1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-21689 Add Sql_cmd for GRANT/REVOKE statements

Browse Source 
Rewriting GRANT/REVOKE grammar to use more bison stack and use Sql_cmd_ style

1. Removing a few members from LEX:
   - uint grant, grant_to_col, which_columns
   - List<LEX_COLUMN> columns
   - bool all_privileges
2. Adding classes Grand_object_name, Lex_grant_object_name
3. Adding classes Grand_privilege, Lex_grand_privilege
4. Adding struct Lex_column_list_privilege_st, class Lex_column_list_privilege
5. Rewriting the GRANT/REVOKE grammar to use new classes and pass them through
   bison stack (rather than directly access LEX members)
6. Adding classes Sql_cmd_grant* and Sql_cmd_revoke*,
   changing GRANT/REVOKE to use LEX::m_sql_cmd.
7. Adding the "sp_handler" grammar rule and removing some duplicate grammar
   for GRANT/REVOKE for different kinds of SP objects.
8. Adding a new rule comma_separated_ident_list, reusing it in:
   - with_column_list
   - colum_list_privilege
This commit is contained in:
Alexander Barkov 2020-02-05 12:43:17 +04:00
parent 06b0623adb
commit 77c6382312
13 changed files with 814 additions and 318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libmysqld/CMakeLists.txt
View File

@ -47,7 +47,8 @@ SET(SQL_EMBEDDED_SOURCES emb_qcache.cc libmysqld.c lib_sql.cc
../sql/password.c ../sql/discover.cc ../sql/derror.cc ../sql/password.c ../sql/discover.cc ../sql/derror.cc
../sql/field.cc ../sql/field_conv.cc ../sql/field_comp.cc ../sql/field.cc ../sql/field_conv.cc ../sql/field_comp.cc
../sql/filesort_utils.cc ../sql/sql_digest.cc ../sql/filesort_utils.cc ../sql/sql_digest.cc
../sql/filesort.cc ../sql/gstream.cc ../sql/slave.cc ../sql/filesort.cc ../sql/grant.cc
../sql/gstream.cc ../sql/slave.cc
../sql/signal_handler.cc ../sql/signal_handler.cc
../sql/handler.cc ../sql/hash_filo.cc ../sql/hostname.cc ../sql/handler.cc ../sql/hash_filo.cc ../sql/hostname.cc
../sql/init.cc ../sql/item_buff.cc ../sql/item_cmpfunc.cc ../sql/init.cc ../sql/item_buff.cc ../sql/item_cmpfunc.cc

1
sql/CMakeLists.txt
View File

@ -129,6 +129,7 @@ SET (SQL_SOURCE
sql_reload.cc sql_reload.cc
# added in MariaDB: # added in MariaDB:
grant.cc
sql_explain.cc sql_explain.cc
sql_analyze_stmt.cc sql_analyze_stmt.cc
sql_join_cache.cc sql_join_cache.cc

108
sql/grant.cc Normal file
View File

@ -0,0 +1,108 @@
/*
Copyright (c) 2009, 2020, MariaDB Corporation
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */
#include "mariadb.h"
#include "sql_acl.h"
bool Grant_privilege::add_column_privilege(THD *thd,
const Lex_ident_sys &name,
uint which_grant)
{
String *new_str= new (thd->mem_root) String((const char*) name.str,
name.length,
system_charset_info);
if (unlikely(new_str == NULL))
return true;
List_iterator <LEX_COLUMN> iter(m_columns);
class LEX_COLUMN *point;
while ((point=iter++))
{
if (!my_strcasecmp(system_charset_info,
point->column.c_ptr(), new_str->c_ptr()))
break;
}
m_column_privilege_total|= which_grant;
if (point)
{
point->rights |= which_grant;
return false;
}
LEX_COLUMN *col= new (thd->mem_root) LEX_COLUMN(*new_str, which_grant);
if (unlikely(col == NULL))
return true;
return m_columns.push_back(col, thd->mem_root);
}
bool Grant_privilege::add_column_list_privilege(THD *thd,
List<Lex_ident_sys> &list,
uint privilege)
{
Lex_ident_sys *col;
List_iterator<Lex_ident_sys> it(list);
while ((col= it++))
{
if (add_column_privilege(thd, *col, privilege))
return true;
}
return false;
}
uint Grant_object_name::all_privileges_by_type() const
{
switch (m_type) {
case STAR: return DB_ACLS & ~GRANT_ACL;
case IDENT_STAR: return DB_ACLS & ~GRANT_ACL;
case STAR_STAR: return GLOBAL_ACLS & ~GRANT_ACL;
case TABLE_IDENT: return TABLE_ACLS & ~GRANT_ACL;
}
return 0;
}
bool Grant_privilege::set_object_name(THD *thd,
const Grant_object_name &ident,
SELECT_LEX *sel,
uint with_grant_option)
{
DBUG_ASSERT(!m_all_privileges || !m_columns.elements);
m_db= ident.m_db;
if (m_all_privileges)
m_object_privilege= ident.all_privileges_by_type();
m_object_privilege|= with_grant_option;
switch (ident.m_type)
{
case Lex_grant_object_name::STAR:
case Lex_grant_object_name::IDENT_STAR:
case Lex_grant_object_name::STAR_STAR:
if (!m_all_privileges && m_columns.elements)
{
// e.g. GRANT SELECT (a) ON db.*
my_error(ER_ILLEGAL_GRANT_FOR_TABLE, MYF(0));
return true;
}
return false;
case Lex_grant_object_name::TABLE_IDENT:
m_db= ident.m_table_ident->db;
return !sel->add_table_to_list(thd, ident.m_table_ident,
NULL, TL_OPTION_UPDATING);
}
return false; // Make gcc happy
}

96
sql/grant.h Normal file
View File

@ -0,0 +1,96 @@
/*
Copyright (c) 2020, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA */
#ifndef SQL_GRANT_INCLUDED
#define SQL_GRANT_INCLUDED
#include "lex_string.h"
class LEX_COLUMN;
class Lex_ident_sys;
class Table_ident;
/*
Represents the object name in this standard SQL grammar:
GRANT <object privileges> ON <object name>
*/
class Grant_object_name
{
public:
enum Type
{
STAR, // ON *
IDENT_STAR, // ON db.*
STAR_STAR, // ON *.*
TABLE_IDENT // ON db.name
};
Lex_cstring m_db;
Table_ident *m_table_ident;
Type m_type;
public:
Grant_object_name(Table_ident *table_ident)
:m_table_ident(table_ident),
m_type(TABLE_IDENT)
{ }
Grant_object_name(const LEX_CSTRING &db, Type type)
:m_db(db),
m_table_ident(NULL),
m_type(type)
{ }
uint all_privileges_by_type() const;
};
/*
Represents standard SQL statements described by:
- <grant privilege statement>
- <revoke privilege statement>
*/
class Grant_privilege
{
protected:
List<LEX_COLUMN> m_columns;
Lex_cstring m_db;
uint m_object_privilege;
uint m_column_privilege_total;
bool m_all_privileges;
public:
Grant_privilege()
:m_object_privilege(0), m_column_privilege_total(0), m_all_privileges(false)
{ }
Grant_privilege(uint privilege, bool all_privileges)
:m_object_privilege(privilege),
m_column_privilege_total(0),
m_all_privileges(all_privileges)
{ }
void add_object_privilege(uint privilege)
{
m_object_privilege|= privilege;
}
bool add_column_privilege(THD *thd, const Lex_ident_sys &col,
uint privilege);
bool add_column_list_privilege(THD *thd, List<Lex_ident_sys> &list,
uint privilege);
bool set_object_name(THD *thd,
const Grant_object_name &ident,
SELECT_LEX *sel,
uint with_grant_option);
const List<LEX_COLUMN> & columns() const { return m_columns; }
};
#endif // SQL_GRANT_INCLUDED

4
sql/lex_string.h
View File

@ -30,6 +30,10 @@ class Lex_cstring : public LEX_CSTRING
str= NULL; str= NULL;
length= 0; length= 0;
} }
Lex_cstring(const LEX_CSTRING &str)
{
LEX_CSTRING::operator=(str);
}
Lex_cstring(const char *_str, size_t _len) Lex_cstring(const char *_str, size_t _len)
{ {
str= _str; str= _str;

221
sql/sql_acl.cc
View File

@ -11656,6 +11656,227 @@ bool check_grant(THD *, ulong, TABLE_LIST *, bool, uint, bool)
{ return 0; } { return 0; }
#endif /*NO_EMBEDDED_ACCESS_CHECKS */ #endif /*NO_EMBEDDED_ACCESS_CHECKS */
#ifdef NO_EMBEDDED_ACCESS_CHECKS
bool Sql_cmd_grant_proxy::execute(THD *thd)
{
my_ok(thd);
return false;
}
bool Sql_cmd_grant_table::execute(THD *thd)
{
my_ok(thd);
return false;
}
bool Sql_cmd_grant_sp::execute(THD *thd)
{
my_ok(thd);
return false;
}
#else // not NO_EMBEDDED_ACCESS_CHECKS
void Sql_cmd_grant::warn_hostname_requires_resolving(THD *thd,
List<LEX_USER> &users)
{
LEX_USER *user;
List_iterator <LEX_USER> it(users);
while ((user= it++))
{
if (specialflag & SPECIAL_NO_RESOLVE &&
hostname_requires_resolving(user->host.str))
push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN,
ER_WARN_HOSTNAME_WONT_WORK,
ER_THD(thd, ER_WARN_HOSTNAME_WONT_WORK));
}
}
void Sql_cmd_grant::grant_stage0(THD *thd)
{
thd->binlog_invoker(false); // Replicate current user as grantor
if (thd->security_ctx->user) // If not replication
warn_hostname_requires_resolving(thd, thd->lex->users_list);
}
bool Sql_cmd_grant::user_list_reset_mqh(THD *thd, List<LEX_USER> &users)
{
List_iterator <LEX_USER> it(users);
LEX_USER *user, *tmp_user;
while ((tmp_user= it++))
{
if (!(user= get_current_user(thd, tmp_user)))
return true;
reset_mqh(user, 0);
}
return false;
}
bool Sql_cmd_grant_proxy::check_access_proxy(THD *thd, List<LEX_USER> &users)
{
LEX_USER *user;
List_iterator <LEX_USER> it(users);
if ((user= it++))
{
// GRANT/REVOKE PROXY has the target user as a first entry in the list
if (!(user= get_current_user(thd, user)) || !user->host.str)
return true;
if (acl_check_proxy_grant_access(thd, user->host.str, user->user.str,
m_grant_option & GRANT_ACL))
return true;
}
return false;
}
bool Sql_cmd_grant_proxy::execute(THD *thd)
{
LEX *lex= thd->lex;
DBUG_ASSERT(lex->first_select_lex()->table_list.first == NULL);
DBUG_ASSERT((m_grant_option & ~GRANT_ACL) == 0); // only WITH GRANT OPTION
grant_stage0(thd);
if (thd->security_ctx->user /* If not replication */ &&
check_access_proxy(thd, lex->users_list))
return true;
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
/* Conditionally writes to binlog */
if (mysql_grant(thd, NULL/*db*/, lex->users_list, m_grant_option,
is_revoke(), true/*proxy*/))
return true;
return !is_revoke() && user_list_reset_mqh(thd, lex->users_list);
#ifdef WITH_WSREP
wsrep_error_label:
return true;
#endif // WITH_WSREP
}
bool Sql_cmd_grant_object::grant_stage0_exact_object(THD *thd,
TABLE_LIST *table)
{
uint priv= m_object_privilege | m_column_privilege_total | GRANT_ACL;
if (check_access(thd, priv, table->db.str,
&table->grant.privilege, &table->grant.m_internal,
0, 0))
return true;
grant_stage0(thd);
return false;
}
bool Sql_cmd_grant_table::execute_exact_table(THD *thd, TABLE_LIST *table)
{
LEX *lex= thd->lex;
if (grant_stage0_exact_object(thd, table) ||
check_grant(thd, m_object_privilege | m_column_privilege_total | GRANT_ACL,
lex->query_tables, FALSE, UINT_MAX, FALSE))
return true;
/* Conditionally writes to binlog */
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
return mysql_table_grant(thd, lex->query_tables, lex->users_list,
m_columns, m_object_privilege,
is_revoke());
#ifdef WITH_WSREP
wsrep_error_label:
return true;
#endif // WITH_WSREP
}
bool Sql_cmd_grant_sp::execute(THD *thd)
{
DBUG_ASSERT(!m_columns.elements);
DBUG_ASSERT(!m_column_privilege_total);
LEX *lex= thd->lex;
TABLE_LIST *table= lex->first_select_lex()->table_list.first;
uint grants= m_all_privileges
? (PROC_ACLS & ~GRANT_ACL) | (m_object_privilege & GRANT_ACL)
: m_object_privilege;
if (!table) // e.g: GRANT EXECUTE ON PROCEDURE *.*
{
my_message(ER_ILLEGAL_GRANT_FOR_TABLE, ER_THD(thd, ER_ILLEGAL_GRANT_FOR_TABLE),
MYF(0));
return true;
}
if (grant_stage0_exact_object(thd, table) ||
check_grant_routine(thd, grants|GRANT_ACL, lex->query_tables, &m_sph, 0))
return true;
/* Conditionally writes to binlog */
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
if (mysql_routine_grant(thd, lex->query_tables, &m_sph,
lex->users_list, grants,
is_revoke(), true))
return true;
my_ok(thd);
return false;
#ifdef WITH_WSREP
wsrep_error_label:
return true;
#endif // WITH_WSREP
}
bool Sql_cmd_grant_table::execute_table_mask(THD *thd)
{
LEX *lex= thd->lex;
DBUG_ASSERT(lex->first_select_lex()->table_list.first == NULL);
if (check_access(thd, m_object_privilege | m_column_privilege_total | GRANT_ACL,
m_db.str, NULL, NULL, 1, 0))
return true;
grant_stage0(thd);
if (m_columns.elements) // e.g. GRANT SELECT (a) ON *.*
{
my_message(ER_ILLEGAL_GRANT_FOR_TABLE, ER_THD(thd, ER_ILLEGAL_GRANT_FOR_TABLE),
MYF(0));
return true;
}
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
/* Conditionally writes to binlog */
if (mysql_grant(thd, m_db.str, lex->users_list, m_object_privilege,
is_revoke(), false/*not proxy*/))
return true;
return !is_revoke() && user_list_reset_mqh(thd, lex->users_list);
#ifdef WITH_WSREP
wsrep_error_label:
return true;
#endif // WITH_WSREP
}
bool Sql_cmd_grant_table::execute(THD *thd)
{
TABLE_LIST *table= thd->lex->first_select_lex()->table_list.first;
return table ? execute_exact_table(thd, table) :
execute_table_mask(thd);
}
#endif // NO_EMBEDDED_ACCESS_CHECKS
SHOW_VAR acl_statistics[] = { SHOW_VAR acl_statistics[] = {
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
{"column_grants", (char*)show_column_grants, SHOW_SIMPLE_FUNC}, {"column_grants", (char*)show_column_grants, SHOW_SIMPLE_FUNC},

76
sql/sql_acl.h
View File

@ -19,6 +19,8 @@
#include "violite.h" /* SSL_type */ #include "violite.h" /* SSL_type */
#include "sql_class.h" /* LEX_COLUMN */ #include "sql_class.h" /* LEX_COLUMN */
#include "grant.h"
#include "sql_cmd.h" /* Sql_cmd */
#define SELECT_ACL (1UL << 0) #define SELECT_ACL (1UL << 0)
#define INSERT_ACL (1UL << 1) #define INSERT_ACL (1UL << 1)
@ -435,4 +437,78 @@ bool check_role_is_granted(const char *username,
extern ulong role_global_merges, role_db_merges, role_table_merges, extern ulong role_global_merges, role_db_merges, role_table_merges,
role_column_merges, role_routine_merges; role_column_merges, role_routine_merges;
#endif #endif
class Sql_cmd_grant: public Sql_cmd
{
protected:
enum_sql_command m_command;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
void warn_hostname_requires_resolving(THD *thd, List<LEX_USER> &list);
bool user_list_reset_mqh(THD *thd, List<LEX_USER> &list);
void grant_stage0(THD *thd);
#endif
public:
Sql_cmd_grant(enum_sql_command command)
:m_command(command)
{ }
bool is_revoke() const { return m_command == SQLCOM_REVOKE; }
enum_sql_command sql_command_code() const { return m_command; }
};
class Sql_cmd_grant_proxy: public Sql_cmd_grant
{
uint m_grant_option;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
bool check_access_proxy(THD *thd, List<LEX_USER> &list);
#endif
public:
Sql_cmd_grant_proxy(enum_sql_command command, uint grant_option)
:Sql_cmd_grant(command), m_grant_option(grant_option)
{ }
bool execute(THD *thd);
};
class Sql_cmd_grant_object: public Sql_cmd_grant, public Grant_privilege
{
protected:
#ifndef NO_EMBEDDED_ACCESS_CHECKS
bool grant_stage0_exact_object(THD *thd, TABLE_LIST *table);
#endif
public:
Sql_cmd_grant_object(enum_sql_command command, const Grant_privilege &grant)
:Sql_cmd_grant(command), Grant_privilege(grant)
{ }
};
class Sql_cmd_grant_table: public Sql_cmd_grant_object
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
bool execute_table_mask(THD *thd);
bool execute_exact_table(THD *thd, TABLE_LIST *table);
#endif
public:
Sql_cmd_grant_table(enum_sql_command command, const Grant_privilege &grant)
:Sql_cmd_grant_object(command, grant)
{ }
bool execute(THD *thd);
};
class Sql_cmd_grant_sp: public Sql_cmd_grant_object
{
const Sp_handler &m_sph;
public:
Sql_cmd_grant_sp(enum_sql_command command, const Grant_privilege &grant,
const Sp_handler &sph)
:Sql_cmd_grant_object(command, grant),
m_sph(sph)
{ }
bool execute(THD *thd);
};
#endif /* SQL_ACL_INCLUDED */ #endif /* SQL_ACL_INCLUDED */

4
sql/sql_cte.cc
View File

@ -956,7 +956,7 @@ With_element::rename_columns_of_derived_unit(THD *thd,
if (column_list.elements) // The column list is optional if (column_list.elements) // The column list is optional
{ {
List_iterator_fast<Item> it(select->item_list); List_iterator_fast<Item> it(select->item_list);
List_iterator_fast<LEX_CSTRING> nm(column_list); List_iterator_fast<Lex_ident_sys> nm(column_list);
Item *item; Item *item;
LEX_CSTRING *name; LEX_CSTRING *name;
@ -1442,7 +1442,7 @@ void With_element::print(String *str, enum_query_type query_type)
str->append(query_name); str->append(query_name);
if (column_list.elements) if (column_list.elements)
{ {
List_iterator_fast<LEX_CSTRING> li(column_list); List_iterator_fast<Lex_ident_sys> li(column_list);
str->append('('); str->append('(');
for (LEX_CSTRING *col_name= li++; ; ) for (LEX_CSTRING *col_name= li++; ; )
{ {

4
sql/sql_cte.h
View File

@ -111,7 +111,7 @@ public:
inherited from the query that specified the table. Otherwise the list is inherited from the query that specified the table. Otherwise the list is
always empty. always empty.
*/ */
List <LEX_CSTRING> column_list; List <Lex_ident_sys> column_list;
/* The query that specifies the table introduced by this with element */ /* The query that specifies the table introduced by this with element */
st_select_lex_unit *spec; st_select_lex_unit *spec;
/* /*
@ -163,7 +163,7 @@ public:
SQL_I_List<TABLE_LIST> derived_with_rec_ref; SQL_I_List<TABLE_LIST> derived_with_rec_ref;
With_element(LEX_CSTRING *name, With_element(LEX_CSTRING *name,
List <LEX_CSTRING> list, List <Lex_ident_sys> list,
st_select_lex_unit *unit) st_select_lex_unit *unit)
: next(NULL), base_dep_map(0), derived_dep_map(0), : next(NULL), base_dep_map(0), derived_dep_map(0),
sq_dep_map(0), work_dep_map(0), mutually_recursive(0), sq_dep_map(0), work_dep_map(0), mutually_recursive(0),

74
sql/sql_lex.cc
View File

@ -9009,16 +9009,13 @@ bool LEX::create_package_finalize(THD *thd,
} }
bool LEX::add_grant_command(THD *thd, enum_sql_command sql_command_arg, bool LEX::add_grant_command(THD *thd, const List<LEX_COLUMN> &columns)
stored_procedure_type type_arg)
{ {
if (columns.elements) if (columns.elements)
{ {
thd->parse_error(); thd->parse_error();
return true; return true;
} }
sql_command= sql_command_arg,
type= type_arg;
return false; return false;
} }
@ -11239,3 +11236,72 @@ bool LEX::add_column_foreign_key(const LEX_CSTRING *name,
return false; return false;
} }
bool LEX::stmt_grant_table(THD *thd,
Grant_privilege *grant,
const Lex_grant_object_name &ident,
uint grant_option)
{
sql_command= SQLCOM_GRANT;
return
grant->set_object_name(thd, ident, current_select, grant_option) ||
!(m_sql_cmd= new (thd->mem_root) Sql_cmd_grant_table(sql_command, *grant));
}
bool LEX::stmt_revoke_table(THD *thd,
Grant_privilege *grant,
const Lex_grant_object_name &ident)
{
sql_command= SQLCOM_REVOKE;
return
grant->set_object_name(thd, ident, current_select, 0) ||
!(m_sql_cmd= new (thd->mem_root) Sql_cmd_grant_table(sql_command, *grant));
}
bool LEX::stmt_grant_sp(THD *thd,
Grant_privilege *grant,
const Lex_grant_object_name &ident,
const Sp_handler &sph,
uint grant_option)
{
sql_command= SQLCOM_GRANT;
return
grant->set_object_name(thd, ident, current_select, grant_option) ||
add_grant_command(thd, grant->columns()) ||
!(m_sql_cmd= new (thd->mem_root) Sql_cmd_grant_sp(sql_command,
*grant, sph));
}
bool LEX::stmt_revoke_sp(THD *thd,
Grant_privilege *grant,
const Lex_grant_object_name &ident,
const Sp_handler &sph)
{
sql_command= SQLCOM_REVOKE;
return
grant->set_object_name(thd, ident, current_select, 0) ||
add_grant_command(thd, grant->columns()) ||
!(m_sql_cmd= new (thd->mem_root) Sql_cmd_grant_sp(sql_command,
*grant, sph));
}
bool LEX::stmt_grant_proxy(THD *thd, LEX_USER *user, uint grant_option)
{
users_list.push_front(user);
sql_command= SQLCOM_GRANT;
return !(m_sql_cmd= new (thd->mem_root) Sql_cmd_grant_proxy(sql_command,
grant_option));
}
bool LEX::stmt_revoke_proxy(THD *thd, LEX_USER *user)
{
users_list.push_front(user);
sql_command= SQLCOM_REVOKE;
return !(m_sql_cmd= new (thd->mem_root) Sql_cmd_grant_proxy(sql_command, 0));
}

70
sql/sql_lex.h
View File

@ -25,6 +25,7 @@
#include "sql_trigger.h" #include "sql_trigger.h"
#include "thr_lock.h" /* thr_lock_type, TL_UNLOCK */ #include "thr_lock.h" /* thr_lock_type, TL_UNLOCK */
#include "mem_root_array.h" #include "mem_root_array.h"
#include "grant.h"
#include "sql_cmd.h" #include "sql_cmd.h"
#include "sql_alter.h" // Alter_info #include "sql_alter.h" // Alter_info
#include "sql_window.h" #include "sql_window.h"
@ -183,6 +184,24 @@ public:
}; };
struct Lex_column_list_privilege_st
{
List<Lex_ident_sys> *m_columns;
uint m_privilege;
};
class Lex_column_list_privilege: public Lex_column_list_privilege_st
{
public:
Lex_column_list_privilege(List<Lex_ident_sys> *columns, uint privilege)
{
m_columns= columns;
m_privilege= privilege;
}
};
/** /**
ORDER BY ... LIMIT parameters; ORDER BY ... LIMIT parameters;
*/ */
@ -3091,6 +3110,28 @@ public:
}; };
class Lex_grant_object_name: public Grant_object_name, public Sql_alloc
{
public:
Lex_grant_object_name(Table_ident *table_ident)
:Grant_object_name(table_ident)
{ }
Lex_grant_object_name(const LEX_CSTRING &db, Type type)
:Grant_object_name(db, type)
{ }
};
class Lex_grant_privilege: public Grant_privilege, public Sql_alloc
{
public:
Lex_grant_privilege() {}
Lex_grant_privilege(uint grant, bool all_privileges= false)
:Grant_privilege(grant, all_privileges)
{ }
};
struct LEX: public Query_tables_list struct LEX: public Query_tables_list
{ {
SELECT_LEX_UNIT unit; /* most upper unit */ SELECT_LEX_UNIT unit; /* most upper unit */
@ -3187,7 +3228,6 @@ public:
Table_type table_type; /* Used for SHOW CREATE */ Table_type table_type; /* Used for SHOW CREATE */
List<Key_part_spec> ref_list; List<Key_part_spec> ref_list;
List<LEX_USER> users_list; List<LEX_USER> users_list;
List<LEX_COLUMN> columns;
List<Item> *insert_list,field_list,value_list,update_list; List<Item> *insert_list,field_list,value_list,update_list;
List<List_item> many_values; List<List_item> many_values;
List<set_var_base> var_list; List<set_var_base> var_list;
@ -3309,7 +3349,6 @@ public:
uint profile_query_id; uint profile_query_id;
uint profile_options; uint profile_options;
uint grant, grant_tot_col, which_columns;
enum backup_stages backup_stage; enum backup_stages backup_stage;
enum Foreign_key::fk_match_opt fk_match_option; enum Foreign_key::fk_match_opt fk_match_option;
enum_fk_option fk_update_opt; enum_fk_option fk_update_opt;
@ -3362,7 +3401,6 @@ public:
sp_head *sphead; sp_head *sphead;
sp_name *spname; sp_name *spname;
bool sp_lex_in_use; // Keep track on lex usage in SPs for error handling bool sp_lex_in_use; // Keep track on lex usage in SPs for error handling
bool all_privileges;
sp_pcontext *spcont; sp_pcontext *spcont;
@ -4374,8 +4412,30 @@ public:
bool add_create_view(THD *thd, DDL_options_st ddl, bool add_create_view(THD *thd, DDL_options_st ddl,
uint16 algorithm, enum_view_suid suid, uint16 algorithm, enum_view_suid suid,
Table_ident *table_ident); Table_ident *table_ident);
bool add_grant_command(THD *thd, enum_sql_command sql_command_arg, bool add_grant_command(THD *thd, const List<LEX_COLUMN> &columns);
stored_procedure_type type_arg);
bool stmt_grant_table(THD *thd,
Grant_privilege *grant,
const Lex_grant_object_name &ident,
uint grant_option);
bool stmt_revoke_table(THD *thd,
Grant_privilege *grant,
const Lex_grant_object_name &ident);
bool stmt_grant_sp(THD *thd,
Grant_privilege *grant,
const Lex_grant_object_name &ident,
const Sp_handler &sph,
uint grant_option);
bool stmt_revoke_sp(THD *thd,
Grant_privilege *grant,
const Lex_grant_object_name &ident,
const Sp_handler &sph);
bool stmt_grant_proxy(THD *thd, LEX_USER *user, uint grant_option);
bool stmt_revoke_proxy(THD *thd, LEX_USER *user);
Vers_parse_info &vers_get_info() Vers_parse_info &vers_get_info()
{ {

109
sql/sql_parse.cc
View File

@ -5261,113 +5261,6 @@ mysql_execute_command(THD *thd)
my_ok(thd); my_ok(thd);
break; break;
} }
case SQLCOM_REVOKE:
case SQLCOM_GRANT:
{
if (lex->type != TYPE_ENUM_PROXY &&
check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL,
first_table ? first_table->db.str : select_lex->db.str,
first_table ? &first_table->grant.privilege : NULL,
first_table ? &first_table->grant.m_internal : NULL,
first_table ? 0 : 1, 0))
goto error;
/* Replicate current user as grantor */
thd->binlog_invoker(false);
if (thd->security_ctx->user) // If not replication
{
LEX_USER *user;
bool first_user= TRUE;
List_iterator <LEX_USER> user_list(lex->users_list);
while ((user= user_list++))
{
if (specialflag & SPECIAL_NO_RESOLVE &&
hostname_requires_resolving(user->host.str))
push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN,
ER_WARN_HOSTNAME_WONT_WORK,
ER_THD(thd, ER_WARN_HOSTNAME_WONT_WORK));
/*
GRANT/REVOKE PROXY has the target user as a first entry in the list.
*/
if (lex->type == TYPE_ENUM_PROXY && first_user)
{
if (!(user= get_current_user(thd, user)) || !user->host.str)
goto error;
first_user= FALSE;
if (acl_check_proxy_grant_access (thd, user->host.str, user->user.str,
lex->grant & GRANT_ACL))
goto error;
}
}
}
if (first_table)
{
const Sp_handler *sph= Sp_handler::handler((stored_procedure_type)
lex->type);
if (sph)
{
uint grants= lex->all_privileges
? (PROC_ACLS & ~GRANT_ACL) | (lex->grant & GRANT_ACL)
: lex->grant;
if (check_grant_routine(thd, grants | GRANT_ACL, all_tables, sph, 0))
goto error;
/* Conditionally writes to binlog */
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
res= mysql_routine_grant(thd, all_tables, sph,
lex->users_list, grants,
lex->sql_command == SQLCOM_REVOKE, TRUE);
if (!res)
my_ok(thd);
}
else
{
if (check_grant(thd,(lex->grant | lex->grant_tot_col | GRANT_ACL),
all_tables, FALSE, UINT_MAX, FALSE))
goto error;
/* Conditionally writes to binlog */
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
res= mysql_table_grant(thd, all_tables, lex->users_list,
lex->columns, lex->grant,
lex->sql_command == SQLCOM_REVOKE);
}
}
else
{
if (lex->columns.elements || (lex->type && lex->type != TYPE_ENUM_PROXY))
{
my_message(ER_ILLEGAL_GRANT_FOR_TABLE, ER_THD(thd, ER_ILLEGAL_GRANT_FOR_TABLE),
MYF(0));
goto error;
}
else
{
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
/* Conditionally writes to binlog */
res= mysql_grant(thd, select_lex->db.str, lex->users_list, lex->grant,
lex->sql_command == SQLCOM_REVOKE,
lex->type == TYPE_ENUM_PROXY);
}
if (!res)
{
if (lex->sql_command == SQLCOM_GRANT)
{
List_iterator <LEX_USER> str_list(lex->users_list);
LEX_USER *user, *tmp_user;
while ((tmp_user=str_list++))
{
if (!(user= get_current_user(thd, tmp_user)))
goto error;
reset_mqh(user, 0);
}
}
}
}
break;
}
case SQLCOM_REVOKE_ROLE: case SQLCOM_REVOKE_ROLE:
case SQLCOM_GRANT_ROLE: case SQLCOM_GRANT_ROLE:
{ {
@ -5955,6 +5848,8 @@ mysql_execute_command(THD *thd)
case SQLCOM_RESIGNAL: case SQLCOM_RESIGNAL:
case SQLCOM_GET_DIAGNOSTICS: case SQLCOM_GET_DIAGNOSTICS:
case SQLCOM_CALL: case SQLCOM_CALL:
case SQLCOM_REVOKE:
case SQLCOM_GRANT:
DBUG_ASSERT(lex->m_sql_cmd != NULL); DBUG_ASSERT(lex->m_sql_cmd != NULL);
res= lex->m_sql_cmd->execute(thd); res= lex->m_sql_cmd->execute(thd);
DBUG_PRINT("result", ("res: %d killed: %d is_error: %d", DBUG_PRINT("result", ("res: %d killed: %d is_error: %d",

362
sql/sql_yacc.yy
View File

@ -191,12 +191,14 @@ void _CONCAT_UNDERSCORED(turn_parser_debug_on,yyparse)()
ulonglong ulonglong_number; ulonglong ulonglong_number;
longlong longlong_number; longlong longlong_number;
uint sp_instr_addr; uint sp_instr_addr;
uint privilege;
/* structs */ /* structs */
LEX_CSTRING lex_str; LEX_CSTRING lex_str;
Lex_ident_cli_st kwd; Lex_ident_cli_st kwd;
Lex_ident_cli_st ident_cli; Lex_ident_cli_st ident_cli;
Lex_ident_sys_st ident_sys; Lex_ident_sys_st ident_sys;
Lex_column_list_privilege_st column_list_privilege;
Lex_string_with_metadata_st lex_string_with_metadata; Lex_string_with_metadata_st lex_string_with_metadata;
Lex_spblock_st spblock; Lex_spblock_st spblock;
Lex_spblock_handlers_st spblock_handlers; Lex_spblock_handlers_st spblock_handlers;
@ -224,10 +226,12 @@ void _CONCAT_UNDERSCORED(turn_parser_debug_on,yyparse)()
Lex_order_limit_lock *order_limit_lock; Lex_order_limit_lock *order_limit_lock;
/* pointers */ /* pointers */
Lex_ident_sys *ident_sys_ptr;
Create_field *create_field; Create_field *create_field;
Spvar_definition *spvar_definition; Spvar_definition *spvar_definition;
Row_definition_list *spvar_definition_list; Row_definition_list *spvar_definition_list;
const Type_handler *type_handler; const Type_handler *type_handler;
const class Sp_handler *sp_handler;
CHARSET_INFO *charset; CHARSET_INFO *charset;
Condition_information_item *cond_info_item; Condition_information_item *cond_info_item;
DYNCALL_CREATE_DEF *dyncol_def; DYNCALL_CREATE_DEF *dyncol_def;
@ -250,7 +254,7 @@ void _CONCAT_UNDERSCORED(turn_parser_debug_on,yyparse)()
List<sp_assignment_lex> *sp_assignment_lex_list; List<sp_assignment_lex> *sp_assignment_lex_list;
List<Statement_information_item> *stmt_info_list; List<Statement_information_item> *stmt_info_list;
List<String> *string_list; List<String> *string_list;
List<LEX_CSTRING> *lex_str_list; List<Lex_ident_sys> *ident_sys_list;
Statement_information_item *stmt_info_item; Statement_information_item *stmt_info_item;
String *string; String *string;
TABLE_LIST *table_list; TABLE_LIST *table_list;
@ -259,6 +263,8 @@ void _CONCAT_UNDERSCORED(turn_parser_debug_on,yyparse)()
char *simple_string; char *simple_string;
const char *const_simple_string; const char *const_simple_string;
chooser_compare_func_creator boolfunc2creator; chooser_compare_func_creator boolfunc2creator;
class Lex_grant_privilege *lex_grant;
class Lex_grant_object_name *lex_grant_ident;
class my_var *myvar; class my_var *myvar;
class sp_condition_value *spcondvalue; class sp_condition_value *spcondvalue;
class sp_head *sphead; class sp_head *sphead;
@ -1294,6 +1300,9 @@ End SQL_MODE_ORACLE_SPECIFIC */
ident_cli ident_cli
ident_cli_set_usual_case ident_cli_set_usual_case
%type <ident_sys_ptr>
ident_sys_alloc
%type <kwd> %type <kwd>
keyword_data_type keyword_data_type
keyword_cast_type keyword_cast_type
@ -1336,6 +1345,8 @@ End SQL_MODE_ORACLE_SPECIFIC */
%type <type_handler> int_type real_type %type <type_handler> int_type real_type
%type <sp_handler> sp_handler
%type <Lex_field_type> type_with_opt_collate field_type %type <Lex_field_type> type_with_opt_collate field_type
field_type_numeric field_type_numeric
field_type_string field_type_string
@ -1346,6 +1357,9 @@ End SQL_MODE_ORACLE_SPECIFIC */
%type <Lex_dyncol_type> opt_dyncol_type dyncol_type %type <Lex_dyncol_type> opt_dyncol_type dyncol_type
numeric_dyncol_type temporal_dyncol_type string_dyncol_type numeric_dyncol_type temporal_dyncol_type string_dyncol_type
%type <column_list_privilege>
column_list_privilege
%type <create_field> field_spec column_def %type <create_field> field_spec column_def
%type <num> %type <num>
@ -1383,6 +1397,21 @@ End SQL_MODE_ORACLE_SPECIFIC */
%type <m_fk_option> %type <m_fk_option>
delete_option delete_option
%type <privilege>
column_privilege
object_privilege
opt_grant_options
opt_grant_option
grant_option_list
grant_option
%type <lex_grant>
object_privilege_list
grant_privileges
%type <lex_grant_ident>
grant_ident
%type <ulong_num> %type <ulong_num>
ulong_num real_ulong_num merge_insert_types ulong_num real_ulong_num merge_insert_types
ws_nweights ws_nweights
@ -1602,9 +1631,8 @@ End SQL_MODE_ORACLE_SPECIFIC */
attribute attribute_list attribute attribute_list
compressed_deprecated_data_type_attribute compressed_deprecated_data_type_attribute
compressed_deprecated_column_attribute compressed_deprecated_column_attribute
column_list column_list_id grant_list
opt_column_list grant_privileges grant_ident grant_list grant_option user_list user_and_role_list
object_privilege object_privilege_list user_list user_and_role_list
rename_list table_or_tables rename_list table_or_tables
clear_privileges flush_options flush_option clear_privileges flush_options flush_option
opt_flush_lock flush_lock flush_options_list opt_flush_lock flush_lock flush_options_list
@ -1717,7 +1745,10 @@ End SQL_MODE_ORACLE_SPECIFIC */
%type <lex_str_ptr> query_name %type <lex_str_ptr> query_name
%type <lex_str_list> opt_with_column_list with_column_list %type <ident_sys_list>
comma_separated_ident_list
opt_with_column_list
with_column_list
%type <vers_range_unit> opt_history_unit %type <vers_range_unit> opt_history_unit
%type <vers_history_point> history_point %type <vers_history_point> history_point
@ -2810,9 +2841,6 @@ clear_privileges:
{ {
LEX *lex=Lex; LEX *lex=Lex;
lex->users_list.empty(); lex->users_list.empty();
lex->columns.empty();
lex->grant= lex->grant_tot_col= 0;
lex->all_privileges= 0;
lex->first_select_lex()->db= null_clex_str; lex->first_select_lex()->db= null_clex_str;
lex->account_options.reset(); lex->account_options.reset();
} }
@ -2823,6 +2851,15 @@ opt_aggregate:
| AGGREGATE_SYM { $$= GROUP_AGGREGATE; } | AGGREGATE_SYM { $$= GROUP_AGGREGATE; }
; ;
sp_handler:
FUNCTION_SYM { $$= &sp_handler_function; }
| PROCEDURE_SYM { $$= &sp_handler_procedure; }
| PACKAGE_ORACLE_SYM { $$= &sp_handler_package_spec; }
| PACKAGE_ORACLE_SYM BODY_ORACLE_SYM { $$= &sp_handler_package_body; }
;
sp_name: sp_name:
ident '.' ident ident '.' ident
{ {
@ -14717,7 +14754,7 @@ with_list_element:
opt_with_column_list: opt_with_column_list:
/* empty */ /* empty */
{ {
if (($$= new (thd->mem_root) List<LEX_CSTRING>) == NULL) if (($$= new (thd->mem_root) List<Lex_ident_sys>) == NULL)
MYSQL_YYABORT; MYSQL_YYABORT;
} }
| '(' with_column_list ')' | '(' with_column_list ')'
@ -14725,22 +14762,30 @@ opt_with_column_list:
; ;
with_column_list: with_column_list:
ident comma_separated_ident_list
{ ;
$$= new (thd->mem_root) List<LEX_CSTRING>; ident_sys_alloc:
if (unlikely($$ == NULL) || ident_cli
unlikely($$->push_back((LEX_CSTRING*) {
thd->memdup(&$1, sizeof(LEX_CSTRING)), void *buf= thd->alloc(sizeof(Lex_ident_sys));
thd->mem_root))) if (!buf)
MYSQL_YYABORT;
$$= new (buf) Lex_ident_sys(thd, &$1);
}
;
comma_separated_ident_list:
ident_sys_alloc
{
$$= new (thd->mem_root) List<Lex_ident_sys>;
if (unlikely($$ == NULL || $$->push_back($1)))
MYSQL_YYABORT; MYSQL_YYABORT;
} }
| with_column_list ',' ident | comma_separated_ident_list ',' ident_sys_alloc
{ {
$1->push_back((LEX_CSTRING*) if (($$= $1)->push_back($3))
thd->memdup(&$3, sizeof(LEX_CSTRING)), MYSQL_YYABORT;
thd->mem_root);
$$= $1;
} }
; ;
@ -16615,34 +16660,12 @@ revoke:
revoke_command: revoke_command:
grant_privileges ON opt_table grant_ident FROM user_and_role_list grant_privileges ON opt_table grant_ident FROM user_and_role_list
{ {
LEX *lex= Lex; if (Lex->stmt_revoke_table(thd, $1, *$4))
lex->sql_command= SQLCOM_REVOKE;
lex->type= 0;
}
| grant_privileges ON FUNCTION_SYM grant_ident FROM user_and_role_list
{
if (unlikely(Lex->add_grant_command(thd, SQLCOM_REVOKE,
TYPE_ENUM_FUNCTION)))
MYSQL_YYABORT; MYSQL_YYABORT;
} }
| grant_privileges ON PROCEDURE_SYM grant_ident FROM user_and_role_list | grant_privileges ON sp_handler grant_ident FROM user_and_role_list
{ {
if (unlikely(Lex->add_grant_command(thd, SQLCOM_REVOKE, if (Lex->stmt_revoke_sp(thd, $1, *$4, *$3))
TYPE_ENUM_PROCEDURE)))
MYSQL_YYABORT;
}
| grant_privileges ON PACKAGE_ORACLE_SYM grant_ident
FROM user_and_role_list
{
if (unlikely(Lex->add_grant_command(thd, SQLCOM_REVOKE,
TYPE_ENUM_PACKAGE)))
MYSQL_YYABORT;
}
| grant_privileges ON PACKAGE_ORACLE_SYM BODY_ORACLE_SYM grant_ident
FROM user_and_role_list
{
if (unlikely(Lex->add_grant_command(thd, SQLCOM_REVOKE,
TYPE_ENUM_PACKAGE_BODY)))
MYSQL_YYABORT; MYSQL_YYABORT;
} }
| ALL opt_privileges ',' GRANT OPTION FROM user_and_role_list | ALL opt_privileges ',' GRANT OPTION FROM user_and_role_list
@ -16651,10 +16674,8 @@ revoke_command:
} }
| PROXY_SYM ON user FROM user_list | PROXY_SYM ON user FROM user_list
{ {
LEX *lex= Lex; if (Lex->stmt_revoke_proxy(thd, $3))
lex->users_list.push_front ($3); MYSQL_YYABORT;
lex->sql_command= SQLCOM_REVOKE;
lex->type= TYPE_ENUM_PROXY;
} }
| admin_option_for_role FROM user_and_role_list | admin_option_for_role FROM user_and_role_list
{ {
@ -16680,44 +16701,19 @@ grant_command:
grant_privileges ON opt_table grant_ident TO_SYM grant_list grant_privileges ON opt_table grant_ident TO_SYM grant_list
opt_require_clause opt_grant_options opt_require_clause opt_grant_options
{ {
LEX *lex= Lex; if (Lex->stmt_grant_table(thd, $1, *$4, $8))
lex->sql_command= SQLCOM_GRANT;
lex->type= 0;
}
| grant_privileges ON FUNCTION_SYM grant_ident TO_SYM grant_list
opt_require_clause opt_grant_options
{
if (unlikely(Lex->add_grant_command(thd, SQLCOM_GRANT,
TYPE_ENUM_FUNCTION)))
MYSQL_YYABORT; MYSQL_YYABORT;
} }
| grant_privileges ON PROCEDURE_SYM grant_ident TO_SYM grant_list | grant_privileges ON sp_handler grant_ident TO_SYM grant_list
opt_require_clause opt_grant_options opt_require_clause opt_grant_options
{ {
if (unlikely(Lex->add_grant_command(thd, SQLCOM_GRANT, if (Lex->stmt_grant_sp(thd, $1, *$4, *$3, $8))
TYPE_ENUM_PROCEDURE)))
MYSQL_YYABORT;
}
| grant_privileges ON PACKAGE_ORACLE_SYM grant_ident TO_SYM grant_list
opt_require_clause opt_grant_options
{
if (unlikely(Lex->add_grant_command(thd, SQLCOM_GRANT,
TYPE_ENUM_PACKAGE)))
MYSQL_YYABORT;
}
| grant_privileges ON PACKAGE_ORACLE_SYM BODY_ORACLE_SYM grant_ident TO_SYM grant_list
opt_require_clause opt_grant_options
{
if (unlikely(Lex->add_grant_command(thd, SQLCOM_GRANT,
TYPE_ENUM_PACKAGE_BODY)))
MYSQL_YYABORT; MYSQL_YYABORT;
} }
| PROXY_SYM ON user TO_SYM grant_list opt_grant_option | PROXY_SYM ON user TO_SYM grant_list opt_grant_option
{ {
LEX *lex= Lex; if (Lex->stmt_grant_proxy(thd, $3, $6))
lex->users_list.push_front ($3); MYSQL_YYABORT;
lex->sql_command= SQLCOM_GRANT;
lex->type= TYPE_ENUM_PROXY;
} }
| grant_role TO_SYM grant_list opt_with_admin_option | grant_role TO_SYM grant_list opt_with_admin_option
{ {
@ -16792,11 +16788,11 @@ opt_table:
; ;
grant_privileges: grant_privileges:
object_privilege_list {} object_privilege_list
| ALL opt_privileges | ALL opt_privileges
{ {
Lex->all_privileges= 1; if (!($$= new (thd->mem_root) Lex_grant_privilege(GLOBAL_ACLS, true)))
Lex->grant= GLOBAL_ACLS; MYSQL_YYABORT;
} }
; ;
@ -16807,49 +16803,75 @@ opt_privileges:
object_privilege_list: object_privilege_list:
object_privilege object_privilege
{
if (!($$= new (thd->mem_root) Lex_grant_privilege($1)))
MYSQL_YYABORT;
}
| column_list_privilege
{
if (!($$= new (thd->mem_root) Lex_grant_privilege()) ||
$$->add_column_list_privilege(thd, $1.m_columns[0],
$1.m_privilege))
MYSQL_YYABORT;
}
| object_privilege_list ',' object_privilege | object_privilege_list ',' object_privilege
{
($$= $1)->add_object_privilege($3);
}
| object_privilege_list ',' column_list_privilege
{
if (($$= $1)->add_column_list_privilege(thd, $3.m_columns[0],
$3.m_privilege))
MYSQL_YYABORT;
}
;
column_list_privilege:
column_privilege '(' comma_separated_ident_list ')'
{
$$= Lex_column_list_privilege($3, $1);
}
;
column_privilege:
SELECT_SYM { $$= SELECT_ACL; }
| INSERT { $$= INSERT_ACL; }
| UPDATE_SYM { $$= UPDATE_ACL; }
| REFERENCES { $$= REFERENCES_ACL; }
; ;
object_privilege: object_privilege:
SELECT_SYM SELECT_SYM { $$= SELECT_ACL; }
{ Lex->which_columns = SELECT_ACL;} | INSERT { $$= INSERT_ACL; }
opt_column_list {} | UPDATE_SYM { $$= UPDATE_ACL; }
| INSERT | REFERENCES { $$= REFERENCES_ACL; }
{ Lex->which_columns = INSERT_ACL;} | DELETE_SYM { $$= DELETE_ACL;}
opt_column_list {} | USAGE { $$= 0; }
| UPDATE_SYM | INDEX_SYM { $$= INDEX_ACL;}
{ Lex->which_columns = UPDATE_ACL; } | ALTER { $$= ALTER_ACL;}
opt_column_list {} | CREATE { $$= CREATE_ACL;}
| REFERENCES | DROP { $$= DROP_ACL;}
{ Lex->which_columns = REFERENCES_ACL;} | EXECUTE_SYM { $$= EXECUTE_ACL;}
opt_column_list {} | RELOAD { $$= RELOAD_ACL;}
| DELETE_SYM { Lex->grant |= DELETE_ACL;} | SHUTDOWN { $$= SHUTDOWN_ACL;}
| USAGE {} | PROCESS { $$= PROCESS_ACL;}
| INDEX_SYM { Lex->grant |= INDEX_ACL;} | FILE_SYM { $$= FILE_ACL;}
| ALTER { Lex->grant |= ALTER_ACL;} | GRANT OPTION { $$= GRANT_ACL;}
| CREATE { Lex->grant |= CREATE_ACL;} | SHOW DATABASES { $$= SHOW_DB_ACL;}
| DROP { Lex->grant |= DROP_ACL;} | SUPER_SYM { $$= SUPER_ACL;}
| EXECUTE_SYM { Lex->grant |= EXECUTE_ACL;} | CREATE TEMPORARY TABLES { $$= CREATE_TMP_ACL;}
| RELOAD { Lex->grant |= RELOAD_ACL;} | LOCK_SYM TABLES { $$= LOCK_TABLES_ACL; }
| SHUTDOWN { Lex->grant |= SHUTDOWN_ACL;} | REPLICATION SLAVE { $$= REPL_SLAVE_ACL; }
| PROCESS { Lex->grant |= PROCESS_ACL;} | REPLICATION CLIENT_SYM { $$= REPL_CLIENT_ACL; }
| FILE_SYM { Lex->grant |= FILE_ACL;} | CREATE VIEW_SYM { $$= CREATE_VIEW_ACL; }
| GRANT OPTION { Lex->grant |= GRANT_ACL;} | SHOW VIEW_SYM { $$= SHOW_VIEW_ACL; }
| SHOW DATABASES { Lex->grant |= SHOW_DB_ACL;} | CREATE ROUTINE_SYM { $$= CREATE_PROC_ACL; }
| SUPER_SYM { Lex->grant |= SUPER_ACL;} | ALTER ROUTINE_SYM { $$= ALTER_PROC_ACL; }
| CREATE TEMPORARY TABLES { Lex->grant |= CREATE_TMP_ACL;} | CREATE USER_SYM { $$= CREATE_USER_ACL; }
| LOCK_SYM TABLES { Lex->grant |= LOCK_TABLES_ACL; } | EVENT_SYM { $$= EVENT_ACL;}
| REPLICATION SLAVE { Lex->grant |= REPL_SLAVE_ACL; } | TRIGGER_SYM { $$= TRIGGER_ACL; }
| REPLICATION CLIENT_SYM { Lex->grant |= REPL_CLIENT_ACL; } | CREATE TABLESPACE { $$= CREATE_TABLESPACE_ACL; }
| CREATE VIEW_SYM { Lex->grant |= CREATE_VIEW_ACL; } | DELETE_SYM HISTORY_SYM { $$= DELETE_HISTORY_ACL; }
| SHOW VIEW_SYM { Lex->grant |= SHOW_VIEW_ACL; }
| CREATE ROUTINE_SYM { Lex->grant |= CREATE_PROC_ACL; }
| ALTER ROUTINE_SYM { Lex->grant |= ALTER_PROC_ACL; }
| CREATE USER_SYM { Lex->grant |= CREATE_USER_ACL; }
| EVENT_SYM { Lex->grant |= EVENT_ACL;}
| TRIGGER_SYM { Lex->grant |= TRIGGER_ACL; }
| CREATE TABLESPACE { Lex->grant |= CREATE_TABLESPACE_ACL; }
| DELETE_SYM HISTORY_SYM { Lex->grant |= DELETE_HISTORY_ACL; }
; ;
opt_and: opt_and:
@ -16889,41 +16911,30 @@ require_list_element:
grant_ident: grant_ident:
'*' '*'
{ {
LEX *lex= Lex; LEX_CSTRING db;
if (unlikely(lex->copy_db_to(&lex->current_select->db))) if (unlikely(Lex->copy_db_to(&db)))
MYSQL_YYABORT;
if (!($$= new (thd->mem_root) Lex_grant_object_name(db,
Lex_grant_object_name::STAR)))
MYSQL_YYABORT; MYSQL_YYABORT;
if (lex->grant == GLOBAL_ACLS)
lex->grant = DB_ACLS & ~GRANT_ACL;
else if (unlikely(lex->columns.elements))
my_yyabort_error((ER_ILLEGAL_GRANT_FOR_TABLE, MYF(0)));
} }
| ident '.' '*' | ident '.' '*'
{ {
LEX *lex= Lex; if (!($$= new (thd->mem_root) Lex_grant_object_name($1,
lex->current_select->db= $1; Lex_grant_object_name::IDENT_STAR)))
if (lex->grant == GLOBAL_ACLS) MYSQL_YYABORT;
lex->grant = DB_ACLS & ~GRANT_ACL;
else if (unlikely(lex->columns.elements))
my_yyabort_error((ER_ILLEGAL_GRANT_FOR_TABLE, MYF(0)));
} }
| '*' '.' '*' | '*' '.' '*'
{ {
LEX *lex= Lex; if (!($$= new (thd->mem_root) Lex_grant_object_name(
lex->current_select->db= null_clex_str; null_clex_str,
if (lex->grant == GLOBAL_ACLS) Lex_grant_object_name::STAR_STAR)))
lex->grant= GLOBAL_ACLS & ~GRANT_ACL; MYSQL_YYABORT;
else if (unlikely(lex->columns.elements))
my_yyabort_error((ER_ILLEGAL_GRANT_FOR_TABLE, MYF(0)));
} }
| table_ident | table_ident
{ {
LEX *lex=Lex; if (!($$= new (thd->mem_root) Lex_grant_object_name($1)))
if (unlikely(!lex->current_select->
add_table_to_list(thd, $1,NULL,
TL_OPTION_UPDATING)))
MYSQL_YYABORT; MYSQL_YYABORT;
if (lex->grant == GLOBAL_ACLS)
lex->grant = TABLE_ACLS & ~GRANT_ACL;
} }
; ;
@ -17034,49 +17045,6 @@ opt_auth_str:
} }
; ;
opt_column_list:
/* empty */
{
LEX *lex=Lex;
lex->grant |= lex->which_columns;
}
| '(' column_list ')' { }
;
column_list:
column_list ',' column_list_id
| column_list_id
;
column_list_id:
ident
{
String *new_str= new (thd->mem_root) String((const char*) $1.str,$1.length,system_charset_info);
if (unlikely(new_str == NULL))
MYSQL_YYABORT;
List_iterator <LEX_COLUMN> iter(Lex->columns);
class LEX_COLUMN *point;
LEX *lex=Lex;
while ((point=iter++))
{
if (!my_strcasecmp(system_charset_info,
point->column.c_ptr(), new_str->c_ptr()))
break;
}
lex->grant_tot_col|= lex->which_columns;
if (point)
point->rights |= lex->which_columns;
else
{
LEX_COLUMN *col= (new (thd->mem_root)
LEX_COLUMN(*new_str,lex->which_columns));
if (unlikely(col == NULL))
MYSQL_YYABORT;
lex->columns.push_back(col, thd->mem_root);
}
}
;
opt_require_clause: opt_require_clause:
/* empty */ /* empty */
| REQUIRE_SYM require_list | REQUIRE_SYM require_list
@ -17137,23 +17105,23 @@ opt_resource_options:
opt_grant_options: opt_grant_options:
/* empty */ {} /* empty */ { $$= 0; }
| WITH grant_option_list {} | WITH grant_option_list { $$= $2; }
; ;
opt_grant_option: opt_grant_option:
/* empty */ {} /* empty */ { $$= 0; }
| WITH GRANT OPTION { Lex->grant |= GRANT_ACL;} | WITH GRANT OPTION { $$= GRANT_ACL; }
; ;
grant_option_list: grant_option_list:
grant_option_list grant_option {} grant_option_list grant_option { $$= $1 | $2; }
| grant_option {} | grant_option
; ;
grant_option: grant_option:
GRANT OPTION { Lex->grant |= GRANT_ACL;} GRANT OPTION { $$= GRANT_ACL;}
| resource_option {} | resource_option { $$= 0; }
; ;
begin_stmt_mariadb: begin_stmt_mariadb: