1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CURRENT_ROLE() function

Browse Source
This commit is contained in:
Sergei Golubchik 2013-10-18 06:55:26 -07:00
parent 1ac0b920d5
commit 8122996a59
21 changed files with 213 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mysql-test/r/acl_roles_set_role-database-recursive.result
View File

@ -31,16 +31,28 @@ grant select on mysql.* to test_role2@'';
flush privileges;
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
test_role1 test_role2
localhost test_user test_role1
localhost test_user test_role2
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
set role test_role2;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role2
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
test_role1 test_role2

9
mysql-test/r/acl_roles_set_role-database-simple.result
View File

@ -17,7 +17,13 @@ grant insert, delete on mysql.roles_mapping to test_role1@'';
grant reload on *.* to test_role1@'';
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
localhost test_user test_role1
@ -29,6 +35,9 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
delete from mysql.roles_mapping where RoleFk='test_role2';
use mysql;
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
use mysql;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
select * from mysql.roles_mapping;

33
mysql-test/r/acl_roles_set_role-multiple-role.result
View File

@ -69,7 +69,13 @@ GRANT r_ins TO 'test_user'@'localhost'
GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role r_sel;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_sel
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'r_sel'
@ -91,6 +97,9 @@ localhost test_user r_rld
localhost test_user r_sel
localhost test_user r_upd
set role r_ins;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_ins
show grants;
Grants for test_user@localhost
GRANT INSERT ON *.* TO 'r_ins'
@ -110,13 +119,25 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
flush privileges;
ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
set role r_rld;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_rld
flush privileges;
set role r_sel;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_sel
flush privileges;
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
flush privileges;
ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
set role r_ins;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_ins
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'r_sel',
'r_upd');
@ -133,11 +154,20 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'r_del',
'r_ins');
set role r_rld;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_rld
flush privileges;
set role r_sel;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_sel
update mysql.roles_mapping set RoleFk='r_ins' where RoleFk='r_ins_wrong';
flush privileges;
set role r_sel;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_sel
create table mysql.random_test_table (id INT);
insert into mysql.random_test_table values (1);
select * from mysql.random_test_table;
@ -146,6 +176,9 @@ id
delete from mysql.roles_mapping where RoleFk='r_ins';
flush privileges;
set role r_sel;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_sel
insert into mysql.random_test_table values (1);
ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'random_test_table'
drop table mysql.random_test_table;

18
mysql-test/r/acl_roles_set_role-recursive.result
View File

@ -35,7 +35,13 @@ show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
@ -54,6 +60,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
@ -66,6 +75,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role2;
ERROR HY000: The role 'test_role2' has not been granted or is invalid.
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
@ -77,6 +89,9 @@ Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
@ -95,6 +110,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'

15
mysql-test/r/acl_roles_set_role-routine-simple.result
View File

@ -40,7 +40,13 @@ GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role3 TO 'test_user'@'localhost'
use mysql;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
use mysql;
call test_proc(@a);
SELECT @a;
@ -60,6 +66,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
GRANT test_role3 TO 'test_user'@'localhost'
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
@ -70,6 +79,9 @@ ERROR 42000: execute command denied to user 'test_user'@'localhost' for routine
SELECT test_func('AABBCCDD');
ERROR 42000: execute command denied to user 'test_user'@'localhost' for routine 'mysql.test_func'
set role test_role3;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role3
show grants;
Grants for test_user@localhost
GRANT EXECUTE ON `mysql`.* TO 'test_role3'
@ -91,10 +103,7 @@ revoke execute on mysql.* from test_role3@'';
delete from mysql.user where user like'test_%';
delete from mysql.roles_mapping where RoleFk like 'test%';
drop function mysql.test_func;
Warnings:
Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_func'
drop procedure mysql.test_proc;
Warnings:
Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_proc'
Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_proc'
flush privileges;

9
mysql-test/r/acl_roles_set_role-simple.result
View File

@ -22,7 +22,13 @@ show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role1'
@ -32,6 +38,9 @@ select * from mysql.roles_mapping;
HostFk UserFk RoleFk
localhost test_user test_role1
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
delete from mysql.user where user='test_role1';

9
mysql-test/r/acl_roles_set_role-table-column-priv.result
View File

@ -24,7 +24,13 @@ show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
show grants;
Grants for test_user@localhost
GRANT SELECT (RoleFk) ON `mysql`.`roles_mapping` TO 'test_role2'
@ -49,6 +55,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
use mysql;
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
select RoleFk from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
drop user 'test_user'@'localhost';

9
mysql-test/r/acl_roles_set_role-table-simple.result
View File

@ -24,7 +24,13 @@ show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
show grants;
Grants for test_user@localhost
GRANT SELECT ON `mysql`.`roles_mapping` TO 'test_role2'
@ -47,6 +53,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
use mysql;
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
drop user 'test_user'@'localhost';

12
mysql-test/r/acl_roles_show_grants.result
View File

@ -34,7 +34,13 @@ Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_user'@'localhost'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
show grants;
Grants for test_user@localhost
GRANT SELECT ON `mysql`.* TO 'test_role2'
@ -45,6 +51,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
GRANT test_role2 TO 'test_user'@'localhost'
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NONE
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO 'test_user'@'localhost'
@ -71,6 +80,9 @@ ERROR 42000: There is no such grant defined for user 'test_user' on host 'localh
show grants for CURRENT_ROLE();
ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost'
set role test_role2;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role2
show grants;
Grants for test_user@localhost
GRANT SELECT ON `mysql`.* TO 'test_role2'

4
mysql-test/t/acl_roles_set_role-database-recursive.test
View File

@ -31,13 +31,17 @@ change_user 'test_user';
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
--sorted_result
select * from mysql.roles_mapping;
set role none;
select current_user(), current_role();
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
set role test_role2;
select current_user(), current_role();
--sorted_result
select * from mysql.roles_mapping;

3
mysql-test/t/acl_roles_set_role-database-simple.test
View File

@ -22,7 +22,9 @@ change_user 'test_user';
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
select * from mysql.roles_mapping;
--error ER_TABLEACCESS_DENIED_ERROR
insert into mysql.user (user, host) values ('Dummy', 'Dummy');
@ -34,6 +36,7 @@ delete from mysql.roles_mapping where RoleFk='test_role2';
use mysql;
set role none;
select current_user(), current_role();
--error ER_DBACCESS_DENIED_ERROR
use mysql;

11
mysql-test/t/acl_roles_set_role-multiple-role.test
View File

@ -59,13 +59,16 @@ select * from mysql.roles_mapping;
--sorted_result
show grants;
select current_user(), current_role();
set role r_sel;
select current_user(), current_role();
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping;
set role r_ins;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
@ -76,14 +79,18 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
flush privileges;
set role r_rld;
select current_user(), current_role();
flush privileges;
set role r_sel;
select current_user(), current_role();
flush privileges;
set role none;
select current_user(), current_role();
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
flush privileges;
set role r_ins;
select current_user(), current_role();
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'r_sel',
'r_upd');
@ -100,11 +107,14 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
'r_del',
'r_ins');
set role r_rld;
select current_user(), current_role();
flush privileges;
set role r_sel;
select current_user(), current_role();
update mysql.roles_mapping set RoleFk='r_ins' where RoleFk='r_ins_wrong';
flush privileges;
set role r_sel;
select current_user(), current_role();
create table mysql.random_test_table (id INT);
insert into mysql.random_test_table values (1);
@ -113,6 +123,7 @@ select * from mysql.random_test_table;
delete from mysql.roles_mapping where RoleFk='r_ins';
flush privileges;
set role r_sel;
select current_user(), current_role();
--error ER_TABLEACCESS_DENIED_ERROR
insert into mysql.random_test_table values (1);
drop table mysql.random_test_table;

6
mysql-test/t/acl_roles_set_role-recursive.test
View File

@ -35,7 +35,9 @@ select * from mysql.roles_mapping;
--sorted_result
show grants;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
--sorted_result
show grants;
select * from mysql.roles_mapping where HostFk='';
@ -43,6 +45,7 @@ select * from mysql.roles_mapping where HostFk='';
--sorted_result
show grants;
set role none;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
@ -52,6 +55,7 @@ select * from mysql.roles_mapping;
show grants;
--error ER_INVALID_ROLE
set role test_role2;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
@ -61,6 +65,7 @@ select * from mysql.roles_mapping;
--sorted_result
show grants;
set role test_role1;
select current_user(), current_role();
--sorted_result
show grants;
--sorted_result
@ -69,6 +74,7 @@ select * from mysql.roles_mapping where HostFk='';
--sorted_result
show grants;
set role none;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR

4
mysql-test/t/acl_roles_set_role-routine-simple.test
View File

@ -44,7 +44,9 @@ show grants;
--error ER_DBACCESS_DENIED_ERROR
use mysql;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
use mysql;
call test_proc(@a);
@ -55,6 +57,7 @@ SELECT test_func('AABBCCDD');
--sorted_result
show grants;
set role none;
select current_user(), current_role();
--sorted_result
show grants;
@ -65,6 +68,7 @@ call test_proc(@a);
SELECT test_func('AABBCCDD');
set role test_role3;
select current_user(), current_role();
--sorted_result
show grants;
call test_proc(@a);

3
mysql-test/t/acl_roles_set_role-simple.test
View File

@ -23,13 +23,16 @@ select * from mysql.roles_mapping;
--sorted_result
show grants;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping;
set role none;
select current_user(), current_role();
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

3
mysql-test/t/acl_roles_set_role-table-column-priv.test
View File

@ -25,7 +25,9 @@ select * from mysql.roles_mapping;
--sorted_result
show grants;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
--sorted_result
show grants;
@ -42,6 +44,7 @@ show grants;
use mysql;
set role none;
select current_user(), current_role();
--sorted_result
--error ER_TABLEACCESS_DENIED_ERROR

3
mysql-test/t/acl_roles_set_role-table-simple.test
View File

@ -25,7 +25,9 @@ select * from mysql.roles_mapping;
--sorted_result
show grants;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
--sorted_result
show grants;
@ -39,6 +41,7 @@ show grants;
use mysql;
set role none;
select current_user(), current_role();
--sorted_result
--error ER_TABLEACCESS_DENIED_ERROR

4
mysql-test/t/acl_roles_show_grants.test
View File

@ -30,10 +30,13 @@ change_user 'test_user';
--sorted_result
show grants;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
--sorted_result
show grants;
set role none;
select current_user(), current_role();
--sorted_result
show grants;
@ -53,6 +56,7 @@ show grants for CURRENT_ROLE;
show grants for CURRENT_ROLE();
set role test_role2;
select current_user(), current_role();
--sorted_result
show grants;
--sorted_result

26
sql/item_strfunc.cc
View File

@ -2332,16 +2332,28 @@ bool Item_func_current_user::fix_fields(THD *thd, Item **ref)
if (Item_func_sysconst::fix_fields(thd, ref))
return TRUE;
Security_context *ctx=
#ifndef NO_EMBEDDED_ACCESS_CHECKS
(context->security_ctx
? context->security_ctx : thd->security_ctx);
#else
thd->security_ctx;
#endif /*NO_EMBEDDED_ACCESS_CHECKS*/
Security_context *ctx= context->security_ctx
? context->security_ctx : thd->security_ctx;
return init(ctx->priv_user, ctx->priv_host);
}
bool Item_func_current_role::fix_fields(THD *thd, Item **ref)
{
if (Item_func_sysconst::fix_fields(thd, ref))
return 1;
Security_context *ctx= context->security_ctx
? context->security_ctx : thd->security_ctx;
const char *role= ctx->priv_role[0] ? ctx->priv_role : NONE_ROLE;
if (str_value.copy(role, strlen(role), system_charset_info))
return 1;
str_value.mark_as_const();
return 0;
}
void Item_func_soundex::fix_length_and_dec()
{

22
sql/item_strfunc.h
View File

@ -580,6 +580,28 @@ public:
};
class Item_func_current_role :public Item_func_sysconst
{
Name_resolution_context *context;
public:
Item_func_current_role(Name_resolution_context *context_arg)
: context(context_arg) {}
bool fix_fields(THD *thd, Item **ref);
void fix_length_and_dec()
{ max_length= username_char_length * SYSTEM_CHARSET_MBMAXLEN; }
int save_in_field(Field *field, bool no_conversions)
{ return save_str_value_in_field(field, &str_value); }
const char *func_name() const { return "current_role"; }
const char *fully_qualified_func_name() const { return "current_role()"; }
String *val_str(String *)
{
DBUG_ASSERT(fixed == 1);
return (null_value ? 0 : &str_value);
}
};
class Item_func_soundex :public Item_str_func
{
String tmp_value;

8
sql/sql_yacc.yy
View File

@ -8648,6 +8648,14 @@ function_call_keyword:
Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
Lex->safe_to_cache_query= 0;
}
| CURRENT_ROLE optional_braces
{
$$= new (thd->mem_root) Item_func_current_role(Lex->current_context());
if ($$ == NULL)
MYSQL_YYABORT;
Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
Lex->safe_to_cache_query= 0;
}
| DATE_SYM '(' expr ')'
{
$$= new (thd->mem_root) Item_date_typecast($3);