- 23 Oct, 2013 4 commits
-
-
Sergei Golubchik authored
-
Sergei Golubchik authored
MDEV-5172 safe_mutex: Trying to lock mutex when the mutex was already locked on using a role and I_S role tables don't forget to unlock if the current role isn't found
-
Sergei Golubchik authored
-
Sergei Golubchik authored
only remove this role from the arrays where it is present.
-
- 22 Oct, 2013 1 commit
-
-
Sergei Golubchik authored
-
- 20 Oct, 2013 3 commits
-
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
- 19 Oct, 2013 1 commit
-
-
Sergei Golubchik authored
-
- 18 Oct, 2013 31 commits
-
-
Sergei Golubchik authored
-
Sergei Golubchik authored
FLUSH PRIVILEGES no longer returns an error, when it was successful. LOCK_grant is no longed unlocked/relocked between tables_priv and procs_priv
-
Sergei Golubchik authored
Only allow NONE instead of a role name in SET ROLE. Don't allow PUBLIC as a role name anywhere (to be fixed later) Fix db_access calculations on SET ROLE Reduce the size of role_grants and parent_grantee per-user/role arrays. Fix the wording and specify the correct sqlstate for ER_INVALID_ROLE
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
functions for traversing the role graph in either direction. merging of global, database, table, column, routine privileges. debug status variables for counting number of privilege merges. tests.
-
Sergei Golubchik authored
Move key function from template parameter to the constructor
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
mainly to avoid the pattern of * get username/hostname/rolename * optionally find the corresponding ACL_USER and ACL_ROLE * allocate memory, concatenate username/hostname/rolename * call a function passing only this memory as an argument ** use concatenated username/etc to find ACL_USER and ACL_ROLE again ** do something * free the object Also to undo push_dynamic we use pop_dynamic now, not a linear search/scan through the dynamic array. as a bonus, role@ is now an invalid way to refer to a role.
-
Sergei Golubchik authored
(and an assert in myisam to catch these bugs easier in the future) update tests/results
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
sql/sp.cc: don't split "user@host" string in db_load_routine, because the caller needs to generate it from user and host. instead pass user and host directly into db_load_routine sql/sql_parse.cc: 1. REVOKE ALL doesn't need invoker. 2. make sp_process_definer() reusable sql/sql_trigger.cc: don't duplicate the code from sp_process_definer(), reuse it sql/sql_view.cc: don't duplicate the code from sp_process_definer(), reuse it
-
Sergei Golubchik authored
* work as documented, use CURRENT_USER() * move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
-
Sergei Golubchik authored
than an empty host '' is the same as any-host wildcard '%'. Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables. Side effect: one cannot have foo@'' and foo@'%' both at the same time (but one can have foo@'%' and foo@'%%')
-
Sergei Golubchik authored
-
Vicențiu Ciorbaru authored
Also fixed possible memory exploit by repeteadly calling: GRANT role to user; where role was already granted to user.
-
Vicențiu Ciorbaru authored
should deal with users, while role related functions should deal with roles.
-