mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-02-01 03:21:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
85590 commits 2791 branches 343 tags 1.7 GiB
Commit graph

85590 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sergei Golubchik
65eee0be5f MDEV-5176 Server crashes in fill_schema_applicable_roles on select from APPLICABLE_ROLES after a suicide 
Don't assume that thd->security_ctx->priv_user is an actually existing user account
 2013-10-23 09:54:10 -07:00
Sergei Golubchik
7761a278f6 MDEV-5170 Assertion `(&(&acl_cache->lock)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&acl_cache->lock)->m_mutex)->thread)' fails after restarting server with a pre-created role grants 
lock acl_cache->lock mutex for the duration of acl_load
 2013-10-23 09:49:47 -07:00
Sergei Golubchik
f6b8f6d156 reset the db privilege cache when revoking db priviges on DROP ROLE 2013-10-23 05:09:17 -07:00
Sergei Golubchik
614478921f MDEV-5172 safe_mutex: Trying to lock mutex when the mutex was already locked on using a role and I_S role tables 
don't forget to unlock if the current role isn't found
 2013-10-23 03:28:41 -07:00
Sergei Golubchik
fd826cc3bd properly propagate privilege changes on DROP ROLE 2013-10-23 03:26:09 -07:00
Sergei Golubchik
82037f9c0e don't rebuild all parent_grantees/role_grants arrays when a role is dropped, 
only remove this role from the arrays where it is present.
 2013-10-23 03:25:24 -07:00
Sergei Golubchik
a3f4b58dac move role tests to a dedicated suite 2013-10-21 19:57:25 -07:00
Sergei Golubchik
779693f409 fixes for builbot 1 2013-10-20 16:39:51 -07:00
Sergei Golubchik
af3079589f fix a misplaced #endif that was confusing ctags 2013-10-20 16:39:44 -07:00
Sergei Golubchik
c1c0a83772 ACL_USER methods for comparing ACL_USER objects 2013-10-20 08:51:49 +02:00
Sergei Golubchik
ce68878947 fixes for embedded 2013-10-18 18:56:28 -07:00
Sergei Golubchik
cb9d3bec46 post-review changes 2013-10-18 15:54:41 -07:00
Sergei Golubchik
40c43c395b remove old incorrect bugfix that moved reading of procs_priv table into a separate function. 
FLUSH PRIVILEGES no longer returns an error, when it was successful.
LOCK_grant is no longed unlocked/relocked between tables_priv and procs_priv
 2013-10-18 15:52:33 -07:00
Sergei Golubchik
f74b9eca6e remove ER_RESERVED_ROLE. 
Only allow NONE instead of a role name in SET ROLE.
Don't allow PUBLIC as a role name anywhere (to be fixed later)
Fix db_access calculations on SET ROLE
Reduce the size of role_grants and parent_grantee per-user/role arrays.
Fix the wording and specify the correct sqlstate for ER_INVALID_ROLE
 2013-10-18 15:52:26 -07:00
Sergei Golubchik
4ec26a7c2d replication of GRANT role statement 2013-10-18 13:18:03 -07:00
Sergei Golubchik
4d3e4c2984 make functions static, remove unused constructors, other small cleanups 2013-10-18 13:17:42 -07:00
Sergei Golubchik
13cca92de4 fix funcs_1.is_engines_federated failure when no ha_federatex.so is present 2013-10-18 13:17:27 -07:00
Sergei Golubchik
d2c683527f recursive privilege propagation for roles. 
functions for traversing the role graph in either direction.
merging of global, database, table, column, routine privileges.
debug status variables for counting number of privilege merges.
tests.
 2013-10-18 13:06:41 -07:00
Sergei Golubchik
7fba8e5164 find() method for Hash_set<>. 
Move key function from template parameter to the constructor
 2013-10-18 12:36:03 -07:00
Sergei Golubchik
3098b6cf5b qsort2, pop, push methods for Dynamic_array<> 2013-10-18 12:35:22 -07:00
Sergei Golubchik
b221ec6529 enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00
Sergei Golubchik
2f2699f97b cleanup. 
mainly to avoid the pattern of
* get username/hostname/rolename
* optionally find the corresponding ACL_USER and ACL_ROLE
* allocate memory, concatenate username/hostname/rolename
* call a function passing only this memory as an argument
** use concatenated username/etc to find ACL_USER and ACL_ROLE again
** do something
* free the object

Also to undo push_dynamic we use pop_dynamic now,
not a linear search/scan through the dynamic array.

as a bonus, role@ is now an invalid way to refer to a role.
 2013-10-18 12:34:44 -07:00
Sergei Golubchik
f1a71b6815 bugfix: missing restore_record when modifying roles_mapping() table. 
(and an assert in myisam to catch these bugs easier in the future)
update tests/results
 2013-10-18 12:27:07 -07:00
Sergei Golubchik
e5211e0cde information_schema.applicable_roles.is_grantable column 2013-10-18 12:26:43 -07:00
Sergei Golubchik
67985b283a require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00
Sergei Golubchik
7fb978c793 auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00
Sergei Golubchik
46622dbea2 load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00
Sergei Golubchik
9d6e9c242e store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00
Sergei Golubchik
66f0c2e308 small cleanup 2013-10-18 12:25:23 -07:00
Sergei Golubchik
0c303b52a9 New syntax: 
CREATE ROLE xxx WITH ADMIN yyy
  GRANT xxx TO yyy WITH ADMIN OPTION
  REVOKE ADMIN OPTION FOR xxx FROM yyy
 2013-10-18 12:23:15 -07:00
Sergei Golubchik
1c7bcdb4f0 mtr: check that mysql.roles_mapping table isn't modified in tests 2013-10-18 12:21:48 -07:00
Sergei Golubchik
c28bf2a344 bugfix: propagate grant changes through the role graph after table/column/routine grants 2013-10-18 12:21:37 -07:00
Sergei Golubchik
d0db4f2261 add Admin_option column to mysql.roles_mapping. update tests/results 2013-10-18 12:21:10 -07:00
Sergei Golubchik
7dda698734 rename columns in mysql.roles_mapping to be consistent with other privilege tables 2013-10-18 12:19:37 -07:00
Sergei Golubchik
b2f16628cf support DEFINER=role and DEFINER=current_role 2013-10-18 12:17:49 -07:00
Sergei Golubchik
b054700619 speed up fill_effective_table_privileges() - avoid calling expensive acl_get() 2013-10-18 11:46:43 -07:00
Sergei Golubchik
02a7291954 cleanup 
sql/sp.cc:
  don't split "user@host" string in db_load_routine, because the caller needs to
  generate it from user and host. instead pass user and host directly into db_load_routine
sql/sql_parse.cc:
  1. REVOKE ALL doesn't need invoker.
  2. make sp_process_definer() reusable
sql/sql_trigger.cc:
  don't duplicate the code from sp_process_definer(), reuse it
sql/sql_view.cc:
  don't duplicate the code from sp_process_definer(), reuse it
 2013-10-18 11:46:30 -07:00
Sergei Golubchik
ac6877d420 SET PASSWORD bugfixes: 
* work as documented, use CURRENT_USER()
* move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
 2013-10-18 11:41:40 -07:00
Sergei Golubchik
4cc8cda346 Remove the very old historical but never documented behavior, 
than an empty host '' is the same as any-host wildcard '%'.

Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables.

Side effect: one cannot have foo@'' and foo@'%' both at the same time
(but one can have foo@'%' and foo@'%%')
 2013-10-18 11:38:13 -07:00
Sergei Golubchik
cefe5d964b update test results 2013-10-18 11:38:01 -07:00
Vicențiu Ciorbaru
5630967dd5 Fixed GRANT ROLE TO ROLE not updating acl_roles_mappings hash. 
Also fixed possible memory exploit by repeteadly calling:
GRANT role to user; where role was already granted to user.
 2013-10-18 09:26:02 -07:00
Vicențiu Ciorbaru
a34dff8825 Removed redundant code in update_acl_user. User related functions 
should deal with users, while role related functions should deal
with roles.
 2013-10-18 09:25:53 -07:00
Vicențiu Ciorbaru
60f19cbc9a Added GRANT ROLE TO ... and REVOKE ROLE FROM ... functionality. 
TODO:

Privilege checks are not done upon executing the command.
 2013-10-18 09:25:42 -07:00
Vicențiu Ciorbaru
df48f63684 Fixed rolenames case insensitivity bug. Also cleared compiler warning. 
Fixed segmentation fault caused in traverse_role_graph by previous commit
 2013-10-18 09:20:59 -07:00
Vicențiu Ciorbaru
507c4be955 Fixed bug that caused the ROLE_VISITED flag to remain set if the exploration 
was halted on a cycle detect. Now the to_clear array is populated during
the open event and not the close event.
 2013-10-18 09:19:53 -07:00
Sergei Golubchik
fe2d265704 INFORMATION_SCHEMA.APPLICABLE_ROLES table 2013-10-18 09:15:55 -07:00
Sergei Golubchik
7f0965f490 information_schema.enabled_roles table 2013-10-18 09:15:46 -07:00
Sergei Golubchik
8993984342 CURRENT_ROLE() should return NULL, not "NONE" 2013-10-18 09:09:08 -07:00
Sergei Golubchik
97c3989409 remove DROP ROLE IF EXISTS and CREATE ROLE IF NOT EXISTS syntax 2013-10-18 09:08:55 -07:00
Sergei Golubchik
353576f3d3 GRANT/REVOKE should specify role name as 'role' not as 'role'@'%' 2013-10-18 09:08:42 -07:00