- 18 Oct, 2013 40 commits
-
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
functions for traversing the role graph in either direction. merging of global, database, table, column, routine privileges. debug status variables for counting number of privilege merges. tests.
-
Sergei Golubchik authored
Move key function from template parameter to the constructor
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
mainly to avoid the pattern of * get username/hostname/rolename * optionally find the corresponding ACL_USER and ACL_ROLE * allocate memory, concatenate username/hostname/rolename * call a function passing only this memory as an argument ** use concatenated username/etc to find ACL_USER and ACL_ROLE again ** do something * free the object Also to undo push_dynamic we use pop_dynamic now, not a linear search/scan through the dynamic array. as a bonus, role@ is now an invalid way to refer to a role.
-
Sergei Golubchik authored
(and an assert in myisam to catch these bugs easier in the future) update tests/results
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
sql/sp.cc: don't split "user@host" string in db_load_routine, because the caller needs to generate it from user and host. instead pass user and host directly into db_load_routine sql/sql_parse.cc: 1. REVOKE ALL doesn't need invoker. 2. make sp_process_definer() reusable sql/sql_trigger.cc: don't duplicate the code from sp_process_definer(), reuse it sql/sql_view.cc: don't duplicate the code from sp_process_definer(), reuse it
-
Sergei Golubchik authored
* work as documented, use CURRENT_USER() * move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
-
Sergei Golubchik authored
than an empty host '' is the same as any-host wildcard '%'. Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables. Side effect: one cannot have foo@'' and foo@'%' both at the same time (but one can have foo@'%' and foo@'%%')
-
Sergei Golubchik authored
-
Vicențiu Ciorbaru authored
Also fixed possible memory exploit by repeteadly calling: GRANT role to user; where role was already granted to user.
-
Vicențiu Ciorbaru authored
should deal with users, while role related functions should deal with roles.
-
Vicențiu Ciorbaru authored
TODO: Privilege checks are not done upon executing the command.
-
Vicențiu Ciorbaru authored
Fixed segmentation fault caused in traverse_role_graph by previous commit
-
Vicențiu Ciorbaru authored
was halted on a cycle detect. Now the to_clear array is populated during the open event and not the close event.
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
because parser might modify the lex->user (e.g. set lex->user-password). switch to use LEX_STRING current_user string, and also change other similar constants to be LEX_STRING's for consistency.
-
Sergei Golubchik authored
-
Sergei Golubchik authored
mysql-test/r/acl_roles_show_grants.result: one can do SHOW GRANTS for himself mysql-test/t/acl_roles_set_role-table-column-priv.test: correct error message mysql-test/t/acl_roles_show_grants.test: one can SHOW GRANTS for himself sql/sql_acl.cc: bugfixing: * don't assign with && - it can shortcut and the second assignment won't be executed * correct the test in check_grant_all_columns() - want_access should not be modified * sql/sql_cmd.h.OTHER: add new commands at the end sql/sql_db.cc: don't call acl_get() if all privileges are already satisfied (crashes when run with --skip-grants, because acl data stuctures aren't initialized) sql/sql_parse.cc: * test for current_user in get_current_user() * map explicitly specified user@host to current_user
-
Sergei Golubchik authored
-