hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge branch 'pr_1759'

Browse Source
This commit is contained in:
ob-robot
2024-02-03 04:14:05 +00:00
parent dffbad9f8b c639763963
commit 3613eb38ee
50 changed files with 861 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/sql/resolver/ob_resolver_utils.cpp
View File

@ -7835,8 +7835,12 @@ int ObResolverUtils::check_secure_path(const common::ObString &secure_file_priv,
{
int ret = OB_SUCCESS;
const char *access_denied_notice_message =
"Access denied, please set suitable variable 'secure-file-priv' first, such as: SET GLOBAL secure_file_priv = '/'";
if (secure_file_priv.empty() || 0 == secure_file_priv.case_compare(N_NULL)) {
ret = OB_ERR_NO_PRIVILEGE;
FORWARD_USER_ERROR_MSG(ret, "%s", access_denied_notice_message);
LOG_WARN("no priv", K(ret), K(secure_file_priv), K(full_path));
} else if (OB_UNLIKELY(secure_file_priv.length() >= DEFAULT_BUF_LENGTH)) {
ret = OB_ERR_UNEXPECTED;
@ -7850,6 +7854,7 @@ int ObResolverUtils::check_secure_path(const common::ObString &secure_file_priv,
stat(buf, &path_stat);
if (0 == S_ISDIR(path_stat.st_mode)) {
ret = OB_ERR_NO_PRIVILEGE;
FORWARD_USER_ERROR_MSG(ret, "%s", access_denied_notice_message);
LOG_WARN("no priv", K(ret), K(secure_file_priv), K(full_path));
} else {
MEMSET(buf, 0, sizeof(buf));
@ -7861,13 +7866,16 @@ int ObResolverUtils::check_secure_path(const common::ObString &secure_file_priv,
const int64_t pos = secure_file_priv_tmp.length();
if (full_path.length() < secure_file_priv_tmp.length()) {
ret = OB_ERR_NO_PRIVILEGE;
FORWARD_USER_ERROR_MSG(ret, "%s", access_denied_notice_message);
LOG_WARN("no priv", K(ret), K(secure_file_priv), K(secure_file_priv_tmp), K(full_path));
} else if (!full_path.prefix_match(secure_file_priv_tmp)) {
ret = OB_ERR_NO_PRIVILEGE;
FORWARD_USER_ERROR_MSG(ret, "%s", access_denied_notice_message);
LOG_WARN("no priv", K(ret), K(secure_file_priv), K(secure_file_priv_tmp), K(full_path));
} else if (full_path.length() > secure_file_priv_tmp.length()
&& secure_file_priv_tmp != "/" && full_path[pos] != '/') {
ret = OB_ERR_NO_PRIVILEGE;
FORWARD_USER_ERROR_MSG(ret, "%s", access_denied_notice_message);
LOG_WARN("no priv", K(ret), K(secure_file_priv), K(secure_file_priv_tmp), K(full_path));
}
}