1 files changed, 36 insertions, 28 deletions

diff --git a/sql/sql_acl.h b/sql/sql_acl.h
index 09a721936b9..7989367ec44 100644
--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -17,7 +17,6 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */
 
-#include "my_global.h"                          /* NO_EMBEDDED_ACCESS_CHECKS */
 #include "violite.h"                            /* SSL_type */
 #include "sql_class.h"                          /* LEX_COLUMN */
 
@@ -50,6 +49,7 @@
 #define EVENT_ACL       (1UL << 26)
 #define TRIGGER_ACL     (1UL << 27)
 #define CREATE_TABLESPACE_ACL (1UL << 28)
+#define DELETE_HISTORY_ACL (1UL << 29)
 /*
   don't forget to update
   1. static struct show_privileges_st sys_privileges[]
@@ -63,12 +63,13 @@
 (UPDATE_ACL | SELECT_ACL | INSERT_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
  GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL | \
  LOCK_TABLES_ACL | EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | \
- CREATE_PROC_ACL | ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL)
+ CREATE_PROC_ACL | ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL | \
+ DELETE_HISTORY_ACL)
 
 #define TABLE_ACLS \
 (SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
  GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_VIEW_ACL | \
- SHOW_VIEW_ACL | TRIGGER_ACL)
+ SHOW_VIEW_ACL | TRIGGER_ACL | DELETE_HISTORY_ACL)
 
 #define COL_ACLS \
 (SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
@@ -86,7 +87,7 @@
  CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL | \
  EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | \
  ALTER_PROC_ACL | CREATE_USER_ACL | EVENT_ACL | TRIGGER_ACL | \
- CREATE_TABLESPACE_ACL)
+ CREATE_TABLESPACE_ACL | DELETE_HISTORY_ACL)
 
 #define DEFAULT_CREATE_PROC_ACLS \
 (ALTER_PROC_ACL | EXECUTE_ACL)
@@ -118,31 +119,37 @@
                    CREATE_PROC_ACL | ALTER_PROC_ACL )
 #define DB_CHUNK4 (EXECUTE_ACL)
 #define DB_CHUNK5 (EVENT_ACL | TRIGGER_ACL)
+#define DB_CHUNK6 (DELETE_HISTORY_ACL)
 
 #define fix_rights_for_db(A)  (((A)       & DB_CHUNK0) | \
                               (((A) << 4) & DB_CHUNK1) | \
                               (((A) << 6) & DB_CHUNK2) | \
                               (((A) << 9) & DB_CHUNK3) | \
-                              (((A) << 2) & DB_CHUNK4))| \
-                              (((A) << 9) & DB_CHUNK5)
+                              (((A) << 2) & DB_CHUNK4) | \
+                              (((A) << 9) & DB_CHUNK5) | \
+                              (((A) << 10) & DB_CHUNK6))
 #define get_rights_for_db(A)  (((A) & DB_CHUNK0)       | \
                               (((A) & DB_CHUNK1) >> 4) | \
                               (((A) & DB_CHUNK2) >> 6) | \
                               (((A) & DB_CHUNK3) >> 9) | \
-                              (((A) & DB_CHUNK4) >> 2))| \
-                              (((A) & DB_CHUNK5) >> 9)
+                              (((A) & DB_CHUNK4) >> 2) | \
+                              (((A) & DB_CHUNK5) >> 9) | \
+                              (((A) & DB_CHUNK6) >> 10))
 #define TBL_CHUNK0 DB_CHUNK0
 #define TBL_CHUNK1 DB_CHUNK1
 #define TBL_CHUNK2 (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
 #define TBL_CHUNK3 TRIGGER_ACL
+#define TBL_CHUNK4 (DELETE_HISTORY_ACL)
 #define fix_rights_for_table(A) (((A)        & TBL_CHUNK0) | \
                                 (((A) <<  4) & TBL_CHUNK1) | \
                                 (((A) << 11) & TBL_CHUNK2) | \
-                                (((A) << 15) & TBL_CHUNK3))
+                                (((A) << 15) & TBL_CHUNK3) | \
+                                (((A) << 16) & TBL_CHUNK4))
 #define get_rights_for_table(A) (((A) & TBL_CHUNK0)        | \
                                 (((A) & TBL_CHUNK1) >>  4) | \
                                 (((A) & TBL_CHUNK2) >> 11) | \
-                                (((A) & TBL_CHUNK3) >> 15))
+                                (((A) & TBL_CHUNK3) >> 15) | \
+                                (((A) & TBL_CHUNK4) >> 16))
 #define fix_rights_for_column(A) (((A) & 7) | (((A) & ~7) << 8))
 #define get_rights_for_column(A) (((A) & 7) | ((A) >> 8))
 #define fix_rights_for_procedure(A) ((((A) << 18) & EXECUTE_ACL) | \
@@ -176,16 +183,17 @@ enum mysql_db_table_field
   MYSQL_DB_FIELD_EXECUTE_PRIV,
   MYSQL_DB_FIELD_EVENT_PRIV,
   MYSQL_DB_FIELD_TRIGGER_PRIV,
+  MYSQL_DB_FIELD_DELETE_VERSIONING_ROWS_PRIV,
   MYSQL_DB_FIELD_COUNT
 };
 
 extern const TABLE_FIELD_DEF mysql_db_table_def;
 extern bool mysql_user_table_is_in_short_password_format;
 
-extern LEX_STRING host_not_specified;
-extern LEX_STRING current_user;
-extern LEX_STRING current_role;
-extern LEX_STRING current_user_and_current_role;
+extern LEX_CSTRING host_not_specified;
+extern LEX_CSTRING current_user;
+extern LEX_CSTRING current_role;
+extern LEX_CSTRING current_user_and_current_role;
 
 
 static inline int access_denied_error_code(int passwd_used)
@@ -198,7 +206,6 @@ static inline int access_denied_error_code(int passwd_used)
 #endif
 }
 
-
 /* prototypes */
 
 bool hostname_requires_resolving(const char *hostname);
@@ -208,8 +215,8 @@ void acl_free(bool end=0);
 ulong acl_get(const char *host, const char *ip,
               const char *user, const char *db, my_bool db_is_pattern);
 bool acl_authenticate(THD *thd, uint com_change_user_pkt_len);
-bool acl_getroot(Security_context *sctx, char *user, char *host,
-                 char *ip, char *db);
+bool acl_getroot(Security_context *sctx, const char *user, const char *host,
+                 const char *ip, const char *db);
 bool acl_check_host(const char *host, const char *ip);
 bool check_change_password(THD *thd, LEX_USER *user);
 bool change_password(THD *thd, LEX_USER *user);
@@ -220,7 +227,7 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,
 int mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list,
                        List <LEX_COLUMN> &column_list, ulong rights,
                        bool revoke);
-bool mysql_routine_grant(THD *thd, TABLE_LIST *table, bool is_proc,
+bool mysql_routine_grant(THD *thd, TABLE_LIST *table, const Sp_handler *sph,
                          List <LEX_USER> &user_list, ulong rights,
                          bool revoke, bool write_to_binlog);
 bool grant_init();
@@ -230,13 +237,14 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
                  bool any_combination_will_do, uint number, bool no_errors);
 bool check_grant_column (THD *thd, GRANT_INFO *grant,
                          const char *db_name, const char *table_name,
-                         const char *name, uint length, Security_context *sctx);
+                         const char *name, size_t length, Security_context *sctx);
 bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref,
-                                     const char *name, uint length);
+                                     const char *name, size_t length, Field *fld);
 bool check_grant_all_columns(THD *thd, ulong want_access,
                              Field_iterator_table_ref *fields);
 bool check_grant_routine(THD *thd, ulong want_access,
-                         TABLE_LIST *procs, bool is_proc, bool no_error);
+                         TABLE_LIST *procs, const Sp_handler *sph,
+                         bool no_error);
 bool check_grant_db(THD *thd,const char *db);
 bool check_global_access(THD *thd, ulong want_access, bool no_errors= false);
 bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
@@ -249,7 +257,7 @@ ulong get_column_grant(THD *thd, GRANT_INFO *grant,
 bool get_show_user(THD *thd, LEX_USER *lex_user, const char **username,
                    const char **hostname, const char **rolename);
 void mysql_show_grants_get_fields(THD *thd, List<Item> *fields,
-                                  const char *name);
+                                  const char *name, size_t length);
 bool mysql_show_grants(THD *thd, LEX_USER *user);
 bool mysql_show_create_user(THD *thd, LEX_USER *user);
 int fill_schema_enabled_roles(THD *thd, TABLE_LIST *tables, COND *cond);
@@ -264,11 +272,11 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list);
 void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
                                      const char *db, const char *table);
 bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
-                          bool is_proc);
+                          const Sp_handler *sph);
 bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
-                         bool is_proc);
+                         const Sp_handler *sph);
 bool check_routine_level_acl(THD *thd, const char *db, const char *name,
-                             bool is_proc);
+                             const Sp_handler *sph);
 bool is_acl_user(const char *host, const char *user);
 int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
 int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
@@ -391,7 +399,7 @@ public:
 class ACL_internal_schema_registry
 {
 public:
-  static void register_schema(const LEX_STRING *name,
+  static void register_schema(const LEX_CSTRING *name,
                               const ACL_internal_schema_access *access);
   static const ACL_internal_schema_access *lookup(const char *name);
 };
@@ -407,8 +415,8 @@ get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info,
 
 bool acl_check_proxy_grant_access (THD *thd, const char *host, const char *user,
                                    bool with_grant);
-int acl_setrole(THD *thd, char *rolename, ulonglong access);
-int acl_check_setrole(THD *thd, char *rolename, ulonglong *access);
+int acl_setrole(THD *thd, const char *rolename, ulonglong access);
+int acl_check_setrole(THD *thd, const char *rolename, ulonglong *access);
 int acl_check_set_default_role(THD *thd, const char *host, const char *user);
 int acl_set_default_role(THD *thd, const char *host, const char *user,
                          const char *rolename);