database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

Various bug fixes.

Browse Source 
Also updated tests to reflect new show grants functionality.
This commit is contained in:
Vicențiu Ciorbaru
2013-10-18 06:34:27 -07:00
committed by Sergei Golubchik
parent 8c7ca88a6c
commit d24ead2c6f
6 changed files with 69 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
mysql-test/r/acl_roles_rename_user.result
View File

@ -13,8 +13,8 @@ flush privileges;
use mysql; use mysql;
select * from roles_mapping; select * from roles_mapping;
HostFk UserFk RoleFk HostFk UserFk RoleFk
localhost test_user test_role1
test_role1 test_role2 test_role1 test_role2
localhost test_user test_role1
rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost'; rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
select user, host from user where user like 'test%'; select user, host from user where user like 'test%';
user host user host
@ -23,8 +23,8 @@ test_role2
test_user_rm newhost test_user_rm newhost
select * from roles_mapping; select * from roles_mapping;
HostFk UserFk RoleFk HostFk UserFk RoleFk
newhost test_user_rm test_role1
test_role1 test_role2 test_role1 test_role2
newhost test_user_rm test_role1
rename user 'test_role2'@'' to 'test_role2_rm'@''; rename user 'test_role2'@'' to 'test_role2_rm'@'';
select user, host from user where user like 'test%'; select user, host from user where user like 'test%';
user host user host
@ -33,8 +33,8 @@ test_role2_rm
test_user_rm newhost test_user_rm newhost
select * from roles_mapping; select * from roles_mapping;
HostFk UserFk RoleFk HostFk UserFk RoleFk
newhost test_user_rm test_role1
test_role1 test_role2_rm test_role1 test_role2_rm
newhost test_user_rm test_role1
rename user 'test_role1'@'' to 'test_role1_rm'@''; rename user 'test_role1'@'' to 'test_role1_rm'@'';
select user, host from user where user like 'test%'; select user, host from user where user like 'test%';
user host user host
@ -43,8 +43,8 @@ test_role2_rm
test_user_rm newhost test_user_rm newhost
select * from roles_mapping; select * from roles_mapping;
HostFk UserFk RoleFk HostFk UserFk RoleFk
newhost test_user_rm test_role1_rm
test_role1_rm test_role2_rm test_role1_rm test_role2_rm
newhost test_user_rm test_role1_rm
delete from mysql.roles_mapping; delete from mysql.roles_mapping;
delete from mysql.user where user like 'test%'; delete from mysql.user where user like 'test%';
flush privileges; flush privileges;

2
mysql-test/r/acl_roles_set_role-multiple-role.result
View File

@ -72,6 +72,7 @@ GRANT r_upd TO 'test_user'@'localhost'
set role r_sel; set role r_sel;
show grants; show grants;
Grants for test_user@localhost Grants for test_user@localhost
GRANT SELECT ON *.* TO 'r_sel'
GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost' GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost' GRANT r_del TO 'test_user'@'localhost'
@ -92,6 +93,7 @@ localhost test_user r_upd
set role r_ins; set role r_ins;
show grants; show grants;
Grants for test_user@localhost Grants for test_user@localhost
GRANT INSERT ON *.* TO 'r_ins'
GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost' GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost' GRANT r_del TO 'test_user'@'localhost'

8
mysql-test/r/acl_roles_set_role-recursive.result
View File

@ -38,6 +38,8 @@ GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1; set role test_role1;
show grants; show grants;
Grants for test_user@localhost Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk=''; select * from mysql.roles_mapping where HostFk='';
@ -45,6 +47,8 @@ HostFk UserFk RoleFk
test_role1 test_role2 test_role1 test_role2
show grants; show grants;
Grants for test_user@localhost Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost'
set role none; set role none;
@ -73,6 +77,8 @@ GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1; set role test_role1;
show grants; show grants;
Grants for test_user@localhost Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk=''; select * from mysql.roles_mapping where HostFk='';
@ -80,6 +86,8 @@ HostFk UserFk RoleFk
test_role1 test_role2 test_role1 test_role2
show grants; show grants;
Grants for test_user@localhost Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost'
set role none; set role none;

1
mysql-test/r/acl_roles_set_role-simple.result
View File

@ -25,6 +25,7 @@ GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1; set role test_role1;
show grants; show grants;
Grants for test_user@localhost Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping; select * from mysql.roles_mapping;

7
mysql-test/t/acl_roles_rename_user.test
View File

@ -16,20 +16,27 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
flush privileges; flush privileges;
use mysql; use mysql;
--sorted_result
select * from roles_mapping; select * from roles_mapping;
#regular user rename #regular user rename
rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost'; rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
--sorted_result
select user, host from user where user like 'test%'; select user, host from user where user like 'test%';
--sorted_result
select * from roles_mapping; select * from roles_mapping;
rename user 'test_role2'@'' to 'test_role2_rm'@''; rename user 'test_role2'@'' to 'test_role2_rm'@'';
--sorted_result
select user, host from user where user like 'test%'; select user, host from user where user like 'test%';
--sorted_result
select * from roles_mapping; select * from roles_mapping;
#role rename #role rename
rename user 'test_role1'@'' to 'test_role1_rm'@''; rename user 'test_role1'@'' to 'test_role1_rm'@'';
--sorted_result
select user, host from user where user like 'test%'; select user, host from user where user like 'test%';
--sorted_result
select * from roles_mapping; select * from roles_mapping;
delete from mysql.roles_mapping; delete from mysql.roles_mapping;

59
sql/sql_acl.cc
View File

@ -730,11 +730,15 @@ static my_bool acl_role_propagate_grants(ACL_ROLE *role,
void * not_used __attribute__((unused))); void * not_used __attribute__((unused)));
static int add_role_user_mapping(ROLE_GRANT_PAIR *mapping); static int add_role_user_mapping(ROLE_GRANT_PAIR *mapping);
static void role_explore_create_list(ACL_ROLE *role, void *context_data); static void role_explore_create_list(ACL_ROLE *unused,
ACL_ROLE *role,
void *context_data);
static bool role_explore_start_access_check(ACL_ROLE *role, void *unused); static bool role_explore_start_access_check(ACL_ROLE *role, void *unused);
static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour, static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
void *unused); void *unused);
static void role_explore_set_final_access_bits(ACL_ROLE *current, void *unused); static void role_explore_set_final_access_bits(ACL_ROLE *parent,
ACL_ROLE *current,
void *unused);
static int traverse_role_graph(ACL_ROLE *role, static int traverse_role_graph(ACL_ROLE *role,
void *context_data, void *context_data,
bool (*on_start) (ACL_ROLE *role, bool (*on_start) (ACL_ROLE *role,
@ -745,7 +749,8 @@ static int traverse_role_graph(ACL_ROLE *role,
bool (*on_cycle) (ACL_ROLE *current, bool (*on_cycle) (ACL_ROLE *current,
ACL_ROLE *neighbour, ACL_ROLE *neighbour,
void *context_data), void *context_data),
void (*on_finish)(ACL_ROLE *current, void (*on_finish)(ACL_ROLE *parent,
ACL_ROLE *current,
void *context_data)); void *context_data));
static void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source); static void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source);
@ -2477,7 +2482,8 @@ void merge_role_grant_privileges(ACL_ROLE *target, ACL_ROLE *source)
/* TODO */ /* TODO */
} }
static void role_explore_create_list(ACL_ROLE *role, void *context_data) static void role_explore_create_list(ACL_ROLE *unused __attribute__((unused)),
ACL_ROLE *role, void *context_data)
{ {
DYNAMIC_ARRAY *list= (DYNAMIC_ARRAY *)context_data; DYNAMIC_ARRAY *list= (DYNAMIC_ARRAY *)context_data;
push_dynamic(list, (uchar*)&role); push_dynamic(list, (uchar*)&role);
@ -2508,7 +2514,8 @@ static bool role_explore_merge_if_final(ACL_ROLE *current, ACL_ROLE *neighbour,
return FALSE; return FALSE;
} }
static void role_explore_set_final_access_bits(ACL_ROLE *current, static void role_explore_set_final_access_bits(ACL_ROLE *parent,
ACL_ROLE *current,
void *unused __attribute__((unused))) void *unused __attribute__((unused)))
{ {
current->flags|= ROLE_GRANTS_FINAL; current->flags|= ROLE_GRANTS_FINAL;
@ -2517,6 +2524,10 @@ static void role_explore_set_final_access_bits(ACL_ROLE *current,
DBUG_PRINT("info", DBUG_PRINT("info",
("Setting final access for node: %s %lu", ("Setting final access for node: %s %lu",
current->user.str, current->access)); current->user.str, current->access));
if (parent)
{
merge_role_grant_privileges(parent, current);
}
} }
/* /*
@ -2554,7 +2565,8 @@ static int traverse_role_graph(ACL_ROLE *role,
bool (*on_cycle) (ACL_ROLE *current, bool (*on_cycle) (ACL_ROLE *current,
ACL_ROLE *neighbour, ACL_ROLE *neighbour,
void *context_data), void *context_data),
void (*on_finish)(ACL_ROLE *current, void (*on_finish)(ACL_ROLE *parent,
ACL_ROLE *current,
void *context_data)) void *context_data))
{ {
@ -2672,7 +2684,19 @@ static int traverse_role_graph(ACL_ROLE *role,
curr_state->node_data->flags|= ROLE_EXPLORED; curr_state->node_data->flags|= ROLE_EXPLORED;
push_dynamic(&to_clear, (uchar*)&curr_state->node_data); push_dynamic(&to_clear, (uchar*)&curr_state->node_data);
if (on_finish) if (on_finish)
on_finish(curr_state->node_data, context_data); {
NODE_STATE *parent= NULL;
if (stack.elements)
{
parent= dynamic_element(&stack, stack.elements - 1, NODE_STATE *);
on_finish(parent->node_data, curr_state->node_data, context_data);
}
else
{
/* no parent node, this is the starting node */
on_finish(NULL, curr_state->node_data, context_data);
}
}
} }
} }
@ -6597,12 +6621,13 @@ static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
global.append (STRING_WITH_LEN(" ON *.* TO '")); global.append (STRING_WITH_LEN(" ON *.* TO '"));
global.append(lex_user->user.str, lex_user->user.length, global.append(lex_user->user.str, lex_user->user.length,
system_charset_info); system_charset_info);
global.append('\'');
if (!handle_as_role) if (!handle_as_role)
{ {
ACL_USER *acl_user= (ACL_USER *)acl_entry; ACL_USER *acl_user= (ACL_USER *)acl_entry;
global.append (STRING_WITH_LEN("'@'")); global.append (STRING_WITH_LEN("@'"));
global.append(lex_user->host.str, lex_user->host.length, global.append(lex_user->host.str, lex_user->host.length,
system_charset_info); system_charset_info);
global.append ('\''); global.append ('\'');
@ -6683,6 +6708,7 @@ static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
"MAX_USER_CONNECTIONS", 1); "MAX_USER_CONNECTIONS", 1);
} }
} }
protocol->prepare_for_resend(); protocol->prepare_for_resend();
protocol->store(global.ptr(),global.length(),global.charset()); protocol->store(global.ptr(),global.length(),global.charset());
if (protocol->write()) if (protocol->write())
@ -7656,11 +7682,20 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop,
struct_no, idx, user, host)); struct_no, idx, user, host));
#endif #endif
if ((strcmp(user_from->user.str, user) || if (struct_no == ROLES_MAPPINGS_HASH)
my_strcasecmp(system_charset_info, user_from->host.str, host)) && {
(role_not_matched= strcmp(user_from->user.str, role)) role_not_matched= strcmp(user_from->user.str, role);
) if (role_not_matched &&
(strcmp(user_from->user.str, user) ||
my_strcasecmp(system_charset_info, user_from->host.str, host)))
continue; continue;
}
else
{
if (strcmp(user_from->user.str, user) ||
my_strcasecmp(system_charset_info, user_from->host.str, host))
continue;
}
result= 1; /* At least one element found. */ result= 1; /* At least one element found. */
if ( drop ) if ( drop )