Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
55d8ff0d
Commit
55d8ff0d
authored
Jul 04, 2019
by
Anel Husakovic
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MDEV-19948 `SHOW GRANTS FOR user` return privileges individually
parent
0d99ccea
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
123 additions
and
40 deletions
+123
-40
mysql-test/main/grant.result
mysql-test/main/grant.result
+31
-0
mysql-test/main/grant.test
mysql-test/main/grant.test
+37
-0
sql/sql_acl.cc
sql/sql_acl.cc
+55
-40
No files found.
mysql-test/main/grant.result
View file @
55d8ff0d
...
...
@@ -2760,3 +2760,34 @@ DROP USER dummy@localhost;
#
# End of 10.2 tests
#
#
# Start of 10.3 tests
#
#
# MDEV-19948 'show grants' return privileges individually
#
SET @had_user_delete_history_priv := 0;
SELECT @had_user_delete_history_priv :=1 FROM mysql.user WHERE Delete_history_priv LIKE '%';
@had_user_delete_history_priv :=1
1
1
1
1
ALTER TABLE mysql.user DROP COLUMN Delete_history_priv;
FLUSH PRIVILEGES;
CREATE USER ten2;
GRANT ALL ON *.* TO ten2;
SHOW GRANTS FOR ten2;
Grants for ten2@%
GRANT ALL PRIVILEGES ON *.* TO 'ten2'@'%'
FLUSH PRIVILEGES;
SHOW GRANTS FOR ten2;
Grants for ten2@%
GRANT ALL PRIVILEGES ON *.* TO 'ten2'@'%'
DROP USER ten2;
ALTER TABLE mysql.user ADD Delete_history_priv enum('N','Y') COLLATE utf8_general_ci NOT NULL DEFAULT 'N' after Create_tablespace_priv;
UPDATE mysql.user SET Delete_history_priv = Super_priv WHERE @had_user_delete_history_priv = 1;
FLUSH PRIVILEGES;
#
# End of 10.3 tests
#
mysql-test/main/grant.test
View file @
55d8ff0d
...
...
@@ -2258,3 +2258,40 @@ DROP USER dummy@localhost;
--
echo
#
--
echo
# End of 10.2 tests
--
echo
#
--
echo
#
--
echo
# Start of 10.3 tests
--
echo
#
--
echo
#
--
echo
# MDEV-19948 'show grants' return privileges individually
--
echo
#
# Let's cheat server that we are using `10.2` user table
# which doesn't have `Delete_history_priv` column
SET
@
had_user_delete_history_priv
:=
0
;
SELECT
@
had_user_delete_history_priv
:=
1
FROM
mysql
.
user
WHERE
Delete_history_priv
LIKE
'%'
;
ALTER
TABLE
mysql
.
user
DROP
COLUMN
Delete_history_priv
;
FLUSH
PRIVILEGES
;
CREATE
USER
ten2
;
GRANT
ALL
ON
*.*
TO
ten2
;
# Without any patching, this should show a lot of privileges,
# but without delete history. With patch it is showing `all privileges`
SHOW
GRANTS
FOR
ten2
;
FLUSH
PRIVILEGES
;
# Now should show `all privileges` with/without patch
SHOW
GRANTS
FOR
ten2
;
DROP
USER
ten2
;
# Restore original table (similar to `mysql_upgrade`)
ALTER
TABLE
mysql
.
user
ADD
Delete_history_priv
enum
(
'N'
,
'Y'
)
COLLATE
utf8_general_ci
NOT
NULL
DEFAULT
'N'
after
Create_tablespace_priv
;
UPDATE
mysql
.
user
SET
Delete_history_priv
=
Super_priv
WHERE
@
had_user_delete_history_priv
=
1
;
FLUSH
PRIVILEGES
;
--
echo
#
--
echo
# End of 10.3 tests
--
echo
#
sql/sql_acl.cc
View file @
55d8ff0d
...
...
@@ -907,6 +907,60 @@ class User_table: public Grant_table_base
}
ulong
get_access
()
const
{
ulong
access
=
Grant_table_base
::
get_access
();
if
((
num_fields
()
<=
13
)
&&
(
access
&
CREATE_ACL
))
access
|=
REFERENCES_ACL
|
INDEX_ACL
|
ALTER_ACL
;
if
(
num_fields
()
<=
18
)
{
access
|=
LOCK_TABLES_ACL
|
CREATE_TMP_ACL
|
SHOW_DB_ACL
;
if
(
access
&
FILE_ACL
)
access
|=
REPL_CLIENT_ACL
|
REPL_SLAVE_ACL
;
if
(
access
&
PROCESS_ACL
)
access
|=
SUPER_ACL
|
EXECUTE_ACL
;
}
/*
If it is pre 5.0.1 privilege table then map CREATE privilege on
CREATE VIEW & SHOW VIEW privileges.
*/
if
(
num_fields
()
<=
31
&&
(
access
&
CREATE_ACL
))
access
|=
(
CREATE_VIEW_ACL
|
SHOW_VIEW_ACL
);
/*
If it is pre 5.0.2 privilege table then map CREATE/ALTER privilege on
CREATE PROCEDURE & ALTER PROCEDURE privileges.
*/
if
(
num_fields
()
<=
33
)
{
if
(
access
&
CREATE_ACL
)
access
|=
CREATE_PROC_ACL
;
if
(
access
&
ALTER_ACL
)
access
|=
ALTER_PROC_ACL
;
}
/*
Pre 5.0.3 did not have CREATE_USER_ACL.
*/
if
(
num_fields
()
<=
36
&&
(
access
&
GRANT_ACL
))
access
|=
CREATE_USER_ACL
;
/*
If it is pre 5.1.6 privilege table then map CREATE privilege on
CREATE|ALTER|DROP|EXECUTE EVENT.
*/
if
(
num_fields
()
<=
37
&&
(
access
&
SUPER_ACL
))
access
|=
EVENT_ACL
;
/*
If it is pre 5.1.6 privilege then map TRIGGER privilege on CREATE.
*/
if
(
num_fields
()
<=
38
&&
(
access
&
SUPER_ACL
))
access
|=
TRIGGER_ACL
;
if
(
num_fields
()
<=
46
&&
(
access
&
DELETE_ACL
))
access
|=
DELETE_HISTORY_ACL
;
return
access
&
GLOBAL_ACLS
;
}
private:
friend
class
Grant_tables
;
...
...
@@ -1870,46 +1924,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
continue
;
{
user
.
access
=
user_table
.
get_access
()
&
GLOBAL_ACLS
;
/*
if it is pre 5.0.1 privilege table then map CREATE privilege on
CREATE VIEW & SHOW VIEW privileges
*/
if
(
user_table
.
num_fields
()
<=
31
&&
(
user
.
access
&
CREATE_ACL
))
user
.
access
|=
(
CREATE_VIEW_ACL
|
SHOW_VIEW_ACL
);
/*
if it is pre 5.0.2 privilege table then map CREATE/ALTER privilege on
CREATE PROCEDURE & ALTER PROCEDURE privileges
*/
if
(
user_table
.
num_fields
()
<=
33
&&
(
user
.
access
&
CREATE_ACL
))
user
.
access
|=
CREATE_PROC_ACL
;
if
(
user_table
.
num_fields
()
<=
33
&&
(
user
.
access
&
ALTER_ACL
))
user
.
access
|=
ALTER_PROC_ACL
;
/*
pre 5.0.3 did not have CREATE_USER_ACL
*/
if
(
user_table
.
num_fields
()
<=
36
&&
(
user
.
access
&
GRANT_ACL
))
user
.
access
|=
CREATE_USER_ACL
;
/*
if it is pre 5.1.6 privilege table then map CREATE privilege on
CREATE|ALTER|DROP|EXECUTE EVENT
*/
if
(
user_table
.
num_fields
()
<=
37
&&
(
user
.
access
&
SUPER_ACL
))
user
.
access
|=
EVENT_ACL
;
/*
if it is pre 5.1.6 privilege then map TRIGGER privilege on CREATE.
*/
if
(
user_table
.
num_fields
()
<=
38
&&
(
user
.
access
&
SUPER_ACL
))
user
.
access
|=
TRIGGER_ACL
;
if
(
user_table
.
num_fields
()
<=
46
&&
(
user
.
access
&
DELETE_ACL
))
user
.
access
|=
DELETE_HISTORY_ACL
;
user
.
access
=
user_table
.
get_access
();
user
.
sort
=
get_sort
(
2
,
user
.
host
.
hostname
,
user
.
user
.
str
);
user
.
hostname_length
=
safe_strlen
(
user
.
host
.
hostname
);
user
.
user_resource
.
user_conn
=
0
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment