mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added show role grants functionality to the mysql_show_grants function.

Browse source
This commit is contained in:
Vicențiu Ciorbaru 2013-10-18 06:17:47 -07:00 committed by Sergei Golubchik
parent 0fea3316dd
commit 1bfc610dc7
7 changed files with 104 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
mysql-test/r/acl_roles_set_role-multiple-role.result
View file

@ -62,10 +62,24 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
set role r_sel;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
localhost test_user r_crt
@ -79,6 +93,13 @@ set role r_ins;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT r_crt TO 'test_user'@'localhost'
GRANT r_del TO 'test_user'@'localhost'
GRANT r_drp TO 'test_user'@'localhost'
GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',

10
mysql-test/r/acl_roles_set_role-recursive.result
View file

@ -34,49 +34,59 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk='';
HostFk UserFk RoleFk
test_role1 test_role2
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role none;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role2;
ERROR HY000: The role 'test_role2' has not been granted or is invalid.
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping where HostFk='';
HostFk UserFk RoleFk
test_role1 test_role2
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role none;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
delete from mysql.user where user='test_role1';

2
mysql-test/r/acl_roles_set_role-simple.result
View file

@ -21,10 +21,12 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
localhost test_user test_role1

3
mysql-test/t/acl_roles_set_role-multiple-role.test
View file

@ -57,13 +57,16 @@ change_user 'test_user';
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
--sorted_result
show grants;
set role r_sel;
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping;
set role r_ins;
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

16
mysql-test/t/acl_roles_set_role-recursive.test
View file

@ -15,11 +15,16 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'test_role2');
flush privileges;
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping where UserFk like 'test_user';
--sorted_result
select * from mysql.roles_mapping where UserFk like 'test_role1';
grant select on *.* to 'test_role2'@'';
--sorted_result
select * from mysql.user where user like 'test_role1';
--sorted_result
select * from mysql.user where user like 'test_role2';
flush privileges;
@ -28,32 +33,43 @@ change_user 'test_user';
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
--sorted_result
show grants;
set role test_role1;
--sorted_result
show grants;
select * from mysql.roles_mapping where HostFk='';
--sorted_result
show grants;
set role none;
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
--sorted_result
show grants;
--error ER_INVALID_ROLE
set role test_role2;
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
#Make sure that this still works after an ER_INVALID_ROLE error
--sorted_result
show grants;
set role test_role1;
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping where HostFk='';
--sorted_result
show grants;
set role none;
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

6
mysql-test/t/acl_roles_set_role-simple.test
View file

@ -7,9 +7,12 @@ update mysql.user set is_role='Y' where user='test_role1';
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'test_role1');
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping;
grant select on *.* to 'test_role1'@'';
--sorted_result
select * from mysql.user where user='test_role1';
flush privileges;
@ -18,9 +21,12 @@ change_user 'test_user';
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
--sorted_result
show grants;
set role test_role1;
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping;
set role none;

46
sql/sql_acl.cc
View file

@ -309,6 +309,9 @@ static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
const char *ip);
static bool show_proxy_grants (THD *thd, LEX_USER *user,
char *buff, size_t buffsize);
static bool show_role_grants(THD *thd, LEX_USER *lex_user,
ACL_USER_BASE *acl_entry,
char *buff, size_t buffsize);
static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
ACL_USER_BASE *acl_entry, bool handle_as_role,
char *buff, size_t buffsize);
@ -6300,6 +6303,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
DBUG_RETURN(TRUE);
}
/* Show granted roles to acl_user */
if (show_role_grants(thd, lex_user, acl_user, buff, sizeof(buff)))
{
error= -1;
goto end;
}
/* Add first global access grants */
if (show_global_privileges(thd, lex_user, acl_user, FALSE, buff, sizeof(buff)))
{
@ -6349,6 +6359,42 @@ end:
DBUG_RETURN(error);
}
static bool show_role_grants(THD *thd, LEX_USER *lex_user,
ACL_USER_BASE *acl_entry,
char *buff, size_t buffsize)
{
uint counter;
Protocol *protocol= thd->protocol;
String grant(buff,sizeof(buff),system_charset_info);
for (counter= 0; counter < acl_entry->role_grants.elements; counter++)
{
grant.length(0);
grant.append(STRING_WITH_LEN("GRANT "));
ACL_ROLE *acl_role= *(dynamic_element(&acl_entry->role_grants, counter,
ACL_ROLE**));
grant.append(acl_role->user.str, acl_role->user.length,
system_charset_info);
grant.append(STRING_WITH_LEN(" TO '"));
grant.append(lex_user->user.str, lex_user->user.length,
system_charset_info);
if (!(acl_entry->flags & IS_ROLE))
{
grant.append(STRING_WITH_LEN("'@'"));
grant.append(lex_user->host.str, lex_user->host.length,
system_charset_info);
}
grant.append('\'');
protocol->prepare_for_resend();
protocol->store(grant.ptr(),grant.length(),grant.charset());
if (protocol->write())
{
return TRUE;
}
}
return FALSE;
}
static bool show_global_privileges(THD *thd, LEX_USER *lex_user,
ACL_USER_BASE *acl_entry, bool handle_as_role,
char *buff, size_t buffsize)