mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 20:12:31 +01:00
load with_admin flag from the mysql.roles_mapping table
This commit is contained in:
Sergei Golubchik
parent
9d6e9c242e
commit
46622dbea2
3 changed files with 64 additions and 7 deletions
|
|
@ -34,6 +34,22 @@ Host User Role Admin_option
|
|||
role4 role3 Y
|
||||
localhost foo role1 Y
|
||||
localhost foo role2 N
|
||||
flush privileges;
|
||||
show grants for foo@localhost;
|
||||
Grants for foo@localhost
|
||||
GRANT USAGE ON *.* TO 'foo'@'localhost'
|
||||
GRANT role1 TO 'foo'@'localhost' WITH ADMIN OPTION
|
||||
GRANT role2 TO 'foo'@'localhost'
|
||||
show grants for role1;
|
||||
Grants for role1
|
||||
GRANT USAGE ON *.* TO 'role1'
|
||||
GRANT USAGE ON *.* TO 'role2'
|
||||
GRANT role2 TO 'role1'
|
||||
show grants for role4;
|
||||
Grants for role4
|
||||
GRANT USAGE ON *.* TO 'role3'
|
||||
GRANT USAGE ON *.* TO 'role4'
|
||||
GRANT role3 TO 'role4' WITH ADMIN OPTION
|
||||
grant role2 to role1 with admin option;
|
||||
revoke role1 from foo@localhost;
|
||||
revoke admin option for role3 from role4;
|
||||
|
|
@ -57,5 +73,20 @@ Host User Role Admin_option
|
|||
role1 role2 Y
|
||||
role4 role3 N
|
||||
localhost foo role2 N
|
||||
flush privileges;
|
||||
show grants for foo@localhost;
|
||||
Grants for foo@localhost
|
||||
GRANT USAGE ON *.* TO 'foo'@'localhost'
|
||||
GRANT role2 TO 'foo'@'localhost'
|
||||
show grants for role1;
|
||||
Grants for role1
|
||||
GRANT USAGE ON *.* TO 'role1'
|
||||
GRANT USAGE ON *.* TO 'role2'
|
||||
GRANT role2 TO 'role1' WITH ADMIN OPTION
|
||||
show grants for role4;
|
||||
Grants for role4
|
||||
GRANT USAGE ON *.* TO 'role3'
|
||||
GRANT USAGE ON *.* TO 'role4'
|
||||
GRANT role3 TO 'role4'
|
||||
drop role role1, role2, role3, role4, role5, role6;
|
||||
drop user foo@localhost;
|
||||
|
|
|
|||
|
|
@ -29,6 +29,13 @@ show grants for role1;
|
|||
show grants for role4;
|
||||
--sorted_result
|
||||
select * from mysql.roles_mapping;
|
||||
flush privileges;
|
||||
--sorted_result
|
||||
show grants for foo@localhost;
|
||||
--sorted_result
|
||||
show grants for role1;
|
||||
--sorted_result
|
||||
show grants for role4;
|
||||
|
||||
grant role2 to role1 with admin option;
|
||||
revoke role1 from foo@localhost;
|
||||
|
|
@ -43,6 +50,13 @@ show grants for role1;
|
|||
show grants for role4;
|
||||
--sorted_result
|
||||
select * from mysql.roles_mapping;
|
||||
flush privileges;
|
||||
--sorted_result
|
||||
show grants for foo@localhost;
|
||||
--sorted_result
|
||||
show grants for role1;
|
||||
--sorted_result
|
||||
show grants for role4;
|
||||
|
||||
########################################
|
||||
# cleanup
|
||||
|
|
|
|||
|
|
@ -867,6 +867,15 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
|
|||
return false;
|
||||
}
|
||||
|
||||
static bool get_YN_as_bool(Field *field)
|
||||
{
|
||||
char buff[2];
|
||||
String res(buff,sizeof(buff),&my_charset_latin1);
|
||||
field->val_str(&res);
|
||||
return res[0] == 'Y' || res[0] == 'y';
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Initialize structures responsible for user/db-level privilege checking and
|
||||
load privilege information for them from tables in the 'mysql' database.
|
||||
|
|
@ -1408,8 +1417,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
|
|||
char *hostname= get_field(&temp_root, table->field[0]);
|
||||
char *username= get_field(&temp_root, table->field[1]);
|
||||
char *rolename= get_field(&temp_root, table->field[2]);
|
||||
bool with_grant_option= get_YN_as_bool(table->field[3]);
|
||||
|
||||
if (mapping->init(&mem, username, hostname, rolename, false))
|
||||
if (mapping->init(&mem, username, hostname, rolename, with_grant_option))
|
||||
continue;
|
||||
|
||||
if (add_role_user_mapping(mapping) == -1) {
|
||||
|
|
@ -1430,6 +1440,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
|
|||
mysql_mutex_unlock(&acl_cache->lock);
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
sql_print_error("Missing system table mysql.roles_mapping; "
|
||||
"please run mysql_upgrade to create it");
|
||||
}
|
||||
|
||||
init_check_host();
|
||||
|
||||
|
|
@ -1576,7 +1591,6 @@ end:
|
|||
DBUG_RETURN(return_val);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Get all access bits from table after fieldnr
|
||||
|
||||
|
|
@ -1608,8 +1622,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
|
|||
((Field_enum*) (*pos))->typelib->count == 2 ;
|
||||
pos++, fieldnr++, bit<<=1)
|
||||
{
|
||||
(*pos)->val_str(&res);
|
||||
if (my_toupper(&my_charset_latin1, res[0]) == 'Y')
|
||||
if (get_YN_as_bool(*pos))
|
||||
access_bits|= bit;
|
||||
}
|
||||
if (next_field)
|
||||
|
|
@ -1634,7 +1647,7 @@ static ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
|
|||
FALSE otherwise
|
||||
*/
|
||||
|
||||
static inline bool check_is_role(TABLE *form)
|
||||
static bool check_is_role(TABLE *form)
|
||||
{
|
||||
char buff[2];
|
||||
String res(buff, sizeof(buff), &my_charset_latin1);
|
||||
|
|
@ -1642,8 +1655,7 @@ static inline bool check_is_role(TABLE *form)
|
|||
if (form->s->fields <= 42)
|
||||
return FALSE;
|
||||
|
||||
form->field[ROLE_ASSIGN_COLUMN_IDX]->val_str(&res);
|
||||
if (my_toupper(&my_charset_latin1, res[0]) == 'Y')
|
||||
if (get_YN_as_bool(form->field[ROLE_ASSIGN_COLUMN_IDX]))
|
||||
return TRUE;
|
||||
|
||||
return FALSE;
|
||||
|
|
|
|||
Loading…
Reference in a new issue