Commit 71da86aa authored by dlenev@mysql.com's avatar dlenev@mysql.com

Manual merge of changes making GRANTs, which change SSL attributes and/or

user limits to behave well on 5.0 tables, into 4.1 tree.
parents d38db210 caade862
...@@ -37,6 +37,28 @@ Grants for mysqltest_1@localhost ...@@ -37,6 +37,28 @@ Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA' GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
delete from mysql.user where user='mysqltest_1'; delete from mysql.user where user='mysqltest_1';
flush privileges; flush privileges;
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;
select * from mysql.user where user="mysqltest_1";
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 10 0 0
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;
select * from mysql.user where user="mysqltest_1";
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 10 20 30
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30
flush privileges;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost; grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost; show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost Grants for mysqltest_1@localhost
......
...@@ -32,6 +32,23 @@ show grants for mysqltest_1@localhost; ...@@ -32,6 +32,23 @@ show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1'; delete from mysql.user where user='mysqltest_1';
flush privileges; flush privileges;
#
# Test of GRANTS specifying user limits
#
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
# This is just to double check that one won't ignore results of selects
flush privileges;
show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;
# #
# Test that the new db privileges are stored/retrieved correctly # Test that the new db privileges are stored/retrieved correctly
# #
......
...@@ -1505,6 +1505,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, ...@@ -1505,6 +1505,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
Field **tmp_field; Field **tmp_field;
ulong priv; ulong priv;
uint next_field;
for (tmp_field= table->field+3, priv = SELECT_ACL; for (tmp_field= table->field+3, priv = SELECT_ACL;
*tmp_field && (*tmp_field)->real_type() == FIELD_TYPE_ENUM && *tmp_field && (*tmp_field)->real_type() == FIELD_TYPE_ENUM &&
((Field_enum*) (*tmp_field))->typelib->count == 2 ; ((Field_enum*) (*tmp_field))->typelib->count == 2 ;
...@@ -1513,56 +1514,62 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, ...@@ -1513,56 +1514,62 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
if (priv & rights) // set requested privileges if (priv & rights) // set requested privileges
(*tmp_field)->store(&what, 1, &my_charset_latin1); (*tmp_field)->store(&what, 1, &my_charset_latin1);
} }
rights=get_access(table,3); rights= get_access(table, 3, &next_field);
DBUG_PRINT("info",("table->fields: %d",table->fields)); DBUG_PRINT("info",("table->fields: %d",table->fields));
if (table->fields >= 31) /* From 4.0.0 we have more fields */ if (table->fields >= 31) /* From 4.0.0 we have more fields */
{ {
/* We write down SSL related ACL stuff */ /* We write down SSL related ACL stuff */
switch (thd->lex->ssl_type) { switch (thd->lex->ssl_type) {
case SSL_TYPE_ANY: case SSL_TYPE_ANY:
table->field[24]->store("ANY",3, &my_charset_latin1); table->field[next_field]->store("ANY", 3, &my_charset_latin1);
table->field[25]->store("", 0, &my_charset_latin1); table->field[next_field+1]->store("", 0, &my_charset_latin1);
table->field[26]->store("", 0, &my_charset_latin1); table->field[next_field+2]->store("", 0, &my_charset_latin1);
table->field[27]->store("", 0, &my_charset_latin1); table->field[next_field+3]->store("", 0, &my_charset_latin1);
break; break;
case SSL_TYPE_X509: case SSL_TYPE_X509:
table->field[24]->store("X509",4, &my_charset_latin1); table->field[next_field]->store("X509", 4, &my_charset_latin1);
table->field[25]->store("", 0, &my_charset_latin1); table->field[next_field+1]->store("", 0, &my_charset_latin1);
table->field[26]->store("", 0, &my_charset_latin1); table->field[next_field+2]->store("", 0, &my_charset_latin1);
table->field[27]->store("", 0, &my_charset_latin1); table->field[next_field+3]->store("", 0, &my_charset_latin1);
break; break;
case SSL_TYPE_SPECIFIED: case SSL_TYPE_SPECIFIED:
table->field[24]->store("SPECIFIED",9, &my_charset_latin1); table->field[next_field]->store("SPECIFIED", 9, &my_charset_latin1);
table->field[25]->store("", 0, &my_charset_latin1); table->field[next_field+1]->store("", 0, &my_charset_latin1);
table->field[26]->store("", 0, &my_charset_latin1); table->field[next_field+2]->store("", 0, &my_charset_latin1);
table->field[27]->store("", 0, &my_charset_latin1); table->field[next_field+3]->store("", 0, &my_charset_latin1);
if (thd->lex->ssl_cipher) if (thd->lex->ssl_cipher)
table->field[25]->store(thd->lex->ssl_cipher, table->field[next_field+1]->store(thd->lex->ssl_cipher,
strlen(thd->lex->ssl_cipher), &my_charset_latin1); strlen(thd->lex->ssl_cipher),
&my_charset_latin1);
if (thd->lex->x509_issuer) if (thd->lex->x509_issuer)
table->field[26]->store(thd->lex->x509_issuer, table->field[next_field+2]->store(thd->lex->x509_issuer,
strlen(thd->lex->x509_issuer), &my_charset_latin1); strlen(thd->lex->x509_issuer),
&my_charset_latin1);
if (thd->lex->x509_subject) if (thd->lex->x509_subject)
table->field[27]->store(thd->lex->x509_subject, table->field[next_field+3]->store(thd->lex->x509_subject,
strlen(thd->lex->x509_subject), &my_charset_latin1); strlen(thd->lex->x509_subject),
&my_charset_latin1);
break; break;
case SSL_TYPE_NOT_SPECIFIED: case SSL_TYPE_NOT_SPECIFIED:
break; break;
case SSL_TYPE_NONE: case SSL_TYPE_NONE:
table->field[24]->store("", 0, &my_charset_latin1); table->field[next_field]->store("", 0, &my_charset_latin1);
table->field[25]->store("", 0, &my_charset_latin1); table->field[next_field+1]->store("", 0, &my_charset_latin1);
table->field[26]->store("", 0, &my_charset_latin1); table->field[next_field+2]->store("", 0, &my_charset_latin1);
table->field[27]->store("", 0, &my_charset_latin1); table->field[next_field+3]->store("", 0, &my_charset_latin1);
break; break;
} }
/* Skip over SSL related fields to first user limits related field */
next_field+= 4;
USER_RESOURCES mqh= thd->lex->mqh; USER_RESOURCES mqh= thd->lex->mqh;
if (mqh.bits & 1) if (mqh.bits & 1)
table->field[28]->store((longlong) mqh.questions); table->field[next_field]->store((longlong) mqh.questions);
if (mqh.bits & 2) if (mqh.bits & 2)
table->field[29]->store((longlong) mqh.updates); table->field[next_field+1]->store((longlong) mqh.updates);
if (mqh.bits & 4) if (mqh.bits & 4)
table->field[30]->store((longlong) mqh.connections); table->field[next_field+2]->store((longlong) mqh.connections);
mqh_used = mqh_used || mqh.questions || mqh.updates || mqh.connections; mqh_used = mqh_used || mqh.questions || mqh.updates || mqh.connections;
} }
if (old_row_exists) if (old_row_exists)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment