Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
e1f412be
Commit
e1f412be
authored
Mar 09, 2011
by
Georgi Kodinov
Browse files
Options
Browse Files
Download
Plain Diff
merge mysql-5.0-secrutiy-fixed -> mysql-5.0
parents
edcdc79e
e2b44930
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
452 additions
and
54 deletions
+452
-54
mysql-test/r/grant.result
mysql-test/r/grant.result
+193
-0
mysql-test/suite/funcs_1/r/innodb_storedproc_06.result
mysql-test/suite/funcs_1/r/innodb_storedproc_06.result
+0
-4
mysql-test/suite/funcs_1/r/memory_storedproc_06.result
mysql-test/suite/funcs_1/r/memory_storedproc_06.result
+0
-4
mysql-test/suite/funcs_1/r/myisam_storedproc_06.result
mysql-test/suite/funcs_1/r/myisam_storedproc_06.result
+0
-4
mysql-test/t/grant.test
mysql-test/t/grant.test
+177
-0
sql/sql_acl.cc
sql/sql_acl.cc
+82
-42
No files found.
mysql-test/r/grant.result
View file @
e1f412be
...
@@ -1230,4 +1230,197 @@ DROP DATABASE mysqltest2;
...
@@ -1230,4 +1230,197 @@ DROP DATABASE mysqltest2;
DROP USER testuser@localhost;
DROP USER testuser@localhost;
use test;
use test;
#
# Test for bug #36544 "DROP USER does not remove stored function
# privileges".
#
create database mysqltest1;
create function mysqltest1.f1() returns int return 0;
create procedure mysqltest1.p1() begin end;
#
# 1) Check that DROP USER properly removes privileges on both
# stored procedures and functions.
#
create user mysqluser1@localhost;
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
# Quick test that granted privileges are properly reflected
# in privilege tables and in in-memory structures.
show grants for mysqluser1@localhost;
Grants for mysqluser1@localhost
GRANT USAGE ON *.* TO 'mysqluser1'@'localhost'
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser1'@'localhost'
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser1'@'localhost'
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
db routine_name routine_type proc_priv
mysqltest1 f1 FUNCTION Execute
mysqltest1 p1 PROCEDURE Execute
#
# Create connection 'bug_36544_con1' as 'mysqluser1@localhost'.
call mysqltest1.p1();
select mysqltest1.f1();
mysqltest1.f1()
0
#
# Switch to connection 'default'.
drop user mysqluser1@localhost;
#
# Test that dropping of user is properly reflected in
# both privilege tables and in in-memory structures.
#
# Switch to connection 'bug36544_con1'.
# The connection cold be alive but should not be able to
# access to any of the stored routines.
call mysqltest1.p1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
select mysqltest1.f1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
#
# Switch to connection 'default'.
#
# Now create user with the same name and check that he
# has not inherited privileges.
create user mysqluser1@localhost;
show grants for mysqluser1@localhost;
Grants for mysqluser1@localhost
GRANT USAGE ON *.* TO 'mysqluser1'@'localhost'
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
db routine_name routine_type proc_priv
#
# Create connection 'bug_36544_con2' as 'mysqluser1@localhost'.
# Newly created user should not be able to access any of the routines.
call mysqltest1.p1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
select mysqltest1.f1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
#
# Switch to connection 'default'.
#
# 2) Check that RENAME USER properly updates privileges on both
# stored procedures and functions.
#
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
#
# Create one more user to make in-memory hashes non-trivial.
# User names 'mysqluser11' and 'mysqluser10' were selected
# to trigger bug discovered during code inspection.
create user mysqluser11@localhost;
grant execute on function mysqltest1.f1 to mysqluser11@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser11@localhost;
# Also create a couple of tables to test for another bug
# discovered during code inspection (again table names were
# chosen especially to trigger the bug).
create table mysqltest1.t11 (i int);
create table mysqltest1.t22 (i int);
grant select on mysqltest1.t22 to mysqluser1@localhost;
grant select on mysqltest1.t11 to mysqluser1@localhost;
# Quick test that granted privileges are properly reflected
# in privilege tables and in in-memory structures.
show grants for mysqluser1@localhost;
Grants for mysqluser1@localhost
GRANT USAGE ON *.* TO 'mysqluser1'@'localhost'
GRANT SELECT ON `mysqltest1`.`t11` TO 'mysqluser1'@'localhost'
GRANT SELECT ON `mysqltest1`.`t22` TO 'mysqluser1'@'localhost'
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser1'@'localhost'
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser1'@'localhost'
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
db routine_name routine_type proc_priv
mysqltest1 f1 FUNCTION Execute
mysqltest1 p1 PROCEDURE Execute
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
db table_name table_priv
mysqltest1 t11 Select
mysqltest1 t22 Select
#
# Switch to connection 'bug36544_con2'.
call mysqltest1.p1();
select mysqltest1.f1();
mysqltest1.f1()
0
select * from mysqltest1.t11;
i
select * from mysqltest1.t22;
i
#
# Switch to connection 'default'.
rename user mysqluser1@localhost to mysqluser10@localhost;
#
# Test that there are no privileges left for mysqluser1.
#
# Switch to connection 'bug36544_con2'.
# The connection cold be alive but should not be able to
# access to any of the stored routines or tables.
call mysqltest1.p1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
select mysqltest1.f1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
select * from mysqltest1.t11;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't11'
select * from mysqltest1.t22;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't22'
#
# Switch to connection 'default'.
#
# Now create user with the old name and check that he
# has not inherited privileges.
create user mysqluser1@localhost;
show grants for mysqluser1@localhost;
Grants for mysqluser1@localhost
GRANT USAGE ON *.* TO 'mysqluser1'@'localhost'
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
db routine_name routine_type proc_priv
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
db table_name table_priv
#
# Create connection 'bug_36544_con3' as 'mysqluser1@localhost'.
# Newly created user should not be able to access to any of the
# stored routines or tables.
call mysqltest1.p1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
select mysqltest1.f1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
select * from mysqltest1.t11;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't11'
select * from mysqltest1.t22;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't22'
#
# Switch to connection 'default'.
#
# Now check that privileges became associated with a new user
# name - mysqluser10.
#
show grants for mysqluser10@localhost;
Grants for mysqluser10@localhost
GRANT USAGE ON *.* TO 'mysqluser10'@'localhost'
GRANT SELECT ON `mysqltest1`.`t22` TO 'mysqluser10'@'localhost'
GRANT SELECT ON `mysqltest1`.`t11` TO 'mysqluser10'@'localhost'
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser10'@'localhost'
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser10'@'localhost'
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser10' and host='localhost';
db routine_name routine_type proc_priv
mysqltest1 f1 FUNCTION Execute
mysqltest1 p1 PROCEDURE Execute
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser10' and host='localhost';
db table_name table_priv
mysqltest1 t11 Select
mysqltest1 t22 Select
#
# Create connection 'bug_36544_con4' as 'mysqluser10@localhost'.
call mysqltest1.p1();
select mysqltest1.f1();
mysqltest1.f1()
0
select * from mysqltest1.t11;
i
select * from mysqltest1.t22;
i
#
# Switch to connection 'default'.
#
# Clean-up.
drop user mysqluser1@localhost;
drop user mysqluser10@localhost;
drop user mysqluser11@localhost;
drop database mysqltest1;
End of 5.0 tests
End of 5.0 tests
mysql-test/suite/funcs_1/r/innodb_storedproc_06.result
View file @
e1f412be
...
@@ -131,10 +131,6 @@ root@localhost db_storedproc_1
...
@@ -131,10 +131,6 @@ root@localhost db_storedproc_1
drop user 'user_1'@'localhost';
drop user 'user_1'@'localhost';
DROP PROCEDURE sp3;
DROP PROCEDURE sp3;
DROP FUNCTION fn1;
DROP FUNCTION fn1;
Warnings:
Error 1133 Can't find any matching row in the user table
Error 1269 Can't revoke all privileges for one or more of the requested users
Warning 1405 Failed to revoke all privileges to dropped routine
Testcase 3.1.6.4:
Testcase 3.1.6.4:
-----------------
-----------------
...
...
mysql-test/suite/funcs_1/r/memory_storedproc_06.result
View file @
e1f412be
...
@@ -131,10 +131,6 @@ root@localhost db_storedproc_1
...
@@ -131,10 +131,6 @@ root@localhost db_storedproc_1
drop user 'user_1'@'localhost';
drop user 'user_1'@'localhost';
DROP PROCEDURE sp3;
DROP PROCEDURE sp3;
DROP FUNCTION fn1;
DROP FUNCTION fn1;
Warnings:
Error 1133 Can't find any matching row in the user table
Error 1269 Can't revoke all privileges for one or more of the requested users
Warning 1405 Failed to revoke all privileges to dropped routine
Testcase 3.1.6.4:
Testcase 3.1.6.4:
-----------------
-----------------
...
...
mysql-test/suite/funcs_1/r/myisam_storedproc_06.result
View file @
e1f412be
...
@@ -131,10 +131,6 @@ root@localhost db_storedproc_1
...
@@ -131,10 +131,6 @@ root@localhost db_storedproc_1
drop user 'user_1'@'localhost';
drop user 'user_1'@'localhost';
DROP PROCEDURE sp3;
DROP PROCEDURE sp3;
DROP FUNCTION fn1;
DROP FUNCTION fn1;
Warnings:
Error 1133 Can't find any matching row in the user table
Error 1269 Can't revoke all privileges for one or more of the requested users
Warning 1405 Failed to revoke all privileges to dropped routine
Testcase 3.1.6.4:
Testcase 3.1.6.4:
-----------------
-----------------
...
...
mysql-test/t/grant.test
View file @
e1f412be
...
@@ -1267,6 +1267,183 @@ DROP USER testuser@localhost;
...
@@ -1267,6 +1267,183 @@ DROP USER testuser@localhost;
use
test
;
use
test
;
--
echo
--
echo
--
echo
#
--
echo
# Test for bug #36544 "DROP USER does not remove stored function
--
echo
# privileges".
--
echo
#
create
database
mysqltest1
;
create
function
mysqltest1
.
f1
()
returns
int
return
0
;
create
procedure
mysqltest1
.
p1
()
begin
end
;
--
echo
#
--
echo
# 1) Check that DROP USER properly removes privileges on both
--
echo
# stored procedures and functions.
--
echo
#
create
user
mysqluser1
@
localhost
;
grant
execute
on
function
mysqltest1
.
f1
to
mysqluser1
@
localhost
;
grant
execute
on
procedure
mysqltest1
.
p1
to
mysqluser1
@
localhost
;
--
echo
# Quick test that granted privileges are properly reflected
--
echo
# in privilege tables and in in-memory structures.
show
grants
for
mysqluser1
@
localhost
;
select
db
,
routine_name
,
routine_type
,
proc_priv
from
mysql
.
procs_priv
where
user
=
'mysqluser1'
and
host
=
'localhost'
;
--
echo
#
--
echo
# Create connection 'bug_36544_con1' as 'mysqluser1@localhost'.
--
connect
(
bug36544_con1
,
localhost
,
mysqluser1
,,)
call
mysqltest1
.
p1
();
select
mysqltest1
.
f1
();
--
echo
#
--
echo
# Switch to connection 'default'.
--
connection
default
drop
user
mysqluser1
@
localhost
;
--
echo
#
--
echo
# Test that dropping of user is properly reflected in
--
echo
# both privilege tables and in in-memory structures.
--
echo
#
--
echo
# Switch to connection 'bug36544_con1'.
--
connection
bug36544_con1
--
echo
# The connection cold be alive but should not be able to
--
echo
# access to any of the stored routines.
--
error
ER_PROCACCESS_DENIED_ERROR
call
mysqltest1
.
p1
();
--
error
ER_PROCACCESS_DENIED_ERROR
select
mysqltest1
.
f1
();
--
disconnect
bug36544_con1
--
echo
#
--
echo
# Switch to connection 'default'.
--
connection
default
--
echo
#
--
echo
# Now create user with the same name and check that he
--
echo
# has not inherited privileges.
create
user
mysqluser1
@
localhost
;
show
grants
for
mysqluser1
@
localhost
;
select
db
,
routine_name
,
routine_type
,
proc_priv
from
mysql
.
procs_priv
where
user
=
'mysqluser1'
and
host
=
'localhost'
;
--
echo
#
--
echo
# Create connection 'bug_36544_con2' as 'mysqluser1@localhost'.
--
connect
(
bug36544_con2
,
localhost
,
mysqluser1
,,)
--
echo
# Newly created user should not be able to access any of the routines.
--
error
ER_PROCACCESS_DENIED_ERROR
call
mysqltest1
.
p1
();
--
error
ER_PROCACCESS_DENIED_ERROR
select
mysqltest1
.
f1
();
--
echo
#
--
echo
# Switch to connection 'default'.
--
connection
default
--
echo
#
--
echo
# 2) Check that RENAME USER properly updates privileges on both
--
echo
# stored procedures and functions.
--
echo
#
grant
execute
on
function
mysqltest1
.
f1
to
mysqluser1
@
localhost
;
grant
execute
on
procedure
mysqltest1
.
p1
to
mysqluser1
@
localhost
;
--
echo
#
--
echo
# Create one more user to make in-memory hashes non-trivial.
--
echo
# User names 'mysqluser11' and 'mysqluser10' were selected
--
echo
# to trigger bug discovered during code inspection.
create
user
mysqluser11
@
localhost
;
grant
execute
on
function
mysqltest1
.
f1
to
mysqluser11
@
localhost
;
grant
execute
on
procedure
mysqltest1
.
p1
to
mysqluser11
@
localhost
;
--
echo
# Also create a couple of tables to test for another bug
--
echo
# discovered during code inspection (again table names were
--
echo
# chosen especially to trigger the bug).
create
table
mysqltest1
.
t11
(
i
int
);
create
table
mysqltest1
.
t22
(
i
int
);
grant
select
on
mysqltest1
.
t22
to
mysqluser1
@
localhost
;
grant
select
on
mysqltest1
.
t11
to
mysqluser1
@
localhost
;
--
echo
# Quick test that granted privileges are properly reflected
--
echo
# in privilege tables and in in-memory structures.
show
grants
for
mysqluser1
@
localhost
;
select
db
,
routine_name
,
routine_type
,
proc_priv
from
mysql
.
procs_priv
where
user
=
'mysqluser1'
and
host
=
'localhost'
;
select
db
,
table_name
,
table_priv
from
mysql
.
tables_priv
where
user
=
'mysqluser1'
and
host
=
'localhost'
;
--
echo
#
--
echo
# Switch to connection 'bug36544_con2'.
--
connection
bug36544_con2
call
mysqltest1
.
p1
();
select
mysqltest1
.
f1
();
select
*
from
mysqltest1
.
t11
;
select
*
from
mysqltest1
.
t22
;
--
echo
#
--
echo
# Switch to connection 'default'.
--
connection
default
rename
user
mysqluser1
@
localhost
to
mysqluser10
@
localhost
;
--
echo
#
--
echo
# Test that there are no privileges left for mysqluser1.
--
echo
#
--
echo
# Switch to connection 'bug36544_con2'.
--
connection
bug36544_con2
--
echo
# The connection cold be alive but should not be able to
--
echo
# access to any of the stored routines or tables.
--
error
ER_PROCACCESS_DENIED_ERROR
call
mysqltest1
.
p1
();
--
error
ER_PROCACCESS_DENIED_ERROR
select
mysqltest1
.
f1
();
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysqltest1
.
t11
;
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysqltest1
.
t22
;
--
disconnect
bug36544_con2
--
echo
#
--
echo
# Switch to connection 'default'.
--
connection
default
--
echo
#
--
echo
# Now create user with the old name and check that he
--
echo
# has not inherited privileges.
create
user
mysqluser1
@
localhost
;
show
grants
for
mysqluser1
@
localhost
;
select
db
,
routine_name
,
routine_type
,
proc_priv
from
mysql
.
procs_priv
where
user
=
'mysqluser1'
and
host
=
'localhost'
;
select
db
,
table_name
,
table_priv
from
mysql
.
tables_priv
where
user
=
'mysqluser1'
and
host
=
'localhost'
;
--
echo
#
--
echo
# Create connection 'bug_36544_con3' as 'mysqluser1@localhost'.
--
connect
(
bug36544_con3
,
localhost
,
mysqluser1
,,)
--
echo
# Newly created user should not be able to access to any of the
--
echo
# stored routines or tables.
--
error
ER_PROCACCESS_DENIED_ERROR
call
mysqltest1
.
p1
();
--
error
ER_PROCACCESS_DENIED_ERROR
select
mysqltest1
.
f1
();
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysqltest1
.
t11
;
--
error
ER_TABLEACCESS_DENIED_ERROR
select
*
from
mysqltest1
.
t22
;
--
disconnect
bug36544_con3
--
echo
#
--
echo
# Switch to connection 'default'.
--
connection
default
--
echo
#
--
echo
# Now check that privileges became associated with a new user
--
echo
# name - mysqluser10.
--
echo
#
show
grants
for
mysqluser10
@
localhost
;
select
db
,
routine_name
,
routine_type
,
proc_priv
from
mysql
.
procs_priv
where
user
=
'mysqluser10'
and
host
=
'localhost'
;
select
db
,
table_name
,
table_priv
from
mysql
.
tables_priv
where
user
=
'mysqluser10'
and
host
=
'localhost'
;
--
echo
#
--
echo
# Create connection 'bug_36544_con4' as 'mysqluser10@localhost'.
--
connect
(
bug36544_con4
,
localhost
,
mysqluser10
,,)
call
mysqltest1
.
p1
();
select
mysqltest1
.
f1
();
select
*
from
mysqltest1
.
t11
;
select
*
from
mysqltest1
.
t22
;
--
disconnect
bug36544_con4
--
echo
#
--
echo
# Switch to connection 'default'.
--
connection
default
--
echo
#
--
echo
# Clean-up.
drop
user
mysqluser1
@
localhost
;
drop
user
mysqluser10
@
localhost
;
drop
user
mysqluser11
@
localhost
;
drop
database
mysqltest1
;
--
echo
End
of
5.0
tests
--
echo
End
of
5.0
tests
disconnect
master
;
disconnect
master
;
...
...
sql/sql_acl.cc
View file @
e1f412be
/* Copyright (
C) 2000-2003 MySQL AB
/* Copyright (
c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -5048,18 +5048,15 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
...
@@ -5048,18 +5048,15 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
}
}
/*
/*
*
Handle an in-memory privilege structure.
Handle an in-memory privilege structure.
SYNOPSIS
@param struct_no The number of the structure to handle (0..4).
handle_grant_struct()
@param drop If user_from is to be dropped.
struct_no The number of the structure to handle (0..3).
@param user_from The the user to be searched/dropped/renamed.
drop If user_from is to be dropped.
@param user_to The new name for the user if to be renamed, NULL otherwise.
user_from The the user to be searched/dropped/renamed.
user_to The new name for the user if to be renamed,
NULL otherwise.
DESCRIPTION
@note
Scan through all elements in an in-memory grant structure and apply
Scan through all elements in an in-memory grant structure and apply
the requested operation.
the requested operation.
Delete from grant structure if drop is true.
Delete from grant structure if drop is true.
...
@@ -5069,12 +5066,12 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
...
@@ -5069,12 +5066,12 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
0 acl_users
0 acl_users
1 acl_dbs
1 acl_dbs
2 column_priv_hash
2 column_priv_hash
3 procs_priv_hash
3 proc_priv_hash
4 func_priv_hash
RETURN
@retval > 0 At least one element matched.
> 0 At least one element matched.
@retval 0 OK, but no element matched.
0 OK, but no element matched.
@retval -1 Wrong arguments to function.
-1 Wrong arguments to function
*/
*/
static
int
handle_grant_struct
(
uint
struct_no
,
bool
drop
,
static
int
handle_grant_struct
(
uint
struct_no
,
bool
drop
,
...
@@ -5088,6 +5085,7 @@ static int handle_grant_struct(uint struct_no, bool drop,
...
@@ -5088,6 +5085,7 @@ static int handle_grant_struct(uint struct_no, bool drop,
ACL_USER
*
UNINIT_VAR
(
acl_user
);
ACL_USER
*
UNINIT_VAR
(
acl_user
);
ACL_DB
*
UNINIT_VAR
(
acl_db
);
ACL_DB
*
UNINIT_VAR
(
acl_db
);
GRANT_NAME
*
UNINIT_VAR
(
grant_name
);
GRANT_NAME
*
UNINIT_VAR
(
grant_name
);
HASH
*
UNINIT_VAR
(
grant_name_hash
);
DBUG_ENTER
(
"handle_grant_struct"
);
DBUG_ENTER
(
"handle_grant_struct"
);
DBUG_PRINT
(
"info"
,(
"scan struct: %u search: '%s'@'%s'"
,
DBUG_PRINT
(
"info"
,(
"scan struct: %u search: '%s'@'%s'"
,
struct_no
,
user_from
->
user
.
str
,
user_from
->
host
.
str
));
struct_no
,
user_from
->
user
.
str
,
user_from
->
host
.
str
));
...
@@ -5104,9 +5102,15 @@ static int handle_grant_struct(uint struct_no, bool drop,
...
@@ -5104,9 +5102,15 @@ static int handle_grant_struct(uint struct_no, bool drop,
break
;
break
;
case
2
:
case
2
:
elements
=
column_priv_hash
.
records
;
elements
=
column_priv_hash
.
records
;
grant_name_hash
=
&
column_priv_hash
;
break
;
break
;
case
3
:
case
3
:
elements
=
proc_priv_hash
.
records
;
elements
=
proc_priv_hash
.
records
;
grant_name_hash
=
&
proc_priv_hash
;
break
;
case
4
:
elements
=
func_priv_hash
.
records
;
grant_name_hash
=
&
func_priv_hash
;
break
;
break
;
default:
default:
return
-
1
;
return
-
1
;
...
@@ -5136,16 +5140,13 @@ static int handle_grant_struct(uint struct_no, bool drop,
...
@@ -5136,16 +5140,13 @@ static int handle_grant_struct(uint struct_no, bool drop,
break
;
break
;
case
2
:
case
2
:
grant_name
=
(
GRANT_NAME
*
)
hash_element
(
&
column_priv_hash
,
idx
);
user
=
grant_name
->
user
;
host
=
grant_name
->
host
.
hostname
;
break
;
case
3
:
case
3
:
grant_name
=
(
GRANT_NAME
*
)
hash_element
(
&
proc_priv_hash
,
idx
);
case
4
:
grant_name
=
(
GRANT_NAME
*
)
hash_element
(
grant_name_hash
,
idx
);
user
=
grant_name
->
user
;
user
=
grant_name
->
user
;
host
=
grant_name
->
host
.
hostname
;
host
=
grant_name
->
host
.
hostname
;
break
;
break
;
default:
default:
assert
(
0
);
assert
(
0
);
}
}
...
@@ -5176,14 +5177,25 @@ static int handle_grant_struct(uint struct_no, bool drop,
...
@@ -5176,14 +5177,25 @@ static int handle_grant_struct(uint struct_no, bool drop,
break
;
break
;
case
2
:
case
2
:
hash_delete
(
&
column_priv_hash
,
(
byte
*
)
grant_name
);
break
;
case
3
:
case
3
:
hash_delete
(
&
proc_priv_hash
,
(
byte
*
)
grant_name
);
case
4
:
hash_delete
(
grant_name_hash
,
(
byte
*
)
grant_name
);
break
;
break
;
}
}
elements
--
;
elements
--
;
/*
- If we are iterating through an array then we just have moved all
elements after the current element one position closer to its head.
This means that we have to take another look at the element at
current position as it is a new element from the array's tail.
- If we are iterating through a hash the current element was replaced
with one of elements from the tail. So we also have to take a look
at the new element in current position.
Note that in our HASH implementation hash_delete() won't move any
elements with position after current one to position before the
current (i.e. from the tail to the head), so it is safe to continue
iteration without re-starting.
*/
idx
--
;
idx
--
;
}
}
else
if
(
user_to
)
else
if
(
user_to
)
...
@@ -5201,22 +5213,41 @@ static int handle_grant_struct(uint struct_no, bool drop,
...
@@ -5201,22 +5213,41 @@ static int handle_grant_struct(uint struct_no, bool drop,
case
2
:
case
2
:
case
3
:
case
3
:
/*
case
4
:
Update the grant structure with the new user name and
{
host name
/*
*/
Save old hash key and its length to be able properly update
grant_name
->
set_user_details
(
user_to
->
host
.
str
,
grant_name
->
db
,
element position in hash.
user_to
->
user
.
str
,
grant_name
->
tname
,
*/
TRUE
);
char
*
old_key
=
grant_name
->
hash_key
;
size_t
old_key_length
=
grant_name
->
key_length
;
/*
Since username is part of the hash key, when the user name
/*
is renamed, the hash key is changed. Update the hash to
Update the grant structure with the new user name and host name.
ensure that the position matches the new hash key value
*/
*/
grant_name
->
set_user_details
(
user_to
->
host
.
str
,
grant_name
->
db
,
hash_update
(
&
column_priv_hash
,
(
byte
*
)
grant_name
,
user_to
->
user
.
str
,
grant_name
->
tname
,
(
byte
*
)
grant_name
->
hash_key
,
grant_name
->
key_length
);
TRUE
);
break
;
/*
Since username is part of the hash key, when the user name
is renamed, the hash key is changed. Update the hash to
ensure that the position matches the new hash key value
*/
hash_update
(
grant_name_hash
,
(
byte
*
)
grant_name
,
(
byte
*
)
old_key
,
old_key_length
);
/*
hash_update() operation could have moved element from the tail
of the hash to the current position. So we need to take a look
at the element in current position once again.
Thanks to the fact that hash_update() for our HASH implementation
won't move any elements from the tail of the hash to the positions
before the current one (a.k.a. head) it is safe to continue
iteration without restarting.
*/
idx
--
;
break
;
}
}
}
}
}
else
else
...
@@ -5302,7 +5333,7 @@ static int handle_grant_data(TABLE_LIST *tables, bool drop,
...
@@ -5302,7 +5333,7 @@ static int handle_grant_data(TABLE_LIST *tables, bool drop,
}
}
}
}
/* Handle
procedur
es table. */
/* Handle
stored routin
es table. */
if
((
found
=
handle_grant_table
(
tables
,
4
,
drop
,
user_from
,
user_to
))
<
0
)
if
((
found
=
handle_grant_table
(
tables
,
4
,
drop
,
user_from
,
user_to
))
<
0
)
{
{
/* Handle of table failed, don't touch in-memory array. */
/* Handle of table failed, don't touch in-memory array. */
...
@@ -5319,6 +5350,15 @@ static int handle_grant_data(TABLE_LIST *tables, bool drop,
...
@@ -5319,6 +5350,15 @@ static int handle_grant_data(TABLE_LIST *tables, bool drop,
if
(
!
drop
&&
!
user_to
)
if
(
!
drop
&&
!
user_to
)
goto
end
;
goto
end
;
}
}
/* Handle funcs array. */
if
(((
handle_grant_struct
(
4
,
drop
,
user_from
,
user_to
)
&&
!
result
)
||
found
)
&&
!
result
)
{
result
=
1
;
/* At least one record/element found. */
/* If search is requested, we do not need to search further. */
if
(
!
drop
&&
!
user_to
)
goto
end
;
}
}
}
/* Handle tables table. */
/* Handle tables table. */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment