Skip to content

M
mariadb
Commit 71da86aa authored by dlenev@mysql.com's avatar dlenev@mysql.com
Browse files
Options

Manual merge of changes making GRANTs, which change SSL attributes and/or 

user limits to behave well on 5.0 tables, into 4.1 tree.
parents d38db210 caade862
Hide whitespace changes
Inline Side-by-side
Showing with 72 additions and 26 deletions
mysql-test/r/grant.result
View file @ 71da86aa
......@@ -37,6 +37,28 @@ Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
delete from mysql.user where user='mysqltest_1';
flush privileges;
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;
select * from mysql.user where user="mysqltest_1";
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 10 0 0
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;
select * from mysql.user where user="mysqltest_1";
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 10 20 30
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30
flush privileges;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
......
mysql-test/t/grant.test
View file @ 71da86aa
......@@ -32,6 +32,23 @@ show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;
#
# Test of GRANTS specifying user limits
#
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
# This is just to double check that one won't ignore results of selects
flush privileges;
show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;
#
# Test that the new db privileges are stored/retrieved correctly
#
......
sql/sql_acl.cc
View file @ 71da86aa
......@@ -1505,6 +1505,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
Field **tmp_field;
ulong priv;
uint next_field;
for (tmp_field= table->field+3, priv = SELECT_ACL;
*tmp_field && (*tmp_field)->real_type() == FIELD_TYPE_ENUM &&
((Field_enum*) (*tmp_field))->typelib->count == 2 ;
......@@ -1513,56 +1514,62 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
if (priv & rights) // set requested privileges
(*tmp_field)->store(&what, 1, &my_charset_latin1);
}
rights=get_access(table,3);
rights= get_access(table, 3, &next_field);
DBUG_PRINT("info",("table->fields: %d",table->fields));
if (table->fields >= 31) /* From 4.0.0 we have more fields */
{
/* We write down SSL related ACL stuff */
switch (thd->lex->ssl_type) {
case SSL_TYPE_ANY:
table->field[24]->store("ANY",3, &my_charset_latin1);
table->field[25]->store("", 0, &my_charset_latin1);
table->field[26]->store("", 0, &my_charset_latin1);
table->field[27]->store("", 0, &my_charset_latin1);
table->field[next_field]->store("ANY", 3, &my_charset_latin1);
table->field[next_field+1]->store("", 0, &my_charset_latin1);
table->field[next_field+2]->store("", 0, &my_charset_latin1);
table->field[next_field+3]->store("", 0, &my_charset_latin1);
break;
case SSL_TYPE_X509:
table->field[24]->store("X509",4, &my_charset_latin1);
table->field[25]->store("", 0, &my_charset_latin1);
table->field[26]->store("", 0, &my_charset_latin1);
table->field[27]->store("", 0, &my_charset_latin1);
table->field[next_field]->store("X509", 4, &my_charset_latin1);
table->field[next_field+1]->store("", 0, &my_charset_latin1);
table->field[next_field+2]->store("", 0, &my_charset_latin1);
table->field[next_field+3]->store("", 0, &my_charset_latin1);
break;
case SSL_TYPE_SPECIFIED:
table->field[24]->store("SPECIFIED",9, &my_charset_latin1);
table->field[25]->store("", 0, &my_charset_latin1);
table->field[26]->store("", 0, &my_charset_latin1);
table->field[27]->store("", 0, &my_charset_latin1);
table->field[next_field]->store("SPECIFIED", 9, &my_charset_latin1);
table->field[next_field+1]->store("", 0, &my_charset_latin1);
table->field[next_field+2]->store("", 0, &my_charset_latin1);
table->field[next_field+3]->store("", 0, &my_charset_latin1);
if (thd->lex->ssl_cipher)
table->field[25]->store(thd->lex->ssl_cipher,
strlen(thd->lex->ssl_cipher), &my_charset_latin1);
table->field[next_field+1]->store(thd->lex->ssl_cipher,
strlen(thd->lex->ssl_cipher),
&my_charset_latin1);
if (thd->lex->x509_issuer)
table->field[26]->store(thd->lex->x509_issuer,
strlen(thd->lex->x509_issuer), &my_charset_latin1);
table->field[next_field+2]->store(thd->lex->x509_issuer,
strlen(thd->lex->x509_issuer),
&my_charset_latin1);
if (thd->lex->x509_subject)
table->field[27]->store(thd->lex->x509_subject,
strlen(thd->lex->x509_subject), &my_charset_latin1);
table->field[next_field+3]->store(thd->lex->x509_subject,
strlen(thd->lex->x509_subject),
&my_charset_latin1);
break;
case SSL_TYPE_NOT_SPECIFIED:
break;
case SSL_TYPE_NONE:
table->field[24]->store("", 0, &my_charset_latin1);
table->field[25]->store("", 0, &my_charset_latin1);
table->field[26]->store("", 0, &my_charset_latin1);
table->field[27]->store("", 0, &my_charset_latin1);
table->field[next_field]->store("", 0, &my_charset_latin1);
table->field[next_field+1]->store("", 0, &my_charset_latin1);
table->field[next_field+2]->store("", 0, &my_charset_latin1);
table->field[next_field+3]->store("", 0, &my_charset_latin1);
break;
}
/* Skip over SSL related fields to first user limits related field */
next_field+= 4;
USER_RESOURCES mqh= thd->lex->mqh;
if (mqh.bits & 1)
table->field[28]->store((longlong) mqh.questions);
table->field[next_field]->store((longlong) mqh.questions);
if (mqh.bits & 2)
table->field[29]->store((longlong) mqh.updates);
table->field[next_field+1]->store((longlong) mqh.updates);
if (mqh.bits & 4)
table->field[30]->store((longlong) mqh.connections);
table->field[next_field+2]->store((longlong) mqh.connections);
mqh_used = mqh_used || mqh.questions || mqh.updates || mqh.connections;
}
if (old_row_exists)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7