Commit ce4851c3 authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Reworked the implementation of create role and drop role.

Also fixed issue with drop role not clearing internal memory entry
for that role. The issue was due to a condition introduced in handle_grant_data

Updated testsuite to also check the possible error conditions.
parent db850c52
use mysql; use mysql;
create role test_role1@host1;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '@host1' at line 1
create role test_role2@host2, test_role1@host1;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '@host2, test_role1@host1' at line 1
create role test_role1; create role test_role1;
create role test_role2, test_role3; create role test_role2, test_role3;
select user, host, is_role from user where user like 'test'; select user, host, is_role from user where user like 'test%';
user host is_role user host is_role
test_role1 Y
test_role2 Y
test_role3 Y
drop role test_role1; drop role test_role1;
drop role test_role2, test_role3; drop role test_role2, test_role3;
create role test_role1; create role test_role1;
...@@ -10,12 +17,20 @@ create role test_role1; ...@@ -10,12 +17,20 @@ create role test_role1;
ERROR HY000: Operation CREATE ROLE failed for 'test_role1' ERROR HY000: Operation CREATE ROLE failed for 'test_role1'
create role test_role1, test_role2; create role test_role1, test_role2;
ERROR HY000: Operation CREATE ROLE failed for 'test_role1' ERROR HY000: Operation CREATE ROLE failed for 'test_role1'
select user, host, is_role from user where user like 'test'; select user, host, is_role from user where user like 'test%';
user host is_role user host is_role
test_role1 Y
test_role2 Y
drop role test_role1; drop role test_role1;
drop role test_role1; drop role test_role1;
ERROR HY000: Operation DROP ROLE failed for 'test_role1' ERROR HY000: Operation DROP ROLE failed for 'test_role1'
drop role test_role1, test_role2; drop role test_role1, test_role2;
ERROR HY000: Operation DROP ROLE failed for 'test_role1' ERROR HY000: Operation DROP ROLE failed for 'test_role1'
select user, host, is_role from user where user like 'test'; drop role root;
ERROR HY000: Operation DROP ROLE failed for 'root'
create user dummy@'';
drop role dummy;
ERROR HY000: Operation DROP ROLE failed for 'dummy'
drop user dummy@'';
select user, host, is_role from user where user like 'test%';
user host is_role user host is_role
connect (mysql, localhost, root,,); connect (mysql, localhost, root,,);
use mysql; use mysql;
#test valid syntax
--error ER_PARSE_ERROR
create role test_role1@host1;
--error ER_PARSE_ERROR
create role test_role2@host2, test_role1@host1;
create role test_role1; create role test_role1;
create role test_role2, test_role3; create role test_role2, test_role3;
--sorted_result --sorted_result
select user, host, is_role from user where user like 'test'; select user, host, is_role from user where user like 'test%';
drop role test_role1; drop role test_role1;
drop role test_role2, test_role3; drop role test_role2, test_role3;
...@@ -18,7 +24,7 @@ create role test_role1; ...@@ -18,7 +24,7 @@ create role test_role1;
create role test_role1, test_role2; create role test_role1, test_role2;
--sorted_result --sorted_result
select user, host, is_role from user where user like 'test'; select user, host, is_role from user where user like 'test%';
drop role test_role1; drop role test_role1;
--error ER_CANNOT_USER --error ER_CANNOT_USER
...@@ -26,6 +32,14 @@ drop role test_role1; ...@@ -26,6 +32,14 @@ drop role test_role1;
--error ER_CANNOT_USER --error ER_CANNOT_USER
drop role test_role1, test_role2; drop role test_role1, test_role2;
#test that we can not drop users when calling drop role
--error ER_CANNOT_USER
drop role root;
create user dummy@'';
--error ER_CANNOT_USER
drop role dummy;
drop user dummy@'';
--sorted_result --sorted_result
select user, host, is_role from user where user like 'test'; select user, host, is_role from user where user like 'test%';
disconnect mysql; disconnect mysql;
...@@ -6572,5 +6572,3 @@ ER_INVALID_CURRENT_USER ...@@ -6572,5 +6572,3 @@ ER_INVALID_CURRENT_USER
ER_INVALID_ROLE_COMMAND ER_INVALID_ROLE_COMMAND
eng "Unable to execute role related command. The user table is in invalid format." eng "Unable to execute role related command. The user table is in invalid format."
rum "Comanda asupra rolurilor nu poate fi executate. Tabelul "user" este in format invalid." rum "Comanda asupra rolurilor nu poate fi executate. Tabelul "user" este in format invalid."
ER_ROLE_AS_USER
eng "The role '%s' is marked as a user '%s'@''
This diff is collapsed.
...@@ -230,12 +230,10 @@ ulong get_column_grant(THD *thd, GRANT_INFO *grant, ...@@ -230,12 +230,10 @@ ulong get_column_grant(THD *thd, GRANT_INFO *grant,
bool mysql_show_grants(THD *thd, LEX_USER *user); bool mysql_show_grants(THD *thd, LEX_USER *user);
void get_privilege_desc(char *to, uint max_length, ulong access); void get_privilege_desc(char *to, uint max_length, ulong access);
void get_mqh(const char *user, const char *host, USER_CONN *uc); void get_mqh(const char *user, const char *host, USER_CONN *uc);
bool mysql_create_user(THD *thd, List <LEX_USER> &list); bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role);
bool mysql_drop_user(THD *thd, List <LEX_USER> &list); bool mysql_drop_user(THD *thd, List <LEX_USER> &list, bool handle_as_role);
bool mysql_rename_user(THD *thd, List <LEX_USER> &list); bool mysql_rename_user(THD *thd, List <LEX_USER> &list);
bool mysql_revoke_all(THD *thd, List <LEX_USER> &list); bool mysql_revoke_all(THD *thd, List <LEX_USER> &list);
bool mysql_create_role(THD *thd, List <LEX_USER> &list);
bool mysql_drop_role(THD *thd, List <LEX_USER> &list);
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
const char *db, const char *table); const char *db, const char *table);
bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
......
...@@ -3728,22 +3728,26 @@ end_with_restore_list: ...@@ -3728,22 +3728,26 @@ end_with_restore_list:
} }
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
case SQLCOM_CREATE_USER: case SQLCOM_CREATE_USER:
case SQLCOM_CREATE_ROLE:
{ {
if (check_access(thd, INSERT_ACL, "mysql", NULL, NULL, 1, 1) && if (check_access(thd, INSERT_ACL, "mysql", NULL, NULL, 1, 1) &&
check_global_access(thd,CREATE_USER_ACL)) check_global_access(thd,CREATE_USER_ACL))
break; break;
/* Conditionally writes to binlog */ /* Conditionally writes to binlog */
if (!(res= mysql_create_user(thd, lex->users_list))) if (!(res= mysql_create_user(thd, lex->users_list,
lex->sql_command == SQLCOM_CREATE_ROLE)))
my_ok(thd); my_ok(thd);
break; break;
} }
case SQLCOM_DROP_USER: case SQLCOM_DROP_USER:
case SQLCOM_DROP_ROLE:
{ {
if (check_access(thd, DELETE_ACL, "mysql", NULL, NULL, 1, 1) && if (check_access(thd, DELETE_ACL, "mysql", NULL, NULL, 1, 1) &&
check_global_access(thd,CREATE_USER_ACL)) check_global_access(thd,CREATE_USER_ACL))
break; break;
/* Conditionally writes to binlog */ /* Conditionally writes to binlog */
if (!(res= mysql_drop_user(thd, lex->users_list))) if (!(res= mysql_drop_user(thd, lex->users_list,
lex->sql_command == SQLCOM_DROP_ROLE)))
my_ok(thd); my_ok(thd);
break; break;
} }
...@@ -3757,26 +3761,6 @@ end_with_restore_list: ...@@ -3757,26 +3761,6 @@ end_with_restore_list:
my_ok(thd); my_ok(thd);
break; break;
} }
case SQLCOM_CREATE_ROLE:
{
if (check_access(thd, INSERT_ACL, "mysql", NULL, NULL, 1, 1) &&
check_global_access(thd,CREATE_USER_ACL))
break;
/* Conditionally writes to binlog */
if (!(res= mysql_create_role(thd, lex->users_list)))
my_ok(thd);
break;
}
case SQLCOM_DROP_ROLE:
{
if (check_access(thd, DELETE_ACL, "mysql", NULL, NULL, 1, 1) &&
check_global_access(thd,CREATE_USER_ACL))
break;
/* Conditionally writes to binlog */
if (!(res= mysql_drop_role(thd, lex->users_list)))
my_ok(thd);
break;
}
case SQLCOM_REVOKE_ALL: case SQLCOM_REVOKE_ALL:
{ {
if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 1) && if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 1) &&
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment