1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sql_acl.cc: better recognize the context to tell the role from a user

Browse Source 
REQUIRE and MAX_QUERIES_PER_HOUR can not possibly apply to a role
This commit is contained in:
Sergei Golubchik 2014-11-24 16:53:51 +01:00
parent bc603c604d
commit 91ad0cd580
4 changed files with 38 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
mysql-test/suite/roles/password.result
View File

@ -10,25 +10,25 @@ ERROR HY000: Plugin 'plugin' is not loaded
grant select on mysql.user to r1 identified via plugin using 'param'; grant select on mysql.user to r1 identified via plugin using 'param';
ERROR HY000: Plugin 'plugin' is not loaded ERROR HY000: Plugin 'plugin' is not loaded
grant select on *.* to r1 require subject 'foobar'; grant select on *.* to r1 require subject 'foobar';
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on mysql.user to r1 require issuer 'foobar'; grant select on mysql.user to r1 require issuer 'foobar';
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on *.* to r1 require cipher 'foobar'; grant select on *.* to r1 require cipher 'foobar';
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on mysql.user to r1 require ssl; grant select on mysql.user to r1 require ssl;
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on *.* to r1 require x509; grant select on *.* to r1 require x509;
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on mysql.user to r1 require none; grant select on mysql.user to r1 require none;
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on *.* to r1 with max_queries_per_hour 10; grant select on *.* to r1 with max_queries_per_hour 10;
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on mysql.user to r1 with max_updates_per_hour 10; grant select on mysql.user to r1 with max_updates_per_hour 10;
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on *.* to r1 with max_connections_per_hour 10; grant select on *.* to r1 with max_connections_per_hour 10;
ERROR 28000: Can't find any matching row in the user table drop user r1;
grant select on mysql.user to r1 with max_user_connections 10; grant select on mysql.user to r1 with max_user_connections 10;
ERROR 28000: Can't find any matching row in the user table drop user r1;
set password for r1 = '00000000000000000000000000000000000000000'; set password for r1 = '00000000000000000000000000000000000000000';
ERROR 28000: Can't find any matching row in the user table ERROR 28000: Can't find any matching row in the user table
drop role r1; drop role r1;

22
mysql-test/suite/roles/password.test
View File

@ -24,26 +24,28 @@ grant select on *.* to r1 identified via plugin;
--error ER_PLUGIN_IS_NOT_LOADED --error ER_PLUGIN_IS_NOT_LOADED
grant select on mysql.user to r1 identified via plugin using 'param'; grant select on mysql.user to r1 identified via plugin using 'param';
--error ER_PASSWORD_NO_MATCH # same for REQUIRE and mqh
grant select on *.* to r1 require subject 'foobar'; grant select on *.* to r1 require subject 'foobar';
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on mysql.user to r1 require issuer 'foobar'; grant select on mysql.user to r1 require issuer 'foobar';
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on *.* to r1 require cipher 'foobar'; grant select on *.* to r1 require cipher 'foobar';
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on mysql.user to r1 require ssl; grant select on mysql.user to r1 require ssl;
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on *.* to r1 require x509; grant select on *.* to r1 require x509;
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on mysql.user to r1 require none; grant select on mysql.user to r1 require none;
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on *.* to r1 with max_queries_per_hour 10; grant select on *.* to r1 with max_queries_per_hour 10;
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on mysql.user to r1 with max_updates_per_hour 10; grant select on mysql.user to r1 with max_updates_per_hour 10;
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on *.* to r1 with max_connections_per_hour 10; grant select on *.* to r1 with max_connections_per_hour 10;
--error ER_PASSWORD_NO_MATCH drop user r1;
grant select on mysql.user to r1 with max_user_connections 10; grant select on mysql.user to r1 with max_user_connections 10;
drop user r1;
--error ER_PASSWORD_NO_MATCH --error ER_PASSWORD_NO_MATCH
set password for r1 = '00000000000000000000000000000000000000000'; set password for r1 = '00000000000000000000000000000000000000000';

6
sql/sql_acl.cc
View File

@ -10806,6 +10806,12 @@ LEX_USER *get_current_user(THD *thd, LEX_USER *user, bool lock)
return 0; return 0;
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
if (has_auth(user, thd->lex))
{
dup->host= host_not_specified;
return dup;
}
if (is_invalid_role_name(user->user.str)) if (is_invalid_role_name(user->user.str))
return 0; return 0;

15
sql/sql_yacc.yy
View File

@ -14000,7 +14000,7 @@ user_maybe_role:
MYSQL_YYABORT; MYSQL_YYABORT;
$$->user = $1; $$->user = $1;
$$->host= null_lex_str; // User or Role, see get_current_user() $$->host= null_lex_str; // User or Role, see get_current_user()
$$->password= null_lex_str; $$->password= null_lex_str;
$$->plugin= empty_lex_str; $$->plugin= empty_lex_str;
$$->auth= empty_lex_str; $$->auth= empty_lex_str;
@ -14014,7 +14014,7 @@ user_maybe_role:
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user)))) if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
MYSQL_YYABORT; MYSQL_YYABORT;
$$->user = $1; $$->host=$3; $$->user = $1; $$->host=$3;
$$->password= null_lex_str; $$->password= null_lex_str;
$$->plugin= empty_lex_str; $$->plugin= empty_lex_str;
$$->auth= empty_lex_str; $$->auth= empty_lex_str;
@ -14046,6 +14046,7 @@ user_maybe_role:
if (!($$=(LEX_USER*)thd->calloc(sizeof(LEX_USER)))) if (!($$=(LEX_USER*)thd->calloc(sizeof(LEX_USER))))
MYSQL_YYABORT; MYSQL_YYABORT;
$$->user= current_user; $$->user= current_user;
$$->password= null_lex_str;
$$->plugin= empty_lex_str; $$->plugin= empty_lex_str;
$$->auth= empty_lex_str; $$->auth= empty_lex_str;
} }
@ -15285,6 +15286,7 @@ current_role:
if (!($$=(LEX_USER*) thd->calloc(sizeof(LEX_USER)))) if (!($$=(LEX_USER*) thd->calloc(sizeof(LEX_USER))))
MYSQL_YYABORT; MYSQL_YYABORT;
$$->user= current_role; $$->user= current_role;
$$->password= null_lex_str;
$$->plugin= empty_lex_str; $$->plugin= empty_lex_str;
$$->auth= empty_lex_str; $$->auth= empty_lex_str;
} }
@ -15302,7 +15304,7 @@ grant_role:
MYSQL_YYABORT; MYSQL_YYABORT;
$$->user = $1; $$->user = $1;
$$->host= empty_lex_str; $$->host= empty_lex_str;
$$->password= null_lex_str; $$->password= null_lex_str;
$$->plugin= empty_lex_str; $$->plugin= empty_lex_str;
$$->auth= empty_lex_str; $$->auth= empty_lex_str;
@ -15565,7 +15567,7 @@ grant_user:
$1->auth= $6; $1->auth= $6;
} }
| user_or_role | user_or_role
{ $$= $1; $1->password= null_lex_str; } { $$= $1; }
; ;
opt_column_list: opt_column_list:
@ -16016,7 +16018,10 @@ no_definer:
definer: definer:
DEFINER_SYM EQ user_or_role DEFINER_SYM EQ user_or_role
{ {
thd->lex->definer= $3; Lex->definer= $3;
Lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
Lex->ssl_cipher= Lex->x509_subject= Lex->x509_issuer= 0;
bzero(&(Lex->mqh), sizeof(Lex->mqh));
} }
; ;