Skip to content

M
mariadb
Commit d24ead2c authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik
Browse files
Options

Various bug fixes. 

Also updated tests to reflect new show grants functionality.
parent 8c7ca88a
Hide whitespace changes
Inline Side-by-side
Showing with 69 additions and 16 deletions
mysql-test/r/acl_roles_rename_user.result
View file @ d24ead2c
......@@ -13,8 +13,8 @@ flush privileges;
use mysql;
select * from roles_mapping;
HostFk UserFk RoleFk
localhost test_user test_role1
test_role1 test_role2
localhost test_user test_role1
rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
select user, host from user where user like 'test%';
user host
......@@ -23,8 +23,8 @@ test_role2
test_user_rm newhost
select * from roles_mapping;
HostFk UserFk RoleFk
newhost test_user_rm test_role1
test_role1 test_role2
newhost test_user_rm test_role1
rename user 'test_role2'@'' to 'test_role2_rm'@'';
select user, host from user where user like 'test%';
user host
......@@ -33,8 +33,8 @@ test_role2_rm
test_user_rm newhost
select * from roles_mapping;
HostFk UserFk RoleFk
newhost test_user_rm test_role1
test_role1 test_role2_rm
newhost test_user_rm test_role1
rename user 'test_role1'@'' to 'test_role1_rm'@'';
select user, host from user where user like 'test%';
user host
......@@ -43,8 +43,8 @@ test_role2_rm
test_user_rm newhost
select * from roles_mapping;
HostFk UserFk RoleFk
newhost test_user_rm test_role1_rm
test_role1_rm test_role2_rm
newhost test_user_rm test_role1_rm
delete from mysql.roles_mapping;
delete from mysql.user where user like 'test%';
flush privileges;
mysql-test/r/acl_roles_set_role-multiple-role.result
View file @ d24ead2c
......@@ -72,6 +72,7 @@ GRANT r_upd TO 'test_user'@'localhost'
set role r_sel;
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'r_sel'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
......@@ -92,6 +93,7 @@ localhost test_user r_upd
set role r_ins;
show grants;
Grants for test_user@localhost
GRANT INSERT ON *.* TO 'r_ins'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
......
mysql-test/r/acl_roles_set_role-recursive.result
View file @ d24ead2c
......@@ -38,6 +38,8 @@ GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk='';
......@@ -45,6 +47,8 @@ HostFk UserFk RoleFk
test_role1 test_role2
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role none;
......@@ -73,6 +77,8 @@ GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk='';
......@@ -80,6 +86,8 @@ HostFk UserFk RoleFk
test_role1 test_role2
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role none;
......
mysql-test/r/acl_roles_set_role-simple.result
View file @ d24ead2c
......@@ -25,6 +25,7 @@ GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
......
mysql-test/t/acl_roles_rename_user.test
View file @ d24ead2c
......@@ -16,20 +16,27 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
flush privileges;
use mysql;
--sorted_result
select * from roles_mapping;
#regular user rename
rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
--sorted_result
select user, host from user where user like 'test%';
--sorted_result
select * from roles_mapping;
rename user 'test_role2'@'' to 'test_role2_rm'@'';
--sorted_result
select user, host from user where user like 'test%';
--sorted_result
select * from roles_mapping;
#role rename
rename user 'test_role1'@'' to 'test_role1_rm'@'';
--sorted_result
select user, host from user where user like 'test%';
--sorted_result
select * from roles_mapping;
delete from mysql.roles_mapping;
......
sql/sql_acl.cc
View file @ d24ead2c
......@@ -730,11 +730,15 @@ static my_bool acl_role_propagate_grants(ACL_ROLE *role,
void * not_used __attribute__((unused)));
static int add_role_user_mapping(ROLE_GRANT_PAIR *mapping);
static void role_explore_create_list(ACL_ROLE *role, void *context_data);
static void role_explore_create_list(ACL_ROLE *unused,
ACL_ROLE *role,
void *context_data);
static bool role_explore_start_access_check(ACL_ROLE *role, void *unused);
static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
void *unused);
static void role_explore_set_final_access_bits(ACL_ROLE *current, void *unused);
static void role_explore_set_final_access_bits(ACL_ROLE *parent,
ACL_ROLE *current,
void *unused);
static int traverse_role_graph(ACL_ROLE *role,
void *context_data,
bool (*on_start) (ACL_ROLE *role,
......@@ -745,7 +749,8 @@ static int traverse_role_graph(ACL_ROLE *role,
bool (*on_cycle) (ACL_ROLE *current,
ACL_ROLE *neighbour,
void *context_data),
void (*on_finish)(ACL_ROLE *current,
void (*on_finish)(ACL_ROLE *parent,
ACL_ROLE *current,
void *context_data));
static void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source);
......@@ -2477,7 +2482,8 @@ void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source)
/* TODO */
}
static void role_explore_create_list(ACL_ROLE *role, void *context_data)
static void role_explore_create_list(ACL_ROLE *unused __attribute__((unused)),
ACL_ROLE *role, void *context_data)
{
DYNAMIC_ARRAY *list= (DYNAMIC_ARRAY *)context_data;
push_dynamic(list, (uchar*)&role);
......@@ -2508,7 +2514,8 @@ static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
return FALSE;
}
static void role_explore_set_final_access_bits(ACL_ROLE *current,
static void role_explore_set_final_access_bits(ACL_ROLE *parent,
ACL_ROLE *current,
void *unused __attribute__((unused)))
{
current->flags|= ROLE_GRANTS_FINAL;
......@@ -2517,6 +2524,10 @@ static void role_explore_set_final_access_bits(ACL_ROLE *current,
DBUG_PRINT("info",
("Setting final access for node: %s %lu",
current->user.str, current->access));
if (parent)
{
merge_role_grant_privileges(parent, current);
}
}
/*
......@@ -2554,7 +2565,8 @@ static int traverse_role_graph(ACL_ROLE *role,
bool (*on_cycle) (ACL_ROLE *current,
ACL_ROLE *neighbour,
void *context_data),
void (*on_finish)(ACL_ROLE *current,
void (*on_finish)(ACL_ROLE *parent,
ACL_ROLE *current,
void *context_data))
{
......@@ -2672,7 +2684,19 @@ static int traverse_role_graph(ACL_ROLE *role,
curr_state->node_data->flags|= ROLE_EXPLORED;
push_dynamic(&to_clear, (uchar*)&curr_state->node_data);
if (on_finish)
on_finish(curr_state->node_data, context_data);
{
NODE_STATE *parent= NULL;
if (stack.elements)
{
parent= dynamic_element(&stack, stack.elements - 1, NODE_STATE *);
on_finish(parent->node_data, curr_state->node_data, context_data);
}
else
{
/* no parent node, this is the starting node */
on_finish(NULL, curr_state->node_data, context_data);
}
}
}
}
......@@ -6597,12 +6621,13 @@ static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
global.append (STRING_WITH_LEN(" ON *.* TO '"));
global.append(lex_user->user.str, lex_user->user.length,
system_charset_info);
global.append('\'');
if (!handle_as_role)
{
ACL_USER *acl_user= (ACL_USER *)acl_entry;
global.append (STRING_WITH_LEN("'@'"));
global.append (STRING_WITH_LEN("@'"));
global.append(lex_user->host.str, lex_user->host.length,
system_charset_info);
global.append ('\'');
......@@ -6683,6 +6708,7 @@ static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
"MAX_USER_CONNECTIONS", 1);
}
}
protocol->prepare_for_resend();
protocol->store(global.ptr(),global.length(),global.charset());
if (protocol->write())
......@@ -7656,11 +7682,20 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
struct_no, idx, user, host));
#endif
if ((strcmp(user_from->user.str, user) ||
my_strcasecmp(system_charset_info, user_from->host.str, host)) &&
(role_not_matched= strcmp(user_from->user.str, role))
)
if (struct_no == ROLES_MAPPINGS_HASH)
{
role_not_matched= strcmp(user_from->user.str, role);
if (role_not_matched &&
(strcmp(user_from->user.str, user) ||
my_strcasecmp(system_charset_info, user_from->host.str, host)))
continue;
}
else
{
if (strcmp(user_from->user.str, user) ||
my_strcasecmp(system_charset_info, user_from->host.str, host))
continue;
}
result= 1; /* At least one element found. */
if ( drop )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7