mirror of
https://github.com/MariaDB/server.git
synced 2025-01-28 01:34:17 +01:00
Fix for bug#36544 "DROP USER does not remove stored function
privileges". The first problem was that DROP USER didn't properly remove privileges on stored functions from in-memory structures. So the dropped user could have called stored functions on which he had privileges before being dropped while his connection was still around. Even worse if a new user with the same name was created he would inherit privileges on stored functions from the dropped user. Similar thing happened with old user name and function privileges during RENAME USER. This problem stemmed from the fact that the handle_grant_data() function which handled DROP/RENAME USER didn't take any measures to update in-memory hash with information about function privileges after updating them on disk. This patch solves this problem by adding code doing just that. The second problem was that RENAME USER didn't properly update in-memory structures describing table-level privileges and privileges on stored procedures. As result such privileges could have been lost after a rename (i.e. not associated with the new name of user) and inherited by a new user with the same name as the old name of the original user. This problem was caused by code handling RENAME USER in handle_grant_struct() which [sic!]: a) tried to update wrong (tables) hash when updating stored procedure privileges for new user name. b) passed wrong arguments to function performing the hash update and didn't take into account the way in which such update could have changed the order of the hash elements. This patch solves this problem by ensuring that a) the correct hash is updated, b) correct arguments are used for the hash_update() function and c) we take into account possible changes in the order of hash elements. mysql-test/r/grant.result: Added test coverage for bug#36544 "DROP USER does not remove stored function privileges". mysql-test/suite/funcs_1/r/innodb_storedproc_06.result: Since after fixing bug#36544 "DROP USER does not remove stored function privileges" in-memory structures are correctly updated by DROP USER, DROP FUNCTION performed after DROP USER for its definer no longer produces unwarranted warning/error messages. mysql-test/suite/funcs_1/r/memory_storedproc_06.result: Since after fixing bug#36544 "DROP USER does not remove stored function privileges" in-memory structures are correctly updated by DROP USER, DROP FUNCTION performed after DROP USER for its definer no longer produces unwarranted warning/error messages. mysql-test/suite/funcs_1/r/myisam_storedproc_06.result: Since after fixing bug#36544 "DROP USER does not remove stored function privileges" in-memory structures are correctly updated by DROP USER, DROP FUNCTION performed after DROP USER for its definer no longer produces unwarranted warning/error messages. mysql-test/t/grant.test: Added test coverage for bug#36544 "DROP USER does not remove stored function privileges". sql/sql_acl.cc: Changed handle_grant_data() to also update hash with function privileges. This allows DROP/RENAME USER correctly keep this in-memory structure up-to-date. To do this extended handle_grant_struct() to support updating of this hash. In addition fixed code in this function which is responsible for handling of column and routine hashes during RENAME USER, ensured that we correctly update these hashes after changing user name and that we don't skip elements while iterating through the hash and doing updates.
This commit is contained in:
parent
e8ffaf4ae7
commit
b169b8d853
6 changed files with 451 additions and 53 deletions
mysql-test
r
suite/funcs_1/r
t
sql
|
@ -1230,4 +1230,197 @@ DROP DATABASE mysqltest2;
|
|||
DROP USER testuser@localhost;
|
||||
use test;
|
||||
|
||||
#
|
||||
# Test for bug #36544 "DROP USER does not remove stored function
|
||||
# privileges".
|
||||
#
|
||||
create database mysqltest1;
|
||||
create function mysqltest1.f1() returns int return 0;
|
||||
create procedure mysqltest1.p1() begin end;
|
||||
#
|
||||
# 1) Check that DROP USER properly removes privileges on both
|
||||
# stored procedures and functions.
|
||||
#
|
||||
create user mysqluser1@localhost;
|
||||
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
|
||||
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
|
||||
# Quick test that granted privileges are properly reflected
|
||||
# in privilege tables and in in-memory structures.
|
||||
show grants for mysqluser1@localhost;
|
||||
Grants for mysqluser1@localhost
|
||||
GRANT USAGE ON *.* TO 'mysqluser1'@'localhost'
|
||||
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser1'@'localhost'
|
||||
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser1'@'localhost'
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
|
||||
db routine_name routine_type proc_priv
|
||||
mysqltest1 f1 FUNCTION Execute
|
||||
mysqltest1 p1 PROCEDURE Execute
|
||||
#
|
||||
# Create connection 'bug_36544_con1' as 'mysqluser1@localhost'.
|
||||
call mysqltest1.p1();
|
||||
select mysqltest1.f1();
|
||||
mysqltest1.f1()
|
||||
0
|
||||
#
|
||||
# Switch to connection 'default'.
|
||||
drop user mysqluser1@localhost;
|
||||
#
|
||||
# Test that dropping of user is properly reflected in
|
||||
# both privilege tables and in in-memory structures.
|
||||
#
|
||||
# Switch to connection 'bug36544_con1'.
|
||||
# The connection cold be alive but should not be able to
|
||||
# access to any of the stored routines.
|
||||
call mysqltest1.p1();
|
||||
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
|
||||
select mysqltest1.f1();
|
||||
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
|
||||
#
|
||||
# Switch to connection 'default'.
|
||||
#
|
||||
# Now create user with the same name and check that he
|
||||
# has not inherited privileges.
|
||||
create user mysqluser1@localhost;
|
||||
show grants for mysqluser1@localhost;
|
||||
Grants for mysqluser1@localhost
|
||||
GRANT USAGE ON *.* TO 'mysqluser1'@'localhost'
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
|
||||
db routine_name routine_type proc_priv
|
||||
#
|
||||
# Create connection 'bug_36544_con2' as 'mysqluser1@localhost'.
|
||||
# Newly created user should not be able to access any of the routines.
|
||||
call mysqltest1.p1();
|
||||
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
|
||||
select mysqltest1.f1();
|
||||
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
|
||||
#
|
||||
# Switch to connection 'default'.
|
||||
#
|
||||
# 2) Check that RENAME USER properly updates privileges on both
|
||||
# stored procedures and functions.
|
||||
#
|
||||
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
|
||||
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
|
||||
#
|
||||
# Create one more user to make in-memory hashes non-trivial.
|
||||
# User names 'mysqluser11' and 'mysqluser10' were selected
|
||||
# to trigger bug discovered during code inspection.
|
||||
create user mysqluser11@localhost;
|
||||
grant execute on function mysqltest1.f1 to mysqluser11@localhost;
|
||||
grant execute on procedure mysqltest1.p1 to mysqluser11@localhost;
|
||||
# Also create a couple of tables to test for another bug
|
||||
# discovered during code inspection (again table names were
|
||||
# chosen especially to trigger the bug).
|
||||
create table mysqltest1.t11 (i int);
|
||||
create table mysqltest1.t22 (i int);
|
||||
grant select on mysqltest1.t22 to mysqluser1@localhost;
|
||||
grant select on mysqltest1.t11 to mysqluser1@localhost;
|
||||
# Quick test that granted privileges are properly reflected
|
||||
# in privilege tables and in in-memory structures.
|
||||
show grants for mysqluser1@localhost;
|
||||
Grants for mysqluser1@localhost
|
||||
GRANT USAGE ON *.* TO 'mysqluser1'@'localhost'
|
||||
GRANT SELECT ON `mysqltest1`.`t11` TO 'mysqluser1'@'localhost'
|
||||
GRANT SELECT ON `mysqltest1`.`t22` TO 'mysqluser1'@'localhost'
|
||||
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser1'@'localhost'
|
||||
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser1'@'localhost'
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
|
||||
db routine_name routine_type proc_priv
|
||||
mysqltest1 f1 FUNCTION Execute
|
||||
mysqltest1 p1 PROCEDURE Execute
|
||||
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
|
||||
db table_name table_priv
|
||||
mysqltest1 t11 Select
|
||||
mysqltest1 t22 Select
|
||||
#
|
||||
# Switch to connection 'bug36544_con2'.
|
||||
call mysqltest1.p1();
|
||||
select mysqltest1.f1();
|
||||
mysqltest1.f1()
|
||||
0
|
||||
select * from mysqltest1.t11;
|
||||
i
|
||||
select * from mysqltest1.t22;
|
||||
i
|
||||
#
|
||||
# Switch to connection 'default'.
|
||||
rename user mysqluser1@localhost to mysqluser10@localhost;
|
||||
#
|
||||
# Test that there are no privileges left for mysqluser1.
|
||||
#
|
||||
# Switch to connection 'bug36544_con2'.
|
||||
# The connection cold be alive but should not be able to
|
||||
# access to any of the stored routines or tables.
|
||||
call mysqltest1.p1();
|
||||
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
|
||||
select mysqltest1.f1();
|
||||
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
|
||||
select * from mysqltest1.t11;
|
||||
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't11'
|
||||
select * from mysqltest1.t22;
|
||||
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't22'
|
||||
#
|
||||
# Switch to connection 'default'.
|
||||
#
|
||||
# Now create user with the old name and check that he
|
||||
# has not inherited privileges.
|
||||
create user mysqluser1@localhost;
|
||||
show grants for mysqluser1@localhost;
|
||||
Grants for mysqluser1@localhost
|
||||
GRANT USAGE ON *.* TO 'mysqluser1'@'localhost'
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
|
||||
db routine_name routine_type proc_priv
|
||||
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
|
||||
db table_name table_priv
|
||||
#
|
||||
# Create connection 'bug_36544_con3' as 'mysqluser1@localhost'.
|
||||
# Newly created user should not be able to access to any of the
|
||||
# stored routines or tables.
|
||||
call mysqltest1.p1();
|
||||
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
|
||||
select mysqltest1.f1();
|
||||
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
|
||||
select * from mysqltest1.t11;
|
||||
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't11'
|
||||
select * from mysqltest1.t22;
|
||||
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't22'
|
||||
#
|
||||
# Switch to connection 'default'.
|
||||
#
|
||||
# Now check that privileges became associated with a new user
|
||||
# name - mysqluser10.
|
||||
#
|
||||
show grants for mysqluser10@localhost;
|
||||
Grants for mysqluser10@localhost
|
||||
GRANT USAGE ON *.* TO 'mysqluser10'@'localhost'
|
||||
GRANT SELECT ON `mysqltest1`.`t22` TO 'mysqluser10'@'localhost'
|
||||
GRANT SELECT ON `mysqltest1`.`t11` TO 'mysqluser10'@'localhost'
|
||||
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO 'mysqluser10'@'localhost'
|
||||
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO 'mysqluser10'@'localhost'
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser10' and host='localhost';
|
||||
db routine_name routine_type proc_priv
|
||||
mysqltest1 f1 FUNCTION Execute
|
||||
mysqltest1 p1 PROCEDURE Execute
|
||||
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser10' and host='localhost';
|
||||
db table_name table_priv
|
||||
mysqltest1 t11 Select
|
||||
mysqltest1 t22 Select
|
||||
#
|
||||
# Create connection 'bug_36544_con4' as 'mysqluser10@localhost'.
|
||||
call mysqltest1.p1();
|
||||
select mysqltest1.f1();
|
||||
mysqltest1.f1()
|
||||
0
|
||||
select * from mysqltest1.t11;
|
||||
i
|
||||
select * from mysqltest1.t22;
|
||||
i
|
||||
#
|
||||
# Switch to connection 'default'.
|
||||
#
|
||||
# Clean-up.
|
||||
drop user mysqluser1@localhost;
|
||||
drop user mysqluser10@localhost;
|
||||
drop user mysqluser11@localhost;
|
||||
drop database mysqltest1;
|
||||
End of 5.0 tests
|
||||
|
|
|
@ -131,10 +131,6 @@ root@localhost db_storedproc_1
|
|||
drop user 'user_1'@'localhost';
|
||||
DROP PROCEDURE sp3;
|
||||
DROP FUNCTION fn1;
|
||||
Warnings:
|
||||
Error 1133 Can't find any matching row in the user table
|
||||
Error 1269 Can't revoke all privileges for one or more of the requested users
|
||||
Warning 1405 Failed to revoke all privileges to dropped routine
|
||||
|
||||
Testcase 3.1.6.4:
|
||||
-----------------
|
||||
|
|
|
@ -131,10 +131,6 @@ root@localhost db_storedproc_1
|
|||
drop user 'user_1'@'localhost';
|
||||
DROP PROCEDURE sp3;
|
||||
DROP FUNCTION fn1;
|
||||
Warnings:
|
||||
Error 1133 Can't find any matching row in the user table
|
||||
Error 1269 Can't revoke all privileges for one or more of the requested users
|
||||
Warning 1405 Failed to revoke all privileges to dropped routine
|
||||
|
||||
Testcase 3.1.6.4:
|
||||
-----------------
|
||||
|
|
|
@ -131,10 +131,6 @@ root@localhost db_storedproc_1
|
|||
drop user 'user_1'@'localhost';
|
||||
DROP PROCEDURE sp3;
|
||||
DROP FUNCTION fn1;
|
||||
Warnings:
|
||||
Error 1133 Can't find any matching row in the user table
|
||||
Error 1269 Can't revoke all privileges for one or more of the requested users
|
||||
Warning 1405 Failed to revoke all privileges to dropped routine
|
||||
|
||||
Testcase 3.1.6.4:
|
||||
-----------------
|
||||
|
|
|
@ -1267,6 +1267,183 @@ DROP USER testuser@localhost;
|
|||
use test;
|
||||
--echo
|
||||
|
||||
|
||||
--echo #
|
||||
--echo # Test for bug #36544 "DROP USER does not remove stored function
|
||||
--echo # privileges".
|
||||
--echo #
|
||||
create database mysqltest1;
|
||||
create function mysqltest1.f1() returns int return 0;
|
||||
create procedure mysqltest1.p1() begin end;
|
||||
--echo #
|
||||
--echo # 1) Check that DROP USER properly removes privileges on both
|
||||
--echo # stored procedures and functions.
|
||||
--echo #
|
||||
create user mysqluser1@localhost;
|
||||
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
|
||||
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
|
||||
|
||||
--echo # Quick test that granted privileges are properly reflected
|
||||
--echo # in privilege tables and in in-memory structures.
|
||||
show grants for mysqluser1@localhost;
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
|
||||
--echo #
|
||||
--echo # Create connection 'bug_36544_con1' as 'mysqluser1@localhost'.
|
||||
--connect (bug36544_con1,localhost,mysqluser1,,)
|
||||
call mysqltest1.p1();
|
||||
select mysqltest1.f1();
|
||||
|
||||
--echo #
|
||||
--echo # Switch to connection 'default'.
|
||||
--connection default
|
||||
drop user mysqluser1@localhost;
|
||||
|
||||
--echo #
|
||||
--echo # Test that dropping of user is properly reflected in
|
||||
--echo # both privilege tables and in in-memory structures.
|
||||
--echo #
|
||||
--echo # Switch to connection 'bug36544_con1'.
|
||||
--connection bug36544_con1
|
||||
--echo # The connection cold be alive but should not be able to
|
||||
--echo # access to any of the stored routines.
|
||||
--error ER_PROCACCESS_DENIED_ERROR
|
||||
call mysqltest1.p1();
|
||||
--error ER_PROCACCESS_DENIED_ERROR
|
||||
select mysqltest1.f1();
|
||||
--disconnect bug36544_con1
|
||||
|
||||
--echo #
|
||||
--echo # Switch to connection 'default'.
|
||||
--connection default
|
||||
--echo #
|
||||
--echo # Now create user with the same name and check that he
|
||||
--echo # has not inherited privileges.
|
||||
create user mysqluser1@localhost;
|
||||
show grants for mysqluser1@localhost;
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
|
||||
--echo #
|
||||
--echo # Create connection 'bug_36544_con2' as 'mysqluser1@localhost'.
|
||||
--connect (bug36544_con2,localhost,mysqluser1,,)
|
||||
--echo # Newly created user should not be able to access any of the routines.
|
||||
--error ER_PROCACCESS_DENIED_ERROR
|
||||
call mysqltest1.p1();
|
||||
--error ER_PROCACCESS_DENIED_ERROR
|
||||
select mysqltest1.f1();
|
||||
--echo #
|
||||
--echo # Switch to connection 'default'.
|
||||
--connection default
|
||||
|
||||
--echo #
|
||||
--echo # 2) Check that RENAME USER properly updates privileges on both
|
||||
--echo # stored procedures and functions.
|
||||
--echo #
|
||||
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
|
||||
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
|
||||
--echo #
|
||||
--echo # Create one more user to make in-memory hashes non-trivial.
|
||||
--echo # User names 'mysqluser11' and 'mysqluser10' were selected
|
||||
--echo # to trigger bug discovered during code inspection.
|
||||
create user mysqluser11@localhost;
|
||||
grant execute on function mysqltest1.f1 to mysqluser11@localhost;
|
||||
grant execute on procedure mysqltest1.p1 to mysqluser11@localhost;
|
||||
--echo # Also create a couple of tables to test for another bug
|
||||
--echo # discovered during code inspection (again table names were
|
||||
--echo # chosen especially to trigger the bug).
|
||||
create table mysqltest1.t11 (i int);
|
||||
create table mysqltest1.t22 (i int);
|
||||
grant select on mysqltest1.t22 to mysqluser1@localhost;
|
||||
grant select on mysqltest1.t11 to mysqluser1@localhost;
|
||||
|
||||
--echo # Quick test that granted privileges are properly reflected
|
||||
--echo # in privilege tables and in in-memory structures.
|
||||
show grants for mysqluser1@localhost;
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
|
||||
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
|
||||
--echo #
|
||||
--echo # Switch to connection 'bug36544_con2'.
|
||||
--connection bug36544_con2
|
||||
call mysqltest1.p1();
|
||||
select mysqltest1.f1();
|
||||
select * from mysqltest1.t11;
|
||||
select * from mysqltest1.t22;
|
||||
|
||||
--echo #
|
||||
--echo # Switch to connection 'default'.
|
||||
--connection default
|
||||
rename user mysqluser1@localhost to mysqluser10@localhost;
|
||||
|
||||
--echo #
|
||||
--echo # Test that there are no privileges left for mysqluser1.
|
||||
--echo #
|
||||
--echo # Switch to connection 'bug36544_con2'.
|
||||
--connection bug36544_con2
|
||||
--echo # The connection cold be alive but should not be able to
|
||||
--echo # access to any of the stored routines or tables.
|
||||
--error ER_PROCACCESS_DENIED_ERROR
|
||||
call mysqltest1.p1();
|
||||
--error ER_PROCACCESS_DENIED_ERROR
|
||||
select mysqltest1.f1();
|
||||
--error ER_TABLEACCESS_DENIED_ERROR
|
||||
select * from mysqltest1.t11;
|
||||
--error ER_TABLEACCESS_DENIED_ERROR
|
||||
select * from mysqltest1.t22;
|
||||
--disconnect bug36544_con2
|
||||
|
||||
--echo #
|
||||
--echo # Switch to connection 'default'.
|
||||
--connection default
|
||||
--echo #
|
||||
--echo # Now create user with the old name and check that he
|
||||
--echo # has not inherited privileges.
|
||||
create user mysqluser1@localhost;
|
||||
show grants for mysqluser1@localhost;
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
|
||||
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
|
||||
--echo #
|
||||
--echo # Create connection 'bug_36544_con3' as 'mysqluser1@localhost'.
|
||||
--connect (bug36544_con3,localhost,mysqluser1,,)
|
||||
--echo # Newly created user should not be able to access to any of the
|
||||
--echo # stored routines or tables.
|
||||
--error ER_PROCACCESS_DENIED_ERROR
|
||||
call mysqltest1.p1();
|
||||
--error ER_PROCACCESS_DENIED_ERROR
|
||||
select mysqltest1.f1();
|
||||
--error ER_TABLEACCESS_DENIED_ERROR
|
||||
select * from mysqltest1.t11;
|
||||
--error ER_TABLEACCESS_DENIED_ERROR
|
||||
select * from mysqltest1.t22;
|
||||
--disconnect bug36544_con3
|
||||
|
||||
--echo #
|
||||
--echo # Switch to connection 'default'.
|
||||
--connection default
|
||||
--echo #
|
||||
--echo # Now check that privileges became associated with a new user
|
||||
--echo # name - mysqluser10.
|
||||
--echo #
|
||||
show grants for mysqluser10@localhost;
|
||||
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser10' and host='localhost';
|
||||
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser10' and host='localhost';
|
||||
--echo #
|
||||
--echo # Create connection 'bug_36544_con4' as 'mysqluser10@localhost'.
|
||||
--connect (bug36544_con4,localhost,mysqluser10,,)
|
||||
call mysqltest1.p1();
|
||||
select mysqltest1.f1();
|
||||
select * from mysqltest1.t11;
|
||||
select * from mysqltest1.t22;
|
||||
--disconnect bug36544_con4
|
||||
|
||||
--echo #
|
||||
--echo # Switch to connection 'default'.
|
||||
--connection default
|
||||
--echo #
|
||||
--echo # Clean-up.
|
||||
drop user mysqluser1@localhost;
|
||||
drop user mysqluser10@localhost;
|
||||
drop user mysqluser11@localhost;
|
||||
drop database mysqltest1;
|
||||
|
||||
|
||||
--echo End of 5.0 tests
|
||||
|
||||
disconnect master;
|
||||
|
|
122
sql/sql_acl.cc
122
sql/sql_acl.cc
|
@ -1,4 +1,4 @@
|
|||
/* Copyright (C) 2000-2003 MySQL AB
|
||||
/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -5048,18 +5048,15 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
|
|||
}
|
||||
|
||||
|
||||
/*
|
||||
/**
|
||||
Handle an in-memory privilege structure.
|
||||
|
||||
SYNOPSIS
|
||||
handle_grant_struct()
|
||||
struct_no The number of the structure to handle (0..3).
|
||||
drop If user_from is to be dropped.
|
||||
user_from The the user to be searched/dropped/renamed.
|
||||
user_to The new name for the user if to be renamed,
|
||||
NULL otherwise.
|
||||
@param struct_no The number of the structure to handle (0..4).
|
||||
@param drop If user_from is to be dropped.
|
||||
@param user_from The the user to be searched/dropped/renamed.
|
||||
@param user_to The new name for the user if to be renamed, NULL otherwise.
|
||||
|
||||
DESCRIPTION
|
||||
@note
|
||||
Scan through all elements in an in-memory grant structure and apply
|
||||
the requested operation.
|
||||
Delete from grant structure if drop is true.
|
||||
|
@ -5069,12 +5066,12 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
|
|||
0 acl_users
|
||||
1 acl_dbs
|
||||
2 column_priv_hash
|
||||
3 procs_priv_hash
|
||||
3 proc_priv_hash
|
||||
4 func_priv_hash
|
||||
|
||||
RETURN
|
||||
> 0 At least one element matched.
|
||||
0 OK, but no element matched.
|
||||
-1 Wrong arguments to function
|
||||
@retval > 0 At least one element matched.
|
||||
@retval 0 OK, but no element matched.
|
||||
@retval -1 Wrong arguments to function.
|
||||
*/
|
||||
|
||||
static int handle_grant_struct(uint struct_no, bool drop,
|
||||
|
@ -5088,6 +5085,7 @@ static int handle_grant_struct(uint struct_no, bool drop,
|
|||
ACL_USER *UNINIT_VAR(acl_user);
|
||||
ACL_DB *UNINIT_VAR(acl_db);
|
||||
GRANT_NAME *UNINIT_VAR(grant_name);
|
||||
HASH *UNINIT_VAR(grant_name_hash);
|
||||
DBUG_ENTER("handle_grant_struct");
|
||||
DBUG_PRINT("info",("scan struct: %u search: '%s'@'%s'",
|
||||
struct_no, user_from->user.str, user_from->host.str));
|
||||
|
@ -5104,9 +5102,15 @@ static int handle_grant_struct(uint struct_no, bool drop,
|
|||
break;
|
||||
case 2:
|
||||
elements= column_priv_hash.records;
|
||||
grant_name_hash= &column_priv_hash;
|
||||
break;
|
||||
case 3:
|
||||
elements= proc_priv_hash.records;
|
||||
grant_name_hash= &proc_priv_hash;
|
||||
break;
|
||||
case 4:
|
||||
elements= func_priv_hash.records;
|
||||
grant_name_hash= &func_priv_hash;
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
|
@ -5136,16 +5140,13 @@ static int handle_grant_struct(uint struct_no, bool drop,
|
|||
break;
|
||||
|
||||
case 2:
|
||||
grant_name= (GRANT_NAME*) hash_element(&column_priv_hash, idx);
|
||||
case 3:
|
||||
case 4:
|
||||
grant_name= (GRANT_NAME*) hash_element(grant_name_hash, idx);
|
||||
user= grant_name->user;
|
||||
host= grant_name->host.hostname;
|
||||
break;
|
||||
|
||||
case 3:
|
||||
grant_name= (GRANT_NAME*) hash_element(&proc_priv_hash, idx);
|
||||
user= grant_name->user;
|
||||
host= grant_name->host.hostname;
|
||||
break;
|
||||
default:
|
||||
assert(0);
|
||||
}
|
||||
|
@ -5176,14 +5177,25 @@ static int handle_grant_struct(uint struct_no, bool drop,
|
|||
break;
|
||||
|
||||
case 2:
|
||||
hash_delete(&column_priv_hash, (byte*) grant_name);
|
||||
break;
|
||||
|
||||
case 3:
|
||||
hash_delete(&proc_priv_hash, (byte*) grant_name);
|
||||
case 4:
|
||||
hash_delete(grant_name_hash, (byte*) grant_name);
|
||||
break;
|
||||
}
|
||||
elements--;
|
||||
/*
|
||||
- If we are iterating through an array then we just have moved all
|
||||
elements after the current element one position closer to its head.
|
||||
This means that we have to take another look at the element at
|
||||
current position as it is a new element from the array's tail.
|
||||
- If we are iterating through a hash the current element was replaced
|
||||
with one of elements from the tail. So we also have to take a look
|
||||
at the new element in current position.
|
||||
Note that in our HASH implementation hash_delete() won't move any
|
||||
elements with position after current one to position before the
|
||||
current (i.e. from the tail to the head), so it is safe to continue
|
||||
iteration without re-starting.
|
||||
*/
|
||||
idx--;
|
||||
}
|
||||
else if ( user_to )
|
||||
|
@ -5201,22 +5213,41 @@ static int handle_grant_struct(uint struct_no, bool drop,
|
|||
|
||||
case 2:
|
||||
case 3:
|
||||
/*
|
||||
Update the grant structure with the new user name and
|
||||
host name
|
||||
*/
|
||||
grant_name->set_user_details(user_to->host.str, grant_name->db,
|
||||
user_to->user.str, grant_name->tname,
|
||||
TRUE);
|
||||
case 4:
|
||||
{
|
||||
/*
|
||||
Save old hash key and its length to be able properly update
|
||||
element position in hash.
|
||||
*/
|
||||
char *old_key= grant_name->hash_key;
|
||||
size_t old_key_length= grant_name->key_length;
|
||||
|
||||
/*
|
||||
Since username is part of the hash key, when the user name
|
||||
is renamed, the hash key is changed. Update the hash to
|
||||
ensure that the position matches the new hash key value
|
||||
*/
|
||||
hash_update(&column_priv_hash, (byte*) grant_name,
|
||||
(byte *) grant_name->hash_key, grant_name->key_length);
|
||||
break;
|
||||
/*
|
||||
Update the grant structure with the new user name and host name.
|
||||
*/
|
||||
grant_name->set_user_details(user_to->host.str, grant_name->db,
|
||||
user_to->user.str, grant_name->tname,
|
||||
TRUE);
|
||||
|
||||
/*
|
||||
Since username is part of the hash key, when the user name
|
||||
is renamed, the hash key is changed. Update the hash to
|
||||
ensure that the position matches the new hash key value
|
||||
*/
|
||||
hash_update(grant_name_hash, (byte*) grant_name, (byte*) old_key,
|
||||
old_key_length);
|
||||
/*
|
||||
hash_update() operation could have moved element from the tail
|
||||
of the hash to the current position. So we need to take a look
|
||||
at the element in current position once again.
|
||||
Thanks to the fact that hash_update() for our HASH implementation
|
||||
won't move any elements from the tail of the hash to the positions
|
||||
before the current one (a.k.a. head) it is safe to continue
|
||||
iteration without restarting.
|
||||
*/
|
||||
idx--;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
|
@ -5302,7 +5333,7 @@ static int handle_grant_data(TABLE_LIST *tables, bool drop,
|
|||
}
|
||||
}
|
||||
|
||||
/* Handle procedures table. */
|
||||
/* Handle stored routines table. */
|
||||
if ((found= handle_grant_table(tables, 4, drop, user_from, user_to)) < 0)
|
||||
{
|
||||
/* Handle of table failed, don't touch in-memory array. */
|
||||
|
@ -5319,6 +5350,15 @@ static int handle_grant_data(TABLE_LIST *tables, bool drop,
|
|||
if (! drop && ! user_to)
|
||||
goto end;
|
||||
}
|
||||
/* Handle funcs array. */
|
||||
if (((handle_grant_struct(4, drop, user_from, user_to) && ! result) ||
|
||||
found) && ! result)
|
||||
{
|
||||
result= 1; /* At least one record/element found. */
|
||||
/* If search is requested, we do not need to search further. */
|
||||
if (! drop && ! user_to)
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
/* Handle tables table. */
|
||||
|
|
Loading…
Add table
Reference in a new issue