Commit db25d8f9 authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Modified set_role_var to implement both a role check in the check() function,

as well as only set privileges in the update() function.
parent 494f0117
......@@ -876,14 +876,20 @@ int set_var_password::update(THD *thd)
*****************************************************************************/
int set_var_role::check(THD *thd)
{
/* nothing to check */
#ifndef NO_EMBEDDED_ACCESS_CHECKS
ulonglong access;
int status= acl_check_setrole(thd, base.str, &access);
save_result.ulonglong_value= access;
return status;
#else
return 0;
#endif
}
int set_var_role::update(THD *thd)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
return acl_setrole(thd, this->role.str);
return acl_setrole(thd, base.str, save_result.ulonglong_value);
#else
return 0;
#endif
......
......@@ -278,11 +278,11 @@ public:
/* For SET ROLE */
class set_var_role: public set_var_base
class set_var_role: public set_var
{
LEX_STRING role;
public:
set_var_role(LEX_STRING role_arg) : role(role_arg) {};
set_var_role(LEX_STRING role_arg) :
set_var(OPT_SESSION, NULL, &role_arg, NULL){};
int check(THD *thd);
int update(THD *thd);
};
......
......@@ -1672,7 +1672,7 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
DBUG_RETURN(res);
}
bool acl_setrole(THD *thd, char *rolename)
int acl_check_setrole(THD *thd, char *rolename, ulonglong *access)
{
bool is_granted;
int result= 0;
......@@ -1693,8 +1693,8 @@ bool acl_setrole(THD *thd, char *rolename)
my_error(ER_INVALID_CURRENT_USER, MYF(0), rolename);
result= -1;
}
else
thd->security_ctx->master_access= acl_user->access;
else if (access)
*access= acl_user->access;
goto end;
}
......@@ -1728,16 +1728,26 @@ bool acl_setrole(THD *thd, char *rolename)
goto end;
}
/* merge the privileges */
thd->security_ctx->master_access= acl_user->access | role->access;
/* mark the current role */
strcpy(thd->security_ctx->priv_role, rolename);
if (access)
{
*access = acl_user->access | role->access;
}
end:
mysql_mutex_unlock(&acl_cache->lock);
return result;
}
int acl_setrole(THD *thd, char *rolename, ulonglong access) {
/* merge the privileges */
thd->security_ctx->master_access= access;
/* mark the current role */
strmake(thd->security_ctx->priv_role, rolename,
sizeof(thd->security_ctx->priv_role)-1);
return 0;
}
static uchar* check_get_key(ACL_USER *buff, size_t *length,
my_bool not_used __attribute__((unused)))
{
......
......@@ -382,5 +382,6 @@ get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info,
bool acl_check_proxy_grant_access (THD *thd, const char *host, const char *user,
bool with_grant);
bool acl_setrole(THD *thd, char *rolename);
int acl_setrole(THD *thd, char *rolename, ulonglong access);
int acl_check_setrole(THD *thd, char *rolename, ulonglong *access);
#endif /* SQL_ACL_INCLUDED */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment