diff options
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 54 |
1 files changed, 46 insertions, 8 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 3958cb3fba7..2c96e0e9ff2 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -304,8 +304,9 @@ ulong role_global_merges= 0, role_db_merges= 0, role_table_merges= 0, static void update_hostname(acl_host_and_ip *host, const char *hostname); static bool show_proxy_grants (THD *, const char *, const char *, char *, size_t); -static bool show_role_grants(THD *, const char *, const char *, +static bool show_role_grants(THD *, const char *, ACL_USER_BASE *, char *, size_t); +static bool show_default_role(THD *, ACL_USER *, char *, size_t); static bool show_global_privileges(THD *, ACL_USER_BASE *, bool, char *, size_t); static bool show_database_privileges(THD *, const char *, const char *, @@ -9000,7 +9001,7 @@ static bool print_grants_for_role(THD *thd, ACL_ROLE * role) { char buff[1024]; - if (show_role_grants(thd, role->user.str, "", role, buff, sizeof(buff))) + if (show_role_grants(thd, "", role, buff, sizeof(buff))) return TRUE; if (show_global_privileges(thd, role, TRUE, buff, sizeof(buff))) @@ -9245,7 +9246,7 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user) } /* Show granted roles to acl_user */ - if (show_role_grants(thd, username, hostname, acl_user, buff, sizeof(buff))) + if (show_role_grants(thd, hostname, acl_user, buff, sizeof(buff))) goto end; /* Add first global access grants */ @@ -9302,6 +9303,14 @@ bool mysql_show_grants(THD *thd, LEX_USER *lex_user) } } + if (username) + { + /* Show default role to acl_user */ + if (show_default_role(thd, acl_user, buff, sizeof(buff))) + goto end; + } + + error= 0; end: mysql_mutex_unlock(&acl_cache->lock); @@ -9328,15 +9337,44 @@ static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_CSTRING *u, my_hash_search(&acl_roles_mappings, (uchar*)pair_key.ptr(), key_length); } -static bool show_role_grants(THD *thd, const char *username, - const char *hostname, ACL_USER_BASE *acl_entry, +static bool show_default_role(THD *thd, ACL_USER *acl_entry, + char *buff, size_t buffsize) +{ + Protocol *protocol= thd->protocol; + LEX_CSTRING def_rolename= acl_entry->default_rolename; + + if (def_rolename.length) + { + String def_str(buff, buffsize, system_charset_info); + def_str.length(0); + def_str.append(STRING_WITH_LEN("SET DEFAULT ROLE ")); + def_str.append(&def_rolename); + def_str.append(" FOR '"); + def_str.append(&acl_entry->user); + DBUG_ASSERT(!(acl_entry->flags & IS_ROLE)); + def_str.append(STRING_WITH_LEN("'@'")); + def_str.append(acl_entry->host.hostname, acl_entry->hostname_length, + system_charset_info); + def_str.append('\''); + protocol->prepare_for_resend(); + protocol->store(def_str.ptr(),def_str.length(),def_str.charset()); + if (protocol->write()) + { + return TRUE; + } + } + return FALSE; +} + +static bool show_role_grants(THD *thd, const char *hostname, + ACL_USER_BASE *acl_entry, char *buff, size_t buffsize) { uint counter; Protocol *protocol= thd->protocol; LEX_CSTRING host= {const_cast<char*>(hostname), strlen(hostname)}; - String grant(buff,sizeof(buff),system_charset_info); + String grant(buff, buffsize, system_charset_info); for (counter= 0; counter < acl_entry->role_grants.elements; counter++) { grant.length(0); @@ -9377,7 +9415,7 @@ static bool show_global_privileges(THD *thd, ACL_USER_BASE *acl_entry, privilege_t want_access(NO_ACL); Protocol *protocol= thd->protocol; - String global(buff,sizeof(buff),system_charset_info); + String global(buff, buffsize, system_charset_info); global.length(0); global.append(STRING_WITH_LEN("GRANT ")); @@ -9471,7 +9509,7 @@ static bool show_database_privileges(THD *thd, const char *username, want_access=acl_db->initial_access; if (want_access) { - String db(buff,sizeof(buff),system_charset_info); + String db(buff, buffsize, system_charset_info); db.length(0); db.append(STRING_WITH_LEN("GRANT ")); |