[MDEV-7978] Implement alter user and tested create user

Implemented the alter user syntax. Also tested that create user creates users accordingly.

[MDEV-7978] Implement alter user and tested create user
Implemented the alter user syntax. Also tested that create user creates users accordingly.
a701e9e6 · Vicențiu Ciorbaru · Daniel Black · c1698386 · a701e9e6 · a701e9e6
Commit a701e9e6 authored Jan 18, 2016 by Vicențiu Ciorbaru Committed by Daniel Black Sep 20, 2020
6 changed files
--- a/mysql-test/r/alter_user.result
+++ b/mysql-test/r/alter_user.result
--- a/mysql-test/r/create_user.result
+++ b/mysql-test/r/create_user.result
--- a/mysql-test/t/alter_user.test
+++ b/mysql-test/t/alter_user.test
+--source include/not_embedded.inc
+--enable_connect_log
+
+
+select * from mysql.user where user = 'root' and host = 'localhost';
+--echo # Test syntax
+--echo #
+--echo # These 2 selects should have no changes from the first one.
+alter user CURRENT_USER;
+select * from mysql.user where user = 'root' and host = 'localhost';
+alter user CURRENT_USER();
+select * from mysql.user where user = 'root' and host = 'localhost';
+
+create user foo;
+select * from mysql.user where user = 'foo';
+alter user foo;
+select * from mysql.user where user = 'foo';
+
+--echo # Test super privilege works correctly with a read only database.
+SET @start_read_only = @@global.read_only;
+SET GLOBAL read_only=1;
+grant create user on *.* to foo;
+
+--echo # Currently no super privileges.
+connect (a, localhost, foo);
+select @@global.read_only;
+
+--error ER_OPTION_PREVENTS_STATEMENT
+alter user foo;
+
+--echo # Grant super privilege to the user.
+connection default;
+grant super on *.* to foo;
+
+--echo # We now have super privilege. We should be able to run alter user.
+connect (b, localhost, foo);
+alter user foo;
+
+connection default;
+SET GLOBAL read_only = @start_read_only;
+
+--echo # Test inexistant user.
+--error ER_CANNOT_USER
+alter user boo;
+--echo #--warning ER_CANNOT_USER
+alter if exists user boo;
+
+--echo # Test SSL related altering.
+alter user foo identified by 'something';
+select * from mysql.user where user = 'foo';
+
+alter user foo identified by 'something2';
+select * from mysql.user where user = 'foo';
+
+alter user foo identified by password '*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63';
+select * from mysql.user where user = 'foo';
+
+alter user foo identified with 'somecoolplugin';
+select * from mysql.user where user = 'foo';
+
+alter user foo identified with 'somecoolplugin' using 'somecoolpassphrase';
+select * from mysql.user where user = 'foo';
+
+--echo # Test resource limits altering.
+alter user foo with MAX_QUERIES_PER_HOUR 10
+                    MAX_UPDATES_PER_HOUR 20
+                    MAX_CONNECTIONS_PER_HOUR 30
+                    MAX_USER_CONNECTIONS 40;
+select * from mysql.user where user = 'foo';
+drop user foo;
+--disable_connect_log
--- a/mysql-test/t/create_user.test
+++ b/mysql-test/t/create_user.test
+--source include/not_embedded.inc
+
+create user foo;
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo identified by 'password';
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo identified by 'password' require SSL;
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo identified by 'password' require X509;
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo identified by 'password' require CIPHER 'cipher';
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo identified by 'password' require ISSUER 'issuer';
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo identified by 'password' require SUBJECT 'subject';
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo identified by 'password' require CIPHER 'cipher'
+                                                   SUBJECT 'subject';
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo identified by 'password' require CIPHER 'cipher' 
+                                                   AND SUBJECT 'subject'
+                                                   AND ISSUER 'issuer';
+select * from mysql.user where user = 'foo';
+drop user foo;
+
+create user foo, foo2 identified by 'password' require CIPHER 'cipher' 
+                                                   AND SUBJECT 'subject'
+                                                   AND ISSUER 'issuer';
+select * from mysql.user where user like 'foo';
+
+--echo #--warning ER_USER_CREATE_EXISTS
+create user if not exists foo, foo2 identified by 'password2'
+    require CIPHER 'cipher2' AND SUBJECT 'subject2' AND ISSUER 'issuer2';
+select * from mysql.user where user like 'foo';
+drop user foo, foo2;
+
+create user foo with MAX_QUERIES_PER_HOUR 10
+                     MAX_UPDATES_PER_HOUR 20
+                     MAX_CONNECTIONS_PER_HOUR 30
+                     MAX_USER_CONNECTIONS 40;
+select * from mysql.user where user like 'foo';
+drop user foo;
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -9851,13 +9851,60 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
  RETURN
    > 0         Error. Error message already sent.
    0           OK.
-    < 0         Error. Error message not yet sent.
 */
 int mysql_alter_user(THD* thd, List<LEX_USER> &users_list)
 {
  DBUG_ENTER("mysql_alter_user");
  int result= 0;
-  // TODO implement the alter user logic.
+  TABLE_LIST tables[TABLES_MAX];
+  String wrong_users;
+  // The only table we're altering is the user table.
+  if ((result= open_grant_tables(thd, tables, TL_WRITE, Table_user)))
+    DBUG_RETURN(result);
+
+  // Lock ACL data structures until we finish altering all users.
+  mysql_rwlock_wrlock(&LOCK_grant);
+  mysql_mutex_lock(&acl_cache->lock);
+
+  LEX_USER *tmp_lex_user;
+  List_iterator<LEX_USER> users_list_iterator(users_list);
+  while ((tmp_lex_user= users_list_iterator++))
+  {
+    LEX_USER* lex_user= get_current_user(thd, tmp_lex_user, false);
+    if (!lex_user ||
+        fix_lex_user(thd, lex_user) ||
+        replace_user_table(thd, tables[USER_TABLE].table, *lex_user,0,
+                           false, false, true))
+    {
+      thd->clear_error();
+      append_user(thd, &wrong_users, tmp_lex_user);
+      result= TRUE;
+      continue;
+    }
+  }
+
+  // Unlock ACL data structures.
+  mysql_mutex_unlock(&acl_cache->lock);
+  mysql_rwlock_unlock(&LOCK_grant);
+
+  if (result)
+  {
+    // 'if exists' flag leads to warnings instead of errors.
+    if (thd->lex->create_info.if_exists())
+    {
+      push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE,
+                          ER_CANNOT_USER,
+                          ER_THD(thd, ER_CANNOT_USER),
+                          "ALTER USER", wrong_users.c_ptr_safe());
+      result= FALSE;
+    }
+    else
+    {
+      my_error(ER_CANNOT_USER, MYF(0),
+               "ALTER USER",
+               wrong_users.c_ptr_safe());
+    }
+  }
  DBUG_RETURN(result);
 }


--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -7107,9 +7107,10 @@ alter:
            lex->sql_command= SQLCOM_ALTER_SERVER;
            lex->server_options.reset($3);
          } OPTIONS_SYM '(' server_options_list ')' { }
-        | ALTER opt_if_exists USER clear_privileges user_list
+        | ALTER opt_if_exists USER clear_privileges grant_list
          require_clause resource_options
          {
+            Lex->create_info.set($2);
            Lex->sql_command= SQLCOM_ALTER_USER;
          }
        ;