Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
d5bfbcdb
Commit
d5bfbcdb
authored
Oct 18, 2013
by
Vicențiu Ciorbaru
Committed by
Sergei Golubchik
Oct 18, 2013
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Implemented SHOW GRANTS functionality
parent
4f97a118
Changes
10
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
409 additions
and
127 deletions
+409
-127
mysql-test/r/acl_roles_show_grants.result
mysql-test/r/acl_roles_show_grants.result
+120
-0
mysql-test/t/acl_roles_show_grants.test
mysql-test/t/acl_roles_show_grants.test
+81
-0
sql/lex.h
sql/lex.h
+1
-0
sql/mysqld.cc
sql/mysqld.cc
+0
-1
sql/sp_head.cc
sql/sp_head.cc
+0
-1
sql/sql_acl.cc
sql/sql_acl.cc
+188
-101
sql/sql_acl.h
sql/sql_acl.h
+4
-1
sql/sql_lex.h
sql/sql_lex.h
+0
-1
sql/sql_parse.cc
sql/sql_parse.cc
+5
-8
sql/sql_yacc.yy
sql/sql_yacc.yy
+10
-14
No files found.
mysql-test/r/acl_roles_show_grants.result
0 → 100644
View file @
d5bfbcdb
create user 'test_user'@'localhost';
create user 'test_role1'@'';
create user 'test_role2'@'';
update mysql.user set is_role='Y' where user='test_role1';
update mysql.user set is_role='Y' where user='test_role2';
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'test_role1');
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'test_role2');
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'test_role1',
'test_role2');
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_role2
test_user localhost
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
test_role1 test_role2
localhost test_user test_role1
localhost test_user test_role2
flush privileges;
select user, host from mysql.db;
user host
%
%
grant select on mysql.* to test_role2@'';
flush privileges;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT SELECT ON `mysql`.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
GRANT test_role2 TO 'test_user'@'localhost'
set role none;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
show grants for test_user@localhost;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
show grants for test_role1;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
show grants for test_role2;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
show grants for CURRENT_USER;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
show grants for CURRENT_USER();
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
show grants for CURRENT_ROLE;
ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost'
show grants for CURRENT_ROLE();
ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost'
set role test_role2;
show grants;
Grants for test_user@localhost
GRANT SELECT ON `mysql`.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
show grants for test_user@localhost;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
show grants for test_role1;
Grants for test_role1
GRANT SELECT ON `mysql`.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_role2'
GRANT test_role2 TO 'test_role1'
show grants for test_role2;
Grants for test_role2
GRANT SELECT ON `mysql`.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role2'
show grants for CURRENT_USER;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
show grants for CURRENT_USER();
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
show grants for CURRENT_ROLE;
Grants for test_role2
GRANT SELECT ON `mysql`.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role2'
show grants for CURRENT_ROLE();
Grants for test_role2
GRANT SELECT ON `mysql`.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role2'
drop user 'test_user'@'localhost';
revoke select on mysql.* from test_role2@'';
delete from mysql.user where user='test_role1';
delete from mysql.user where user='test_role2';
delete from mysql.roles_mapping where RoleFk='test_role1';
delete from mysql.roles_mapping where RoleFk='test_role2';
flush privileges;
mysql-test/t/acl_roles_show_grants.test
0 → 100644
View file @
d5bfbcdb
#create a user with no privileges
create
user
'test_user'
@
'localhost'
;
create
user
'test_role1'
@
''
;
create
user
'test_role2'
@
''
;
update
mysql
.
user
set
is_role
=
'Y'
where
user
=
'test_role1'
;
update
mysql
.
user
set
is_role
=
'Y'
where
user
=
'test_role2'
;
insert
into
mysql
.
roles_mapping
(
HostFk
,
UserFk
,
RoleFk
)
values
(
'localhost'
,
'test_user'
,
'test_role1'
);
insert
into
mysql
.
roles_mapping
(
HostFk
,
UserFk
,
RoleFk
)
values
(
'localhost'
,
'test_user'
,
'test_role2'
);
insert
into
mysql
.
roles_mapping
(
HostFk
,
UserFk
,
RoleFk
)
values
(
''
,
'test_role1'
,
'test_role2'
);
--
sorted_result
select
user
,
host
from
mysql
.
user
where
user
not
like
'root'
;
--
sorted_result
select
*
from
mysql
.
roles_mapping
;
flush
privileges
;
--
sorted_result
select
user
,
host
from
mysql
.
db
;
grant
select
on
mysql
.*
to
test_role2
@
''
;
flush
privileges
;
change_user
'test_user'
;
--
sorted_result
show
grants
;
set
role
test_role1
;
--
sorted_result
show
grants
;
set
role
none
;
--
sorted_result
show
grants
;
--
error
ER_DBACCESS_DENIED_ERROR
show
grants
for
test_user
@
localhost
;
--
error
ER_DBACCESS_DENIED_ERROR
show
grants
for
test_role1
;
--
error
ER_DBACCESS_DENIED_ERROR
show
grants
for
test_role2
;
--
sorted_result
show
grants
for
CURRENT_USER
;
--
sorted_result
show
grants
for
CURRENT_USER
();
--
error
ER_NONEXISTING_GRANT
show
grants
for
CURRENT_ROLE
;
--
error
ER_NONEXISTING_GRANT
show
grants
for
CURRENT_ROLE
();
set
role
test_role2
;
--
sorted_result
show
grants
;
--
sorted_result
show
grants
for
test_user
@
localhost
;
--
sorted_result
show
grants
for
test_role1
;
--
sorted_result
show
grants
for
test_role2
;
--
sorted_result
show
grants
for
CURRENT_USER
;
--
sorted_result
show
grants
for
CURRENT_USER
();
--
sorted_result
show
grants
for
CURRENT_ROLE
;
--
sorted_result
show
grants
for
CURRENT_ROLE
();
change_user
'root'
;
drop
user
'test_user'
@
'localhost'
;
revoke
select
on
mysql
.*
from
test_role2
@
''
;
delete
from
mysql
.
user
where
user
=
'test_role1'
;
delete
from
mysql
.
user
where
user
=
'test_role2'
;
delete
from
mysql
.
roles_mapping
where
RoleFk
=
'test_role1'
;
delete
from
mysql
.
roles_mapping
where
RoleFk
=
'test_role2'
;
flush
privileges
;
sql/lex.h
View file @
d5bfbcdb
...
...
@@ -153,6 +153,7 @@ static SYMBOL symbols[] = {
{
"CUBE"
,
SYM
(
CUBE_SYM
)},
{
"CURRENT_DATE"
,
SYM
(
CURDATE
)},
{
"CURRENT_POS"
,
SYM
(
CURRENT_POS_SYM
)},
{
"CURRENT_ROLE"
,
SYM
(
CURRENT_ROLE
)},
{
"CURRENT_TIME"
,
SYM
(
CURTIME
)},
{
"CURRENT_TIMESTAMP"
,
SYM
(
NOW_SYM
)},
{
"CURRENT_USER"
,
SYM
(
CURRENT_USER
)},
...
...
sql/mysqld.cc
View file @
d5bfbcdb
...
...
@@ -3517,7 +3517,6 @@ SHOW_VAR com_status_vars[]= {
#endif
{
"show_function_status"
,
(
char
*
)
offsetof
(
STATUS_VAR
,
com_stat
[(
uint
)
SQLCOM_SHOW_STATUS_FUNC
]),
SHOW_LONG_STATUS
},
{
"show_grants"
,
(
char
*
)
offsetof
(
STATUS_VAR
,
com_stat
[(
uint
)
SQLCOM_SHOW_GRANTS
]),
SHOW_LONG_STATUS
},
{
"show_grants_self"
,
(
char
*
)
offsetof
(
STATUS_VAR
,
com_stat
[(
uint
)
SQLCOM_SHOW_GRANTS_SELF
]),
SHOW_LONG_STATUS
},
{
"show_keys"
,
(
char
*
)
offsetof
(
STATUS_VAR
,
com_stat
[(
uint
)
SQLCOM_SHOW_KEYS
]),
SHOW_LONG_STATUS
},
{
"show_index_statistics"
,
(
char
*
)
offsetof
(
STATUS_VAR
,
com_stat
[(
uint
)
SQLCOM_SHOW_INDEX_STATS
]),
SHOW_LONG_STATUS
},
{
"show_master_status"
,
(
char
*
)
offsetof
(
STATUS_VAR
,
com_stat
[(
uint
)
SQLCOM_SHOW_MASTER_STAT
]),
SHOW_LONG_STATUS
},
...
...
sql/sp_head.cc
View file @
d5bfbcdb
...
...
@@ -223,7 +223,6 @@ sp_get_flags_for_command(LEX *lex)
case
SQLCOM_SHOW_FIELDS
:
case
SQLCOM_SHOW_FUNC_CODE
:
case
SQLCOM_SHOW_GRANTS
:
case
SQLCOM_SHOW_GRANTS_SELF
:
case
SQLCOM_SHOW_ENGINE_STATUS
:
case
SQLCOM_SHOW_ENGINE_LOGS
:
case
SQLCOM_SHOW_ENGINE_MUTEX
:
...
...
sql/sql_acl.cc
View file @
d5bfbcdb
This diff is collapsed.
Click to expand it.
sql/sql_acl.h
View file @
d5bfbcdb
...
...
@@ -175,6 +175,9 @@ extern bool mysql_user_table_is_in_short_password_format;
extern
const
char
*
HOST_NOT_SPECIFIED
;
extern
const
char
*
NONE_ROLE
;
extern
LEX_USER
current_user
;
extern
LEX_USER
current_role
;
extern
LEX_USER
current_user_and_current_role
;
static
inline
int
access_denied_error_code
(
int
passwd_used
)
...
...
@@ -227,7 +230,7 @@ ulong get_table_grant(THD *thd, TABLE_LIST *table);
ulong
get_column_grant
(
THD
*
thd
,
GRANT_INFO
*
grant
,
const
char
*
db_name
,
const
char
*
table_name
,
const
char
*
field_name
);
bool
mysql_show_grants
(
THD
*
thd
,
LEX_USER
*
user
,
bool
print_current_role
);
bool
mysql_show_grants
(
THD
*
thd
,
LEX_USER
*
user
);
void
get_privilege_desc
(
char
*
to
,
uint
max_length
,
ulong
access
);
void
get_mqh
(
const
char
*
user
,
const
char
*
host
,
USER_CONN
*
uc
);
bool
mysql_create_user
(
THD
*
thd
,
List
<
LEX_USER
>
&
list
,
bool
handle_as_role
);
...
...
sql/sql_lex.h
View file @
d5bfbcdb
...
...
@@ -146,7 +146,6 @@ enum enum_sql_command {
SQLCOM_SHOW_GRANTS
,
SQLCOM_SHOW_CREATE
,
SQLCOM_SHOW_CHARSETS
,
SQLCOM_SHOW_COLLATIONS
,
SQLCOM_SHOW_CREATE_DB
,
SQLCOM_SHOW_TABLE_STATUS
,
SQLCOM_SHOW_TRIGGERS
,
SQLCOM_SHOW_GRANTS_SELF
,
SQLCOM_LOAD
,
SQLCOM_SET_OPTION
,
SQLCOM_LOCK_TABLES
,
SQLCOM_UNLOCK_TABLES
,
SQLCOM_GRANT
,
SQLCOM_GRANT_ROLE
,
...
...
sql/sql_parse.cc
View file @
d5bfbcdb
...
...
@@ -341,7 +341,6 @@ void init_update_queries(void)
sql_command_flags
[
SQLCOM_SHOW_EXPLAIN
]
=
CF_STATUS_COMMAND
;
sql_command_flags
[
SQLCOM_SHOW_PROCESSLIST
]
=
CF_STATUS_COMMAND
;
sql_command_flags
[
SQLCOM_SHOW_GRANTS
]
=
CF_STATUS_COMMAND
;
sql_command_flags
[
SQLCOM_SHOW_GRANTS_SELF
]
=
CF_STATUS_COMMAND
;
sql_command_flags
[
SQLCOM_SHOW_CREATE_DB
]
=
CF_STATUS_COMMAND
;
sql_command_flags
[
SQLCOM_SHOW_CREATE
]
=
CF_STATUS_COMMAND
;
sql_command_flags
[
SQLCOM_SHOW_MASTER_STAT
]
=
CF_STATUS_COMMAND
;
...
...
@@ -3991,18 +3990,16 @@ case SQLCOM_PREPARE:
#ifndef NO_EMBEDDED_ACCESS_CHECKS
case
SQLCOM_SHOW_GRANTS
:
case
SQLCOM_SHOW_GRANTS_SELF
:
{
LEX_USER
*
grant_user
=
get_current_user
(
thd
,
lex
->
grant_user
)
;
LEX_USER
*
grant_user
=
lex
->
grant_user
;
if
(
!
grant_user
)
goto
error
;
if
((
thd
->
security_ctx
->
priv_user
&&
!
strcmp
(
thd
->
security_ctx
->
priv_user
,
grant_user
->
user
.
str
))
||
if
(
grant_user
==
&
current_user
||
grant_user
==
&
current_role
||
grant_user
==
&
current_user_and_current_role
||
!
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
NULL
,
NULL
,
1
,
0
))
{
res
=
mysql_show_grants
(
thd
,
grant_user
,
(
lex
->
sql_command
==
SQLCOM_SHOW_GRANTS_SELF
)
?
TRUE
:
FALSE
);
res
=
mysql_show_grants
(
thd
,
grant_user
);
}
break
;
}
...
...
sql/sql_yacc.yy
View file @
d5bfbcdb
...
...
@@ -910,6 +910,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
%token CUBE_SYM /* SQL-2003-R */
%token CURDATE /* MYSQL-FUNC */
%token CURRENT_USER /* SQL-2003-R */
%token CURRENT_ROLE /* SQL-2003-R */
%token CURRENT_POS_SYM
%token CURSOR_SYM /* SQL-2003-R */
%token CURSOR_NAME_SYM /* SQL-2003-N */
...
...
@@ -11757,12 +11758,8 @@ show_param:
| GRANTS
{
LEX *lex=Lex;
lex->sql_command= SQLCOM_SHOW_GRANTS_SELF;
LEX_USER *curr_user;
if (!(curr_user= (LEX_USER*) lex->thd->alloc(sizeof(st_lex_user))))
MYSQL_YYABORT;
bzero(curr_user, sizeof(st_lex_user));
lex->grant_user= curr_user;
lex->sql_command= SQLCOM_SHOW_GRANTS;
lex->grant_user= ¤t_user_and_current_role;
}
| GRANTS FOR_SYM user
{
...
...
@@ -11771,6 +11768,12 @@ show_param:
lex->grant_user=$3;
lex->grant_user->password=null_lex_str;
}
| GRANTS FOR_SYM CURRENT_ROLE optional_braces
{
LEX *lex=Lex;
lex->sql_command= SQLCOM_SHOW_GRANTS;
lex->grant_user= ¤t_role;
}
| CREATE DATABASE opt_if_not_exists ident
{
Lex->sql_command=SQLCOM_SHOW_CREATE_DB;
...
...
@@ -13201,14 +13204,7 @@ user:
}
| CURRENT_USER optional_braces
{
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
MYSQL_YYABORT;
/*
empty LEX_USER means current_user and
will be handled in the get_current_user() function
later
*/
bzero($$, sizeof(LEX_USER));
$$= ¤t_user;
}
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment