database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-31 22:22:30 +03:00
Code Activity

Added more tests to grant2. Fixed some previous tests.

Browse Source 
Added new logic to ACL system:

1) If GRANT OPTION (not mysql db):
   Ok to update existing user, but not password.
   Not allowed to make a new user.

2) If UPDATE_ACL to mysql DB:
   Ok to update current user, but not make a new one.

3) If INSERT_ACL to mysql DB:
   Ok to add a new user, but not modify existing.

4) If GRANT OPTION to mysql DB:
   All modifications OK.


mysql-test/r/grant2.result:
  Added more ACL tests and fixed results in some old tests.
mysql-test/t/grant2.test:
  Added more ACL tests and fixed results in some old tests.
sql/sql_acl.h:
  Made check_acl_user() visible to sql_parse.cc
sql/sql_parse.cc:
  Added new logic to ACL system:
  
  1) If GRANT OPTION (not mysql db):
     Ok to update existing user, but not password.
     Not allowed to make a new user.
  
  2) If UPDATE_ACL to mysql DB:
     Ok to update current user, but not make a new one.
  
  3) If INSERT_ACL to mysql DB:
     Ok to add a new user, but not modify existing.
  
  4) If GRANT OPTION to mysql DB:
     All modifications OK.
This commit is contained in:
unknown
2005-03-18 13:32:28 +02:00
parent 0f58efbd48
commit c94570057c
4 changed files with 86 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
sql/sql_parse.cc
View File

@@ -3629,18 +3629,36 @@ unsent_create_error:
if (thd->user) // If not replication
{
LEX_USER *user;
uint counter;
List_iterator <LEX_USER> user_list(lex->users_list);
while ((user=user_list++))
{
if (user->password.str &&
(strcmp(thd->user, user->user.str) ||
user->host.str &&
my_strcasecmp(system_charset_info,
user->host.str, thd->host_or_ip)))
if (strcmp(thd->user, user->user.str) ||
user->host.str &&
my_strcasecmp(system_charset_info,
user->host.str, thd->host_or_ip))
{
if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 0))
goto error;
break; // We are allowed to do changes
// We are trying to update another user, or create a new user
if (!check_access(thd, GRANT_ACL, "mysql", 0, 1, 1))
break; // We can update any existing, or add new users
if (!check_acl_user(user, &counter) &&
check_access(thd, INSERT_ACL, "mysql", 0, 1, 1))
{
my_error(ER_NO_PERMISSION_TO_CREATE_USER, MYF(0),
thd->user, thd->host_or_ip);
goto error; // Can't create new user, user does not exists
}
if (check_acl_user(user, &counter) &&
user->password.str &&
check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1))
{
my_message(ER_PASSWORD_NOT_ALLOWED,
ER(ER_PASSWORD_NOT_ALLOWED), MYF(0));
goto error; // Can't update password, user already exists
}
}
}
}