summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* remove ER_RESERVED_ROLE.Sergei Golubchik2013-10-187-50/+187
| | | | | | | | Only allow NONE instead of a role name in SET ROLE. Don't allow PUBLIC as a role name anywhere (to be fixed later) Fix db_access calculations on SET ROLE Reduce the size of role_grants and parent_grantee per-user/role arrays. Fix the wording and specify the correct sqlstate for ER_INVALID_ROLE
* replication of GRANT role statementSergei Golubchik2013-10-184-25/+47
|
* make functions static, remove unused constructors, other small cleanupsSergei Golubchik2013-10-181-98/+27
|
* fix funcs_1.is_engines_federated failure when no ha_federatex.so is presentSergei Golubchik2013-10-183-4/+2
|
* recursive privilege propagation for roles.Sergei Golubchik2013-10-1810-873/+2184
| | | | | | | functions for traversing the role graph in either direction. merging of global, database, table, column, routine privileges. debug status variables for counting number of privilege merges. tests.
* find() method for Hash_set<>.Sergei Golubchik2013-10-182-11/+16
| | | | Move key function from template parameter to the constructor
* qsort2, pop, push methods for Dynamic_array<>Sergei Golubchik2013-10-181-0/+16
|
* enforce privileges for GRANT roleSergei Golubchik2013-10-183-18/+116
|
* cleanup.Sergei Golubchik2013-10-189-286/+230
| | | | | | | | | | | | | | | | mainly to avoid the pattern of * get username/hostname/rolename * optionally find the corresponding ACL_USER and ACL_ROLE * allocate memory, concatenate username/hostname/rolename * call a function passing only this memory as an argument ** use concatenated username/etc to find ACL_USER and ACL_ROLE again ** do something * free the object Also to undo push_dynamic we use pop_dynamic now, not a linear search/scan through the dynamic array. as a bonus, role@ is now an invalid way to refer to a role.
* bugfix: missing restore_record when modifying roles_mapping() table.Sergei Golubchik2013-10-1816-16/+83
| | | | | (and an assert in myisam to catch these bugs easier in the future) update tests/results
* information_schema.applicable_roles.is_grantable columnSergei Golubchik2013-10-183-20/+59
|
* require SUPER to specify an arbitrary adminSergei Golubchik2013-10-183-43/+31
|
* auto-grant a role to its admin on CREATE ROLESergei Golubchik2013-10-183-10/+87
|
* load with_admin flag from the mysql.roles_mapping tableSergei Golubchik2013-10-183-7/+64
|
* store ADMIN OPTION in the roles_mapping hash and tableSergei Golubchik2013-10-183-87/+200
|
* small cleanupSergei Golubchik2013-10-181-53/+66
|
* New syntax:Sergei Golubchik2013-10-185-10/+78
| | | | | | CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy
* mtr: check that mysql.roles_mapping table isn't modified in testsSergei Golubchik2013-10-181-0/+1
|
* bugfix: propagate grant changes through the role graph after ↵Sergei Golubchik2013-10-187-44/+32
| | | | table/column/routine grants
* add Admin_option column to mysql.roles_mapping. update tests/resultsSergei Golubchik2013-10-1826-260/+208
|
* rename columns in mysql.roles_mapping to be consistent with other privilege ↵Sergei Golubchik2013-10-1830-300/+164
| | | | tables
* support DEFINER=role and DEFINER=current_roleSergei Golubchik2013-10-1824-377/+1457
|
* speed up fill_effective_table_privileges() - avoid calling expensive acl_get()Sergei Golubchik2013-10-181-5/+12
|
* cleanupSergei Golubchik2013-10-186-194/+64
| | | | | | | | | | | | | sql/sp.cc: don't split "user@host" string in db_load_routine, because the caller needs to generate it from user and host. instead pass user and host directly into db_load_routine sql/sql_parse.cc: 1. REVOKE ALL doesn't need invoker. 2. make sp_process_definer() reusable sql/sql_trigger.cc: don't duplicate the code from sp_process_definer(), reuse it sql/sql_view.cc: don't duplicate the code from sp_process_definer(), reuse it
* SET PASSWORD bugfixes:Sergei Golubchik2013-10-187-46/+46
| | | | | * work as documented, use CURRENT_USER() * move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
* Remove the very old historical but never documented behavior,Sergei Golubchik2013-10-1826-190/+187
| | | | | | | | | than an empty host '' is the same as any-host wildcard '%'. Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables. Side effect: one cannot have foo@'' and foo@'%' both at the same time (but one can have foo@'%' and foo@'%%')
* update test resultsSergei Golubchik2013-10-1813-28/+60
|
* Fixed GRANT ROLE TO ROLE not updating acl_roles_mappings hash.Vicențiu Ciorbaru2013-10-186-8/+204
| | | | | | Also fixed possible memory exploit by repeteadly calling: GRANT role to user; where role was already granted to user.
* Removed redundant code in update_acl_user. User related functionsVicențiu Ciorbaru2013-10-181-16/+16
| | | | | | should deal with users, while role related functions should deal with roles.
* Added GRANT ROLE TO ... and REVOKE ROLE FROM ... functionality.Vicențiu Ciorbaru2013-10-187-24/+193
| | | | | | | TODO: Privilege checks are not done upon executing the command.
* Fixed rolenames case insensitivity bug. Also cleared compiler warning.Vicențiu Ciorbaru2013-10-181-4/+4
| | | | | Fixed segmentation fault caused in traverse_role_graph by previous commit
* Fixed bug that caused the ROLE_VISITED flag to remain set if the explorationVicențiu Ciorbaru2013-10-181-4/+5
| | | | | | was halted on a cycle detect. Now the to_clear array is populated during the open event and not the close event.
* INFORMATION_SCHEMA.APPLICABLE_ROLES tableSergei Golubchik2013-10-187-10/+146
|
* information_schema.enabled_roles tableSergei Golubchik2013-10-187-6/+112
|
* CURRENT_ROLE() should return NULL, not "NONE"Sergei Golubchik2013-10-1810-30/+27
|
* remove DROP ROLE IF EXISTS and CREATE ROLE IF NOT EXISTS syntaxSergei Golubchik2013-10-181-2/+2
|
* GRANT/REVOKE should specify role name as 'role' not as 'role'@'%'Sergei Golubchik2013-10-1813-104/+99
|
* cannot use lex->grant_user= &current_user, where LEX_USER current_user is a ↵Sergei Golubchik2013-10-188-67/+67
| | | | | | | | global constant, because parser might modify the lex->user (e.g. set lex->user-password). switch to use LEX_STRING current_user string, and also change other similar constants to be LEX_STRING's for consistency.
* fix mysql_upgrade to preserve the collation of mysql.user.is_role Sergei Golubchik2013-10-184-4/+5
|
* Fixes for mysql-test failuresSergei Golubchik2013-10-1828-50/+145
| | | | | | | | | | | | | | | | | | | | | | mysql-test/r/acl_roles_show_grants.result: one can do SHOW GRANTS for himself mysql-test/t/acl_roles_set_role-table-column-priv.test: correct error message mysql-test/t/acl_roles_show_grants.test: one can SHOW GRANTS for himself sql/sql_acl.cc: bugfixing: * don't assign with && - it can shortcut and the second assignment won't be executed * correct the test in check_grant_all_columns() - want_access should not be modified * sql/sql_cmd.h.OTHER: add new commands at the end sql/sql_db.cc: don't call acl_get() if all privileges are already satisfied (crashes when run with --skip-grants, because acl data stuctures aren't initialized) sql/sql_parse.cc: * test for current_user in get_current_user() * map explicitly specified user@host to current_user
* CURRENT_ROLE() functionSergei Golubchik2013-10-1821-10/+213
|
* Added GRANT ROLE TO ROLE | USER functionality.Vicențiu Ciorbaru2013-10-185-25/+349
| | | | | | The command only currenty affects in memory data structures. Writing to the roles_mapping table needs to be implemented.
* SET ROLE now works recursively for routines.Vicențiu Ciorbaru2013-10-183-2/+242
| | | | | | The warnings present in the set_role_routine-simple testcase will be removed when reworking the grant privilege to call.
* SET ROLE now works recursively for table and column level privilegesVicențiu Ciorbaru2013-10-185-85/+427
|
* Removed init_hash_columns hash and instead added an init_rights fieldVicențiu Ciorbaru2013-10-181-37/+10
| | | | | to the hash_columns' original elements (GRANT_COLUMN)
* Show grants now correctly prints procedure privileges.Vicențiu Ciorbaru2013-10-182-6/+54
|
* Initialize init_access fields for all privilege data structures.Vicențiu Ciorbaru2013-10-181-6/+46
|
* Implemented SHOW GRANTS functionalityVicențiu Ciorbaru2013-10-1810-127/+409
|
* Various bug fixes.Vicențiu Ciorbaru2013-10-186-16/+69
| | | | | Also updated tests to reflect new show grants functionality.
* Added comment for database privilege checks.Vicențiu Ciorbaru2013-10-181-0/+1
|
View Lorry Controller Status