Commit 46622dbe authored by Sergei Golubchik's avatar Sergei Golubchik

load with_admin flag from the mysql.roles_mapping table

parent 9d6e9c24
......@@ -34,6 +34,22 @@ Host User Role Admin_option
role4 role3 Y
localhost foo role1 Y
localhost foo role2 N
flush privileges;
show grants for foo@localhost;
Grants for foo@localhost
GRANT USAGE ON *.* TO 'foo'@'localhost'
GRANT role1 TO 'foo'@'localhost' WITH ADMIN OPTION
GRANT role2 TO 'foo'@'localhost'
show grants for role1;
Grants for role1
GRANT USAGE ON *.* TO 'role1'
GRANT USAGE ON *.* TO 'role2'
GRANT role2 TO 'role1'
show grants for role4;
Grants for role4
GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4'
GRANT role3 TO 'role4' WITH ADMIN OPTION
grant role2 to role1 with admin option;
revoke role1 from foo@localhost;
revoke admin option for role3 from role4;
......@@ -57,5 +73,20 @@ Host User Role Admin_option
role1 role2 Y
role4 role3 N
localhost foo role2 N
flush privileges;
show grants for foo@localhost;
Grants for foo@localhost
GRANT USAGE ON *.* TO 'foo'@'localhost'
GRANT role2 TO 'foo'@'localhost'
show grants for role1;
Grants for role1
GRANT USAGE ON *.* TO 'role1'
GRANT USAGE ON *.* TO 'role2'
GRANT role2 TO 'role1' WITH ADMIN OPTION
show grants for role4;
Grants for role4
GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4'
GRANT role3 TO 'role4'
drop role role1, role2, role3, role4, role5, role6;
drop user foo@localhost;
......@@ -29,6 +29,13 @@ show grants for role1;
show grants for role4;
--sorted_result
select * from mysql.roles_mapping;
flush privileges;
--sorted_result
show grants for foo@localhost;
--sorted_result
show grants for role1;
--sorted_result
show grants for role4;
grant role2 to role1 with admin option;
revoke role1 from foo@localhost;
......@@ -43,6 +50,13 @@ show grants for role1;
show grants for role4;
--sorted_result
select * from mysql.roles_mapping;
flush privileges;
--sorted_result
show grants for foo@localhost;
--sorted_result
show grants for role1;
--sorted_result
show grants for role4;
########################################
# cleanup
......
......@@ -867,6 +867,15 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
return false;
}
static bool get_YN_as_bool(Field *field)
{
char buff[2];
String res(buff,sizeof(buff),&my_charset_latin1);
field->val_str(&res);
return res[0] == 'Y' || res[0] == 'y';
}
/*
Initialize structures responsible for user/db-level privilege checking and
load privilege information for them from tables in the 'mysql' database.
......@@ -1408,8 +1417,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
char *hostname= get_field(&temp_root, table->field[0]);
char *username= get_field(&temp_root, table->field[1]);
char *rolename= get_field(&temp_root, table->field[2]);
bool with_grant_option= get_YN_as_bool(table->field[3]);
if (mapping->init(&mem, username, hostname, rolename, false))
if (mapping->init(&mem, username, hostname, rolename, with_grant_option))
continue;
if (add_role_user_mapping(mapping) == -1) {
......@@ -1430,6 +1440,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
mysql_mutex_unlock(&acl_cache->lock);
}
else
{
sql_print_error("Missing system table mysql.roles_mapping; "
"please run mysql_upgrade to create it");
}
init_check_host();
......@@ -1576,7 +1591,6 @@ my_bool acl_reload(THD *thd)
DBUG_RETURN(return_val);
}
/*
Get all access bits from table after fieldnr
......@@ -1608,8 +1622,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
((Field_enum*) (*pos))->typelib->count == 2 ;
pos++, fieldnr++, bit<<=1)
{
(*pos)->val_str(&res);
if (my_toupper(&my_charset_latin1, res[0]) == 'Y')
if (get_YN_as_bool(*pos))
access_bits|= bit;
}
if (next_field)
......@@ -1634,7 +1647,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
FALSE otherwise
*/
static inline bool check_is_role(TABLE *form)
static bool check_is_role(TABLE *form)
{
char buff[2];
String res(buff, sizeof(buff), &my_charset_latin1);
......@@ -1642,8 +1655,7 @@ static inline bool check_is_role(TABLE *form)
if (form->s->fields <= 42)
return FALSE;
form->field[ROLE_ASSIGN_COLUMN_IDX]->val_str(&res);
if (my_toupper(&my_charset_latin1, res[0]) == 'Y')
if (get_YN_as_bool(form->field[ROLE_ASSIGN_COLUMN_IDX]))
return TRUE;
return FALSE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment