Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
1bfc610d
Commit
1bfc610d
authored
Oct 18, 2013
by
Vicențiu Ciorbaru
Committed by
Sergei Golubchik
Oct 18, 2013
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added show role grants functionality to the mysql_show_grants function.
parent
0fea3316
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
104 additions
and
0 deletions
+104
-0
mysql-test/r/acl_roles_set_role-multiple-role.result
mysql-test/r/acl_roles_set_role-multiple-role.result
+21
-0
mysql-test/r/acl_roles_set_role-recursive.result
mysql-test/r/acl_roles_set_role-recursive.result
+10
-0
mysql-test/r/acl_roles_set_role-simple.result
mysql-test/r/acl_roles_set_role-simple.result
+2
-0
mysql-test/t/acl_roles_set_role-multiple-role.test
mysql-test/t/acl_roles_set_role-multiple-role.test
+3
-0
mysql-test/t/acl_roles_set_role-recursive.test
mysql-test/t/acl_roles_set_role-recursive.test
+16
-0
mysql-test/t/acl_roles_set_role-simple.test
mysql-test/t/acl_roles_set_role-simple.test
+6
-0
sql/sql_acl.cc
sql/sql_acl.cc
+46
-0
No files found.
mysql-test/r/acl_roles_set_role-multiple-role.result
View file @
1bfc610d
...
...
@@ -62,10 +62,24 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
set role r_sel;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
localhost test_user r_crt
...
...
@@ -79,6 +93,13 @@ set role r_ins;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
...
...
mysql-test/r/acl_roles_set_role-recursive.result
View file @
1bfc610d
...
...
@@ -34,49 +34,59 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk='';
HostFk UserFk RoleFk
test_role1 test_role2
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role none;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role2;
ERROR HY000: The role 'test_role2' has not been granted or is invalid.
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk='';
HostFk UserFk RoleFk
test_role1 test_role2
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role none;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
delete from mysql.user where user='test_role1';
...
...
mysql-test/r/acl_roles_set_role-simple.result
View file @
1bfc610d
...
...
@@ -21,10 +21,12 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
localhost test_user test_role1
...
...
mysql-test/t/acl_roles_set_role-multiple-role.test
View file @
1bfc610d
...
...
@@ -57,13 +57,16 @@ change_user 'test_user';
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysql
.
roles_mapping
;
--
sorted_result
show
grants
;
set
role
r_sel
;
--
sorted_result
show
grants
;
--
sorted_result
select
*
from
mysql
.
roles_mapping
;
set
role
r_ins
;
--
sorted_result
show
grants
;
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysql
.
roles_mapping
;
...
...
mysql-test/t/acl_roles_set_role-recursive.test
View file @
1bfc610d
...
...
@@ -15,11 +15,16 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'test_role2'
);
flush
privileges
;
--
sorted_result
select
user
,
host
from
mysql
.
user
where
user
not
like
'root'
;
--
sorted_result
select
*
from
mysql
.
roles_mapping
where
UserFk
like
'test_user'
;
--
sorted_result
select
*
from
mysql
.
roles_mapping
where
UserFk
like
'test_role1'
;
grant
select
on
*.*
to
'test_role2'
@
''
;
--
sorted_result
select
*
from
mysql
.
user
where
user
like
'test_role1'
;
--
sorted_result
select
*
from
mysql
.
user
where
user
like
'test_role2'
;
flush
privileges
;
...
...
@@ -28,32 +33,43 @@ change_user 'test_user';
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysql
.
roles_mapping
;
--
sorted_result
show
grants
;
set
role
test_role1
;
--
sorted_result
show
grants
;
select
*
from
mysql
.
roles_mapping
where
HostFk
=
''
;
--
sorted_result
show
grants
;
set
role
none
;
--
sorted_result
show
grants
;
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysql
.
roles_mapping
;
--
sorted_result
show
grants
;
--
error
ER_INVALID_ROLE
set
role
test_role2
;
--
sorted_result
show
grants
;
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysql
.
roles_mapping
;
#Make sure that this still works after an ER_INVALID_ROLE error
--
sorted_result
show
grants
;
set
role
test_role1
;
--
sorted_result
show
grants
;
--
sorted_result
select
*
from
mysql
.
roles_mapping
where
HostFk
=
''
;
--
sorted_result
show
grants
;
set
role
none
;
--
sorted_result
show
grants
;
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysql
.
roles_mapping
;
...
...
mysql-test/t/acl_roles_set_role-simple.test
View file @
1bfc610d
...
...
@@ -7,9 +7,12 @@ update mysql.user set is_role='Y' where user='test_role1';
insert
into
mysql
.
roles_mapping
(
HostFk
,
UserFk
,
RoleFk
)
values
(
'localhost'
,
'test_user'
,
'test_role1'
);
--
sorted_result
select
user
,
host
from
mysql
.
user
where
user
not
like
'root'
;
--
sorted_result
select
*
from
mysql
.
roles_mapping
;
grant
select
on
*.*
to
'test_role1'
@
''
;
--
sorted_result
select
*
from
mysql
.
user
where
user
=
'test_role1'
;
flush
privileges
;
...
...
@@ -18,9 +21,12 @@ change_user 'test_user';
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysql
.
roles_mapping
;
--
sorted_result
show
grants
;
set
role
test_role1
;
--
sorted_result
show
grants
;
--
sorted_result
select
*
from
mysql
.
roles_mapping
;
set
role
none
;
...
...
sql/sql_acl.cc
View file @
1bfc610d
...
...
@@ -309,6 +309,9 @@ static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
const
char
*
ip
);
static
bool
show_proxy_grants
(
THD
*
thd
,
LEX_USER
*
user
,
char
*
buff
,
size_t
buffsize
);
static
bool
show_role_grants
(
THD
*
thd
,
LEX_USER
*
lex_user
,
ACL_USER_BASE
*
acl_entry
,
char
*
buff
,
size_t
buffsize
);
static
bool
show_global_privileges
(
THD
*
thd
,
LEX_USER
*
lex_user
,
ACL_USER_BASE
*
acl_entry
,
bool
handle_as_role
,
char
*
buff
,
size_t
buffsize
);
...
...
@@ -6300,6 +6303,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
DBUG_RETURN
(
TRUE
);
}
/* Show granted roles to acl_user */
if
(
show_role_grants
(
thd
,
lex_user
,
acl_user
,
buff
,
sizeof
(
buff
)))
{
error
=
-
1
;
goto
end
;
}
/* Add first global access grants */
if
(
show_global_privileges
(
thd
,
lex_user
,
acl_user
,
FALSE
,
buff
,
sizeof
(
buff
)))
{
...
...
@@ -6349,6 +6359,42 @@ end:
DBUG_RETURN
(
error
);
}
static
bool
show_role_grants
(
THD
*
thd
,
LEX_USER
*
lex_user
,
ACL_USER_BASE
*
acl_entry
,
char
*
buff
,
size_t
buffsize
)
{
uint
counter
;
Protocol
*
protocol
=
thd
->
protocol
;
String
grant
(
buff
,
sizeof
(
buff
),
system_charset_info
);
for
(
counter
=
0
;
counter
<
acl_entry
->
role_grants
.
elements
;
counter
++
)
{
grant
.
length
(
0
);
grant
.
append
(
STRING_WITH_LEN
(
"GRANT "
));
ACL_ROLE
*
acl_role
=
*
(
dynamic_element
(
&
acl_entry
->
role_grants
,
counter
,
ACL_ROLE
**
));
grant
.
append
(
acl_role
->
user
.
str
,
acl_role
->
user
.
length
,
system_charset_info
);
grant
.
append
(
STRING_WITH_LEN
(
" TO '"
));
grant
.
append
(
lex_user
->
user
.
str
,
lex_user
->
user
.
length
,
system_charset_info
);
if
(
!
(
acl_entry
->
flags
&
IS_ROLE
))
{
grant
.
append
(
STRING_WITH_LEN
(
"'@'"
));
grant
.
append
(
lex_user
->
host
.
str
,
lex_user
->
host
.
length
,
system_charset_info
);
}
grant
.
append
(
'\''
);
protocol
->
prepare_for_resend
();
protocol
->
store
(
grant
.
ptr
(),
grant
.
length
(),
grant
.
charset
());
if
(
protocol
->
write
())
{
return
TRUE
;
}
}
return
FALSE
;
}
static
bool
show_global_privileges
(
THD
*
thd
,
LEX_USER
*
lex_user
,
ACL_USER_BASE
*
acl_entry
,
bool
handle_as_role
,
char
*
buff
,
size_t
buffsize
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment