mirror of
https://github.com/MariaDB/server.git
synced 2025-08-08 11:22:35 +03:00
Revert "[MDEV-7978] add show create user"
Appoligies, had a dirty branch before pushing: This reverts commit053653a23c. This reverts commit0ff897807f. This reverts commit85b085972b. This reverts commitf3f45e46b6. This reverts commita470b3570a. This reverts commitf8b8d202bc. This reverts commit6b6f066fdd. This reverts commita701e9e6c3. This reverts commitc169838611.
This commit is contained in:
Daniel Black
@@ -1,93 +0,0 @@
|
||||
select * from mysql.user where user = 'root' and host = 'localhost';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
localhost root Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 0 0 0 0 N N 0.000000
|
||||
# Test syntax
|
||||
#
|
||||
# These 2 selects should have no changes from the first one.
|
||||
alter user CURRENT_USER;
|
||||
select * from mysql.user where user = 'root' and host = 'localhost';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
localhost root Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 0 0 0 0 N N 0.000000
|
||||
alter user CURRENT_USER();
|
||||
select * from mysql.user where user = 'root' and host = 'localhost';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
localhost root Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 0 0 0 0 N N 0.000000
|
||||
create user foo;
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N N 0.000000
|
||||
alter user foo;
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N N 0.000000
|
||||
# Test super privilege works correctly with a read only database.
|
||||
SET @start_read_only = @@global.read_only;
|
||||
SET GLOBAL read_only=1;
|
||||
grant create user on *.* to foo;
|
||||
# Currently no super privileges.
|
||||
connect a, localhost, foo;
|
||||
select @@global.read_only;
|
||||
@@global.read_only
|
||||
1
|
||||
alter user foo;
|
||||
ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
|
||||
# Grant super privilege to the user.
|
||||
connection default;
|
||||
grant super on *.* to foo;
|
||||
# We now have super privilege. We should be able to run alter user.
|
||||
connect b, localhost, foo;
|
||||
alter user foo;
|
||||
connection default;
|
||||
SET GLOBAL read_only = @start_read_only;
|
||||
# Test inexistant user.
|
||||
alter user boo;
|
||||
ERROR HY000: Operation ALTER USER failed for 'boo'
|
||||
#--warning ER_CANNOT_USER
|
||||
alter if exists user boo;
|
||||
Warnings:
|
||||
Error 1133 Can't find any matching row in the user table
|
||||
Note 1396 Operation ALTER USER failed for 'boo'
|
||||
# Test password related altering.
|
||||
alter user foo identified by 'something';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N 0 0 0 0 N N 0.000000
|
||||
alter user foo identified by 'something2';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *9CD58369E930E28C8996A89DB18B63294E6DC10C N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N 0 0 0 0 N N 0.000000
|
||||
alter user foo identified by password '*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N 0 0 0 0 N N 0.000000
|
||||
alter user foo identified with 'somecoolplugin';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N 0 0 0 0 somecoolplugin N N 0.000000
|
||||
alter user foo identified with 'somecoolplugin' using 'somecoolpassphrase';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N 0 0 0 0 somecoolplugin somecoolpassphrase N N 0.000000
|
||||
# Test ssl related altering.
|
||||
alter user foo identified by 'something' require SSL;
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N ANY 0 0 0 0 N N 0.000000
|
||||
alter user foo identified by 'something' require X509;
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N X509 0 0 0 0 N N 0.000000
|
||||
alter user foo identified by 'something'
|
||||
require cipher 'text' issuer 'foo_issuer' subject 'foo_subject';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N SPECIFIED text foo_issuer foo_subject 0 0 0 0 N N 0.000000
|
||||
# Test resource limits altering.
|
||||
alter user foo with MAX_QUERIES_PER_HOUR 10
|
||||
MAX_UPDATES_PER_HOUR 20
|
||||
MAX_CONNECTIONS_PER_HOUR 30
|
||||
MAX_USER_CONNECTIONS 40;
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N SPECIFIED text foo_issuer foo_subject 10 20 30 40 N N 0.000000
|
||||
drop user foo;
|
||||
@@ -1,72 +0,0 @@
|
||||
create user foo;
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo identified by 'password';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo identified by 'password' require SSL;
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N ANY 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo identified by 'password' require X509;
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N X509 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo identified by 'password' require CIPHER 'cipher';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo identified by 'password' require ISSUER 'issuer';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED issuer 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo identified by 'password' require SUBJECT 'subject';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED subject 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo identified by 'password' require CIPHER 'cipher'
|
||||
SUBJECT 'subject';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher subject 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo identified by 'password' require CIPHER 'cipher'
|
||||
AND SUBJECT 'subject'
|
||||
AND ISSUER 'issuer';
|
||||
select * from mysql.user where user = 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 N N 0.000000
|
||||
drop user foo;
|
||||
create user foo, foo2 identified by 'password' require CIPHER 'cipher'
|
||||
AND SUBJECT 'subject'
|
||||
AND ISSUER 'issuer';
|
||||
select * from mysql.user where user like 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 N N 0.000000
|
||||
#--warning ER_USER_CREATE_EXISTS
|
||||
create user if not exists foo, foo2 identified by 'password2'
|
||||
require CIPHER 'cipher2' AND SUBJECT 'subject2' AND ISSUER 'issuer2';
|
||||
Warnings:
|
||||
Note 1973 Can't create user 'foo'@'%'; it already exists
|
||||
Note 1973 Can't create user 'foo2'@'%'; it already exists
|
||||
select * from mysql.user where user like 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 N N 0.000000
|
||||
drop user foo, foo2;
|
||||
create user foo with MAX_QUERIES_PER_HOUR 10
|
||||
MAX_UPDATES_PER_HOUR 20
|
||||
MAX_CONNECTIONS_PER_HOUR 30
|
||||
MAX_USER_CONNECTIONS 40;
|
||||
select * from mysql.user where user like 'foo';
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
|
||||
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 10 20 30 40 N N 0.000000
|
||||
drop user foo;
|
||||
@@ -1360,7 +1360,7 @@ performance-schema-max-rwlock-instances -1
|
||||
performance-schema-max-socket-classes 10
|
||||
performance-schema-max-socket-instances -1
|
||||
performance-schema-max-stage-classes 150
|
||||
performance-schema-max-statement-classes 180
|
||||
performance-schema-max-statement-classes 178
|
||||
performance-schema-max-table-handles -1
|
||||
performance-schema-max-table-instances -1
|
||||
performance-schema-max-thread-classes 50
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
create user foo;
|
||||
show create user foo;
|
||||
CREATE USER for foo@%
|
||||
CREATE USER 'foo'@'%'
|
||||
create user foo@test;
|
||||
show create user foo@test;
|
||||
CREATE USER for foo@test
|
||||
CREATE USER 'foo'@'test'
|
||||
create user foo2@test identified by 'password';
|
||||
show create user foo2@test;
|
||||
CREATE USER for foo2@test
|
||||
CREATE USER 'foo2'@'test' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19'
|
||||
alter user foo2@test identified with 'someplugin' as 'somepassword';
|
||||
show create user foo2@test;
|
||||
CREATE USER for foo2@test
|
||||
CREATE USER 'foo2'@'test' IDENTIFIED VIA someplugin USING 'somepassword'
|
||||
create user foo3@test require SSL;
|
||||
show create user foo3@test;
|
||||
CREATE USER for foo3@test
|
||||
CREATE USER 'foo3'@'test' REQUIRE SSL
|
||||
create user foo4@test require cipher 'text' issuer 'foo_issuer' subject 'foo_subject';
|
||||
show create user foo4@test;
|
||||
CREATE USER for foo4@test
|
||||
CREATE USER 'foo4'@'test' REQUIRE ISSUER 'foo_issuer' SUBJECT 'foo_subject' CIPHER 'text'
|
||||
create user foo5@test require SSL
|
||||
with MAX_QUERIES_PER_HOUR 10
|
||||
MAX_UPDATES_PER_HOUR 20
|
||||
MAX_CONNECTIONS_PER_HOUR 30
|
||||
MAX_USER_CONNECTIONS 40
|
||||
MAX_STATEMENT_TIME 0.5;
|
||||
show create user foo5@test;
|
||||
CREATE USER for foo5@test
|
||||
CREATE USER 'foo5'@'test' REQUIRE SSL WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30 MAX_USER_CONNECTIONS 40 MAX_STATEMENT_TIME 0.500000
|
||||
drop user foo5@test;
|
||||
drop user foo4@test;
|
||||
drop user foo3@test;
|
||||
drop user foo2@test;
|
||||
drop user foo@test;
|
||||
drop user foo;
|
||||
@@ -2825,9 +2825,9 @@ READ_ONLY YES
|
||||
COMMAND_LINE_ARGUMENT REQUIRED
|
||||
VARIABLE_NAME PERFORMANCE_SCHEMA_MAX_STATEMENT_CLASSES
|
||||
SESSION_VALUE NULL
|
||||
GLOBAL_VALUE 180
|
||||
GLOBAL_VALUE 178
|
||||
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
||||
DEFAULT_VALUE 180
|
||||
DEFAULT_VALUE 178
|
||||
VARIABLE_SCOPE GLOBAL
|
||||
VARIABLE_TYPE BIGINT UNSIGNED
|
||||
VARIABLE_COMMENT Maximum number of statement instruments.
|
||||
|
||||
@@ -3021,9 +3021,9 @@ READ_ONLY YES
|
||||
COMMAND_LINE_ARGUMENT REQUIRED
|
||||
VARIABLE_NAME PERFORMANCE_SCHEMA_MAX_STATEMENT_CLASSES
|
||||
SESSION_VALUE NULL
|
||||
GLOBAL_VALUE 180
|
||||
GLOBAL_VALUE 178
|
||||
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
||||
DEFAULT_VALUE 180
|
||||
DEFAULT_VALUE 178
|
||||
VARIABLE_SCOPE GLOBAL
|
||||
VARIABLE_TYPE BIGINT UNSIGNED
|
||||
VARIABLE_COMMENT Maximum number of statement instruments.
|
||||
|
||||
@@ -1,82 +0,0 @@
|
||||
--source include/not_embedded.inc
|
||||
--enable_connect_log
|
||||
|
||||
|
||||
select * from mysql.user where user = 'root' and host = 'localhost';
|
||||
--echo # Test syntax
|
||||
--echo #
|
||||
--echo # These 2 selects should have no changes from the first one.
|
||||
alter user CURRENT_USER;
|
||||
select * from mysql.user where user = 'root' and host = 'localhost';
|
||||
alter user CURRENT_USER();
|
||||
select * from mysql.user where user = 'root' and host = 'localhost';
|
||||
|
||||
create user foo;
|
||||
select * from mysql.user where user = 'foo';
|
||||
alter user foo;
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
--echo # Test super privilege works correctly with a read only database.
|
||||
SET @start_read_only = @@global.read_only;
|
||||
SET GLOBAL read_only=1;
|
||||
grant create user on *.* to foo;
|
||||
|
||||
--echo # Currently no super privileges.
|
||||
connect (a, localhost, foo);
|
||||
select @@global.read_only;
|
||||
|
||||
--error ER_OPTION_PREVENTS_STATEMENT
|
||||
alter user foo;
|
||||
|
||||
--echo # Grant super privilege to the user.
|
||||
connection default;
|
||||
grant super on *.* to foo;
|
||||
|
||||
--echo # We now have super privilege. We should be able to run alter user.
|
||||
connect (b, localhost, foo);
|
||||
alter user foo;
|
||||
|
||||
connection default;
|
||||
SET GLOBAL read_only = @start_read_only;
|
||||
|
||||
--echo # Test inexistant user.
|
||||
--error ER_CANNOT_USER
|
||||
alter user boo;
|
||||
--echo #--warning ER_CANNOT_USER
|
||||
alter if exists user boo;
|
||||
|
||||
--echo # Test password related altering.
|
||||
alter user foo identified by 'something';
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
alter user foo identified by 'something2';
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
alter user foo identified by password '*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63';
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
alter user foo identified with 'somecoolplugin';
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
alter user foo identified with 'somecoolplugin' using 'somecoolpassphrase';
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
--echo # Test ssl related altering.
|
||||
alter user foo identified by 'something' require SSL;
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
alter user foo identified by 'something' require X509;
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
alter user foo identified by 'something'
|
||||
require cipher 'text' issuer 'foo_issuer' subject 'foo_subject';
|
||||
select * from mysql.user where user = 'foo';
|
||||
|
||||
--echo # Test resource limits altering.
|
||||
alter user foo with MAX_QUERIES_PER_HOUR 10
|
||||
MAX_UPDATES_PER_HOUR 20
|
||||
MAX_CONNECTIONS_PER_HOUR 30
|
||||
MAX_USER_CONNECTIONS 40;
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
--disable_connect_log
|
||||
@@ -1,58 +0,0 @@
|
||||
--source include/not_embedded.inc
|
||||
|
||||
create user foo;
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo identified by 'password';
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo identified by 'password' require SSL;
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo identified by 'password' require X509;
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo identified by 'password' require CIPHER 'cipher';
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo identified by 'password' require ISSUER 'issuer';
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo identified by 'password' require SUBJECT 'subject';
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo identified by 'password' require CIPHER 'cipher'
|
||||
SUBJECT 'subject';
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo identified by 'password' require CIPHER 'cipher'
|
||||
AND SUBJECT 'subject'
|
||||
AND ISSUER 'issuer';
|
||||
select * from mysql.user where user = 'foo';
|
||||
drop user foo;
|
||||
|
||||
create user foo, foo2 identified by 'password' require CIPHER 'cipher'
|
||||
AND SUBJECT 'subject'
|
||||
AND ISSUER 'issuer';
|
||||
select * from mysql.user where user like 'foo';
|
||||
|
||||
--echo #--warning ER_USER_CREATE_EXISTS
|
||||
create user if not exists foo, foo2 identified by 'password2'
|
||||
require CIPHER 'cipher2' AND SUBJECT 'subject2' AND ISSUER 'issuer2';
|
||||
select * from mysql.user where user like 'foo';
|
||||
drop user foo, foo2;
|
||||
|
||||
create user foo with MAX_QUERIES_PER_HOUR 10
|
||||
MAX_UPDATES_PER_HOUR 20
|
||||
MAX_CONNECTIONS_PER_HOUR 30
|
||||
MAX_USER_CONNECTIONS 40;
|
||||
select * from mysql.user where user like 'foo';
|
||||
drop user foo;
|
||||
@@ -1,34 +0,0 @@
|
||||
--source include/not_embedded.inc
|
||||
|
||||
create user foo;
|
||||
show create user foo;
|
||||
|
||||
create user foo@test;
|
||||
show create user foo@test;
|
||||
|
||||
create user foo2@test identified by 'password';
|
||||
show create user foo2@test;
|
||||
|
||||
alter user foo2@test identified with 'someplugin' as 'somepassword';
|
||||
show create user foo2@test;
|
||||
|
||||
create user foo3@test require SSL;
|
||||
show create user foo3@test;
|
||||
|
||||
create user foo4@test require cipher 'text' issuer 'foo_issuer' subject 'foo_subject';
|
||||
show create user foo4@test;
|
||||
|
||||
create user foo5@test require SSL
|
||||
with MAX_QUERIES_PER_HOUR 10
|
||||
MAX_UPDATES_PER_HOUR 20
|
||||
MAX_CONNECTIONS_PER_HOUR 30
|
||||
MAX_USER_CONNECTIONS 40
|
||||
MAX_STATEMENT_TIME 0.5;
|
||||
show create user foo5@test;
|
||||
|
||||
drop user foo5@test;
|
||||
drop user foo4@test;
|
||||
drop user foo3@test;
|
||||
drop user foo2@test;
|
||||
drop user foo@test;
|
||||
drop user foo;
|
||||
@@ -3676,7 +3676,6 @@ SHOW_VAR com_status_vars[]= {
|
||||
{"alter_server", STMT_STATUS(SQLCOM_ALTER_SERVER)},
|
||||
{"alter_table", STMT_STATUS(SQLCOM_ALTER_TABLE)},
|
||||
{"alter_tablespace", STMT_STATUS(SQLCOM_ALTER_TABLESPACE)},
|
||||
{"alter_user", STMT_STATUS(SQLCOM_ALTER_USER)},
|
||||
{"analyze", STMT_STATUS(SQLCOM_ANALYZE)},
|
||||
{"assign_to_keycache", STMT_STATUS(SQLCOM_ASSIGN_TO_KEYCACHE)},
|
||||
{"begin", STMT_STATUS(SQLCOM_BEGIN)},
|
||||
@@ -3766,7 +3765,6 @@ SHOW_VAR com_status_vars[]= {
|
||||
{"show_create_proc", STMT_STATUS(SQLCOM_SHOW_CREATE_PROC)},
|
||||
{"show_create_table", STMT_STATUS(SQLCOM_SHOW_CREATE)},
|
||||
{"show_create_trigger", STMT_STATUS(SQLCOM_SHOW_CREATE_TRIGGER)},
|
||||
{"show_create_user", STMT_STATUS(SQLCOM_SHOW_CREATE_USER)},
|
||||
{"show_databases", STMT_STATUS(SQLCOM_SHOW_DATABASES)},
|
||||
{"show_engine_logs", STMT_STATUS(SQLCOM_SHOW_ENGINE_LOGS)},
|
||||
{"show_engine_mutex", STMT_STATUS(SQLCOM_SHOW_ENGINE_MUTEX)},
|
||||
|
||||
@@ -241,7 +241,6 @@ sp_get_flags_for_command(LEX *lex)
|
||||
case SQLCOM_SHOW_CREATE_PROC:
|
||||
case SQLCOM_SHOW_CREATE_EVENT:
|
||||
case SQLCOM_SHOW_CREATE_TRIGGER:
|
||||
case SQLCOM_SHOW_CREATE_USER:
|
||||
case SQLCOM_SHOW_DATABASES:
|
||||
case SQLCOM_SHOW_ERRORS:
|
||||
case SQLCOM_SHOW_EXPLAIN:
|
||||
@@ -310,7 +309,6 @@ sp_get_flags_for_command(LEX *lex)
|
||||
case SQLCOM_CREATE_USER:
|
||||
case SQLCOM_CREATE_ROLE:
|
||||
case SQLCOM_ALTER_TABLE:
|
||||
case SQLCOM_ALTER_USER:
|
||||
case SQLCOM_GRANT:
|
||||
case SQLCOM_GRANT_ROLE:
|
||||
case SQLCOM_REVOKE:
|
||||
|
||||
315
sql/sql_acl.cc
315
sql/sql_acl.cc
@@ -7756,94 +7756,6 @@ static void add_user_option(String *grant, double value, const char *name)
|
||||
}
|
||||
}
|
||||
|
||||
static void add_user_parameters(String *result, ACL_USER* acl_user,
|
||||
bool with_grant)
|
||||
{
|
||||
result->append(STRING_WITH_LEN("@'"));
|
||||
result->append(acl_user->host.hostname, acl_user->hostname_length,
|
||||
system_charset_info);
|
||||
result->append('\'');
|
||||
|
||||
if (acl_user->plugin.str == native_password_plugin_name.str ||
|
||||
acl_user->plugin.str == old_password_plugin_name.str)
|
||||
{
|
||||
if (acl_user->auth_string.length)
|
||||
{
|
||||
DBUG_ASSERT(acl_user->salt_len);
|
||||
result->append(STRING_WITH_LEN(" IDENTIFIED BY PASSWORD '"));
|
||||
result->append(acl_user->auth_string.str, acl_user->auth_string.length);
|
||||
result->append('\'');
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
result->append(STRING_WITH_LEN(" IDENTIFIED VIA "));
|
||||
result->append(acl_user->plugin.str, acl_user->plugin.length);
|
||||
if (acl_user->auth_string.length)
|
||||
{
|
||||
result->append(STRING_WITH_LEN(" USING '"));
|
||||
result->append(acl_user->auth_string.str, acl_user->auth_string.length);
|
||||
result->append('\'');
|
||||
}
|
||||
}
|
||||
/* "show grants" SSL related stuff */
|
||||
if (acl_user->ssl_type == SSL_TYPE_ANY)
|
||||
result->append(STRING_WITH_LEN(" REQUIRE SSL"));
|
||||
else if (acl_user->ssl_type == SSL_TYPE_X509)
|
||||
result->append(STRING_WITH_LEN(" REQUIRE X509"));
|
||||
else if (acl_user->ssl_type == SSL_TYPE_SPECIFIED)
|
||||
{
|
||||
int ssl_options = 0;
|
||||
result->append(STRING_WITH_LEN(" REQUIRE "));
|
||||
if (acl_user->x509_issuer)
|
||||
{
|
||||
ssl_options++;
|
||||
result->append(STRING_WITH_LEN("ISSUER \'"));
|
||||
result->append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
|
||||
result->append('\'');
|
||||
}
|
||||
if (acl_user->x509_subject)
|
||||
{
|
||||
if (ssl_options++)
|
||||
result->append(' ');
|
||||
result->append(STRING_WITH_LEN("SUBJECT \'"));
|
||||
result->append(acl_user->x509_subject,strlen(acl_user->x509_subject),
|
||||
system_charset_info);
|
||||
result->append('\'');
|
||||
}
|
||||
if (acl_user->ssl_cipher)
|
||||
{
|
||||
if (ssl_options++)
|
||||
result->append(' ');
|
||||
result->append(STRING_WITH_LEN("CIPHER '"));
|
||||
result->append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher),
|
||||
system_charset_info);
|
||||
result->append('\'');
|
||||
}
|
||||
}
|
||||
if (with_grant ||
|
||||
(acl_user->user_resource.questions ||
|
||||
acl_user->user_resource.updates ||
|
||||
acl_user->user_resource.conn_per_hour ||
|
||||
acl_user->user_resource.user_conn ||
|
||||
acl_user->user_resource.max_statement_time != 0.0))
|
||||
{
|
||||
result->append(STRING_WITH_LEN(" WITH"));
|
||||
if (with_grant)
|
||||
result->append(STRING_WITH_LEN(" GRANT OPTION"));
|
||||
add_user_option(result, acl_user->user_resource.questions,
|
||||
"MAX_QUERIES_PER_HOUR", false);
|
||||
add_user_option(result, acl_user->user_resource.updates,
|
||||
"MAX_UPDATES_PER_HOUR", false);
|
||||
add_user_option(result, acl_user->user_resource.conn_per_hour,
|
||||
"MAX_CONNECTIONS_PER_HOUR", false);
|
||||
add_user_option(result, acl_user->user_resource.user_conn,
|
||||
"MAX_USER_CONNECTIONS", true);
|
||||
add_user_option(result, acl_user->user_resource.max_statement_time,
|
||||
"MAX_STATEMENT_TIME");
|
||||
}
|
||||
}
|
||||
|
||||
static const char *command_array[]=
|
||||
{
|
||||
"SELECT", "INSERT", "UPDATE", "DELETE", "CREATE", "DROP", "RELOAD",
|
||||
@@ -7890,77 +7802,6 @@ static bool print_grants_for_role(THD *thd, ACL_ROLE * role)
|
||||
}
|
||||
|
||||
|
||||
bool mysql_show_create_user(THD *thd, LEX_USER *lex_user)
|
||||
{
|
||||
const char *username = safe_str(lex_user->user.str);
|
||||
const char *hostname = safe_str(lex_user->host.str);
|
||||
char buff[1024]; //Show create user should not take more than 1024 bytes.
|
||||
Protocol *protocol= thd->protocol;
|
||||
bool error= false;
|
||||
ACL_USER *acl_user;
|
||||
DBUG_ENTER("mysql_show_create_user");
|
||||
|
||||
// Check if the command specifies a username or not.
|
||||
if (lex_user->user.str == current_user.str)
|
||||
{
|
||||
username= thd->security_ctx->priv_user;
|
||||
hostname= thd->security_ctx->priv_host;
|
||||
}
|
||||
|
||||
List<Item> field_list;
|
||||
strxmov(buff, "CREATE USER for ", username, "@", hostname, NullS);
|
||||
Item_string *field = new (thd->mem_root) Item_string_ascii(thd, "", 0);
|
||||
if (!field)
|
||||
{
|
||||
my_error(ER_OUTOFMEMORY, MYF(0));
|
||||
DBUG_RETURN(true);
|
||||
}
|
||||
|
||||
field->name= buff;
|
||||
field->max_length= sizeof(buff);
|
||||
field_list.push_back(field, thd->mem_root);
|
||||
if (protocol->send_result_set_metadata(&field_list,
|
||||
Protocol::SEND_NUM_ROWS |
|
||||
Protocol::SEND_EOF))
|
||||
DBUG_RETURN(true);
|
||||
|
||||
String result(buff, sizeof(buff), system_charset_info);
|
||||
result.length(0);
|
||||
mysql_rwlock_rdlock(&LOCK_grant);
|
||||
mysql_mutex_lock(&acl_cache->lock);
|
||||
|
||||
acl_user= find_user_exact(hostname, username);
|
||||
|
||||
// User not found in the internal data structures.
|
||||
if (!acl_user)
|
||||
{
|
||||
my_error(ER_PASSWORD_NO_MATCH, MYF(0));
|
||||
error= true;
|
||||
goto end;
|
||||
}
|
||||
|
||||
result.append("CREATE USER '");
|
||||
result.append(username);
|
||||
result.append('\'');
|
||||
|
||||
add_user_parameters(&result, acl_user, false);
|
||||
|
||||
protocol->prepare_for_resend();
|
||||
protocol->store(result.ptr(), result.length(), result.charset());
|
||||
if (protocol->write())
|
||||
{
|
||||
error= true;
|
||||
}
|
||||
my_eof(thd);
|
||||
|
||||
end:
|
||||
mysql_rwlock_unlock(&LOCK_grant);
|
||||
mysql_mutex_unlock(&acl_cache->lock);
|
||||
|
||||
DBUG_RETURN(error);
|
||||
}
|
||||
|
||||
|
||||
static int show_grants_callback(ACL_USER_BASE *role, void *data)
|
||||
{
|
||||
THD *thd= (THD *)data;
|
||||
@@ -7970,6 +7811,7 @@ static int show_grants_callback(ACL_USER_BASE *role, void *data)
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void mysql_show_grants_get_fields(THD *thd, List<Item> *fields,
|
||||
const char *name)
|
||||
{
|
||||
@@ -8244,7 +8086,93 @@ static bool show_global_privileges(THD *thd, ACL_USER_BASE *acl_entry,
|
||||
global.append('\'');
|
||||
|
||||
if (!handle_as_role)
|
||||
add_user_parameters(&global, (ACL_USER *)acl_entry, (want_access & GRANT_ACL));
|
||||
{
|
||||
ACL_USER *acl_user= (ACL_USER *)acl_entry;
|
||||
|
||||
global.append (STRING_WITH_LEN("@'"));
|
||||
global.append(acl_user->host.hostname, acl_user->hostname_length,
|
||||
system_charset_info);
|
||||
global.append ('\'');
|
||||
|
||||
if (acl_user->plugin.str == native_password_plugin_name.str ||
|
||||
acl_user->plugin.str == old_password_plugin_name.str)
|
||||
{
|
||||
if (acl_user->auth_string.length)
|
||||
{
|
||||
DBUG_ASSERT(acl_user->salt_len);
|
||||
global.append(STRING_WITH_LEN(" IDENTIFIED BY PASSWORD '"));
|
||||
global.append(acl_user->auth_string.str, acl_user->auth_string.length);
|
||||
global.append('\'');
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
global.append(STRING_WITH_LEN(" IDENTIFIED VIA "));
|
||||
global.append(acl_user->plugin.str, acl_user->plugin.length);
|
||||
if (acl_user->auth_string.length)
|
||||
{
|
||||
global.append(STRING_WITH_LEN(" USING '"));
|
||||
global.append(acl_user->auth_string.str, acl_user->auth_string.length);
|
||||
global.append('\'');
|
||||
}
|
||||
}
|
||||
/* "show grants" SSL related stuff */
|
||||
if (acl_user->ssl_type == SSL_TYPE_ANY)
|
||||
global.append(STRING_WITH_LEN(" REQUIRE SSL"));
|
||||
else if (acl_user->ssl_type == SSL_TYPE_X509)
|
||||
global.append(STRING_WITH_LEN(" REQUIRE X509"));
|
||||
else if (acl_user->ssl_type == SSL_TYPE_SPECIFIED)
|
||||
{
|
||||
int ssl_options = 0;
|
||||
global.append(STRING_WITH_LEN(" REQUIRE "));
|
||||
if (acl_user->x509_issuer)
|
||||
{
|
||||
ssl_options++;
|
||||
global.append(STRING_WITH_LEN("ISSUER \'"));
|
||||
global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
|
||||
global.append('\'');
|
||||
}
|
||||
if (acl_user->x509_subject)
|
||||
{
|
||||
if (ssl_options++)
|
||||
global.append(' ');
|
||||
global.append(STRING_WITH_LEN("SUBJECT \'"));
|
||||
global.append(acl_user->x509_subject,strlen(acl_user->x509_subject),
|
||||
system_charset_info);
|
||||
global.append('\'');
|
||||
}
|
||||
if (acl_user->ssl_cipher)
|
||||
{
|
||||
if (ssl_options++)
|
||||
global.append(' ');
|
||||
global.append(STRING_WITH_LEN("CIPHER '"));
|
||||
global.append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher),
|
||||
system_charset_info);
|
||||
global.append('\'');
|
||||
}
|
||||
}
|
||||
if ((want_access & GRANT_ACL) ||
|
||||
(acl_user->user_resource.questions ||
|
||||
acl_user->user_resource.updates ||
|
||||
acl_user->user_resource.conn_per_hour ||
|
||||
acl_user->user_resource.user_conn ||
|
||||
acl_user->user_resource.max_statement_time != 0.0))
|
||||
{
|
||||
global.append(STRING_WITH_LEN(" WITH"));
|
||||
if (want_access & GRANT_ACL)
|
||||
global.append(STRING_WITH_LEN(" GRANT OPTION"));
|
||||
add_user_option(&global, acl_user->user_resource.questions,
|
||||
"MAX_QUERIES_PER_HOUR", false);
|
||||
add_user_option(&global, acl_user->user_resource.updates,
|
||||
"MAX_UPDATES_PER_HOUR", false);
|
||||
add_user_option(&global, acl_user->user_resource.conn_per_hour,
|
||||
"MAX_CONNECTIONS_PER_HOUR", false);
|
||||
add_user_option(&global, acl_user->user_resource.user_conn,
|
||||
"MAX_USER_CONNECTIONS", true);
|
||||
add_user_option(&global, acl_user->user_resource.max_statement_time,
|
||||
"MAX_STATEMENT_TIME");
|
||||
}
|
||||
}
|
||||
|
||||
protocol->prepare_for_resend();
|
||||
protocol->store(global.ptr(),global.length(),global.charset());
|
||||
@@ -9912,73 +9840,6 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
|
||||
DBUG_RETURN(result);
|
||||
}
|
||||
|
||||
/*
|
||||
Alter a user's connection and resource settings.
|
||||
|
||||
SYNOPSIS
|
||||
mysql_alter_user()
|
||||
thd The current thread.
|
||||
list The users to alter.
|
||||
|
||||
RETURN
|
||||
> 0 Error. Error message already sent.
|
||||
0 OK.
|
||||
*/
|
||||
int mysql_alter_user(THD* thd, List<LEX_USER> &users_list)
|
||||
{
|
||||
DBUG_ENTER("mysql_alter_user");
|
||||
int result= 0;
|
||||
TABLE_LIST tables[TABLES_MAX];
|
||||
String wrong_users;
|
||||
// The only table we're altering is the user table.
|
||||
if ((result= open_grant_tables(thd, tables, TL_WRITE, Table_user)))
|
||||
DBUG_RETURN(result);
|
||||
|
||||
// Lock ACL data structures until we finish altering all users.
|
||||
mysql_rwlock_wrlock(&LOCK_grant);
|
||||
mysql_mutex_lock(&acl_cache->lock);
|
||||
|
||||
LEX_USER *tmp_lex_user;
|
||||
List_iterator<LEX_USER> users_list_iterator(users_list);
|
||||
while ((tmp_lex_user= users_list_iterator++))
|
||||
{
|
||||
LEX_USER* lex_user= get_current_user(thd, tmp_lex_user, false);
|
||||
if (!lex_user ||
|
||||
fix_lex_user(thd, lex_user) ||
|
||||
replace_user_table(thd, tables[USER_TABLE].table, *lex_user,0,
|
||||
false, false, true))
|
||||
{
|
||||
thd->clear_error();
|
||||
append_user(thd, &wrong_users, tmp_lex_user);
|
||||
result= TRUE;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
// Unlock ACL data structures.
|
||||
mysql_mutex_unlock(&acl_cache->lock);
|
||||
mysql_rwlock_unlock(&LOCK_grant);
|
||||
|
||||
if (result)
|
||||
{
|
||||
// 'if exists' flag leads to warnings instead of errors.
|
||||
if (thd->lex->create_info.if_exists())
|
||||
{
|
||||
push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE,
|
||||
ER_CANNOT_USER,
|
||||
ER_THD(thd, ER_CANNOT_USER),
|
||||
"ALTER USER", wrong_users.c_ptr_safe());
|
||||
result= FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
my_error(ER_CANNOT_USER, MYF(0),
|
||||
"ALTER USER",
|
||||
wrong_users.c_ptr_safe());
|
||||
}
|
||||
}
|
||||
DBUG_RETURN(result);
|
||||
}
|
||||
|
||||
/*
|
||||
Revoke all privileges from a list of users.
|
||||
|
||||
@@ -246,7 +246,6 @@ bool get_show_user(THD *thd, LEX_USER *lex_user, const char **username,
|
||||
void mysql_show_grants_get_fields(THD *thd, List<Item> *fields,
|
||||
const char *name);
|
||||
bool mysql_show_grants(THD *thd, LEX_USER *user);
|
||||
bool mysql_show_create_user(THD *thd, LEX_USER *user);
|
||||
int fill_schema_enabled_roles(THD *thd, TABLE_LIST *tables, COND *cond);
|
||||
int fill_schema_applicable_roles(THD *thd, TABLE_LIST *tables, COND *cond);
|
||||
void get_privilege_desc(char *to, uint max_length, ulong access);
|
||||
@@ -254,7 +253,6 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc);
|
||||
bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role);
|
||||
bool mysql_drop_user(THD *thd, List <LEX_USER> &list, bool handle_as_role);
|
||||
bool mysql_rename_user(THD *thd, List <LEX_USER> &list);
|
||||
int mysql_alter_user(THD *thd, List <LEX_USER> &list);
|
||||
bool mysql_revoke_all(THD *thd, List <LEX_USER> &list);
|
||||
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
|
||||
const char *db, const char *table);
|
||||
|
||||
@@ -93,8 +93,6 @@ enum enum_sql_command {
|
||||
SQLCOM_CREATE_ROLE, SQLCOM_DROP_ROLE, SQLCOM_GRANT_ROLE, SQLCOM_REVOKE_ROLE,
|
||||
SQLCOM_COMPOUND,
|
||||
SQLCOM_SHOW_GENERIC,
|
||||
SQLCOM_ALTER_USER,
|
||||
SQLCOM_SHOW_CREATE_USER,
|
||||
|
||||
/*
|
||||
When a command is added here, be sure it's also added in mysqld.cc
|
||||
|
||||
@@ -422,7 +422,6 @@ void init_update_queries(void)
|
||||
sql_command_flags[SQLCOM_SHOW_EXPLAIN]= CF_STATUS_COMMAND;
|
||||
sql_command_flags[SQLCOM_SHOW_PROCESSLIST]= CF_STATUS_COMMAND;
|
||||
sql_command_flags[SQLCOM_SHOW_GRANTS]= CF_STATUS_COMMAND;
|
||||
sql_command_flags[SQLCOM_SHOW_CREATE_USER]= CF_STATUS_COMMAND;
|
||||
sql_command_flags[SQLCOM_SHOW_CREATE_DB]= CF_STATUS_COMMAND;
|
||||
sql_command_flags[SQLCOM_SHOW_CREATE]= CF_STATUS_COMMAND;
|
||||
sql_command_flags[SQLCOM_SHOW_MASTER_STAT]= CF_STATUS_COMMAND;
|
||||
@@ -444,7 +443,6 @@ void init_update_queries(void)
|
||||
sql_command_flags[SQLCOM_CREATE_USER]= CF_CHANGES_DATA;
|
||||
sql_command_flags[SQLCOM_RENAME_USER]= CF_CHANGES_DATA;
|
||||
sql_command_flags[SQLCOM_DROP_USER]= CF_CHANGES_DATA;
|
||||
sql_command_flags[SQLCOM_ALTER_USER]= CF_CHANGES_DATA;
|
||||
sql_command_flags[SQLCOM_CREATE_ROLE]= CF_CHANGES_DATA;
|
||||
sql_command_flags[SQLCOM_GRANT]= CF_CHANGES_DATA;
|
||||
sql_command_flags[SQLCOM_GRANT_ROLE]= CF_CHANGES_DATA;
|
||||
@@ -508,7 +506,6 @@ void init_update_queries(void)
|
||||
sql_command_flags[SQLCOM_CHECKSUM]= CF_REPORT_PROGRESS;
|
||||
|
||||
sql_command_flags[SQLCOM_CREATE_USER]|= CF_AUTO_COMMIT_TRANS;
|
||||
sql_command_flags[SQLCOM_ALTER_USER]|= CF_AUTO_COMMIT_TRANS;
|
||||
sql_command_flags[SQLCOM_DROP_USER]|= CF_AUTO_COMMIT_TRANS;
|
||||
sql_command_flags[SQLCOM_RENAME_USER]|= CF_AUTO_COMMIT_TRANS;
|
||||
sql_command_flags[SQLCOM_CREATE_ROLE]|= CF_AUTO_COMMIT_TRANS;
|
||||
@@ -604,7 +601,6 @@ void init_update_queries(void)
|
||||
sql_command_flags[SQLCOM_ALTER_EVENT]|= CF_DISALLOW_IN_RO_TRANS;
|
||||
sql_command_flags[SQLCOM_DROP_EVENT]|= CF_DISALLOW_IN_RO_TRANS;
|
||||
sql_command_flags[SQLCOM_CREATE_USER]|= CF_DISALLOW_IN_RO_TRANS;
|
||||
sql_command_flags[SQLCOM_ALTER_USER]|= CF_DISALLOW_IN_RO_TRANS;
|
||||
sql_command_flags[SQLCOM_RENAME_USER]|= CF_DISALLOW_IN_RO_TRANS;
|
||||
sql_command_flags[SQLCOM_DROP_USER]|= CF_DISALLOW_IN_RO_TRANS;
|
||||
sql_command_flags[SQLCOM_CREATE_SERVER]|= CF_DISALLOW_IN_RO_TRANS;
|
||||
@@ -4407,7 +4403,6 @@ mysql_execute_command(THD *thd)
|
||||
my_ok(thd);
|
||||
break;
|
||||
}
|
||||
case SQLCOM_ALTER_USER:
|
||||
case SQLCOM_RENAME_USER:
|
||||
{
|
||||
if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 1) &&
|
||||
@@ -4415,11 +4410,7 @@ mysql_execute_command(THD *thd)
|
||||
break;
|
||||
/* Conditionally writes to binlog */
|
||||
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL)
|
||||
if (lex->sql_command == SQLCOM_ALTER_USER)
|
||||
res= mysql_alter_user(thd, lex->users_list);
|
||||
else
|
||||
res= mysql_rename_user(thd, lex->users_list);
|
||||
if (!res)
|
||||
if (!(res= mysql_rename_user(thd, lex->users_list)))
|
||||
my_ok(thd);
|
||||
break;
|
||||
}
|
||||
@@ -4716,7 +4707,6 @@ mysql_execute_command(THD *thd)
|
||||
break;
|
||||
|
||||
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
||||
case SQLCOM_SHOW_CREATE_USER:
|
||||
case SQLCOM_SHOW_GRANTS:
|
||||
{
|
||||
LEX_USER *grant_user= lex->grant_user;
|
||||
@@ -4724,20 +4714,7 @@ mysql_execute_command(THD *thd)
|
||||
goto error;
|
||||
|
||||
WSREP_SYNC_WAIT(thd, WSREP_SYNC_WAIT_BEFORE_SHOW);
|
||||
if (grant_user->user.str && !strcmp(sctx->priv_user, grant_user->user.str) &&
|
||||
grant_user->host.str && !strcmp(sctx->priv_host, grant_user->host.str))
|
||||
grant_user->user= current_user;
|
||||
|
||||
if (grant_user->user.str == current_user.str ||
|
||||
grant_user->user.str == current_role.str ||
|
||||
grant_user->user.str == current_user_and_current_role.str ||
|
||||
!check_access(thd, SELECT_ACL, "mysql", NULL, NULL, 1, 0))
|
||||
{
|
||||
if (lex->sql_command == SQLCOM_SHOW_GRANTS)
|
||||
res = mysql_show_grants(thd, grant_user);
|
||||
else
|
||||
res = mysql_show_create_user(thd, grant_user);
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -2531,8 +2531,7 @@ create:
|
||||
Lex->create_view_suid= TRUE;
|
||||
}
|
||||
view_or_trigger_or_sp_or_event { }
|
||||
| create_or_replace USER opt_if_not_exists clear_privileges grant_list
|
||||
opt_require_clause opt_resource_options
|
||||
| create_or_replace USER_SYM opt_if_not_exists clear_privileges grant_list
|
||||
{
|
||||
if (Lex->set_command_with_check(SQLCOM_CREATE_USER, $1 | $3))
|
||||
MYSQL_YYABORT;
|
||||
@@ -7107,13 +7106,6 @@ alter:
|
||||
lex->sql_command= SQLCOM_ALTER_SERVER;
|
||||
lex->server_options.reset($3);
|
||||
} OPTIONS_SYM '(' server_options_list ')' { }
|
||||
/* ALTER USER foo is allowed for MySQL compatibility. */
|
||||
| ALTER opt_if_exists USER clear_privileges grant_list
|
||||
opt_require_clause opt_resource_options
|
||||
{
|
||||
Lex->create_info.set($2);
|
||||
Lex->sql_command= SQLCOM_ALTER_USER;
|
||||
}
|
||||
;
|
||||
|
||||
ev_alter_on_schedule_completion:
|
||||
@@ -12494,18 +12486,6 @@ show_param:
|
||||
lex->sql_command= SQLCOM_SHOW_CREATE_TRIGGER;
|
||||
lex->spname= $3;
|
||||
}
|
||||
| CREATE USER
|
||||
{
|
||||
Lex->sql_command= SQLCOM_SHOW_CREATE_USER;
|
||||
if (!(Lex->grant_user= (LEX_USER*)thd->alloc(sizeof(LEX_USER))))
|
||||
MYSQL_YYABORT;
|
||||
Lex->grant_user->user= current_user;
|
||||
}
|
||||
| CREATE USER user
|
||||
{
|
||||
Lex->sql_command= SQLCOM_SHOW_CREATE_USER;
|
||||
Lex->grant_user= $3;
|
||||
}
|
||||
| PROCEDURE_SYM STATUS_SYM wild_and_where
|
||||
{
|
||||
LEX *lex= Lex;
|
||||
@@ -15056,14 +15036,14 @@ grant:
|
||||
|
||||
grant_command:
|
||||
grant_privileges ON opt_table grant_ident TO_SYM grant_list
|
||||
opt_require_clause opt_grant_options
|
||||
require_clause grant_options
|
||||
{
|
||||
LEX *lex= Lex;
|
||||
lex->sql_command= SQLCOM_GRANT;
|
||||
lex->type= 0;
|
||||
}
|
||||
| grant_privileges ON FUNCTION_SYM grant_ident TO_SYM grant_list
|
||||
opt_require_clause opt_grant_options
|
||||
require_clause grant_options
|
||||
{
|
||||
LEX *lex= Lex;
|
||||
if (lex->columns.elements)
|
||||
@@ -15075,7 +15055,7 @@ grant_command:
|
||||
lex->type= TYPE_ENUM_FUNCTION;
|
||||
}
|
||||
| grant_privileges ON PROCEDURE_SYM grant_ident TO_SYM grant_list
|
||||
opt_require_clause opt_grant_options
|
||||
require_clause grant_options
|
||||
{
|
||||
LEX *lex= Lex;
|
||||
if (lex->columns.elements)
|
||||
@@ -15412,7 +15392,7 @@ column_list_id:
|
||||
}
|
||||
;
|
||||
|
||||
opt_require_clause:
|
||||
require_clause:
|
||||
/* empty */
|
||||
| REQUIRE_SYM require_list
|
||||
{
|
||||
@@ -15432,8 +15412,24 @@ opt_require_clause:
|
||||
}
|
||||
;
|
||||
|
||||
resource_option:
|
||||
MAX_QUERIES_PER_HOUR ulong_num
|
||||
grant_options:
|
||||
/* empty */ {}
|
||||
| WITH grant_option_list
|
||||
;
|
||||
|
||||
opt_grant_option:
|
||||
/* empty */ {}
|
||||
| WITH GRANT OPTION { Lex->grant |= GRANT_ACL;}
|
||||
;
|
||||
|
||||
grant_option_list:
|
||||
grant_option_list grant_option {}
|
||||
| grant_option {}
|
||||
;
|
||||
|
||||
grant_option:
|
||||
GRANT OPTION { Lex->grant |= GRANT_ACL;}
|
||||
| MAX_QUERIES_PER_HOUR ulong_num
|
||||
{
|
||||
LEX *lex=Lex;
|
||||
lex->mqh.questions=$2;
|
||||
@@ -15465,37 +15461,6 @@ resource_option:
|
||||
}
|
||||
;
|
||||
|
||||
resource_option_list:
|
||||
resource_option_list resource_option {}
|
||||
| resource_option {}
|
||||
;
|
||||
|
||||
opt_resource_options:
|
||||
/* empty */ {}
|
||||
| WITH resource_option_list
|
||||
;
|
||||
|
||||
|
||||
opt_grant_options:
|
||||
/* empty */ {}
|
||||
| WITH grant_option_list {}
|
||||
;
|
||||
|
||||
opt_grant_option:
|
||||
/* empty */ {}
|
||||
| WITH GRANT OPTION { Lex->grant |= GRANT_ACL;}
|
||||
;
|
||||
|
||||
grant_option_list:
|
||||
grant_option_list grant_option {}
|
||||
| grant_option {}
|
||||
;
|
||||
|
||||
grant_option:
|
||||
GRANT OPTION { Lex->grant |= GRANT_ACL;}
|
||||
| resource_option {}
|
||||
;
|
||||
|
||||
begin:
|
||||
BEGIN_SYM
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user