mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-18 04:53:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
85551 commits 2784 branches 343 tags 1.6 GiB
Commit graph

85551 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sergei Golubchik
cefe5d964b update test results 2013-10-18 11:38:01 -07:00
Vicențiu Ciorbaru
5630967dd5 Fixed GRANT ROLE TO ROLE not updating acl_roles_mappings hash. 
Also fixed possible memory exploit by repeteadly calling:
GRANT role to user; where role was already granted to user.
 2013-10-18 09:26:02 -07:00
Vicențiu Ciorbaru
a34dff8825 Removed redundant code in update_acl_user. User related functions 
should deal with users, while role related functions should deal
with roles.
 2013-10-18 09:25:53 -07:00
Vicențiu Ciorbaru
60f19cbc9a Added GRANT ROLE TO ... and REVOKE ROLE FROM ... functionality. 
TODO:

Privilege checks are not done upon executing the command.
 2013-10-18 09:25:42 -07:00
Vicențiu Ciorbaru
df48f63684 Fixed rolenames case insensitivity bug. Also cleared compiler warning. 
Fixed segmentation fault caused in traverse_role_graph by previous commit
 2013-10-18 09:20:59 -07:00
Vicențiu Ciorbaru
507c4be955 Fixed bug that caused the ROLE_VISITED flag to remain set if the exploration 
was halted on a cycle detect. Now the to_clear array is populated during
the open event and not the close event.
 2013-10-18 09:19:53 -07:00
Sergei Golubchik
fe2d265704 INFORMATION_SCHEMA.APPLICABLE_ROLES table 2013-10-18 09:15:55 -07:00
Sergei Golubchik
7f0965f490 information_schema.enabled_roles table 2013-10-18 09:15:46 -07:00
Sergei Golubchik
8993984342 CURRENT_ROLE() should return NULL, not "NONE" 2013-10-18 09:09:08 -07:00
Sergei Golubchik
97c3989409 remove DROP ROLE IF EXISTS and CREATE ROLE IF NOT EXISTS syntax 2013-10-18 09:08:55 -07:00
Sergei Golubchik
353576f3d3 GRANT/REVOKE should specify role name as 'role' not as 'role'@'%' 2013-10-18 09:08:42 -07:00
Sergei Golubchik
06e16b8c97 cannot use lex->grant_user= &current_user, where LEX_USER current_user is a global constant, 
because parser might modify the lex->user (e.g. set lex->user-password).
switch to use LEX_STRING current_user string, and also change other similar constants
to be LEX_STRING's for consistency.
 2013-10-18 08:17:56 -07:00
Sergei Golubchik
cdb5510204 fix mysql_upgrade to preserve the collation of mysql.user.is_role 2013-10-18 08:14:04 -07:00
Sergei Golubchik
72d8b533cc Fixes for mysql-test failures 
mysql-test/r/acl_roles_show_grants.result:
  one can do SHOW GRANTS for himself
mysql-test/t/acl_roles_set_role-table-column-priv.test:
  correct error message
mysql-test/t/acl_roles_show_grants.test:
  one can SHOW GRANTS for himself
sql/sql_acl.cc:
  bugfixing:
  * don't assign with && - it can shortcut and the second assignment won't be executed
  * correct the test in check_grant_all_columns() - want_access should not be modified
  *
sql/sql_cmd.h.OTHER:
  add new commands at the end
sql/sql_db.cc:
  don't call acl_get() if all privileges are already satisfied
  (crashes when run with --skip-grants, because acl data stuctures aren't initialized)
sql/sql_parse.cc:
  * test for current_user in get_current_user()
  * map explicitly specified user@host to current_user
 2013-10-18 08:10:51 -07:00
Sergei Golubchik
8122996a59 CURRENT_ROLE() function 2013-10-18 06:55:26 -07:00
Vicențiu Ciorbaru
1ac0b920d5 Added GRANT ROLE TO ROLE | USER functionality. 
The command only currenty affects in memory data structures. Writing to
the roles_mapping table needs to be implemented.
 2013-10-18 06:49:53 -07:00
Vicențiu Ciorbaru
95ef78e432 SET ROLE now works recursively for routines. 
The warnings present in the set_role_routine-simple testcase will
be removed when reworking the grant privilege to call.
 2013-10-18 06:49:38 -07:00
Vicențiu Ciorbaru
bbc2771d24 SET ROLE now works recursively for table and column level privileges 2013-10-18 06:47:49 -07:00
Vicențiu Ciorbaru
1aedd4a585 Removed init_hash_columns hash and instead added an init_rights field 
to the hash_columns' original elements (GRANT_COLUMN)
 2013-10-18 06:45:36 -07:00
Vicențiu Ciorbaru
6f9d26f09f Show grants now correctly prints procedure privileges. 2013-10-18 06:42:59 -07:00
Vicențiu Ciorbaru
d83bbc1ffc Initialize init_access fields for all privilege data structures. 2013-10-18 06:42:03 -07:00
Vicențiu Ciorbaru
4a58599930 Implemented SHOW GRANTS functionality 2013-10-18 06:40:25 -07:00
Vicențiu Ciorbaru
d24ead2c6f Various bug fixes. 
Also updated tests to reflect new show grants functionality.
 2013-10-18 06:34:27 -07:00
Vicențiu Ciorbaru
8c7ca88a6c Added comment for database privilege checks. 2013-10-18 06:34:18 -07:00
Vicențiu Ciorbaru
f2ab661999 Added SHOW GRANTS recursive role print. 
The output is not completely correct due to recursive role grants not
being completly implemented. However, this will help with testing the
implementation of set role with recursive grants.
 2013-10-18 06:34:07 -07:00
Vicențiu Ciorbaru
3436691899 Refactored get_role_access into a generic traverse function. 
The function now performs a DEPTH FIRST SEARCH on the role graph.

At various key points: on_start, on_open, on_cycle, on_finish,
the function calls one of the corresponding functions passed as parameters.
 2013-10-18 06:22:17 -07:00
Vicențiu Ciorbaru
1bfc610dc7 Added show role grants functionality to the mysql_show_grants function. 2013-10-18 06:17:47 -07:00
Vicențiu Ciorbaru
0fea3316dd Refactored mysql_show_grants table and column privilege print into a separate 
function.

The function will be used to help print roles privileges recursively.
 2013-10-18 06:17:19 -07:00
Vicențiu Ciorbaru
d611407529 Refactored mysql_show_grants database privilege print into a separate 
function.

The function will be used to help print roles privileges recursively.
 2013-10-18 06:15:50 -07:00
Vicențiu Ciorbaru
4a9832680c Refactored mysql_show_grants global privilege print into a separate 
function.

The function will be used to help print roles privileges recursively.
 2013-10-18 06:09:30 -07:00
Vicențiu Ciorbaru
2826399e64 Fixed failing test due to wrong display order 2013-10-18 06:01:01 -07:00
Vicențiu Ciorbaru
daf0345a7b Added recursive database roles privilege propagation. 
The privileges are not correctly updated via grant commands yet.
 2013-10-18 06:00:48 -07:00
Vicențiu Ciorbaru
766ae81aa4 Fixed bug that caused rename user test case to fail. 
The bug was caused by not renaming the role if it was previously
modified by the handle_grant_struct(ROLE_ACL,...) call.

The same function used find_acl_role and would search for the already
renamed role when it handled ROLES_MAPPINGS_HASH. This caused it to not rename
the role/user correctly.
 2013-10-18 05:41:52 -07:00
Vicențiu Ciorbaru
1fe9272479 Removed no longer used error message. 2013-10-18 05:41:43 -07:00
Vicențiu Ciorbaru
3fa2cb2126 Updated error message in case the user table's format is not up to date and can 
not support roles
 2013-10-18 05:41:34 -07:00
Vicențiu Ciorbaru
ce4851c3d0 Reworked the implementation of create role and drop role. 
Also fixed issue with drop role not clearing internal memory entry
for that role. The issue was due to a condition introduced in handle_grant_data

Updated testsuite to also check the possible error conditions.
 2013-10-18 05:41:25 -07:00
Vicențiu Ciorbaru
db850c525f Added CREATE ROLE support as well as DROP ROLE support. 2013-10-18 05:41:13 -07:00
Vicențiu Ciorbaru
81b2856e10 Refactored yacc grammar to make use of named constants. 2013-10-18 05:16:38 -07:00
Vicențiu Ciorbaru
3566f317c0 Added simple database privilege test for roles. 2013-10-18 05:13:33 -07:00
Vicențiu Ciorbaru
ccd0c39cf4 Fixed crash caused by dereferencing null pointer. The comparison is no longer necessary there. 2013-10-18 05:13:22 -07:00
Vicențiu Ciorbaru
84a2f06fb2 Fixed always true condition that caused crash on database initialisation. 2013-10-18 05:11:40 -07:00
Vicențiu Ciorbaru
c4c09afb18 Fixed _always_ true condition 2013-10-18 05:11:31 -07:00
Vicențiu Ciorbaru
fe521dc28e Implemented _non recursive_ role specific grants for table/column level privileges 2013-10-18 05:11:16 -07:00
Vicențiu Ciorbaru
2060937353 Grant privilege on *.* to role@''; now updates in memory data structures; 
Revoke privilege on *.* to role@''; also works
 2013-10-18 04:47:55 -07:00
Vicențiu Ciorbaru
3d17d94cd6 Added GRANT privilege ON database.table TO role; functionality 2013-10-18 04:43:09 -07:00
Vicențiu Ciorbaru
01d4f47ef5 Added GRANT privilege ON database.* TO role; functionality 2013-10-18 04:41:18 -07:00
Vicențiu Ciorbaru
dcc9fd4c8e Implemented syntax recognition for REVOKE ROLE 2013-10-18 04:41:06 -07:00
Vicențiu Ciorbaru
ec92a4e0ff Implemented syntax recognition for DROP ROLE 2013-10-18 04:36:25 -07:00
Vicențiu Ciorbaru
fac8c9ef43 Added optional if not exists for create role. 2013-10-18 04:35:36 -07:00
Vicențiu Ciorbaru
51c631c2ae Implemented syntax recognition for CREATE ROLE 2013-10-18 04:35:18 -07:00