REVOKE all privileges and delete user(244)

parent 7342852d
...@@ -282,4 +282,6 @@ ...@@ -282,4 +282,6 @@
#define ER_WARN_DATA_TRUNCATED 1263 #define ER_WARN_DATA_TRUNCATED 1263
#define ER_WARN_USING_OTHER_HANDLER 1264 #define ER_WARN_USING_OTHER_HANDLER 1264
#define ER_CANT_AGGREGATE_COLLATIONS 1265 #define ER_CANT_AGGREGATE_COLLATIONS 1265
#define ER_DROP_USER 1266
#define ER_REVOKE_GRANTS 1267
#define ER_ERROR_MESSAGES 266 #define ER_ERROR_MESSAGES 266
drop table if exists t1;
create table t1 (a int);
delete from mysql.user where user='mysqltest_1'; delete from mysql.user where user='mysqltest_1';
delete from mysql.db where user='mysqltest_1'; delete from mysql.db where user='mysqltest_1';
flush privileges; flush privileges;
...@@ -69,3 +71,36 @@ show grants for user@localhost; ...@@ -69,3 +71,36 @@ show grants for user@localhost;
Grants for user@localhost Grants for user@localhost
GRANT USAGE ON *.* TO 'user'@'localhost' GRANT USAGE ON *.* TO 'user'@'localhost'
GRANT USAGE ON `test`.* TO 'user'@'localhost' WITH GRANT OPTION GRANT USAGE ON `test`.* TO 'user'@'localhost' WITH GRANT OPTION
grant ALL PRIVILEGES on *.* to drop_user2@localhost with GRANT OPTION;
show grants for drop_user2@localhost;
Grants for drop_user2@localhost
GRANT ALL PRIVILEGES ON *.* TO 'drop_user2'@'localhost' WITH GRANT OPTION
revoke all privileges, grant from drop_user2@localhost;
drop user drop_user2@localhost;
grant ALL PRIVILEGES on *.* to drop_user@localhost with GRANT OPTION;
grant ALL PRIVILEGES on test.* to drop_user@localhost with GRANT OPTION;
grant select(a) on test.t1 to drop_user@localhost;
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT ALL PRIVILEGES ON *.* TO 'drop_user'@'localhost' WITH GRANT OPTION
GRANT ALL PRIVILEGES ON `test`.* TO 'drop_user'@'localhost' WITH GRANT OPTION
GRANT SELECT (a) ON `test`.`t1` TO 'drop_user'@'localhost'
revoke all privileges, grant from drop_user@localhost;
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT USAGE ON *.* TO 'drop_user'@'localhost'
drop user drop_user@localhost;
revoke all privileges, grant from drop_user@localhost;
Can't revoke all privileges, grant for one or more of the requested users
grant select(a) on test.t1 to drop_user1@localhost;
grant select on test.t1 to drop_user2@localhost;
grant select on test.* to drop_user3@localhost;
grant select on *.* to drop_user4@localhost;
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
Can't drop one or more of the requested users
revoke all privileges, grant from drop_user1@localhost, drop_user2@localhost,
drop_user3@localhost, drop_user4@localhost;
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
drop table t1;
--disable_warnings
drop table if exists t1;
--enable_warnings
create table t1 (a int);
# #
# Test that SSL options works properly # Test that SSL options works properly
# #
...@@ -42,3 +48,35 @@ flush privileges; ...@@ -42,3 +48,35 @@ flush privileges;
grant usage on test.* to user@localhost with grant option; grant usage on test.* to user@localhost with grant option;
show grants for user@localhost; show grants for user@localhost;
#
# Test for 'drop user', 'revoke privileges, grant'
#
grant ALL PRIVILEGES on *.* to drop_user2@localhost with GRANT OPTION;
show grants for drop_user2@localhost;
revoke all privileges, grant from drop_user2@localhost;
drop user drop_user2@localhost;
grant ALL PRIVILEGES on *.* to drop_user@localhost with GRANT OPTION;
grant ALL PRIVILEGES on test.* to drop_user@localhost with GRANT OPTION;
grant select(a) on test.t1 to drop_user@localhost;
show grants for drop_user@localhost;
revoke all privileges, grant from drop_user@localhost;
show grants for drop_user@localhost;
drop user drop_user@localhost;
--error 1267
revoke all privileges, grant from drop_user@localhost;
grant select(a) on test.t1 to drop_user1@localhost;
grant select on test.t1 to drop_user2@localhost;
grant select on test.* to drop_user3@localhost;
grant select on *.* to drop_user4@localhost;
--error 1266
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
revoke all privileges, grant from drop_user1@localhost, drop_user2@localhost,
drop_user3@localhost, drop_user4@localhost;
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
drop table t1;
...@@ -396,6 +396,7 @@ static SYMBOL symbols[] = { ...@@ -396,6 +396,7 @@ static SYMBOL symbols[] = {
{ "UNSIGNED", SYM(UNSIGNED),0,0}, { "UNSIGNED", SYM(UNSIGNED),0,0},
{ "USE", SYM(USE_SYM),0,0}, { "USE", SYM(USE_SYM),0,0},
{ "USE_FRM", SYM(USE_FRM),0,0}, { "USE_FRM", SYM(USE_FRM),0,0},
{ "USER", SYM(USER),0,0},
{ "USING", SYM(USING),0,0}, { "USING", SYM(USING),0,0},
{ "UPDATE", SYM(UPDATE_SYM),0,0}, { "UPDATE", SYM(UPDATE_SYM),0,0},
{ "USAGE", SYM(USAGE),0,0}, { "USAGE", SYM(USAGE),0,0},
...@@ -632,7 +633,6 @@ static SYMBOL sql_functions[] = { ...@@ -632,7 +633,6 @@ static SYMBOL sql_functions[] = {
{ "UNIQUE_USERS", SYM(UNIQUE_USERS),0,0}, { "UNIQUE_USERS", SYM(UNIQUE_USERS),0,0},
{ "UNIX_TIMESTAMP", SYM(UNIX_TIMESTAMP),0,0}, { "UNIX_TIMESTAMP", SYM(UNIX_TIMESTAMP),0,0},
{ "UPPER", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_ucase)}, { "UPPER", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_ucase)},
{ "USER", SYM(USER),0,0},
{ "VARIANCE", SYM(VARIANCE_SYM),0,0}, { "VARIANCE", SYM(VARIANCE_SYM),0,0},
{ "VERSION", SYM(FUNC_ARG0),0,CREATE_FUNC(create_func_version)}, { "VERSION", SYM(FUNC_ARG0),0,CREATE_FUNC(create_func_version)},
{ "WEEK", SYM(WEEK_SYM),0,0}, { "WEEK", SYM(WEEK_SYM),0,0},
......
...@@ -271,3 +271,5 @@ v/* ...@@ -271,3 +271,5 @@ v/*
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -265,3 +265,5 @@ ...@@ -265,3 +265,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -273,3 +273,5 @@ ...@@ -273,3 +273,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -267,3 +267,5 @@ ...@@ -267,3 +267,5 @@
"Data truncated for column '%s' at row %ld" "Data truncated for column '%s' at row %ld"
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -267,3 +267,5 @@ ...@@ -267,3 +267,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -262,3 +262,5 @@ ...@@ -262,3 +262,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -271,3 +271,5 @@ ...@@ -271,3 +271,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -262,3 +262,5 @@ ...@@ -262,3 +262,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -264,3 +264,5 @@ ...@@ -264,3 +264,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -262,3 +262,5 @@ ...@@ -262,3 +262,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -264,3 +264,5 @@ ...@@ -264,3 +264,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -262,3 +262,5 @@ ...@@ -262,3 +262,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -264,3 +264,5 @@ ...@@ -264,3 +264,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -264,3 +264,5 @@ ...@@ -264,3 +264,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -266,3 +266,5 @@ ...@@ -266,3 +266,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -262,3 +262,5 @@ ...@@ -262,3 +262,5 @@
"%d linha(s) foi(foram) cortada(s) por group_concat()", "%d linha(s) foi(foram) cortada(s) por group_concat()",
"Usando engine de armazenamento %s para tabela '%s'", "Usando engine de armazenamento %s para tabela '%s'",
"Combinação ilegal de collations (%s,%s) e (%s,%s) para operação '%s'", "Combinação ilegal de collations (%s,%s) e (%s,%s) para operação '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -266,3 +266,5 @@ ...@@ -266,3 +266,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -264,3 +264,5 @@ ...@@ -264,3 +264,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -258,3 +258,5 @@ ...@@ -258,3 +258,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -270,3 +270,5 @@ ...@@ -270,3 +270,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -263,3 +263,5 @@ ...@@ -263,3 +263,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -262,3 +262,5 @@ ...@@ -262,3 +262,5 @@
"%d rad(er) kapades av group_concat()", "%d rad(er) kapades av group_concat()",
"Använder handler %s för tabell '%s'", "Använder handler %s för tabell '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -267,3 +267,5 @@ ...@@ -267,3 +267,5 @@
"%d line(s) was(were) cut by group_concat()", "%d line(s) was(were) cut by group_concat()",
"Using storage engine %s for table '%s'", "Using storage engine %s for table '%s'",
"Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'", "Illegal mix of collations (%s,%s) and (%s,%s) for operation '%s'",
"Can't drop one or more of the requested users"
"Can't revoke all privileges, grant for one or more of the requested users"
...@@ -2179,11 +2179,6 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, ...@@ -2179,11 +2179,6 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
{ {
int error; int error;
GRANT_TABLE *grant_table; GRANT_TABLE *grant_table;
if (!Str->host.str)
{
Str->host.str=(char*) "%";
Str->host.length=1;
}
if (Str->host.length > HOSTNAME_LENGTH || if (Str->host.length > HOSTNAME_LENGTH ||
Str->user.length > USERNAME_LENGTH) Str->user.length > USERNAME_LENGTH)
{ {
...@@ -2350,11 +2345,6 @@ int mysql_grant (THD *thd, const char *db, List <LEX_USER> &list, ...@@ -2350,11 +2345,6 @@ int mysql_grant (THD *thd, const char *db, List <LEX_USER> &list,
int result=0; int result=0;
while ((Str = str_list++)) while ((Str = str_list++))
{ {
if (!Str->host.str)
{
Str->host.str=(char*) "%";
Str->host.length=1;
}
if (Str->host.length > HOSTNAME_LENGTH || if (Str->host.length > HOSTNAME_LENGTH ||
Str->user.length > USERNAME_LENGTH) Str->user.length > USERNAME_LENGTH)
{ {
...@@ -2855,11 +2845,6 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user) ...@@ -2855,11 +2845,6 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
send_error(thd, ER_UNKNOWN_COM_ERROR); send_error(thd, ER_UNKNOWN_COM_ERROR);
DBUG_RETURN(-1); DBUG_RETURN(-1);
} }
if (!lex_user->host.str)
{
lex_user->host.str=(char*) "%";
lex_user->host.length=1;
}
if (lex_user->host.length > HOSTNAME_LENGTH || if (lex_user->host.length > HOSTNAME_LENGTH ||
lex_user->user.length > USERNAME_LENGTH) lex_user->user.length > USERNAME_LENGTH)
{ {
...@@ -3202,6 +3187,279 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc) ...@@ -3202,6 +3187,279 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc)
bzero((char*) &uc->user_resources, sizeof(uc->user_resources)); bzero((char*) &uc->user_resources, sizeof(uc->user_resources));
} }
int open_grant_tables(THD *thd, TABLE_LIST *tables)
{
DBUG_ENTER("open_grant_tables");
if (!initialized)
{
send_error(thd, ER_OUT_OF_RESOURCES, ER(ER_OUT_OF_RESOURCES));
DBUG_RETURN(-1);
}
bzero((char*) tables, 4*sizeof(*tables));
tables->alias= tables->real_name= (char*) "user";
(tables+1)->alias= (tables+1)->real_name= (char*) "db";
(tables+2)->alias= (tables+2)->real_name= (char*) "tables_priv";
(tables+3)->alias= (tables+3)->real_name= (char*) "columns_priv";
tables->next= tables+1;
(tables+1)->next= tables+2;
(tables+2)->next= tables+3;
(tables+3)->next= 0;
tables->lock_type= (tables+1)->lock_type=
(tables+2)->lock_type= (tables+3)->lock_type= TL_WRITE;
tables->db= (tables+1)->db= (tables+2)->db= (tables+3)->db=(char*) "mysql";
#ifdef HAVE_REPLICATION
/*
GRANT and REVOKE are applied the slave in/exclusion rules as they are
some kind of updates to the mysql.% tables.
*/
if (thd->slave_thread && table_rules_on && !tables_ok(0, tables))
DBUG_RETURN(1);
#endif
if (open_and_lock_tables(thd, tables))
{ // This should never happen
close_thread_tables(thd);
DBUG_RETURN(-1);
}
DBUG_RETURN(0);
}
ACL_USER *check_acl_user(LEX_USER *user_name,
uint *acl_user_idx)
{
ACL_USER *acl_user= 0;
uint counter;
for (counter= 0 ; counter < acl_users.elements ; counter++)
{
const char *user,*host;
acl_user= dynamic_element(&acl_users, counter, ACL_USER*);
if (!(user=acl_user->user))
user="";
if (!(host=acl_user->host.hostname))
host="%";
if (!strcmp(user_name->user.str,user) &&
!my_strcasecmp(system_charset_info, user_name->host.str, host))
break;
}
if (counter == acl_users.elements)
return 0;
*acl_user_idx= counter;
return acl_user;
}
int mysql_drop_user(THD *thd, List <LEX_USER> &list)
{
uint counter, user_id;
int result;
ACL_USER *acl_user;
ACL_DB *acl_db;
TABLE_LIST tables[4];
DBUG_ENTER("mysql_drop_user");
if ((result= open_grant_tables(thd, tables)))
DBUG_RETURN(result == 1 ? 0 : -1);
rw_wrlock(&LOCK_grant);
VOID(pthread_mutex_lock(&acl_cache->lock));
LEX_USER *user_name;
List_iterator <LEX_USER> user_list(list);
while ((user_name=user_list++))
{
if (!(acl_user= check_acl_user(user_name, &counter)))
{
sql_print_error("DROP USER: Can't drop user: '%s'@'%s'",
user_name->user.str,
user_name->host.str);
result= -1;
continue;
}
if ((acl_user->access & ~0))
{
sql_print_error("DROP USER: Can't drop user: '%s'@'%s'",
user_name->user.str,
user_name->host.str);
result= -1;
continue;
}
user_id= counter;
for (counter= 0 ; counter < acl_dbs.elements ; counter++)
{
const char *user,*host;
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
if (!(user= acl_db->user))
user="";
if (!(host= acl_db->host.hostname))
host="";
if (!strcmp(user_name->user.str,user) &&
!my_strcasecmp(system_charset_info, user_name->host.str, host))
break;
}
if (counter != acl_dbs.elements)
{
sql_print_error("DROP USER: Can't drop user: '%s'@'%s'",
user_name->user.str,
user_name->host.str);
result= -1;
continue;
}
for (counter= 0 ; counter < column_priv_hash.records ; counter++)
{
const char *user,*host;
GRANT_TABLE *grant_table= (GRANT_TABLE*) hash_element(&column_priv_hash,
counter);
if (!(user=grant_table->user))
user="";
if (!(host=grant_table->host))
host="";
if (!strcmp(user_name->user.str,user) &&
!my_strcasecmp(system_charset_info, user_name->host.str, host))
break;
}
if (counter != column_priv_hash.records)
{
sql_print_error("DROP USER: Can't drop user: '%s'@'%s'",
user_name->user.str,
user_name->host.str);
result= -1;
continue;
}
tables[0].table->field[0]->store(user_name->host.str,(uint)
user_name->host.length, system_charset_info);
tables[0].table->field[1]->store(user_name->user.str,(uint)
user_name->user.length, system_charset_info);
if (!tables[0].table->file->index_read_idx(tables[0].table->record[0],0,
(byte*) tables[0].table->field[0]->ptr,0,
HA_READ_KEY_EXACT))
{
int error;
if ((error = tables[0].table->file->delete_row(tables[0].table->record[0])))
{
tables[0].table->file->print_error(error, MYF(0));
tables[0].table->file->index_end();
DBUG_RETURN(-1);
}
delete_dynamic_element(&acl_users, user_id);
}
tables[0].table->file->index_end();
}
err:
VOID(pthread_mutex_unlock(&acl_cache->lock));
rw_unlock(&LOCK_grant);
close_thread_tables(thd);
if (result)
my_error(ER_DROP_USER, MYF(0));
DBUG_RETURN(result);
}
int mysql_revoke_all(THD *thd, List <LEX_USER> &list)
{
uint counter;
int result;
ACL_USER *acl_user; ACL_DB *acl_db;
TABLE_LIST tables[4];
DBUG_ENTER("mysql_revoke_all");
if ((result= open_grant_tables(thd, tables)))
DBUG_RETURN(result == 1 ? 0 : -1);
rw_wrlock(&LOCK_grant);
VOID(pthread_mutex_lock(&acl_cache->lock));
LEX_USER *lex_user;
List_iterator <LEX_USER> user_list(list);
while ((lex_user=user_list++))
{
if (!(acl_user= check_acl_user(lex_user, &counter)))
{
sql_print_error("REVOKE ALL PRIVILEGES, GRANT: User '%s'@'%s' not exists",
lex_user->user.str,
lex_user->host.str);
result= -1;
continue;
}
if (replace_user_table(thd, tables[0].table,
*lex_user, ~0, 1, 0))
{
result= -1;
continue;
}
/* Remove db access privileges */
for (counter= 0 ; counter < acl_dbs.elements ; counter++)
{
const char *user,*host;
acl_db=dynamic_element(&acl_dbs,counter,ACL_DB*);
if (!(user=acl_db->user))
user="";
if (!(host=acl_db->host.hostname))
host="";
if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host))
{
if (replace_db_table(tables[1].table, acl_db->db, *lex_user, ~0, 1))
result= -1;
}
}
/* Remove column access */
for (counter= 0 ; counter < column_priv_hash.records ; counter++)
{
const char *user,*host;
GRANT_TABLE *grant_table= (GRANT_TABLE*) hash_element(&column_priv_hash,
counter);
if (!(user=grant_table->user))
user="";
if (!(host=grant_table->host))
host="";
if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host))
{
if (replace_table_table(thd,grant_table,tables[2].table,*lex_user,
grant_table->db,
grant_table->tname,
~0, 0, 1))
{
result= -1;
continue;
}
if (grant_table->cols)
{
List<LEX_COLUMN> columns;
if (replace_column_table(grant_table,tables[3].table, *lex_user,
columns,
grant_table->db,
grant_table->tname,
~0, 1))
result= -1;
}
}
}
}
VOID(pthread_mutex_unlock(&acl_cache->lock));
rw_unlock(&LOCK_grant);
close_thread_tables(thd);
if (result)
my_error(ER_REVOKE_GRANTS, MYF(0));
DBUG_RETURN(result);
}
/***************************************************************************** /*****************************************************************************
......
...@@ -163,3 +163,5 @@ ulong get_column_grant(THD *thd, TABLE_LIST *table, Field *field); ...@@ -163,3 +163,5 @@ ulong get_column_grant(THD *thd, TABLE_LIST *table, Field *field);
int mysql_show_grants(THD *thd, LEX_USER *user); int mysql_show_grants(THD *thd, LEX_USER *user);
void get_privilege_desc(char *to, uint max_length, ulong access); void get_privilege_desc(char *to, uint max_length, ulong access);
void get_mqh(const char *user, const char *host, USER_CONN *uc); void get_mqh(const char *user, const char *host, USER_CONN *uc);
int mysql_drop_user(THD *thd, List <LEX_USER> &list);
int mysql_revoke_all(THD *thd, List <LEX_USER> &list);
...@@ -71,7 +71,7 @@ enum enum_sql_command { ...@@ -71,7 +71,7 @@ enum enum_sql_command {
SQLCOM_SHOW_BINLOG_EVENTS, SQLCOM_SHOW_NEW_MASTER, SQLCOM_DO, SQLCOM_SHOW_BINLOG_EVENTS, SQLCOM_SHOW_NEW_MASTER, SQLCOM_DO,
SQLCOM_SHOW_WARNS, SQLCOM_EMPTY_QUERY, SQLCOM_SHOW_ERRORS, SQLCOM_SHOW_WARNS, SQLCOM_EMPTY_QUERY, SQLCOM_SHOW_ERRORS,
SQLCOM_SHOW_COLUMN_TYPES, SQLCOM_SHOW_TABLE_TYPES, SQLCOM_SHOW_PRIVILEGES, SQLCOM_SHOW_COLUMN_TYPES, SQLCOM_SHOW_TABLE_TYPES, SQLCOM_SHOW_PRIVILEGES,
SQLCOM_HELP, SQLCOM_HELP, SQLCOM_DROP_USER, SQLCOM_REVOKE_ALL,
/* This should be the last !!! */ /* This should be the last !!! */
SQLCOM_END SQLCOM_END
......
...@@ -2897,6 +2897,38 @@ mysql_execute_command(THD *thd) ...@@ -2897,6 +2897,38 @@ mysql_execute_command(THD *thd)
res= -1; res= -1;
#endif #endif
break; break;
case SQLCOM_DROP_USER:
{
if (check_access(thd, GRANT_ACL,"mysql",0,1))
break;
if (!(res= mysql_drop_user(thd, lex->users_list)))
{
mysql_update_log.write(thd, thd->query, thd->query_length);
if (mysql_bin_log.is_open())
{
Query_log_event qinfo(thd, thd->query, thd->query_length, 0);
mysql_bin_log.write(&qinfo);
}
send_ok(thd);
}
break;
}
case SQLCOM_REVOKE_ALL:
{
if (check_access(thd, GRANT_ACL ,"mysql",0,1))
break;
if (!(res = mysql_revoke_all(thd, lex->users_list)))
{
mysql_update_log.write(thd, thd->query, thd->query_length);
if (mysql_bin_log.is_open())
{
Query_log_event qinfo(thd, thd->query, thd->query_length, 0);
mysql_bin_log.write(&qinfo);
}
send_ok(thd);
}
break;
}
case SQLCOM_REVOKE: case SQLCOM_REVOKE:
case SQLCOM_GRANT: case SQLCOM_GRANT:
{ {
......
...@@ -3215,7 +3215,7 @@ do: DO_SYM ...@@ -3215,7 +3215,7 @@ do: DO_SYM
; ;
/* /*
Drop : delete tables or index Drop : delete tables or index or user
*/ */
drop: drop:
...@@ -3249,7 +3249,16 @@ drop: ...@@ -3249,7 +3249,16 @@ drop:
LEX *lex=Lex; LEX *lex=Lex;
lex->sql_command = SQLCOM_DROP_FUNCTION; lex->sql_command = SQLCOM_DROP_FUNCTION;
lex->udf.name = $3; lex->udf.name = $3;
}; }
| DROP USER
{
LEX *lex=Lex;
lex->sql_command = SQLCOM_DROP_USER;
lex->users_list.empty();
}
user_list
{}
;
table_list: table_list:
...@@ -4177,7 +4186,9 @@ user: ...@@ -4177,7 +4186,9 @@ user:
THD *thd= YYTHD; THD *thd= YYTHD;
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user)))) if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
YYABORT; YYABORT;
$$->user = $1; $$->host.str=NullS; $$->user = $1;
$$->host.str= (char *) "%";
$$->host.length= 1;
} }
| ident_or_text '@' ident_or_text | ident_or_text '@' ident_or_text
{ {
...@@ -4361,6 +4372,7 @@ keyword: ...@@ -4361,6 +4372,7 @@ keyword:
| UDF_SYM {} | UDF_SYM {}
| UNCOMMITTED_SYM {} | UNCOMMITTED_SYM {}
| UNICODE_SYM {} | UNICODE_SYM {}
| USER {}
| USE_FRM {} | USE_FRM {}
| VARIABLES {} | VARIABLES {}
| VALUE_SYM {} | VALUE_SYM {}
...@@ -4632,8 +4644,18 @@ revoke: ...@@ -4632,8 +4644,18 @@ revoke:
lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0; lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
bzero((char*) &lex->mqh, sizeof(lex->mqh)); bzero((char*) &lex->mqh, sizeof(lex->mqh));
} }
revoke_command
{}
;
revoke_command:
grant_privileges ON opt_table FROM user_list grant_privileges ON opt_table FROM user_list
{} {}
|
ALL PRIVILEGES ',' GRANT FROM user_list
{
Lex->sql_command = SQLCOM_REVOKE_ALL;
}
; ;
grant: grant:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment