid add_role_user_mapping '%s'@'%s' %s", /* There still exists the possibility that the user is actually a role */
mapping->u_uname, mapping->u_hname, if (user == NULL && role && (!mapping->u_hname || !mapping->u_hname[0])
mapping->r_uname)); && /* in this case the grantee is a role */
return 1; ((user= find_acl_role(mapping->u_uname ? mapping->u_uname: ""))))
{
result= 1;
}
else
{
DBUG_PRINT("warning", ("Invalid add_role_user_mapping '%s'@'%s' %s",
mapping->u_uname, mapping->u_hname,
mapping->r_uname));
return -1;
}
} }
push_dynamic(&user->role_grants, (uchar*) &role); push_dynamic(&user->role_grants, (uchar*) &role);
push_dynamic(&role->role_grants, (uchar*) &user); push_dynamic(&role->role_grants, (uchar*) &user);
DBUG_PRINT("info", ("Found user %s@%s having role granted %s@%s\n", DBUG_PRINT("info", ("Found %s %s@%s having role granted %s@%s\n",
(result) ? "role" : "user",
user->user.str, user->host.hostname, user->user.str, user->host.hostname,
role->user.str, role->host.hostname)); role->user.str, role->host.hostname));
return 0; return result;
} }
...@@ -2211,7 +2230,7 @@ void rebuild_role_grants(void) ...@@ -2211,7 +2230,7 @@ void rebuild_role_grants(void)
If add_role_user_mapping detects an invalid entry, it will not add If add_role_user_mapping detects an invalid entry, it will not add
the mapping into the ACL_USER::role_grants array. the mapping into the ACL_USER::role_grants array.
*/ */
DBUG_ASSERT(status == 0); DBUG_ASSERT(status >= 0);
} }
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment