merged

BitKeeper/etc/logging_ok: auto-union mysql-test/r/information_schema.result: Auto merged mysql-test/r/ndb_autodiscover.result: Auto merged mysql-test/r/ps_1general.result: Auto merged mysql-test/r/show_check.result: Auto merged mysql-test/r/sp.result: Auto merged mysql-test/r/view.result: Auto merged scripts/fill_func_tables.sh: Auto merged scripts/mysql_create_system_tables.sh: Auto merged scripts/mysql_fix_privilege_tables.sh: Auto merged scripts/mysql_fix_privilege_tables.sql: Auto merged sql/field.cc: Auto merged sql/handler.cc: Auto merged sql/item_sum.cc: Auto merged sql/item_sum.h: Auto merged sql/sql_acl.cc: Auto merged sql/sql_table.cc: Auto merged sql/table.cc: Auto merged
author: unknown <serg@serg.mylan> 2005-03-23 09:42:24 +0100
committer: unknown <serg@serg.mylan> 2005-03-23 09:42:24 +0100
commit: d27a709f3d811718c4174beeb0bd2d964bfcf87c (patch)
tree: bfec7a86898321f85706b5331aa18fdb1bc68fbb /sql/sql_acl.cc
parent: 903d1b6b51345213fba70e144873aa4a9f6b7c0c (diff)
parent: e2ca9c5b41df8f18f44e0529a72b141a9fc2b01b (diff)
download: mariadb-git-d27a709f3d811718c4174beeb0bd2d964bfcf87c.tar.gz
1 files changed, 27 insertions, 9 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index de5df4559db..b08429b2d4c 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -239,7 +239,7 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
 
   DBUG_PRINT("info",("user table fields: %d, password length: %d",
 		     table->s->fields, table->field[2]->field_length));
-  
+
   pthread_mutex_lock(&LOCK_global_system_variables);
   if (table->field[2]->field_length < SCRAMBLED_PASSWORD_CHAR_LENGTH)
   {
@@ -323,6 +323,12 @@ my_bool acl_init(THD *org_thd, bool dont_read_acl_tables)
       if (table->s->fields <= 33 && (user.access & ALTER_ACL))
         user.access|= ALTER_PROC_ACL;
 
+      /*
+        pre 5.0.3 did not have CREATE_USER_ACL
+      */
+      if (table->s->fields <= 36 && (user.access & GRANT_ACL))
+        user.access|= CREATE_USER_ACL;
+
       user.sort= get_sort(2,user.host.hostname,user.user);
       user.hostname_length= (user.host.hostname ?
                              (uint) strlen(user.host.hostname) : 0);
@@ -1541,18 +1547,26 @@ end:
 }
 
 
-/* Return 1 if we are allowed to create new users */
+/*
+  Return 1 if we are allowed to create new users
+  the logic here is: INSERT_ACL is sufficient.
+  It's also a requirement in opt_safe_user_create,
+  otherwise CREATE_USER_ACL is enough.
+*/
 
 static bool test_if_create_new_users(THD *thd)
 {
-  bool create_new_users=1;    // Assume that we are allowed to create new users
-  if (opt_safe_user_create && !(thd->master_access & INSERT_ACL))
+  bool create_new_users= test(thd->master_access & INSERT_ACL) ||
+                         (!opt_safe_user_create &&
+                          test(thd->master_access & CREATE_USER_ACL));
+  if (!create_new_users)
   {
     TABLE_LIST tl;
     ulong db_access;
     bzero((char*) &tl,sizeof(tl));
     tl.db=	   (char*) "mysql";
     tl.table_name=  (char*) "user";
+    create_new_users= 1;
 
     db_access=acl_get(thd->host, thd->ip,
 		      thd->priv_user, tl.db, 0);
@@ -1614,8 +1628,8 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
       goto end;
     }
     /*
-      There are four options which affect the process of creation of 
-      a new user(mysqld option --safe-create-user, 'insert' privilege
+      There are four options which affect the process of creation of
+      a new user (mysqld option --safe-create-user, 'insert' privilege
       on 'mysql.user' table, using 'GRANT' with 'IDENTIFIED BY' and
       SQL_MODE flag NO_AUTO_CREATE_USER). Below is the simplified rule
       how it should work.
@@ -1623,6 +1637,8 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
       else if (identified_by) => create
       else if (no_auto_create_user) => reject
       else create
+
+      see also test_if_create_new_users()
     */
     else if (((thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER) &&
               !password_len) || !create_user)
@@ -2925,7 +2941,7 @@ bool mysql_procedure_grant(THD *thd, TABLE_LIST *table_list,
     table_name= table_list->table_name;
 
     grant_name= proc_hash_search(Str->host.str, NullS, db_name,
-    				 Str->user.str, table_name, 1);
+                                 Str->user.str, table_name, 1);
     if (!grant_name)
     {
       if (revoke_grant)
@@ -2946,7 +2962,7 @@ bool mysql_procedure_grant(THD *thd, TABLE_LIST *table_list,
       }
       my_hash_insert(&proc_priv_hash,(byte*) grant_name);
     }
-    
+
     if (replace_proc_table(thd, grant_name, tables[1].table, *Str,
 			   db_name, table_name, rights, revoke_grant))
     {
@@ -3688,11 +3704,13 @@ static const char *command_array[]=
   "ALTER", "SHOW DATABASES", "SUPER", "CREATE TEMPORARY TABLES",
   "LOCK TABLES", "EXECUTE", "REPLICATION SLAVE", "REPLICATION CLIENT",
   "CREATE VIEW", "SHOW VIEW", "CREATE ROUTINE", "ALTER ROUTINE",
+  "CREATE USER"
 };
 
 static uint command_lengths[]=
 {
-  6, 6, 6, 6, 6, 4, 6, 8, 7, 4, 5, 10, 5, 5, 14, 5, 23, 11, 7, 17, 18, 11, 9, 14, 13
+  6, 6, 6, 6, 6, 4, 6, 8, 7, 4, 5, 10, 5, 5, 14, 5, 23, 11, 7, 17, 18, 11, 9,
+  14, 13, 11
 };
author	unknown <serg@serg.mylan>	2005-03-23 09:42:24 +0100
committer	unknown <serg@serg.mylan>	2005-03-23 09:42:24 +0100
commit	d27a709f3d811718c4174beeb0bd2d964bfcf87c (patch)
tree	bfec7a86898321f85706b5331aa18fdb1bc68fbb /sql/sql_acl.cc
parent	903d1b6b51345213fba70e144873aa4a9f6b7c0c (diff)
parent	e2ca9c5b41df8f18f44e0529a72b141a9fc2b01b (diff)
download	mariadb-git-d27a709f3d811718c4174beeb0bd2d964bfcf87c.tar.gz