Commit 1bfc610d authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Added show role grants functionality to the mysql_show_grants function.

parent 0fea3316
......@@ -62,10 +62,24 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
set role r_sel;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
localhost test_user r_crt
......@@ -79,6 +93,13 @@ set role r_ins;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
......
......@@ -34,49 +34,59 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk='';
HostFk UserFk RoleFk
test_role1 test_role2
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role none;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role2;
ERROR HY000: The role 'test_role2' has not been granted or is invalid.
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk='';
HostFk UserFk RoleFk
test_role1 test_role2
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role none;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
delete from mysql.user where user='test_role1';
......
......@@ -21,10 +21,12 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
localhost test_user test_role1
......
......@@ -57,13 +57,16 @@ change_user 'test_user';
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
--sorted_result
show grants;
set role r_sel;
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping;
set role r_ins;
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
......
......@@ -15,11 +15,16 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'test_role2');
flush privileges;
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping where UserFk like 'test_user';
--sorted_result
select * from mysql.roles_mapping where UserFk like 'test_role1';
grant select on *.* to 'test_role2'@'';
--sorted_result
select * from mysql.user where user like 'test_role1';
--sorted_result
select * from mysql.user where user like 'test_role2';
flush privileges;
......@@ -28,32 +33,43 @@ change_user 'test_user';
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
--sorted_result
show grants;
set role test_role1;
--sorted_result
show grants;
select * from mysql.roles_mapping where HostFk='';
--sorted_result
show grants;
set role none;
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
--sorted_result
show grants;
--error ER_INVALID_ROLE
set role test_role2;
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
#Make sure that this still works after an ER_INVALID_ROLE error
--sorted_result
show grants;
set role test_role1;
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping where HostFk='';
--sorted_result
show grants;
set role none;
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
......
......@@ -7,9 +7,12 @@ update mysql.user set is_role='Y' where user='test_role1';
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'test_role1');
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping;
grant select on *.* to 'test_role1'@'';
--sorted_result
select * from mysql.user where user='test_role1';
flush privileges;
......@@ -18,9 +21,12 @@ change_user 'test_user';
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
--sorted_result
show grants;
set role test_role1;
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping;
set role none;
......
......@@ -309,6 +309,9 @@ static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
const char *ip);
static bool show_proxy_grants (THD *thd, LEX_USER *user,
char *buff, size_t buffsize);
static bool show_role_grants(THD *thd, LEX_USER *lex_user,
ACL_USER_BASE *acl_entry,
char *buff, size_t buffsize);
static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
ACL_USER_BASE *acl_entry, bool handle_as_role,
char *buff, size_t buffsize);
......@@ -6300,6 +6303,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
DBUG_RETURN(TRUE);
}
/* Show granted roles to acl_user */
if (show_role_grants(thd, lex_user, acl_user, buff, sizeof(buff)))
{
error= -1;
goto end;
}
/* Add first global access grants */
if (show_global_privileges(thd, lex_user, acl_user, FALSE, buff, sizeof(buff)))
{
......@@ -6349,6 +6359,42 @@ end:
DBUG_RETURN(error);
}
static bool show_role_grants(THD *thd, LEX_USER *lex_user,
ACL_USER_BASE *acl_entry,
char *buff, size_t buffsize)
{
uint counter;
Protocol *protocol= thd->protocol;
String grant(buff,sizeof(buff),system_charset_info);
for (counter= 0; counter < acl_entry->role_grants.elements; counter++)
{
grant.length(0);
grant.append(STRING_WITH_LEN("GRANT "));
ACL_ROLE *acl_role= *(dynamic_element(&acl_entry->role_grants, counter,
ACL_ROLE**));
grant.append(acl_role->user.str, acl_role->user.length,
system_charset_info);
grant.append(STRING_WITH_LEN(" TO '"));
grant.append(lex_user->user.str, lex_user->user.length,
system_charset_info);
if (!(acl_entry->flags & IS_ROLE))
{
grant.append(STRING_WITH_LEN("'@'"));
grant.append(lex_user->host.str, lex_user->host.length,
system_charset_info);
}
grant.append('\'');
protocol->prepare_for_resend();
protocol->store(grant.ptr(),grant.length(),grant.charset());
if (protocol->write())
{
return TRUE;
}
}
return FALSE;
}
static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
ACL_USER_BASE *acl_entry, bool handle_as_role,
char *buff, size_t buffsize)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment