diff options
| author | jani@a193-229-222-105.elisa-laajakaista.fi <> | 2005-03-18 13:32:28 +0200 |
|---|---|---|
| committer | jani@a193-229-222-105.elisa-laajakaista.fi <> | 2005-03-18 13:32:28 +0200 |
| commit | 5537d21466978b641190f977065449536bab7a0d (patch) | |
| tree | 5c0bffa6d1ac69b2b7cd0e0dbfa6f2bb92cff785 /sql | |
| parent | d53423383b11d0caf805204b01438fea681509c4 (diff) | |
| download | mariadb-git-5537d21466978b641190f977065449536bab7a0d.tar.gz | |
Added more tests to grant2. Fixed some previous tests.
Added new logic to ACL system:
1) If GRANT OPTION (not mysql db):
Ok to update existing user, but not password.
Not allowed to make a new user.
2) If UPDATE_ACL to mysql DB:
Ok to update current user, but not make a new one.
3) If INSERT_ACL to mysql DB:
Ok to add a new user, but not modify existing.
4) If GRANT OPTION to mysql DB:
All modifications OK.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_acl.h | 2 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 34 |
2 files changed, 28 insertions, 8 deletions
diff --git a/sql/sql_acl.h b/sql/sql_acl.h index 24916fd4385..e9e58e40e12 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -190,6 +190,8 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list, bool mysql_procedure_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list, ulong rights, bool revoke, bool no_error); +ACL_USER *check_acl_user(LEX_USER *user_name, + uint *acl_acl_userdx); my_bool grant_init(THD *thd); void grant_free(void); void grant_reload(THD *thd); diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index cc5bd90e4f2..0be59c250a4 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3629,18 +3629,36 @@ unsent_create_error: if (thd->user) // If not replication { LEX_USER *user; + uint counter; + List_iterator <LEX_USER> user_list(lex->users_list); while ((user=user_list++)) { - if (user->password.str && - (strcmp(thd->user, user->user.str) || - user->host.str && - my_strcasecmp(system_charset_info, - user->host.str, thd->host_or_ip))) + if (strcmp(thd->user, user->user.str) || + user->host.str && + my_strcasecmp(system_charset_info, + user->host.str, thd->host_or_ip)) { - if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 0)) - goto error; - break; // We are allowed to do changes + // We are trying to update another user, or create a new user + + if (!check_access(thd, GRANT_ACL, "mysql", 0, 1, 1)) + break; // We can update any existing, or add new users + + if (!check_acl_user(user, &counter) && + check_access(thd, INSERT_ACL, "mysql", 0, 1, 1)) + { + my_error(ER_NO_PERMISSION_TO_CREATE_USER, MYF(0), + thd->user, thd->host_or_ip); + goto error; // Can't create new user, user does not exists + } + if (check_acl_user(user, &counter) && + user->password.str && + check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1)) + { + my_message(ER_PASSWORD_NOT_ALLOWED, + ER(ER_PASSWORD_NOT_ALLOWED), MYF(0)); + goto error; // Can't update password, user already exists + } } } } |