database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

load with_admin flag from the mysql.roles_mapping table

Browse Source
This commit is contained in:
Sergei Golubchik
2013-10-18 12:25:52 -07:00
parent 9d6e9c242e
commit 46622dbea2
3 changed files with 64 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
mysql-test/r/acl_roles_admin.result
View File

@ -34,6 +34,22 @@ Host User Role Admin_option
role4 role3 Y role4 role3 Y
localhost foo role1 Y localhost foo role1 Y
localhost foo role2 N localhost foo role2 N
flush privileges;
show grants for foo@localhost;
Grants for foo@localhost
GRANT USAGE ON *.* TO 'foo'@'localhost'
GRANT role1 TO 'foo'@'localhost' WITH ADMIN OPTION
GRANT role2 TO 'foo'@'localhost'
show grants for role1;
Grants for role1
GRANT USAGE ON *.* TO 'role1'
GRANT USAGE ON *.* TO 'role2'
GRANT role2 TO 'role1'
show grants for role4;
Grants for role4
GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4'
GRANT role3 TO 'role4' WITH ADMIN OPTION
grant role2 to role1 with admin option; grant role2 to role1 with admin option;
revoke role1 from foo@localhost; revoke role1 from foo@localhost;
revoke admin option for role3 from role4; revoke admin option for role3 from role4;
@ -57,5 +73,20 @@ Host User Role Admin_option
role1 role2 Y role1 role2 Y
role4 role3 N role4 role3 N
localhost foo role2 N localhost foo role2 N
flush privileges;
show grants for foo@localhost;
Grants for foo@localhost
GRANT USAGE ON *.* TO 'foo'@'localhost'
GRANT role2 TO 'foo'@'localhost'
show grants for role1;
Grants for role1
GRANT USAGE ON *.* TO 'role1'
GRANT USAGE ON *.* TO 'role2'
GRANT role2 TO 'role1' WITH ADMIN OPTION
show grants for role4;
Grants for role4
GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4'
GRANT role3 TO 'role4'
drop role role1, role2, role3, role4, role5, role6; drop role role1, role2, role3, role4, role5, role6;
drop user foo@localhost; drop user foo@localhost;

14
mysql-test/t/acl_roles_admin.test
View File

@ -29,6 +29,13 @@ show grants for role1;
show grants for role4; show grants for role4;
--sorted_result --sorted_result
select * from mysql.roles_mapping; select * from mysql.roles_mapping;
flush privileges;
--sorted_result
show grants for foo@localhost;
--sorted_result
show grants for role1;
--sorted_result
show grants for role4;
grant role2 to role1 with admin option; grant role2 to role1 with admin option;
revoke role1 from foo@localhost; revoke role1 from foo@localhost;
@ -43,6 +50,13 @@ show grants for role1;
show grants for role4; show grants for role4;
--sorted_result --sorted_result
select * from mysql.roles_mapping; select * from mysql.roles_mapping;
flush privileges;
--sorted_result
show grants for foo@localhost;
--sorted_result
show grants for role1;
--sorted_result
show grants for role4;
######################################## ########################################
# cleanup # cleanup

26
sql/sql_acl.cc
View File

@ -867,6 +867,15 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
return false; return false;
} }
static bool get_YN_as_bool(Field *field)
{
char buff[2];
String res(buff,sizeof(buff),&my_charset_latin1);
field->val_str(&res);
return res[0] == 'Y' || res[0] == 'y';
}
/* /*
Initialize structures responsible for user/db-level privilege checking and Initialize structures responsible for user/db-level privilege checking and
load privilege information for them from tables in the 'mysql' database. load privilege information for them from tables in the 'mysql' database.
@ -1408,8 +1417,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
char *hostname= get_field(&temp_root, table->field[0]); char *hostname= get_field(&temp_root, table->field[0]);
char *username= get_field(&temp_root, table->field[1]); char *username= get_field(&temp_root, table->field[1]);
char *rolename= get_field(&temp_root, table->field[2]); char *rolename= get_field(&temp_root, table->field[2]);
bool with_grant_option= get_YN_as_bool(table->field[3]);
if (mapping->init(&mem, username, hostname, rolename, false)) if (mapping->init(&mem, username, hostname, rolename, with_grant_option))
continue; continue;
if (add_role_user_mapping(mapping) == -1) { if (add_role_user_mapping(mapping) == -1) {
@ -1430,6 +1440,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
mysql_mutex_unlock(&acl_cache->lock); mysql_mutex_unlock(&acl_cache->lock);
} }
else
{
sql_print_error("Missing system table mysql.roles_mapping; "
"please run mysql_upgrade to create it");
}
init_check_host(); init_check_host();
@ -1576,7 +1591,6 @@ end:
DBUG_RETURN(return_val); DBUG_RETURN(return_val);
} }
/* /*
Get all access bits from table after fieldnr Get all access bits from table after fieldnr
@ -1608,8 +1622,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
((Field_enum*) (*pos))->typelib->count == 2 ; ((Field_enum*) (*pos))->typelib->count == 2 ;
pos++, fieldnr++, bit<<=1) pos++, fieldnr++, bit<<=1)
{ {
(*pos)->val_str(&res); if (get_YN_as_bool(*pos))
if (my_toupper(&my_charset_latin1, res[0]) == 'Y')
access_bits|= bit; access_bits|= bit;
} }
if (next_field) if (next_field)
@ -1634,7 +1647,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
FALSE otherwise FALSE otherwise
*/ */
static inline bool check_is_role(TABLE *form) static bool check_is_role(TABLE *form)
{ {
char buff[2]; char buff[2];
String res(buff, sizeof(buff), &my_charset_latin1); String res(buff, sizeof(buff), &my_charset_latin1);
@ -1642,8 +1655,7 @@ static inline bool check_is_role(TABLE *form)
if (form->s->fields <= 42) if (form->s->fields <= 42)
return FALSE; return FALSE;
form->field[ROLE_ASSIGN_COLUMN_IDX]->val_str(&res); if (get_YN_as_bool(form->field[ROLE_ASSIGN_COLUMN_IDX]))
if (my_toupper(&my_charset_latin1, res[0]) == 'Y')
return TRUE; return TRUE;
return FALSE; return FALSE;