List:Commits« Previous MessageNext Message »
From:Harin Vadodaria Date:September 5 2012 11:41am
Subject:bzr push into mysql-trunk branch (harin.vadodaria:4417 to 4418) WL#6486
View as plain text  
 4418 Harin Vadodaria	2012-09-05
      wl#6486 : Refactoring user management code
                authentication / authorization)
      
      Description : Moved authentication related
                    code to sql_authentication.h
                    and sql_authentication.cc

    added:
      sql/auth/sql_authentication.h
    modified:
      sql/CMakeLists.txt
      sql/auth/auth_common.h
      sql/auth/sql_acl.cc
      sql/auth/sql_authentication.cc
 4417 Harin Vadodaria	2012-09-04
      wl#6486 : Refactoring user management code
                      (authentication / authorization)
      
      Description : Moved authentication code to
                    sql_authentication.cc

    added:
      sql/auth/sql_authentication.cc
    modified:
      sql/CMakeLists.txt
      sql/auth/sql_acl.cc
=== modified file 'sql/CMakeLists.txt'
--- a/sql/CMakeLists.txt	2012-09-04 11:58:25 +0000
+++ b/sql/CMakeLists.txt	2012-09-05 11:40:51 +0000
@@ -44,7 +44,7 @@ SET(SQL_SHARED_SOURCES
   auth/sql_user.cc
 #  auth/sql_user_table.cc
   auth/sql_user_cache.cc
-#  auth/sql_authentication.cc
+  auth/sql_authentication.cc
   datadict.cc
   debug_sync.cc
   derror.cc

=== modified file 'sql/auth/auth_common.h'
--- a/sql/auth/auth_common.h	2012-09-04 07:22:36 +0000
+++ b/sql/auth/auth_common.h	2012-09-05 11:40:51 +0000
@@ -190,4 +190,25 @@ void
 set_user_salt(ACL_USER *acl_user, const char *password, uint password_len);
 #endif // NO_EMBEDDED_ACCESS_CHECKS
 
+/**
+  Common Data Structures
+*/
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+extern DYNAMIC_ARRAY acl_users, acl_dbs, acl_proxy_users;
+extern hash_filo *acl_cache;
+extern bool initialized;
+#endif /* NO_EMBEDDED_ACCESS_CHECKS */
+
+
+/**
+  Common Functions
+*/
+
+void optimize_plugin_compare_by_pointer(LEX_STRING *plugin_name);
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ACL_USER *find_acl_user(const char *host, const char *user,
+                        my_bool exact);
+#endif
+
 #endif /* AUTH_COMMON_INCLUDED */

=== modified file 'sql/auth/sql_acl.cc'
--- a/sql/auth/sql_acl.cc	2012-09-04 11:58:25 +0000
+++ b/sql/auth/sql_acl.cc	2012-09-05 11:40:51 +0000
@@ -61,17 +61,18 @@
 #endif
 
 #include "auth_common.h"
+#include "sql_authentication.h"
 
 using std::min;
 using std::max;
 
 bool mysql_user_table_is_in_short_password_format= false;
 
-static LEX_STRING native_password_plugin_name= {
+LEX_STRING native_password_plugin_name= {
   C_STRING_WITH_LEN("mysql_native_password")
 };
   
-static LEX_STRING old_password_plugin_name= {
+LEX_STRING old_password_plugin_name= {
   C_STRING_WITH_LEN("mysql_old_password")
 };
 
@@ -80,22 +81,15 @@ LEX_STRING sha256_password_plugin_name=
   C_STRING_WITH_LEN("sha256_password")
 };
 #endif
-static LEX_STRING validate_password_plugin_name= {
-  C_STRING_WITH_LEN("validate_password")
-};
   
-LEX_STRING default_auth_plugin_name;
-
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-static plugin_ref old_password_plugin;
+plugin_ref old_password_plugin;
 #endif
-static plugin_ref native_password_plugin;
+plugin_ref native_password_plugin;
 
 #define WARN_DEPRECATED_41_PWD_HASH(thd) \
   WARN_DEPRECATED(thd, "pre-4.1 password hash", "post-4.1 password hash")
 
-void optimize_plugin_compare_by_pointer(LEX_STRING *plugin_name);
-
 bool auth_plugin_is_built_in(const char *plugin_name)
 {
  return (plugin_name == native_password_plugin_name.str ||
@@ -435,21 +429,19 @@ uchar* acl_entry_get_key(acl_entry *entr
 }
 
 
-static DYNAMIC_ARRAY acl_users, acl_dbs, acl_proxy_users;
+DYNAMIC_ARRAY acl_users, acl_dbs, acl_proxy_users;
 static MEM_ROOT global_acl_memory, memex;
-static bool initialized=0;
+bool initialized=0;
 static bool allow_all_hosts=1;
 static HASH acl_check_hosts, column_priv_hash, proc_priv_hash, func_priv_hash;
 static DYNAMIC_ARRAY acl_wild_hosts;
-static hash_filo *acl_cache;
+hash_filo *acl_cache;
 
 static ulong get_access(TABLE *form,uint fieldnr, uint *next_field=0);
 static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b);
 static ulong get_sort(uint count,...);
 static void init_check_host(void);
 static void rebuild_check_host(void);
-static ACL_USER *find_acl_user(const char *host, const char *user,
-                               my_bool exact);
 static bool update_user_table(THD *, TABLE *table, const char *host,
                               const char *user,
                               const char *new_password,
@@ -1613,7 +1605,7 @@ bool is_acl_user(const char *host, const
   Find first entry that matches the current user
 */
 
-static ACL_USER *
+ACL_USER *
 find_acl_user(const char *host, const char *user, my_bool exact)
 {
   DBUG_ENTER("find_acl_user");
@@ -7246,45 +7238,6 @@ bool sp_grant_privileges(THD *thd, const
   DBUG_RETURN(result);
 }
 
-/**
-  Validate if a user can proxy as another user
-
-  @thd                     current thread
-  @param user              the logged in user (proxy user)
-  @param authenticated_as  the effective user a plugin is trying to 
-                           impersonate as (proxied user)
-  @return                  proxy user definition
-    @retval NULL           proxy user definition not found or not applicable
-    @retval non-null       the proxy user data
-*/
-
-static ACL_PROXY_USER *
-acl_find_proxy_user(const char *user, const char *host, const char *ip, 
-                    const char *authenticated_as, bool *proxy_used)
-{
-  uint i;
-  /* if the proxied and proxy user are the same return OK */
-  DBUG_ENTER("acl_find_proxy_user");
-  DBUG_PRINT("info", ("user=%s host=%s ip=%s authenticated_as=%s",
-                      user, host, ip, authenticated_as));
-
-  if (!strcmp(authenticated_as, user))
-  {
-    DBUG_PRINT ("info", ("user is the same as authenticated_as"));
-    DBUG_RETURN (NULL);
-  }
-
-  *proxy_used= TRUE; 
-  for (i=0; i < acl_proxy_users.elements; i++)
-  {
-    ACL_PROXY_USER *proxy= dynamic_element(&acl_proxy_users, i, 
-                                           ACL_PROXY_USER *);
-    if (proxy->matches(host, user, ip, authenticated_as))
-      DBUG_RETURN(proxy);
-  }
-
-  DBUG_RETURN(NULL);
-}
 
 bool
 acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
@@ -7934,8 +7887,3 @@ get_cached_table_access(GRANT_INTERNAL_I
   return grant_internal_info->m_table_access;
 }
 
-/************* temporary inclusion pending split */
-#include "sql_authentication.cc" 
-/*************************************************/
-
-

=== modified file 'sql/auth/sql_authentication.cc'
--- a/sql/auth/sql_authentication.cc	2012-09-04 11:58:25 +0000
+++ b/sql/auth/sql_authentication.cc	2012-09-05 11:40:51 +0000
@@ -1,4 +1,35 @@
+/* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
 
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include "my_global.h"
+#include "sql_acl.h"
+#include "hash_filo.h"
+#include "sql_connect.h"
+#include <mysql/plugin_auth.h>
+#include "sql_common.h"
+#include "hostname.h"
+#include "sql_db.h"
+#include <mysql/plugin_validate_password.h>
+#include "auth_common.h"
+#include "sql_authentication.h"
+
+static LEX_STRING validate_password_plugin_name= {
+  C_STRING_WITH_LEN("validate_password")
+};
+
+LEX_STRING default_auth_plugin_name;
 /****************************************************************************
    AUTHENTICATION CODE
    including initial connect handshake, invoking appropriate plugins,
@@ -18,63 +49,48 @@
 #define sslaccept(A,B,C) 1
 #endif
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+/**
+  Validate if a user can proxy as another user
+
+  @thd                     current thread
+  @param user              the logged in user (proxy user)
+  @param authenticated_as  the effective user a plugin is trying to 
+                           impersonate as (proxied user)
+  @return                  proxy user definition
+    @retval NULL           proxy user definition not found or not applicable
+    @retval non-null       the proxy user data
+*/
 
-class Thd_charset_adapter
+static ACL_PROXY_USER *
+acl_find_proxy_user(const char *user, const char *host, const char *ip, 
+                    const char *authenticated_as, bool *proxy_used)
 {
-  THD *thd;
-public:
-  Thd_charset_adapter(THD *thd_arg) : thd (thd_arg) {} 
-  bool init_client_charset(uint cs_number)
+  uint i;
+  /* if the proxied and proxy user are the same return OK */
+  DBUG_ENTER("acl_find_proxy_user");
+  DBUG_PRINT("info", ("user=%s host=%s ip=%s authenticated_as=%s",
+                      user, host, ip, authenticated_as));
+
+  if (!strcmp(authenticated_as, user))
   {
-    if (thd_init_client_charset(thd, cs_number))
-      return true;
-    thd->update_charset();
-    return thd->is_error();
+    DBUG_PRINT ("info", ("user is the same as authenticated_as"));
+    DBUG_RETURN (NULL);
   }
 
-  const CHARSET_INFO *charset() { return thd->charset(); }
-};
+  *proxy_used= TRUE; 
+  for (i=0; i < acl_proxy_users.elements; i++)
+  {
+    ACL_PROXY_USER *proxy= dynamic_element(&acl_proxy_users, i, 
+                                           ACL_PROXY_USER *);
+    if (proxy->matches(host, user, ip, authenticated_as))
+      DBUG_RETURN(proxy);
+  }
 
+  DBUG_RETURN(NULL);
+}
+#endif
 
-/**
-  The internal version of what plugins know as MYSQL_PLUGIN_VIO,
-  basically the context of the authentication session
-*/
-struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
-{
-  MYSQL_SERVER_AUTH_INFO auth_info;
-  const ACL_USER *acl_user;
-  plugin_ref plugin;        ///< what plugin we're under
-  LEX_STRING db;            ///< db name from the handshake packet
-  /** when restarting a plugin this caches the last client reply */
-  struct {
-    char *plugin, *pkt;     ///< pointers into NET::buff
-    uint pkt_len;
-  } cached_client_reply;
-  /** this caches the first plugin packet for restart request on the client */
-  struct {
-    char *pkt;
-    uint pkt_len;
-  } cached_server_packet;
-  int packets_read, packets_written; ///< counters for send/received packets
-  /** when plugin returns a failure this tells us what really happened */
-  enum { SUCCESS, FAILURE, RESTART } status;
-
-  /* encapsulation members */
-  ulong client_capabilities;
-  char *scramble;
-  MEM_ROOT *mem_root;
-  struct  rand_struct *rand;
-  my_thread_id  thread_id;
-  uint      *server_status;
-  NET *net;
-  ulong max_client_packet_length;
-  char *ip;
-  char *host;
-  Thd_charset_adapter *charset_adapter;
-  LEX_STRING acl_user_plugin;
-  int vio_is_encrypted;
-};
 
 /**
  Sets the default default auth plugin value if no option was specified.

=== added file 'sql/auth/sql_authentication.h'
--- a/sql/auth/sql_authentication.h	1970-01-01 00:00:00 +0000
+++ b/sql/auth/sql_authentication.h	2012-09-05 11:40:51 +0000
@@ -0,0 +1,83 @@
+#ifndef SQL_AUTHENTICATION_INCLUDED
+#define SQL_AUTHENTICATION_INCLUDED
+
+class Thd_charset_adapter
+{
+  THD *thd;
+public:
+  Thd_charset_adapter(THD *thd_arg) : thd (thd_arg) {} 
+  bool init_client_charset(uint cs_number)
+  {
+    if (thd_init_client_charset(thd, cs_number))
+      return true;
+    thd->update_charset();
+    return thd->is_error();
+  }
+
+  const CHARSET_INFO *charset() { return thd->charset(); }
+};
+
+
+/**
+  The internal version of what plugins know as MYSQL_PLUGIN_VIO,
+  basically the context of the authentication session
+*/
+struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
+{
+  MYSQL_SERVER_AUTH_INFO auth_info;
+  const ACL_USER *acl_user;
+  plugin_ref plugin;        ///< what plugin we're under
+  LEX_STRING db;            ///< db name from the handshake packet
+  /** when restarting a plugin this caches the last client reply */
+  struct {
+    char *plugin, *pkt;     ///< pointers into NET::buff
+    uint pkt_len;
+  } cached_client_reply;
+  /** this caches the first plugin packet for restart request on the client */
+  struct {
+    char *pkt;
+    uint pkt_len;
+  } cached_server_packet;
+  int packets_read, packets_written; ///< counters for send/received packets
+  /** when plugin returns a failure this tells us what really happened */
+  enum { SUCCESS, FAILURE, RESTART } status;
+
+  /* encapsulation members */
+  ulong client_capabilities;
+  char *scramble;
+  MEM_ROOT *mem_root;
+  struct  rand_struct *rand;
+  my_thread_id  thread_id;
+  uint      *server_status;
+  NET *net;
+  ulong max_client_packet_length;
+  char *ip;
+  char *host;
+  Thd_charset_adapter *charset_adapter;
+  LEX_STRING acl_user_plugin;
+  int vio_is_encrypted;
+};
+
+
+/**
+  Common Data Structures
+*/
+extern LEX_STRING default_auth_plugin_name;
+extern LEX_STRING native_password_plugin_name;
+#if defined(HAVE_OPENSSL)
+extern LEX_STRING sha256_password_plugin_name;
+#endif
+extern LEX_STRING old_password_plugin_name;
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+extern plugin_ref old_password_plugin;
+#endif
+extern plugin_ref native_password_plugin;
+
+
+/**
+  Common Functions
+*/
+bool auth_plugin_is_built_in(const char *plugin_name);
+
+#endif /* SQL_AUTHENTICATION_INCLUDED */

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-trunk branch (harin.vadodaria:4417 to 4418) WL#6486Harin Vadodaria5 Sep