~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/plugin/authorization.h

Committer: Brian Aker
Date: 2010-12-07 09:12:12 UTC
mto: This revision was merged to the branch mainline in revision 1985.
Revision ID: brian@tangent.org-20101207091212-1m0w20tck6z7632m

This is a fix for bug lp:686197

files added:
client/errname.cc

client/errname.h

drizzled/security_context.h

plugin/crash_function/crash.cc

plugin/innobase/COPYING

plugin/innobase/COPYING.Sun_Microsystems

plugin/innobase/ut/ut0auxconf_atomic_pthread_t_gcc.c

plugin/innobase/ut/ut0auxconf_atomic_pthread_t_solaris.c

plugin/innobase/ut/ut0auxconf_have_gcc_atomics.c

plugin/innobase/ut/ut0auxconf_have_solaris_atomics.c

plugin/innobase/ut/ut0auxconf_pause.c

plugin/innobase/ut/ut0auxconf_sizeof_pthread_t.c

files removed:
drizzled/execute.cc

drizzled/execute.h

drizzled/field/uuid.cc

drizzled/field/uuid.h

drizzled/field/uuid_st.h

drizzled/identifier/user.cc

drizzled/identifier/user.h

plugin/archive/tests/r/uuid_type.result

plugin/archive/tests/t/uuid_type.test

plugin/csv/tests/r/uuid_type.result

plugin/csv/tests/t/uuid_type.test

plugin/debug/module.cc

plugin/debug/tests

plugin/debug/tests/r

plugin/debug/tests/r/assert.result

plugin/debug/tests/t

plugin/debug/tests/t/assert.test

plugin/debug/tests/t/master.opt

plugin/error_dictionary

plugin/error_dictionary/dictionary.cc

plugin/error_dictionary/errors.cc

plugin/error_dictionary/errors.h

plugin/error_dictionary/plugin.ini

plugin/error_dictionary/tests

plugin/error_dictionary/tests/r

plugin/error_dictionary/tests/r/main.result

plugin/error_dictionary/tests/t

plugin/error_dictionary/tests/t/main.test

plugin/haildb/tests/r/basic_on_duplicate_key.result

plugin/haildb/tests/t/basic_on_duplicate_key.test

plugin/innobase/tests/r/innodb_bug56716.result

plugin/innobase/tests/r/innodb_bug57255.result

plugin/innobase/tests/t/innodb_bug56716.test

plugin/innobase/tests/t/innodb_bug57255.test

plugin/memory/tests/r/primary_key.result

plugin/memory/tests/r/uuid_type.result

plugin/memory/tests/t/primary_key.test

plugin/memory/tests/t/uuid_type.test

plugin/string_functions/regex.cc

plugin/string_functions/regex.h

plugin/string_functions/tests

plugin/string_functions/tests/r

plugin/string_functions/tests/r/regex.result

plugin/string_functions/tests/t

plugin/string_functions/tests/t/regex.test

plugin/transaction_log/tests/r/rollback_statement.result

plugin/transaction_log/tests/t/rollback_statement-master.opt

plugin/transaction_log/tests/t/rollback_statement.test

plugin/utility_functions/execute.cc

plugin/utility_functions/execute.h

plugin/utility_functions/tests/r/execute.result

plugin/utility_functions/tests/r/execute_wait.result

plugin/utility_functions/tests/t/execute.test

plugin/utility_functions/tests/t/execute_complex.disabled

plugin/utility_functions/tests/t/execute_wait.test

tests/suite/identifiers

tests/suite/identifiers/r

tests/suite/identifiers/r/schema.result

tests/suite/identifiers/r/table.result

tests/suite/identifiers/t

tests/suite/identifiers/t/schema.test

tests/suite/identifiers/t/table.test

tests/suite/regression/r/628912.result

tests/suite/regression/t/628912.test

tests/suite/uuid_type

tests/suite/uuid_type/r

tests/suite/uuid_type/r/alter_add_uuid.result

tests/suite/uuid_type/r/bad_conversions.result

tests/suite/uuid_type/r/create.result

tests/suite/uuid_type/r/create_with_defaults_on_update.result

tests/suite/uuid_type/r/function.result

tests/suite/uuid_type/r/insert_null_no_key.result

tests/suite/uuid_type/r/mixed.result

tests/suite/uuid_type/r/null.result

tests/suite/uuid_type/r/primary_key.result

tests/suite/uuid_type/r/select_like_no_key.result

tests/suite/uuid_type/t

tests/suite/uuid_type/t/alter_add_uuid.test

tests/suite/uuid_type/t/bad_conversions.test

tests/suite/uuid_type/t/create.test

tests/suite/uuid_type/t/function.test

tests/suite/uuid_type/t/insert_null_no_key.test

tests/suite/uuid_type/t/mixed.test

tests/suite/uuid_type/t/null.test

tests/suite/uuid_type/t/primary_key.test

tests/suite/uuid_type/t/select_like_no_key.test

tests/t/drizzleadmin-master.opt

tests/t/drizzleadmin.test

files renamed:
drizzled/field/int64.cc => drizzled/field/int64_t.cc

drizzled/field/int64.h => drizzled/field/int64_t.h

drizzled/field/int32.cc => drizzled/field/long.cc

drizzled/field/int32.h => drizzled/field/long.h

plugin/debug/ => plugin/crash_function/

files modified:
.bzrignore

Makefile.am

client/drizzle.cc

client/drizzledump.cc

client/drizzledump_data.cc

client/drizzledump_data.h

client/drizzledump_drizzle.cc

client/drizzledump_mysql.cc

client/drizzletest.cc

client/include.am

config/link-warning.h

docs/alter_schema.rst

docs/alter_table.rst

docs/barriers.rst

docs/brief_history_of_drizzle.rst

docs/clients/drizzledump.rst

docs/create_table.rst

docs/data_dictionary.rst

docs/ddl.rst

docs/delete.rst

docs/dml.rst

docs/drop_table.rst

docs/dynamic.rst

docs/getting_information.rst

docs/how_to_report_a_bug.rst

docs/locks.rst

docs/mysql_differences.rst

docs/preface.rst

docs/queries.rst

docs/rename.rst

docs/tables.rst

docs/truncate.rst

docs/what_is_drizzle.rst

drizzled/cached_item.cc

drizzled/common.h

drizzled/constrained_value.h

drizzled/create_field.cc

drizzled/db.cc

drizzled/definition/table.cc

drizzled/definition/table.h

drizzled/display.cc

drizzled/display.h

drizzled/enum.h

drizzled/error.cc

drizzled/error.h

drizzled/field.cc

drizzled/field.h

drizzled/field/blob.cc

drizzled/field/enum.cc

drizzled/field_conv.cc

drizzled/filesort.cc

drizzled/function/func.cc

drizzled/function/get_user_var.cc

drizzled/function/min_max.cc

drizzled/function/num1.cc

drizzled/function/numhybrid.cc

drizzled/function/set_user_var.cc

drizzled/ha_commands.cc

drizzled/identifier.h

drizzled/identifier/schema.cc

drizzled/identifier/schema.h

drizzled/identifier/table.cc

drizzled/identifier/table.h

drizzled/include.am

drizzled/item.cc

drizzled/item.h

drizzled/item/cache.cc

drizzled/item/cmpfunc.cc

drizzled/item/cmpfunc.h

drizzled/item/field.cc

drizzled/item/ident.cc

drizzled/item/ref.cc

drizzled/item/sum.cc

drizzled/item/type_holder.cc

drizzled/join.cc

drizzled/key.cc

drizzled/message.cc

drizzled/message/statement_transform.cc

drizzled/message/table.proto

drizzled/message/transaction.proto

drizzled/module/loader.cc

drizzled/plugin.h

drizzled/plugin/authentication.cc

drizzled/plugin/authentication.h

drizzled/plugin/authorization.cc

drizzled/plugin/authorization.h

drizzled/plugin/schema_engine.cc

drizzled/plugin/table_function.cc

drizzled/session.cc

drizzled/session.h

drizzled/set_var.h

drizzled/sql_base.cc

drizzled/sql_insert.cc

drizzled/sql_load.cc

drizzled/sql_parse.cc

drizzled/sql_parse.h

drizzled/sql_select.cc

drizzled/sql_string.cc

drizzled/sql_update.cc

drizzled/sql_yacc.yy

drizzled/statement/alter_table.cc

drizzled/statement/create_schema.cc

drizzled/statement/create_schema.h

drizzled/statement/create_table.cc

drizzled/statement/create_table.h

drizzled/statement/execute.cc

drizzled/symbol_hash.gperf

drizzled/sys_var.cc

drizzled/sys_var.h

drizzled/table.cc

drizzled/table.h

drizzled/transaction_services.cc

drizzled/transaction_services.h

drizzled/user_var_entry.cc

drizzled/util/string.h

libdrizzle/column_client.h

libdrizzle/constants.h

libdrizzle/handshake.c

libdrizzle/row_client.h

plugin/archive/ha_archive.cc

plugin/auth_file/auth_file.cc

plugin/auth_http/auth_http.cc

plugin/auth_ldap/auth_ldap.cc

plugin/auth_pam/auth_pam.cc

plugin/auth_test/auth_test.cc

plugin/console/console.cc

plugin/crash_function/plugin.ini

plugin/csv/ha_tina.cc

plugin/drizzle_protocol/drizzle_protocol.cc

plugin/drizzle_protocol/drizzle_protocol.h

plugin/filesystem_engine/filesystem_engine.cc

plugin/function_engine/function.cc

plugin/haildb/haildb_engine.cc

plugin/haildb/haildb_engine.h

plugin/haildb/tests/r/basic_insert_pkey_duplicate.result

plugin/haildb/tests/r/type_timestamp.result

plugin/haildb/tests/t/basic_insert_pkey_duplicate.test

plugin/haildb/tests/t/type_timestamp.test

plugin/information_schema_dictionary/schemata.cc

plugin/information_schema_dictionary/table_constraints.cc

plugin/information_schema_dictionary/tests/r/schemata.result

plugin/information_schema_dictionary/tests/r/show_create_table.result

plugin/information_schema_dictionary/tests/r/table_constraints.result

plugin/information_schema_dictionary/tests/r/tables.result

plugin/innobase/ChangeLog

plugin/innobase/Doxyfile

plugin/innobase/btr/btr0btr.c

plugin/innobase/btr/btr0cur.c

plugin/innobase/btr/btr0pcur.c

plugin/innobase/btr/btr0sea.c

plugin/innobase/buf/buf0flu.c

plugin/innobase/dict/dict0crea.c

plugin/innobase/dict/dict0dict.c

plugin/innobase/dict/dict0load.c

plugin/innobase/eval/eval0eval.c

plugin/innobase/handler/data_dictionary.cc

plugin/innobase/handler/ha_innodb.cc

plugin/innobase/handler/replication_log.h

plugin/innobase/ibuf/ibuf0ibuf.c

plugin/innobase/include/btr0cur.h

plugin/innobase/include/buf0flu.h

plugin/innobase/include/db0err.h

plugin/innobase/include/dict0dict.h

plugin/innobase/include/dict0dict.ic

plugin/innobase/include/dict0load.h

plugin/innobase/include/dict0mem.h

plugin/innobase/include/os0sync.h

plugin/innobase/include/que0que.h

plugin/innobase/include/srv0srv.h

plugin/innobase/include/univ.i

plugin/innobase/include/ut0rbt.h

plugin/innobase/include/ut0rnd.ic

plugin/innobase/log/log0recv.c

plugin/innobase/os/os0file.c

plugin/innobase/plugin.am

plugin/innobase/plugin.ini

plugin/innobase/que/que0que.c

plugin/innobase/row/row0merge.c

plugin/innobase/row/row0mysql.c

plugin/innobase/row/row0purge.c

plugin/innobase/row/row0sel.c

plugin/innobase/row/row0umod.c

plugin/innobase/row/row0upd.c

plugin/innobase/row/row0vers.c

plugin/innobase/srv/srv0srv.c

plugin/innobase/srv/srv0start.c

plugin/innobase/tests/r/index_merge_innodb.result

plugin/innobase/tests/r/innodb.result

plugin/innobase/tests/r/innodb_mysql.result

plugin/innobase/tests/r/parser_bug21114_innodb.result

plugin/innobase/tests/t/innodb-autoinc.test

plugin/innobase/tests/t/innodb_bug53756.test

plugin/innobase/tests/t/innodb_mysql.test

plugin/innobase/tests/t/parser_bug21114_innodb.test

plugin/innobase/trx/trx0purge.c

plugin/innobase/trx/trx0roll.c

plugin/innobase/trx/trx0sys.c

plugin/innobase/trx/trx0trx.c

plugin/innobase/trx/trx0undo.c

plugin/innobase/ut/ut0ut.c

plugin/logging_gearman/logging_gearman.cc

plugin/logging_query/logging_query.cc

plugin/logging_stats/logging_stats.cc

plugin/logging_stats/scoreboard.cc

plugin/logging_stats/tests/r/command.result

plugin/logging_stats/tests/r/cumulative.result

plugin/logging_stats/tests/r/max_session.result

plugin/logging_stats/tests/r/max_user.result

plugin/logging_stats/tests/t/command.test

plugin/logging_stats/tests/t/cumulative.test

plugin/logging_stats/tests/t/max_session.test

plugin/logging_stats/tests/t/max_user.test

plugin/memcached_query_cache/memcached_qc.cc

plugin/memory/ha_heap.cc

plugin/myisam/my_handler_errors.cc

plugin/mysql_protocol/mysql_protocol.cc

plugin/mysql_protocol/mysql_protocol.h

plugin/mysql_protocol/options.h

plugin/mysql_protocol/prototest/drizzle_prototest

plugin/mysql_protocol/tests/r/prototest.result

plugin/mysql_unix_socket_protocol/protocol.cc

plugin/mysql_unix_socket_protocol/protocol.h

plugin/pbms/src/cslib/CSObject.h

plugin/pbms/src/defs_ms.h

plugin/pbms/src/events_ms.cc

plugin/pbms/src/parameters_ms.cc

plugin/pbms/src/parameters_ms.h

plugin/pbms/src/pbms_enabled.cc

plugin/pbms/src/plugin_ms.cc

plugin/pbms/src/system_table_ms.h

plugin/pbxt/plugin.ini

plugin/pbxt/src/ha_pbxt.cc

plugin/pbxt/src/myxt_xt.cc

plugin/pbxt/src/xt_defs.h

plugin/rabbitmq/rabbitmq_log.cc

plugin/schema_dictionary/tests/r/data_dictionary.result

plugin/schema_dictionary/tests/t/show_table_status.test

plugin/schema_engine/schema.cc

plugin/schema_engine/schema.h

plugin/session_dictionary/processlist.cc

plugin/session_dictionary/savepoints.cc

plugin/session_dictionary/tests/r/data_dictionary.result

plugin/session_dictionary/tests/r/long_proccesslist_info.result

plugin/session_dictionary/tests/r/user_savepoints.result

plugin/session_dictionary/tests/t/long_proccesslist_info.test

plugin/session_dictionary/tests/t/user_savepoints.test

plugin/show_dictionary/show_table_status.cc

plugin/simple_user_policy/policy.h

plugin/string_functions/functions.cc

plugin/string_functions/functions.h

plugin/string_functions/plugin.ini

plugin/syslog/logging.cc

plugin/transaction_log/tests/r/bulk_commit.result

plugin/transaction_log/tests/r/bulk_rollback.result

plugin/transaction_log/tests/r/transaction_log_delete.result

plugin/transaction_log/tests/r/transaction_log_transaction.result

plugin/transaction_log/tests/r/transaction_log_update.result

plugin/transaction_log/tests/t/bulk_commit-master.opt

plugin/transaction_log/tests/t/bulk_commit.test

plugin/transaction_log/tests/t/bulk_rollback-master.opt

plugin/transaction_log/tests/t/bulk_rollback.test

plugin/transaction_log/tests/t/transaction_log_update.test

plugin/transaction_log/utilities/transaction_reader.cc

plugin/user_locks/barrier_dictionary.cc

plugin/user_locks/barriers.h

plugin/user_locks/create_barrier.cc

plugin/user_locks/get_lock.cc

plugin/user_locks/get_locks.cc

plugin/user_locks/is_free_lock.cc

plugin/user_locks/is_used_lock.cc

plugin/user_locks/key.h

plugin/user_locks/release_barrier.cc

plugin/user_locks/release_lock.cc

plugin/user_locks/release_wait.cc

plugin/user_locks/signal.cc

plugin/user_locks/tests/r/create_barrier.result

plugin/user_locks/tests/r/dangling_barrier.result

plugin/user_locks/tests/r/kill_wait.result

plugin/user_locks/tests/r/signal.result

plugin/user_locks/tests/r/signal_count.result

plugin/user_locks/tests/r/user_concurrent.result

plugin/user_locks/tests/r/user_locks_table.result

plugin/user_locks/tests/r/wait.result

plugin/user_locks/tests/r/wait_generation.result

plugin/user_locks/tests/r/wait_names.result

plugin/user_locks/tests/t/create_barrier.test

plugin/user_locks/tests/t/dangling_barrier.test

plugin/user_locks/tests/t/kill_wait.test

plugin/user_locks/tests/t/signal.test

plugin/user_locks/tests/t/signal_count.test

plugin/user_locks/tests/t/user_concurrent.disabled

plugin/user_locks/tests/t/user_locks_table.test

plugin/user_locks/tests/t/wait.test

plugin/user_locks/tests/t/wait_generation.test

plugin/user_locks/tests/t/wait_names.test

plugin/user_locks/user_locks_dictionary.cc

plugin/user_locks/wait.cc

plugin/user_locks/wait_for_lock.cc

plugin/user_locks/wait_until.cc

plugin/utility_functions/functions.cc

plugin/utility_functions/functions.h

plugin/utility_functions/plugin.ini

plugin/utility_functions/schema.cc

plugin/utility_functions/user.cc

plugin/uuid_function/uuid_function.cc

po/POTFILES.in

po/ar.po

po/ca.po

po/cs.po

po/cy.po

po/da.po

po/de.po

po/el.po

po/en_AU.po

po/en_GB.po

po/eo.po

po/es.po

po/eu.po

po/fo.po

po/fr.po

po/gl.po

po/he.po

po/hi.po

po/hu.po

po/id.po

po/it.po

po/ja.po

po/ko.po

po/ml.po

po/mr.po

po/ms.po

po/mt.po

po/nb.po

po/nl.po

po/oc.po

po/pl.po

po/pt.po

po/pt_BR.po

po/ro.po

po/ru.po

po/sk.po

po/sq.po

po/sv.po

po/ta.po

po/te.po

po/tr.po

po/uk.po

po/zh_CN.po

po/zh_HK.po

support-files/drizzle.spec.in

tests/include.am

tests/include/index_merge2.inc

tests/include/mix1.inc

tests/r/create.result

tests/r/drizzleadmin.result

tests/r/information_schema.result

tests/r/subselect2.result

tests/suite/execute/r/concurrent.result

tests/suite/execute/t/concurrent.test

tests/t/create.test

tests/t/subselect2.test

tests/test-run.pl

unittests/plugin/authentication_test.cc

unittests/plugin/plugin_stubs.h

Show diffs side-by-side

added added

removed removed

drizzled/plugin/authorization.h

#include "drizzled/plugin.h"

#include "drizzled/plugin/plugin.h"

#include "drizzled/security_context.h"

#include "drizzled/identifier.h"

#include <string>

* @returns true if the user cannot access the schema

virtual bool restrictSchema(const drizzled::identifier::User &user_ctx,

SchemaIdentifier::const_reference schema)= 0;

virtual bool restrictSchema(const SecurityContext &user_ctx,

SchemaIdentifier &schema)= 0;

/**

* Should we restrict the current user's access to this table?

* @returns true if the user cannot access the table

virtual bool restrictTable(const drizzled::identifier::User &user_ctx,

virtual bool restrictTable(const SecurityContext &user_ctx,

TableIdentifier &table);

/**

* @returns true if the user cannot see the process

virtual bool restrictProcess(const drizzled::identifier::User &user_ctx,

const drizzled::identifier::User &session_ctx);

virtual bool restrictProcess(const SecurityContext &user_ctx,

const SecurityContext &session_ctx);

/** Server API method for checking schema authorization */

static bool isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

SchemaIdentifier::const_reference schema_identifier,

static bool isAuthorized(const SecurityContext &user_ctx,

SchemaIdentifier &schema_identifier,

bool send_error= true);

/** Server API method for checking table authorization */

static bool isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

static bool isAuthorized(const SecurityContext &user_ctx,

TableIdentifier &table_identifier,

bool send_error= true);

/** Server API method for checking process authorization */

static bool isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

static bool isAuthorized(const SecurityContext &user_ctx,

const Session *session,

bool send_error= true);

100

101

* Server API helper method for applying authorization tests

101

102

* to a set of schema names (for use in the context of getSchemaNames

102

103

static void pruneSchemaNames(drizzled::identifier::User::const_shared_ptr user_ctx,

104

static void pruneSchemaNames(const SecurityContext &user_ctx,

104

105

SchemaIdentifier::vector &set_of_schemas);

105

106

107

/**

111

112

113

};

113

114

inline bool Authorization::restrictTable(const drizzled::identifier::User &user_ctx,

115

inline bool Authorization::restrictTable(const SecurityContext &user_ctx,

115

116

TableIdentifier &table)

116

117

{

117

118

return restrictSchema(user_ctx, table);

118

119

}

119

120

inline bool Authorization::restrictProcess(const drizzled::identifier::User &,

121

const drizzled::identifier::User &)

121

inline bool Authorization::restrictProcess(const SecurityContext &,

122

const SecurityContext &)

122

123

{

123

124

return false;

124

125

}

Older »