Commit b45c3d0b authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Vicențiu Ciorbaru

[MDEV-7978] Implement alter user and tested create user

Implemented the alter user syntax. Also tested that create user
creates users accordingly.
parent 90b717b3
This diff is collapsed.
This diff is collapsed.
--source include/not_embedded.inc
--enable_connect_log
select * from mysql.user where user = 'root' and host = 'localhost';
--echo # Test syntax
--echo #
--echo # These 2 selects should have no changes from the first one.
alter user CURRENT_USER;
select * from mysql.user where user = 'root' and host = 'localhost';
alter user CURRENT_USER();
select * from mysql.user where user = 'root' and host = 'localhost';
create user foo;
select * from mysql.user where user = 'foo';
alter user foo;
select * from mysql.user where user = 'foo';
--echo # Test super privilege works correctly with a read only database.
SET @start_read_only = @@global.read_only;
SET GLOBAL read_only=1;
grant create user on *.* to foo;
--echo # Currently no super privileges.
connect (a, localhost, foo);
select @@global.read_only;
--error ER_OPTION_PREVENTS_STATEMENT
alter user foo;
--echo # Grant super privilege to the user.
connection default;
grant super on *.* to foo;
--echo # We now have super privilege. We should be able to run alter user.
connect (b, localhost, foo);
alter user foo;
connection default;
SET GLOBAL read_only = @start_read_only;
--echo # Test inexistant user.
--error ER_CANNOT_USER
alter user boo;
--echo #--warning ER_CANNOT_USER
alter if exists user boo;
--echo # Test SSL related altering.
alter user foo identified by 'something';
select * from mysql.user where user = 'foo';
alter user foo identified by 'something2';
select * from mysql.user where user = 'foo';
alter user foo identified by password '*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63';
select * from mysql.user where user = 'foo';
alter user foo identified with 'somecoolplugin';
select * from mysql.user where user = 'foo';
alter user foo identified with 'somecoolplugin' using 'somecoolpassphrase';
select * from mysql.user where user = 'foo';
--echo # Test resource limits altering.
alter user foo with MAX_QUERIES_PER_HOUR 10
MAX_UPDATES_PER_HOUR 20
MAX_CONNECTIONS_PER_HOUR 30
MAX_USER_CONNECTIONS 40;
select * from mysql.user where user = 'foo';
drop user foo;
--disable_connect_log
--source include/not_embedded.inc
create user foo;
select * from mysql.user where user = 'foo';
drop user foo;
create user foo identified by 'password';
select * from mysql.user where user = 'foo';
drop user foo;
create user foo identified by 'password' require SSL;
select * from mysql.user where user = 'foo';
drop user foo;
create user foo identified by 'password' require X509;
select * from mysql.user where user = 'foo';
drop user foo;
create user foo identified by 'password' require CIPHER 'cipher';
select * from mysql.user where user = 'foo';
drop user foo;
create user foo identified by 'password' require ISSUER 'issuer';
select * from mysql.user where user = 'foo';
drop user foo;
create user foo identified by 'password' require SUBJECT 'subject';
select * from mysql.user where user = 'foo';
drop user foo;
create user foo identified by 'password' require CIPHER 'cipher'
SUBJECT 'subject';
select * from mysql.user where user = 'foo';
drop user foo;
create user foo identified by 'password' require CIPHER 'cipher'
AND SUBJECT 'subject'
AND ISSUER 'issuer';
select * from mysql.user where user = 'foo';
drop user foo;
create user foo, foo2 identified by 'password' require CIPHER 'cipher'
AND SUBJECT 'subject'
AND ISSUER 'issuer';
select * from mysql.user where user like 'foo';
--echo #--warning ER_USER_CREATE_EXISTS
create user if not exists foo, foo2 identified by 'password2'
require CIPHER 'cipher2' AND SUBJECT 'subject2' AND ISSUER 'issuer2';
select * from mysql.user where user like 'foo';
drop user foo, foo2;
create user foo with MAX_QUERIES_PER_HOUR 10
MAX_UPDATES_PER_HOUR 20
MAX_CONNECTIONS_PER_HOUR 30
MAX_USER_CONNECTIONS 40;
select * from mysql.user where user like 'foo';
drop user foo;
......@@ -9755,13 +9755,60 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
RETURN
> 0 Error. Error message already sent.
0 OK.
< 0 Error. Error message not yet sent.
*/
int mysql_alter_user(THD* thd, List<LEX_USER> &users_list)
{
DBUG_ENTER("mysql_alter_user");
int result= 0;
// TODO implement the alter user logic.
TABLE_LIST tables[TABLES_MAX];
String wrong_users;
// The only table we're altering is the user table.
if ((result= open_grant_tables(thd, tables, TL_WRITE, Table_user)))
DBUG_RETURN(result);
// Lock ACL data structures until we finish altering all users.
mysql_rwlock_wrlock(&LOCK_grant);
mysql_mutex_lock(&acl_cache->lock);
LEX_USER *tmp_lex_user;
List_iterator<LEX_USER> users_list_iterator(users_list);
while ((tmp_lex_user= users_list_iterator++))
{
LEX_USER* lex_user= get_current_user(thd, tmp_lex_user, false);
if (!lex_user ||
fix_lex_user(thd, lex_user) ||
replace_user_table(thd, tables[USER_TABLE].table, *lex_user,0,
false, false, true))
{
thd->clear_error();
append_user(thd, &wrong_users, tmp_lex_user);
result= TRUE;
continue;
}
}
// Unlock ACL data structures.
mysql_mutex_unlock(&acl_cache->lock);
mysql_rwlock_unlock(&LOCK_grant);
if (result)
{
// 'if exists' flag leads to warnings instead of errors.
if (thd->lex->create_info.if_exists())
{
push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE,
ER_CANNOT_USER,
ER_THD(thd, ER_CANNOT_USER),
"ALTER USER", wrong_users.c_ptr_safe());
result= FALSE;
}
else
{
my_error(ER_CANNOT_USER, MYF(0),
"ALTER USER",
wrong_users.c_ptr_safe());
}
}
DBUG_RETURN(result);
}
......
......@@ -7342,9 +7342,10 @@ alter:
lex->sql_command= SQLCOM_ALTER_SERVER;
lex->server_options.reset($3);
} OPTIONS_SYM '(' server_options_list ')' { }
| ALTER opt_if_exists USER clear_privileges user_list
| ALTER opt_if_exists USER clear_privileges grant_list
require_clause resource_options
{
Lex->create_info.set($2);
Lex->sql_command= SQLCOM_ALTER_USER;
}
;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment