Commit e26056e1 authored by Alexander Barkov's avatar Alexander Barkov

MDEV-21704 Add a new JSON field "version_id" into mysql.global_priv.priv

parent 0c35e80d
--log-error=$MYSQLTEST_VARDIR/tmp/system_mysql_db_error_log.err
#
# MDEV-21704 Add a new JSON field "version_id" into mysql.global_priv.priv
#
SET @super_acl_100500= 1 << 15;
SELECT HEX(@super_acl_100500);
HEX(@super_acl_100500)
8000
SET @all_known_privileges_100500= (1 << 30) - 1;
SELECT HEX(@all_known_privileges_100500);
HEX(@all_known_privileges_100500)
3FFFFFFF
SET @all_known_privileges_current= (1 << 30) - 1;
SELECT HEX(@all_known_privileges_current);
HEX(@all_known_privileges_current)
3FFFFFFF
CREATE USER bad_access1@localhost;
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.access',@all_known_privileges_current+1)
WHERE
host='localhost' and user='bad_access1';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_access1@localhost;
Grants for bad_access1@localhost
GRANT USAGE ON *.* TO `bad_access1`@`localhost`
DROP USER bad_access1@localhost;
CREATE USER bad_version_id_1000000@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_1000000@localhost;
SHOW GRANTS FOR bad_version_id_1000000@localhost;
Grants for bad_version_id_1000000@localhost
GRANT ALL PRIVILEGES ON *.* TO `bad_version_id_1000000`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',1000000)
WHERE
host='localhost' and user='bad_version_id_1000000';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_1000000@localhost;
Grants for bad_version_id_1000000@localhost
GRANT USAGE ON *.* TO `bad_version_id_1000000`@`localhost`
DROP USER bad_version_id_1000000@localhost;
CREATE USER bad_version_id_minus_3@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_minus_3@localhost;
SHOW GRANTS FOR bad_version_id_minus_3@localhost;
Grants for bad_version_id_minus_3@localhost
GRANT ALL PRIVILEGES ON *.* TO `bad_version_id_minus_3`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',-3)
WHERE
host='localhost' and user='bad_version_id_minus_3';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_minus_3@localhost;
Grants for bad_version_id_minus_3@localhost
GRANT USAGE ON *.* TO `bad_version_id_minus_3`@`localhost`
DROP USER bad_version_id_minus_3@localhost;
CREATE USER bad_version_id_100300@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_100300@localhost;
SHOW GRANTS FOR bad_version_id_100300@localhost;
Grants for bad_version_id_100300@localhost
GRANT ALL PRIVILEGES ON *.* TO `bad_version_id_100300`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100300)
WHERE
host='localhost' and user='bad_version_id_100300';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_100300@localhost;
Grants for bad_version_id_100300@localhost
GRANT USAGE ON *.* TO `bad_version_id_100300`@`localhost`
DROP USER bad_version_id_100300@localhost;
CREATE USER good_version_id_100400@localhost;
GRANT ALL PRIVILEGES ON *.* to good_version_id_100400@localhost;
SHOW GRANTS FOR good_version_id_100400@localhost;
Grants for good_version_id_100400@localhost
GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100400, '$.access', @all_known_privileges_100500)
WHERE
host='localhost' and user='good_version_id_100400';
FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100400@localhost;
Grants for good_version_id_100400@localhost
GRANT ALL PRIVILEGES ON *.* TO `good_version_id_100400`@`localhost` WITH GRANT OPTION
DROP USER good_version_id_100400@localhost;
CREATE USER good_version_id_100500@localhost;
GRANT SUPER ON *.* to good_version_id_100500@localhost;
SHOW GRANTS FOR good_version_id_100500@localhost;
Grants for good_version_id_100500@localhost
GRANT SUPER ON *.* TO `good_version_id_100500`@`localhost`
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100500)
WHERE
host='localhost' and user='good_version_id_100500';
FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100500@localhost;
Grants for good_version_id_100500@localhost
GRANT SUPER ON *.* TO `good_version_id_100500`@`localhost`
DROP USER good_version_id_100500@localhost;
FOUND 1 /Warning.*'user' entry 'bad_access1@localhost' has a wrong 'access' value.*version_id=/ in system_mysql_db_error_log.err
FOUND 1 /Warning.*'user' entry 'bad_version_id_1000000@localhost' has a wrong 'version_id' value 1000000/ in system_mysql_db_error_log.err
FOUND 1 /Warning.*'user' entry 'bad_version_id_minus_3@localhost' has a wrong 'version_id' value -3/ in system_mysql_db_error_log.err
FOUND 1 /Warning.*'user' entry 'bad_version_id_100300@localhost' has a wrong 'version_id' value 100300/ in system_mysql_db_error_log.err
--source include/not_embedded.inc
--echo #
--echo # MDEV-21704 Add a new JSON field "version_id" into mysql.global_priv.priv
--echo #
SET @super_acl_100500= 1 << 15;
SELECT HEX(@super_acl_100500);
SET @all_known_privileges_100500= (1 << 30) - 1;
SELECT HEX(@all_known_privileges_100500);
SET @all_known_privileges_current= (1 << 30) - 1;
SELECT HEX(@all_known_privileges_current);
CREATE USER bad_access1@localhost;
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.access',@all_known_privileges_current+1)
WHERE
host='localhost' and user='bad_access1';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_access1@localhost;
DROP USER bad_access1@localhost;
CREATE USER bad_version_id_1000000@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_1000000@localhost;
SHOW GRANTS FOR bad_version_id_1000000@localhost;
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',1000000)
WHERE
host='localhost' and user='bad_version_id_1000000';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_1000000@localhost;
DROP USER bad_version_id_1000000@localhost;
CREATE USER bad_version_id_minus_3@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_minus_3@localhost;
SHOW GRANTS FOR bad_version_id_minus_3@localhost;
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',-3)
WHERE
host='localhost' and user='bad_version_id_minus_3';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_minus_3@localhost;
DROP USER bad_version_id_minus_3@localhost;
CREATE USER bad_version_id_100300@localhost;
GRANT ALL PRIVILEGES ON *.* to bad_version_id_100300@localhost;
SHOW GRANTS FOR bad_version_id_100300@localhost;
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100300)
WHERE
host='localhost' and user='bad_version_id_100300';
FLUSH PRIVILEGES;
SHOW GRANTS FOR bad_version_id_100300@localhost;
DROP USER bad_version_id_100300@localhost;
CREATE USER good_version_id_100400@localhost;
GRANT ALL PRIVILEGES ON *.* to good_version_id_100400@localhost;
SHOW GRANTS FOR good_version_id_100400@localhost;
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100400, '$.access', @all_known_privileges_100500)
WHERE
host='localhost' and user='good_version_id_100400';
FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100400@localhost;
DROP USER good_version_id_100400@localhost;
CREATE USER good_version_id_100500@localhost;
GRANT SUPER ON *.* to good_version_id_100500@localhost;
SHOW GRANTS FOR good_version_id_100500@localhost;
UPDATE
mysql.global_priv
SET
Priv=json_set(Priv, '$.version_id',100500)
WHERE
host='localhost' and user='good_version_id_100500';
FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100500@localhost;
DROP USER good_version_id_100500@localhost;
--let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/system_mysql_db_error_log.err
--let SEARCH_PATTERN= Warning.*'user' entry 'bad_access1@localhost' has a wrong 'access' value.*version_id=
--source include/search_pattern_in_file.inc
--let SEARCH_PATTERN= Warning.*'user' entry 'bad_version_id_1000000@localhost' has a wrong 'version_id' value 1000000
--source include/search_pattern_in_file.inc
--let SEARCH_PATTERN= Warning.*'user' entry 'bad_version_id_minus_3@localhost' has a wrong 'version_id' value -3
--source include/search_pattern_in_file.inc
--let SEARCH_PATTERN= Warning.*'user' entry 'bad_version_id_100300@localhost' has a wrong 'version_id' value 100300
--source include/search_pattern_in_file.inc
......@@ -90,6 +90,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -98,6 +99,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -106,6 +108,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -138,6 +141,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -146,6 +150,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -154,6 +159,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -172,6 +178,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -180,6 +187,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -188,6 +196,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -228,6 +237,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 1,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -236,6 +246,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -244,6 +255,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -276,6 +288,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 1025,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -284,6 +297,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -292,6 +306,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -310,6 +325,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 1025,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -318,6 +334,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -326,6 +343,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -396,6 +414,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -404,6 +423,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -412,6 +432,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -477,6 +498,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -485,6 +507,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -493,6 +516,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -511,6 +535,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -519,6 +544,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -527,6 +553,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -552,6 +579,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -560,6 +588,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -568,6 +597,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -608,6 +638,7 @@ host localhost
user testuser1
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -616,6 +647,7 @@ host localhost
user testuser2
json_detailed(priv) {
"access": 6,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......@@ -624,6 +656,7 @@ host localhost
user testuser3
json_detailed(priv) {
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "",
"password_last_changed": #
......
......@@ -25,6 +25,10 @@ let $other_engine_type = MyISAM;
let $is_table = USER_PRIVILEGES;
let $REGEX_VERSION_ID=/$mysql_get_server_version/VERSION_ID/;
let $REGEX_PASSWORD_LAST_CHANGED=/password_last_changed": [0-9]*/password_last_changed": #/;
let $REGEX_GLOBAL_PRIV=$REGEX_PASSWORD_LAST_CHANGED $REGEX_VERSION_ID;
# The table INFORMATION_SCHEMA.USER_PRIVILEGES must exist
eval SHOW TABLES FROM information_schema LIKE '$is_table';
......@@ -103,7 +107,7 @@ WHERE user LIKE 'testuser%' ORDER BY host, user;
let $my_show= SHOW GRANTS;
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
......@@ -112,7 +116,7 @@ eval $my_select2;
GRANT UPDATE ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
......@@ -120,7 +124,7 @@ eval $my_select2;
connect (testuser1, localhost, testuser1, , db_datadict);
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
eval $my_show;
......@@ -134,7 +138,7 @@ GRANT SELECT ON *.* TO 'testuser1'@'localhost';
--echo # Here <SELECT NO> is shown correctly for testuser1;
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
......@@ -143,7 +147,7 @@ GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
--echo # Here <SELECT YES> is shown correctly for testuser1;
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
......@@ -151,7 +155,7 @@ eval $my_select2;
connection testuser1;
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
eval $my_show;
......@@ -180,7 +184,7 @@ connection default;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'testuser1'@'localhost';
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
......@@ -213,14 +217,14 @@ GRANT ALL ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
GRANT SELECT ON mysql.global_priv TO 'testuser1'@'localhost';
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
connection testuser1;
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
eval $my_show;
......@@ -233,7 +237,7 @@ CREATE TABLE db_datadict.tb_56 ( c1 TEXT );
USE db_datadict;
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
eval $my_show;
......@@ -248,7 +252,7 @@ connection default;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'testuser1'@'localhost';
--vertical_results
eval $my_select1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
eval $my_select2;
--horizontal_results
......
......@@ -106,6 +106,7 @@ select json_detailed(priv) from mysql.global_priv where user='mysqltest1';
json_detailed(priv)
{
"access": 0,
"version_id": VERSION_ID,
"plugin": "mysql_native_password",
"authentication_string": "*7D8C3DF236D9163B6C274A9D47704BC496988460",
"auth_or":
......
let $REGEX_VERSION_ID=/$mysql_get_server_version/VERSION_ID/;
let $REGEX_PASSWORD_LAST_CHANGED=/password_last_changed": [0-9]*/password_last_changed": #/;
let $REGEX_GLOBAL_PRIV=$REGEX_PASSWORD_LAST_CHANGED $REGEX_VERSION_ID;
#
# MDEV-11340 Allow multiple alternative authentication methods for the same user
#
......@@ -130,7 +134,7 @@ drop user mysqltest1;
#
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
show grants for mysqltest1;
--replace_regex /password_last_changed": [0-9]*/password_last_changed": #/
--replace_regex $REGEX_GLOBAL_PRIV
select json_detailed(priv) from mysql.global_priv where user='mysqltest1';
select password,plugin,authentication_string from mysql.user where user='mysqltest1';
flush privileges;
......
......@@ -58,7 +58,7 @@ enum privilege_t: unsigned long long
EVENT_ACL = (1UL << 26),
TRIGGER_ACL = (1UL << 27),
CREATE_TABLESPACE_ACL = (1UL << 28),
DELETE_HISTORY_ACL = (1UL << 29),
DELETE_HISTORY_ACL = (1UL << 29), // Added in 10.3.4
/*
don't forget to update
1. static struct show_privileges_st sys_privileges[]
......@@ -66,12 +66,19 @@ enum privilege_t: unsigned long long
3. mysql_system_tables.sql and mysql_system_tables_fix.sql
4. acl_init() or whatever - to define behaviour for old privilege tables
5. sql_yacc.yy - for GRANT/REVOKE to work
6. ALL_KNOWN_ACL
6. Add a new ALL_KNOWN_ACL_VERSION
7. Change ALL_KNOWN_ACL to ALL_KNOWN_ACL_VERSION
8. Update User_table_json::get_access()
*/
ALL_KNOWN_ACL = (1UL << 30) - 1 // A combination of all defined bits
// A combination of all bits defined in 10.3.4 (and earlier)
ALL_KNOWN_ACL_100304 = (1UL << 30) - 1
};
constexpr privilege_t ALL_KNOWN_ACL= ALL_KNOWN_ACL_100304;
// Unary operators
static inline constexpr ulonglong operator~(privilege_t access)
{
......
......@@ -1470,15 +1470,65 @@ class User_table_json: public User_table
set_str_value("authentication_string",
u.auth[i].auth_string.str, u.auth[i].auth_string.length);
}
void print_warning_bad_version_id(ulonglong version_id) const
{
sql_print_warning("'user' entry '%s@%s' has a wrong 'version_id' value %lld",
safe_str(get_user(current_thd->mem_root)),
safe_str(get_host(current_thd->mem_root)),
version_id);
}
void print_warning_bad_access(ulonglong version_id,
privilege_t mask,
ulonglong access) const
{
sql_print_warning("'user' entry '%s@%s' "
"has a wrong 'access' value 0x%llx "
"(allowed mask is 0x%llx, version_id=%lld)",
safe_str(get_user(current_thd->mem_root)),
safe_str(get_host(current_thd->mem_root)),
access, mask, version_id);
}
privilege_t adjust_access(ulonglong version_id, ulonglong access) const
{
privilege_t mask= ALL_KNOWN_ACL_100304;
if (access & ~mask)
{
print_warning_bad_access(version_id, mask, access);
return NO_ACL;
}
return access & mask;
}
privilege_t get_access() const
{
ulonglong version_id= (ulonglong) get_int_value("version_id");
ulonglong access= (ulonglong) get_int_value("access");
/*
Special case:
mysql_system_tables_data.sql populates "ALL PRIVILEGES"
for the super user this way:
{"access":18446744073709551615}
*/
if (access == (ulonglong) ~0)
return GLOBAL_ACLS;
/*
when new privileges will be added, we'll start storing GLOBAL_ACLS
(or, for example, my_count_bits(GLOBAL_ACLS))
in the json too, and it'll allow us to do privilege upgrades
Reject obviously bad (negative and too large) version_id values.
Also reject versions before 10.4.0 (when JSON table was added).
*/
return get_access_value("access") & GLOBAL_ACLS;
if ((longlong) version_id < 0 || version_id > 999999 ||
(version_id > 0 && version_id < 100400))
{
print_warning_bad_version_id(version_id);
return NO_ACL;
}
return adjust_access(version_id, access) & GLOBAL_ACLS;
}
void set_access(const privilege_t rights, bool revoke) const
{
privilege_t access= get_access();
......@@ -1487,6 +1537,7 @@ class User_table_json: public User_table
else
access|= rights;
set_int_value("access", (longlong) (access & GLOBAL_ACLS));
set_int_value("version_id", (longlong) MYSQL_VERSION_ID);
}
const char *unsafe_str(const char *s) const
{ return s[0] ? s : NULL; }
......@@ -1607,10 +1658,6 @@ class User_table_json: public User_table
const char *value_end= value_start + value_len;
return my_strtoll10(value_start, (char**)&value_end, &err);
}
privilege_t get_access_value(const char *key) const
{
return privilege_t(ALL_KNOWN_ACL & (ulonglong) get_int_value(key));
}
double get_double_value(const char *key) const
{
int err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment