Various bug fixes.

Also updated tests to reflect new show grants functionality.

Various bug fixes.
Also updated tests to reflect new show grants functionality.
d24ead2c · Vicențiu Ciorbaru · Sergei Golubchik · 8c7ca88a · d24ead2c · d24ead2c
Commit d24ead2c authored Oct 18, 2013 by Vicențiu Ciorbaru Committed by Sergei Golubchik Oct 18, 2013
6 changed files
--- a/mysql-test/r/acl_roles_rename_user.result
+++ b/mysql-test/r/acl_roles_rename_user.result
@@ -13,8 +13,8 @@ flush privileges;
 use mysql;
 select * from roles_mapping;
 HostFk	UserFk	RoleFk
-localhost	test_user	test_role1
 	test_role1	test_role2
+localhost	test_user	test_role1
 rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
 select user, host from user where user like 'test%';
 user	host
@@ -23,8 +23,8 @@ test_role2
 test_user_rm	newhost
 select * from roles_mapping;
 HostFk	UserFk	RoleFk
-newhost	test_user_rm	test_role1
 	test_role1	test_role2
+newhost	test_user_rm	test_role1
 rename user 'test_role2'@'' to 'test_role2_rm'@'';
 select user, host from user where user like 'test%';
 user	host
@@ -33,8 +33,8 @@ test_role2_rm
 test_user_rm	newhost
 select * from roles_mapping;
 HostFk	UserFk	RoleFk
-newhost	test_user_rm	test_role1
 	test_role1	test_role2_rm
+newhost	test_user_rm	test_role1
 rename user 'test_role1'@'' to 'test_role1_rm'@'';
 select user, host from user where user like 'test%';
 user	host
@@ -43,8 +43,8 @@ test_role2_rm
 test_user_rm	newhost
 select * from roles_mapping;
 HostFk	UserFk	RoleFk
-newhost	test_user_rm	test_role1_rm
 	test_role1_rm	test_role2_rm
+newhost	test_user_rm	test_role1_rm
 delete from mysql.roles_mapping;
 delete from mysql.user where user like 'test%';
 flush privileges;
--- a/mysql-test/r/acl_roles_set_role-multiple-role.result
+++ b/mysql-test/r/acl_roles_set_role-multiple-role.result
@@ -72,6 +72,7 @@ GRANT r_upd TO 'test_user'@'localhost'
 set role r_sel;
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'r_sel'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT r_crt TO 'test_user'@'localhost'
 GRANT r_del TO 'test_user'@'localhost'
@@ -92,6 +93,7 @@ localhost	test_user	r_upd
 set role r_ins;
 show grants;
 Grants for test_user@localhost
+GRANT INSERT ON *.* TO 'r_ins'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT r_crt TO 'test_user'@'localhost'
 GRANT r_del TO 'test_user'@'localhost'

--- a/mysql-test/r/acl_roles_set_role-recursive.result
+++ b/mysql-test/r/acl_roles_set_role-recursive.result
@@ -38,6 +38,8 @@ GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role1;
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 select * from mysql.roles_mapping where HostFk='';
@@ -45,6 +47,8 @@ HostFk	UserFk	RoleFk
 	test_role1	test_role2
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 set role none;
@@ -73,6 +77,8 @@ GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role1;
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 select * from mysql.roles_mapping where HostFk='';
@@ -80,6 +86,8 @@ HostFk	UserFk	RoleFk
 	test_role1	test_role2
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 set role none;

--- a/mysql-test/r/acl_roles_set_role-simple.result
+++ b/mysql-test/r/acl_roles_set_role-simple.result
@@ -25,6 +25,7 @@ GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role1;
 show grants;
 Grants for test_user@localhost
+GRANT SELECT ON *.* TO 'test_role1'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 select * from mysql.roles_mapping;

--- a/mysql-test/t/acl_roles_rename_user.test
+++ b/mysql-test/t/acl_roles_rename_user.test
@@ -16,20 +16,27 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
 flush privileges;
 use mysql;
+--sorted_result
 select * from roles_mapping;
 #regular user rename
 rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
+--sorted_result
 select user, host from user where user like 'test%';
+--sorted_result
 select * from roles_mapping;
 rename user 'test_role2'@'' to 'test_role2_rm'@'';
+--sorted_result
 select user, host from user where user like 'test%';
+--sorted_result
 select * from roles_mapping;
 #role rename
 rename user 'test_role1'@'' to 'test_role1_rm'@'';
+--sorted_result
 select user, host from user where user like 'test%';
+--sorted_result
 select * from roles_mapping;
 delete from mysql.roles_mapping;

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -730,11 +730,15 @@ static my_bool acl_role_propagate_grants(ACL_ROLE *role,
                                         void * not_used __attribute__((unused)));
 static int add_role_user_mapping(ROLE_GRANT_PAIR *mapping);
-static void role_explore_create_list(ACL_ROLE *role, void *context_data);
+static void role_explore_create_list(ACL_ROLE *unused,
+                                     ACL_ROLE *role,
+                                     void *context_data);
 static bool role_explore_start_access_check(ACL_ROLE *role, void *unused);
 static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
                                        void *unused);
-static void role_explore_set_final_access_bits(ACL_ROLE *current, void *unused);
+static void role_explore_set_final_access_bits(ACL_ROLE *parent,
+                                               ACL_ROLE *current,
+                                               void *unused);
 static int traverse_role_graph(ACL_ROLE *role,
                               void *context_data,
                               bool (*on_start) (ACL_ROLE *role,
@@ -745,7 +749,8 @@ static int traverse_role_graph(ACL_ROLE *role,
                               bool (*on_cycle) (ACL_ROLE *current,
                                                 ACL_ROLE *neighbour,
                                                 void *context_data),
-                               void (*on_finish)(ACL_ROLE *current,
+                               void (*on_finish)(ACL_ROLE *parent,
+                                                 ACL_ROLE *current,
                                                 void *context_data));
 static void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source);
@@ -2477,7 +2482,8 @@ void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source)
  /* TODO */
 }
-static void role_explore_create_list(ACL_ROLE *role, void *context_data)
+static void role_explore_create_list(ACL_ROLE *unused __attribute__((unused)),
+                                     ACL_ROLE *role, void *context_data)
 {
  DYNAMIC_ARRAY *list= (DYNAMIC_ARRAY *)context_data;
  push_dynamic(list, (uchar*)&role);
@@ -2508,7 +2514,8 @@ static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
  return FALSE;
 }
-static void role_explore_set_final_access_bits(ACL_ROLE *current,
+static void role_explore_set_final_access_bits(ACL_ROLE *parent,
+                                               ACL_ROLE *current,
                                               void *unused __attribute__((unused)))
 {
  current->flags|= ROLE_GRANTS_FINAL;
@@ -2517,6 +2524,10 @@ static void role_explore_set_final_access_bits(ACL_ROLE *current,
  DBUG_PRINT("info",
             ("Setting final access for node: %s %lu",
              current->user.str, current->access));
+  if (parent)
+  {
+    merge_role_grant_privileges(parent, current);
+  }
 }
 /*
@@ -2554,7 +2565,8 @@ static int traverse_role_graph(ACL_ROLE *role,
                               bool (*on_cycle) (ACL_ROLE *current,
                                                 ACL_ROLE *neighbour,
                                                 void *context_data),
-                               void (*on_finish)(ACL_ROLE *current,
+                               void (*on_finish)(ACL_ROLE *parent,
+                                                 ACL_ROLE *current,
                                                 void *context_data))
 {
@@ -2672,7 +2684,19 @@ static int traverse_role_graph(ACL_ROLE *role,
      curr_state->node_data->flags|= ROLE_EXPLORED;
      push_dynamic(&to_clear, (uchar*)&curr_state->node_data);
      if (on_finish)
-        on_finish(curr_state->node_data, context_data);
+      {
+        NODE_STATE *parent= NULL;
+        if (stack.elements)
+        {
+          parent= dynamic_element(&stack, stack.elements - 1, NODE_STATE *);
+          on_finish(parent->node_data, curr_state->node_data, context_data);
+        }
+        else
+        {
+          /* no parent node, this is the starting node */
+          on_finish(NULL, curr_state->node_data, context_data);
+        }
+      }
    }
  }
@@ -6597,12 +6621,13 @@ static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
  global.append (STRING_WITH_LEN(" ON *.* TO '"));
  global.append(lex_user->user.str, lex_user->user.length,
                system_charset_info);
+  global.append('\'');
  if (!handle_as_role)
  {
    ACL_USER *acl_user= (ACL_USER *)acl_entry;
-    global.append (STRING_WITH_LEN("'@'"));
+    global.append (STRING_WITH_LEN("@'"));
    global.append(lex_user->host.str, lex_user->host.length,
                  system_charset_info);
    global.append ('\'');
@@ -6683,6 +6708,7 @@ static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
                      "MAX_USER_CONNECTIONS", 1);
    }
  }
  protocol->prepare_for_resend();
  protocol->store(global.ptr(),global.length(),global.charset());
  if (protocol->write())
@@ -7656,11 +7682,20 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
                       struct_no, idx, user, host));
 #endif
-    if ((strcmp(user_from->user.str, user) ||
+    if (struct_no == ROLES_MAPPINGS_HASH)
-        my_strcasecmp(system_charset_info, user_from->host.str, host)) &&
+    {
-        (role_not_matched= strcmp(user_from->user.str, role))
+      role_not_matched= strcmp(user_from->user.str, role);
-        )
+      if (role_not_matched &&
+          (strcmp(user_from->user.str, user) ||
+           my_strcasecmp(system_charset_info, user_from->host.str, host)))
      continue;
+    }
+    else
+    {
+      if (strcmp(user_from->user.str, user) ||
+          my_strcasecmp(system_charset_info, user_from->host.str, host))
+        continue;
+    }
    result= 1; /* At least one element found. */
    if ( drop )