Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
e26056e1
Commit
e26056e1
authored
Feb 12, 2020
by
Alexander Barkov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MDEV-21704 Add a new JSON field "version_id" into mysql.global_priv.priv
parent
0c35e80d
Changes
9
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
340 additions
and
23 deletions
+340
-23
mysql-test/main/system_mysql_db_error_log-master.opt
mysql-test/main/system_mysql_db_error_log-master.opt
+1
-0
mysql-test/main/system_mysql_db_error_log.result
mysql-test/main/system_mysql_db_error_log.result
+111
-0
mysql-test/main/system_mysql_db_error_log.test
mysql-test/main/system_mysql_db_error_log.test
+109
-0
mysql-test/suite/funcs_1/r/is_user_privileges.result
mysql-test/suite/funcs_1/r/is_user_privileges.result
+33
-0
mysql-test/suite/funcs_1/t/is_user_privileges.test
mysql-test/suite/funcs_1/t/is_user_privileges.test
+15
-11
mysql-test/suite/plugins/r/multiauth.result
mysql-test/suite/plugins/r/multiauth.result
+1
-0
mysql-test/suite/plugins/t/multiauth.test
mysql-test/suite/plugins/t/multiauth.test
+5
-1
sql/privilege.h
sql/privilege.h
+10
-3
sql/sql_acl.cc
sql/sql_acl.cc
+55
-8
No files found.
mysql-test/main/system_mysql_db_error_log-master.opt
0 → 100644
View file @
e26056e1
--log-error=$MYSQLTEST_VARDIR/tmp/system_mysql_db_error_log.err
mysql-test/main/system_mysql_db_error_log.result
0 → 100644
View file @
e26056e1
#
# MDEV-21704 Add a new JSON field "version_id" into mysql.global_priv.priv
#
SET @super_acl_100500= 1 << 15;
SELECT HEX(@super_acl_100500);
HEX(@super_acl_100500)
8000
SET @all_known_privileges_100500= (1 << 30) - 1;
SELECT HEX(@all_known_privileges_100500);
HEX(@all_known_privileges_100500)
3FFFFFFF
SET @all_known_privileges_current= (1 << 30) - 1;
SELECT HEX(@all_known_privileges_current);
HEX(@all_known_privileges_current)
3FFFFFFF
CREATE USER bad_access1@localhost;
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.access',@all_known_privileges_current+1)
WHERE
host='localhost' and user='bad_access1';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_access1@localhost;
Grants for bad_access1@localhost
GRANT USAGE ON *.* TO `bad_access1`@`localhost`
DROP USER bad_access1@localhost;
CREATE USER bad_version_id_1000000@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_1000000@localhost;
SHOW GRANTS FOR bad_version_id_1000000@localhost;
Grants for bad_version_id_1000000@localhost
GRANT ALL PRIVILEGES ON *.* TO `bad_version_id_1000000`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',1000000)
WHERE
host='localhost' and user='bad_version_id_1000000';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_1000000@localhost;
Grants for bad_version_id_1000000@localhost
GRANT USAGE ON *.* TO `bad_version_id_1000000`@`localhost`
DROP USER bad_version_id_1000000@localhost;
CREATE USER bad_version_id_minus_3@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_minus_3@localhost;
SHOW GRANTS FOR bad_version_id_minus_3@localhost;
Grants for bad_version_id_minus_3@localhost
GRANT ALL PRIVILEGES ON *.* TO `bad_version_id_minus_3`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',-3)
WHERE
host='localhost' and user='bad_version_id_minus_3';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_minus_3@localhost;
Grants for bad_version_id_minus_3@localhost
GRANT USAGE ON *.* TO `bad_version_id_minus_3`@`localhost`
DROP USER bad_version_id_minus_3@localhost;
CREATE USER bad_version_id_100300@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_100300@localhost;
SHOW GRANTS FOR bad_version_id_100300@localhost;
Grants for bad_version_id_100300@localhost
GRANT ALL PRIVILEGES ON *.* TO `bad_version_id_100300`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100300)
WHERE
host='localhost' and user='bad_version_id_100300';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_100300@localhost;
Grants for bad_version_id_100300@localhost
GRANT USAGE ON *.* TO `bad_version_id_100300`@`localhost`
DROP USER bad_version_id_100300@localhost;
CREATE USER good_version_id_100400@localhost;
GRANT ALL PRIVILEGES ON *.* to good_version_id_100400@localhost;
SHOW GRANTS FOR good_version_id_100400@localhost;
Grants for good_version_id_100400@localhost
GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100400, '$.access', @all_known_privileges_100500)
WHERE
host='localhost' and user='good_version_id_100400';
FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100400@localhost;
Grants for good_version_id_100400@localhost
GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION
DROP USER good_version_id_100400@localhost;
CREATE USER good_version_id_100500@localhost;
GRANT SUPER ON *.* to good_version_id_100500@localhost;
SHOW GRANTS FOR good_version_id_100500@localhost;
Grants for good_version_id_100500@localhost
GRANT SUPER ON *.* TO `good_version_id_100500`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100500)
WHERE
host='localhost' and user='good_version_id_100500';
FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100500@localhost;
Grants for good_version_id_100500@localhost
GRANT SUPER ON *.* TO `good_version_id_100500`@`localhost`
DROP USER good_version_id_100500@localhost;
FOUND 1 /Warning.*'user' entry 'bad_access1@localhost' has a wrong 'access' value.*version_id=/ in system_mysql_db_error_log.err
FOUND 1 /Warning.*'user' entry 'bad_version_id_1000000@localhost' has a wrong 'version_id' value 1000000/ in system_mysql_db_error_log.err
FOUND 1 /Warning.*'user' entry 'bad_version_id_minus_3@localhost' has a wrong 'version_id' value -3/ in system_mysql_db_error_log.err
FOUND 1 /Warning.*'user' entry 'bad_version_id_100300@localhost' has a wrong 'version_id' value 100300/ in system_mysql_db_error_log.err
mysql-test/main/system_mysql_db_error_log.test
0 → 100644
View file @
e26056e1
--
source
include
/
not_embedded
.
inc
--
echo
#
--
echo
# MDEV-21704 Add a new JSON field "version_id" into mysql.global_priv.priv
--
echo
#
SET
@
super_acl_100500
=
1
<<
15
;
SELECT
HEX
(
@
super_acl_100500
);
SET
@
all_known_privileges_100500
=
(
1
<<
30
)
-
1
;
SELECT
HEX
(
@
all_known_privileges_100500
);
SET
@
all_known_privileges_current
=
(
1
<<
30
)
-
1
;
SELECT
HEX
(
@
all_known_privileges_current
);
CREATE
USER
bad_access1
@
localhost
;
UPDATE
mysql
.
global_priv
SET
Priv
=
json_set
(
Priv
,
'$.access'
,
@
all_known_privileges_current
+
1
)
WHERE
host
=
'localhost'
and
user
=
'bad_access1'
;
FLUSH
PRIVILEGES
;
SHOW
GRANTS
FOR
bad_access1
@
localhost
;
DROP
USER
bad_access1
@
localhost
;
CREATE
USER
bad_version_id_1000000
@
localhost
;
GRANT
ALL
PRIVILEGES
ON
*.*
to
bad_version_id_1000000
@
localhost
;
SHOW
GRANTS
FOR
bad_version_id_1000000
@
localhost
;
UPDATE
mysql
.
global_priv
SET
Priv
=
json_set
(
Priv
,
'$.version_id'
,
1000000
)
WHERE
host
=
'localhost'
and
user
=
'bad_version_id_1000000'
;
FLUSH
PRIVILEGES
;
SHOW
GRANTS
FOR
bad_version_id_1000000
@
localhost
;
DROP
USER
bad_version_id_1000000
@
localhost
;
CREATE
USER
bad_version_id_minus_3
@
localhost
;
GRANT
ALL
PRIVILEGES
ON
*.*
to
bad_version_id_minus_3
@
localhost
;
SHOW
GRANTS
FOR
bad_version_id_minus_3
@
localhost
;
UPDATE
mysql
.
global_priv
SET
Priv
=
json_set
(
Priv
,
'$.version_id'
,
-
3
)
WHERE
host
=
'localhost'
and
user
=
'bad_version_id_minus_3'
;
FLUSH
PRIVILEGES
;
SHOW
GRANTS
FOR
bad_version_id_minus_3
@
localhost
;
DROP
USER
bad_version_id_minus_3
@
localhost
;
CREATE
USER
bad_version_id_100300
@
localhost
;
GRANT
ALL
PRIVILEGES
ON
*.*
to
bad_version_id_100300
@
localhost
;
SHOW
GRANTS
FOR
bad_version_id_100300
@
localhost
;
UPDATE
mysql
.
global_priv
SET
Priv
=
json_set
(
Priv
,
'$.version_id'
,
100300
)
WHERE
host
=
'localhost'
and
user
=
'bad_version_id_100300'
;
FLUSH
PRIVILEGES
;
SHOW
GRANTS
FOR
bad_version_id_100300
@
localhost
;
DROP
USER
bad_version_id_100300
@
localhost
;
CREATE
USER
good_version_id_100400
@
localhost
;
GRANT
ALL
PRIVILEGES
ON
*.*
to
good_version_id_100400
@
localhost
;
SHOW
GRANTS
FOR
good_version_id_100400
@
localhost
;
UPDATE
mysql
.
global_priv
SET
Priv
=
json_set
(
Priv
,
'$.version_id'
,
100400
,
'$.access'
,
@
all_known_privileges_100500
)
WHERE
host
=
'localhost'
and
user
=
'good_version_id_100400'
;
FLUSH
PRIVILEGES
;
SHOW
GRANTS
FOR
good_version_id_100400
@
localhost
;
DROP
USER
good_version_id_100400
@
localhost
;
CREATE
USER
good_version_id_100500
@
localhost
;
GRANT
SUPER
ON
*.*
to
good_version_id_100500
@
localhost
;
SHOW
GRANTS
FOR
good_version_id_100500
@
localhost
;
UPDATE
mysql
.
global_priv
SET
Priv
=
json_set
(
Priv
,
'$.version_id'
,
100500
)
WHERE
host
=
'localhost'
and
user
=
'good_version_id_100500'
;
FLUSH
PRIVILEGES
;
SHOW
GRANTS
FOR
good_version_id_100500
@
localhost
;
DROP
USER
good_version_id_100500
@
localhost
;
--
let
SEARCH_FILE
=
$MYSQLTEST_VARDIR
/
tmp
/
system_mysql_db_error_log
.
err
--
let
SEARCH_PATTERN
=
Warning
.*
'user'
entry
'bad_access1@localhost'
has
a
wrong
'access'
value
.*
version_id
=
--
source
include
/
search_pattern_in_file
.
inc
--
let
SEARCH_PATTERN
=
Warning
.*
'user'
entry
'bad_version_id_1000000@localhost'
has
a
wrong
'version_id'
value
1000000
--
source
include
/
search_pattern_in_file
.
inc
--
let
SEARCH_PATTERN
=
Warning
.*
'user'
entry
'bad_version_id_minus_3@localhost'
has
a
wrong
'version_id'
value
-
3
--
source
include
/
search_pattern_in_file
.
inc
--
let
SEARCH_PATTERN
=
Warning
.*
'user'
entry
'bad_version_id_100300@localhost'
has
a
wrong
'version_id'
value
100300
--
source
include
/
search_pattern_in_file
.
inc
mysql-test/suite/funcs_1/r/is_user_privileges.result
View file @
e26056e1
...
...
@@ -90,6 +90,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -98,6 +99,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -106,6 +108,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -138,6 +141,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -146,6 +150,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -154,6 +159,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -172,6 +178,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -180,6 +187,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -188,6 +196,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -228,6 +237,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 1,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -236,6 +246,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -244,6 +255,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -276,6 +288,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 1025,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -284,6 +297,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -292,6 +306,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -310,6 +325,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 1025,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -318,6 +334,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -326,6 +343,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -396,6 +414,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -404,6 +423,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -412,6 +432,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -477,6 +498,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -485,6 +507,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -493,6 +516,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -511,6 +535,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -519,6 +544,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -527,6 +553,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -552,6 +579,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -560,6 +588,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -568,6 +597,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -608,6 +638,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -616,6 +647,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
@@ -624,6 +656,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
...
...
mysql-test/suite/funcs_1/t/is_user_privileges.test
View file @
e26056e1
...
...
@@ -25,6 +25,10 @@ let $other_engine_type = MyISAM;
let
$is_table
=
USER_PRIVILEGES
;
let
$REGEX_VERSION_ID
=/
$mysql_get_server_version
/
VERSION_ID
/
;
let
$REGEX_PASSWORD_LAST_CHANGED
=/
password_last_changed
": [0-9]*/password_last_changed"
:
#/;
let
$REGEX_GLOBAL_PRIV
=
$REGEX_PASSWORD_LAST_CHANGED
$REGEX_VERSION_ID
;
# The table INFORMATION_SCHEMA.USER_PRIVILEGES must exist
eval
SHOW
TABLES
FROM
information_schema
LIKE
'$is_table'
;
...
...
@@ -103,7 +107,7 @@ WHERE user LIKE 'testuser%' ORDER BY host, user;
let
$my_show
=
SHOW
GRANTS
;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
...
...
@@ -112,7 +116,7 @@ eval $my_select2;
GRANT
UPDATE
ON
db_datadict
.*
TO
'testuser1'
@
'localhost'
WITH
GRANT
OPTION
;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
...
...
@@ -120,7 +124,7 @@ eval $my_select2;
connect
(
testuser1
,
localhost
,
testuser1
,
,
db_datadict
);
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
eval
$my_show
;
...
...
@@ -134,7 +138,7 @@ GRANT SELECT ON *.* TO 'testuser1'@'localhost';
--
echo
# Here <SELECT NO> is shown correctly for testuser1;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
...
...
@@ -143,7 +147,7 @@ GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
--
echo
# Here <SELECT YES> is shown correctly for testuser1;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
...
...
@@ -151,7 +155,7 @@ eval $my_select2;
connection
testuser1
;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
eval
$my_show
;
...
...
@@ -180,7 +184,7 @@ connection default;
REVOKE
ALL
PRIVILEGES
,
GRANT
OPTION
FROM
'testuser1'
@
'localhost'
;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
...
...
@@ -213,14 +217,14 @@ GRANT ALL ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
GRANT
SELECT
ON
mysql
.
global_priv
TO
'testuser1'
@
'localhost'
;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
connection
testuser1
;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
eval
$my_show
;
...
...
@@ -233,7 +237,7 @@ CREATE TABLE db_datadict.tb_56 ( c1 TEXT );
USE
db_datadict
;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
eval
$my_show
;
...
...
@@ -248,7 +252,7 @@ connection default;
REVOKE
ALL
PRIVILEGES
,
GRANT
OPTION
FROM
'testuser1'
@
'localhost'
;
--
vertical_results
eval
$my_select1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
eval
$my_select2
;
--
horizontal_results
...
...
mysql-test/suite/plugins/r/multiauth.result
View file @
e26056e1
...
...
@@ -106,6 +106,7 @@ select json_detailed(priv) from mysql.global_priv where user='mysqltest1';
json_detailed(priv)
{
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "*7D8C3DF236D9163B6C274A9D47704BC496988460",
"auth_or":
...
...
mysql-test/suite/plugins/t/multiauth.test
View file @
e26056e1
let
$REGEX_VERSION_ID
=/
$mysql_get_server_version
/
VERSION_ID
/
;
let
$REGEX_PASSWORD_LAST_CHANGED
=/
password_last_changed
": [0-9]*/password_last_changed"
:
#/;
let
$REGEX_GLOBAL_PRIV
=
$REGEX_PASSWORD_LAST_CHANGED
$REGEX_VERSION_ID
;
#
# MDEV-11340 Allow multiple alternative authentication methods for the same user
#
...
...
@@ -130,7 +134,7 @@ drop user mysqltest1;
#
create
user
mysqltest1
identified
via
ed25519
as
password
(
"good"
)
OR
unix_socket
OR
mysql_native_password
as
password
(
"works"
);
show
grants
for
mysqltest1
;
--
replace_regex
/
password_last_changed
": [0-9]*/password_last_changed"
:
#/
--
replace_regex
$REGEX_GLOBAL_PRIV
select
json_detailed
(
priv
)
from
mysql
.
global_priv
where
user
=
'mysqltest1'
;
select
password
,
plugin
,
authentication_string
from
mysql
.
user
where
user
=
'mysqltest1'
;
flush
privileges
;
...
...
sql/privilege.h
View file @
e26056e1
...
...
@@ -58,7 +58,7 @@ enum privilege_t: unsigned long long
EVENT_ACL
=
(
1UL
<<
26
),
TRIGGER_ACL
=
(
1UL
<<
27
),
CREATE_TABLESPACE_ACL
=
(
1UL
<<
28
),
DELETE_HISTORY_ACL
=
(
1UL
<<
29
),
DELETE_HISTORY_ACL
=
(
1UL
<<
29
),
// Added in 10.3.4
/*
don't forget to update
1. static struct show_privileges_st sys_privileges[]
...
...
@@ -66,12 +66,19 @@ enum privilege_t: unsigned long long
3. mysql_system_tables.sql and mysql_system_tables_fix.sql
4. acl_init() or whatever - to define behaviour for old privilege tables
5. sql_yacc.yy - for GRANT/REVOKE to work
6. ALL_KNOWN_ACL
6. Add a new ALL_KNOWN_ACL_VERSION
7. Change ALL_KNOWN_ACL to ALL_KNOWN_ACL_VERSION
8. Update User_table_json::get_access()
*/
ALL_KNOWN_ACL
=
(
1UL
<<
30
)
-
1
// A combination of all defined bits
// A combination of all bits defined in 10.3.4 (and earlier)
ALL_KNOWN_ACL_100304
=
(
1UL
<<
30
)
-
1
};
constexpr
privilege_t
ALL_KNOWN_ACL
=
ALL_KNOWN_ACL_100304
;
// Unary operators
static
inline
constexpr
ulonglong
operator
~
(
privilege_t
access
)
{
...
...
sql/sql_acl.cc
View file @
e26056e1
...
...
@@ -1470,15 +1470,65 @@ class User_table_json: public User_table
set_str_value
(
"authentication_string"
,
u
.
auth
[
i
].
auth_string
.
str
,
u
.
auth
[
i
].
auth_string
.
length
);
}
void
print_warning_bad_version_id
(
ulonglong
version_id
)
const
{
sql_print_warning
(
"'user' entry '%s@%s' has a wrong 'version_id' value %lld"
,
safe_str
(
get_user
(
current_thd
->
mem_root
)),
safe_str
(
get_host
(
current_thd
->
mem_root
)),
version_id
);
}
void
print_warning_bad_access
(
ulonglong
version_id
,
privilege_t
mask
,
ulonglong
access
)
const
{
sql_print_warning
(
"'user' entry '%s@%s' "
"has a wrong 'access' value 0x%llx "
"(allowed mask is 0x%llx, version_id=%lld)"
,
safe_str
(
get_user
(
current_thd
->
mem_root
)),
safe_str
(
get_host
(
current_thd
->
mem_root
)),
access
,
mask
,
version_id
);
}
privilege_t
adjust_access
(
ulonglong
version_id
,
ulonglong
access
)
const
{
privilege_t
mask
=
ALL_KNOWN_ACL_100304
;
if
(
access
&
~
mask
)
{
print_warning_bad_access
(
version_id
,
mask
,
access
);
return
NO_ACL
;
}
return
access
&
mask
;
}
privilege_t
get_access
()
const
{
ulonglong
version_id
=
(
ulonglong
)
get_int_value
(
"version_id"
);
ulonglong
access
=
(
ulonglong
)
get_int_value
(
"access"
);
/*
Special case:
mysql_system_tables_data.sql populates "ALL PRIVILEGES"
for the super user this way:
{"access":18446744073709551615}
*/
if
(
access
==
(
ulonglong
)
~
0
)
return
GLOBAL_ACLS
;
/*
when new privileges will be added, we'll start storing GLOBAL_ACLS
(or, for example, my_count_bits(GLOBAL_ACLS))
in the json too, and it'll allow us to do privilege upgrades
Reject obviously bad (negative and too large) version_id values.
Also reject versions before 10.4.0 (when JSON table was added).
*/
return
get_access_value
(
"access"
)
&
GLOBAL_ACLS
;
if
((
longlong
)
version_id
<
0
||
version_id
>
999999
||
(
version_id
>
0
&&
version_id
<
100400
))
{
print_warning_bad_version_id
(
version_id
);
return
NO_ACL
;
}
return
adjust_access
(
version_id
,
access
)
&
GLOBAL_ACLS
;
}
void
set_access
(
const
privilege_t
rights
,
bool
revoke
)
const
{
privilege_t
access
=
get_access
();
...
...
@@ -1487,6 +1537,7 @@ class User_table_json: public User_table
else
access
|=
rights
;
set_int_value
(
"access"
,
(
longlong
)
(
access
&
GLOBAL_ACLS
));
set_int_value
(
"version_id"
,
(
longlong
)
MYSQL_VERSION_ID
);
}
const
char
*
unsafe_str
(
const
char
*
s
)
const
{
return
s
[
0
]
?
s
:
NULL
;
}
...
...
@@ -1607,10 +1658,6 @@ class User_table_json: public User_table
const
char
*
value_end
=
value_start
+
value_len
;
return
my_strtoll10
(
value_start
,
(
char
**
)
&
value_end
,
&
err
);
}
privilege_t
get_access_value
(
const
char
*
key
)
const
{
return
privilege_t
(
ALL_KNOWN_ACL
&
(
ulonglong
)
get_int_value
(
key
));
}
double
get_double_value
(
const
char
*
key
)
const
{
int
err
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment