mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 12:02:42 +01:00
sql/sql_acl.cc
report correct errror in MODE_NO_AUTO_CREATE_USER
cleanup
after merge fixes
mysql-test/r/grant2.result:
updated after merge
mysql-test/r/grant3.result:
updated after merge
mysql-test/r/rpl_temporary.result:
sqlstate fixed
mysql-test/t/grant2.test:
updated after merge
mysql-test/t/grant3.test:
updated after merge
sql/share/errmsg.txt:
sqlstate fixed
sql/sql_acl.cc:
report correct errror in MODE_NO_AUTO_CREATE_USER
cleanup
This commit is contained in:
unknown
parent
d27a709f3d
commit
c9659f0e6d
7 changed files with 37 additions and 38 deletions
|
|
@ -31,7 +31,6 @@ select current_user;
|
|||
current_user
|
||||
mysqltest_1@localhost
|
||||
grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
|
||||
ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users
|
||||
grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
|
||||
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'my_%'
|
||||
set @@sql_mode='NO_AUTO_CREATE_USER';
|
||||
|
|
@ -39,16 +38,17 @@ select @@sql_mode;
|
|||
@@sql_mode
|
||||
NO_AUTO_CREATE_USER
|
||||
grant select on `my\_1`.* to mysqltest_4@localhost with grant option;
|
||||
ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users
|
||||
ERROR 42000: Can't find any matching row in the user table
|
||||
grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'
|
||||
with grant option;
|
||||
ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users
|
||||
show grants for mysqltest_1@localhost;
|
||||
Grants for mysqltest_1@localhost
|
||||
GRANT CREATE USER ON *.* TO 'mysqltest_1'@'localhost'
|
||||
GRANT ALL PRIVILEGES ON `my\_%`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION
|
||||
show grants for mysqltest_2@localhost;
|
||||
ERROR 42000: There is no such grant defined for user 'mysqltest_2' on host 'localhost'
|
||||
Grants for mysqltest_2@localhost
|
||||
GRANT USAGE ON *.* TO 'mysqltest_2'@'localhost'
|
||||
GRANT ALL PRIVILEGES ON `my\_1`.* TO 'mysqltest_2'@'localhost' WITH GRANT OPTION
|
||||
show grants for mysqltest_3@localhost;
|
||||
ERROR 42000: There is no such grant defined for user 'mysqltest_3' on host 'localhost'
|
||||
delete from mysql.user where user like 'mysqltest\_%';
|
||||
|
|
@ -78,9 +78,9 @@ flush privileges;
|
|||
create table t1 (a int, b int);
|
||||
grant select (a) on t1 to mysqltest_1@localhost with grant option;
|
||||
grant select (a,b) on t1 to mysqltest_2@localhost;
|
||||
ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users
|
||||
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 't1'
|
||||
grant select on t1 to mysqltest_3@localhost;
|
||||
ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users
|
||||
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1'
|
||||
drop table t1;
|
||||
delete from mysql.user where user like 'mysqltest\_%';
|
||||
delete from mysql.db where user like 'mysqltest\_%';
|
||||
|
|
@ -165,8 +165,6 @@ GRANT INSERT ON "test".* TO 'mysqltest_1'@'%'
|
|||
GRANT UPDATE (c2) ON "test"."t2" TO 'mysqltest_1'@'%'
|
||||
GRANT UPDATE ON "test"."t1" TO 'mysqltest_1'@'%'
|
||||
drop user 'mysqltest_1', 'mysqltest_3';
|
||||
grant all on test.t1 to 'mysqltest_1';
|
||||
ERROR HY000: You are not allowed to create a user with GRANT
|
||||
drop user 'mysqltest_1';
|
||||
ERROR HY000: Operation DROP USER failed for 'mysqltest_1'@'%'
|
||||
drop table t1, t2;
|
||||
|
|
|
|||
|
|
@ -6,10 +6,11 @@ delete from mysql.tables_priv where user like 'mysqltest\_%';
|
|||
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
||||
flush privileges;
|
||||
create user mysqltest_1@localhost;
|
||||
grant grant option on mysql.* to mysqltest_1@localhost;
|
||||
grant create user on *.* to mysqltest_1@localhost;
|
||||
grant select on `my\_1`.* to mysqltest_1@localhost with grant option;
|
||||
grant select on `my\_1`.* to mysqltest_2@localhost;
|
||||
ERROR HY000: You are not allowed to create a user with GRANT
|
||||
ERROR 42000: You are not allowed to create a user with GRANT
|
||||
create user mysqltest_2@localhost;
|
||||
delete from mysql.user where user like 'mysqltest\_%';
|
||||
delete from mysql.db where user like 'mysqltest\_%';
|
||||
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
||||
|
|
|
|||
|
|
@ -7,12 +7,12 @@ start slave;
|
|||
reset master;
|
||||
SET @save_select_limit=@@session.sql_select_limit;
|
||||
SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100;
|
||||
ERROR HY000: Access denied; you need the SUPER privilege for this operation
|
||||
ERROR 42000: Access denied; you need the SUPER privilege for this operation
|
||||
SELECT @@session.sql_select_limit = @save_select_limit;
|
||||
@@session.sql_select_limit = @save_select_limit
|
||||
1
|
||||
SET @@session.sql_select_limit=10, @@session.sql_log_bin=0;
|
||||
ERROR HY000: Access denied; you need the SUPER privilege for this operation
|
||||
ERROR 42000: Access denied; you need the SUPER privilege for this operation
|
||||
SELECT @@session.sql_select_limit = @save_select_limit;
|
||||
@@session.sql_select_limit = @save_select_limit
|
||||
1
|
||||
|
|
|
|||
|
|
@ -57,7 +57,6 @@ connect (user1,localhost,mysqltest_1,,);
|
|||
connection user1;
|
||||
select current_user();
|
||||
select current_user;
|
||||
--error 1211
|
||||
grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
|
||||
--error 1044
|
||||
grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
|
||||
|
|
@ -67,14 +66,16 @@ grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
|
|||
#
|
||||
set @@sql_mode='NO_AUTO_CREATE_USER';
|
||||
select @@sql_mode;
|
||||
--error 1211
|
||||
#
|
||||
# GRANT without IDENTIFIED BY does not create new users
|
||||
#
|
||||
--error 1133
|
||||
grant select on `my\_1`.* to mysqltest_4@localhost with grant option;
|
||||
grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'
|
||||
with grant option;
|
||||
disconnect user1;
|
||||
connection default;
|
||||
show grants for mysqltest_1@localhost;
|
||||
--error 1141
|
||||
show grants for mysqltest_2@localhost;
|
||||
--error 1141
|
||||
show grants for mysqltest_3@localhost;
|
||||
|
|
@ -116,9 +117,9 @@ create table t1 (a int, b int);
|
|||
grant select (a) on t1 to mysqltest_1@localhost with grant option;
|
||||
connect (mrugly, localhost, mysqltest_1,,mysqltest);
|
||||
connection mrugly;
|
||||
--error 1211
|
||||
--error 1143
|
||||
grant select (a,b) on t1 to mysqltest_2@localhost;
|
||||
--error 1211
|
||||
--error 1142
|
||||
grant select on t1 to mysqltest_3@localhost;
|
||||
disconnect mrugly;
|
||||
|
||||
|
|
@ -177,10 +178,6 @@ select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest
|
|||
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
|
||||
show grants for 'mysqltest_1';
|
||||
drop user 'mysqltest_1', 'mysqltest_3';
|
||||
#
|
||||
# Grant must not create user
|
||||
--error 1410
|
||||
grant all on test.t1 to 'mysqltest_1';
|
||||
--error 1396
|
||||
drop user 'mysqltest_1';
|
||||
#
|
||||
|
|
|
|||
|
|
@ -16,12 +16,13 @@ delete from mysql.columns_priv where user like 'mysqltest\_%';
|
|||
flush privileges;
|
||||
|
||||
create user mysqltest_1@localhost;
|
||||
grant grant option on mysql.* to mysqltest_1@localhost;
|
||||
grant create user on *.* to mysqltest_1@localhost;
|
||||
grant select on `my\_1`.* to mysqltest_1@localhost with grant option;
|
||||
connect (user_a,localhost,mysqltest_1,,);
|
||||
connection user_a;
|
||||
--error 1410
|
||||
grant select on `my\_1`.* to mysqltest_2@localhost;
|
||||
create user mysqltest_2@localhost;
|
||||
disconnect user_a;
|
||||
connection default;
|
||||
|
||||
|
|
|
|||
|
|
@ -4637,7 +4637,7 @@ ER_USER_LIMIT_REACHED 42000
|
|||
rus "ðÏÌØÚÏ×ÁÔÅÌØ '%-.64s' ÐÒÅ×ÙÓÉÌ ÉÓÐÏÌØÚÏ×ÁÎÉÅ ÒÅÓÕÒÓÁ '%s' (ÔÅËÕÝÅÅ ÚÎÁÞÅÎÉÅ: %ld)"
|
||||
spa "Usuario '%-.64s' ha excedido el recurso '%s' (actual valor: %ld)"
|
||||
swe "Användare '%-.64s' har överskridit '%s' (nuvarande värde: %ld)"
|
||||
ER_SPECIFIC_ACCESS_DENIED_ERROR
|
||||
ER_SPECIFIC_ACCESS_DENIED_ERROR 42000
|
||||
nla "Toegang geweigerd. U moet het %-.128s privilege hebben voor deze operatie"
|
||||
eng "Access denied; you need the %-.128s privilege for this operation"
|
||||
ger "Befehl nicht zulässig. Hierfür wird die Berechtigung %-.128s benötigt"
|
||||
|
|
@ -5332,5 +5332,5 @@ ER_STARTUP
|
|||
eng "%s: ready for connections.\nVersion: '%s' socket: '%s' port: %d %s"
|
||||
ER_LOAD_FROM_FIXED_SIZE_ROWS_TO_VAR
|
||||
eng "Can't load value from file with fixed size rows to variable"
|
||||
ER_CANT_CREATE_USER_WITH_GRANT
|
||||
ER_CANT_CREATE_USER_WITH_GRANT 42000
|
||||
eng "You are not allowed to create a user with GRANT"
|
||||
|
|
|
|||
|
|
@ -1586,7 +1586,7 @@ static bool test_if_create_new_users(THD *thd)
|
|||
|
||||
static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
|
||||
ulong rights, bool revoke_grant,
|
||||
bool create_user)
|
||||
bool can_create_user, bool no_auto_create)
|
||||
{
|
||||
int error = -1;
|
||||
bool old_row_exists=0;
|
||||
|
|
@ -1640,8 +1640,12 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
|
|||
|
||||
see also test_if_create_new_users()
|
||||
*/
|
||||
else if (((thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER) &&
|
||||
!password_len) || !create_user)
|
||||
else if (!password_len && no_auto_create)
|
||||
{
|
||||
my_error(ER_PASSWORD_NO_MATCH, MYF(0), combo.user.str, combo.host.str);
|
||||
goto end;
|
||||
}
|
||||
else if (!can_create_user)
|
||||
{
|
||||
my_error(ER_CANT_CREATE_USER_WITH_GRANT, MYF(0),
|
||||
thd->user, thd->host_or_ip);
|
||||
|
|
@ -2724,7 +2728,8 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list,
|
|||
/* Create user if needed */
|
||||
pthread_mutex_lock(&acl_cache->lock);
|
||||
error=replace_user_table(thd, tables[0].table, *Str,
|
||||
0, revoke_grant, create_new_users);
|
||||
0, revoke_grant, create_new_users,
|
||||
thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER);
|
||||
pthread_mutex_unlock(&acl_cache->lock);
|
||||
if (error)
|
||||
{
|
||||
|
|
@ -2929,7 +2934,8 @@ bool mysql_procedure_grant(THD *thd, TABLE_LIST *table_list,
|
|||
/* Create user if needed */
|
||||
pthread_mutex_lock(&acl_cache->lock);
|
||||
error=replace_user_table(thd, tables[0].table, *Str,
|
||||
0, revoke_grant, create_new_users);
|
||||
0, revoke_grant, create_new_users,
|
||||
thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER);
|
||||
pthread_mutex_unlock(&acl_cache->lock);
|
||||
if (error)
|
||||
{
|
||||
|
|
@ -3053,11 +3059,9 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
|
|||
result= -1;
|
||||
continue;
|
||||
}
|
||||
if ((replace_user_table(thd,
|
||||
tables[0].table,
|
||||
*Str,
|
||||
(!db ? rights : 0), revoke_grant,
|
||||
create_new_users)))
|
||||
if (replace_user_table(thd, tables[0].table, *Str,
|
||||
(!db ? rights : 0), revoke_grant, create_new_users,
|
||||
thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER))
|
||||
result= -1;
|
||||
else if (db)
|
||||
{
|
||||
|
|
@ -4826,13 +4830,11 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list)
|
|||
}
|
||||
|
||||
sql_mode= thd->variables.sql_mode;
|
||||
thd->variables.sql_mode&= ~MODE_NO_AUTO_CREATE_USER;
|
||||
if (replace_user_table(thd, tables[0].table, *user_name, 0, 0, 1))
|
||||
if (replace_user_table(thd, tables[0].table, *user_name, 0, 0, 1, 0))
|
||||
{
|
||||
append_user(&wrong_users, user_name);
|
||||
result= TRUE;
|
||||
}
|
||||
thd->variables.sql_mode= sql_mode;
|
||||
}
|
||||
|
||||
VOID(pthread_mutex_unlock(&acl_cache->lock));
|
||||
|
|
@ -4988,7 +4990,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
|
|||
}
|
||||
|
||||
if (replace_user_table(thd, tables[0].table,
|
||||
*lex_user, ~0, 1, 0))
|
||||
*lex_user, ~0, 1, 0, 0))
|
||||
{
|
||||
result= -1;
|
||||
continue;
|
||||
|
|
|
|||
Loading…
Reference in a new issue