database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-11-09 11:41:36 +03:00
Code Activity
199,494 Commits 3,266 Branches 1,096 Tags
cda1826201cadd8f0d3a2bcbdbfd1ed7118de4b5
Commit Graph

2876 Commits

Author SHA1 Message Date
Vicențiu Ciorbaru
3fa2cb2126 Updated error message in case the user table's format is not up to date and can 
not support roles
 2013-10-18 05:41:34 -07:00
Vicențiu Ciorbaru
ce4851c3d0 Reworked the implementation of create role and drop role. 
Also fixed issue with drop role not clearing internal memory entry
for that role. The issue was due to a condition introduced in handle_grant_data

Updated testsuite to also check the possible error conditions.
 2013-10-18 05:41:25 -07:00
Vicențiu Ciorbaru
db850c525f Added CREATE ROLE support as well as DROP ROLE support. 2013-10-18 05:41:13 -07:00
Vicențiu Ciorbaru
81b2856e10 Refactored yacc grammar to make use of named constants. 2013-10-18 05:16:38 -07:00
Vicențiu Ciorbaru
ccd0c39cf4 Fixed crash caused by dereferencing null pointer. The comparison is no longer necessary there. 2013-10-18 05:13:22 -07:00
Vicențiu Ciorbaru
fe521dc28e Implemented _non recursive_ role specific grants for table/column level privileges 2013-10-18 05:11:16 -07:00
Vicențiu Ciorbaru
2060937353 Grant privilege on *.* to role@''; now updates in memory data structures; 
Revoke privilege on *.* to role@''; also works
 2013-10-18 04:47:55 -07:00
Vicențiu Ciorbaru
3d17d94cd6 Added GRANT privilege ON database.table TO role; functionality 2013-10-18 04:43:09 -07:00
Vicențiu Ciorbaru
01d4f47ef5 Added GRANT privilege ON database.* TO role; functionality 2013-10-18 04:41:18 -07:00
Vicențiu Ciorbaru
d40d356606 Added syntax detection for the GRANT role TO {user | role } command. 
Also added syntax for GRANT privilege TO { role } command
 2013-10-18 04:29:01 -07:00
Vicențiu Ciorbaru
871f6e1631 Removed leftover comment. 2013-10-17 20:52:12 -07:00
Vicențiu Ciorbaru
9fa7f1fcd6 Added cascading role renames to the roles_mappings table. 
TODO: Use an index search on the table, instead of scanning through it.
 2013-10-17 20:51:55 -07:00
Vicențiu Ciorbaru
1007b9232b Added cascading updates from role renames. Also works if a role has been granted to a role. 
This change only updates _in memory_ structures.
 2013-10-17 20:51:46 -07:00
Vicențiu Ciorbaru
2755c342e6 Added extra comments to explain the ACL_USER_BASE flags usage, as well as fix an issue with get_role_access. 
The bug caused roles rights to not be propagated if a push on the stack happened. The newly finished neighbour
was never reevaluated.
 2013-10-17 20:51:37 -07:00
Vicențiu Ciorbaru
f37168d40b Split ACL_USER into ACL_USER_BASE and ACL_USER 
ACL_ROLE now inherits ACL_USER_BASE
 2013-10-17 20:51:28 -07:00
Vicențiu Ciorbaru
68214d21a0 Fixed failing tests due to wrong delete in the testsuite. 2013-10-17 20:51:10 -07:00
Vicențiu Ciorbaru
540673f046 Fixed comment indentation 2013-10-17 20:51:01 -07:00
Vicențiu Ciorbaru
221558efd5 Extended ACL_USER to create ACL_ROLE. 
Moved fields corresponding to role entries to the ACL_ROLE class.
 2013-10-17 20:50:51 -07:00
Vicențiu Ciorbaru
7faba82bab Fixed wrong IS_ROLE check. 2013-10-17 20:50:42 -07:00
Vicențiu Ciorbaru
0624020a76 Implemented the detection of the final access bits of a role via a DEPTH FIRST SEARCH 
from the grant role to role graph.
 2013-10-17 20:50:33 -07:00
Vicențiu Ciorbaru
f22a50b2f9 Added rights propagation for granting a role to a role 2013-10-17 20:50:15 -07:00
Vicențiu Ciorbaru
82a5464a6c Removed unused hash search. 2013-10-17 20:50:06 -07:00
Vicențiu Ciorbaru
9dcc6430b8 Modified add_role_user_mapping to also handle granting a role to a role. 2013-10-17 20:49:56 -07:00
Vicențiu Ciorbaru
c968a59d6e Added a reset_role_grants function specific for roles. The function also 
resets the initial role access bits.
 2013-10-17 20:49:47 -07:00
Vicențiu Ciorbaru
aa4657f872 Added comment to justify error message 2013-10-17 20:49:38 -07:00
Vicențiu Ciorbaru
a5b8939807 Added initial_role_grants variable to ACL_USER 2013-10-17 20:45:49 -07:00
Vicențiu Ciorbaru
45903359bf Fixed USER INVALID error when using anonymous user to login and calling 
SET ROLE NONE;
 2013-10-17 20:45:00 -07:00
Vicențiu Ciorbaru
cf9ebd72c4 Refactored find_mpvio_user. The loop that searches for the user is now a 
separate function.
 2013-10-17 20:44:51 -07:00
Vicențiu Ciorbaru
e8d6425875 Renamed find_acl_user -> find_user_no_anon 2013-10-17 20:39:43 -07:00
Vicențiu Ciorbaru
db25d8f977 Modified set_role_var to implement both a role check in the check() function, 
as well as only set privileges in the update() function.
 2013-10-17 20:39:23 -07:00
Vicențiu Ciorbaru
7d4bfba91a Added error message for invalid role 2013-10-17 15:14:11 -07:00
Vicențiu Ciorbaru
7ec24435b3 Added acl_setrole function. The function enables/disables role privileges to 
the current user via the current security_context
 2013-10-17 15:11:13 -07:00
Vicențiu Ciorbaru
6680bb14a4 Removed no longer used label 2013-10-17 15:11:05 -07:00
Vicențiu Ciorbaru
096e7aa1e0 Fix bug with inserting _pointers_ to ACL_USER in the DYNAMIC_ARRAY of granted 
roles
 2013-10-17 15:10:57 -07:00
Vicențiu Ciorbaru
0d103a6f62 Add a check if user_to is valid to handle_roles_mappings_table 2013-10-17 15:10:49 -07:00
Vicențiu Ciorbaru
fb3e3b9440 Fixed typo 2013-10-17 15:10:40 -07:00
Vicențiu Ciorbaru
565c6c5a1f Cascading updates for roles_mappings are now fully functional. 
Renaming a user via RENAME USER command causes either the user columns
to update, or the role columns.
 2013-10-17 15:10:24 -07:00
Vicențiu Ciorbaru
6bddb93e3c Implemented half of handle_roles_mappings_table. 
The function now handles user updates/deletions correctly.
 2013-10-17 15:10:15 -07:00
Vicențiu Ciorbaru
13a1f6fd72 Changed a call to handle_roles_mappings_table: first parameter is now more readable 2013-10-17 15:10:07 -07:00
Vicențiu Ciorbaru
9506a07159 Added debug info to rebuild_roles_mappings 
Also fixed a bug regarding the HASH iteration. It previously got
the stop condition from a different hashtable and this caused errors
when the hash sizes were different.
 2013-10-17 15:09:58 -07:00
Vicențiu Ciorbaru
0a9428cffc Added debug warning to add_role_user_mapping. 2013-10-17 15:09:50 -07:00
Vicențiu Ciorbaru
df53ed13ac Renamed variables in init_role_grant_pair to make the code more 
consistent.
 2013-10-17 15:09:39 -07:00
Vicențiu Ciorbaru
2f94e542bd Whitespace + comment fix 2013-10-17 15:09:31 -07:00
Vicențiu Ciorbaru
7842ef3052 Added logic to handle the in-memory roles_mappings struct in handle_data_struct. 
The logic is not complete yet.
 2013-10-17 15:09:22 -07:00
Vicențiu Ciorbaru
de472770d3 Removed no longer needed hash_walk_action. The function was used to delete 
no longer valid entries in the roles_mappings HASH. This job will be delegated
to handle_grant_* functions
 2013-10-17 15:09:14 -07:00
Vicențiu Ciorbaru
6988e6c56a The acl_roles_mappings in-memory structure holds the following invariant: 
It will only hold _valid_ entries for as long as it held in memory. Any change
regarding acl_users or acl_roles in memory should update the structure
immediately. This is why the rebuild_roles_mappings no longer removes invalid
entries.

In order to keep things consistent with the existing code, the following jobs
are assigned to each function:

The role of rebuild_roles_mappings is to recreate the links between users and
roles. Any other updates are to be done in the functions:

handle_grant_*

This change prepares the code for the next step, which is cascading updates.
 2013-10-17 15:09:06 -07:00
Vicențiu Ciorbaru
ba43f3551b Refactored some code in acl_load to make use of the new init_role_grant_pair 
function
 2013-10-17 15:06:39 -07:00
Vicențiu Ciorbaru
f8d944a6a0 Added a init_role_mapping function to be used for later 2013-10-17 15:06:29 -07:00
Vicențiu Ciorbaru
573c73225e open_grant_tables now also opens roles_mapping table 2013-10-17 15:06:20 -07:00
Vicențiu Ciorbaru
071c4ce88b Removed no longer needed RoleHostFK as it is not used to link to a Role. 
Also removed code that loads that column into memory.
 2013-10-17 15:06:09 -07:00