List:Commits« Previous MessageNext Message »
From:konstantin Date:April 15 2007 12:31am
Subject:bk commit into 5.1 tree (kostja:1.2577)
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of kostja. When kostja does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-04-14 18:31:43-04:00, kostja@vajra.(none) +5 -0
  Merge bk-internal.mysql.com:/home/bk/mysql-5.1
  into  vajra.(none):/opt/local/work/mysql-5.1-runtime
  MERGE: 1.2561.2.4

  client/mysqldump.c@stripped, 2007-04-14 18:31:37-04:00, kostja@vajra.(none) +0 -0
    Auto merged
    MERGE: 1.274.1.1

  sql/events.cc@stripped, 2007-04-14 18:31:37-04:00, kostja@vajra.(none) +0 -0
    Auto merged
    MERGE: 1.77.1.1

  sql/item_func.cc@stripped, 2007-04-14 18:31:37-04:00, kostja@vajra.(none) +0 -0
    Auto merged
    MERGE: 1.375.1.1

  sql/sp_head.cc@stripped, 2007-04-14 18:31:37-04:00, kostja@vajra.(none) +0 -0
    Auto merged
    MERGE: 1.265.1.1

  sql/sql_class.cc@stripped, 2007-04-14 18:31:37-04:00, kostja@vajra.(none) +0 -0
    Auto merged
    MERGE: 1.325.1.1

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	kostja
# Host:	vajra.(none)
# Root:	/opt/local/work/mysql-5.1-runtime/RESYNC

--- 1.275/client/mysqldump.c	2007-04-07 05:55:22 -04:00
+++ 1.276/client/mysqldump.c	2007-04-14 18:31:37 -04:00
@@ -829,11 +829,15 @@
                 (hash_get_key) get_table_key,
                 (hash_free_key) free_table_ent, 0))
     return(EX_EOM);
-  /* Don't copy cluster internal log tables */
+  /* Don't copy internal log tables */
   if (my_hash_insert(&ignore_table,
                      (byte*) my_strdup("mysql.apply_status", MYF(MY_WME))) ||
       my_hash_insert(&ignore_table,
-                     (byte*) my_strdup("mysql.schema", MYF(MY_WME))))
+                     (byte*) my_strdup("mysql.schema", MYF(MY_WME))) ||
+      my_hash_insert(&ignore_table,
+                     (byte*) my_strdup("mysql.general_log", MYF(MY_WME))) ||
+      my_hash_insert(&ignore_table,
+                     (byte*) my_strdup("mysql.slow_log", MYF(MY_WME))))
     return(EX_EOM);
 
   if ((ho_error= handle_options(argc, argv, my_long_options, get_one_option)))
@@ -3353,8 +3357,12 @@
     init_dynamic_string_checked(&query, "LOCK TABLES ", 256, 1024);
     for (numrows= 0 ; (table= getTableName(1)) ; numrows++)
     {
-      dynstr_append_checked(&query, quote_name(table, table_buff, 1));
-      dynstr_append_checked(&query, " READ /*!32311 LOCAL */,");
+      char *end= strmov(afterdot, table);
+      if (include_table(hash_key,end - hash_key))
+      {
+        dynstr_append_checked(&query, quote_name(table, table_buff, 1));
+        dynstr_append_checked(&query, " READ /*!32311 LOCAL */,");
+      }
     }
     if (numrows && mysql_real_query(mysql, query.str, query.length-1))
       DB_error(mysql, "when using LOCK TABLES");

--- 1.377/sql/item_func.cc	2007-04-09 02:16:01 -04:00
+++ 1.378/sql/item_func.cc	2007-04-14 18:31:37 -04:00
@@ -5351,7 +5351,7 @@
     Security_context *save_secutiry_ctx;
     res= set_routine_security_ctx(thd, m_sp, false, &save_secutiry_ctx);
     if (!res)
-      sp_restore_security_context(thd, save_secutiry_ctx);
+      m_sp->m_security_ctx.restore_security_context(thd, save_secutiry_ctx);
     
 #endif /* ! NO_EMBEDDED_ACCESS_CHECKS */
   }

--- 1.326/sql/sql_class.cc	2007-04-03 07:13:24 -04:00
+++ 1.327/sql/sql_class.cc	2007-04-14 18:31:37 -04:00
@@ -2120,6 +2120,102 @@
   return user == 0;
 }
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+/**
+  Initialize this security context from the passed in credentials
+  and activate it in the current thread.
+
+  @param[out]  backup  Save a pointer to the current security context
+                       in the thread. In case of success it points to the
+                       saved old context, otherwise it points to NULL.
+
+
+  During execution of a statement, multiple security contexts may
+  be needed:
+  - the security context of the authenticated user, used as the
+    default security context for all top-level statements
+  - in case of a view or a stored program, possibly the security
+    context of the definer of the routine, if the object is
+    defined with SQL SECURITY DEFINER option.
+
+  The currently "active" security context is parameterized in THD
+  member security_ctx. By default, after a connection is
+  established, this member points at the "main" security context
+  - the credentials of the authenticated user.
+
+  Later, if we would like to execute some sub-statement or a part
+  of a statement under credentials of a different user, e.g.
+  definer of a procedure, we authenticate this user in a local
+  instance of Security_context by means of this method (and
+  ultimately by means of acl_getroot_no_password), and make the
+  local instance active in the thread by re-setting
+  thd->security_ctx pointer.
+
+  Note, that the life cycle and memory management of the "main" and
+  temporary security contexts are different.
+  For the main security context, the memory for user/host/ip is
+  allocated on system heap, and the THD class frees this memory in
+  its destructor. The only case when contents of the main security
+  context may change during its life time is when someone issued
+  CHANGE USER command.
+  Memory management of a "temporary" security context is
+  responsibility of the module that creates it.
+
+  @retval TRUE  there is no user with the given credentials. The erro
+                is reported in the thread.
+  @retval FALSE success
+*/
+
+bool
+Security_context::
+change_security_context(THD *thd,
+                        LEX_STRING *definer_user,
+                        LEX_STRING *definer_host,
+                        LEX_STRING *db,
+                        Security_context **backup)
+{
+  bool needs_change;
+
+  DBUG_ENTER("Security_context::change_security_context");
+
+  DBUG_ASSERT(definer_user->str && definer_host->str);
+
+  *backup= NULL;
+  /*
+    The current security context may have NULL members
+    if we have just started the thread and not authenticated
+    any user. This use case is currently in events worker thread.
+  */
+  needs_change= (thd->security_ctx->priv_user == NULL ||
+                 strcmp(definer_user->str, thd->security_ctx->priv_user) ||
+                 thd->security_ctx->priv_host == NULL ||
+                 my_strcasecmp(system_charset_info, definer_host->str,
+                               thd->security_ctx->priv_host));
+  if (needs_change)
+  {
+    if (acl_getroot_no_password(this, definer_user->str, definer_host->str,
+                                definer_host->str, db->str))
+    {
+      my_error(ER_NO_SUCH_USER, MYF(0), definer_user->str,
+               definer_host->str);
+      DBUG_RETURN(TRUE);
+    }
+    *backup= thd->security_ctx;
+    thd->security_ctx= this;
+  }
+
+  DBUG_RETURN(FALSE);
+}
+
+
+void
+Security_context::restore_security_context(THD *thd,
+                                           Security_context *backup)
+{
+  if (backup)
+    thd->security_ctx= backup;
+}
+#endif
 
 /****************************************************************************
   Handling of open and locked tables states.

--- 1.78/sql/events.cc	2007-04-07 05:58:32 -04:00
+++ 1.79/sql/events.cc	2007-04-14 18:31:37 -04:00
@@ -424,7 +424,8 @@
       if (event_queue)
         event_queue->create_event(thd, new_element, &created);
       /* Binlog the create event. */
-      if (mysql_bin_log.is_open() && (thd->query_length > 0))
+      DBUG_ASSERT(thd->query && thd->query_length);
+      if (mysql_bin_log.is_open())
       {
         thd->clear_error();
         thd->binlog_query(THD::MYSQL_QUERY_TYPE,
@@ -549,7 +550,8 @@
         event_queue->update_event(thd, parse_data->dbname, parse_data->name,
                                   new_element);
       /* Binlog the alter event. */
-      if (mysql_bin_log.is_open() && (thd->query_length > 0))
+      DBUG_ASSERT(thd->query && thd->query_length);
+      if (mysql_bin_log.is_open())
       {
         thd->clear_error();
         thd->binlog_query(THD::MYSQL_QUERY_TYPE,
@@ -628,7 +630,8 @@
     if (event_queue)
       event_queue->drop_event(thd, dbname, name);
     /* Binlog the drop event. */
-    if (mysql_bin_log.is_open() && (thd->query_length > 0))
+    DBUG_ASSERT(thd->query && thd->query_length);
+    if (mysql_bin_log.is_open())
     {
       thd->clear_error();
       thd->binlog_query(THD::MYSQL_QUERY_TYPE,

--- 1.266/sql/sp_head.cc	2007-04-07 05:55:23 -04:00
+++ 1.267/sql/sp_head.cc	2007-04-14 18:31:37 -04:00
@@ -1245,7 +1245,11 @@
                          Security_context **save_ctx)
 {
   *save_ctx= 0;
-  if (sp_change_security_context(thd, sp, save_ctx))
+  if (sp->m_chistics->suid != SP_IS_NOT_SUID &&
+      sp->m_security_ctx.change_security_context(thd, &sp->m_definer_user,
+                                                 &sp->m_definer_host,
+                                                 &sp->m_db,
+                                                 save_ctx))
     return TRUE;
 
   /*
@@ -1262,7 +1266,7 @@
       check_routine_access(thd, EXECUTE_ACL,
                            sp->m_db.str, sp->m_name.str, is_proc, FALSE))
   {
-    sp_restore_security_context(thd, *save_ctx);
+    sp->m_security_ctx.restore_security_context(thd, *save_ctx);
     *save_ctx= 0;
     return TRUE;
   }
@@ -1573,7 +1577,7 @@
   }
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-  sp_restore_security_context(thd, save_security_ctx);
+  m_security_ctx.restore_security_context(thd, save_security_ctx);
 #endif
 
 err_with_cleanup:
@@ -1791,7 +1795,7 @@
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   if (save_security_ctx)
-    sp_restore_security_context(thd, save_security_ctx);
+    m_security_ctx.restore_security_context(thd, save_security_ctx);
 #endif
 
   if (!save_spcont)
@@ -3431,44 +3435,6 @@
 
 /* ------------------------------------------------------------------ */
 
-/*
-  Security context swapping
-*/
-
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
-bool
-sp_change_security_context(THD *thd, sp_head *sp, Security_context **backup)
-{
-  *backup= 0;
-  if (sp->m_chistics->suid != SP_IS_NOT_SUID &&
-      (strcmp(sp->m_definer_user.str,
-              thd->security_ctx->priv_user) ||
-       my_strcasecmp(system_charset_info, sp->m_definer_host.str,
-                     thd->security_ctx->priv_host)))
-  {
-    if (acl_getroot_no_password(&sp->m_security_ctx, sp->m_definer_user.str,
-                                sp->m_definer_host.str,
-                                sp->m_definer_host.str,
-                                sp->m_db.str))
-    {
-      my_error(ER_NO_SUCH_USER, MYF(0), sp->m_definer_user.str,
-               sp->m_definer_host.str);
-      return TRUE;
-    }
-    *backup= thd->security_ctx;
-    thd->security_ctx= &sp->m_security_ctx;
-  }
-  return FALSE;
-}
-
-void
-sp_restore_security_context(THD *thd, Security_context *backup)
-{
-  if (backup)
-    thd->security_ctx= backup;
-}
-
-#endif /* NO_EMBEDDED_ACCESS_CHECKS */
 
 /*
   Structure that represent all instances of one table
Thread
bk commit into 5.1 tree (kostja:1.2577)konstantin15 Apr