~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/plugin/authorization.cc

Committer: Brian Aker
Date: 2010-12-18 10:14:05 UTC
mfrom: (2008.1.3 clean)
Revision ID: brian@tangent.org-20101218101405-qjbse29shi9coklg

Merge of user identifier work

files added:
drizzled/identifier/user.cc

drizzled/identifier/user.h

plugin/utility_functions/tests/t/execute.test

files removed:
drizzled/security_context.h

files renamed:
plugin/utility_functions/tests/t/execute.test => plugin/utility_functions/tests/t/execute_complex.disabled

files modified:
drizzled/db.cc

drizzled/execute.cc

drizzled/identifier.h

drizzled/include.am

drizzled/plugin/authentication.cc

drizzled/plugin/authentication.h

drizzled/plugin/authorization.cc

drizzled/plugin/authorization.h

drizzled/plugin/schema_engine.cc

drizzled/session.cc

drizzled/session.h

drizzled/sql_base.cc

drizzled/statement/create_schema.cc

drizzled/table.cc

plugin/auth_file/auth_file.cc

plugin/auth_http/auth_http.cc

plugin/auth_ldap/auth_ldap.cc

plugin/auth_pam/auth_pam.cc

plugin/auth_test/auth_test.cc

plugin/console/console.cc

plugin/drizzle_protocol/drizzle_protocol.cc

plugin/innobase/handler/ha_innodb.cc

plugin/logging_stats/logging_stats.cc

plugin/logging_stats/scoreboard.cc

plugin/mysql_protocol/mysql_protocol.cc

plugin/session_dictionary/processlist.cc

plugin/simple_user_policy/policy.h

plugin/user_locks/barriers.h

plugin/user_locks/create_barrier.cc

plugin/user_locks/get_lock.cc

plugin/user_locks/get_locks.cc

plugin/user_locks/is_free_lock.cc

plugin/user_locks/is_used_lock.cc

plugin/user_locks/key.h

plugin/user_locks/release_barrier.cc

plugin/user_locks/release_lock.cc

plugin/user_locks/release_wait.cc

plugin/user_locks/signal.cc

plugin/user_locks/wait.cc

plugin/user_locks/wait_for_lock.cc

plugin/user_locks/wait_until.cc

plugin/utility_functions/tests/r/execute.result

plugin/utility_functions/user.cc

support-files/drizzle.spec.in

unittests/plugin/authentication_test.cc

unittests/plugin/plugin_stubs.h

Show diffs side-by-side

added added

removed removed

drizzled/plugin/authorization.cc

#include <vector>

#include "drizzled/plugin/authorization.h"

#include "drizzled/security_context.h"

#include "drizzled/identifier.h"

#include "drizzled/error.h"

#include "drizzled/session.h"

class RestrictDbFunctor :

public std::unary_function<plugin::Authorization *, bool>

{

const SecurityContext &user_ctx;

const identifier::User &user_ctx;

SchemaIdentifier::const_reference schema;

public:

RestrictDbFunctor(const SecurityContext &user_ctx_arg,

RestrictDbFunctor(const identifier::User &user_ctx_arg,

SchemaIdentifier::const_reference schema_arg) :

std::unary_function<plugin::Authorization *, bool>(),

user_ctx(user_ctx_arg),

class RestrictTableFunctor :

public std::unary_function<plugin::Authorization *, bool>

{

const SecurityContext &user_ctx;

const identifier::User &user_ctx;

TableIdentifier &table;

public:

RestrictTableFunctor(const SecurityContext &user_ctx_arg,

RestrictTableFunctor(const identifier::User &user_ctx_arg,

TableIdentifier &table_arg) :

std::unary_function<plugin::Authorization *, bool>(),

user_ctx(user_ctx_arg),

class RestrictProcessFunctor :

public std::unary_function<plugin::Authorization *, bool>

100

{

101

const SecurityContext &user_ctx;

102

const SecurityContext &session_ctx;

100

const identifier::User &user_ctx;

101

const identifier::User &session_ctx;

103

102

public:

104

RestrictProcessFunctor(const SecurityContext &user_ctx_arg,

105

const SecurityContext &session_ctx_arg) :

103

RestrictProcessFunctor(const identifier::User &user_ctx_arg,

104

const identifier::User &session_ctx_arg) :

106

105

std::unary_function<plugin::Authorization *, bool>(),

107

106

user_ctx(user_ctx_arg),

108

107

session_ctx(session_ctx_arg)

117

116

class PruneSchemaFunctor :

118

117

public std::unary_function<SchemaIdentifier&, bool>

119

118

{

120

const SecurityContext &user_ctx;

119

drizzled::identifier::User::const_shared_ptr user_ctx;

121

120

public:

122

PruneSchemaFunctor(const SecurityContext &user_ctx_arg) :

121

PruneSchemaFunctor(drizzled::identifier::User::const_shared_ptr user_ctx_arg) :

123

122

std::unary_function<SchemaIdentifier&, bool>(),

124

123

user_ctx(user_ctx_arg)

125

124

{ }

132

131

133

132

} /* namespace */

134

133

135

bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,

134

bool plugin::Authorization::isAuthorized(identifier::User::const_shared_ptr user_ctx,

136

135

SchemaIdentifier::const_reference schema_identifier,

137

136

bool send_error)

138

137

{

144

143

std::vector<plugin::Authorization *>::const_iterator iter=

145

144

std::find_if(authorization_plugins.begin(),

146

145

authorization_plugins.end(),

147

RestrictDbFunctor(user_ctx, schema_identifier));

146

RestrictDbFunctor(*user_ctx, schema_identifier));

148

147

149

148

150

149

160

159

schema_identifier.getSQLPath(path);

161

160

162

161

my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),

163

user_ctx.getUser().c_str(),

164

user_ctx.getIp().c_str(),

162

user_ctx->username().c_str(),

163

user_ctx->address().c_str(),

165

164

path.c_str());

166

165

}

167

166

return false;

169

168

return true;

170

169

}

171

170

172

bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,

171

bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

173

172

TableIdentifier &table,

174

173

bool send_error)

175

174

{

181

180

std::vector<plugin::Authorization *>::const_iterator iter=

182

181

std::find_if(authorization_plugins.begin(),

183

182

authorization_plugins.end(),

184

RestrictTableFunctor(user_ctx, table));

183

RestrictTableFunctor(*user_ctx, table));

185

184

186

185

187

186

* If iter is == end() here, that means that all of the plugins returned

196

195

table.getSQLPath(path);

197

196

198

197

my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),

199

user_ctx.getUser().c_str(),

200

user_ctx.getIp().c_str(),

198

user_ctx->username().c_str(),

199

user_ctx->address().c_str(),

201

200

path.c_str());

202

201

}

203

202

return false;

205

204

return true;

206

205

}

207

206

208

bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,

207

bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

209

208

const Session *session,

210

209

bool send_error)

211

210

{

212

const SecurityContext &session_ctx= session->getSecurityContext();

211

drizzled::identifier::User::const_shared_ptr session_ctx= session->user();

213

212

214

213

/* If we never loaded any authorization plugins, just return true */

215

214

if (authorization_plugins.empty())

219

218

std::vector<plugin::Authorization *>::const_iterator iter=

220

219

std::find_if(authorization_plugins.begin(),

221

220

authorization_plugins.end(),

222

RestrictProcessFunctor(user_ctx, session_ctx));

221

RestrictProcessFunctor(*user_ctx, *session_ctx));

223

222

224

223

225

224

* If iter is == end() here, that means that all of the plugins returned

238

237

return true;

239

238

}

240

239

241

void plugin::Authorization::pruneSchemaNames(const SecurityContext &user_ctx,

240

void plugin::Authorization::pruneSchemaNames(drizzled::identifier::User::const_shared_ptr user_ctx,

242

241

SchemaIdentifier::vector &set_of_schemas)

243

242

{

244

243

/* If we never loaded any authorization plugins, just return true */

Older »