Commit e5211e0c authored by Sergei Golubchik's avatar Sergei Golubchik

information_schema.applicable_roles.is_grantable column

parent 67985b28
...@@ -71,6 +71,14 @@ Grants for role4 ...@@ -71,6 +71,14 @@ Grants for role4
GRANT USAGE ON *.* TO 'role3' GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4' GRANT USAGE ON *.* TO 'role4'
GRANT role3 TO 'role4' WITH ADMIN OPTION GRANT role3 TO 'role4' WITH ADMIN OPTION
select * from information_schema.applicable_roles;
GRANTEE ROLE_NAME IS_GRANTABLE
role1 role2 NO
role1 role3 YES
role4 role3 YES
root@localhost role1 YES
root@localhost role2 YES
root@localhost role4 YES
grant role2 to role1 with admin option; grant role2 to role1 with admin option;
revoke role1 from foo@localhost; revoke role1 from foo@localhost;
revoke admin option for role3 from role4; revoke admin option for role3 from role4;
...@@ -121,5 +129,13 @@ Grants for role4 ...@@ -121,5 +129,13 @@ Grants for role4
GRANT USAGE ON *.* TO 'role3' GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4' GRANT USAGE ON *.* TO 'role4'
GRANT role3 TO 'role4' GRANT role3 TO 'role4'
select * from information_schema.applicable_roles;
GRANTEE ROLE_NAME IS_GRANTABLE
role1 role2 YES
role1 role3 YES
role4 role3 NO
root@localhost role1 YES
root@localhost role2 YES
root@localhost role4 YES
drop role role1, role2, role3, role4, role5, role6; drop role role1, role2, role3, role4, role5, role6;
drop user foo@localhost; drop user foo@localhost;
...@@ -49,6 +49,8 @@ show grants for foo@localhost; ...@@ -49,6 +49,8 @@ show grants for foo@localhost;
show grants for role1; show grants for role1;
--sorted_result --sorted_result
show grants for role4; show grants for role4;
--sorted_result
select * from information_schema.applicable_roles;
grant role2 to role1 with admin option; grant role2 to role1 with admin option;
revoke role1 from foo@localhost; revoke role1 from foo@localhost;
...@@ -70,6 +72,8 @@ show grants for foo@localhost; ...@@ -70,6 +72,8 @@ show grants for foo@localhost;
show grants for role1; show grants for role1;
--sorted_result --sorted_result
show grants for role4; show grants for role4;
--sorted_result
select * from information_schema.applicable_roles;
######################################## ########################################
# cleanup # cleanup
......
...@@ -7137,6 +7137,23 @@ end: ...@@ -7137,6 +7137,23 @@ end:
DBUG_RETURN(error); DBUG_RETURN(error);
} }
static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_STRING *u,
const LEX_STRING *h,
const LEX_STRING *r)
{
char buf[1024];
String pair_key(buf, sizeof(buf), &my_charset_bin);
size_t key_length= u->length + h->length + r->length + 3;
pair_key.alloc(key_length);
strmov(strmov(strmov(const_cast<char*>(pair_key.ptr()),
u->str) + 1, h->str) + 1, r->str);
return (ROLE_GRANT_PAIR *)
my_hash_search(&acl_roles_mappings, (uchar*)pair_key.ptr(), key_length);
}
static bool show_role_grants(THD *thd, static bool show_role_grants(THD *thd,
const char *username, const char *username,
const char *hostname, const char *hostname,
...@@ -7145,9 +7162,7 @@ static bool show_role_grants(THD *thd, ...@@ -7145,9 +7162,7 @@ static bool show_role_grants(THD *thd,
{ {
uint counter; uint counter;
Protocol *protocol= thd->protocol; Protocol *protocol= thd->protocol;
uint hostname_length = strlen(hostname); LEX_STRING host= {const_cast<char*>(hostname), strlen(hostname)};
char buf[1024];
String pair_key(buf, sizeof(buf), system_charset_info);
String grant(buff,sizeof(buff),system_charset_info); String grant(buff,sizeof(buff),system_charset_info);
for (counter= 0; counter < acl_entry->role_grants.elements; counter++) for (counter= 0; counter < acl_entry->role_grants.elements; counter++)
...@@ -7164,20 +7179,12 @@ static bool show_role_grants(THD *thd, ...@@ -7164,20 +7179,12 @@ static bool show_role_grants(THD *thd,
if (!(acl_entry->flags & IS_ROLE)) if (!(acl_entry->flags & IS_ROLE))
{ {
grant.append(STRING_WITH_LEN("'@'")); grant.append(STRING_WITH_LEN("'@'"));
grant.append(hostname, hostname_length, grant.append(&host);
system_charset_info);
} }
grant.append('\''); grant.append('\'');
size_t key_length= acl_entry->user.length + hostname_length +
acl_role->user.length + 3;
pair_key.alloc(key_length);
strmov(strmov(strmov(const_cast<char*>(pair_key.ptr()),
acl_entry->user.str) + 1, hostname) + 1, acl_role->user.str);
ROLE_GRANT_PAIR *pair= ROLE_GRANT_PAIR *pair=
(ROLE_GRANT_PAIR *)my_hash_search(&acl_roles_mappings, find_role_grant_pair(&acl_entry->user, &host, &acl_role->user);
(uchar*)pair_key.ptr(), key_length);
DBUG_ASSERT(pair); DBUG_ASSERT(pair);
if (pair->with_admin) if (pair->with_admin)
...@@ -9764,20 +9771,23 @@ fill_schema_enabled_roles_insert(ACL_ROLE *unused __attribute__((unused)), ...@@ -9764,20 +9771,23 @@ fill_schema_enabled_roles_insert(ACL_ROLE *unused __attribute__((unused)),
/*return*/ schema_table_store_record(table->in_use, table); /*return*/ schema_table_store_record(table->in_use, table);
} }
static int fill_schema_applicable_roles_insert_data(ACL_USER_BASE *grantee, static int fill_schema_applicable_roles_insert_data(ACL_USER_BASE *,
LEX_STRING *name, TABLE *table); const LEX_STRING *, const LEX_STRING *, TABLE *);
static void static void
fill_schema_applicable_roles_insert(ACL_ROLE *unused __attribute__((unused)), fill_schema_applicable_roles_insert(ACL_ROLE *unused __attribute__((unused)),
ACL_ROLE *role, void *context_data) ACL_ROLE *role, void *context_data)
{ {
/*return*/ fill_schema_applicable_roles_insert_data(role, &role->user, /*return*/ fill_schema_applicable_roles_insert_data(role, &empty_lex_str,
&role->user,
(TABLE*)context_data); (TABLE*)context_data);
} }
static int static int
fill_schema_applicable_roles_insert_data(ACL_USER_BASE *grantee, fill_schema_applicable_roles_insert_data(ACL_USER_BASE *grantee,
LEX_STRING *name, TABLE *table) const LEX_STRING *host,
const LEX_STRING *used_and_host,
TABLE *table)
{ {
CHARSET_INFO *cs= system_charset_info; CHARSET_INFO *cs= system_charset_info;
...@@ -9785,9 +9795,17 @@ fill_schema_applicable_roles_insert_data(ACL_USER_BASE *grantee, ...@@ -9785,9 +9795,17 @@ fill_schema_applicable_roles_insert_data(ACL_USER_BASE *grantee,
{ {
ACL_ROLE *role= *(dynamic_element(&grantee->role_grants, i, ACL_ROLE**)); ACL_ROLE *role= *(dynamic_element(&grantee->role_grants, i, ACL_ROLE**));
restore_record(table, s->default_values); restore_record(table, s->default_values);
table->field[0]->store(name->str, name->length, cs); table->field[0]->store(used_and_host->str, used_and_host->length, cs);
table->field[1]->store(role->user.str, role->user.length, cs); table->field[1]->store(role->user.str, role->user.length, cs);
table->field[2]->store(STRING_WITH_LEN("YES"), cs); // TODO FIXME
ROLE_GRANT_PAIR *pair=
find_role_grant_pair(&grantee->user, host, &role->user);
DBUG_ASSERT(pair);
if (pair->with_admin)
table->field[2]->store(STRING_WITH_LEN("YES"), cs);
else
table->field[2]->store(STRING_WITH_LEN("NO"), cs);
if (schema_table_store_record(table->in_use, table)) if (schema_table_store_record(table->in_use, table))
return 1; return 1;
if (! (grantee->flags & IS_ROLE)) if (! (grantee->flags & IS_ROLE))
...@@ -9841,9 +9859,10 @@ int fill_schema_applicable_roles(THD *thd, TABLE_LIST *tables, COND *cond) ...@@ -9841,9 +9859,10 @@ int fill_schema_applicable_roles(THD *thd, TABLE_LIST *tables, COND *cond)
char buff[USER_HOST_BUFF_SIZE+10]; char buff[USER_HOST_BUFF_SIZE+10];
DBUG_ASSERT(user->user.length + user->hostname_length +2 < sizeof(buff)); DBUG_ASSERT(user->user.length + user->hostname_length +2 < sizeof(buff));
char *end= strxmov(buff, user->user.str, "@", user->host.hostname, NULL); char *end= strxmov(buff, user->user.str, "@", user->host.hostname, NULL);
LEX_STRING host= { user->host.hostname, user->hostname_length };
LEX_STRING name= { buff, (size_t)(end - buff) }; LEX_STRING name= { buff, (size_t)(end - buff) };
int res= fill_schema_applicable_roles_insert_data(user, &name, table); int res= fill_schema_applicable_roles_insert_data(user, &host, &name, table);
mysql_mutex_unlock(&acl_cache->lock); mysql_mutex_unlock(&acl_cache->lock);
mysql_rwlock_unlock(&LOCK_grant); mysql_rwlock_unlock(&LOCK_grant);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment