diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 08:10:51 -0700 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 08:10:51 -0700 |
| commit | 72d8b533cc102aad6be5046a0fe8b8e63ec1e218 (patch) | |
| tree | edd77fe431acee4ba0fa859a8fcb650dad971771 | |
| parent | 8122996a599fcb6dc600f27fddbed47a2579c6b8 (diff) | |
| download | mariadb-git-72d8b533cc102aad6be5046a0fe8b8e63ec1e218.tar.gz | |
Fixes for mysql-test failures
mysql-test/r/acl_roles_show_grants.result:
one can do SHOW GRANTS for himself
mysql-test/t/acl_roles_set_role-table-column-priv.test:
correct error message
mysql-test/t/acl_roles_show_grants.test:
one can SHOW GRANTS for himself
sql/sql_acl.cc:
bugfixing:
* don't assign with && - it can shortcut and the second assignment won't be executed
* correct the test in check_grant_all_columns() - want_access should not be modified
*
sql/sql_cmd.h.OTHER:
add new commands at the end
sql/sql_db.cc:
don't call acl_get() if all privileges are already satisfied
(crashes when run with --skip-grants, because acl data stuctures aren't initialized)
sql/sql_parse.cc:
* test for current_user in get_current_user()
* map explicitly specified user@host to current_user
28 files changed, 145 insertions, 50 deletions
diff --git a/mysql-test/r/acl_roles_set_role-table-column-priv.result b/mysql-test/r/acl_roles_set_role-table-column-priv.result index bbb964b5d20..4f02b3ec246 100644 --- a/mysql-test/r/acl_roles_set_role-table-column-priv.result +++ b/mysql-test/r/acl_roles_set_role-table-column-priv.result @@ -40,7 +40,7 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_role1' select * from mysql.roles_mapping; -ERROR 42000: command denied to user 'test_user'@'localhost' for table 'roles_mapping' +ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for column 'HostFk' in table 'roles_mapping' select RoleFk from mysql.roles_mapping; RoleFk test_role1 diff --git a/mysql-test/r/acl_roles_show_grants.result b/mysql-test/r/acl_roles_show_grants.result index a28330379b5..7ac434385a7 100644 --- a/mysql-test/r/acl_roles_show_grants.result +++ b/mysql-test/r/acl_roles_show_grants.result @@ -60,7 +60,10 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_user'@'localhost' show grants for test_user@localhost; -ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql' +Grants for test_user@localhost +GRANT test_role2 TO 'test_user'@'localhost' +GRANT test_role1 TO 'test_user'@'localhost' +GRANT USAGE ON *.* TO 'test_user'@'localhost' show grants for test_role1; ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql' show grants for test_role2; diff --git a/mysql-test/r/connect.result b/mysql-test/r/connect.result index b90e558cfaa..1ac1f89eeac 100644 --- a/mysql-test/r/connect.result +++ b/mysql-test/r/connect.result @@ -19,6 +19,7 @@ plugin proc procs_priv proxies_priv +roles_mapping servers slow_log table_stats @@ -57,6 +58,7 @@ plugin proc procs_priv proxies_priv +roles_mapping servers slow_log table_stats @@ -103,6 +105,7 @@ plugin proc procs_priv proxies_priv +roles_mapping servers slow_log table_stats diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index f3910b67dd3..bf67bb5dd6f 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -55,6 +55,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE CIPHER 'EDH-RSA-DES-CBC3-SHA' @@ -126,6 +127,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 @@ -173,6 +175,7 @@ max_connections 30 max_user_connections 0 plugin authentication_string +is_role N show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30 diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index bf25b1c28ee..eabae78a5f2 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -99,6 +99,7 @@ plugin proc procs_priv proxies_priv +roles_mapping servers slow_log t1 @@ -706,6 +707,7 @@ max_questions select,insert,update,references max_connections select,insert,update,references max_user_connections select,insert,update,references authentication_string select,insert,update,references +is_role select,insert,update,references use test; create function sub1(i int) returns int return i+1; diff --git a/mysql-test/r/information_schema_all_engines.result b/mysql-test/r/information_schema_all_engines.result index 3e95d9892cb..62f3ee85530 100644 --- a/mysql-test/r/information_schema_all_engines.result +++ b/mysql-test/r/information_schema_all_engines.result @@ -424,4 +424,4 @@ Wildcard: inf_rmation_schema SELECT table_schema, count(*) FROM information_schema.TABLES WHERE table_schema IN ('mysql', 'INFORMATION_SCHEMA', 'test', 'mysqltest') AND table_name<>'ndb_binlog_index' AND table_name<>'ndb_apply_status' GROUP BY TABLE_SCHEMA; table_schema count(*) information_schema 59 -mysql 27 +mysql 28 diff --git a/mysql-test/r/log_tables_upgrade.result b/mysql-test/r/log_tables_upgrade.result index abae156ac5e..bae329073a7 100644 --- a/mysql-test/r/log_tables_upgrade.result +++ b/mysql-test/r/log_tables_upgrade.result @@ -37,6 +37,7 @@ mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK mysql.renamed_general_log OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK diff --git a/mysql-test/r/mysql_upgrade.result b/mysql-test/r/mysql_upgrade.result index be51cf8ca11..e1c7e78de92 100644 --- a/mysql-test/r/mysql_upgrade.result +++ b/mysql-test/r/mysql_upgrade.result @@ -24,6 +24,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -65,6 +66,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -106,6 +108,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -149,6 +152,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -196,6 +200,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -246,6 +251,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -299,6 +305,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK diff --git a/mysql-test/r/mysql_upgrade_ssl.result b/mysql-test/r/mysql_upgrade_ssl.result index 3b84664708c..c8c4252c5c2 100644 --- a/mysql-test/r/mysql_upgrade_ssl.result +++ b/mysql-test/r/mysql_upgrade_ssl.result @@ -26,6 +26,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK diff --git a/mysql-test/r/mysqlcheck.result b/mysql-test/r/mysqlcheck.result index b25a9be8872..3f5c08d7294 100644 --- a/mysql-test/r/mysqlcheck.result +++ b/mysql-test/r/mysqlcheck.result @@ -20,6 +20,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -48,6 +49,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -74,6 +76,7 @@ mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.proxies_priv OK +mysql.roles_mapping OK mysql.servers OK mysql.table_stats OK mysql.tables_priv OK @@ -100,6 +103,7 @@ mysql.plugin Table is already up to date mysql.proc Table is already up to date mysql.procs_priv Table is already up to date mysql.proxies_priv Table is already up to date +mysql.roles_mapping Table is already up to date mysql.servers Table is already up to date mysql.table_stats Table is already up to date mysql.tables_priv Table is already up to date diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result index 95217d9716a..4f41151f555 100644 --- a/mysql-test/r/ps.result +++ b/mysql-test/r/ps.result @@ -1201,13 +1201,13 @@ SET @aux= "SELECT COUNT(*) prepare my_stmt from @aux; execute my_stmt; COUNT(*) -42 +43 execute my_stmt; COUNT(*) -42 +43 execute my_stmt; COUNT(*) -42 +43 deallocate prepare my_stmt; drop procedure if exists p1| drop table if exists t1| diff --git a/mysql-test/r/system_mysql_db.result b/mysql-test/r/system_mysql_db.result index a92decefbc8..47d831af115 100644 --- a/mysql-test/r/system_mysql_db.result +++ b/mysql-test/r/system_mysql_db.result @@ -18,6 +18,7 @@ plugin proc procs_priv proxies_priv +roles_mapping servers slow_log table_stats @@ -126,6 +127,7 @@ user CREATE TABLE `user` ( `max_user_connections` int(11) NOT NULL DEFAULT '0', `plugin` char(64) CHARACTER SET latin1 NOT NULL DEFAULT '', `authentication_string` text COLLATE utf8_bin NOT NULL, + `is_role` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N', PRIMARY KEY (`Host`,`User`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Users and global privileges' show create table func; diff --git a/mysql-test/r/system_mysql_db_fix40123.result b/mysql-test/r/system_mysql_db_fix40123.result index 04b20c42af3..052e2966f70 100644 --- a/mysql-test/r/system_mysql_db_fix40123.result +++ b/mysql-test/r/system_mysql_db_fix40123.result @@ -18,6 +18,7 @@ plugin proc procs_priv proxies_priv +roles_mapping servers slow_log table_stats @@ -124,6 +125,7 @@ user CREATE TABLE `user` ( `max_updates` int(11) unsigned NOT NULL DEFAULT '0', `max_connections` int(11) unsigned NOT NULL DEFAULT '0', `max_user_connections` int(11) NOT NULL DEFAULT '0', + `is_role` enum('N','Y') COLLATE utf8_bin NOT NULL DEFAULT 'N', `plugin` char(64) CHARACTER SET latin1 NOT NULL DEFAULT '', `authentication_string` text COLLATE utf8_bin NOT NULL, PRIMARY KEY (`Host`,`User`) diff --git a/mysql-test/r/system_mysql_db_fix50030.result b/mysql-test/r/system_mysql_db_fix50030.result index 04b20c42af3..052e2966f70 100644 --- a/mysql-test/r/system_mysql_db_fix50030.result +++ b/mysql-test/r/system_mysql_db_fix50030.result @@ -18,6 +18,7 @@ plugin proc procs_priv proxies_priv +roles_mapping servers slow_log table_stats @@ -124,6 +125,7 @@ user CREATE TABLE `user` ( `max_updates` int(11) unsigned NOT NULL DEFAULT '0', `max_connections` int(11) unsigned NOT NULL DEFAULT '0', `max_user_connections` int(11) NOT NULL DEFAULT '0', + `is_role` enum('N','Y') COLLATE utf8_bin NOT NULL DEFAULT 'N', `plugin` char(64) CHARACTER SET latin1 NOT NULL DEFAULT '', `authentication_string` text COLLATE utf8_bin NOT NULL, PRIMARY KEY (`Host`,`User`) diff --git a/mysql-test/r/system_mysql_db_fix50117.result b/mysql-test/r/system_mysql_db_fix50117.result index 04b20c42af3..052e2966f70 100644 --- a/mysql-test/r/system_mysql_db_fix50117.result +++ b/mysql-test/r/system_mysql_db_fix50117.result @@ -18,6 +18,7 @@ plugin proc procs_priv proxies_priv +roles_mapping servers slow_log table_stats @@ -124,6 +125,7 @@ user CREATE TABLE `user` ( `max_updates` int(11) unsigned NOT NULL DEFAULT '0', `max_connections` int(11) unsigned NOT NULL DEFAULT '0', `max_user_connections` int(11) NOT NULL DEFAULT '0', + `is_role` enum('N','Y') COLLATE utf8_bin NOT NULL DEFAULT 'N', `plugin` char(64) CHARACTER SET latin1 NOT NULL DEFAULT '', `authentication_string` text COLLATE utf8_bin NOT NULL, PRIMARY KEY (`Host`,`User`) diff --git a/mysql-test/suite/funcs_1/r/is_columns_mysql.result b/mysql-test/suite/funcs_1/r/is_columns_mysql.result index 3e128da635d..f9d414e1433 100644 --- a/mysql-test/suite/funcs_1/r/is_columns_mysql.result +++ b/mysql-test/suite/funcs_1/r/is_columns_mysql.result @@ -161,6 +161,9 @@ def mysql proxies_priv Proxied_user 4 NO char 16 48 NULL NULL NULL utf8 utf8_bi def mysql proxies_priv Timestamp 7 CURRENT_TIMESTAMP NO timestamp NULL NULL NULL NULL 0 NULL NULL timestamp on update CURRENT_TIMESTAMP select,insert,update,references def mysql proxies_priv User 2 NO char 16 48 NULL NULL NULL utf8 utf8_bin char(16) PRI select,insert,update,references def mysql proxies_priv With_grant 5 0 NO tinyint NULL NULL 3 0 NULL NULL NULL tinyint(1) select,insert,update,references +def mysql roles_mapping HostFk 1 NO char 60 60 NULL NULL NULL latin1 latin1_bin char(60) select,insert,update,references +def mysql roles_mapping RoleFk 3 NO char 16 16 NULL NULL NULL latin1 latin1_bin char(16) select,insert,update,references +def mysql roles_mapping UserFk 2 NO char 16 16 NULL NULL NULL latin1 latin1_bin char(16) select,insert,update,references def mysql servers Db 3 NO char 64 192 NULL NULL NULL utf8 utf8_general_ci char(64) select,insert,update,references def mysql servers Host 2 NO char 64 192 NULL NULL NULL utf8 utf8_general_ci char(64) select,insert,update,references def mysql servers Owner 9 NO char 64 192 NULL NULL NULL utf8 utf8_general_ci char(64) select,insert,update,references @@ -224,6 +227,7 @@ def mysql user Grant_priv 14 N NO enum 1 3 NULL NULL NULL utf8 utf8_general_ci e def mysql user Host 1 NO char 60 180 NULL NULL NULL utf8 utf8_bin char(60) PRI select,insert,update,references def mysql user Index_priv 16 N NO enum 1 3 NULL NULL NULL utf8 utf8_general_ci enum('N','Y') select,insert,update,references def mysql user Insert_priv 5 N NO enum 1 3 NULL NULL NULL utf8 utf8_general_ci enum('N','Y') select,insert,update,references +def mysql user is_role 43 N NO enum 1 3 NULL NULL NULL utf8 utf8_general_ci enum('N','Y') select,insert,update,references def mysql user Lock_tables_priv 21 N NO enum 1 3 NULL NULL NULL utf8 utf8_general_ci enum('N','Y') select,insert,update,references def mysql user max_connections 39 0 NO int NULL NULL 10 0 NULL NULL NULL int(11) unsigned select,insert,update,references def mysql user max_questions 37 0 NO int NULL NULL 10 0 NULL NULL NULL int(11) unsigned select,insert,update,references @@ -480,6 +484,9 @@ NULL mysql procs_priv Timestamp timestamp NULL NULL NULL NULL timestamp NULL mysql proxies_priv With_grant tinyint NULL NULL NULL NULL tinyint(1) 3.0000 mysql proxies_priv Grantor char 77 231 utf8 utf8_bin char(77) NULL mysql proxies_priv Timestamp timestamp NULL NULL NULL NULL timestamp +1.0000 mysql roles_mapping HostFk char 60 60 latin1 latin1_bin char(60) +1.0000 mysql roles_mapping UserFk char 16 16 latin1 latin1_bin char(16) +1.0000 mysql roles_mapping RoleFk char 16 16 latin1 latin1_bin char(16) 3.0000 mysql servers Server_name char 64 192 utf8 utf8_general_ci char(64) 3.0000 mysql servers Host char 64 192 utf8 utf8_general_ci char(64) 3.0000 mysql servers Db char 64 192 utf8 utf8_general_ci char(64) @@ -567,3 +574,4 @@ NULL mysql user max_connections int NULL NULL NULL NULL int(11) unsigned NULL mysql user max_user_connections int NULL NULL NULL NULL int(11) 1.0000 mysql user plugin char 64 64 latin1 latin1_swedish_ci char(64) 1.0000 mysql user authentication_string text 65535 65535 utf8 utf8_bin text +3.0000 mysql user is_role enum 1 3 utf8 utf8_general_ci enum('N','Y') diff --git a/mysql-test/suite/funcs_1/r/is_tables_mysql.result b/mysql-test/suite/funcs_1/r/is_tables_mysql.result index c113e6d7fce..2b18129423b 100644 --- a/mysql-test/suite/funcs_1/r/is_tables_mysql.result +++ b/mysql-test/suite/funcs_1/r/is_tables_mysql.result @@ -428,6 +428,29 @@ user_comment User proxy privileges Separator ----------------------------------------------------- TABLE_CATALOG def TABLE_SCHEMA mysql +TABLE_NAME roles_mapping +TABLE_TYPE BASE TABLE +ENGINE MYISAM_OR_MARIA +VERSION 10 +ROW_FORMAT Fixed +TABLE_ROWS #TBLR# +AVG_ROW_LENGTH #ARL# +DATA_LENGTH #DL# +MAX_DATA_LENGTH #MDL# +INDEX_LENGTH #IL# +DATA_FREE #DF# +AUTO_INCREMENT NULL +CREATE_TIME #CRT# +UPDATE_TIME #UT# +CHECK_TIME #CT# +TABLE_COLLATION latin1_swedish_ci +CHECKSUM NULL +CREATE_OPTIONS #CO# +TABLE_COMMENT #TC# +user_comment +Separator ----------------------------------------------------- +TABLE_CATALOG def +TABLE_SCHEMA mysql TABLE_NAME servers TABLE_TYPE BASE TABLE ENGINE MYISAM_OR_MARIA diff --git a/mysql-test/suite/funcs_1/r/is_user_privileges.result b/mysql-test/suite/funcs_1/r/is_user_privileges.result index 1ec1ffc4ce1..7b031ea5cbc 100644 --- a/mysql-test/suite/funcs_1/r/is_user_privileges.result +++ b/mysql-test/suite/funcs_1/r/is_user_privileges.result @@ -129,6 +129,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -171,6 +172,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -213,6 +215,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N # # Add GRANT OPTION db_datadict.* to testuser1; GRANT UPDATE ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION; @@ -279,6 +282,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -321,6 +325,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -363,6 +368,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N # Establish connection testuser1 (user=testuser1) SELECT * FROM information_schema.user_privileges WHERE grantee LIKE '''testuser%''' @@ -415,6 +421,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -457,6 +464,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -499,6 +507,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N SHOW GRANTS; Grants for testuser1@localhost GRANT USAGE ON *.* TO 'testuser1'@'localhost' @@ -573,6 +582,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -615,6 +625,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -657,6 +668,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION; # # Here <SELECT YES> is shown correctly for testuser1; @@ -723,6 +735,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -765,6 +778,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -807,6 +821,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N # Switch to connection testuser1 SELECT * FROM information_schema.user_privileges WHERE grantee LIKE '''testuser%''' @@ -859,6 +874,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -901,6 +917,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -943,6 +960,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N SHOW GRANTS; Grants for testuser1@localhost GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION @@ -1047,6 +1065,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -1089,6 +1108,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -1131,6 +1151,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N # Switch to connection testuser1 SELECT * FROM information_schema.user_privileges WHERE grantee LIKE '''testuser%''' @@ -1230,6 +1251,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -1272,6 +1294,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -1314,6 +1337,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N # Switch to connection testuser1 SELECT * FROM information_schema.user_privileges WHERE grantee LIKE '''testuser%''' @@ -1366,6 +1390,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -1408,6 +1433,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -1450,6 +1476,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N SHOW GRANTS; Grants for testuser1@localhost GRANT USAGE ON *.* TO 'testuser1'@'localhost' @@ -1509,6 +1536,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -1551,6 +1579,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -1593,6 +1622,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N SHOW GRANTS; Grants for testuser1@localhost GRANT USAGE ON *.* TO 'testuser1'@'localhost' @@ -1667,6 +1697,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser2 Password @@ -1709,6 +1740,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N Host localhost User testuser3 Password @@ -1751,6 +1783,7 @@ max_connections 0 max_user_connections 0 plugin authentication_string +is_role N # Switch to connection testuser1 SELECT * FROM information_schema.user_privileges WHERE grantee LIKE '''testuser%''' diff --git a/mysql-test/t/acl_roles_set_role-table-column-priv.test b/mysql-test/t/acl_roles_set_role-table-column-priv.test index 11969758f0c..4334f4c430b 100644 --- a/mysql-test/t/acl_roles_set_role-table-column-priv.test +++ b/mysql-test/t/acl_roles_set_role-table-column-priv.test @@ -32,7 +32,7 @@ select current_user(), current_role(); --sorted_result show grants; ---error ER_TABLEACCESS_DENIED_ERROR +--error ER_COLUMNACCESS_DENIED_ERROR select * from mysql.roles_mapping; --sorted_result diff --git a/mysql-test/t/acl_roles_show_grants.test b/mysql-test/t/acl_roles_show_grants.test index 38b20e627a2..5cc11be6d40 100644 --- a/mysql-test/t/acl_roles_show_grants.test +++ b/mysql-test/t/acl_roles_show_grants.test @@ -40,7 +40,6 @@ select current_user(), current_role(); --sorted_result show grants; ---error ER_DBACCESS_DENIED_ERROR show grants for test_user@localhost; --error ER_DBACCESS_DENIED_ERROR show grants for test_role1; diff --git a/mysql-test/t/system_mysql_db_fix40123.test b/mysql-test/t/system_mysql_db_fix40123.test index adb223a9e50..6501761b5bc 100644 --- a/mysql-test/t/system_mysql_db_fix40123.test +++ b/mysql-test/t/system_mysql_db_fix40123.test @@ -36,7 +36,7 @@ CREATE TABLE host ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) bina CREATE TABLE user ( Host char(60) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Password char(41) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Reload_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Shutdown_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Process_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, File_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_db_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Super_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_slave_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_client_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, ssl_type enum('','ANY','X509', 'SPECIFIED') COLLATE utf8_general_ci DEFAULT '' NOT NULL, ssl_cipher BLOB NOT NULL, x509_issuer BLOB NOT NULL, x509_subject BLOB NOT NULL, max_questions int(11) unsigned DEFAULT 0 NOT NULL, max_updates int(11) unsigned DEFAULT 0 NOT NULL, max_connections int(11) unsigned DEFAULT 0 NOT NULL, PRIMARY KEY Host (Host,User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges'; INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0); - INSERT INTO user VALUES ('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0); +INSERT INTO user VALUES ('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0); CREATE TABLE func ( name char(64) binary DEFAULT '' NOT NULL, ret tinyint(1) DEFAULT '0' NOT NULL, dl char(128) DEFAULT '' NOT NULL, type enum ('function','aggregate') COLLATE utf8_general_ci NOT NULL, PRIMARY KEY (name) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='User defined functions'; @@ -77,7 +77,7 @@ CREATE TABLE index_stats (db_name varchar(64) NOT NULL, table_name varchar(64) N -- disable_query_log # Drop all tables created by this test -DROP TABLE db, host, user, func, plugin, tables_priv, columns_priv, procs_priv, gtid_slave_pos, servers, help_category, help_keyword, help_relation, help_topic, proc, time_zone, time_zone_leap_second, time_zone_name, time_zone_transition, time_zone_transition_type, general_log, slow_log, event, ndb_binlog_index, proxies_priv, table_stats, column_stats, index_stats; +DROP TABLE db, host, user, func, plugin, tables_priv, columns_priv, procs_priv, gtid_slave_pos, servers, help_category, help_keyword, help_relation, help_topic, proc, time_zone, time_zone_leap_second, time_zone_name, time_zone_transition, time_zone_transition_type, general_log, slow_log, event, ndb_binlog_index, proxies_priv, table_stats, column_stats, index_stats, roles_mapping; -- enable_query_log diff --git a/mysql-test/t/system_mysql_db_fix50030.test b/mysql-test/t/system_mysql_db_fix50030.test index a4718c91c26..21b37c54c9b 100644 --- a/mysql-test/t/system_mysql_db_fix50030.test +++ b/mysql-test/t/system_mysql_db_fix50030.test @@ -84,7 +84,7 @@ CREATE TABLE index_stats (db_name varchar(64) NOT NULL, table_name varchar(64) N -- disable_query_log # Drop all tables created by this test -DROP TABLE db, host, user, func, plugin, tables_priv, columns_priv, procs_priv, gtid_slave_pos, servers, help_category, help_keyword, help_relation, help_topic, proc, time_zone, time_zone_leap_second, time_zone_name, time_zone_transition, time_zone_transition_type, general_log, slow_log, event, ndb_binlog_index, proxies_priv, table_stats, column_stats, index_stats; +DROP TABLE db, host, user, func, plugin, tables_priv, columns_priv, procs_priv, gtid_slave_pos, servers, help_category, help_keyword, help_relation, help_topic, proc, time_zone, time_zone_leap_second, time_zone_name, time_zone_transition, time_zone_transition_type, general_log, slow_log, event, ndb_binlog_index, proxies_priv, table_stats, column_stats, index_stats, roles_mapping; -- enable_query_log diff --git a/mysql-test/t/system_mysql_db_fix50117.test b/mysql-test/t/system_mysql_db_fix50117.test index 5677d6337f0..17f5fe0b541 100644 --- a/mysql-test/t/system_mysql_db_fix50117.test +++ b/mysql-test/t/system_mysql_db_fix50117.test @@ -103,7 +103,7 @@ CREATE TABLE index_stats (db_name varchar(64) NOT NULL, table_name varchar(64) N -- disable_query_log # Drop all tables created by this test -DROP TABLE db, host, user, func, plugin, tables_priv, columns_priv, procs_priv, gtid_slave_pos, servers, help_category, help_keyword, help_relation, help_topic, proc, time_zone, time_zone_leap_second, time_zone_name, time_zone_transition, time_zone_transition_type, general_log, slow_log, event, ndb_binlog_index, proxies_priv, table_stats, column_stats, index_stats; +DROP TABLE db, host, user, func, plugin, tables_priv, columns_priv, procs_priv, gtid_slave_pos, servers, help_category, help_keyword, help_relation, help_topic, proc, time_zone, time_zone_leap_second, time_zone_name, time_zone_transition, time_zone_transition_type, general_log, slow_log, event, ndb_binlog_index, proxies_priv, table_stats, column_stats, index_stats, roles_mapping; -- enable_query_log diff --git a/scripts/mysql_system_tables.sql b/scripts/mysql_system_tables.sql index de6c33fb4f9..30bea5d9b0f 100644 --- a/scripts/mysql_system_tables.sql +++ b/scripts/mysql_system_tables.sql @@ -41,11 +41,7 @@ CREATE TABLE IF NOT EXISTS user ( Host char(60) binary DEFAULT '' NOT NULL, Us -- Remember for later if user table already existed set @had_user_table= @@warning_count != 0; -CREATE TABLE IF NOT EXISTS roles_mapping ( - HostFk char(60) binary DEFAULT '' NOT NULL, - UserFk char(16) binary DEFAULT '' NOT NULL, - RoleFk char(16) binary DEFAULT '' NOT NULL -); +CREATE TABLE IF NOT EXISTS roles_mapping (HostFk char(60) binary DEFAULT '' NOT NULL, UserFk char(16) binary DEFAULT '' NOT NULL, RoleFk char(16) binary DEFAULT '' NOT NULL); CREATE TABLE IF NOT EXISTS func ( name char(64) binary DEFAULT '' NOT NULL, ret tinyint(1) DEFAULT '0' NOT NULL, dl char(128) DEFAULT '' NOT NULL, type enum ('function','aggregate') COLLATE utf8_general_ci NOT NULL, PRIMARY KEY (name) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='User defined functions'; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 9716f7c251c..d1146a99113 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -6057,9 +6057,12 @@ bool check_grant_column(THD *thd, GRANT_INFO *grant, table_name, TRUE) : NULL; grant->version= grant_version; /* purecov: inspected */ } - if (!(grant_table= grant->grant_table_user) && - !(grant_table_role= grant->grant_table_role)) - goto err; /* purecov: deadcode */ + + grant_table= grant->grant_table_user; + grant_table_role= grant->grant_table_role; + + if (!grant_table && !grant_table_role) + goto err; if (grant_table) { @@ -6187,14 +6190,12 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg, Field_iterator_table_ref *fields) { Security_context *sctx= thd->security_ctx; - ulong want_access= want_access_arg; + ulong UNINIT_VAR(want_access); const char *table_name= NULL; - const char* db_name; GRANT_INFO *grant; - /* Initialized only to make gcc happy */ - GRANT_TABLE *grant_table= NULL; - GRANT_TABLE *grant_table_role= NULL; + GRANT_TABLE *UNINIT_VAR(grant_table); + GRANT_TABLE *UNINIT_VAR(grant_table_role); /* Flag that gets set if privilege checking has to be performed on column level. @@ -6238,16 +6239,14 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg, if (want_access) { + ulong have_access= 0; if (grant_table) { GRANT_COLUMN *grant_column= column_hash_search(grant_table, field_name, (uint) strlen(field_name)); if (grant_column) - { - using_column_privileges= TRUE; - want_access&= ~grant_column->rights; - } + have_access= grant_column->rights; } if (grant_table_role) { @@ -6255,13 +6254,12 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg, column_hash_search(grant_table_role, field_name, (uint) strlen(field_name)); if (grant_column) - { - using_column_privileges= TRUE; - want_access&= ~grant_column->rights; - } + have_access|= grant_column->rights; } - if (!want_access) + if (have_access) + using_column_privileges= TRUE; + if (want_access & ~have_access) goto err; } } @@ -6580,8 +6578,10 @@ ulong get_column_grant(THD *thd, GRANT_INFO *grant, grant->version= grant_version; /* purecov: inspected */ } - if (!(grant_table= grant->grant_table_user) && - !(grant_table_role= grant->grant_table_role)) + grant_table= grant->grant_table_user; + grant_table_role= grant->grant_table_role; + + if (!grant_table && !grant_table_role) priv= grant->privilege; else { diff --git a/sql/sql_db.cc b/sql/sql_db.cc index 47c2e3bd406..7cc2caaa881 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -1470,18 +1470,17 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch) DBUG_PRINT("info",("Use database: %s", new_db_file_name.str)); #ifndef NO_EMBEDDED_ACCESS_CHECKS - db_access= - test_all_bits(sctx->master_access, DB_ACLS) ? - DB_ACLS : - acl_get(sctx->host, - sctx->ip, - sctx->priv_user, - new_db_file_name.str, - FALSE) | sctx->master_access; - if (sctx->priv_role[0]) + if (test_all_bits(sctx->master_access, DB_ACLS)) + db_access= DB_ACLS; + else { - /* include a possible currently set role for access */ - db_access|= acl_get("", "", sctx->priv_role, new_db_file_name.str, FALSE); + db_access= acl_get(sctx->host, sctx->ip, sctx->priv_user, + new_db_file_name.str, FALSE) | sctx->master_access; + if (sctx->priv_role[0]) + { + /* include a possible currently set role for access */ + db_access|= acl_get("", "", sctx->priv_role, new_db_file_name.str, FALSE); + } } if (!force_switch && diff --git a/sql/sql_lex.h b/sql/sql_lex.h index 293081c21db..281ca26b64f 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -148,7 +148,7 @@ enum enum_sql_command { SQLCOM_SHOW_TRIGGERS, SQLCOM_LOAD,SQLCOM_SET_OPTION,SQLCOM_LOCK_TABLES,SQLCOM_UNLOCK_TABLES, - SQLCOM_GRANT, SQLCOM_GRANT_ROLE, + SQLCOM_GRANT, SQLCOM_CHANGE_DB, SQLCOM_CREATE_DB, SQLCOM_DROP_DB, SQLCOM_ALTER_DB, SQLCOM_REPAIR, SQLCOM_REPLACE, SQLCOM_REPLACE_SELECT, SQLCOM_CREATE_FUNCTION, SQLCOM_DROP_FUNCTION, @@ -169,7 +169,6 @@ enum enum_sql_command { SQLCOM_SHOW_WARNS, SQLCOM_EMPTY_QUERY, SQLCOM_SHOW_ERRORS, SQLCOM_SHOW_STORAGE_ENGINES, SQLCOM_SHOW_PRIVILEGES, SQLCOM_HELP, SQLCOM_CREATE_USER, SQLCOM_DROP_USER, SQLCOM_RENAME_USER, - SQLCOM_CREATE_ROLE, SQLCOM_DROP_ROLE, SQLCOM_REVOKE_ROLE, SQLCOM_REVOKE_ALL, SQLCOM_CHECKSUM, SQLCOM_CREATE_PROCEDURE, SQLCOM_CREATE_SPFUNCTION, SQLCOM_CALL, SQLCOM_DROP_PROCEDURE, SQLCOM_ALTER_PROCEDURE,SQLCOM_ALTER_FUNCTION, @@ -197,6 +196,7 @@ enum enum_sql_command { SQLCOM_SHOW_USER_STATS, SQLCOM_SHOW_TABLE_STATS, SQLCOM_SHOW_INDEX_STATS, SQLCOM_SHOW_CLIENT_STATS, SQLCOM_SHOW_EXPLAIN, SQLCOM_SHUTDOWN, + SQLCOM_CREATE_ROLE, SQLCOM_DROP_ROLE, SQLCOM_GRANT_ROLE, SQLCOM_REVOKE_ROLE, /* When a command is added here, be sure it's also added in mysqld.cc diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 9d17d9c3e31..997ba7f97ea 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -4001,6 +4001,11 @@ end_with_restore_list: LEX_USER *grant_user= lex->grant_user; if (!grant_user) goto error; + + if (grant_user->user.str && + !strcmp(thd->security_ctx->priv_user, grant_user->user.str)) + grant_user= ¤t_user; + if (grant_user == ¤t_user || grant_user == ¤t_role || grant_user == ¤t_user_and_current_role || @@ -7752,7 +7757,7 @@ LEX_USER *create_definer(THD *thd, LEX_STRING *user_name, LEX_STRING *host_name) LEX_USER *get_current_user(THD *thd, LEX_USER *user) { - if (!user->user.str) // current_user + if (user == ¤t_user) // current_user return create_default_definer(thd); return user; |