Commit 0724f98e authored by unknown's avatar unknown

Added the following new privleges:

SHOW DATABASES
CREATE TEMPORARY TABLE
LOCK TABLES
REPLICATION SLAVE & REPLICATION CLIENT
SUPER
EXECUTE

All scripts & documentation is updated for this change.
Added better error messages for global privileges 


BitKeeper/deleted/.del-mysql_new_fix_privilege_tables.sh~b1664b401375eece:
  Delete: scripts/mysql_new_fix_privilege_tables.sh
Docs/manual.texi:
  Updated manual for privilege changes.
include/mysqld_error.h:
  new error messages
mysql-test/install_test_db.sh:
  Updated to use new privileges
mysql-test/r/grant_cache.result:
  Updated to use new privileges
mysql-test/r/rpl000017.result:
  Updated to use new privileges
mysql-test/t/rpl000017.test:
  Updated to use new privileges
mysys/safemalloc.c:
  Cleanup
scripts/mysql_fix_privilege_tables.sh:
  Updated to use new privileges
scripts/mysql_install_db.sh:
  Updated to use new privileges
sql/field.h:
  Cleanup
sql/item_strfunc.cc:
  Updated to use new privileges
sql/lex.h:
  Updated to use new privileges
sql/log.cc:
  Updated to use new privileges
sql/mysql_priv.h:
  Updated to use new privileges
sql/mysqld.cc:
  Updated to use new privileges
sql/repl_failsafe.cc:
  Updated to use new privileges
sql/share/czech/errmsg.txt:
  new error messages
sql/share/danish/errmsg.txt:
  new error messages
sql/share/dutch/errmsg.txt:
  new error messages
sql/share/english/errmsg.txt:
  new error messages
sql/share/estonian/errmsg.txt:
  new error messages
sql/share/french/errmsg.txt:
  new error messages
sql/share/german/errmsg.txt:
  new error messages
sql/share/greek/errmsg.txt:
  new error messages
sql/share/hungarian/errmsg.txt:
  new error messages
sql/share/italian/errmsg.txt:
  new error messages
sql/share/japanese/errmsg.txt:
  new error messages
sql/share/korean/errmsg.txt:
  new error messages
sql/share/norwegian-ny/errmsg.txt:
  new error messages
sql/share/norwegian/errmsg.txt:
  new error messages
sql/share/polish/errmsg.txt:
  new error messages
sql/share/portuguese/errmsg.txt:
  new error messages
sql/share/romanian/errmsg.txt:
  new error messages
sql/share/russian/errmsg.txt:
  new error messages
sql/share/slovak/errmsg.txt:
  new error messages
sql/share/spanish/errmsg.txt:
  new error messages
sql/share/swedish/errmsg.txt:
  new error messages
sql/share/ukrainian/errmsg.txt:
  new error messages
sql/slave.cc:
  Portability cleanup
sql/sql_acl.cc:
  Updated to use new privileges
sql/sql_acl.h:
  Updated to use new privileges
sql/sql_base.cc:
  Remove not used include file
sql/sql_class.cc:
  Comment cleanup
sql/sql_class.h:
  Updated to use new privileges
  Comment cleanups
sql/sql_insert.cc:
  Updated to use new privileges
sql/sql_lex.h:
  Indentation cleanup
sql/sql_parse.cc:
  Updated to use new privileges
sql/sql_repl.cc:
  Updated to use new privileges
  Comment cleanup
sql/sql_show.cc:
  Updated to use new privileges
sql/sql_yacc.yy:
  Updated to use new privileges
  Sorted some tockens for easer merge to 4.1 in the future.
sql/table.h:
  Updated to use new privileges
tests/grant.pl:
  Updated to use new privileges
tests/grant.res:
  Updated to use new privileges
parent 70aa7424
This diff is collapsed.
......@@ -243,4 +243,5 @@
#define ER_MIXING_NOT_ALLOWED 1224
#define ER_DUP_ARGUMENT 1225
#define ER_USER_LIMIT_REACHED 1226
#define ER_ERROR_MESSAGES 227
#define ER_SPECIFIC_ACCESS_DENIED_ERROR 1227
#define ER_ERROR_MESSAGES 228
......@@ -117,9 +117,9 @@ fi
if test ! -f $mdata/user.frm
then
c_u="$c_u CREATE TABLE user ("
c_u="$c_u Host char(60) DEFAULT '' NOT NULL,"
c_u="$c_u User char(16) DEFAULT '' NOT NULL,"
c_u="$c_u Password char(16) DEFAULT '' NOT NULL,"
c_u="$c_u Host char(60) binary DEFAULT '' NOT NULL,"
c_u="$c_u User char(16) binary DEFAULT '' NOT NULL,"
c_u="$c_u Password char(16) binary DEFAULT '' NOT NULL,"
c_u="$c_u Select_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Insert_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Update_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
......@@ -134,20 +134,29 @@ then
c_u="$c_u References_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Index_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Alter_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u ssl_type enum('NONE','ANY', 'X509', 'SPECIFIED') NOT NULL,"
c_u="$c_u ssl_cipher char(60) NULL,"
c_u="$c_u x509_issuer blob NULL,"
c_u="$c_u x509_subject blob NULL,"
c_u="$c_u Show_db_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Super_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Create_tmp_table_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Lock_tables_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Execute_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Repl_slave_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Repl_client_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u ssl_type enum('','ANY','X509', 'SPECIFIED') DEFAULT '' NOT NULL,"
c_u="$c_u ssl_cipher BLOB NOT NULL,"
c_u="$c_u x509_issuer BLOB NOT NULL,"
c_u="$c_u x509_subject BLOB NOT NULL,"
c_u="$c_u max_questions int(11) unsigned DEFAULT 0 NOT NULL,"
c_u="$c_u max_updates int(11) unsigned DEFAULT 0 NOT NULL,"
c_u="$c_u max_connections int(11) unsigned DEFAULT 0 NOT NULL,"
c_u="$c_u PRIMARY KEY Host (Host,User)"
c_u="$c_u )"
c_u="$c_u comment='Users and global privileges';"
i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','none',NULL,NULL,NULL);
INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','none',NULL,NULL,NULL);
REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','none',NULL,NULL,NULL);
INSERT INTO user VALUES ('localhost','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','none',NULL,NULL,NULL);
INSERT INTO user VALUES ('$hostname','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','none',NULL,NULL,NULL);"
i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user (host,user) values ('localhost','');
INSERT INTO user (host,user) values ('$hostname','');"
fi
if test ! -f $mdata/func.frm
......
......@@ -104,11 +104,11 @@ a
1
2
select c from t1;
select command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
SELECT command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
select * from t2;
select command denied to user: 'mysqltest_3@localhost' for table 't2'
select mysqltest.t1.c from test.t1,mysqltest.t1;
select command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
SELECT command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
show status like "Qcache_queries_in_cache";
Variable_name Value
Qcache_queries_in_cache 6
......
reset master;
grant file on *.* to replicate@localhost identified by 'aaaaaaaaaaaaaaab';
grant file on *.* to replicate@127.0.0.1 identified by 'aaaaaaaaaaaaaaab';
grant replication slave on *.* to replicate@localhost identified by 'aaaaaaaaaaaaaaab';
grant replication slave on *.* to replicate@127.0.0.1 identified by 'aaaaaaaaaaaaaaab';
slave start;
drop table if exists t1;
create table t1(n int);
......
......@@ -2,8 +2,8 @@ connect (master,localhost,root,,test,0,master.sock);
connect (slave,localhost,root,,test,0,slave.sock);
connection master;
reset master;
grant file on *.* to replicate@localhost identified by 'aaaaaaaaaaaaaaab';
grant file on *.* to replicate@127.0.0.1 identified by 'aaaaaaaaaaaaaaab';
grant replication slave on *.* to replicate@localhost identified by 'aaaaaaaaaaaaaaab';
grant replication slave on *.* to replicate@127.0.0.1 identified by 'aaaaaaaaaaaaaaab';
connection slave;
slave start;
connection master;
......
......@@ -374,19 +374,16 @@ static int check_ptr(const char *where, byte *ptr, const char *sFile,
return 0;
}
#ifdef THREAD
#if !defined(PEDANTIC_SAFEMALLOC) && defined(THREAD)
static int legal_leak(struct remember* pPtr)
{
/* TODO: This code needs to be made more general */
return (pthread_self() == pPtr->thread_id || main_th == pPtr->thread_id ||
shutdown_th == pPtr->thread_id || signal_th == pPtr->thread_id);
}
#else
static int legal_leak(struct remember* pPtr)
{
return 1;
}
#endif
#endif /* THREAD */
/*
TERMINATE(FILE *file)
......
......@@ -12,6 +12,17 @@ echo "and give the MySQL root user password as a argument!"
root_password="$1"
host="localhost"
echo "Converting all privilege tables to MyISAM format"
@bindir@/mysql -f --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
ALTER TABLE user type=MyISAM;
ALTER TABLE db type=MyISAM;
ALTER TABLE host type=MyISAM;
ALTER TABLE func type=MyISAM;
ALTER TABLE columns_priv type=MyISAM;
ALTER TABLE tables_priv type=MyISAM;
END_OF_DATA
# Fix old password format, add File_priv and func table
echo ""
echo "If your tables are already up to date or partially up to date you will"
......@@ -56,10 +67,18 @@ END_OF_DATA
echo ""
fi
#
# The second alter changes ssl_type to new 4.0.2 format
echo "Adding columns needed by GRANT .. REQUIRE (openssl)"
echo "You can ignore any Duplicate column errors"
@bindir@/mysql --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
ALTER TABLE user ADD ssl_type enum('NONE','ANY','X509', 'SPECIFIED') DEFAULT 'NONE' NOT NULL, ADD ssl_cipher BLOB NOT NULL, ADD x509_issuer BLOB NOT NULL, ADD x509_subject BLOB NOT NULL
@bindir@/mysql -f --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
ALTER TABLE user
ADD ssl_type enum('','ANY','X509', 'SPECIFIED') NOT NULL,
ADD ssl_cipher BLOB NOT NULL,
ADD x509_issuer BLOB NOT NULL,
ADD x509_subject BLOB NOT NULL;
ALTER TABLE user MODIFY ssl_type enum('','ANY','X509', 'SPECIFIED') NOT NULL;
END_OF_DATA
echo ""
......@@ -98,7 +117,7 @@ END_OF_DATA
#
echo "Changing name of columns_priv.Type -> columns_priv.Column_priv"
echo "You can ignore any errors from this"
echo "You can ignore any Unknown column errors from this"
@bindir@/mysql -f --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
ALTER TABLE columns_priv change Type Column_priv set('Select','Insert','Update','References') DEFAULT '' NOT NULL;
......@@ -117,12 +136,41 @@ alter table func add type enum ('function','aggregate') NOT NULL;
EOF
echo ""
echo "Converting all privilege tables to MyISAM format"
#
# Change the user table to MySQL 4.0 format
#
echo "Adding new fields used by MySQL 4.02 to the privilege tables"
echo "You can ignore any Duplicate column errors"
@bindir@/mysql --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
alter table user
add Show_db_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER alter_priv,
add Super_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Show_db_priv,
add Create_tmp_table_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Super_priv,
add Lock_tables_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Create_tmp_table_priv,
add Execute_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Lock_tables_priv,
add Repl_slave_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Execute_priv,
add Repl_client_priv enum('N','Y') DEFAULT 'N' NOT NULL AFTER Repl_slave_priv
END_OF_DATA
if test $? -eq "0"
then
# Convert privileges so that users have similar privileges as before
echo ""
echo "Updating new privileges in MySQL 4.0.2 from old ones"
@bindir@/mysql --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
update user set show_db_priv= select_priv, super_priv=process_priv, execute_priv=process_priv, create_tmp_table_priv='Y', Lock_tables_priv='Y', Repl_slave_priv=file_priv, Repl_client_priv=file_priv
END_OF_DATA
echo ""
fi
# Add fields that can be used to limit number of questions and connections
# for some users.
@bindir@/mysql -f --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
ALTER TABLE user type=MyISAM;
ALTER TABLE db type=MyISAM;
ALTER TABLE host type=MyISAM;
ALTER TABLE func type=MyISAM;
ALTER TABLE columns_priv type=MyISAM;
ALTER TABLE tables_priv type=MyISAM;
alter table user
add max_questions int(11) NOT NULL AFTER x509_subject,
add max_updates int(11) unsigned NOT NULL AFTER max_questions,
add max_connections int(11) unsigned NOT NULL AFTER max_updates;
END_OF_DATA
#!/bin/sh
# Copyright (C) 1997, 1998, 1999 TCX DataKonsult AB & Monty Program KB & Detron HB
# Copyright (C) 2002 MySQL AB
# For a more info consult the file COPYRIGHT distributed with this file.
# This scripts creates the privilege tables db, host, user, tables_priv,
......@@ -224,7 +224,14 @@ then
c_u="$c_u References_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Index_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Alter_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u ssl_type enum('NONE','ANY','X509', 'SPECIFIED') DEFAULT 'NONE' NOT NULL,"
c_u="$c_u Show_db_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Super_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Create_tmp_table_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Lock_tables_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Execute_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Repl_slave_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Repl_client_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u ssl_type enum('','ANY','X509', 'SPECIFIED') DEFAULT '' NOT NULL,"
c_u="$c_u ssl_cipher BLOB NOT NULL,"
c_u="$c_u x509_issuer BLOB NOT NULL,"
c_u="$c_u x509_subject BLOB NOT NULL,"
......@@ -235,14 +242,14 @@ then
c_u="$c_u )"
c_u="$c_u comment='Users and global privileges';"
i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','NONE','','','',0,0,0);
INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','NONE','','','',0,0,0);
i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
REPLACE INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','NONE','','','',0,0,0);
REPLACE INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','NONE','','','',0,0,0);
REPLACE INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
REPLACE INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);
INSERT INTO user VALUES ('localhost','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','NONE','','','',0,0,0);
INSERT INTO user VALUES ('$hostname','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','NONE','','','',0,0,0);"
INSERT INTO user (host,user) values ('localhost','');
INSERT INTO user (host,user) values ('$hostname','');"
fi
if test ! -f $mdata/func.frm
......@@ -343,7 +350,7 @@ then
echo "cd @prefix@ ; $bindir/mysqld_safe &"
echo
echo "You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory:"
echo "cd sql-bench ; run-all-tests"
echo "cd sql-bench ; perl run-all-tests"
echo
fi
echo "Please report any problems with the @scriptdir@/mysqlbug script!"
......
#!/bin/sh
echo "This scripts updates the mysql.user, mysql.db, mysql.host and the"
echo "mysql.func table to MySQL 3.22.14 and above."
echo ""
echo "This is needed if you want to use the new GRANT functions,"
echo "CREATE AGGREAGATE FUNCTION or want to use the more secure passwords in 3.23"
echo ""
echo "If you get Access denied errors, you should run this script again"
echo "and give the MySQL root user password as a argument!"
root_password="$1"
host="localhost"
# Fix old password format, add File_priv and func table
echo ""
echo "If your tables are already up to date or partially up to date you will"
echo "get some warnings about 'Duplicated column name'. You can safely ignore these!"
# Add fields that can be used to limit number of questions and connections
# for some users.
@bindir@/mysql -f --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
alter table user add max_questions int(11) NOT NULL, add max_updates int(11) unsigned NOT NULL, add max_connections int(11) unsigned NOT NULL;
END_OF_DATA
......@@ -316,7 +316,7 @@ String *Item_func_des_decrypt::val_str(String *str)
{
uint key_number=(uint) (*res)[0] & 127;
// Check if automatic key and that we have privilege to uncompress using it
if (!(current_thd->master_access & PROCESS_ACL) || key_number > 9)
if (!(current_thd->master_access & SUPER_ACL) || key_number > 9)
goto error;
VOID(pthread_mutex_lock(&LOCK_des_key_file));
keyschedule= des_keyschedule[key_number];
......
......@@ -30,9 +30,9 @@
#endif
/*
** Symbols are breaked in to separated arrays to allow fieldnames with
** same name as functions
** Theese are kept sorted for human lookup (the symbols are hashed)
Symbols are breaked in to separated arrays to allow field names with
same name as functions.
These are kept sorted for human lookup (the symbols are hashed).
*/
static SYMBOL symbols[] = {
......@@ -86,6 +86,7 @@ static SYMBOL symbols[] = {
{ "CHECK", SYM(CHECK_SYM),0,0},
{ "CHECKSUM", SYM(CHECKSUM_SYM),0,0},
{ "CIPHER", SYM(CIPHER_SYM),0,0},
{ "CLIENT", SYM(CLIENT_SYM),0,0},
{ "CLOSE", SYM(CLOSE_SYM),0,0},
{ "COLUMN", SYM(COLUMN_SYM),0,0},
{ "COLUMNS", SYM(COLUMNS),0,0},
......@@ -136,6 +137,7 @@ static SYMBOL symbols[] = {
{ "ENCLOSED", SYM(ENCLOSED),0,0},
{ "ENUM", SYM(ENUM),0,0},
{ "EVENTS", SYM(EVENTS_SYM),0,0},
{ "EXECUTE", SYM(EXECUTE_SYM),0,0},
{ "EXPLAIN", SYM(DESCRIBE),0,0},
{ "EXISTS", SYM(EXISTS),0,0},
{ "EXTENDED", SYM(EXTENDED_SYM),0,0},
......@@ -289,6 +291,7 @@ static SYMBOL symbols[] = {
{ "RENAME", SYM(RENAME),0,0},
{ "REPAIR", SYM(REPAIR),0,0},
{ "REPLACE", SYM(REPLACE),0,0},
{ "REPLICATION", SYM(REPLICATION),0,0},
{ "REPEATABLE", SYM(REPEATABLE_SYM),0,0},
{ "REQUIRE", SYM(REQUIRE_SYM),0,0},
{ "RESET", SYM(RESET_SYM),0,0},
......@@ -344,6 +347,7 @@ static SYMBOL symbols[] = {
{ "STOP", SYM(STOP_SYM),0,0},
{ "STRIPED", SYM(RAID_STRIPED_SYM),0,0},
{ "SUBJECT", SYM(SUBJECT_SYM),0,0},
{ "SUPER", SYM(SUPER_SYM),0,0},
{ "TABLE", SYM(TABLE_SYM),0,0},
{ "TABLES", SYM(TABLES),0,0},
{ "TEMPORARY", SYM(TEMPORARY),0,0},
......
......@@ -826,7 +826,7 @@ bool MYSQL_LOG::write(THD *thd,enum enum_server_command command,
if (thd)
{ // Normal thread
if ((thd->options & OPTION_LOG_OFF) &&
(thd->master_access & PROCESS_ACL))
(thd->master_access & SUPER_ACL))
{
VOID(pthread_mutex_unlock(&LOCK_log));
return 0; // No logging
......@@ -907,7 +907,7 @@ bool MYSQL_LOG::write(Log_event* event_info)
IO_CACHE *file = &log_file;
#endif
if ((thd && !(thd->options & OPTION_BIN_LOG) &&
(thd->master_access & PROCESS_ACL)) ||
(thd->master_access & SUPER_ACL)) ||
(db && !db_ok(db, binlog_do_db, binlog_ignore_db)))
{
VOID(pthread_mutex_unlock(&LOCK_log));
......@@ -1084,7 +1084,7 @@ bool MYSQL_LOG::write(THD *thd,const char *query, uint query_length,
char buff[80],*end;
end=buff;
if (!(thd->options & OPTION_UPDATE_LOG) &&
(thd->master_access & PROCESS_ACL))
(thd->master_access & SUPER_ACL))
{
VOID(pthread_mutex_unlock(&LOCK_log));
return 0;
......
......@@ -321,11 +321,11 @@ void table_cache_free(void);
uint cached_tables(void);
void kill_mysql(void);
void close_connection(NET *net,uint errcode=0,bool lock=1);
bool check_access(THD *thd,uint access,const char *db=0,uint *save_priv=0,
bool check_access(THD *thd, ulong access, const char *db=0, ulong *save_priv=0,
bool no_grant=0, bool no_errors=0);
bool check_table_access(THD *thd,uint want_access, TABLE_LIST *tables,
bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
bool no_errors=0);
bool check_process_priv(THD *thd=0);
bool check_global_access(THD *thd, ulong want_access);
int mysql_backup_table(THD* thd, TABLE_LIST* table_list);
int mysql_restore_table(THD* thd, TABLE_LIST* table_list);
......
......@@ -3146,7 +3146,7 @@ static struct my_option my_long_options[] =
{"safe-mode", OPT_SAFE, "Skip some optimize stages (for testing).",
0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
{"safe-show-database", OPT_SAFE_SHOW_DB,
"Don't show databases for which the user has no privileges",
"Depricated option; One should use GRANT SHOW DATABASES instead...",
(gptr*) &opt_safe_show_db, (gptr*) &opt_safe_show_db, 0, GET_BOOL, NO_ARG,
0, 0, 0, 0, 0, 0},
{"safe-user-create", OPT_SAFE_USER_CREATE,
......
......@@ -24,7 +24,6 @@
#include "mini_client.h"
#include "log_event.h"
#include <mysql.h>
#include <thr_alarm.h>
#define SLAVE_LIST_CHUNK 128
#define SLAVE_ERRMSG_SIZE (FN_REFLEN+64)
......@@ -150,7 +149,7 @@ int register_slave(THD* thd, uchar* packet, uint packet_length)
int res = 1;
uchar* p = packet, *p_end = packet + packet_length;
if (check_access(thd, FILE_ACL, any_db))
if (check_access(thd, REPL_SLAVE_ACL, any_db))
return 1;
if (!(si = (SLAVE_INFO*)my_malloc(sizeof(SLAVE_INFO), MYF(MY_WME))))
......
......@@ -156,7 +156,7 @@
"%-.16s p-Bkaz nepstupn pro uivatele: '%-.32s@%-.64s' pro sloupec '%-.64s' v tabulce '%-.64s'",
"Neplatn-B pkaz GRANT/REVOKE. Prosm, pette si v manulu, jak privilegia je mon pout.",
"Argument p-Bkazu GRANT uivatel nebo stroj je pli dlouh",
"Tabulka '%-64s.%s' neexistuje",
"Tabulka '%-.64s.%s' neexistuje",
"Neexistuje odpov-Bdajc grant pro uivatele '%-.32s' na stroji '%-.64s' pro tabulku '%-.64s'",
"Pou-Bit pkaz nen v tto verzi MySQL povolen",
"Va-Be syntaxe je njak divn",
......@@ -236,4 +236,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -230,4 +230,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -155,7 +155,7 @@
"%-.16s commando geweigerd voor gebruiker: '%-.32s@%-.64s' voor kolom '%-.64s' in tabel '%-.64s'",
"Foutief GRANT/REVOKE commando. Raadpleeg de handleiding welke priveleges gebruikt kunnen worden.",
"De host of gebruiker parameter voor GRANT is te lang",
"Tabel '%-64s.%s' bestaat niet",
"Tabel '%-.64s.%s' bestaat niet",
"Deze toegang (GRANT) is niet toegekend voor gebruiker '%-.32s' op host '%-.64s' op tabel '%-.64s'",
"Het used commando is niet toegestaan in deze MySQL versie",
"Er is iets fout in de gebruikte syntax",
......@@ -235,4 +235,5 @@
"Kan de query niet uitvoeren vanwege een conflicterende read lock",
"Het combineren van transactionele en niet-transactionele tabellen is uitgeschakeld.",
"Optie '%s' tweemaal gebruikt in opdracht",
"Gebruiker '%-64s' heeft het maximale gebruik van de '%s' faciliteit overschreden (huidige waarde: %ld)",
"Gebruiker '%-.64s' heeft het maximale gebruik van de '%s' faciliteit overschreden (huidige waarde: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -227,4 +227,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -232,4 +232,5 @@
"Ei suuda tita pringut konfliktse luku tttu",
"Transaktsioone toetavate ning mittetoetavate tabelite kooskasutamine ei ole lubatud",
"Mrangut '%s' on lauses kasutatud topelt",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -147,7 +147,7 @@
"La commande '%-.16s' est interdite à l'utilisateur: '%-.32s@%-.64s' sur la colonne '%-.64s' de la table '%-.64s'",
"Commande GRANT/REVOKE incorrecte. Consultez le manuel.",
"L'hôte ou l'utilisateur donné en argument à GRANT est trop long",
"La table '%-64s.%s' n'existe pas",
"La table '%-.64s.%s' n'existe pas",
"Un tel droit n'est pas défini pour l'utilisateur '%-.32s' sur l'hôte '%-.64s' sur la table '%-.64s'",
"Cette commande n'existe pas dans cette version de MySQL",
"Erreur de syntaxe",
......@@ -227,4 +227,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -230,4 +230,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -227,4 +227,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -149,7 +149,7 @@
"%-.16s parancs a '%-.32s@%-.64s' felhasznalo szamara nem engedelyezett a '%-.64s' mezo eseten a '%-.64s' tablaban",
"Ervenytelen GRANT/REVOKE parancs. Kerem, nezze meg a kezikonyvben, milyen jogok lehetsegesek",
"A host vagy felhasznalo argumentuma tul hosszu a GRANT parancsban",
"A '%-64s.%s' tabla nem letezik",
"A '%-.64s.%s' tabla nem letezik",
"A '%-.32s' felhasznalo szamara a '%-.64s' host '%-.64s' tablajaban ez a parancs nem engedelyezett",
"A hasznalt parancs nem engedelyezett ebben a MySQL verzioban",
"Szintaktikai hiba",
......@@ -229,4 +229,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -147,7 +147,7 @@
"Comando %-.16s negato per l'utente: '%-.32s@%-.64s' sulla colonna '%-.64s' della tabella '%-.64s'",
"Comando GRANT/REVOKE illegale. Prego consultare il manuale per sapere quali privilegi possono essere usati.",
"L'argomento host o utente per la GRANT e` troppo lungo",
"La tabella '%-64s.%s' non esiste",
"La tabella '%-.64s.%s' non esiste",
"GRANT non definita per l'utente '%-.32s' dalla macchina '%-.64s' sulla tabella '%-.64s'",
"Il comando utilizzato non e` supportato in questa versione di MySQL",
"Errore di sintassi nella query SQL",
......@@ -227,4 +227,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -149,7 +149,7 @@
"コマンド %-.16s は ユーザー '%-.32s@%-.64s'\n カラム '%-.64s' テーブル '%-.64s' に対して許可されていません",
"Illegal GRANT/REVOKE command. Please consult the manual which privleges can be used.",
"The host or user argument to GRANT is too long",
"Table '%-64s.%s' doesn't exist",
"Table '%-.64s.%s' doesn't exist",
"There is no such grant defined for user '%-.32s' on host '%-.64s' on table '%-.64s'",
"The used command is not allowed with this MySQL version",
"Something is wrong in your syntax",
......@@ -229,4 +229,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -147,7 +147,7 @@
"'%-.16s' 명령은 다음 사용자에게 거부되었습니다. : '%-.32s@%-.64s' for 칼럼 '%-.64s' in 테이블 '%-.64s'",
"잘못된 GRANT/REVOKE 명령. 어떤 권리와 승인이 사용되어 질 수 있는지 메뉴얼을 보시오.",
"승인(GRANT)을 위하여 사용한 사용자나 호스트의 값들이 너무 깁니다.",
"테이블 '%-64s.%s' 는 존재하지 않습니다.",
"테이블 '%-.64s.%s' 는 존재하지 않습니다.",
"사용자 '%-.32s'(호스트 '%-.64s')는 테이블 '%-.64s'를 사용하기 위하여 정의된 승인은 없습니다. ",
"사용된 명령은 현재의 MySQL 버젼에서는 이용되지 않습니다.",
"SQL 구문에 오류가 있습니다.",
......@@ -227,4 +227,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -149,7 +149,7 @@
"%-.16s command denied to user: '%-.32s@%-.64s' for column '%-.64s' in table '%-.64s'",
"Illegal GRANT/REVOKE command. Please consult the manual which privleges can be used.",
"The host or user argument to GRANT is too long",
"Table '%-64s.%s' doesn't exist",
"Table '%-.64s.%s' doesn't exist",
"There is no such grant defined for user '%-.32s' on host '%-.64s' on table '%-.64s'",
"The used command is not allowed with this MySQL version",
"Something is wrong in your syntax",
......@@ -229,4 +229,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -149,7 +149,7 @@
"%-.16s command denied to user: '%-.32s@%-.64s' for column '%-.64s' in table '%-.64s'",
"Illegal GRANT/REVOKE command. Please consult the manual which privleges can be used.",
"The host or user argument to GRANT is too long",
"Table '%-64s.%s' doesn't exist",
"Table '%-.64s.%s' doesn't exist",
"There is no such grant defined for user '%-.32s' on host '%-.64s' on table '%-.64s'",
"The used command is not allowed with this MySQL version",
"Something is wrong in your syntax",
......@@ -229,4 +229,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -151,7 +151,7 @@
"%-.16s command denied to user: '%-.32s@%-.64s' for column '%-.64s' in table '%-.64s'",
"Illegal GRANT/REVOKE command. Please consult the manual which privleges can be used.",
"The host or user argument to GRANT is too long",
"Table '%-64s.%s' doesn't exist",
"Table '%-.64s.%s' doesn't exist",
"There is no such grant defined for user '%-.32s' on host '%-.64s' on table '%-.64s'",
"The used command is not allowed with this MySQL version",
"Something is wrong in your syntax",
......@@ -231,4 +231,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -227,4 +227,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -231,4 +231,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -230,4 +230,5 @@
" - ",
" transactional non-transactional ",
" '%s' ",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -155,7 +155,7 @@
"%-.16s command denied to user: '%-.32s@%-.64s' for column '%-.64s' in table '%-.64s'",
"Illegal GRANT/REVOKE command. Please consult the manual which privleges can be used.",
"The host or user argument to GRANT is too long",
"Table '%-64s.%s' doesn't exist",
"Table '%-.64s.%s' doesn't exist",
"There is no such grant defined for user '%-.32s' on host '%-.64s' on table '%-.64s'",
"The used command is not allowed with this MySQL version",
"Something is wrong in your syntax",
......@@ -235,4 +235,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -148,7 +148,7 @@
"%-.16s comando negado para usuario: '%-.32s@%-.64s' para columna '%-.64s' en la tabla '%-.64s'",
"Ilegal comando GRANT/REVOKE. Por favor consulte el manual para cuales permisos pueden ser usados.",
"El argumento para servidor o usuario para GRANT es demasiado grande",
"Tabla '%-64s.%s' no existe",
"Tabla '%-.64s.%s' no existe",
"No existe tal permiso definido para usuario '%-.32s' en el servidor '%-.64s' en la tabla '%-.64s'",
"El comando usado no es permitido con esta versión de MySQL",
"Algo está equivocado en su sintax",
......@@ -228,4 +228,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -61,7 +61,7 @@
"Kommandot har både sum functions och enkla funktioner",
"Antalet kolumner motsvarar inte antalet värden",
"Kolumn namn '%-.64s' är för långt",
"Kolumn namn '%-64s finns flera gånger",
"Kolumn namn '%-.64s finns flera gånger",
"Nyckel namn '%-.64s' finns flera gånger",
"Dubbel nyckel '%-.64s' för nyckel: %d",
"Felaktigt kolumn typ för kolumn: '%-.64s'",
......@@ -147,7 +147,7 @@
"%-.16s ej tillåtet för '%-.32s@%-.64s'\n för kolumn '%-.64s' i tabell '%-.64s'",
"Felaktigt GRANT privilegium använt",
"Felaktigt maskinnamn eller användarnamn använt med GRANT",
"Det finns ingen tabell som heter '%-64s.%s'"
"Det finns ingen tabell som heter '%-.64s.%s'"
"Det finns inget privilegium definierat för användare '%-.32s' på '%-.64s' för tabell '%-.64s'",
"Du kan inte använda detta kommando med denna MySQL version",
"Du har något fel i din syntax",
......@@ -227,4 +227,5 @@
"Kan inte utföra kommandot emedan du har ett READ lås",
"Blandning av transaktionella och icke-transaktionella tabeller är inaktiverat",
"Option '%s' användes två gånger",
"Användare '%-64s' har överskridit '%s' (nuvarande värde: %ld)",
"Användare '%-.64s' har överskridit '%s' (nuvarande värde: %ld)",
"Du har inte privlegiet '%-.128s' som behövs för denna operation",
......@@ -232,4 +232,5 @@
"Can't execute the query because you have a conflicting read lock",
"Mixing of transactional and non-transactional tables is disabled",
"Option '%s' used twice in statement",
"User '%-64s' has exceeded the '%s' resource (current value: %ld)",
"User '%-.64s' has exceeded the '%s' resource (current value: %ld)",
"Access denied. You need the %-.128s privilege for this operation",
......@@ -388,7 +388,8 @@ int terminate_slave_thread(THD* thd, pthread_mutex_t* term_lock,
}
}
DBUG_ASSERT(thd != 0);
/* is is criticate to test if the slave is running. Otherwise, we might
/*
Is is criticate to test if the slave is running. Otherwise, we might
be referening freed memory trying to kick it
*/
THD_CHECK_SENTRY(thd);
......@@ -398,22 +399,12 @@ int terminate_slave_thread(THD* thd, pthread_mutex_t* term_lock,
}
while (*slave_running)
{
/* there is a small chance that slave thread might miss the first
/*
There is a small chance that slave thread might miss the first
alarm. To protect againts it, resend the signal until it reacts
*/
struct timespec abstime;
#ifdef HAVE_TIMESPEC_TS_SEC
abstime.ts_sec=time(NULL)+2;
abstime.ts_nsec=0;
#elif defined(__WIN__)
abstime.tv_sec=time((time_t*) 0)+2;
abstime.tv_nsec=0;
#else
struct timeval tv;
gettimeofday(&tv,0);
abstime.tv_sec=tv.tv_sec+2;
abstime.tv_nsec=tv.tv_usec*1000;
#endif
set_timespec(abstime,2);
DBUG_ASSERT_LOCK(cond_lock);
pthread_cond_timedwait(term_cond, cond_lock, &abstime);
if (*slave_running)
......
This diff is collapsed.
......@@ -15,33 +15,49 @@
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#define SELECT_ACL 1
#define INSERT_ACL 2
#define UPDATE_ACL 4
#define DELETE_ACL 8
#define CREATE_ACL 16
#define DROP_ACL 32
#define RELOAD_ACL 64
#define SHUTDOWN_ACL 128
#define PROCESS_ACL 256
#define FILE_ACL 512
#define GRANT_ACL 1024
#define REFERENCES_ACL 2048
#define INDEX_ACL 4096
#define ALTER_ACL 8192
#define EXTRA_ACL 16384
#define DB_ACLS (UPDATE_ACL | SELECT_ACL | INSERT_ACL | \
DELETE_ACL | CREATE_ACL | DROP_ACL | GRANT_ACL | \
REFERENCES_ACL | INDEX_ACL | ALTER_ACL)
#define TABLE_ACLS (SELECT_ACL | INSERT_ACL | UPDATE_ACL | \
DELETE_ACL | CREATE_ACL | DROP_ACL | GRANT_ACL | \
REFERENCES_ACL | INDEX_ACL | ALTER_ACL)
#define COL_ACLS (SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
#define GLOBAL_ACLS (SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL |\
CREATE_ACL | DROP_ACL | RELOAD_ACL | SHUTDOWN_ACL |\
PROCESS_ACL | FILE_ACL | GRANT_ACL | REFERENCES_ACL |\
INDEX_ACL | ALTER_ACL)
#define NO_ACCESS 32768
#define SELECT_ACL (1L << 0)
#define INSERT_ACL (1L << 1)
#define UPDATE_ACL (1L << 2)
#define DELETE_ACL (1L << 3)
#define CREATE_ACL (1L << 4)
#define DROP_ACL (1L << 5)
#define RELOAD_ACL (1L << 6)
#define SHUTDOWN_ACL (1L << 7)
#define PROCESS_ACL (1L << 8)
#define FILE_ACL (1L << 9)
#define GRANT_ACL (1L << 10)
#define REFERENCES_ACL (1L << 11)
#define INDEX_ACL (1L << 12)
#define ALTER_ACL (1L << 13)
#define SHOW_DB_ACL (1L << 14)
#define SUPER_ACL (1L << 15)
#define CREATE_TMP_ACL (1L << 16)
#define LOCK_TABLES_ACL (1L << 17)
#define EXECUTE_ACL (1L << 18)
#define REPL_SLAVE_ACL (1L << 19)
#define REPL_CLIENT_ACL (1L << 20)
#define DB_ACLS \
(UPDATE_ACL | SELECT_ACL | INSERT_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL)
#define TABLE_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL)
#define COL_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
#define GLOBAL_ACLS \
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL | GRANT_ACL | \
REFERENCES_ACL | INDEX_ACL | ALTER_ACL | SHOW_DB_ACL | SUPER_ACL | \
CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL | \
EXECUTE_ACL)
#define EXTRA_ACL (1L << 29)
#define NO_ACCESS (1L << 30)
/* defines to change the above bits to how things are stored in tables */
......@@ -57,29 +73,30 @@
int acl_init(bool dont_read_acl_tables);
void acl_reload(void);
void acl_free(bool end=0);
uint acl_get(const char *host, const char *ip, const char *bin_ip,
ulong acl_get(const char *host, const char *ip, const char *bin_ip,
const char *user, const char *db);
uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
const char *password,const char *scramble,char **priv_user,
bool old_ver, USER_RESOURCES *max);
bool acl_check_host(const char *host, const char *ip);
bool change_password(THD *thd, const char *host, const char *user,
char *password);
int mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,
uint rights, bool revoke);
ulong rights, bool revoke);
int mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list,
List <LEX_COLUMN> &column_list, uint rights,
List <LEX_COLUMN> &column_list, ulong rights,
bool revoke);
int grant_init(void);
void grant_free(void);
void grant_reload(void);
bool check_grant(THD *thd, uint want_access, TABLE_LIST *tables,
bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
uint show_command=0, bool dont_print_error=0);
bool check_grant_column (THD *thd,TABLE *table, const char *name,uint length,
bool check_grant_column (THD *thd,TABLE *table, const char *name, uint length,
uint show_command=0);
bool check_grant_all_columns(THD *thd, uint want_access, TABLE *table);
bool check_grant_all_columns(THD *thd, ulong want_access, TABLE *table);
bool check_grant_db(THD *thd,const char *db);
uint get_table_grant(THD *thd, TABLE_LIST *table);
uint get_column_grant(THD *thd, TABLE_LIST *table, Field *field);
ulong get_table_grant(THD *thd, TABLE_LIST *table);
ulong get_column_grant(THD *thd, TABLE_LIST *table, Field *field);
int mysql_show_grants(THD *thd, LEX_USER *user);
void get_privilege_desc(char *to, uint max_length, ulong access);
void get_mqh(const char *user, const char *host, USER_CONN *uc);
......@@ -19,7 +19,6 @@
#include "mysql_priv.h"
#include "sql_acl.h"
#include <thr_alarm.h>
#include <m_ctype.h>
#include <my_dir.h>
#include <hash.h>
......
......@@ -248,10 +248,12 @@ void THD::awake(bool prepare_to_die)
pthread_mutex_lock(&mysys_var->mutex);
if (!system_thread) // Don't abort locks
mysys_var->abort=1;
// this broadcast could be up in the air if the victim thread
// exits the cond in the time between read and broadcast, but that is
// ok since all we want to do is to make the victim thread get out
// of waiting on current_cond
/*
This broadcast could be up in the air if the victim thread
exits the cond in the time between read and broadcast, but that is
ok since all we want to do is to make the victim thread get out
of waiting on current_cond.
*/
if (mysys_var->current_cond)
{
pthread_mutex_lock(mysys_var->current_mutex);
......@@ -262,8 +264,10 @@ void THD::awake(bool prepare_to_die)
}
}
// remember the location of thread info, the structure needed for
// sql_alloc() and the structure for the net buffer
/*
Remember the location of thread info, the structure needed for
sql_alloc() and the structure for the net buffer
*/
bool THD::store_globals()
{
......@@ -272,6 +276,7 @@ bool THD::store_globals()
my_pthread_setspecific_ptr(THR_NET, &net));
}
/* routings to adding tables to list of changed in transaction tables */
inline static void list_include(CHANGED_TABLE_LIST** prev,
......
......@@ -309,27 +309,18 @@ public:
*/
char *host,*user,*priv_user,*db,*ip;
/* proc_info points to a string that will show in the Info column of
SHOW PROCESSLIST output
host_or_ip points to host if host is available, otherwise points to ip
*/
const char *proc_info, *host_or_ip;
/* Points to info-string that will show in SHOW PROCESSLIST */
const char *proc_info;
/* points to host if host is available, otherwise points to ip */
const char *host_or_ip;
/*
client_capabilities has flags describing what the client can do
sql_mode determines if certain non-standard SQL behaviour should be
enabled
max_packet_length - supposed to be maximum packet length the client
can handle, but it currently appears to be assigned but never used
except for one debugging statement
*/
uint client_capabilities,sql_mode,max_packet_length;
uint client_capabilities; /* What the client supports */
ulong max_packet_length; /* Max packet length for client */
/* Determines if which non-standard SQL behaviour should be enabled */
uint sql_mode;
ulong master_access; /* Global privileges from mysql.user */
ulong db_access; /* Privileges for current db */
/*
master_access - privillege descriptor mask for system threads
db_access - privillege descriptor mask for regular threads
*/
uint master_access,db_access;
/*
open_tables - list of regular tables in use by this thread
......@@ -388,10 +379,10 @@ public:
max_join_size, sent_row_count, examined_row_count;
table_map used_tables;
USER_CONN *user_connect;
ulong query_id,version, inactive_timeout,options,thread_id;
ulong query_id,version, inactive_timeout,options,thread_id, col_access;
long dbug_thread_id;
pthread_t real_id;
uint current_tablenr,tmp_table,cond_count,col_access;
uint current_tablenr,tmp_table,cond_count;
uint server_status,open_options;
uint32 query_length;
uint32 db_length;
......
......@@ -102,7 +102,7 @@ int mysql_insert(THD *thd,TABLE_LIST *table_list, List<Item> &fields,
{
int error;
bool log_on= ((thd->options & OPTION_UPDATE_LOG) ||
!(thd->master_access & PROCESS_ACL));
!(thd->master_access & SUPER_ACL));
bool using_transactions, bulk_insert=0;
uint value_count;
uint save_time_stamp;
......
......@@ -63,33 +63,15 @@ enum enum_sql_command {
SQLCOM_END
};
enum lex_states { STATE_START, STATE_CHAR, STATE_IDENT,
STATE_IDENT_SEP,
STATE_IDENT_START,
STATE_FOUND_IDENT,
STATE_SIGNED_NUMBER,
STATE_REAL,
STATE_HEX_NUMBER,
STATE_CMP_OP,
STATE_LONG_CMP_OP,
STATE_STRING,
STATE_COMMENT,
STATE_END,
STATE_OPERATOR_OR_IDENT,
STATE_NUMBER_IDENT,
STATE_INT_OR_REAL,
STATE_REAL_OR_POINT,
STATE_BOOL,
STATE_EOL,
STATE_ESCAPE,
STATE_LONG_COMMENT,
STATE_END_LONG_COMMENT,
STATE_COLON,
STATE_SET_VAR,
STATE_USER_END,
STATE_HOSTNAME,
STATE_SKIP,
STATE_USER_VARIABLE_DELIMITER
enum lex_states
{
STATE_START, STATE_CHAR, STATE_IDENT, STATE_IDENT_SEP, STATE_IDENT_START,
STATE_FOUND_IDENT, STATE_SIGNED_NUMBER, STATE_REAL, STATE_HEX_NUMBER,
STATE_CMP_OP, STATE_LONG_CMP_OP, STATE_STRING, STATE_COMMENT, STATE_END,
STATE_OPERATOR_OR_IDENT, STATE_NUMBER_IDENT, STATE_INT_OR_REAL,
STATE_REAL_OR_POINT, STATE_BOOL, STATE_EOL, STATE_ESCAPE, STATE_LONG_COMMENT,
STATE_END_LONG_COMMENT, STATE_COLON, STATE_SET_VAR, STATE_USER_END,
STATE_HOSTNAME, STATE_SKIP, STATE_USER_VARIABLE_DELIMITER
};
typedef List<Item> List_item;
......
This diff is collapsed.
......@@ -21,7 +21,6 @@
#include "sql_acl.h"
#include "log_event.h"
#include "mini_client.h"
#include <thr_alarm.h>
#include <my_dir.h>
#include <assert.h>
......@@ -537,11 +536,13 @@ impossible position";
thd->proc_info = "waiting to finalize termination";
end_io_cache(&log);
pthread_mutex_lock(&LOCK_thread_count);
// exclude iteration through thread list
// this is needed for purge_logs() - it will iterate through
// thread list and update thd->current_linfo->index_file_offset
// this mutex will make sure that it never tried to update our linfo
// after we return from this stack frame
/*
Exclude iteration through thread list
this is needed for purge_logs() - it will iterate through
thread list and update thd->current_linfo->index_file_offset
this mutex will make sure that it never tried to update our linfo
after we return from this stack frame
*/
thd->current_linfo = 0;
pthread_mutex_unlock(&LOCK_thread_count);
if (file >= 0)
......@@ -557,7 +558,7 @@ int start_slave(THD* thd , MASTER_INFO* mi, bool net_report)
NET* net = &thd->net;
int thread_mask;
if (check_access(thd, PROCESS_ACL, any_db))
if (check_access(thd, SUPER_ACL, any_db))
return 1;
lock_slave_threads(mi); // this allows us to cleanly read slave_running
init_thread_mask(&thread_mask,mi,1 /* inverse */);
......@@ -597,7 +598,7 @@ int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report )
if (!thd) thd = current_thd;
NET* net = &thd->net;
if (check_access(thd, PROCESS_ACL, any_db))
if (check_access(thd, SUPER_ACL, any_db))
return 1;
thd->proc_info = "Killing slave";
int thread_mask;
......
......@@ -78,7 +78,7 @@ mysqld_show_dbs(THD *thd,const char *wild)
List_iterator_fast<char> it(files);
while ((file_name=it++))
{
if (!opt_safe_show_db || thd->master_access ||
if (thd->master_access & (DB_ACLS | SHOW_DB_ACL) ||
acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
thd->priv_user, file_name) ||
(grant_option && !check_grant_db(thd, file_name)))
......
......@@ -81,7 +81,6 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token LAST_SYM
%token NEXT_SYM
%token PREV_SYM
%token SQL_CALC_FOUND_ROWS
%token EQ
%token EQUAL_SYM
......@@ -95,50 +94,54 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token SHIFT_RIGHT
%token SET_VAR
%token AVG_SYM
%token COUNT_SYM
%token MAX_SYM
%token MIN_SYM
%token SUM_SYM
%token STD_SYM
%token ABORT_SYM
%token ADD
%token ALTER
%token AFTER_SYM
%token ALTER
%token ANALYZE_SYM
%token AVG_SYM
%token BEGIN_SYM
%token BINLOG_SYM
%token CHANGE
%token CLIENT_SYM
%token COMMENT_SYM
%token COMMIT_SYM
%token COUNT_SYM
%token CREATE
%token CROSS
%token DELETE_SYM
%token DO_SYM
%token DROP
%token INSERT
%token EVENTS_SYM
%token EXECUTE_SYM
%token FLUSH_SYM
%token SELECT_SYM
%token INSERT
%token IO_THREAD
%token KILL_SYM
%token LOAD
%token LOCKS_SYM
%token LOCK_SYM
%token MASTER_SYM
%token MAX_SYM
%token MIN_SYM
%token OPTIMIZE
%token PURGE
%token REPAIR
%token REPLICATION
%token RESET_SYM
%token PURGE
%token ROLLBACK_SYM
%token SELECT_SYM
%token SHOW
%token SLAVE
%token IO_THREAD
%token SQL_THREAD
%token START_SYM
%token STD_SYM
%token STOP_SYM
%token SUM_SYM
%token SUPER_SYM
%token TRUNCATE_SYM
%token ROLLBACK_SYM
%token OPTIMIZE
%token SHOW
%token UPDATE_SYM
%token KILL_SYM
%token LOAD
%token LOCK_SYM
%token LOCKS_SYM
%token UNLOCK_SYM
%token BINLOG_SYM
%token EVENTS_SYM
%token UPDATE_SYM
%token ACTION
%token AGGREGATE_SYM
......@@ -302,8 +305,6 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token SERIALIZABLE_SYM
%token SESSION_SYM
%token SHUTDOWN
%token SQL_CACHE_SYM
%token SQL_NO_CACHE_SYM
%token SSL_SYM
%token STARTING
%token STATUS_SYM
......@@ -459,21 +460,24 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token END
%token THEN_SYM
%token SQL_BIG_TABLES
%token SQL_AUTO_IS_NULL
%token SQL_BIG_RESULT
%token SQL_BIG_SELECTS
%token SQL_SELECT_LIMIT
%token SQL_MAX_JOIN_SIZE
%token SQL_BIG_TABLES
%token SQL_CACHE_SYM
%token SQL_CALC_FOUND_ROWS
%token SQL_LOG_BIN
%token SQL_LOG_OFF
%token SQL_LOG_UPDATE
%token SQL_LOW_PRIORITY_UPDATES
%token SQL_MAX_JOIN_SIZE
%token SQL_NO_CACHE_SYM
%token SQL_QUERY_CACHE_TYPE_SYM
%token SQL_SAFE_UPDATES
%token SQL_SELECT_LIMIT
%token SQL_SMALL_RESULT
%token SQL_BIG_RESULT
%token SQL_BUFFER_RESULT
%token SQL_WARNINGS
%token SQL_AUTO_IS_NULL
%token SQL_SAFE_UPDATES
%token SQL_QUERY_CACHE_TYPE_SYM
%token SQL_BUFFER_RESULT
%token SQL_QUOTE_SHOW_CREATE
%token SQL_SLAVE_SKIP_COUNTER
......@@ -2990,6 +2994,7 @@ keyword:
| CHECKSUM_SYM {}
| CHECK_SYM {}
| CIPHER_SYM {}
| CLIENT_SYM {}
| CLOSE_SYM {}
| COMMENT_SYM {}
| COMMITTED_SYM {}
......@@ -3011,6 +3016,7 @@ keyword:
| ENUM {}
| ESCAPE_SYM {}
| EVENTS_SYM {}
| EXECUTE_SYM {}
| EXTENDED_SYM {}
| FAST_SYM {}
| DISABLE_SYM {}
......@@ -3083,6 +3089,7 @@ keyword:
| RELOAD {}
| REPAIR {}
| REPEATABLE_SYM {}
| REPLICATION {}
| RESET_SYM {}
| RESOURCES {}
| RESTORE_SYM {}
......@@ -3106,6 +3113,7 @@ keyword:
| STOP_SYM {}
| STRING_SYM {}
| SUBJECT_SYM {}
| SUPER_SYM {}
| TEMPORARY {}
| TEXT_SYM {}
| TRANSACTION_SYM {}
......@@ -3318,7 +3326,7 @@ set_option:
set_isolation:
GLOBAL_SYM tx_isolation
{
if (check_process_priv())
if (check_global_access(current_thd, SUPER_ACL))
YYABORT;
default_tx_isolation= $2;
default_tx_isolation_name=tx_isolation_typelib.type_names[default_tx_isolation];
......@@ -3461,35 +3469,37 @@ grant:
grant_privileges:
grant_privilege_list {}
| ALL PRIVILEGES { Lex->grant = UINT_MAX;}
| ALL { Lex->grant = UINT_MAX;};
| ALL PRIVILEGES { Lex->grant = GLOBAL_ACLS;}
| ALL { Lex->grant = GLOBAL_ACLS;};
grant_privilege_list:
grant_privilege
| grant_privilege_list ',' grant_privilege;
grant_privilege:
SELECT_SYM
{ Lex->which_columns = SELECT_ACL;}
opt_column_list
| INSERT
{ Lex->which_columns = INSERT_ACL; }
opt_column_list
| UPDATE_SYM
{ Lex->which_columns = UPDATE_ACL; }
opt_column_list
| DELETE_SYM { Lex->grant |= DELETE_ACL;}
SELECT_SYM { Lex->which_columns = SELECT_ACL;} opt_column_list
| INSERT { Lex->which_columns = INSERT_ACL;} opt_column_list
| UPDATE_SYM { Lex->which_columns = UPDATE_ACL; } opt_column_list
| REFERENCES { Lex->which_columns = REFERENCES_ACL;} opt_column_list
| DELETE_SYM { Lex->grant |= DELETE_ACL;}
| USAGE {}
| INDEX { Lex->grant |= INDEX_ACL;}
| ALTER { Lex->grant |= ALTER_ACL;}
| CREATE { Lex->grant |= CREATE_ACL;}
| DROP { Lex->grant |= DROP_ACL;}
| EXECUTE_SYM { Lex->grant |= EXECUTE_ACL;}
| RELOAD { Lex->grant |= RELOAD_ACL;}
| SHUTDOWN { Lex->grant |= SHUTDOWN_ACL;}
| PROCESS { Lex->grant |= PROCESS_ACL;}
| FILE_SYM { Lex->grant |= FILE_ACL;}
| GRANT OPTION { Lex->grant |= GRANT_ACL;};
| GRANT OPTION { Lex->grant |= GRANT_ACL;}
| SHOW DATABASES { Lex->grant |= SHOW_DB_ACL;}
| SUPER_SYM { Lex->grant |= SUPER_ACL;}
| CREATE TEMPORARY TABLES { Lex->grant |= CREATE_TMP_ACL;}
| LOCK_SYM TABLES { Lex->grant |= LOCK_TABLES_ACL; }
| REPLICATION SLAVE { Lex->grant |= REPL_SLAVE_ACL;}
| REPLICATION CLIENT_SYM { Lex->grant |= REPL_CLIENT_ACL;}
;
require_list: require_list_element AND require_list
| require_list_element ;
......@@ -3523,14 +3533,15 @@ require_list_element: SUBJECT_SYM TEXT_STRING
YYABORT;
}
lex->ssl_cipher=$2.str;
};
}
;
opt_table:
'*'
{
LEX *lex=Lex;
lex->select->db=lex->thd->db;
if (lex->grant == UINT_MAX)
if (lex->grant == GLOBAL_ACLS)
lex->grant = DB_ACLS & ~GRANT_ACL;
else if (lex->columns.elements)
{
......@@ -3542,7 +3553,7 @@ opt_table:
{
LEX *lex=Lex;
lex->select->db = $1.str;
if (lex->grant == UINT_MAX)
if (lex->grant == GLOBAL_ACLS)
lex->grant = DB_ACLS & ~GRANT_ACL;
else if (lex->columns.elements)
{
......@@ -3554,8 +3565,8 @@ opt_table:
{
LEX *lex=Lex;
lex->select->db = NULL;
if (lex->grant == UINT_MAX)
lex->grant = GLOBAL_ACLS & ~GRANT_ACL;
if (lex->grant == GLOBAL_ACLS)
lex->grant= GLOBAL_ACLS & ~GRANT_ACL;
else if (lex->columns.elements)
{
send_error(&lex->thd->net,ER_ILLEGAL_GRANT_FOR_TABLE);
......@@ -3567,7 +3578,7 @@ opt_table:
LEX *lex=Lex;
if (!add_table_to_list($1,NULL,0))
YYABORT;
if (lex->grant == UINT_MAX)
if (lex->grant == GLOBAL_ACLS)
lex->grant = TABLE_ACLS & ~GRANT_ACL;
};
......
......@@ -37,8 +37,8 @@ typedef struct st_grant_info
{
GRANT_TABLE *grant_table;
uint version;
uint privilege;
uint want_privilege;
ulong privilege;
ulong want_privilege;
} GRANT_INFO;
enum tmp_table_type {NO_TMP_TABLE=0, TMP_TABLE=1, TRANSACTIONAL_TMP_TABLE=2};
......
......@@ -36,7 +36,8 @@ $|=1;
$tables_cols="Host, Db, User, Table_name, Grantor, Table_priv, Column_priv";
$columns_cols="Host, Db, User, Table_name, Column_name, Column_priv";
$tmp_table="/tmp/grant-$$.test";
$tmp_table="/tmp/mysql-grant.test"; # Can't use $$ as we are logging result
unlink($tmp_table);
#
# clear grant tables
......@@ -74,6 +75,7 @@ user_connect(0);
user_query("select * from mysql.user where user = '$opt_user'");
user_query("select * from mysql.db where user = '$opt_user'");
safe_query("grant select on *.* to $user,$user");
safe_query("show grants for $user");
# The following should fail
user_query("insert into mysql.user (host,user) values ('error','$opt_user')",1);
......@@ -384,7 +386,9 @@ safe_query("select $columns_cols from mysql.columns_priv where user = '$opt_user
# Clear up privileges to make future tests easier
safe_query("delete from user where user='$opt_user'");
safe_query("delete from db where user='$opt_user'");
safe_query("flush privileges");
safe_query("show grants for $user",1);
#
# Test IDENTIFIED BY
......@@ -394,7 +398,9 @@ safe_query("grant ALL PRIVILEGES on $opt_database.test to $user identified by 'd
user_connect(0,"dummy");
safe_query("grant SELECT on $opt_database.* to $user identified by ''");
user_connect(0);
safe_query("revoke SELECT on $opt_database.* from $user identified by ''");
safe_query("revoke ALL PRIVILEGES on $opt_database.test from $user identified by ''");
safe_query("revoke ALL PRIVILEGES on $opt_database.* from $user identified by ''");
safe_query("show grants for $user");
#
# Test bug reported in SELECT INTO OUTFILE
......@@ -407,7 +413,7 @@ safe_query("insert into $opt_database.test3 values (1)");
user_connect(0);
user_query("select * into outfile '$tmp_table' from $opt_database.test3");
safe_query("revoke SELECT on $opt_database.test3 from $user");
safe_query("revoke FILE from *.* from $user");
safe_query("revoke FILE on *.* from $user");
safe_query("drop table $opt_database.test3");
#
......@@ -415,24 +421,36 @@ safe_query("drop table $opt_database.test3");
#
safe_query("create table $opt_database.test3 (a int)");
user_connect(1);
safe_query("grant INSERT on $opt_database.test3 to $user");
user_connect(0);
user_query("select * into outfile '$tmp_table' from $opt_database.test3",1);
safe_query("grant SELECT on $opt_database.test3 to $user");
user_connect(0);
user_query("LOCK TABLES $opt_database.test3",1);
safe_query("grant INSERT,UPDATE,DELETE on $opt_database.test3 to $user");
user_query("LOCK TABLES $opt_database.test3 READ",1);
safe_query("grant LOCK TABLES on *.* to $user");
safe_query("show grants for $user");
safe_query("select * from mysql.user where user='$opt_user'");
user_connect(0);
user_query("LOCK TABLES $opt_database.test3");
safe_query("revoke SELECT, INSERT,UPDATE,DELETE on $opt_database.test3 from $user");
safe_query("grant SELECT,INSERT,UPDATE,DELETE on $opt_database.* to $user");
user_connect(0);
user_query("LOCK TABLES $opt_database.test3");
safe_query("revoke SELECT, INSERT,UPDATE,DELETE on $opt_database.* from $user");
safe_query("grant SELECT,INSERT,UPDATE,DELETE on *.* to $user");
user_connect(0);
user_query("LOCK TABLES $opt_database.test3");
user_query("LOCK TABLES $opt_database.test3 READ");
user_query("UNLOCK TABLES");
safe_query("revoke SELECT, INSERT,UPDATE,DELETE on *.* from $user");
safe_query("revoke SELECT,INSERT,UPDATE,DELETE on $opt_database.test3 from $user");
user_connect(1);
safe_query("revoke LOCK TABLES on *.* from $user");
safe_query("drop table $opt_database.test3");
#
# test new privileges in 4.0.2
#
safe_query("show grants for $user");
safe_query("grant all on *.* to $user WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3");
safe_query("show grants for $user");
safe_query("revoke LOCK TABLES on *.* from $user");
safe_query("flush privileges");
safe_query("show grants for $user");
safe_query("revoke ALL PRIVILEGES on *.* from $user");
safe_query("show grants for $user");
#
# Clean up things
......
......@@ -19,10 +19,13 @@ Access denied for user: 'grant_user@localhost' (Using password: NO)
set password FOR grant_user=''
Connecting grant_user
select * from mysql.user where user = 'grant_user'
localhost grant_user Y N N N N N N N N N N N N N NONE
localhost grant_user Y N N N N N N N N N N N N N N N N N N N N 0 0 0
select * from mysql.db where user = 'grant_user'
grant select on *.* to grant_user@localhost,grant_user@localhost
show grants for grant_user@localhost
GRANT SELECT ON *.* TO 'grant_user'@'localhost'
insert into mysql.user (host,user) values ('error','grant_user')
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
update mysql.user set host='error' WHERE user='grant_user'
......@@ -93,7 +96,7 @@ delete from user where user='grant_user'
flush privileges
grant select on grant_test.* to grant_user@localhost
select * from mysql.user where user = 'grant_user'
localhost grant_user N N N N N N N N N N N N N N NONE
localhost grant_user N N N N N N N N N N N N N N N N N N N N N 0 0 0
select * from mysql.db where user = 'grant_user'
localhost grant_test grant_user Y N N N N N N N N N
......@@ -152,7 +155,7 @@ insert into mysql.user (host,user) values ('error','grant_user',0)
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost
select * from mysql.user where user = 'grant_user'
localhost grant_user N N N N N N N N N N N N N N NONE
localhost grant_user N N N N N N N N N N N N N N N N N N N N N 0 0 0
select * from mysql.db where user = 'grant_user'
Connecting grant_user
......@@ -432,18 +435,66 @@ localhost grant_test grant_user N Y N N N N N N N N
select Host, Db, User, Table_name, Grantor, Table_priv, Column_priv from mysql.tables_priv where user = 'grant_user'
select Host, Db, User, Table_name, Column_name, Column_priv from mysql.columns_priv where user = 'grant_user'
delete from user where user='grant_user'
delete from db where user='grant_user'
flush privileges
show grants for grant_user@localhost
Error in execute: There is no such grant defined for user 'grant_user' on host 'localhost'
grant ALL PRIVILEGES on grant_test.test to grant_user@localhost identified by 'dummy', grant_user@127.0.0.1 identified by 'dummy2'
Connecting grant_user
grant SELECT on grant_test.* to grant_user@localhost identified by ''
Connecting grant_user
revoke SELECT on grant_test.* from grant_user@localhost identified by ''
revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by ''
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost identified by ''
show grants for grant_user@localhost
create table grant_test.test3 (a int)
grant SELECT on grant_test.test3 to grant_user@localhost
grant FILE on *.* to grant_user@localhost
insert into grant_test.test3 values (1)
Connecting grant_user
select * into outfile '/tmp/grant-11047.test' from grant_test.test3
select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
revoke SELECT on grant_test.test3 from grant_user@localhost
revoke FILE on *.* from grant_user@localhost
drop table grant_test.test3
create table grant_test.test3 (a int)
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant INSERT on grant_test.test3 to grant_user@localhost
Connecting grant_user
select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
Error in execute: Access denied for user: 'grant_user@localhost' (Using password: NO)
grant SELECT on grant_test.test3 to grant_user@localhost
Connecting grant_user
LOCK TABLES grant_test.test3 READ
Error in execute: Access denied for user: 'grant_user@localhost' (Using password: NO)
grant LOCK TABLES on *.* to grant_user@localhost
show grants for grant_user@localhost
GRANT LOCK TABLES ON *.* TO 'grant_user'@'localhost'
GRANT SELECT, INSERT ON grant_test.test3 TO 'grant_user'@'localhost'
select * from mysql.user where user='grant_user'
127.0.0.1 grant_user 7f70e8b858ee6782 N N N N N N N N N N N N N N N N N N N N N 0 0 0
localhost grant_user N N N N N N N N N N N N N N N N N Y N N N 0 0 0
Connecting grant_user
LOCK TABLES grant_test.test3 READ
UNLOCK TABLES
revoke SELECT,INSERT,UPDATE,DELETE on grant_test.test3 from grant_user@localhost
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
revoke LOCK TABLES on *.* from grant_user@localhost
drop table grant_test.test3
show grants for grant_user@localhost
grant all on *.* to grant_user@localhost WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
show grants for grant_user@localhost
GRANT ALL PRIVILEGES ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
revoke LOCK TABLES on *.* from grant_user@localhost
flush privileges
show grants for grant_user@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
revoke ALL PRIVILEGES on *.* from grant_user@localhost
show grants for grant_user@localhost
drop database grant_test
delete from user where user='grant_user'
delete from db where user='grant_user'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment