Merge bk-internal.mysql.com:/home/bk/mysql-4.0

into mashka.mysql.fi:/home/my/mysql-4.0

Merge bk-internal.mysql.com:/home/bk/mysql-4.0
into mashka.mysql.fi:/home/my/mysql-4.0
0d58c5bc · unknown · bec53039 · a34fc634 · 0d58c5bc · 0d58c5bc
Commit 0d58c5bc authored Apr 28, 2003 by unknown
7 changed files
--- a/include/my_global.h
+++ b/include/my_global.h
@@ -267,6 +267,10 @@ C_MODE_END
 #include <asm/atomic.h>
 #endif
 #include <errno.h>				/* Recommended by debian */
+/* We need the following to go around a problem with openssl on solaris */
+#if defined(HAVE_CRYPT)
+#include <crypt.h>
+#endif

 /* Go around some bugs in different OS and compilers */
 #if defined(_HPUX_SOURCE) && defined(HAVE_SYS_STREAM_H)

--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -27,9 +27,6 @@
 #include "mysql_priv.h"
 #include "sql_acl.h"
 #include <m_ctype.h>
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
 #ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #endif /* HAVE_OPENSSL */

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1997,7 +1997,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
 }


-int mysql_table_grant (THD *thd, TABLE_LIST *table_list,
+int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
 		      List <LEX_USER> &user_list,
 		      List <LEX_COLUMN> &columns, ulong rights,
 		      bool revoke_grant)
@@ -2374,7 +2374,7 @@ my_bool grant_init(THD *org_thd)
 	mem_check->ok() && hash_insert(&hash_tables,(byte*) mem_check))
    {
      /* This could only happen if we are out memory */
-      grant_option = FALSE;			/* purecov: deadcode */
+      grant_option= FALSE;			/* purecov: deadcode */
      goto end_unlock;
    }
  }
@@ -2404,7 +2404,8 @@ end:

 void grant_reload(THD *thd)
 {
-  HASH old_hash_tables;bool old_grant_option;
+  HASH old_hash_tables;
+  bool old_grant_option;
  MEM_ROOT old_mem;
  DBUG_ENTER("grant_reload");

@@ -2413,14 +2414,14 @@ void grant_reload(THD *thd)
  pthread_mutex_lock(&LOCK_grant);
  grant_version++;
  old_hash_tables=hash_tables;
-  old_grant_option = grant_option;
+  old_grant_option= grant_option;
  old_mem = memex;

  if (grant_init(thd))
  {						// Error. Revert to old hash
    grant_free();				/* purecov: deadcode */
    hash_tables=old_hash_tables;		/* purecov: deadcode */
-    grant_option = old_grant_option;		/* purecov: deadcode */
+    grant_option= old_grant_option;		/* purecov: deadcode */
    memex = old_mem;				/* purecov: deadcode */
  }
  else

--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -1984,8 +1984,9 @@ insert_fields(THD *thd,TABLE_LIST *tables, const char *db_name,
 			(!db_name || !strcmp(tables->db,db_name))))
    {
      /* Ensure that we have access right to all columns */
-      if (grant_option && !thd->master_access &&
-	  check_grant_all_columns(thd,SELECT_ACL,table) )
+      if (grant_option && !(table->grant.privilege &
+			    table->grant.want_privilege) &&
+	  check_grant_all_columns(thd,SELECT_ACL,table))
 	DBUG_RETURN(-1);
      Field **ptr=table->field,*field;
      thd->used_tables|=table->map;

--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -2519,12 +2519,20 @@ error:

 /****************************************************************************
  Get the user (global) and database privileges for all used tables
-  Returns true (error) if we can't get the privileges and we don't use
-  table/column grants.
+
+  NOTES
    The idea of EXTRA_ACL is that one will be granted access to the table if
    one has the asked privilege on any column combination of the table; For
    example to be able to check a table one needs to have SELECT privilege on
    any column of the table.
+
+  RETURN
+    0  ok
+    1  If we can't get the privileges and we don't use table/column grants.
+
+    save_priv	In this we store global and db level grants for the table
+		Note that we don't store db level grants if the global grants
+		is enough to satisfy the request.
 ****************************************************************************/

 bool

--- a/tests/grant.pl
+++ b/tests/grant.pl
@@ -62,6 +62,12 @@ safe_query("create database $opt_database");
 user_connect(1);
 #goto test;

+#
+# Enable column grant code
+#
+safe_query("grant select(user) on mysql.user to $user");
+safe_query("revoke select(user) on mysql.user from $user");
+
 #
 # Test grants on user level
 #
@@ -408,21 +414,29 @@ safe_query("grant ALL PRIVILEGES on $opt_database.test to $user identified by 'd
 user_connect(0,"dummy");
 safe_query("grant SELECT on $opt_database.* to $user identified by ''");
 user_connect(0);
-safe_query("revoke ALL PRIVILEGES on $opt_database.test from $user identified by ''");
+safe_query("revoke ALL PRIVILEGES on $opt_database.test from $user identified by '', ${opt_user}\@127.0.0.1 identified by 'dummy2'");
 safe_query("revoke ALL PRIVILEGES on $opt_database.* from $user identified by ''");
+
 safe_query("show grants for $user");

 #
 # Test bug reported in SELECT INTO OUTFILE
 #

-safe_query("create table $opt_database.test3 (a int)");
+safe_query("create table $opt_database.test3 (a int, b int)");
 safe_query("grant SELECT on $opt_database.test3 to $user");
 safe_query("grant FILE on *.* to $user");
-safe_query("insert into $opt_database.test3 values (1)");
+safe_query("insert into $opt_database.test3 values (1,1)");
 user_connect(0);
 user_query("select * into outfile '$tmp_table' from $opt_database.test3");
 safe_query("revoke SELECT on $opt_database.test3 from $user");
+safe_query("grant SELECT(a) on $opt_database.test3 to $user");
+user_query("select a from $opt_database.test3");
+user_query("select * from $opt_database.test3",1);
+user_query("select a,b from $opt_database.test3",1);
+user_query("select b from $opt_database.test3",1);
+
+safe_query("revoke SELECT(a) on $opt_database.test3 from $user");
 safe_query("revoke FILE on *.* from $user");
 safe_query("drop table $opt_database.test3");


--- a/tests/grant.res
+++ b/tests/grant.res
@@ -10,6 +10,8 @@ Error in execute: Can't drop database 'grant_test'. Database doesn't exist
 create database grant_test
 Connecting grant_user
 Error on connect: Access denied for user: '@localhost' to database 'grant_test'
+grant select(user) on mysql.user to grant_user@localhost
+revoke select(user) on mysql.user from grant_user@localhost
 grant select on *.* to grant_user@localhost
 set password FOR grant_user2@localhost = password('test')
 Error in execute: Can't find any matching row in the user table
@@ -106,21 +108,21 @@ select count(*) from grant_test.test
 2

 select * from mysql.user where user = 'grant_user'
-Error in execute: select command denied to user: 'grant_user@localhost' for table 'user'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
 insert into grant_test.test values (4,0)
-Error in execute: insert command denied to user: 'grant_user@localhost' for table 'test'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 update grant_test.test set a=1
-Error in execute: update command denied to user: 'grant_user@localhost' for table 'test'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 delete from grant_test.test
-Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 create table grant_test.test2 (a int)
-Error in execute: create command denied to user: 'grant_user@localhost' for table 'test2'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 ALTER TABLE grant_test.test add c int
-Error in execute: alter command denied to user: 'grant_user@localhost' for table 'test'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 CREATE INDEX dummy ON grant_test.test (a)
-Error in execute: index command denied to user: 'grant_user@localhost' for table 'test'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 drop table grant_test.test
-Error in execute: drop command denied to user: 'grant_user@localhost' for table 'test'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 grant ALL PRIVILEGES on grant_test.* to grant_user2@localhost
 Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 grant ALL PRIVILEGES on grant_test.* to grant_user@localhost WITH GRANT OPTION
@@ -133,14 +135,14 @@ REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
 REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
 Connecting grant_user
 insert into grant_test.test values (6,0)
-Error in execute: insert command denied to user: 'grant_user@localhost' for table 'test'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 REVOKE GRANT OPTION on grant_test.* from grant_user@localhost
 Connecting grant_user
 Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 grant ALL PRIVILEGES on grant_test.* to grant_user@localhost
 Connecting grant_user
 select * from mysql.user where user = 'grant_user'
-Error in execute: select command denied to user: 'grant_user@localhost' for table 'user'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
 insert into grant_test.test values (7,0)
 update grant_test.test set a=3 where a=2
 delete from grant_test.test where a=3
@@ -152,7 +154,7 @@ show tables from grant_test
 test

 insert into mysql.user (host,user) values ('error','grant_user',0)
-Error in execute: insert command denied to user: 'grant_user@localhost' for table 'user'
+Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
 revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost
 select * from mysql.user where user = 'grant_user'
 localhost	grant_user		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0
@@ -200,7 +202,7 @@ Connecting grant_user
 update grant_test.test set b=b+1
 revoke SELECT on *.* from grant_user@localhost
 Connecting grant_user
-lect * from test
+select * from test
 Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
 grant select on grant_test.test to grant_user@localhost
 delete from grant_test.test where a=1
@@ -233,7 +235,7 @@ Error in execute: select command denied to user: 'grant_user@localhost' for tabl
 select count(*) from test,test2
 Error in execute: select command denied to user: 'grant_user@localhost' for table 'test2'
 replace into test2 SELECT a from test
-Error in execute: update command denied to user: 'grant_user@localhost' for table 'test2'
+Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test2'
 grant update on grant_test.test2 to grant_user@localhost
 replace into test2 SELECT a,a from test
 Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test2'
@@ -448,21 +450,34 @@ grant ALL PRIVILEGES on grant_test.test to grant_user@localhost identified by 'd
 Connecting grant_user
 grant SELECT on grant_test.* to grant_user@localhost identified by ''
 Connecting grant_user
-revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by ''
+revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by '', grant_user@127.0.0.1 identified by 'dummy2'
 revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost identified by ''
 show grants for grant_user@localhost
-create table grant_test.test3 (a int)
+GRANT USAGE ON *.* TO 'grant_user'@'localhost'
+
+create table grant_test.test3 (a int, b int)
 grant SELECT on grant_test.test3 to grant_user@localhost
 grant FILE on *.* to grant_user@localhost
-insert into grant_test.test3 values (1)
+insert into grant_test.test3 values (1,1)
 Connecting grant_user
 select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
 revoke SELECT on grant_test.test3 from grant_user@localhost
+grant SELECT(a) on grant_test.test3 to grant_user@localhost
+select a from grant_test.test3
+1
+
+select * from grant_test.test3
+Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
+select a,b from grant_test.test3
+Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
+select b from grant_test.test3
+Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
+revoke SELECT(a) on grant_test.test3 from grant_user@localhost
 revoke FILE on *.* from grant_user@localhost
 drop table grant_test.test3
 create table grant_test.test3 (a int)
 Connecting grant_user
-Access denied for user: 'grant_user@localhost' to database 'grant_test'
+Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 grant INSERT on grant_test.test3 to grant_user@localhost
 Connecting grant_user
 select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
@@ -487,9 +502,11 @@ revoke SELECT,INSERT,UPDATE,DELETE on grant_test.test3 from grant_user@localhost
 Connecting grant_user
 revoke LOCK TABLES on *.* from grant_user@localhost
 Connecting grant_user
-Access denied for user: 'grant_user@localhost' to database 'grant_test'
+Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
 drop table grant_test.test3
 show grants for grant_user@localhost
+GRANT USAGE ON *.* TO 'grant_user'@'localhost'
+
 grant all on *.* to grant_user@localhost WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
 show grants for grant_user@localhost
 GRANT ALL PRIVILEGES ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
@@ -501,6 +518,8 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, F

 revoke ALL PRIVILEGES on *.* from grant_user@localhost
 show grants for grant_user@localhost
+GRANT USAGE ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
+
 drop database grant_test
 delete from user where user='grant_user'
 delete from db where user='grant_user'