From 26cef5c3a8d935047d5838e3e00f5787336eb134 Mon Sep 17 00:00:00 2001 From: Mike Wang Date: Thu, 21 Nov 2024 11:00:41 +0800 Subject: [PATCH] Bug#116737: Change the types of all ACL variables to Access_bitmask --- sql/auth/partial_revokes.cc | 2 +- sql/event_data_objects.cc | 2 +- sql/server_component/persistent_dynamic_loader.cc | 2 +- sql/sql_db.cc | 6 +++--- sql/sql_insert.cc | 11 ++++++----- sql/sql_parse.cc | 3 ++- sql/sql_update.cc | 2 +- 7 files changed, 15 insertions(+), 13 deletions(-) diff --git a/sql/auth/partial_revokes.cc b/sql/auth/partial_revokes.cc index aaa359700a2d..50adfae5a399 100644 --- a/sql/auth/partial_revokes.cc +++ b/sql/auth/partial_revokes.cc @@ -185,7 +185,7 @@ bool DB_restrictions::add(const Json_object &json_object) { const Json_string *priv = down_cast(priv_dom); const auto &itr = global_acls_map.find(priv->value()); if (itr == global_acls_map.end()) return true; - priv_mask |= (1UL << itr->second); + priv_mask |= ((Access_bitmask)1 << itr->second); } add(db_string->value(), priv_mask); } diff --git a/sql/event_data_objects.cc b/sql/event_data_objects.cc index 5e555ccd746b..6f534bb72532 100644 --- a/sql/event_data_objects.cc +++ b/sql/event_data_objects.cc @@ -1177,7 +1177,7 @@ bool Event_job_data::execute(THD *thd, bool drop) { if (construct_drop_event_sql(thd, &sp_sql, m_schema_name, m_event_name)) ret = true; else { - ulong saved_master_access; + Access_bitmask saved_master_access; thd->set_query(sp_sql.c_ptr_safe(), sp_sql.length()); /* diff --git a/sql/server_component/persistent_dynamic_loader.cc b/sql/server_component/persistent_dynamic_loader.cc index 825c10e5f58b..8dc27b3c7619 100644 --- a/sql/server_component/persistent_dynamic_loader.cc +++ b/sql/server_component/persistent_dynamic_loader.cc @@ -152,7 +152,7 @@ static Component_db_intact table_intact; @retval false success */ static bool open_component_table(THD *thd, enum thr_lock_type lock_type, - TABLE **table, ulong acl_to_check) { + TABLE **table, Access_bitmask acl_to_check) { Table_ref tables("mysql", "component", lock_type); if (mysql_persistent_dynamic_loader_imp::initialized() && !opt_noacl && diff --git a/sql/sql_db.cc b/sql/sql_db.cc index f08e5c1b7380..3d4a165adf87 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -125,7 +125,7 @@ static bool find_db_tables(THD *thd, const dd::Schema &schema, const char *db, static long mysql_rm_arc_files(THD *thd, MY_DIR *dirp, const char *org_path); static bool rm_dir_w_symlink(const char *org_path, bool send_error); static void mysql_change_db_impl(THD *thd, const LEX_CSTRING &new_db_name, - ulong new_db_access, + Access_bitmask new_db_access, const CHARSET_INFO *new_db_charset); bool get_default_db_collation(const dd::Schema &schema, @@ -1332,7 +1332,7 @@ long mysql_rm_arc_files(THD *thd, MY_DIR *dirp, const char *org_path) { */ static void mysql_change_db_impl(THD *thd, const LEX_CSTRING &new_db_name, - ulong new_db_access, + Access_bitmask new_db_access, const CHARSET_INFO *new_db_charset) { /* 1. Change current database in THD. */ @@ -1490,7 +1490,7 @@ bool mysql_change_db(THD *thd, const LEX_CSTRING &new_db_name, LEX_CSTRING new_db_file_name_cstr; Security_context *sctx = thd->security_context(); - ulong db_access = sctx->current_db_access(); + Access_bitmask db_access = sctx->current_db_access(); const CHARSET_INFO *db_default_cl = nullptr; // We must make sure the schema is released and unlocked in the right order. diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc index a74845747239..0c6e5112df0d 100644 --- a/sql/sql_insert.cc +++ b/sql/sql_insert.cc @@ -433,8 +433,9 @@ bool Sql_cmd_insert_base::precheck(THD *thd) { Check that we have modify privileges for the first table and select privileges for the rest */ - ulong privilege = INSERT_ACL | (duplicates == DUP_REPLACE ? DELETE_ACL : 0) | - (update_value_list.empty() ? 0 : UPDATE_ACL); + Access_bitmask privilege = INSERT_ACL | + (duplicates == DUP_REPLACE ? DELETE_ACL : 0) | + (update_value_list.empty() ? 0 : UPDATE_ACL); if (check_one_table_access(thd, privilege, lex->query_tables)) return true; @@ -1054,9 +1055,9 @@ bool Sql_cmd_insert_base::prepare_inner(THD *thd) { Require proper privileges for all leaf tables of the view. @todo - Check for target table only. */ - ulong privilege = INSERT_ACL | - (duplicates == DUP_REPLACE ? DELETE_ACL : 0) | - (update_value_list.empty() ? 0 : UPDATE_ACL); + Access_bitmask privilege = INSERT_ACL | + (duplicates == DUP_REPLACE ? DELETE_ACL : 0) | + (update_value_list.empty() ? 0 : UPDATE_ACL); if (select->check_view_privileges(thd, privilege, privilege)) return true; /* diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 023579df4a1a..93b12580cc38 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1798,7 +1798,8 @@ bool dispatch_command(THD *thd, const COM_DATA *com_data, TODO: remove this when we have full 64 bit my_time_t support */ LogErr(ERROR_LEVEL, ER_UNSUPPORTED_DATE); - const ulong master_access = thd->security_context()->master_access(); + const Access_bitmask master_access = + thd->security_context()->master_access(); thd->security_context()->set_master_access(master_access | SHUTDOWN_ACL); error = true; kill_mysql(); diff --git a/sql/sql_update.cc b/sql/sql_update.cc index b1266339da19..80828e9877ba 100644 --- a/sql/sql_update.cc +++ b/sql/sql_update.cc @@ -145,7 +145,7 @@ bool Sql_cmd_update::precheck(THD *thd) { if (tr->is_derived() || tr->uses_materialization()) tr->grant.privilege = SELECT_ACL; else { - auto chk = [&](long want_access) { + auto chk = [&](Access_bitmask want_access) { const bool ignore_errors = (want_access == UPDATE_ACL); return check_access(thd, want_access, tr->db, &tr->grant.privilege, &tr->grant.m_internal, false, ignore_errors) ||