diff options
| -rw-r--r-- | mysql-test/r/grant.result | 22 | ||||
| -rw-r--r-- | mysql-test/t/grant.test | 17 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 56 |
3 files changed, 69 insertions, 26 deletions
diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index 2a433e3d5db..19d83a95c5e 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -36,6 +36,28 @@ Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA' delete from mysql.user where user='mysqltest_1'; flush privileges; +delete from mysql.user where user='mysqltest_1'; +flush privileges; +grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10; +select * from mysql.user where user="mysqltest_1"; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections +localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 10 0 0 +show grants for mysqltest_1@localhost; +Grants for mysqltest_1@localhost +GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 +grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30; +select * from mysql.user where user="mysqltest_1"; +Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections +localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 10 20 30 +show grants for mysqltest_1@localhost; +Grants for mysqltest_1@localhost +GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30 +flush privileges; +show grants for mysqltest_1@localhost; +Grants for mysqltest_1@localhost +GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30 +delete from mysql.user where user='mysqltest_1'; +flush privileges; grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost; show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index d9b4be04de3..960c55065fe 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -28,6 +28,23 @@ delete from mysql.user where user='mysqltest_1'; flush privileges; # +# Test of GRANTS specifying user limits +# +delete from mysql.user where user='mysqltest_1'; +flush privileges; +grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10; +select * from mysql.user where user="mysqltest_1"; +show grants for mysqltest_1@localhost; +grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30; +select * from mysql.user where user="mysqltest_1"; +show grants for mysqltest_1@localhost; +# This is just to double check that one won't ignore results of selects +flush privileges; +show grants for mysqltest_1@localhost; +delete from mysql.user where user='mysqltest_1'; +flush privileges; + +# # Test that the new db privileges are stored/retrieved correctly # diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 67ca62357ec..1b55168695b 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1403,6 +1403,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, Field **tmp_field; ulong priv; + uint next_field; for (tmp_field= table->field+3, priv = SELECT_ACL; *tmp_field && (*tmp_field)->real_type() == FIELD_TYPE_ENUM && ((Field_enum*) (*tmp_field))->typelib->count == 2 ; @@ -1411,56 +1412,59 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, if (priv & rights) // set requested privileges (*tmp_field)->store(&what,1); } - rights=get_access(table,3,0); + rights= get_access(table, 3, &next_field); DBUG_PRINT("info",("table->fields: %d",table->fields)); if (table->fields >= 31) /* From 4.0.0 we have more fields */ { /* We write down SSL related ACL stuff */ switch (thd->lex.ssl_type) { case SSL_TYPE_ANY: - table->field[24]->store("ANY",3); - table->field[25]->store("",0); - table->field[26]->store("",0); - table->field[27]->store("",0); + table->field[next_field]->store("ANY", 3); + table->field[next_field+1]->store("", 0); + table->field[next_field+2]->store("", 0); + table->field[next_field+3]->store("", 0); break; case SSL_TYPE_X509: - table->field[24]->store("X509",4); - table->field[25]->store("",0); - table->field[26]->store("",0); - table->field[27]->store("",0); + table->field[next_field]->store("X509", 4); + table->field[next_field+1]->store("", 0); + table->field[next_field+2]->store("", 0); + table->field[next_field+3]->store("", 0); break; case SSL_TYPE_SPECIFIED: - table->field[24]->store("SPECIFIED",9); - table->field[25]->store("",0); - table->field[26]->store("",0); - table->field[27]->store("",0); + table->field[next_field]->store("SPECIFIED", 9); + table->field[next_field+1]->store("", 0); + table->field[next_field+2]->store("", 0); + table->field[next_field+3]->store("", 0); if (thd->lex.ssl_cipher) - table->field[25]->store(thd->lex.ssl_cipher, - strlen(thd->lex.ssl_cipher)); + table->field[next_field+1]->store(thd->lex.ssl_cipher, + strlen(thd->lex.ssl_cipher)); if (thd->lex.x509_issuer) - table->field[26]->store(thd->lex.x509_issuer, - strlen(thd->lex.x509_issuer)); + table->field[next_field+2]->store(thd->lex.x509_issuer, + strlen(thd->lex.x509_issuer)); if (thd->lex.x509_subject) - table->field[27]->store(thd->lex.x509_subject, - strlen(thd->lex.x509_subject)); + table->field[next_field+3]->store(thd->lex.x509_subject, + strlen(thd->lex.x509_subject)); break; case SSL_TYPE_NOT_SPECIFIED: break; case SSL_TYPE_NONE: - table->field[24]->store("",0); - table->field[25]->store("",0); - table->field[26]->store("",0); - table->field[27]->store("",0); + table->field[next_field]->store("", 0); + table->field[next_field+1]->store("", 0); + table->field[next_field+2]->store("", 0); + table->field[next_field+3]->store("", 0); break; } + /* Skip over SSL related fields to first user limits related field */ + next_field+= 4; + USER_RESOURCES mqh = thd->lex.mqh; if (mqh.bits & 1) - table->field[28]->store((longlong) mqh.questions); + table->field[next_field]->store((longlong) mqh.questions); if (mqh.bits & 2) - table->field[29]->store((longlong) mqh.updates); + table->field[next_field+1]->store((longlong) mqh.updates); if (mqh.bits & 4) - table->field[30]->store((longlong) mqh.connections); + table->field[next_field+2]->store((longlong) mqh.connections); mqh_used = mqh_used || mqh.questions || mqh.updates || mqh.connections; } if (old_row_exists) |