1 files changed, 45 insertions, 37 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 6d8506a8e43..3dd27622da8 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -25,7 +25,7 @@
   in the relevant fields. Empty strings comes last.
 */
 
-#include <my_global.h>                          /* NO_EMBEDDED_ACCESS_CHECKS */
+#include "mariadb.h"                          /* NO_EMBEDDED_ACCESS_CHECKS */
 #include "sql_priv.h"
 #include "sql_acl.h"         // MYSQL_DB_FIELD_COUNT, ACL_ACCESS
 #include "sql_base.h"                           // close_mysql_tables
@@ -170,6 +170,11 @@ TABLE_FIELD_TYPE mysql_db_table_fields[MYSQL_DB_FIELD_COUNT] = {
     { C_STRING_WITH_LEN("Trigger_priv") },
     { C_STRING_WITH_LEN("enum('N','Y')") },
     { C_STRING_WITH_LEN("utf8") }
+  },
+  {
+    { C_STRING_WITH_LEN("Truncate_versioning_priv") },
+    { C_STRING_WITH_LEN("enum('N','Y')") },
+    { C_STRING_WITH_LEN("utf8") }
   }
 };
 
@@ -695,9 +700,9 @@ bool ROLE_GRANT_PAIR::init(MEM_ROOT *mem, const char *username,
 #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
 #define NORMAL_HANDSHAKE_SIZE   6
 
-#define ROLE_ASSIGN_COLUMN_IDX  43
-#define DEFAULT_ROLE_COLUMN_IDX 44
-#define MAX_STATEMENT_TIME_COLUMN_IDX 45
+#define ROLE_ASSIGN_COLUMN_IDX  44
+#define DEFAULT_ROLE_COLUMN_IDX 45
+#define MAX_STATEMENT_TIME_COLUMN_IDX 46
 
 /* various flags valid for ACL_USER */
 #define IS_ROLE                 (1L << 0)
@@ -1594,12 +1599,10 @@ static const char *fix_plugin_ptr(const char *name)
 */
 static bool fix_user_plugin_ptr(ACL_USER *user)
 {
-  if (my_strcasecmp(system_charset_info, user->plugin.str,
-                    native_password_plugin_name.str) == 0)
+  if (lex_string_eq(&user->plugin, &native_password_plugin_name) == 0)
     user->plugin= native_password_plugin_name;
   else
-  if (my_strcasecmp(system_charset_info, user->plugin.str,
-                    old_password_plugin_name.str) == 0)
+  if (lex_string_eq(&user->plugin, &old_password_plugin_name) == 0)
     user->plugin= old_password_plugin_name;
   else
     return true;
@@ -1639,12 +1642,10 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
   DBUG_ASSERT(user->plugin.length || !user->auth.length);
   DBUG_ASSERT(!(user->plugin.length && (user->pwtext.length || user->pwhash.length)));
 
-  if (my_strcasecmp(system_charset_info, user->plugin.str,
-                    native_password_plugin_name.str) == 0)
+  if (lex_string_eq(&user->plugin, &native_password_plugin_name) == 0)
     check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
   else
-  if (my_strcasecmp(system_charset_info, user->plugin.str,
-                    old_password_plugin_name.str) == 0)
+  if (lex_string_eq(&user->plugin, &old_password_plugin_name) == 0)
     check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
   else
   if (user->plugin.length)
@@ -1832,7 +1833,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
   {
     if (host_table.init_read_record(&read_record_info, thd))
       DBUG_RETURN(true);
-    while (!(read_record_info.read_record(&read_record_info)))
+    while (!(read_record_info.read_record()))
     {
       ACL_HOST host;
       update_hostname(&host.host, get_field(&acl_memroot, host_table.host()));
@@ -1936,7 +1937,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
   }
 
   allow_all_hosts=0;
-  while (!(read_record_info.read_record(&read_record_info)))
+  while (!(read_record_info.read_record()))
   {
     ACL_USER user;
     bool is_role= FALSE;
@@ -2017,6 +2018,9 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
       if (user_table.num_fields() <= 38 && (user.access & SUPER_ACL))
         user.access|= TRIGGER_ACL;
 
+      if (user_table.num_fields() <= 46 && (user.access & DELETE_ACL))
+        user.access|= DELETE_HISTORY_ACL;
+
       user.sort= get_sort(2, user.host.hostname, user.user.str);
       user.hostname_length= safe_strlen(user.host.hostname);
       user.user_resource.user_conn= 0;
@@ -2148,7 +2152,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
   const Db_table& db_table= tables.db_table();
   if (db_table.init_read_record(&read_record_info, thd))
     DBUG_RETURN(TRUE);
-  while (!(read_record_info.read_record(&read_record_info)))
+  while (!(read_record_info.read_record()))
   {
     ACL_DB db;
     char *db_name;
@@ -2215,7 +2219,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
   {
     if (proxies_priv_table.init_read_record(&read_record_info, thd))
       DBUG_RETURN(TRUE);
-    while (!(read_record_info.read_record(&read_record_info)))
+    while (!(read_record_info.read_record()))
     {
       ACL_PROXY_USER proxy;
       proxy.init(proxies_priv_table, &acl_memroot);
@@ -2244,7 +2248,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
 
     MEM_ROOT temp_root;
     init_alloc_root(&temp_root, ACL_ALLOC_BLOCK_SIZE, 0, MYF(0));
-    while (!(read_record_info.read_record(&read_record_info)))
+    while (!(read_record_info.read_record()))
     {
       char *hostname= safe_str(get_field(&temp_root, roles_mapping_table.host()));
       char *username= safe_str(get_field(&temp_root, roles_mapping_table.user()));
@@ -3181,7 +3185,7 @@ static void remove_ptr_from_dynarray(DYNAMIC_ARRAY *array, void *ptr)
     {
       DBUG_ASSERT(!found);
       delete_dynamic_element(array, i);
-      IF_DBUG(found= true, break);
+      IF_DBUG_ASSERT(found= true, break);
     }
   }
   DBUG_ASSERT(found);
@@ -7603,10 +7607,18 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
     sctx= t_ref->security_ctx ? t_ref->security_ctx : thd->security_ctx;
     ulong orig_want_access= original_want_access;
 
-    if (t_ref->sequence)
+    /*
+      If sequence is used as part of NEXT VALUE, PREVIUS VALUE or SELECT,
+      we need to modify the requested access rights depending on how the
+      sequence is used.
+    */
+    if (t_ref->sequence &
+        (orig_want_access &
+         (SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL)))
     {
-      /* We want to have either SELECT or INSERT rights to sequences depending
-         on how they are accessed
+      /*
+        We want to have either SELECT or INSERT rights to sequences depending
+        on how they are accessed
       */
       orig_want_access= ((t_ref->lock_type == TL_WRITE_ALLOW_WRITE) ?
                          INSERT_ACL : SELECT_ACL);
@@ -8405,18 +8417,18 @@ static void add_user_parameters(String *result, ACL_USER* acl_user,
     {
       DBUG_ASSERT(acl_user->salt_len);
       result->append(STRING_WITH_LEN(" IDENTIFIED BY PASSWORD '"));
-      result->append(acl_user->auth_string.str, acl_user->auth_string.length);
+      result->append(&acl_user->auth_string);
       result->append('\'');
     }
   }
   else
   {
     result->append(STRING_WITH_LEN(" IDENTIFIED VIA "));
-    result->append(acl_user->plugin.str, acl_user->plugin.length);
+    result->append(&acl_user->plugin);
     if (acl_user->auth_string.length)
     {
       result->append(STRING_WITH_LEN(" USING '"));
-      result->append(acl_user->auth_string.str, acl_user->auth_string.length);
+      result->append(&acl_user->auth_string);
       result->append('\'');
     }
   }
@@ -8485,13 +8497,14 @@ static const char *command_array[]=
   "ALTER", "SHOW DATABASES", "SUPER", "CREATE TEMPORARY TABLES",
   "LOCK TABLES", "EXECUTE", "REPLICATION SLAVE", "REPLICATION CLIENT",
   "CREATE VIEW", "SHOW VIEW", "CREATE ROUTINE", "ALTER ROUTINE",
-  "CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE"
+  "CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE",
+  "DELETE VERSIONING ROWS"
 };
 
 static uint command_lengths[]=
 {
   6, 6, 6, 6, 6, 4, 6, 8, 7, 4, 5, 10, 5, 5, 14, 5, 23, 11, 7, 17, 18, 11, 9,
-  14, 13, 11, 5, 7, 17
+  14, 13, 11, 5, 7, 17, 22,
 };
 
 
@@ -11234,7 +11247,7 @@ applicable_roles_insert(ACL_USER_BASE *grantee, ACL_ROLE *role, void *ptr)
   if (!is_role)
   {
     if (data->user->default_rolename.length &&
-        !strcmp(data->user->default_rolename.str, role->user.str))
+        !lex_string_eq(&data->user->default_rolename, &role->user))
       table->field[3]->store(STRING_WITH_LEN("YES"), cs);
     else
       table->field[3]->store(STRING_WITH_LEN("NO"), cs);
@@ -12446,12 +12459,10 @@ read_client_connect_attrs(char **ptr, char *end, CHARSET_INFO *from_cs)
   if (length > 65535)
     return true;
 
-#ifdef HAVE_PSI_THREAD_INTERFACE
-  if (PSI_THREAD_CALL(set_thread_connect_attrs)(*ptr, (size_t)length, from_cs) &&
+  if (PSI_CALL_set_thread_connect_attrs(*ptr, (size_t)length, from_cs) &&
       current_thd->variables.log_warnings)
     sql_print_warning("Connection attributes of length %llu were truncated",
                       length);
-#endif
   return false;
 }
 
@@ -12846,8 +12857,8 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
     restarted and a server auth plugin will read the data that the client
     has just send. Cache them to return in the next server_mpvio_read_packet().
   */
-  if (my_strcasecmp(system_charset_info, mpvio->acl_user->plugin.str,
-                    plugin_name(mpvio->plugin)->str) != 0)
+  if (lex_string_eq(&mpvio->acl_user->plugin,
+                    plugin_name(mpvio->plugin)) != 0)
   {
     mpvio->cached_client_reply.pkt= passwd;
     mpvio->cached_client_reply.pkt_len= passwd_len;
@@ -13277,8 +13288,7 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
   {
     DBUG_ASSERT(mpvio.acl_user);
     DBUG_ASSERT(command == COM_CHANGE_USER ||
-                my_strcasecmp(system_charset_info, auth_plugin_name->str,
-                              mpvio.acl_user->plugin.str));
+                lex_string_eq(auth_plugin_name, &mpvio.acl_user->plugin));
     auth_plugin_name= &mpvio.acl_user->plugin;
     res= do_auth_once(thd, auth_plugin_name, &mpvio);
   }
@@ -13525,11 +13535,9 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
   else
     my_ok(thd);
 
-#ifdef HAVE_PSI_THREAD_INTERFACE
-  PSI_THREAD_CALL(set_thread_user_host)
+  PSI_CALL_set_thread_user_host
     (thd->main_security_ctx.user, strlen(thd->main_security_ctx.user),
     thd->main_security_ctx.host_or_ip, strlen(thd->main_security_ctx.host_or_ip));
-#endif
 
   /* Ready to handle queries */
   DBUG_RETURN(0);