diff options
| author | Alexander Barkov <bar@mariadb.com> | 2020-02-09 21:53:11 +0400 |
|---|---|---|
| committer | Alexander Barkov <bar@mariadb.com> | 2020-02-11 08:10:26 +0400 |
| commit | 83e75b39b3611d60ac59e851f742a13f2ee95393 (patch) | |
| tree | a1ab536573067a6578631d3e5e89da612f745ec8 /sql/sql_acl.cc | |
| parent | f79f537f9facb5a050697ad3dbf6e4a617c3c128 (diff) | |
| download | mariadb-git-83e75b39b3611d60ac59e851f742a13f2ee95393.tar.gz | |
MDEV-21702 Add a data type for privileges
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 402 |
1 files changed, 211 insertions, 191 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 7bdee80d596..ead50fe7df5 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -126,9 +126,9 @@ static bool compare_hostname(const acl_host_and_ip *, const char *, const char * class ACL_ACCESS { public: ulonglong sort; - ulong access; + privilege_t access; ACL_ACCESS() - :sort(0), access(0) + :sort(0), access(NO_ACL) { } }; @@ -193,7 +193,7 @@ public: ACL_USER() { } ACL_USER(THD *thd, const LEX_USER &combo, const Account_options &options, - const ulong privileges); + const privilege_t privileges); ACL_USER *copy(MEM_ROOT *root) { @@ -259,7 +259,7 @@ public: the ACL_USER::access field needs to be reset first. The field initial_role_access holds initial grants, as granted directly to the role */ - ulong initial_role_access; + privilege_t initial_role_access; /* In subgraph traversal, when we need to traverse only a part of the graph (e.g. all direct and indirect grantees of a role X), the counter holds the @@ -270,16 +270,17 @@ public: DYNAMIC_ARRAY parent_grantee; // array of backlinks to elements granted ACL_ROLE(ACL_USER * user, MEM_ROOT *mem); - ACL_ROLE(const char * rolename, ulong privileges, MEM_ROOT *mem); + ACL_ROLE(const char * rolename, privilege_t privileges, MEM_ROOT *mem); }; class ACL_DB :public ACL_ACCESS { public: + ACL_DB() :initial_access(NO_ACL) { } acl_host_and_ip host; const char *user,*db; - ulong initial_access; /* access bits present in the table */ + privilege_t initial_access; /* access bits present in the table */ const char *get_username() { return user; } }; @@ -520,7 +521,7 @@ public: class acl_entry :public hash_filo_element { public: - ulong access; + privilege_t access; uint16 length; char key[1]; // Key will be stored here }; @@ -662,7 +663,7 @@ static HASH package_spec_priv_hash, package_body_priv_hash; static DYNAMIC_ARRAY acl_wild_hosts; static Hash_filo<acl_entry> *acl_cache; static uint grant_version=0; /* Version of priv tables. incremented by acl_load */ -static ulong get_access(TABLE *form,uint fieldnr, uint *next_field=0); +static privilege_t get_access(TABLE *form, uint fieldnr, uint *next_field=0); static int acl_compare(const ACL_ACCESS *a, const ACL_ACCESS *b); static int acl_user_compare(const ACL_USER *a, const ACL_USER *b); static void rebuild_acl_users(); @@ -800,15 +801,15 @@ class Grant_table_base /* Return the underlying TABLE handle. */ TABLE* table() const { return m_table; } - ulong get_access() const + privilege_t get_access() const { - ulong access_bits= 0, bit= 1; + ulonglong access_bits= 0, bit= 1; for (uint i = start_priv_columns; i < end_priv_columns; i++, bit<<=1) { if (get_YN_as_bool(m_table->field[i])) access_bits|= bit; } - return access_bits; + return ALL_KNOWN_ACL & access_bits; } protected: @@ -862,8 +863,8 @@ class User_table: public Grant_table_base virtual LEX_CSTRING& name() const = 0; virtual int get_auth(THD *, MEM_ROOT *, ACL_USER *u) const= 0; virtual bool set_auth(const ACL_USER &u) const = 0; - virtual ulong get_access() const = 0; - virtual void set_access(ulong rights, bool revoke) const = 0; + virtual privilege_t get_access() const = 0; + virtual void set_access(const privilege_t rights, bool revoke) const = 0; char *get_host(MEM_ROOT *root) const { return ::get_field(root, m_table->field[0]); } @@ -981,9 +982,9 @@ class User_table_tabular: public User_table return 0; } - ulong get_access() const + privilege_t get_access() const { - ulong access= Grant_table_base::get_access(); + privilege_t access(Grant_table_base::get_access()); if ((num_fields() <= 13) && (access & CREATE_ACL)) access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL; @@ -1022,9 +1023,9 @@ class User_table_tabular: public User_table return access & GLOBAL_ACLS; } - void set_access(ulong rights, bool revoke) const + void set_access(const privilege_t rights, bool revoke) const { - ulong priv= SELECT_ACL; + ulonglong priv(SELECT_ACL); for (uint i= start_priv_columns; i < end_priv_columns; i++, priv <<= 1) { if (priv & rights) @@ -1469,23 +1470,23 @@ class User_table_json: public User_table set_str_value("authentication_string", u.auth[i].auth_string.str, u.auth[i].auth_string.length); } - ulong get_access() const + privilege_t get_access() const { /* when new privileges will be added, we'll start storing GLOBAL_ACLS (or, for example, my_count_bits(GLOBAL_ACLS)) in the json too, and it'll allow us to do privilege upgrades */ - return get_int_value("access") & GLOBAL_ACLS; + return get_access_value("access") & GLOBAL_ACLS; } - void set_access(ulong rights, bool revoke) const + void set_access(const privilege_t rights, bool revoke) const { - ulong access= get_access(); + privilege_t access= get_access(); if (revoke) access&= ~rights; else access|= rights; - set_int_value("access", access & GLOBAL_ACLS); + set_int_value("access", (longlong) (access & GLOBAL_ACLS)); } const char *unsafe_str(const char *s) const { return s[0] ? s : NULL; } @@ -1606,6 +1607,10 @@ class User_table_json: public User_table const char *value_end= value_start + value_len; return my_strtoll10(value_start, (char**)&value_end, &err); } + privilege_t get_access_value(const char *key) const + { + return privilege_t(ALL_KNOWN_ACL & (ulonglong) get_int_value(key)); + } double get_double_value(const char *key) const { int err; @@ -1969,17 +1974,20 @@ enum enum_acl_lists ROLES_MAPPINGS_HASH }; -ACL_ROLE::ACL_ROLE(ACL_USER *user, MEM_ROOT *root) : counter(0) +ACL_ROLE::ACL_ROLE(ACL_USER *user, MEM_ROOT *root) + : + /* set initial role access the same as the table row privileges */ + initial_role_access(user->access), + counter(0) { access= user->access; - /* set initial role access the same as the table row privileges */ - initial_role_access= user->access; this->user= user->user; bzero(&parent_grantee, sizeof(parent_grantee)); flags= IS_ROLE; } -ACL_ROLE::ACL_ROLE(const char * rolename, ulong privileges, MEM_ROOT *root) : +ACL_ROLE::ACL_ROLE(const char * rolename, privilege_t privileges, + MEM_ROOT *root) : initial_role_access(privileges), counter(0) { this->access= initial_role_access; @@ -2740,9 +2748,9 @@ end: privilege mask */ -static ulong get_access(TABLE *form, uint fieldnr, uint *next_field) +static privilege_t get_access(TABLE *form, uint fieldnr, uint *next_field) { - ulong access_bits=0,bit; + ulonglong access_bits=0,bit; char buff[2]; String res(buff,sizeof(buff),&my_charset_latin1); Field **pos; @@ -2757,7 +2765,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field) } if (next_field) *next_field=fieldnr; - return access_bits; + return ALL_KNOWN_ACL & access_bits; } @@ -2961,7 +2969,7 @@ bool acl_getroot(Security_context *sctx, const char *user, const char *host, mysql_mutex_lock(&acl_cache->lock); - sctx->db_access= 0; + sctx->db_access= NO_ACL; if (host[0]) // User, not Role { @@ -3001,7 +3009,7 @@ bool acl_getroot(Security_context *sctx, const char *user, const char *host, } static int check_user_can_set_role(const char *user, const char *host, - const char *ip, const char *rolename, ulonglong *access) + const char *ip, const char *rolename, privilege_t *access) { ACL_ROLE *role; ACL_USER_BASE *acl_user_base; @@ -3069,7 +3077,7 @@ end: } -int acl_check_setrole(THD *thd, const char *rolename, ulonglong *access) +int acl_check_setrole(THD *thd, const char *rolename, privilege_t *access) { /* Yes! priv_user@host. Don't ask why - that's what check_access() does. */ return check_user_can_set_role(thd->security_ctx->priv_user, @@ -3077,11 +3085,11 @@ int acl_check_setrole(THD *thd, const char *rolename, ulonglong *access) } -int acl_setrole(THD *thd, const char *rolename, ulonglong access) +int acl_setrole(THD *thd, const char *rolename, privilege_t access) { /* merge the privileges */ Security_context *sctx= thd->security_ctx; - sctx->master_access= static_cast<ulong>(access); + sctx->master_access= access; if (thd->db.str) sctx->db_access= acl_get(sctx->host, sctx->ip, sctx->user, thd->db.str, FALSE); @@ -3107,7 +3115,7 @@ static uchar* check_get_key(ACL_USER *buff, size_t *length, } -static void acl_update_role(const char *rolename, ulong privileges) +static void acl_update_role(const char *rolename, const privilege_t privileges) { ACL_ROLE *role= find_acl_role(rolename); if (role) @@ -3117,7 +3125,7 @@ static void acl_update_role(const char *rolename, ulong privileges) ACL_USER::ACL_USER(THD *thd, const LEX_USER &combo, const Account_options &options, - const ulong privileges) + const privilege_t privileges) { user= safe_lexcstrdup_root(&acl_memroot, combo.user); update_hostname(&host, safe_strdup_root(&acl_memroot, combo.host.str)); @@ -3132,7 +3140,7 @@ ACL_USER::ACL_USER(THD *thd, const LEX_USER &combo, static int acl_user_update(THD *thd, ACL_USER *acl_user, uint nauth, const LEX_USER &combo, const Account_options &options, - const ulong privileges) + const privilege_t privileges) { if (nauth) { @@ -3204,7 +3212,7 @@ static int acl_user_update(THD *thd, ACL_USER *acl_user, uint nauth, } -static void acl_insert_role(const char *rolename, ulong privileges) +static void acl_insert_role(const char *rolename, privilege_t privileges) { ACL_ROLE *entry; @@ -3219,7 +3227,7 @@ static void acl_insert_role(const char *rolename, ulong privileges) static bool acl_update_db(const char *user, const char *host, const char *db, - ulong privileges) + privilege_t privileges) { mysql_mutex_assert_owner(&acl_cache->lock); @@ -3271,7 +3279,7 @@ static bool acl_update_db(const char *user, const char *host, const char *db, */ static void acl_insert_db(const char *user, const char *host, const char *db, - ulong privileges) + const privilege_t privileges) { ACL_DB acl_db; mysql_mutex_assert_owner(&acl_cache->lock); @@ -3292,10 +3300,10 @@ static void acl_insert_db(const char *user, const char *host, const char *db, acl_cache is not used if db_is_pattern is set. */ -ulong acl_get(const char *host, const char *ip, - const char *user, const char *db, my_bool db_is_pattern) +privilege_t acl_get(const char *host, const char *ip, + const char *user, const char *db, my_bool db_is_pattern) { - ulong host_access= ~(ulong)0, db_access= 0; + privilege_t host_access(ALL_KNOWN_ACL), db_access(NO_ACL); uint i; size_t key_length; char key[ACL_KEY_LENGTH],*tmp_db,*end; @@ -3306,7 +3314,7 @@ ulong acl_get(const char *host, const char *ip, end= strnmov(tmp_db, db, key + sizeof(key) - tmp_db); if (end >= key + sizeof(key)) // db name was truncated - DBUG_RETURN(0); // no privileges for an invalid db name + DBUG_RETURN(NO_ACL); // no privileges for an invalid db name if (lower_case_table_names) { @@ -3320,7 +3328,7 @@ ulong acl_get(const char *host, const char *ip, { db_access=entry->access; mysql_mutex_unlock(&acl_cache->lock); - DBUG_PRINT("exit", ("access: 0x%lx", db_access)); + DBUG_PRINT("exit", ("access: 0x%llx", (longlong) db_access)); DBUG_RETURN(db_access); } @@ -3343,7 +3351,7 @@ ulong acl_get(const char *host, const char *ip, /* No host specified for user. Get hostdata from host table */ - host_access=0; // Host must be found + host_access= NO_ACL; // Host must be found for (i=0 ; i < acl_hosts.elements ; i++) { ACL_HOST *acl_host=dynamic_element(&acl_hosts,i,ACL_HOST*); @@ -3368,7 +3376,7 @@ exit: acl_cache->add(entry); } mysql_mutex_unlock(&acl_cache->lock); - DBUG_PRINT("exit", ("access: 0x%lx", db_access & host_access)); + DBUG_PRINT("exit", ("access: 0x%llx", (longlong) (db_access & host_access))); DBUG_RETURN(db_access & host_access); } @@ -4281,7 +4289,7 @@ static bool test_if_create_new_users(THD *thd) if (!create_new_users) { TABLE_LIST tl; - ulong db_access; + privilege_t db_access(NO_ACL); tl.init_one_table(&MYSQL_SCHEMA_NAME, &MYSQL_TABLE_NAME[USER_TABLE], NULL, TL_WRITE); create_new_users= 1; @@ -4306,7 +4314,7 @@ static bool test_if_create_new_users(THD *thd) static USER_AUTH auth_no_password; static int replace_user_table(THD *thd, const User_table &user_table, - LEX_USER * const combo, ulong rights, + LEX_USER * const combo, privilege_t rights, const bool revoke_grant, const bool can_create_user, const bool no_auto_create) { @@ -4561,10 +4569,11 @@ end: static int replace_db_table(TABLE *table, const char *db, const LEX_USER &combo, - ulong rights, const bool revoke_grant) + privilege_t rights, const bool revoke_grant) { uint i; - ulong priv,store_rights; + ulonglong priv; + privilege_t store_rights(NO_ACL); bool old_row_exists=0; int error; char what= revoke_grant ? 'N' : 'Y'; @@ -4970,17 +4979,17 @@ class GRANT_COLUMN :public Sql_alloc { public: char *column; - ulong rights; - ulong init_rights; + privilege_t rights; + privilege_t init_rights; uint key_length; - GRANT_COLUMN(String &c, ulong y) :rights (y), init_rights(y) + GRANT_COLUMN(String &c, privilege_t y) :rights (y), init_rights(y) { column= (char*) memdup_root(&grant_memroot,c.ptr(), key_length=c.length()); } /* this constructor assumes thas source->column is allocated in grant_memroot */ GRANT_COLUMN(GRANT_COLUMN *source) : column(source->column), - rights (source->rights), init_rights(0), key_length(source->key_length) { } + rights (source->rights), init_rights(NO_ACL), key_length(source->key_length) { } }; @@ -4996,33 +5005,39 @@ class GRANT_NAME :public Sql_alloc public: acl_host_and_ip host; char *db, *user, *tname, *hash_key; - ulong privs; - ulong init_privs; /* privileges found in physical table */ + privilege_t privs; + privilege_t init_privs; /* privileges found in physical table */ ulonglong sort; size_t key_length; GRANT_NAME(const char *h, const char *d,const char *u, - const char *t, ulong p, bool is_routine); + const char *t, privilege_t p, bool is_routine); GRANT_NAME (TABLE *form, bool is_routine); virtual ~GRANT_NAME() {}; - virtual bool ok() { return privs != 0; } + virtual bool ok() { return privs != NO_ACL; } void set_user_details(const char *h, const char *d, const char *u, const char *t, bool is_routine); }; +static privilege_t get_access_value_from_val_int(Field *field) +{ + return privilege_t(ALL_KNOWN_ACL & (ulonglong) field->val_int()); +} + + class GRANT_TABLE :public GRANT_NAME { public: - ulong cols; - ulong init_cols; /* privileges found in physical table */ + privilege_t cols; + privilege_t init_cols; /* privileges found in physical table */ HASH hash_columns; GRANT_TABLE(const char *h, const char *d,const char *u, - const char *t, ulong p, ulong c); + const char *t, privilege_t p, privilege_t c); GRANT_TABLE (TABLE *form, TABLE *col_privs); ~GRANT_TABLE(); - bool ok() { return privs != 0 || cols != 0; } + bool ok() { return privs != NO_ACL || cols != NO_ACL; } void init_hash() { my_hash_init2(&hash_columns, 4, system_charset_info, 0, 0, 0, @@ -5057,15 +5072,15 @@ void GRANT_NAME::set_user_details(const char *h, const char *d, } GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u, - const char *t, ulong p, bool is_routine) + const char *t, privilege_t p, bool is_routine) :db(0), tname(0), privs(p), init_privs(p) { set_user_details(h, d, u, t, is_routine); } GRANT_TABLE::GRANT_TABLE(const char *h, const char *d,const char *u, - const char *t, ulong p, ulong c) - :GRANT_NAME(h,d,u,t,p, FALSE), cols(c) + const char *t, privilege_t p, privilege_t c) + :GRANT_NAME(h,d,u,t,p, FALSE), cols(c), init_cols(NO_ACL) { init_hash(); } @@ -5075,6 +5090,7 @@ GRANT_TABLE::GRANT_TABLE(const char *h, const char *d,const char *u, to 0 */ GRANT_NAME::GRANT_NAME(TABLE *form, bool is_routine) + :privs(NO_ACL), init_privs(NO_ACL) { user= safe_str(get_field(&grant_memroot,form->field[2])); @@ -5090,7 +5106,6 @@ GRANT_NAME::GRANT_NAME(TABLE *form, bool is_routine) if (!db || !tname) { /* Wrong table row; Ignore it */ - privs= 0; return; /* purecov: inspected */ } sort= get_magic_sort("hdu", host.hostname, db, user); @@ -5105,14 +5120,14 @@ GRANT_NAME::GRANT_NAME(TABLE *form, bool is_routine) key_length= (strlen(db) + strlen(user) + strlen(tname) + 3); hash_key= (char*) alloc_root(&grant_memroot, key_length); strmov(strmov(strmov(hash_key,user)+1,db)+1,tname); - privs = (ulong) form->field[6]->val_int(); + privs = get_access_value_from_val_int(form->field[6]); privs = fix_rights_for_table(privs); init_privs= privs; } GRANT_TABLE::GRANT_TABLE(TABLE *form, TABLE *col_privs) - :GRANT_NAME(form, FALSE) + :GRANT_NAME(form, FALSE), cols(NO_ACL), init_cols(NO_ACL) { uchar key[MAX_KEY_LENGTH]; @@ -5120,10 +5135,10 @@ GRANT_TABLE::GRANT_TABLE(TABLE *form, TABLE *col_privs) { /* Wrong table row; Ignore it */ my_hash_clear(&hash_columns); /* allow for destruction */ - cols= 0; + cols= NO_ACL; return; } - cols= (ulong) form->field[7]->val_int(); + cols= get_access_value_from_val_int(form->field[7]); cols= fix_rights_for_column(cols); /* Initial columns privileges are the same as column privileges on creation. @@ -5155,8 +5170,8 @@ GRANT_TABLE::GRANT_TABLE(TABLE *form, TABLE *col_privs) if (col_privs->file->ha_index_init(0, 1)) { - cols= 0; - init_cols= 0; + cols= NO_ACL; + init_cols= NO_ACL; return; } @@ -5164,8 +5179,8 @@ GRANT_TABLE::GRANT_TABLE(TABLE *form, TABLE *col_privs) (key_part_map)15, HA_READ_KEY_EXACT)) { - cols= 0; /* purecov: deadcode */ - init_cols= 0; + cols= NO_ACL; /* purecov: deadcode */ + init_cols= NO_ACL; col_privs->file->ha_index_end(); return; } @@ -5175,18 +5190,18 @@ GRANT_TABLE::GRANT_TABLE(TABLE *form, TABLE *col_privs) GRANT_COLUMN *mem_check; /* As column name is a string, we don't have to supply a buffer */ res=col_privs->field[4]->val_str(&column_name); - ulong priv= (ulong) col_privs->field[6]->val_int(); + privilege_t priv= get_access_value_from_val_int(col_privs->field[6]); if (!(mem_check = new GRANT_COLUMN(*res, fix_rights_for_column(priv)))) { /* Don't use this entry */ - privs= cols= init_privs= init_cols=0; /* purecov: deadcode */ + privs= cols= init_privs= init_cols= NO_ACL; /* purecov: deadcode */ return; /* purecov: deadcode */ } if (my_hash_insert(&hash_columns, (uchar *) mem_check)) { /* Invalidate this entry */ - privs= cols= init_privs= init_cols=0; + privs= cols= init_privs= init_cols= NO_ACL; return; } } while (!col_privs->file->ha_index_next(col_privs->record[0]) && @@ -5301,7 +5316,7 @@ static int replace_column_table(GRANT_TABLE *g_t, TABLE *table, const LEX_USER &combo, List <LEX_COLUMN> &columns, const char *db, const char *table_name, - ulong rights, bool revoke_grant) + privilege_t rights, bool revoke_grant) { int result=0; uchar key[MAX_KEY_LENGTH]; @@ -5339,7 +5354,7 @@ static int replace_column_table(GRANT_TABLE *g_t, while ((column= iter++)) { - ulong privileges= column->rights; + privilege_t privileges= column->rights; bool old_row_exists=0; uchar user_key[MAX_KEY_LENGTH]; @@ -5371,7 +5386,7 @@ static int replace_column_table(GRANT_TABLE *g_t, } else { - ulong tmp= (ulong) table->field[6]->val_int(); + privilege_t tmp= get_access_value_from_val_int(table->field[6]); tmp=fix_rights_for_column(tmp); if (revoke_grant) @@ -5441,7 +5456,7 @@ static int replace_column_table(GRANT_TABLE *g_t, /* Scan through all rows with the same host,db,user and table */ do { - ulong privileges = (ulong) table->field[6]->val_int(); + privilege_t privileges = get_access_value_from_val_int(table->field[6]); privileges=fix_rights_for_column(privileges); store_record(table,record[1]); @@ -5454,7 +5469,7 @@ static int replace_column_table(GRANT_TABLE *g_t, privileges&= ~rights; table->field[6]->store((longlong) - get_rights_for_column(privileges), TRUE); + get_rights_for_column(privileges), TRUE); table->field[4]->val_str(&column_name); grant_column = column_hash_search(g_t, column_name.ptr(), @@ -5518,13 +5533,13 @@ static inline void get_grantor(THD *thd, char *grantor) static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, - ulong rights, ulong col_rights, + privilege_t rights, privilege_t col_rights, bool revoke_grant) { char grantor[USER_HOST_BUFF_SIZE]; int old_row_exists = 1; int error=0; - ulong store_table_rights, store_col_rights; + privilege_t store_table_rights(NO_ACL), store_col_rights(NO_ACL); uchar user_key[MAX_KEY_LENGTH]; DBUG_ENTER("replace_table_table"); @@ -5580,10 +5595,9 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, store_col_rights= get_rights_for_column(col_rights); if (old_row_exists) { - ulong j,k; store_record(table,record[1]); - j = (ulong) table->field[6]->val_int(); - k = (ulong) table->field[7]->val_int(); + privilege_t j= get_access_value_from_val_int(table->field[6]); + privilege_t k= get_access_value_from_val_int(table->field[7]); if (revoke_grant) { @@ -5651,12 +5665,11 @@ static int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table, const LEX_USER &combo, const char *db, const char *routine_name, const Sp_handler *sph, - ulong rights, bool revoke_grant) + privilege_t rights, bool revoke_grant) { char grantor[USER_HOST_BUFF_SIZE]; int old_row_exists= 1; int error=0; - ulong store_proc_rights; HASH *hash= sph->get_priv_hash(); DBUG_ENTER("replace_routine_table"); @@ -5714,12 +5727,11 @@ static int replace_routine_table(THD *thd, GRANT_NAME *grant_name, restore_record(table,record[1]); // Get saved record } - store_proc_rights= get_rights_for_procedure(rights); + privilege_t store_proc_rights= get_rights_for_procedure(rights); if (old_row_exists) { - ulong j; store_record(table,record[1]); - j= (ulong) table->field[6]->val_int(); + privilege_t j= get_access_value_from_val_int(table->field[6]); if (revoke_grant) { @@ -6122,7 +6134,7 @@ typedef Hash_set<ACL_ROLE> role_hash_t; static bool merge_role_global_privileges(ACL_ROLE *grantee) { - ulong old= grantee->access; + privilege_t old= grantee->access; grantee->access= grantee->initial_role_access; DBUG_EXECUTE_IF("role_merge_stats", role_global_merges++;); @@ -6153,7 +6165,7 @@ static int db_name_sort(const int *db1, const int *db2) 2 - ACL_DB was added 4 - ACL_DB was deleted */ -static int update_role_db(int merged, int first, ulong access, +static int update_role_db(int merged, int first, privilege_t access, const char *role) { if (first < 0) @@ -6178,12 +6190,12 @@ static int update_role_db(int merged, int first, ulong access, acl_db.host.ip= acl_db.host.ip_mask= 0; acl_db.db= acl_dbs.at(first).db; acl_db.access= access; - acl_db.initial_access= 0; + acl_db.initial_access= NO_ACL; acl_db.sort= get_magic_sort("hdu", "", acl_db.db, role); acl_dbs.push(acl_db); return 2; } - else if (access == 0) + else if (access == NO_ACL) { /* there is ACL_DB but the role has no db privileges granted @@ -6245,14 +6257,15 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname, is not necessarily the first and may be not present at all. */ int first= -1, merged= -1; - ulong access= 0, update_flags= 0; + privilege_t access(NO_ACL); + ulong update_flags= 0; for (int *p= dbs.front(); p <= dbs.back(); p++) { if (first<0 || (!dbname && strcmp(acl_dbs.at(p[0]).db, acl_dbs.at(p[-1]).db))) { // new db name series update_flags|= update_role_db(merged, first, access, grantee->user.str); merged= -1; - access= 0; + access= NO_ACL; first= *p; } if (strcmp(acl_dbs.at(*p).user, grantee->user.str) == 0) @@ -6310,7 +6323,7 @@ static int update_role_columns(GRANT_TABLE *merged, GRANT_TABLE **cur, GRANT_TABLE **last) { - ulong rights __attribute__((unused))= 0; + privilege_t rights __attribute__((unused)) (NO_ACL); int changed= 0; if (!merged->cols) { @@ -6380,7 +6393,8 @@ static int update_role_columns(GRANT_TABLE *merged, */ static int update_role_table_columns(GRANT_TABLE *merged, GRANT_TABLE **first, GRANT_TABLE **last, - ulong privs, ulong cols, const char *role) + privilege_t privs, privilege_t cols, + const char *role) { if (!first) return 0; @@ -6396,12 +6410,12 @@ static int update_role_table_columns(GRANT_TABLE *merged, DBUG_ASSERT(privs | cols); merged= new (&grant_memroot) GRANT_TABLE("", first[0]->db, role, first[0]->tname, privs, cols); - merged->init_privs= merged->init_cols= 0; + merged->init_privs= merged->init_cols= NO_ACL; update_role_columns(merged, first, last); my_hash_insert(&column_priv_hash,(uchar*) merged); return 2; } - else if ((privs | cols) == 0) + else if ((privs | cols) == NO_ACL) { /* there is GRANT_TABLE object but the role has no table or column @@ -6456,7 +6470,8 @@ static bool merge_role_table_and_column_privileges(ACL_ROLE *grantee, grants.sort(table_name_sort); GRANT_TABLE **first= NULL, *merged= NULL, **cur; - ulong privs= 0, cols= 0, update_flags= 0; + privilege_t privs(NO_ACL), cols(NO_ACL); + ulong update_flags= 0; for (cur= grants.front(); cur <= grants.back(); cur++) { if (!first || @@ -6466,7 +6481,7 @@ static bool merge_role_table_and_column_privileges(ACL_ROLE *grantee, update_flags|= update_role_table_columns(merged, first, cur, privs, cols, grantee->user.str); merged= NULL; - privs= cols= 0; + privs= cols= NO_ACL; first= cur; } if (strcmp(cur[0]->user, grantee->user.str) == 0) @@ -6509,7 +6524,7 @@ static int routine_name_sort(GRANT_NAME * const *r1, GRANT_NAME * const *r2) 4 - GRANT_NAME was deleted */ static int update_role_routines(GRANT_NAME *merged, GRANT_NAME **first, - ulong privs, const char *role, HASH *hash) + privilege_t privs, const char *role, HASH *hash) { if (!first) return 0; @@ -6525,11 +6540,11 @@ static int update_role_routines(GRANT_NAME *merged, GRANT_NAME **first, DBUG_ASSERT(privs); merged= new (&grant_memroot) GRANT_NAME("", first[0]->db, role, first[0]->tname, privs, true); - merged->init_privs= 0; // all privs are inherited + merged->init_privs= NO_ACL; // all privs are inherited my_hash_insert(hash, (uchar *)merged); return 2; } - else if (privs == 0) + else if (privs == NO_ACL) { /* there is GRANT_NAME but the role has no privileges granted @@ -6580,7 +6595,7 @@ static bool merge_role_routine_grant_privileges(ACL_ROLE *grantee, grants.sort(routine_name_sort); GRANT_NAME **first= NULL, *merged= NULL; - ulong privs= 0 ; + privilege_t privs(NO_ACL); for (GRANT_NAME **cur= grants.front(); cur <= grants.back(); cur++) { if (!first || @@ -6590,7 +6605,7 @@ static bool merge_role_routine_grant_privileges(ACL_ROLE *grantee, update_flags|= update_role_routines(merged, first, privs, grantee->user.str, hash); merged= NULL; - privs= 0; + privs= NO_ACL; first= cur; } if (strcmp(cur[0]->user, grantee->user.str) == 0) @@ -6714,10 +6729,10 @@ static bool copy_and_check_auth(LEX_USER *to, LEX_USER *from, THD *thd) int mysql_table_grant(THD *thd, TABLE_LIST *table_list, List <LEX_USER> &user_list, - List <LEX_COLUMN> &columns, ulong rights, + List <LEX_COLUMN> &columns, privilege_t rights, bool revoke_grant) { - ulong column_priv= 0; + privilege_t column_priv(NO_ACL); int result; List_iterator <LEX_USER> str_list (user_list); LEX_USER *Str, *tmp_Str; @@ -6837,7 +6852,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, /* Create user if needed */ error= copy_and_check_auth(Str, tmp_Str, thd) || replace_user_table(thd, tables.user_table(), Str, - 0, revoke_grant, create_new_users, + NO_ACL, revoke_grant, create_new_users, MY_TEST(thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER)); if (unlikely(error)) @@ -6890,7 +6905,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, grant_column->rights&= ~(column->rights | rights); } /* scan trough all columns to get new column grant */ - column_priv= 0; + column_priv= NO_ACL; for (uint idx=0 ; idx < grant_table->hash_columns.records ; idx++) { grant_column= (GRANT_COLUMN*) @@ -6967,7 +6982,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, const Sp_handler *sph, - List <LEX_USER> &user_list, ulong rights, + List <LEX_USER> &user_list, privilege_t rights, bool revoke_grant, bool write_to_binlog) { List_iterator <LEX_USER> str_list (user_list); @@ -7017,7 +7032,7 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, /* Create user if needed */ if (copy_and_check_auth(Str, tmp_Str, thd) || replace_user_table(thd, tables.user_table(), Str, - 0, revoke_grant, create_new_users, + NO_ACL, revoke_grant, create_new_users, MY_TEST(thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER))) { @@ -7288,7 +7303,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) user_combo.user = username; if (copy_and_check_auth(&user_combo, &user_combo, thd) || - replace_user_table(thd, tables.user_table(), &user_combo, 0, + replace_user_table(thd, tables.user_table(), &user_combo, NO_ACL, false, create_new_user, no_auto_create_user)) { @@ -7401,7 +7416,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list, - ulong rights, bool revoke_grant, bool is_proxy) + privilege_t rights, bool revoke_grant, bool is_proxy) { List_iterator <LEX_USER> str_list (list); LEX_USER *Str, *tmp_Str, *proxied_user= NULL; @@ -7460,13 +7475,14 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list, if (copy_and_check_auth(Str, tmp_Str, thd) || replace_user_table(thd, tables.user_table(), Str, - (!db ? rights : 0), revoke_grant, create_new_users, + (!db ? rights : NO_ACL), + revoke_grant, create_new_users, MY_TEST(thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER))) result= true; else if (db) { - ulong db_rights= rights & DB_ACLS; + privilege_t db_rights(rights & DB_ACLS); if (db_rights == rights) { if (replace_db_table(tables.db_table().table(), db, *Str, db_rights, @@ -7840,14 +7856,14 @@ bool grant_reload(THD *thd) */ -bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, +bool check_grant(THD *thd, privilege_t want_access, TABLE_LIST *tables, bool any_combination_will_do, uint number, bool no_errors) { TABLE_LIST *tl; TABLE_LIST *first_not_own_table= thd->lex->first_not_own_table(); Security_context *sctx= thd->security_ctx; uint i; - ulong original_want_access= want_access; + privilege_t original_want_access(want_access); bool locked= 0; GRANT_TABLE *grant_table; GRANT_TABLE *grant_table_role= NULL; @@ -7881,7 +7897,7 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, TABLE_LIST *const t_ref= tl->correspondent_table ? tl->correspondent_table : tl; sctx= t_ref->security_ctx ? t_ref->security_ctx : thd->security_ctx; - ulong orig_want_access= original_want_access; + privilege_t orig_want_access(original_want_access); /* If sequence is used as part of NEXT VALUE, PREVIOUS VALUE or SELECT, @@ -7952,7 +7968,7 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, clause, or an INFORMATION_SCHEMA table, drop the request for a privilege. */ - t_ref->grant.want_privilege= 0; + t_ref->grant.want_privilege= NO_ACL; } continue; } @@ -7966,7 +7982,7 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, if user has CREATE_TMP_ACL. */ t_ref->grant.privilege|= TMP_TABLE_ACLS; - t_ref->grant.want_privilege= 0; + t_ref->grant.want_privilege= NO_ACL; continue; } @@ -8003,15 +8019,15 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, t_ref->grant.grant_table_user= grant_table; // Remember for column test t_ref->grant.grant_table_role= grant_table_role; t_ref->grant.version= grant_version; - t_ref->grant.privilege|= grant_table ? grant_table->privs : 0; - t_ref->grant.privilege|= grant_table_role ? grant_table_role->privs : 0; + t_ref->grant.privilege|= grant_table ? grant_table->privs : NO_ACL; + t_ref->grant.privilege|= grant_table_role ? grant_table_role->privs : NO_ACL; t_ref->grant.want_privilege= ((want_access & COL_ACLS) & ~t_ref->grant.privilege); if (!(~t_ref->grant.privilege & want_access)) continue; - if ((want_access&= ~((grant_table ? grant_table->cols : 0) | - (grant_table_role ? grant_table_role->cols : 0) | + if ((want_access&= ~((grant_table ? grant_table->cols : NO_ACL) | + (grant_table_role ? grant_table_role->cols : NO_ACL) | t_ref->grant.privilege))) { goto err; // impossible @@ -8065,9 +8081,10 @@ bool check_grant_column(THD *thd, GRANT_INFO *grant, GRANT_TABLE *grant_table; GRANT_TABLE *grant_table_role; GRANT_COLUMN *grant_column; - ulong want_access= grant->want_privilege & ~grant->privilege; + privilege_t want_access(grant->want_privilege & ~grant->privilege); DBUG_ENTER("check_grant_column"); - DBUG_PRINT("enter", ("table: %s want_access: %lu", table_name, want_access)); + DBUG_PRINT("enter", ("table: %s want_access: %llx", + table_name, (longlong) want_access)); if (!want_access) DBUG_RETURN(0); // Already checked @@ -8172,7 +8189,7 @@ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, if (table_ref->view || table_ref->field_translation) { /* View or derived information schema table. */ - ulong view_privs; + privilege_t view_privs(NO_ACL); grant= &(table_ref->grant); db_name= table_ref->view_db.str; table_name= table_ref->view_name.str; @@ -8223,11 +8240,11 @@ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, For each table it will retrieve the grant information and will use it to check the required access privileges for the fields requested from it. */ -bool check_grant_all_columns(THD *thd, ulong want_access_arg, +bool check_grant_all_columns(THD *thd, privilege_t want_access_arg, Field_iterator_table_ref *fields) { Security_context *sctx= thd->security_ctx; - ulong UNINIT_VAR(want_access); + privilege_t want_access(NO_ACL); const char *table_name= NULL; const char* db_name; GRANT_INFO *grant; @@ -8279,7 +8296,7 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg, if (want_access) { - ulong have_access= 0; + privilege_t have_access(NO_ACL); if (grant_table) { GRANT_COLUMN *grant_column= @@ -8446,7 +8463,7 @@ bool check_grant_db(THD *thd, const char *db) 1 Error: User did not have the requested privielges ****************************************************************************/ -bool check_grant_routine(THD *thd, ulong want_access, +bool check_grant_routine(THD *thd, privilege_t want_access, TABLE_LIST *procs, const Sp_handler *sph, bool no_errors) { @@ -8549,9 +8566,8 @@ bool check_routine_level_acl(THD *thd, const char *db, const char *name, Functions to retrieve the grant for a table/column (for SHOW functions) *****************************************************************************/ -ulong get_table_grant(THD *thd, TABLE_LIST *table) +privilege_t get_table_grant(THD *thd, TABLE_LIST *table) { - ulong privilege; Security_context *sctx= thd->security_ctx; const char *db = table->db.str ? table->db.str : thd->db.str; GRANT_TABLE *grant_table; @@ -8575,7 +8591,7 @@ ulong get_table_grant(THD *thd, TABLE_LIST *table) table->grant.privilege|= grant_table->privs; if (grant_table_role) table->grant.privilege|= grant_table_role->privs; - privilege= table->grant.privilege; + privilege_t privilege(table->grant.privilege); mysql_rwlock_unlock(&LOCK_grant); return privilege; } @@ -8599,14 +8615,14 @@ ulong get_table_grant(THD *thd, TABLE_LIST *table) The access priviliges for the field db_name.table_name.field_name */ -ulong get_column_grant(THD *thd, GRANT_INFO *grant, - const char *db_name, const char *table_name, - const char *field_name) +privilege_t get_column_grant(THD *thd, GRANT_INFO *grant, + const char *db_name, const char *table_name, + const char *field_name) { GRANT_TABLE *grant_table; GRANT_TABLE *grant_table_role; GRANT_COLUMN *grant_column; - ulong priv= 0; + privilege_t priv(NO_ACL); mysql_rwlock_rdlock(&LOCK_grant); /* reload table if someone has modified any grants */ @@ -9182,7 +9198,7 @@ static bool show_global_privileges(THD *thd, ACL_USER_BASE *acl_entry, char *buff, size_t buffsize) { uint counter; - ulong want_access; + privilege_t want_access(NO_ACL); Protocol *protocol= thd->protocol; String global(buff,sizeof(buff),system_charset_info); @@ -9200,7 +9216,8 @@ static bool show_global_privileges(THD *thd, ACL_USER_BASE *acl_entry, else { bool found=0; - ulong j,test_access= want_access & ~GRANT_ACL; + ulonglong j; + privilege_t test_access(want_access & ~GRANT_ACL); for (counter=0, j = SELECT_ACL;j <= GLOBAL_ACLS;counter++,j <<= 1) { if (test_access & j) @@ -9233,7 +9250,7 @@ static bool show_database_privileges(THD *thd, const char *username, const char *hostname, char *buff, size_t buffsize) { - ulong want_access; + privilege_t want_access(NO_ACL); Protocol *protocol= thd->protocol; for (uint i=0 ; i < acl_dbs.elements() ; i++) @@ -9275,7 +9292,8 @@ static bool show_database_privileges(THD *thd, const char *username, else { int found=0, cnt; - ulong j,test_access= want_access & ~GRANT_ACL; + ulonglong j; + privilege_t test_access(want_access & ~GRANT_ACL); for (cnt=0, j = SELECT_ACL; j <= DB_ACLS; cnt++,j <<= 1) { if (test_access & j) @@ -9340,8 +9358,8 @@ static bool show_table_and_column_privileges(THD *thd, const char *username, if (!strcmp(username,user) && !my_strcasecmp(system_charset_info, hostname, host)) { - ulong table_access; - ulong cols_access; + privilege_t table_access(NO_ACL); + privilege_t cols_access(NO_ACL); if (*hostname) // User { table_access= grant_table->privs; @@ -9353,10 +9371,10 @@ static bool show_table_and_column_privileges(THD *thd, const char *username, cols_access= grant_table->init_cols; } - if ((table_access | cols_access) != 0) + if ((table_access | cols_access) != NO_ACL) { String global(buff, sizeof(buff), system_charset_info); - ulong test_access= (table_access | cols_access) & ~GRANT_ACL; + privilege_t test_access= (table_access | cols_access) & ~GRANT_ACL; global.length(0); global.append(STRING_WITH_LEN("GRANT ")); @@ -9369,7 +9387,7 @@ static bool show_table_and_column_privileges(THD *thd, const char *username, { /* Add specific column access */ int found= 0; - ulong j; + ulonglong j; for (counter= 0, j= SELECT_ACL; j <= TABLE_ACLS; counter++, j<<= 1) { @@ -9482,16 +9500,16 @@ static int show_routine_grants(THD* thd, if (!strcmp(username, user) && !my_strcasecmp(system_charset_info, hostname, host)) { - ulong proc_access; + privilege_t proc_access(NO_ACL); if (*hostname) // User proc_access= grant_proc->privs; else // Role proc_access= grant_proc->init_privs; - if (proc_access != 0) + if (proc_access != NO_ACL) { String global(buff, buffsize, system_charset_info); - ulong test_access= proc_access & ~GRANT_ACL; + privilege_t test_access(proc_access & ~GRANT_ACL); global.length(0); global.append(STRING_WITH_LEN("GRANT ")); @@ -9502,7 +9520,7 @@ static int show_routine_grants(THD* thd, { /* Add specific procedure access */ int found= 0; - ulong j; + ulonglong j; for (counter= 0, j= SELECT_ACL; j <= PROC_ACLS; counter++, j<<= 1) { @@ -9554,13 +9572,13 @@ static int show_routine_grants(THD* thd, Make a clear-text version of the requested privilege. */ -void get_privilege_desc(char *to, uint max_length, ulong access) +void get_privilege_desc(char *to, uint max_length, privilege_t access_arg) { uint pos; char *start=to; DBUG_ASSERT(max_length >= 30); // For end ', ' removal - if (access) + if (ulonglong access= access_arg) { max_length--; // Reserve place for end-zero for (pos=0 ; access ; pos++, access>>=1) @@ -10598,7 +10616,8 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) } } - if (replace_user_table(thd, tables.user_table(), user_name, 0, 0, 1, 0)) + if (replace_user_table(thd, tables.user_table(), user_name, + NO_ACL, 0, 1, 0)) { append_user(thd, &wrong_users, user_name); result= TRUE; @@ -10900,8 +10919,9 @@ int mysql_alter_user(THD* thd, List<LEX_USER> &users_list) while ((tmp_lex_user= users_list_iterator++)) { LEX_USER* lex_user= get_current_user(thd, tmp_lex_user, false); - if (!lex_user || replace_user_table(thd, tables.user_table(), lex_user, 0, - false, false, true)) + if (!lex_user || + replace_user_table(thd, tables.user_table(), lex_user, NO_ACL, + false, false, true)) { thd->clear_error(); append_user(thd, &wrong_users, tmp_lex_user); @@ -10963,7 +10983,7 @@ mysql_revoke_sp_privs(THD *thd, Grant_tables *tables, const Sp_handler *sph, tables->procs_priv_table().table(), *lex_user, grant_proc->db, grant_proc->tname, - sph, ~(ulong)0, 1) == 0) + sph, ALL_KNOWN_ACL, 1) == 0) { revoked= 1; continue; @@ -11029,7 +11049,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) } if (replace_user_table(thd, tables.user_table(), lex_user, - ~(ulong)0, 1, 0, 0)) + ALL_KNOWN_ACL, 1, 0, 0)) { result= -1; continue; @@ -11058,7 +11078,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) /* TODO(cvicentiu) refactor replace_db_table to use Db_table instead of TABLE directly. */ if (!replace_db_table(tables.db_table().table(), acl_db->db, *lex_user, - ~(ulong)0, 1)) + ALL_KNOWN_ACL, 1)) { /* Don't increment counter as replace_db_table deleted the @@ -11092,7 +11112,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) if (replace_table_table(thd, grant_table, tables.tables_priv_table().table(), *lex_user, grant_table->db, - grant_table->tname, ~(ulong)0, 0, 1)) + grant_table->tname, ALL_KNOWN_ACL, NO_ACL, 1)) { result= -1; } @@ -11109,7 +11129,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) if (!replace_column_table(grant_table, tables.columns_priv_table().table(), *lex_user, columns, grant_table->db, - grant_table->tname, ~(ulong)0, 1)) + grant_table->tname, ALL_KNOWN_ACL, 1)) { revoked= 1; continue; @@ -11318,7 +11338,7 @@ bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, if (replace_routine_table(thd, grant_proc, tables.procs_priv_table().table(), lex_user, grant_proc->db, grant_proc->tname, - sph, ~(ulong)0, 1) == 0) + sph, ALL_KNOWN_ACL, 1) == 0) { revoked= 1; continue; @@ -11652,7 +11672,7 @@ static int show_database_grants(THD *thd, SHOW_VAR *var, char *buff, #else static bool set_user_salt_if_needed(ACL_USER *, int, plugin_ref) { return 0; } -bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool) +bool check_grant(THD *, privilege_t, TABLE_LIST *, bool, uint, bool) { return 0; } #endif /*NO_EMBEDDED_ACCESS_CHECKS */ @@ -11741,7 +11761,7 @@ bool Sql_cmd_grant_proxy::execute(THD *thd) LEX *lex= thd->lex; DBUG_ASSERT(lex->first_select_lex()->table_list.first == NULL); - DBUG_ASSERT((m_grant_option & ~GRANT_ACL) == 0); // only WITH GRANT OPTION + DBUG_ASSERT((m_grant_option & ~GRANT_ACL) == NO_ACL); // only WITH GRANT OPTION grant_stage0(thd); @@ -11767,7 +11787,7 @@ wsrep_error_label: bool Sql_cmd_grant_object::grant_stage0_exact_object(THD *thd, TABLE_LIST *table) { - uint priv= m_object_privilege | m_column_privilege_total | GRANT_ACL; + privilege_t priv= m_object_privilege | m_column_privilege_total | GRANT_ACL; if (check_access(thd, priv, table->db.str, &table->grant.privilege, &table->grant.m_internal, 0, 0)) @@ -11802,7 +11822,7 @@ bool Sql_cmd_grant_sp::execute(THD *thd) DBUG_ASSERT(!m_column_privilege_total); LEX *lex= thd->lex; TABLE_LIST *table= lex->first_select_lex()->table_list.first; - uint grants= m_all_privileges + privilege_t grants= m_all_privileges ? (PROC_ACLS & ~GRANT_ACL) | (m_object_privilege & GRANT_ACL) : m_object_privilege; @@ -12068,7 +12088,6 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) int error= 0; uint counter; ACL_USER *acl_user; - ulong want_access; char buff[100]; TABLE *table= tables->table; bool no_global_access= check_access(thd, SELECT_ACL, "mysql", @@ -12090,7 +12109,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) !thd->security_ctx->is_priv_user(user, host)) continue; - want_access= acl_user->access; + privilege_t want_access(acl_user->access); if (!(want_access & GRANT_ACL)) is_grantable= "NO"; @@ -12107,7 +12126,8 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) else { uint priv_id; - ulong j,test_access= want_access & ~GRANT_ACL; + ulonglong j; + privilege_t test_access(want_access & ~GRANT_ACL); for (priv_id=0, j = SELECT_ACL;j <= GLOBAL_ACLS; priv_id++,j <<= 1) { if (test_access & j) @@ -12139,7 +12159,6 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) int error= 0; uint counter; ACL_DB *acl_db; - ulong want_access; char buff[100]; TABLE *table= tables->table; bool no_global_access= check_access(thd, SELECT_ACL, "mysql", @@ -12162,7 +12181,7 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) !thd->security_ctx->is_priv_user(user, host)) continue; - want_access=acl_db->access; + privilege_t want_access(acl_db->access); if (want_access) { if (!(want_access & GRANT_ACL)) @@ -12182,7 +12201,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) else { int cnt; - ulong j,test_access= want_access & ~GRANT_ACL; + ulonglong j; + privilege_t test_access(want_access & ~GRANT_ACL); for (cnt=0, j = SELECT_ACL; j <= DB_ACLS; cnt++,j <<= 1) if (test_access & j) { @@ -12232,10 +12252,10 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) !thd->security_ctx->is_priv_user(user, host)) continue; - ulong table_access= grant_table->privs; + privilege_t table_access(grant_table->privs); if (table_access) { - ulong test_access= table_access & ~GRANT_ACL; + privilege_t test_access(table_access & ~GRANT_ACL); /* We should skip 'usage' privilege on table if we have any privileges on column(s) of this table @@ -12258,7 +12278,7 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) } else { - ulong j; + ulonglong j; int cnt; for (cnt= 0, j= SELECT_ACL; j <= TABLE_ACLS; cnt++, j<<= 1) { @@ -12312,19 +12332,19 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) !thd->security_ctx->is_priv_user(user, host)) continue; - ulong table_access= grant_table->cols; - if (table_access != 0) + privilege_t table_access(grant_table->cols); + if (table_access != NO_ACL) { if (!(grant_table->privs & GRANT_ACL)) is_grantable= "NO"; - ulong test_access= table_access & ~GRANT_ACL; + privilege_t test_access(table_access & ~GRANT_ACL); strxmov(buff, "'", user, "'@'", host, "'", NullS); if (!test_access) continue; else { - ulong j; + ulonglong j; int cnt; for (cnt= 0, j= SELECT_ACL; j <= TABLE_ACLS; cnt++, j<<= 1) { @@ -12388,8 +12408,8 @@ void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, if (!initialized) { DBUG_PRINT("info", ("skip grants")); - grant->privilege= ~NO_ACCESS; // everything is allowed - DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege)); + grant->privilege= ALL_KNOWN_ACL; // everything is allowed + DBUG_PRINT("info", ("privilege 0x%llx", (longlong) grant->privilege)); DBUG_VOID_RETURN; } @@ -12433,7 +12453,7 @@ void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, } mysql_rwlock_unlock(&LOCK_grant); - DBUG_PRINT("info", ("privilege 0x%lx", grant->privilege)); + DBUG_PRINT("info", ("privilege 0x%llx", (longlong) grant->privilege)); DBUG_VOID_RETURN; } @@ -14131,11 +14151,11 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len) DBUG_PRINT("info", ("Capabilities: %llu packet_length: %ld Host: '%s' " "Login user: '%s' Priv_user: '%s' Using password: %s " - "Access: %lu db: '%s'", + "Access: %llx db: '%s'", thd->client_capabilities, thd->max_client_packet_length, sctx->host_or_ip, sctx->user, sctx->priv_user, thd->password ? "yes": "no", - sctx->master_access, mpvio.db.str)); + (longlong) sctx->master_access, mpvio.db.str)); if (command == COM_CONNECT && !(thd->main_security_ctx.master_access & SUPER_ACL)) @@ -14152,14 +14172,14 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len) set to 0 here because we don't have an active database yet (and we may not have an active database to set. */ - sctx->db_access=0; + sctx->db_access= NO_ACL; #ifndef NO_EMBEDDED_ACCESS_CHECKS /* In case the user has a default role set, attempt to set that role */ if (initialized && acl_user->default_rolename.length) { - ulonglong access= 0; + privilege_t access(NO_ACL); int result; result= acl_check_setrole(thd, acl_user->default_rolename.str, &access); if (!result) |