4418 Harin Vadodaria 2012-09-05
wl#6486 : Refactoring user management code
authentication / authorization)
Description : Moved authentication related
code to sql_authentication.h
and sql_authentication.cc
added:
sql/auth/sql_authentication.h
modified:
sql/CMakeLists.txt
sql/auth/auth_common.h
sql/auth/sql_acl.cc
sql/auth/sql_authentication.cc
4417 Harin Vadodaria 2012-09-04
wl#6486 : Refactoring user management code
(authentication / authorization)
Description : Moved authentication code to
sql_authentication.cc
added:
sql/auth/sql_authentication.cc
modified:
sql/CMakeLists.txt
sql/auth/sql_acl.cc
=== modified file 'sql/CMakeLists.txt'
--- a/sql/CMakeLists.txt 2012-09-04 11:58:25 +0000
+++ b/sql/CMakeLists.txt 2012-09-05 11:40:51 +0000
@@ -44,7 +44,7 @@ SET(SQL_SHARED_SOURCES
auth/sql_user.cc
# auth/sql_user_table.cc
auth/sql_user_cache.cc
-# auth/sql_authentication.cc
+ auth/sql_authentication.cc
datadict.cc
debug_sync.cc
derror.cc
=== modified file 'sql/auth/auth_common.h'
--- a/sql/auth/auth_common.h 2012-09-04 07:22:36 +0000
+++ b/sql/auth/auth_common.h 2012-09-05 11:40:51 +0000
@@ -190,4 +190,25 @@ void
set_user_salt(ACL_USER *acl_user, const char *password, uint password_len);
#endif // NO_EMBEDDED_ACCESS_CHECKS
+/**
+ Common Data Structures
+*/
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+extern DYNAMIC_ARRAY acl_users, acl_dbs, acl_proxy_users;
+extern hash_filo *acl_cache;
+extern bool initialized;
+#endif /* NO_EMBEDDED_ACCESS_CHECKS */
+
+
+/**
+ Common Functions
+*/
+
+void optimize_plugin_compare_by_pointer(LEX_STRING *plugin_name);
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ACL_USER *find_acl_user(const char *host, const char *user,
+ my_bool exact);
+#endif
+
#endif /* AUTH_COMMON_INCLUDED */
=== modified file 'sql/auth/sql_acl.cc'
--- a/sql/auth/sql_acl.cc 2012-09-04 11:58:25 +0000
+++ b/sql/auth/sql_acl.cc 2012-09-05 11:40:51 +0000
@@ -61,17 +61,18 @@
#endif
#include "auth_common.h"
+#include "sql_authentication.h"
using std::min;
using std::max;
bool mysql_user_table_is_in_short_password_format= false;
-static LEX_STRING native_password_plugin_name= {
+LEX_STRING native_password_plugin_name= {
C_STRING_WITH_LEN("mysql_native_password")
};
-static LEX_STRING old_password_plugin_name= {
+LEX_STRING old_password_plugin_name= {
C_STRING_WITH_LEN("mysql_old_password")
};
@@ -80,22 +81,15 @@ LEX_STRING sha256_password_plugin_name=
C_STRING_WITH_LEN("sha256_password")
};
#endif
-static LEX_STRING validate_password_plugin_name= {
- C_STRING_WITH_LEN("validate_password")
-};
-LEX_STRING default_auth_plugin_name;
-
#ifndef NO_EMBEDDED_ACCESS_CHECKS
-static plugin_ref old_password_plugin;
+plugin_ref old_password_plugin;
#endif
-static plugin_ref native_password_plugin;
+plugin_ref native_password_plugin;
#define WARN_DEPRECATED_41_PWD_HASH(thd) \
WARN_DEPRECATED(thd, "pre-4.1 password hash", "post-4.1 password hash")
-void optimize_plugin_compare_by_pointer(LEX_STRING *plugin_name);
-
bool auth_plugin_is_built_in(const char *plugin_name)
{
return (plugin_name == native_password_plugin_name.str ||
@@ -435,21 +429,19 @@ uchar* acl_entry_get_key(acl_entry *entr
}
-static DYNAMIC_ARRAY acl_users, acl_dbs, acl_proxy_users;
+DYNAMIC_ARRAY acl_users, acl_dbs, acl_proxy_users;
static MEM_ROOT global_acl_memory, memex;
-static bool initialized=0;
+bool initialized=0;
static bool allow_all_hosts=1;
static HASH acl_check_hosts, column_priv_hash, proc_priv_hash, func_priv_hash;
static DYNAMIC_ARRAY acl_wild_hosts;
-static hash_filo *acl_cache;
+hash_filo *acl_cache;
static ulong get_access(TABLE *form,uint fieldnr, uint *next_field=0);
static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b);
static ulong get_sort(uint count,...);
static void init_check_host(void);
static void rebuild_check_host(void);
-static ACL_USER *find_acl_user(const char *host, const char *user,
- my_bool exact);
static bool update_user_table(THD *, TABLE *table, const char *host,
const char *user,
const char *new_password,
@@ -1613,7 +1605,7 @@ bool is_acl_user(const char *host, const
Find first entry that matches the current user
*/
-static ACL_USER *
+ACL_USER *
find_acl_user(const char *host, const char *user, my_bool exact)
{
DBUG_ENTER("find_acl_user");
@@ -7246,45 +7238,6 @@ bool sp_grant_privileges(THD *thd, const
DBUG_RETURN(result);
}
-/**
- Validate if a user can proxy as another user
-
- @thd current thread
- @param user the logged in user (proxy user)
- @param authenticated_as the effective user a plugin is trying to
- impersonate as (proxied user)
- @return proxy user definition
- @retval NULL proxy user definition not found or not applicable
- @retval non-null the proxy user data
-*/
-
-static ACL_PROXY_USER *
-acl_find_proxy_user(const char *user, const char *host, const char *ip,
- const char *authenticated_as, bool *proxy_used)
-{
- uint i;
- /* if the proxied and proxy user are the same return OK */
- DBUG_ENTER("acl_find_proxy_user");
- DBUG_PRINT("info", ("user=%s host=%s ip=%s authenticated_as=%s",
- user, host, ip, authenticated_as));
-
- if (!strcmp(authenticated_as, user))
- {
- DBUG_PRINT ("info", ("user is the same as authenticated_as"));
- DBUG_RETURN (NULL);
- }
-
- *proxy_used= TRUE;
- for (i=0; i < acl_proxy_users.elements; i++)
- {
- ACL_PROXY_USER *proxy= dynamic_element(&acl_proxy_users, i,
- ACL_PROXY_USER *);
- if (proxy->matches(host, user, ip, authenticated_as))
- DBUG_RETURN(proxy);
- }
-
- DBUG_RETURN(NULL);
-}
bool
acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
@@ -7934,8 +7887,3 @@ get_cached_table_access(GRANT_INTERNAL_I
return grant_internal_info->m_table_access;
}
-/************* temporary inclusion pending split */
-#include "sql_authentication.cc"
-/*************************************************/
-
-
=== modified file 'sql/auth/sql_authentication.cc'
--- a/sql/auth/sql_authentication.cc 2012-09-04 11:58:25 +0000
+++ b/sql/auth/sql_authentication.cc 2012-09-05 11:40:51 +0000
@@ -1,4 +1,35 @@
+/* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#include "my_global.h"
+#include "sql_acl.h"
+#include "hash_filo.h"
+#include "sql_connect.h"
+#include <mysql/plugin_auth.h>
+#include "sql_common.h"
+#include "hostname.h"
+#include "sql_db.h"
+#include <mysql/plugin_validate_password.h>
+#include "auth_common.h"
+#include "sql_authentication.h"
+
+static LEX_STRING validate_password_plugin_name= {
+ C_STRING_WITH_LEN("validate_password")
+};
+
+LEX_STRING default_auth_plugin_name;
/****************************************************************************
AUTHENTICATION CODE
including initial connect handshake, invoking appropriate plugins,
@@ -18,63 +49,48 @@
#define sslaccept(A,B,C) 1
#endif
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+/**
+ Validate if a user can proxy as another user
+
+ @thd current thread
+ @param user the logged in user (proxy user)
+ @param authenticated_as the effective user a plugin is trying to
+ impersonate as (proxied user)
+ @return proxy user definition
+ @retval NULL proxy user definition not found or not applicable
+ @retval non-null the proxy user data
+*/
-class Thd_charset_adapter
+static ACL_PROXY_USER *
+acl_find_proxy_user(const char *user, const char *host, const char *ip,
+ const char *authenticated_as, bool *proxy_used)
{
- THD *thd;
-public:
- Thd_charset_adapter(THD *thd_arg) : thd (thd_arg) {}
- bool init_client_charset(uint cs_number)
+ uint i;
+ /* if the proxied and proxy user are the same return OK */
+ DBUG_ENTER("acl_find_proxy_user");
+ DBUG_PRINT("info", ("user=%s host=%s ip=%s authenticated_as=%s",
+ user, host, ip, authenticated_as));
+
+ if (!strcmp(authenticated_as, user))
{
- if (thd_init_client_charset(thd, cs_number))
- return true;
- thd->update_charset();
- return thd->is_error();
+ DBUG_PRINT ("info", ("user is the same as authenticated_as"));
+ DBUG_RETURN (NULL);
}
- const CHARSET_INFO *charset() { return thd->charset(); }
-};
+ *proxy_used= TRUE;
+ for (i=0; i < acl_proxy_users.elements; i++)
+ {
+ ACL_PROXY_USER *proxy= dynamic_element(&acl_proxy_users, i,
+ ACL_PROXY_USER *);
+ if (proxy->matches(host, user, ip, authenticated_as))
+ DBUG_RETURN(proxy);
+ }
+ DBUG_RETURN(NULL);
+}
+#endif
-/**
- The internal version of what plugins know as MYSQL_PLUGIN_VIO,
- basically the context of the authentication session
-*/
-struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
-{
- MYSQL_SERVER_AUTH_INFO auth_info;
- const ACL_USER *acl_user;
- plugin_ref plugin; ///< what plugin we're under
- LEX_STRING db; ///< db name from the handshake packet
- /** when restarting a plugin this caches the last client reply */
- struct {
- char *plugin, *pkt; ///< pointers into NET::buff
- uint pkt_len;
- } cached_client_reply;
- /** this caches the first plugin packet for restart request on the client */
- struct {
- char *pkt;
- uint pkt_len;
- } cached_server_packet;
- int packets_read, packets_written; ///< counters for send/received packets
- /** when plugin returns a failure this tells us what really happened */
- enum { SUCCESS, FAILURE, RESTART } status;
-
- /* encapsulation members */
- ulong client_capabilities;
- char *scramble;
- MEM_ROOT *mem_root;
- struct rand_struct *rand;
- my_thread_id thread_id;
- uint *server_status;
- NET *net;
- ulong max_client_packet_length;
- char *ip;
- char *host;
- Thd_charset_adapter *charset_adapter;
- LEX_STRING acl_user_plugin;
- int vio_is_encrypted;
-};
/**
Sets the default default auth plugin value if no option was specified.
=== added file 'sql/auth/sql_authentication.h'
--- a/sql/auth/sql_authentication.h 1970-01-01 00:00:00 +0000
+++ b/sql/auth/sql_authentication.h 2012-09-05 11:40:51 +0000
@@ -0,0 +1,83 @@
+#ifndef SQL_AUTHENTICATION_INCLUDED
+#define SQL_AUTHENTICATION_INCLUDED
+
+class Thd_charset_adapter
+{
+ THD *thd;
+public:
+ Thd_charset_adapter(THD *thd_arg) : thd (thd_arg) {}
+ bool init_client_charset(uint cs_number)
+ {
+ if (thd_init_client_charset(thd, cs_number))
+ return true;
+ thd->update_charset();
+ return thd->is_error();
+ }
+
+ const CHARSET_INFO *charset() { return thd->charset(); }
+};
+
+
+/**
+ The internal version of what plugins know as MYSQL_PLUGIN_VIO,
+ basically the context of the authentication session
+*/
+struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
+{
+ MYSQL_SERVER_AUTH_INFO auth_info;
+ const ACL_USER *acl_user;
+ plugin_ref plugin; ///< what plugin we're under
+ LEX_STRING db; ///< db name from the handshake packet
+ /** when restarting a plugin this caches the last client reply */
+ struct {
+ char *plugin, *pkt; ///< pointers into NET::buff
+ uint pkt_len;
+ } cached_client_reply;
+ /** this caches the first plugin packet for restart request on the client */
+ struct {
+ char *pkt;
+ uint pkt_len;
+ } cached_server_packet;
+ int packets_read, packets_written; ///< counters for send/received packets
+ /** when plugin returns a failure this tells us what really happened */
+ enum { SUCCESS, FAILURE, RESTART } status;
+
+ /* encapsulation members */
+ ulong client_capabilities;
+ char *scramble;
+ MEM_ROOT *mem_root;
+ struct rand_struct *rand;
+ my_thread_id thread_id;
+ uint *server_status;
+ NET *net;
+ ulong max_client_packet_length;
+ char *ip;
+ char *host;
+ Thd_charset_adapter *charset_adapter;
+ LEX_STRING acl_user_plugin;
+ int vio_is_encrypted;
+};
+
+
+/**
+ Common Data Structures
+*/
+extern LEX_STRING default_auth_plugin_name;
+extern LEX_STRING native_password_plugin_name;
+#if defined(HAVE_OPENSSL)
+extern LEX_STRING sha256_password_plugin_name;
+#endif
+extern LEX_STRING old_password_plugin_name;
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+extern plugin_ref old_password_plugin;
+#endif
+extern plugin_ref native_password_plugin;
+
+
+/**
+ Common Functions
+*/
+bool auth_plugin_is_built_in(const char *plugin_name);
+
+#endif /* SQL_AUTHENTICATION_INCLUDED */
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-trunk branch (harin.vadodaria:4417 to 4418) WL#6486 | Harin Vadodaria | 5 Sep |
