mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-17 20:42:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
85559 commits 2784 branches 343 tags 1.6 GiB
Commit graph

32810 commits

Author SHA1 Message Date
Sergei Golubchik
c28bf2a344 bugfix: propagate grant changes through the role graph after table/column/routine grants 2013-10-18 12:21:37 -07:00
Sergei Golubchik
d0db4f2261 add Admin_option column to mysql.roles_mapping. update tests/results 2013-10-18 12:21:10 -07:00
Sergei Golubchik
7dda698734 rename columns in mysql.roles_mapping to be consistent with other privilege tables 2013-10-18 12:19:37 -07:00
Sergei Golubchik
b2f16628cf support DEFINER=role and DEFINER=current_role 2013-10-18 12:17:49 -07:00
Sergei Golubchik
ac6877d420 SET PASSWORD bugfixes: 
* work as documented, use CURRENT_USER()
* move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
 2013-10-18 11:41:40 -07:00
Sergei Golubchik
4cc8cda346 Remove the very old historical but never documented behavior, 
than an empty host '' is the same as any-host wildcard '%'.

Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables.

Side effect: one cannot have foo@'' and foo@'%' both at the same time
(but one can have foo@'%' and foo@'%%')
 2013-10-18 11:38:13 -07:00
Sergei Golubchik
cefe5d964b update test results 2013-10-18 11:38:01 -07:00
Vicențiu Ciorbaru
5630967dd5 Fixed GRANT ROLE TO ROLE not updating acl_roles_mappings hash. 
Also fixed possible memory exploit by repeteadly calling:
GRANT role to user; where role was already granted to user.
 2013-10-18 09:26:02 -07:00
Vicențiu Ciorbaru
60f19cbc9a Added GRANT ROLE TO ... and REVOKE ROLE FROM ... functionality. 
TODO:

Privilege checks are not done upon executing the command.
 2013-10-18 09:25:42 -07:00
Sergei Golubchik
fe2d265704 INFORMATION_SCHEMA.APPLICABLE_ROLES table 2013-10-18 09:15:55 -07:00
Sergei Golubchik
7f0965f490 information_schema.enabled_roles table 2013-10-18 09:15:46 -07:00
Sergei Golubchik
8993984342 CURRENT_ROLE() should return NULL, not "NONE" 2013-10-18 09:09:08 -07:00
Sergei Golubchik
353576f3d3 GRANT/REVOKE should specify role name as 'role' not as 'role'@'%' 2013-10-18 09:08:42 -07:00
Sergei Golubchik
06e16b8c97 cannot use lex->grant_user= &current_user, where LEX_USER current_user is a global constant, 
because parser might modify the lex->user (e.g. set lex->user-password).
switch to use LEX_STRING current_user string, and also change other similar constants
to be LEX_STRING's for consistency.
 2013-10-18 08:17:56 -07:00
Sergei Golubchik
cdb5510204 fix mysql_upgrade to preserve the collation of mysql.user.is_role 2013-10-18 08:14:04 -07:00
Sergei Golubchik
72d8b533cc Fixes for mysql-test failures 
mysql-test/r/acl_roles_show_grants.result:
  one can do SHOW GRANTS for himself
mysql-test/t/acl_roles_set_role-table-column-priv.test:
  correct error message
mysql-test/t/acl_roles_show_grants.test:
  one can SHOW GRANTS for himself
sql/sql_acl.cc:
  bugfixing:
  * don't assign with && - it can shortcut and the second assignment won't be executed
  * correct the test in check_grant_all_columns() - want_access should not be modified
  *
sql/sql_cmd.h.OTHER:
  add new commands at the end
sql/sql_db.cc:
  don't call acl_get() if all privileges are already satisfied
  (crashes when run with --skip-grants, because acl data stuctures aren't initialized)
sql/sql_parse.cc:
  * test for current_user in get_current_user()
  * map explicitly specified user@host to current_user
 2013-10-18 08:10:51 -07:00
Sergei Golubchik
8122996a59 CURRENT_ROLE() function 2013-10-18 06:55:26 -07:00
Vicențiu Ciorbaru
95ef78e432 SET ROLE now works recursively for routines. 
The warnings present in the set_role_routine-simple testcase will
be removed when reworking the grant privilege to call.
 2013-10-18 06:49:38 -07:00
Vicențiu Ciorbaru
bbc2771d24 SET ROLE now works recursively for table and column level privileges 2013-10-18 06:47:49 -07:00
Vicențiu Ciorbaru
6f9d26f09f Show grants now correctly prints procedure privileges. 2013-10-18 06:42:59 -07:00
Vicențiu Ciorbaru
4a58599930 Implemented SHOW GRANTS functionality 2013-10-18 06:40:25 -07:00
Vicențiu Ciorbaru
d24ead2c6f Various bug fixes. 
Also updated tests to reflect new show grants functionality.
 2013-10-18 06:34:27 -07:00
Vicențiu Ciorbaru
1bfc610dc7 Added show role grants functionality to the mysql_show_grants function. 2013-10-18 06:17:47 -07:00
Vicențiu Ciorbaru
2826399e64 Fixed failing test due to wrong display order 2013-10-18 06:01:01 -07:00
Vicențiu Ciorbaru
daf0345a7b Added recursive database roles privilege propagation. 
The privileges are not correctly updated via grant commands yet.
 2013-10-18 06:00:48 -07:00
Vicențiu Ciorbaru
3fa2cb2126 Updated error message in case the user table's format is not up to date and can 
not support roles
 2013-10-18 05:41:34 -07:00
Vicențiu Ciorbaru
ce4851c3d0 Reworked the implementation of create role and drop role. 
Also fixed issue with drop role not clearing internal memory entry
for that role. The issue was due to a condition introduced in handle_grant_data

Updated testsuite to also check the possible error conditions.
 2013-10-18 05:41:25 -07:00
Vicențiu Ciorbaru
db850c525f Added CREATE ROLE support as well as DROP ROLE support. 2013-10-18 05:41:13 -07:00
Vicențiu Ciorbaru
3566f317c0 Added simple database privilege test for roles. 2013-10-18 05:13:33 -07:00
Vicențiu Ciorbaru
dcf76e6514 Added a more complicated test for recursive role grants. 2013-10-17 20:52:29 -07:00
Vicențiu Ciorbaru
9272e34a90 Minor test update to eliminate random row order. 2013-10-17 20:52:21 -07:00
Vicențiu Ciorbaru
a0a8f50895 Added a test for acl_roles to test renaming of roles/ usernames 2013-10-17 20:52:04 -07:00
Vicențiu Ciorbaru
00f4f408ea Minor update on tests. 
Fixed possible failing condition due to different order of table rows
 2013-10-17 20:51:19 -07:00
Vicențiu Ciorbaru
68214d21a0 Fixed failing tests due to wrong delete in the testsuite. 2013-10-17 20:51:10 -07:00
Vicențiu Ciorbaru
b4f3ba2643 Added testcase to check that granting a role to a role works. 2013-10-17 20:50:24 -07:00
Vicențiu Ciorbaru
df16e75983 Updated acl_roles_set_role-simple test to use default sql syntax. 
Also called show grants before and after set role. Unfortunately the role
privileges printing are not implemented yet.
 2013-10-17 20:45:39 -07:00
Vicențiu Ciorbaru
5470c200d5 Added testcase for the command SET ROLE. 
The testcase checks to see if the privileges are set accordingly to a newly
created user. This is the most general usecase.
 2013-10-17 20:45:25 -07:00
Vicențiu Ciorbaru
d96e7fa765 Added testcase for acl_roles. 
The testcase checks to see if the create user command sets the is_role column
to 'N' by default
 2013-10-17 20:45:11 -07:00
Vicențiu Ciorbaru
8bb04a90c2 Modified test result to accound for the roles_mapping table. 2013-10-17 14:57:15 -07:00
timour@askmonty.org
afed809297 MDEV-5123 Remove duplicated conditions pushed both to join_tab->select_cond and join_tab->cache_select->cond for blocked joins. 
BNL and BNLH joins pre-filter the records from a joined table via JOIN_TAB::cache_select->cond.
There is no need to re-evaluate the same conditions via JOIN_TAB::select_cond. This patch removes
the duplicated conditions from the top-level conjuncts of each pushed condition.

The added "Using where" in few EXPLAINs is due to taking into account tab->cache_select->cond
in addition to tab->select_cond in JOIN::save_explain_data_intern.
 2013-10-18 11:45:25 +03:00
Alexander Barkov
b88bf50ec1 Merge 5.5 -> 10.0-base 2013-10-16 20:41:50 +04:00
Alexander Barkov
1039182354 Merge 5.5 -> 10.0-base 2013-10-16 20:26:16 +04:00
Alexander Barkov
70f066eba4 Merge 5.5 -> 10.0-base 2013-10-16 20:24:02 +04:00
Alexander Barkov
11005f3413 Merge 5.3->5.5 2013-10-16 18:17:51 +04:00
Alexander Barkov
5064d03b80 Merge 5.3 -> 5.5. 2013-10-16 17:58:54 +04:00
Alexander Barkov
049000101a Merge 5.1 -> 5.3 2013-10-16 17:48:31 +04:00
Alexander Barkov
de4ca539b8 MDEV-4890 Valgrind warnings on shutdown on a build with openSSL 2013-10-16 17:37:11 +04:00
unknown
73f8b4dac2 MDEV-4981: Account for queries handled by query-cache in USER_STATISTICS (and in HOST_STATISTICS) 
fix for SP & PS
 2013-10-16 16:07:25 +03:00
Sergey Petrunya
c0a741f005 Fix buildbot failures: 
- MYSQL_MULTI_DELETE_DONE probe compile failure
- show_explain_non_select.test
 2013-10-15 16:39:54 +04:00
Sergey Petrunya
1e36cbfa39 MDEV-3798: [SHOW] EXPLAIN UPDATE/DELETE 
- Merge with 10.0-base
 2013-10-15 11:51:41 +04:00