mirror of
https://github.com/MariaDB/server.git
synced 2025-01-23 15:24:16 +01:00
75e2c2fd99
Added new commands CREATE USER and RENAME USER. Changed behaviour of DROP USER. Changed an error messages for the new commands. Docs/mysqld_error.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. include/mysqld_error.h: WL#2050 - CREATE USER and DROP USER and RENAME USER Changed an error code for more general use. mysql-test/r/grant.result: WL#2050 - CREATE USER and DROP USER and RENAME USER Changed test results. mysql-test/r/grant2.result: WL#2050 - CREATE USER and DROP USER and RENAME USER New test results. mysql-test/r/ps_1general.result: WL#2050 - CREATE USER and DROP USER and RENAME USER Changed test results. mysql-test/t/grant.test: WL#2050 - CREATE USER and DROP USER and RENAME USER Updated old tests for new behaviour of DROP USER. It does now implicitly remove all privileges and does not fail when privileges are still in place. Fixed a typo, which left an user in the database, whereby other tests could be confused. Added a DROP USER for another test user. mysql-test/t/grant2.test: WL#2050 - CREATE USER and DROP USER and RENAME USER Added new tests for the new features. sql/share/czech/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/danish/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/dutch/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/english/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/estonian/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/french/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/german/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/greek/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/hungarian/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/italian/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/japanese/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/korean/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/norwegian-ny/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/norwegian/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/polish/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/portuguese/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/romanian/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/russian/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/serbian/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/slovak/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/spanish/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/swedish/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/share/ukrainian/errmsg.txt: WL#2050 - CREATE USER and DROP USER and RENAME USER Modified an error message for more general use. sql/sql_acl.cc: WL#2050 - CREATE USER and DROP USER and RENAME USER Added a destructor for the GRANT_TABLE object to get rid of a hash_column in cases where a nonsense row was read from the privilege tables. Added code to delete such an object when it is not entered into the column_priv_hash due to a nonsense row. Added function comments to two unmodified functions. Replaced mysql_drop_user() by the implementation of all of the functions as specified in the Low Level Design. sql/sql_acl.h: WL#2050 - CREATE USER and DROP USER and RENAME USER Added prototypes for new functions. sql/sql_lex.h: WL#2050 - CREATE USER and DROP USER and RENAME USER Added new command codes for CREATE USER and RENAME USER. sql/sql_parse.cc: WL#2050 - CREATE USER and DROP USER and RENAME USER Added case clauses for the new commands CREATE USER and RENAME USER. sql/sql_yacc.yy: WL#2050 - CREATE USER and DROP USER and RENAME USER Added syntax for the new commands CREATE USER and RENAME USER, reworked DROP USER, introduced a new 'user_list' and 'rename_list', renamed the old 'user_list' to 'grant_list'. The difference is that 'grant_list' contains 'grant_user' (with optional IDENTIFIED BY), while 'user_list' contains 'user'. Concentrated privilege initializazions into a new section 'clear_privileges'.
195 lines
6.8 KiB
C++
195 lines
6.8 KiB
C++
/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
|
|
|
|
#define SELECT_ACL (1L << 0)
|
|
#define INSERT_ACL (1L << 1)
|
|
#define UPDATE_ACL (1L << 2)
|
|
#define DELETE_ACL (1L << 3)
|
|
#define CREATE_ACL (1L << 4)
|
|
#define DROP_ACL (1L << 5)
|
|
#define RELOAD_ACL (1L << 6)
|
|
#define SHUTDOWN_ACL (1L << 7)
|
|
#define PROCESS_ACL (1L << 8)
|
|
#define FILE_ACL (1L << 9)
|
|
#define GRANT_ACL (1L << 10)
|
|
#define REFERENCES_ACL (1L << 11)
|
|
#define INDEX_ACL (1L << 12)
|
|
#define ALTER_ACL (1L << 13)
|
|
#define SHOW_DB_ACL (1L << 14)
|
|
#define SUPER_ACL (1L << 15)
|
|
#define CREATE_TMP_ACL (1L << 16)
|
|
#define LOCK_TABLES_ACL (1L << 17)
|
|
#define EXECUTE_ACL (1L << 18)
|
|
#define REPL_SLAVE_ACL (1L << 19)
|
|
#define REPL_CLIENT_ACL (1L << 20)
|
|
#define CREATE_VIEW_ACL (1L << 21)
|
|
#define SHOW_VIEW_ACL (1L << 22)
|
|
/*
|
|
don't forget to update
|
|
static struct show_privileges_st sys_privileges[]
|
|
in sql_show.cc when adding new privileges!
|
|
*/
|
|
|
|
|
|
#define DB_ACLS \
|
|
(UPDATE_ACL | SELECT_ACL | INSERT_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
|
|
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL | \
|
|
LOCK_TABLES_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL)
|
|
|
|
#define TABLE_ACLS \
|
|
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
|
|
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_VIEW_ACL | \
|
|
SHOW_VIEW_ACL)
|
|
|
|
#define COL_ACLS \
|
|
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
|
|
|
|
#define GLOBAL_ACLS \
|
|
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
|
|
RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL | GRANT_ACL | \
|
|
REFERENCES_ACL | INDEX_ACL | ALTER_ACL | SHOW_DB_ACL | SUPER_ACL | \
|
|
CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL | \
|
|
EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL)
|
|
|
|
#define EXTRA_ACL (1L << 29)
|
|
#define NO_ACCESS (1L << 30)
|
|
|
|
/*
|
|
Defines to change the above bits to how things are stored in tables
|
|
This is needed as the 'host' and 'db' table is missing a few privileges
|
|
*/
|
|
|
|
/* Continius bit-segments that needs to be shifted */
|
|
#define DB_REL1 (RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL)
|
|
#define DB_REL2 (GRANT_ACL | REFERENCES_ACL)
|
|
#define DB_REL3 (INDEX_ACL | ALTER_ACL)
|
|
|
|
/* Privileges that needs to be reallocated (in continous chunks) */
|
|
#define DB_CHUNK1 (GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL)
|
|
#define DB_CHUNK2 (CREATE_TMP_ACL | LOCK_TABLES_ACL)
|
|
#define DB_CHUNK3 (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
|
|
|
|
#define fix_rights_for_db(A) (((A) & 63) | \
|
|
(((A) & DB_REL1) << 4) | \
|
|
(((A) & DB_REL2) << 6) | \
|
|
(((A) & DB_REL3) << 9))
|
|
#define get_rights_for_db(A) (((A) & 63) | \
|
|
(((A) & DB_CHUNK1) >> 4) | \
|
|
(((A) & DB_CHUNK2) >> 6) | \
|
|
(((A) & DB_CHUNK3) >> 9))
|
|
#define fix_rights_for_table(A) (((A) & 63) | (((A) & ~63) << 4))
|
|
#define get_rights_for_table(A) (((A) & 63) | (((A) & ~63) >> 4))
|
|
#define fix_rights_for_column(A) (((A) & 7) | (((A) & ~7) << 8))
|
|
#define get_rights_for_column(A) (((A) & 7) | ((A) >> 8))
|
|
|
|
/* Classes */
|
|
|
|
struct acl_host_and_ip
|
|
{
|
|
char *hostname;
|
|
long ip,ip_mask; // Used with masked ip:s
|
|
};
|
|
|
|
|
|
class ACL_ACCESS {
|
|
public:
|
|
ulong sort;
|
|
ulong access;
|
|
};
|
|
|
|
|
|
/* ACL_HOST is used if no host is specified */
|
|
|
|
class ACL_HOST :public ACL_ACCESS
|
|
{
|
|
public:
|
|
acl_host_and_ip host;
|
|
char *db;
|
|
};
|
|
|
|
|
|
class ACL_USER :public ACL_ACCESS
|
|
{
|
|
public:
|
|
acl_host_and_ip host;
|
|
uint hostname_length;
|
|
USER_RESOURCES user_resource;
|
|
char *user;
|
|
uint8 salt[SCRAMBLE_LENGTH+1]; // scrambled password in binary form
|
|
uint8 salt_len; // 0 - no password, 4 - 3.20, 8 - 3.23, 20 - 4.1.1
|
|
enum SSL_type ssl_type;
|
|
const char *ssl_cipher, *x509_issuer, *x509_subject;
|
|
};
|
|
|
|
|
|
class ACL_DB :public ACL_ACCESS
|
|
{
|
|
public:
|
|
acl_host_and_ip host;
|
|
char *user,*db;
|
|
};
|
|
|
|
/* prototypes */
|
|
|
|
bool hostname_requires_resolving(const char *hostname);
|
|
my_bool acl_init(THD *thd, bool dont_read_acl_tables);
|
|
void acl_reload(THD *thd);
|
|
void acl_free(bool end=0);
|
|
ulong acl_get(const char *host, const char *ip,
|
|
const char *user, const char *db, my_bool db_is_pattern);
|
|
int acl_getroot(THD *thd, USER_RESOURCES *mqh, const char *passwd,
|
|
uint passwd_len);
|
|
int acl_getroot_no_password(THD *thd);
|
|
bool acl_check_host(const char *host, const char *ip);
|
|
bool check_change_password(THD *thd, const char *host, const char *user,
|
|
char *password);
|
|
bool change_password(THD *thd, const char *host, const char *user,
|
|
char *password);
|
|
bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,
|
|
ulong rights, bool revoke);
|
|
bool mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list,
|
|
List <LEX_COLUMN> &column_list, ulong rights,
|
|
bool revoke);
|
|
my_bool grant_init(THD *thd);
|
|
void grant_free(void);
|
|
void grant_reload(THD *thd);
|
|
bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
|
|
uint show_command, uint number, bool dont_print_error);
|
|
bool check_grant_column (THD *thd, GRANT_INFO *grant,
|
|
char *db_name, char *table_name,
|
|
const char *name, uint length, uint show_command=0);
|
|
bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant,
|
|
char* db_name, char *table_name,
|
|
Field_iterator *fields);
|
|
bool check_grant_db(THD *thd,const char *db);
|
|
ulong get_table_grant(THD *thd, TABLE_LIST *table);
|
|
ulong get_column_grant(THD *thd, GRANT_INFO *grant,
|
|
const char *db_name, const char *table_name,
|
|
const char *field_name);
|
|
bool mysql_show_grants(THD *thd, LEX_USER *user);
|
|
void get_privilege_desc(char *to, uint max_length, ulong access);
|
|
void get_mqh(const char *user, const char *host, USER_CONN *uc);
|
|
bool mysql_create_user(THD *thd, List <LEX_USER> &list);
|
|
bool mysql_drop_user(THD *thd, List <LEX_USER> &list);
|
|
bool mysql_rename_user(THD *thd, List <LEX_USER> &list);
|
|
bool mysql_revoke_all(THD *thd, List <LEX_USER> &list);
|
|
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
|
|
const char *db, const char *table);
|
|
|
|
#ifdef NO_EMBEDDED_ACCESS_CHECKS
|
|
#define check_grant(A,B,C,D,E,F) 0
|
|
#define check_grant_db(A,B) 0
|
|
#endif
|