Commit graph

60 commits

Author SHA1 Message Date
kroki@mysql.com
3ad0cac41b Reapply fix for bug#16372 (Server crashes when test 'conc_sys' is running)
after merge.

Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.

Ensure that proper locking of ACL structures is done.

No test case is provided because this bug can't be reproduced
deterministically.
2006-05-06 11:25:59 +04:00
timour@mysql.com
687b66b8da WL#2486 - natural/using joins according to SQL:2003
Post-review fixes that simplify the way access rights
are checked during name resolution and factor out all
entry points to check access rights into one single
function.
2005-11-30 21:27:11 +02:00
bell@sanja.is.com.ua
c1b185f5ff WL#2787 (Add view definer/owner to the view definition (.frm) to check privileges on used tables and stored routines when using a VIEW.)
Part 2 postreview fixes.
2005-09-20 21:20:38 +03:00
bell@sanja.is.com.ua
aec371f910 WL#2787 (part 2, ver 3 (merged)) changed securety context switching 2005-09-15 22:29:07 +03:00
bell@sanja.is.com.ua
71ffbbf81b part 1 (ver 2, postreview fix) of WL#2787
view definer information syntax/storage/replication
fixed SOURCE field of .frm
2005-09-14 10:53:09 +03:00
dlenev@mysql.com
d23732962f Merge mysql.com:/home/dlenev/src/mysql-4.1-bg12423
into  mysql.com:/home/dlenev/src/mysql-5.0-merges
2005-09-01 23:25:29 +04:00
dlenev@mysql.com
da2af0bb6d Fix for bug #12423 "Deadlock when doing FLUSH PRIVILEGES and GRANT in
multi-threaded environment".

To avoid deadlocks between several simultaneously run account management 
commands (particularly between FLUSH PRIVILEGES/SET PASSWORD and GRANT
commands) we should always take table and internal locks during their
execution in the same order. In other words we should first open and lock
privilege tables and only then obtain acl_cache::lock/LOCK_grant locks.
2005-09-01 16:52:59 +04:00
bell@sanja.is.com.ua
bfbd0e241b added processing of view grants to table grants (BUG#9795) 2005-07-05 13:36:36 +03:00
acurtis@xiphis.org
8df5887ad5 Bug#10246 - Parser: bad syntax for GRANT EXECUTE
Rename some functions
  more fine-grained sp privileges
  make grant/revoke sp grammar less ambigious
2005-05-17 19:54:20 +01:00
mysqldev@mysql.com
ad26a667e6 sql_acl.cc, sql_acl.h, sql_parse.cc
New privilege CREATE USER (CREATE_USER_ACL, Create_user_priv) added
grant2.test:
  new tests (mostly backported from jani's patch)
system_mysql_db.result, sp.result, grant2.result, grant.result:
  results updated
2005-03-22 15:54:18 +01:00
monty@mysql.com
dd4db08438 Code cleanups during review of pushed code 2005-03-15 16:07:28 +02:00
gluh@gluh.mysql.r18.ru
df2b38913f WL2131: Access control for SHOW ... PROCEDURE|FUNCTION ... 2005-03-05 14:35:32 +03:00
serg@serg.mylan
c76405a7ee merged 2005-01-24 19:41:42 +01:00
serg@serg.mylan
67ba2e367a fixes/cleanups according to Coverity report 2005-01-24 15:48:25 +01:00
monty@mysql.com
d35140a851 First stage of table definition cache
Split TABLE to TABLE and TABLE_SHARE (TABLE_SHARE is still allocated as part of table, will be fixed soon)
Created Field::make_field() and made Field_num::make_field() to call this
Added 'TABLE_SHARE->db' that points to database name; Changed all usage of table_cache_key as database name to use this instead
Changed field->table_name to point to pointer to alias. This allows us to change alias for a table by just updating one pointer.
Renamed TABLE_SHARE->real_name to table_name
Renamed TABLE->table_name to alias
Renamed TABLE_LIST->real_name to table_name
2005-01-06 13:00:13 +02:00
acurtis@pcgem.rdg.cyberkinetica.com
b1e30904d5 WL#925 - Privileges for stored routines
Implement fine-grained control over access to stored procedures
  Privileges are cached (same way as existing table/column privs)
2004-12-23 10:46:24 +00:00
ingo@mysql.com
cb53411b47 WL#2050 - CREATE USER and DROP USER and RENAME USER
Added new commands CREATE USER and RENAME USER.
Changed behaviour of DROP USER.
Changed an error messages for the new commands.
2004-11-25 21:55:49 +01:00
bell@sanja.is.com.ua
4714a6e744 errors without code removed
net_printf/send_error calls replaced by my_error family functions
-1/1 (sent/unsent) error reporting removed
(WL#2133)
2004-10-20 04:04:37 +03:00
monty@mysql.com
31122efde7 Merge with 4.1
(Includes merge of arena code in 4.1 and 5.0)
2004-09-06 15:14:10 +03:00
serg@serg.mylan
2852862c68 apply in SET PASSWORD same checks as in GRANT, to let only valid hashes through 2004-07-30 22:05:08 +02:00
bell@sanja.is.com.ua
9336d36cf8 VIEW
two TABLE_LIST copy eliminated
2004-07-16 01:15:55 +03:00
pem@mysql.com
bf45960eef Merge 4.1 -> 5.0 2004-05-07 18:52:06 +02:00
bell@sanja.is.com.ua
a535342d57 after review PS fixes 2004-04-10 01:14:32 +03:00
pem@mysql.com
dfd59e296e Merge 4.1 -> 5.0. 2004-04-07 19:07:44 +02:00
serg@serg.mylan
34c28c6bd9 SHOW PRIVILEGES updated (Bug#3227) 2004-03-24 14:44:31 +01:00
pem@mysql.com
99e0ae85c7 Merge 4.1 to 5.0. 2003-12-19 18:03:27 +01:00
monty@mysql.com
031390a9a4 Fixes after merge with 4.0
Cleaned up embedded library access and query cache handling
Changed min stack size to 128K (to allow longer MyISAM keys)
Fixed wrong priority for XOR (should be less than NEG to get -1^1 to work)
2003-12-19 16:25:50 +02:00
pem@mysql.comhem.se
07541b6abf WL#1365: Implement definer's rights execution of stored procedures.
(Also put the hostpart back in the definer column.)
2003-12-13 16:40:52 +01:00
hf@deer.(none)
72566c794e SCRUM
WL#1284 (warnings about --skip-name-resolve)
Now MySQL will issue warnings during startup about entries in
grant tables with hostnames that require resolve, and after
GRANT commands with that kind of hostnames.
2003-11-20 12:55:48 +04:00
serg@serg.mylan
c752d2cad0 removed one more hack that - as usual - almost always worked
(but broke permission handling for *some* IP's after we started to compare in utf8)
Bug #1636
2003-10-24 23:27:21 +02:00
hf@deer.(none)
ba8fa76fa2 SCRUM:
WL#604 Privileges in embedded library
code added to check privileges in embedded library
NO_EMBEDDED_ACCESS_CHECKS macros inserted in code so we can exclude
access-checking parts. Actually we now can exclude these parts from
standalone server as well. Do we need it?
Access checks are disabled in embedded server by default. One should
edit libmysqld/Makefile manually to get this working.
We definitely need the separate configure for embedded server
2003-09-26 15:33:13 +05:00
kostja@oak.local
36dd82c1d5 merge commit, hope that none of bar and dlenev changes were
lost.
2003-09-03 14:12:10 +04:00
monty@mashka.mysql.fi
2263e3e51f Merge with 4.0.14 2003-08-11 22:44:43 +03:00
kostja@oak.local
50d3291aee manual merge 2003-07-31 17:11:52 +04:00
serg@serg.mylan
2cac8f0768 now GRANT db.* ... compares patterns correctly to prevent privilege escalation 2003-07-22 22:21:23 +02:00
kostja@oak.local
a232225b69 Preliminary support for options --secure-auth,
--old-passwords
Support for option --old-protocol was removed.
Some test performed.
Tests for SSL and replication are pending.
More strict following to specification for --old-passwords
is in the TODO.
2003-07-08 02:36:14 +04:00
kostja@oak.local
7df0475847 First version of new authentification procedure: now authentification is one-stage (instead of two-stage in 4.1)
For now following tasks have been done:
- PASSWORD() function was rewritten. PASSWORD() now returns SHA1
  hash_stage2; for new passwords user.password contains '*'hash_stage2; sql_yacc.yy also fixed; 

- password.c: new functions were implemented, old rolled back to 4.0 state

- server code was rewritten to use new authorization algorithm (check_user(), change
  user, and other stuff in sql/sql_parse.cc)

- client code was rewritten to use new authorization algorithm
  (mysql_real_connect, myslq_authenticate in sql-common/client.c)

- now server barks on 45-byte-length 4.1.0 passwords and refuses 4.1.0-style
  authentification. Users with 4.1.0 passwords are blocked (sql/sql_acl.cc)

- mysqladmin.c was fixed to work correctly with new passwords

Tests for 4.0-4.1.1, 4.1.1-4.1.1 (with or without db/password) logons was performed;
mysqladmin also was tested. Additional check are nevertheless necessary.
2003-07-01 23:40:59 +04:00
monty@narttu.mysql.fi
a51ea11147 SHOW GRANTS hided real grants when grants on both column and table (Bug 654) 2003-06-23 20:03:59 +03:00
serg@sergbook.mylan
c6d9d57b37 fixed bug in references column grants 2003-06-23 12:48:55 +02:00
gluh@gluh.mysql.r18.ru
7d020eae17 REVOKE all privileges and delete user(244) 2003-06-06 17:43:23 +05:00
monty@narttu.mysql.fi
dd2b7918cd Merge with 4.0.13 2003-05-19 16:35:49 +03:00
monty@narttu.mysql.fi
9e4f394e59 Fix reference to not initialized memory
Changed handing of priv_host to fix bug in FLUSH PRIVILEGES
2003-04-30 10:15:09 +03:00
serg@serg.mylan
d13e4fc532 CURRENT_USER() and "access denied" error messages now report hostname exactly as it was specified in the GRANT command (with wildcards, that is) 2003-04-29 00:15:18 +02:00
peter@mysql.com
3ee8bee22f Basically minor code optimizations and cleanups 2002-12-05 03:55:29 +03:00
peter@mysql.com
54ff0efe7c SCRUM: Secure auth
Implement mysql_change_user
Get rid of double user search at authentication
Some cleanups
2002-11-30 16:31:58 +03:00
peter@mysql.com
925155cf5a Merge.... 2002-11-24 17:26:26 +03:00
peter@mysql.com
35ccfd0b42 SCRUM: Main change for Secure connection handling. Still needs some more coding. Commit
done for merge with newer version of code.
2002-11-24 17:07:53 +03:00
monty@hundin.mysql.fi
1e0538324d Added back old LARGEFILE handling
Fixed reference to freed memory in acl_init()/grant_init()
Fixed possible memory leak. (Could only happen in very strange circumstances)
Fixed bug in ALTER TABLE with BDB tables
Updated mysql-test for valgrind
2002-10-29 21:59:03 +02:00
monty@mashka.mysql.fi
c85c33a5c1 Added CREATE TEMPORARY TABLES and LOCK TABLES to db and host tables
Fixed bug in SELECT ... ORDER BY ... LIMIT
Fixed bug in ALTER TABLE and RENAME TABLE with --lower-case-table-names
Fixed hang when using --with-openssl
2002-09-16 15:55:19 +03:00
monty@mashka.mysql.fi
0281a6b160 Fixed searching after ssl directories.
Fixed that GRANT ... REQUIRE options are not forgot when doing new GRANT
Changed fn_ext to point at first '.' after directory.
FLUSH LOGS removed numerical extension for all future update logs.
Fixed the mysqld --help reports right values for --datadir and --bind-address
--log-binary=a.b.c now properly strips of .b.c
Fix that one can DROP UDF functions that was not loaded at startup
Made AND optional in REQUIRE
Added REQUIRE NONE
2002-09-05 16:17:08 +03:00