diff --git a/mysql-test/r/acl_roles_admin.result b/mysql-test/r/acl_roles_admin.result index a5993897879..40e40909112 100644 --- a/mysql-test/r/acl_roles_admin.result +++ b/mysql-test/r/acl_roles_admin.result @@ -34,6 +34,22 @@ Host User Role Admin_option role4 role3 Y localhost foo role1 Y localhost foo role2 N +flush privileges; +show grants for foo@localhost; +Grants for foo@localhost +GRANT USAGE ON *.* TO 'foo'@'localhost' +GRANT role1 TO 'foo'@'localhost' WITH ADMIN OPTION +GRANT role2 TO 'foo'@'localhost' +show grants for role1; +Grants for role1 +GRANT USAGE ON *.* TO 'role1' +GRANT USAGE ON *.* TO 'role2' +GRANT role2 TO 'role1' +show grants for role4; +Grants for role4 +GRANT USAGE ON *.* TO 'role3' +GRANT USAGE ON *.* TO 'role4' +GRANT role3 TO 'role4' WITH ADMIN OPTION grant role2 to role1 with admin option; revoke role1 from foo@localhost; revoke admin option for role3 from role4; @@ -57,5 +73,20 @@ Host User Role Admin_option role1 role2 Y role4 role3 N localhost foo role2 N +flush privileges; +show grants for foo@localhost; +Grants for foo@localhost +GRANT USAGE ON *.* TO 'foo'@'localhost' +GRANT role2 TO 'foo'@'localhost' +show grants for role1; +Grants for role1 +GRANT USAGE ON *.* TO 'role1' +GRANT USAGE ON *.* TO 'role2' +GRANT role2 TO 'role1' WITH ADMIN OPTION +show grants for role4; +Grants for role4 +GRANT USAGE ON *.* TO 'role3' +GRANT USAGE ON *.* TO 'role4' +GRANT role3 TO 'role4' drop role role1, role2, role3, role4, role5, role6; drop user foo@localhost; diff --git a/mysql-test/t/acl_roles_admin.test b/mysql-test/t/acl_roles_admin.test index 23d7efe5082..a73cc0b4944 100644 --- a/mysql-test/t/acl_roles_admin.test +++ b/mysql-test/t/acl_roles_admin.test @@ -29,6 +29,13 @@ show grants for role1; show grants for role4; --sorted_result select * from mysql.roles_mapping; +flush privileges; +--sorted_result +show grants for foo@localhost; +--sorted_result +show grants for role1; +--sorted_result +show grants for role4; grant role2 to role1 with admin option; revoke role1 from foo@localhost; @@ -43,6 +50,13 @@ show grants for role1; show grants for role4; --sorted_result select * from mysql.roles_mapping; +flush privileges; +--sorted_result +show grants for foo@localhost; +--sorted_result +show grants for role1; +--sorted_result +show grants for role4; ######################################## # cleanup diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index d3818a78c00..a527c2926d6 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -867,6 +867,15 @@ static bool fix_user_plugin_ptr(ACL_USER *user) return false; } +static bool get_YN_as_bool(Field *field) +{ + char buff[2]; + String res(buff,sizeof(buff),&my_charset_latin1); + field->val_str(&res); + return res[0] == 'Y' || res[0] == 'y'; +} + + /* Initialize structures responsible for user/db-level privilege checking and load privilege information for them from tables in the 'mysql' database. @@ -1408,8 +1417,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) char *hostname= get_field(&temp_root, table->field[0]); char *username= get_field(&temp_root, table->field[1]); char *rolename= get_field(&temp_root, table->field[2]); + bool with_grant_option= get_YN_as_bool(table->field[3]); - if (mapping->init(&mem, username, hostname, rolename, false)) + if (mapping->init(&mem, username, hostname, rolename, with_grant_option)) continue; if (add_role_user_mapping(mapping) == -1) { @@ -1430,6 +1440,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) mysql_mutex_unlock(&acl_cache->lock); } + else + { + sql_print_error("Missing system table mysql.roles_mapping; " + "please run mysql_upgrade to create it"); + } init_check_host(); @@ -1576,7 +1591,6 @@ end: DBUG_RETURN(return_val); } - /* Get all access bits from table after fieldnr @@ -1608,8 +1622,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field) ((Field_enum*) (*pos))->typelib->count == 2 ; pos++, fieldnr++, bit<<=1) { - (*pos)->val_str(&res); - if (my_toupper(&my_charset_latin1, res[0]) == 'Y') + if (get_YN_as_bool(*pos)) access_bits|= bit; } if (next_field) @@ -1634,7 +1647,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field) FALSE otherwise */ -static inline bool check_is_role(TABLE *form) +static bool check_is_role(TABLE *form) { char buff[2]; String res(buff, sizeof(buff), &my_charset_latin1); @@ -1642,8 +1655,7 @@ static inline bool check_is_role(TABLE *form) if (form->s->fields <= 42) return FALSE; - form->field[ROLE_ASSIGN_COLUMN_IDX]->val_str(&res); - if (my_toupper(&my_charset_latin1, res[0]) == 'Y') + if (get_YN_as_bool(form->field[ROLE_ASSIGN_COLUMN_IDX])) return TRUE; return FALSE;