Mailing List Archive
Back to the month index |
Back to the list index
|
|
Back to the month index |
Back to the list index
|
Bill Connors (bconnors@kisbss.kodak.com)
Thu, 3 Apr 1997 17:06:41 -0500 (EST)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: fvillarr@sol.mmtlc.utep.edu: "[mSQL] Date,Time documentation question..."
- Previous message: Vivek Khera: "Re: [mSQL] runaway msql2d process (doesn't finish)"
From: bconnors@kisbss.kodak.com (Bill Connors) Message-Id: <199704032206.RAA21450@clancy.kodak.com> Subject: [mSQL] Patches to add use command and tighter access control Date: Thu, 3 Apr 1997 17:06:41 -0500 (EST)The attached patches add and enhance a couple of the functions of msql. The
addition is the use command. This command is similar to Sybase's use command
which will allow to switch databases from within the msql monitor. The syntax
is:
use {new database name}
Also in this patch are enhancements to security model of msql. With these
patches you have independent control over select, insert, delete, update,
create, and drop. In order to specify the access you make entries in the
acl file. (Normally msql.acl) The keywords are: select, insert, delete,
update, create, and drop. You specify users who possess these properties the
same way you do read or write currently. This patch does not require you
to remove the read and write tag lines however they are no longer used. The
admin user by default will inherit all priviledges.
Please note that these are not endorsed nor recommended patches. Therefore is
you use these and things break you probably won't get support from the net.
These patches also only apply to MSQL2.0B5. I have intensively test them on
Solaris 2.5 and Linux 2.0.0 and believe them to be complete and reliable. Any
question regarding the patches maybe addressed to me.
Bill
-- bconnors@kisbss.kodak.com In no way would I even attempt System Engineer to represent Danka, I don't Danka Corporation even know what they're Rochester, NY thinking.Engineer and Ram truck owner, coincidence ? I think not. 94 Dodge RAM 1500 SLT 5.2L 4X4 aka "Mean Green"
--- acl.c.orig Thu Mar 6 03:54:31 1997 +++ acl.c Thu Apr 3 16:43:23 1997 @@ -50,8 +50,7 @@ typedef struct acl_s { char db[NAME_LEN]; acc_t *host, - *read, - *write; + *privs; tlist_t *access, *option; struct acl_s *next; @@ -89,6 +88,18 @@ return(ACCESS); if (strcmp(tok,"option") == 0) return(OPTION); + if (strcmp(tok,"select") == 0) + return(SELECT_ACCESS); + if (strcmp(tok,"insert") == 0) + return(INSERT_ACCESS); + if (strcmp(tok,"update") == 0) + return(UPDATE_ACCESS); + if (strcmp(tok,"delete") == 0) + return(DELETE_ACCESS); + if (strcmp(tok,"create") == 0) + return(CREATE_ACCESS); + if (strcmp(tok,"drop") == 0) + return(DROP_ACCESS); return(-1); } @@ -108,7 +119,9 @@ *tok; FILE *fp; int newEntry, - lineNum; + lineNum, + allow, + newPriv; /* @@ -157,7 +170,7 @@ - switch(checkToken(tok)) + switch(newPriv = checkToken(tok)) { case DATABASE: if (!newEntry) @@ -198,103 +211,12 @@ case READ: - if (newEntry) - { - ERR(("Bad entry header location at line %d\n", - lineNum)); - sprintf(packet, - "-1:Bad entry header location at line %d\n" - ,lineNum); - fclose(fp); - return(-1); - } - if (new->read) - { - accTail = new->read; - while(accTail->next) - accTail = accTail->next; - } - else - { - accTail = NULL; - } + case WRITE: + tok = (char *)strtok(NULL," \t,\n\r"); + while (tok) { tok = (char *)strtok(NULL," \t,\n\r"); - while(tok) - { - accNew = (acc_t *)malloc(sizeof(acc_t)); - (void)bzero(accNew,sizeof(acc_t)); - if (*tok == '-') - { - strcpy(accNew->name,tok+1); - accNew->access = REJECT; - } - else - { - strcpy(accNew->name,tok); - accNew->access = ALLOW; - } - if (accTail) - { - accTail->next = accNew; - } - else - { - new->read = accNew; - } - accTail = accNew; - tok = (char *)strtok(NULL," \t,\n\r"); - } - break; - - - case WRITE: - if (newEntry) - { - ERR(("Bad entry header location at line %d\n", - lineNum)); - sprintf(packet, - "-1:Bad entry header location at line %d\n" - ,lineNum); - fclose(fp); - return(-1); - } - if (new->write) - { - accTail = new->write; - while(accTail->next) - accTail = accTail->next; - } - else - { - accTail = NULL; - } - tok = (char *)strtok(NULL," \t,\n\r"); - while(tok) - { - accNew = (acc_t *)malloc(sizeof(acc_t)); - (void)bzero(accNew,sizeof(acc_t)); - if (*tok == '-') - { - strcpy(accNew->name,tok+1); - accNew->access = REJECT; - } - else - { - strcpy(accNew->name,tok); - accNew->access = ALLOW; - } - if (accTail) - { - accTail->next = accNew; - } - else - { - new->write = accNew; - } - accTail = accNew; - tok = (char *)strtok(NULL," \t,\n\r"); - } - break; + } + break; case HOST: @@ -429,7 +351,63 @@ break; - default: + case SELECT_ACCESS: + case INSERT_ACCESS: + case UPDATE_ACCESS: + case DELETE_ACCESS: + case CREATE_ACCESS: + case DROP_ACCESS: + if (newEntry) { + ERR(("Bad entry header location at line %d\n", lineNum)); + sprintf(packet, + "-1:Bad entry header location at line %d\n", + lineNum); + fclose(fp); + return(-1); + } + if (new->privs) { + accTail = new->privs; + } + else { + new->privs = (acc_t *)malloc(sizeof(acc_t)); + accTail = new->privs; + strcpy (accTail->name, msqlGetCharConf ("admin_user")); + accTail->access = FULL_ACCESS; + accTail->next = NULL; + } + tok = (char *)strtok(NULL," \t,\n\r"); + while (tok) { + if (*tok == '-') + allow=0; + else + allow=1; + while ((accTail) && (strcmp (accTail->name, tok))) { + accTail = accTail->next; + } + if (accTail) { + accNew = accTail; + } + else { + accNew = (acc_t *)malloc(sizeof(acc_t)); + strcpy (accNew->name, tok); + accNew->access = NO_ACCESS; + accNew->next = NULL; + accTail = new->privs; + while (accTail->next) { + accTail = accTail->next; + } + accTail->next = accNew; + } + if (allow) + accNew->access |= newPriv; + else + accNew->access && ~newPriv; + tok = (char *)strtok(NULL," \t,\n\r"); + } + break; + + + default: ERR(("Unknown ACL command \"%s\" at line %d\n", tok,lineNum)); sprintf(packet, @@ -565,14 +543,7 @@ { if (matchToken(cur->name, tok)) { - if (cur->access == ALLOW) - { - return(1); - } - else - { - return(0); - } + return (cur->access); } cur = cur->next; } @@ -613,7 +584,7 @@ if (!curAcl) { - return(RW_ACCESS); /* default if no specific ACL */ + return(FULL_ACCESS); /* default if no specific ACL */ } /* @@ -643,15 +614,7 @@ /* ** Now check the access perms */ - perms = 0; - if (matchAccessList(curAcl->read, user)) - { - perms |= READ_ACCESS; - } - if (matchAccessList(curAcl->write, user)) - { - perms |= WRITE_ACCESS; - } + perms = matchAccessList(curAcl->privs, user); if (perms == 0) { return(NO_ACCESS); @@ -708,8 +671,7 @@ while(curAcl) { freeAcc(curAcl->host); - freeAcc(curAcl->read); - freeAcc(curAcl->write); + freeAcc(curAcl->privs); freeTlist(curAcl->access); freeTlist(curAcl->option); prevAcl = curAcl;
--- msql_lex.c.orig Sun Mar 2 00:01:28 1997 +++ msql_lex.c Wed Apr 2 11:11:37 1997 @@ -210,6 +210,7 @@ { "=", token(EQ)}, { "on", token(ON)}, { "value", token(VALUE)}, + { "use", token(USE)}, { 0, 0} }, { /* 14 */
--- msql_priv.h.orig Sun Mar 9 20:58:24 1997 +++ msql_priv.h Thu Apr 3 16:25:14 1997 @@ -81,6 +81,10 @@ struct tname_s *next; } tname_t; +typedef struct dname_s { + char name[NAME_LEN + 1]; +} dname_t; + /* @@ -369,10 +373,16 @@ #define DEST_CLIENT 1 #define DEST_TABLE 2 -#define NO_ACCESS 0 -#define READ_ACCESS 1 -#define WRITE_ACCESS 2 -#define RW_ACCESS READ_ACCESS | WRITE_ACCESS +#define NO_ACCESS 0x0000 +#define SELECT_ACCESS 0x0010 +#define INSERT_ACCESS 0x0020 +#define UPDATE_ACCESS 0x0040 +#define DELETE_ACCESS 0x0080 +#define CREATE_ACCESS 0x0100 +#define DROP_ACCESS 0x0200 +#define GRANT_ACCESS 0x0400 +#define REVOKE_ACCESS 0x0800 +#define FULL_ACCESS SELECT_ACCESS | INSERT_ACCESS | UPDATE_ACCESS | DELETE_ACCESS | CREATE_ACCESS | DROP_ACCESS | GRANT_ACCESS | REVOKE_ACCESS #define IGNORE_IDENT 1 #define KEEP_IDENT 0
--- msql_proc.c.orig Tue Mar 18 19:39:42 1997 +++ msql_proc.c Thu Apr 3 16:17:26 1997 @@ -47,6 +47,7 @@ *lastField = NULL; order_t *orderHead = NULL; tname_t *tableHead = NULL; +dname_t *databaseHead = NULL; mindex_t indexHead; time_t queryTime; char seqTable[NAME_LEN + 1]; @@ -113,6 +114,10 @@ (void)free(tmpTable); } + /* + * blow aways the database list from the query + */ + (void)free(databaseHead); /* ** blow away the field list from the query @@ -156,6 +161,7 @@ fieldHead = fieldTail = lastField = (field_t *) NULL; orderHead = orderTail = (order_t *) NULL; tableHead = tableTail = (tname_t *) NULL; + databaseHead = (dname_t *)NULL; msqlBackendClean(); msqlResetSysVars(); @@ -855,6 +861,18 @@ } +void msqlAddDatabase (name) + char *name; +{ + register dname_t *new; + + msqlTrace (TRACE_IN, "msqlAddDatabase()"); + new = (dname_t *)fastMalloc(sizeof(dname_t)); + *(new->name) = 0; + (void)strcpy (new->name, name); + databaseHead = new; + msqlTrace (TRACE_OUT, "msqlAddDatabase ()"); +} void msqlAddIndex(name, table, uniq, type) char *name, @@ -908,8 +926,11 @@ queryTime = time(NULL); switch(command) { + case USE: + res = msqlServerUseDatabase (databaseHead->name); + break; case SELECT: - if (!msqlCheckPerms(READ_ACCESS)) + if (!msqlCheckPerms(SELECT_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -920,7 +941,7 @@ orderHead,curDB); break; case CREATE_TABLE: - if (!msqlCheckPerms(WRITE_ACCESS)) + if (!msqlCheckPerms(CREATE_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -931,7 +952,7 @@ curDB); break; case CREATE_INDEX: - if (!msqlCheckPerms(WRITE_ACCESS)) + if (!msqlCheckPerms(CREATE_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -941,7 +962,7 @@ res = msqlServerCreateIndex(&indexHead,fieldHead,curDB); break; case CREATE_SEQUENCE: - if (!msqlCheckPerms(WRITE_ACCESS)) + if (!msqlCheckPerms(CREATE_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -952,7 +973,7 @@ sequence.value,curDB); break; case UPDATE: - if (!msqlCheckPerms(RW_ACCESS)) + if (!msqlCheckPerms(UPDATE_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -963,7 +984,7 @@ condHead, curDB); break; case INSERT: - if (!msqlCheckPerms(WRITE_ACCESS)) + if (!msqlCheckPerms(INSERT_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -973,7 +994,7 @@ res = msqlServerInsert(tableHead->name,fieldHead,curDB); break; case DELETE: - if (!msqlCheckPerms(WRITE_ACCESS)) + if (!msqlCheckPerms(DELETE_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -983,7 +1004,7 @@ res = msqlServerDelete(tableHead->name,condHead,curDB); break; case DROP_TABLE: - if (!msqlCheckPerms(WRITE_ACCESS)) + if (!msqlCheckPerms(DROP_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -993,7 +1014,7 @@ res = msqlServerDropTable(tableHead->name,curDB); break; case DROP_INDEX: - if (!msqlCheckPerms(WRITE_ACCESS)) + if (!msqlCheckPerms(DROP_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock); @@ -1003,7 +1024,7 @@ res = msqlServerDropIndex(&indexHead,curDB); break; case DROP_SEQUENCE: - if (!msqlCheckPerms(WRITE_ACCESS)) + if (!msqlCheckPerms(DROP_ACCESS)) { sprintf(packet,"-1:Access Denied\n"); writePkt(outSock);
--- msql_yacc.y.orig Thu Mar 6 07:42:50 1997 +++ msql_yacc.y Wed Apr 2 11:12:12 1997 @@ -64,6 +64,7 @@ %token DELETE %token SELECT %token UPDATE +%token USE %token ALL %token DISTINCT @@ -155,6 +156,20 @@ | insert | update | delete + | use + + +/* + * Use: use a database + */ + +use + : USE IDENT + { + command = USE; + msqlAddDatabase ($2); + myFree ($2); + } /*
--- msqldb.c.orig Mon Mar 17 00:33:19 1997 +++ msqldb.c Wed Apr 2 11:12:22 1997 @@ -84,6 +84,7 @@ extern int outSock; extern char *packet; +extern cinfo_t conArray[256]; int selectWildcard = 0, selectDistinct = 0; @@ -1424,6 +1425,29 @@ } +int msqlServerUseDatabase (database) + char *database; +{ + msqlTrace(TRACE_IN,"msqlServerUseDatabase()"); + if (msqlCheckAccess (database, conArray + outSock) == NO_ACCESS) + { + sprintf (errMsg, ACCESS_DENIED_ERROR); + return -1; + } + conArray[outSock].access = msqlCheckAccess (database, conArray + outSock); + if (msqlInit (database) < 0) + { + sprintf (errMsg, "database %s not found.\n", database); + return -1; + } + conArray[outSock].db = (char *)strdup (database); + msqlSetDB(database); + sprintf(packet,"1:\n"); + writePkt(outSock); + msqlTrace(TRACE_OUT,"msqlServerUseDatabase()"); + return 0; +} + int msqlServerCreateTable(table,fields,db) char *table; @@ -2723,8 +2747,6 @@ safeFree(row->buf); safeFree(row); } - - --- sysvar.c.orig Fri Mar 7 21:52:23 1997 +++ sysvar.c Wed Apr 2 11:15:08 1997 @@ -264,7 +264,7 @@ if (strcmp(cond->name, "_timestamp") == 0) { - row->header->timestamp = (time_t)intVal; + intVal = row->header->timestamp; } if (strcmp(cond->name, "_rowid") == 0) -------------------------------------------------------------------------- To remove yourself from the Mini SQL mailing list send a message containing "unsubscribe" to "unsubscribe" to msql-list-request@bunyip.com. Send a message containing "info msql-list" to majordomo@bunyip.com for info on monthly archives of the list. For more help, mail owner-msql-list@bunyip.com NOT the msql-list!