← Back to branch summary

~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/plugin/authorization.cc

  • Committer: Brian Aker
  • Date: 2010-05-26 21:49:18 UTC
  • mto: This revision was merged to the branch mainline in revision 1568.
  • Revision ID: brian@gaz-20100526214918-8kdibq48e9lnyr6t
https://launchpad.net/bugs/586009
This fixes bug 586009, increases the size of the log files so that the UNION
test doesn't hit Innodb's default limit. Increases the size of the initial
Innodb data file, and fixes one case where an empty string on error was
causing a crash on OSX.

Show diffs side-by-side

added added

removed removed

Lines of Context:
drizzled/plugin/authorization.cc
23
23
#include <vector>
24
24
 
25
25
#include "drizzled/plugin/authorization.h"
26
 
#include "drizzled/identifier.h"
 
26
#include "drizzled/security_context.h"
 
27
#include "drizzled/table_identifier.h"
27
28
#include "drizzled/error.h"
28
29
#include "drizzled/session.h"
29
30
#include "drizzled/gettext.h"
30
31
 
 
32
using namespace std;
 
33
 
31
34
namespace drizzled
32
35
{
33
36
 
34
 
std::vector<plugin::Authorization *> authorization_plugins;
 
37
vector<plugin::Authorization *> authorization_plugins;
35
38
 
36
39
 
37
40
bool plugin::Authorization::addPlugin(plugin::Authorization *auth)
38
41
{
39
42
  if (auth != NULL)
40
43
    authorization_plugins.push_back(auth);
41
 
 
42
44
  return false;
43
45
}
44
46
 
46
48
{
47
49
  if (auth != NULL)
48
50
  {
49
 
    authorization_plugins.erase(std::find(authorization_plugins.begin(),
50
 
                                          authorization_plugins.end(),
51
 
                                          auth));
 
51
    authorization_plugins.erase(find(authorization_plugins.begin(),
 
52
                                     authorization_plugins.end(),
 
53
                                     auth));
52
54
  }
53
55
}
54
56
 
56
58
{
57
59
 
58
60
class RestrictDbFunctor :
59
 
  public std::unary_function<plugin::Authorization *, bool>
 
61
  public unary_function<plugin::Authorization *, bool>
60
62
{
61
 
  const identifier::User &user_ctx;
62
 
  SchemaIdentifier::const_reference schema;
63
 
 
 
63
  const SecurityContext &user_ctx;
 
64
  SchemaIdentifier &schema;
64
65
public:
65
 
  RestrictDbFunctor(const identifier::User &user_ctx_arg,
66
 
                    SchemaIdentifier::const_reference schema_arg) :
67
 
    std::unary_function<plugin::Authorization *, bool>(),
 
66
  RestrictDbFunctor(const SecurityContext &user_ctx_arg,
 
67
                    SchemaIdentifier &schema_arg) :
 
68
    unary_function<plugin::Authorization *, bool>(),
68
69
    user_ctx(user_ctx_arg),
69
70
    schema(schema_arg)
70
71
  { }
76
77
};
77
78
 
78
79
class RestrictTableFunctor :
79
 
  public std::unary_function<plugin::Authorization *, bool>
 
80
  public unary_function<plugin::Authorization *, bool>
80
81
{
81
 
  const identifier::User &user_ctx;
 
82
  const SecurityContext &user_ctx;
82
83
  TableIdentifier &table;
83
84
public:
84
 
  RestrictTableFunctor(const identifier::User &user_ctx_arg,
 
85
  RestrictTableFunctor(const SecurityContext &user_ctx_arg,
85
86
                       TableIdentifier &table_arg) :
86
 
    std::unary_function<plugin::Authorization *, bool>(),
 
87
    unary_function<plugin::Authorization *, bool>(),
87
88
    user_ctx(user_ctx_arg),
88
89
    table(table_arg)
89
90
  { }
95
96
};
96
97
 
97
98
class RestrictProcessFunctor :
98
 
  public std::unary_function<plugin::Authorization *, bool>
 
99
  public unary_function<plugin::Authorization *, bool>
99
100
{
100
 
  const identifier::User &user_ctx;
101
 
  const identifier::User &session_ctx;
 
101
  const SecurityContext &user_ctx;
 
102
  const SecurityContext &session_ctx;
102
103
public:
103
 
  RestrictProcessFunctor(const identifier::User &user_ctx_arg,
104
 
                         const identifier::User &session_ctx_arg) :
105
 
    std::unary_function<plugin::Authorization *, bool>(),
 
104
  RestrictProcessFunctor(const SecurityContext &user_ctx_arg,
 
105
                         const SecurityContext &session_ctx_arg) :
 
106
    unary_function<plugin::Authorization *, bool>(),
106
107
    user_ctx(user_ctx_arg),
107
108
    session_ctx(session_ctx_arg)
108
109
  { }
114
115
};
115
116
 
116
117
class PruneSchemaFunctor :
117
 
  public std::unary_function<SchemaIdentifier&, bool>
 
118
  public unary_function<SchemaIdentifier&, bool>
118
119
{
119
 
  drizzled::identifier::User::const_shared_ptr user_ctx;
 
120
  const SecurityContext &user_ctx;
120
121
public:
121
 
  PruneSchemaFunctor(drizzled::identifier::User::const_shared_ptr user_ctx_arg) :
122
 
    std::unary_function<SchemaIdentifier&, bool>(),
 
122
  PruneSchemaFunctor(const SecurityContext &user_ctx_arg) :
 
123
    unary_function<SchemaIdentifier&, bool>(),
123
124
    user_ctx(user_ctx_arg)
124
125
  { }
125
126
 
131
132
 
132
133
} /* namespace */
133
134
 
134
 
bool plugin::Authorization::isAuthorized(identifier::User::const_shared_ptr user_ctx,
135
 
                                         SchemaIdentifier::const_reference schema_identifier,
 
135
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
 
136
                                         SchemaIdentifier &schema_identifier,
136
137
                                         bool send_error)
137
138
{
138
139
  /* If we never loaded any authorization plugins, just return true */
140
141
    return true;
141
142
 
142
143
  /* Use find_if instead of foreach so that we can collect return codes */
143
 
  std::vector<plugin::Authorization *>::const_iterator iter=
144
 
    std::find_if(authorization_plugins.begin(),
145
 
                 authorization_plugins.end(),
146
 
                 RestrictDbFunctor(*user_ctx, schema_identifier));
 
144
  vector<plugin::Authorization *>::const_iterator iter=
 
145
    find_if(authorization_plugins.begin(),
 
146
            authorization_plugins.end(),
 
147
            RestrictDbFunctor(user_ctx, schema_identifier));
147
148
 
148
149
 
149
150
  /*
155
156
  {
156
157
    if (send_error)
157
158
    {
158
 
      std::string path;
159
 
      schema_identifier.getSQLPath(path);
160
 
 
161
159
      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
162
 
               user_ctx->username().c_str(),
163
 
               user_ctx->address().c_str(),
164
 
               path.c_str());
 
160
               user_ctx.getUser().c_str(),
 
161
               user_ctx.getIp().c_str(),
 
162
               schema_identifier.getSQLPath().c_str());
165
163
    }
166
164
    return false;
167
165
  }
168
166
  return true;
169
167
}
170
168
 
171
 
bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,
 
169
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
172
170
                                         TableIdentifier &table,
173
171
                                         bool send_error)
174
172
{
177
175
    return true;
178
176
 
179
177
  /* Use find_if instead of foreach so that we can collect return codes */
180
 
  std::vector<plugin::Authorization *>::const_iterator iter=
181
 
    std::find_if(authorization_plugins.begin(),
 
178
  vector<plugin::Authorization *>::const_iterator iter=
 
179
    find_if(authorization_plugins.begin(),
182
180
            authorization_plugins.end(),
183
 
            RestrictTableFunctor(*user_ctx, table));
 
181
            RestrictTableFunctor(user_ctx, table));
184
182
 
185
183
  /*
186
184
   * If iter is == end() here, that means that all of the plugins returned
191
189
  {
192
190
    if (send_error)
193
191
    {
194
 
      std::string path;
195
 
      table.getSQLPath(path);
196
 
 
197
192
      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
198
 
               user_ctx->username().c_str(),
199
 
               user_ctx->address().c_str(),
200
 
               path.c_str());
 
193
               user_ctx.getUser().c_str(),
 
194
               user_ctx.getIp().c_str(),
 
195
               table.getSQLPath().c_str());
201
196
    }
202
197
    return false;
203
198
  }
204
199
  return true;
205
200
}
206
201
 
207
 
bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,
 
202
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
208
203
                                         const Session *session,
209
204
                                         bool send_error)
210
205
{
211
 
  drizzled::identifier::User::const_shared_ptr session_ctx= session->user();
 
206
  const SecurityContext &session_ctx= session->getSecurityContext();
212
207
 
213
208
  /* If we never loaded any authorization plugins, just return true */
214
209
  if (authorization_plugins.empty())
215
210
    return true;
216
211
 
217
212
  /* Use find_if instead of foreach so that we can collect return codes */
218
 
  std::vector<plugin::Authorization *>::const_iterator iter=
219
 
    std::find_if(authorization_plugins.begin(),
220
 
                 authorization_plugins.end(),
221
 
                 RestrictProcessFunctor(*user_ctx, *session_ctx));
 
213
  vector<plugin::Authorization *>::const_iterator iter=
 
214
    find_if(authorization_plugins.begin(),
 
215
            authorization_plugins.end(),
 
216
            RestrictProcessFunctor(user_ctx, session_ctx));
222
217
 
223
218
  /*
224
219
   * If iter is == end() here, that means that all of the plugins returned
237
232
  return true;
238
233
}
239
234
 
240
 
void plugin::Authorization::pruneSchemaNames(drizzled::identifier::User::const_shared_ptr user_ctx,
241
 
                                             SchemaIdentifier::vector &set_of_schemas)
 
235
void plugin::Authorization::pruneSchemaNames(const SecurityContext &user_ctx,
 
236
                                             SchemaIdentifierList &set_of_schemas)
242
237
{
243
238
  /* If we never loaded any authorization plugins, just return true */
244
239
  if (authorization_plugins.empty())
245
240
    return;
246
241
 
247
 
  set_of_schemas.erase(std::remove_if(set_of_schemas.begin(),
248
 
                                      set_of_schemas.end(),
249
 
                                      PruneSchemaFunctor(user_ctx)),
 
242
  set_of_schemas.erase(remove_if(set_of_schemas.begin(),
 
243
                                 set_of_schemas.end(),
 
244
                                 PruneSchemaFunctor(user_ctx)),
250
245
                       set_of_schemas.end());
251
246
}
252
247