Commit 4a5ca0bc authored by unknown's avatar unknown

Make GRANTs, which change SSL attributes and/or user limits,

to behave well on 5.0 tables (well now you can't use tables from 4.1
and 5.0 with 4.0 because former use utf8, but still it is nice to have
similar code in acl_init() and replace_user_table()).
This also will make such GRANTs working in 5.0 (they are broken now).


mysql-test/r/grant.result:
  Added test for GRANT which manipulates user limits.
mysql-test/t/grant.test:
  Added test for GRANT which manipulates user limits.
parent e6dfed9f
...@@ -36,6 +36,28 @@ Grants for mysqltest_1@localhost ...@@ -36,6 +36,28 @@ Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA' GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
delete from mysql.user where user='mysqltest_1'; delete from mysql.user where user='mysqltest_1';
flush privileges; flush privileges;
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;
select * from mysql.user where user="mysqltest_1";
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 10 0 0
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;
select * from mysql.user where user="mysqltest_1";
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 10 20 30
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30
flush privileges;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost; grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost; show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost Grants for mysqltest_1@localhost
......
...@@ -27,6 +27,23 @@ show grants for mysqltest_1@localhost; ...@@ -27,6 +27,23 @@ show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1'; delete from mysql.user where user='mysqltest_1';
flush privileges; flush privileges;
#
# Test of GRANTS specifying user limits
#
delete from mysql.user where user='mysqltest_1';
flush privileges;
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;
select * from mysql.user where user="mysqltest_1";
show grants for mysqltest_1@localhost;
# This is just to double check that one won't ignore results of selects
flush privileges;
show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
flush privileges;
# #
# Test that the new db privileges are stored/retrieved correctly # Test that the new db privileges are stored/retrieved correctly
# #
......
...@@ -1403,6 +1403,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, ...@@ -1403,6 +1403,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
Field **tmp_field; Field **tmp_field;
ulong priv; ulong priv;
uint next_field;
for (tmp_field= table->field+3, priv = SELECT_ACL; for (tmp_field= table->field+3, priv = SELECT_ACL;
*tmp_field && (*tmp_field)->real_type() == FIELD_TYPE_ENUM && *tmp_field && (*tmp_field)->real_type() == FIELD_TYPE_ENUM &&
((Field_enum*) (*tmp_field))->typelib->count == 2 ; ((Field_enum*) (*tmp_field))->typelib->count == 2 ;
...@@ -1411,56 +1412,59 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, ...@@ -1411,56 +1412,59 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
if (priv & rights) // set requested privileges if (priv & rights) // set requested privileges
(*tmp_field)->store(&what,1); (*tmp_field)->store(&what,1);
} }
rights=get_access(table,3,0); rights= get_access(table, 3, &next_field);
DBUG_PRINT("info",("table->fields: %d",table->fields)); DBUG_PRINT("info",("table->fields: %d",table->fields));
if (table->fields >= 31) /* From 4.0.0 we have more fields */ if (table->fields >= 31) /* From 4.0.0 we have more fields */
{ {
/* We write down SSL related ACL stuff */ /* We write down SSL related ACL stuff */
switch (thd->lex.ssl_type) { switch (thd->lex.ssl_type) {
case SSL_TYPE_ANY: case SSL_TYPE_ANY:
table->field[24]->store("ANY",3); table->field[next_field]->store("ANY", 3);
table->field[25]->store("",0); table->field[next_field+1]->store("", 0);
table->field[26]->store("",0); table->field[next_field+2]->store("", 0);
table->field[27]->store("",0); table->field[next_field+3]->store("", 0);
break; break;
case SSL_TYPE_X509: case SSL_TYPE_X509:
table->field[24]->store("X509",4); table->field[next_field]->store("X509", 4);
table->field[25]->store("",0); table->field[next_field+1]->store("", 0);
table->field[26]->store("",0); table->field[next_field+2]->store("", 0);
table->field[27]->store("",0); table->field[next_field+3]->store("", 0);
break; break;
case SSL_TYPE_SPECIFIED: case SSL_TYPE_SPECIFIED:
table->field[24]->store("SPECIFIED",9); table->field[next_field]->store("SPECIFIED", 9);
table->field[25]->store("",0); table->field[next_field+1]->store("", 0);
table->field[26]->store("",0); table->field[next_field+2]->store("", 0);
table->field[27]->store("",0); table->field[next_field+3]->store("", 0);
if (thd->lex.ssl_cipher) if (thd->lex.ssl_cipher)
table->field[25]->store(thd->lex.ssl_cipher, table->field[next_field+1]->store(thd->lex.ssl_cipher,
strlen(thd->lex.ssl_cipher)); strlen(thd->lex.ssl_cipher));
if (thd->lex.x509_issuer) if (thd->lex.x509_issuer)
table->field[26]->store(thd->lex.x509_issuer, table->field[next_field+2]->store(thd->lex.x509_issuer,
strlen(thd->lex.x509_issuer)); strlen(thd->lex.x509_issuer));
if (thd->lex.x509_subject) if (thd->lex.x509_subject)
table->field[27]->store(thd->lex.x509_subject, table->field[next_field+3]->store(thd->lex.x509_subject,
strlen(thd->lex.x509_subject)); strlen(thd->lex.x509_subject));
break; break;
case SSL_TYPE_NOT_SPECIFIED: case SSL_TYPE_NOT_SPECIFIED:
break; break;
case SSL_TYPE_NONE: case SSL_TYPE_NONE:
table->field[24]->store("",0); table->field[next_field]->store("", 0);
table->field[25]->store("",0); table->field[next_field+1]->store("", 0);
table->field[26]->store("",0); table->field[next_field+2]->store("", 0);
table->field[27]->store("",0); table->field[next_field+3]->store("", 0);
break; break;
} }
/* Skip over SSL related fields to first user limits related field */
next_field+= 4;
USER_RESOURCES mqh = thd->lex.mqh; USER_RESOURCES mqh = thd->lex.mqh;
if (mqh.bits & 1) if (mqh.bits & 1)
table->field[28]->store((longlong) mqh.questions); table->field[next_field]->store((longlong) mqh.questions);
if (mqh.bits & 2) if (mqh.bits & 2)
table->field[29]->store((longlong) mqh.updates); table->field[next_field+1]->store((longlong) mqh.updates);
if (mqh.bits & 4) if (mqh.bits & 4)
table->field[30]->store((longlong) mqh.connections); table->field[next_field+2]->store((longlong) mqh.connections);
mqh_used = mqh_used || mqh.questions || mqh.updates || mqh.connections; mqh_used = mqh_used || mqh.questions || mqh.updates || mqh.connections;
} }
if (old_row_exists) if (old_row_exists)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment