MDEV-17658 change the structure of mysql.user table
Introduce User_table_tabular(mysql.user) and User_table_json(mysql.global_priv). The latter is not implemented. Automatic fallback to the old implementation works. Results change because privilege tables are opened in a different order now.
This commit is contained in:
Sergei Golubchik
parent
9887d2e881
commit
a76aadf7bc
@ -1,4 +1,4 @@
|
||||
call mtr.add_suppression("Can't open and lock privilege tables: Table 'user' was not locked with LOCK TABLES");
|
||||
call mtr.add_suppression("Can't open and lock privilege tables: Table 'db' was not locked with LOCK TABLES");
|
||||
SHOW VARIABLES like 'slave_skip_errors';
|
||||
Variable_name Value
|
||||
slave_skip_errors OFF
|
||||
@ -16,7 +16,7 @@ DROP TABLE IF EXISTS t1;
|
||||
CREATE TABLE t1 (c1 INT);
|
||||
LOCK TABLES t1 READ;
|
||||
FLUSH PRIVILEGES;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'db' was not locked with LOCK TABLES
|
||||
UNLOCK TABLES;
|
||||
DROP TABLE t1;
|
||||
#
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
|
||||
# End of 4.1 tests
|
||||
|
||||
call mtr.add_suppression("Can't open and lock privilege tables: Table 'user' was not locked with LOCK TABLES");
|
||||
call mtr.add_suppression("Can't open and lock privilege tables: Table 'db' was not locked with LOCK TABLES");
|
||||
|
||||
#
|
||||
# Bug#43835: SHOW VARIABLES does not include 0 for slave_skip_errors
|
||||
|
||||
@ -327,34 +327,34 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop database sa_db',0
|
||||
TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,,,0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create database sa_db',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'use sa_db',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,procs_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u1 IDENTIFIED BY *****',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u1 IDENTIFIED BY *****',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT ALL ON sa_db TO u2 IDENTIFIED BY *****',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD FOR u1 = PASSWORD(*****)',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,procs_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,procs_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop user u1, u2, u3',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'create table t1(id int)',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop table t1',0
|
||||
|
||||
@ -316,34 +316,34 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop database sa_db',0
|
||||
TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,,,0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create database sa_db',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'use sa_db',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,procs_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u1 IDENTIFIED BY *****',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u1 IDENTIFIED BY *****',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT ALL ON sa_db TO u2 IDENTIFIED BY *****',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD FOR u1 = PASSWORD(*****)',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,procs_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,procs_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop user u1, u2, u3',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'create table t1(id int)',0
|
||||
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop table t1',0
|
||||
|
||||
@ -145,43 +145,43 @@ UNLOCK TABLE;
|
||||
DROP DATABASE mysqltest2;
|
||||
LOCK TABLE t1 WRITE;
|
||||
CREATE USER test_1@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'db' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("CREATE USER test_1@localhost with table locked");
|
||||
UNLOCK TABLE;
|
||||
CREATE USER test_2@localhost;
|
||||
LOCK TABLE t1 WRITE;
|
||||
GRANT SELECT ON t1 TO test_2@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'tables_priv' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("GRANT select on table to user with table locked");
|
||||
GRANT ALL ON f2 TO test_2@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'tables_priv' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("GRANT ALL ON f2 TO test_2 with table locked");
|
||||
GRANT ALL ON p2 TO test_2@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'tables_priv' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("GRANT ALL ON p2 TO test_2 with table locked");
|
||||
GRANT USAGE ON *.* TO test_2@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'db' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("GRANT USAGE ON *.* TO test_2 with table locked");
|
||||
REVOKE ALL PRIVILEGES ON f2 FROM test_2@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'tables_priv' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("REVOKE ALL PRIVILEGES on function to user with table locked");
|
||||
REVOKE ALL PRIVILEGES ON p2 FROM test_2@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'tables_priv' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("REVOKE ALL PRIVILEGES on procedure to user with table locked");
|
||||
REVOKE ALL PRIVILEGES ON t1 FROM test_2@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'tables_priv' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("REVOKE ALL PRIVILEGES on table to user with table locked");
|
||||
REVOKE USAGE ON *.* FROM test_2@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'db' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("REVOKE USAGE ON *.* TO test_2 with table locked");
|
||||
RENAME USER test_2@localhost TO test_3@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'db' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("RENAME USER test_2 TO test_3 with table locked");
|
||||
UNLOCK TABLE;
|
||||
RENAME USER test_2@localhost TO test_3@localhost;
|
||||
LOCK TABLE t1 WRITE;
|
||||
DROP USER test_3@localhost;
|
||||
ERROR HY000: Table 'user' was not locked with LOCK TABLES
|
||||
ERROR HY000: Table 'db' was not locked with LOCK TABLES
|
||||
INSERT INTO t2 VALUES ("DROP USER test_3@localhost with table locked");
|
||||
UNLOCK TABLE;
|
||||
CREATE DATABASE db;
|
||||
|
||||
245
sql/sql_acl.cc
245
sql/sql_acl.cc
@ -60,6 +60,7 @@
|
||||
#define MAX_SCRAMBLE_LENGTH 1024
|
||||
|
||||
bool mysql_user_table_is_in_short_password_format= false;
|
||||
bool using_global_priv_table= true;
|
||||
|
||||
static LEX_CSTRING native_password_plugin_name= {
|
||||
STRING_WITH_LEN("mysql_native_password")
|
||||
@ -676,7 +677,6 @@ HASH *Sp_handler_package_body::get_priv_hash() const
|
||||
*/
|
||||
enum enum_acl_tables
|
||||
{
|
||||
USER_TABLE,
|
||||
DB_TABLE,
|
||||
TABLES_PRIV_TABLE,
|
||||
COLUMNS_PRIV_TABLE,
|
||||
@ -685,7 +685,7 @@ enum enum_acl_tables
|
||||
PROCS_PRIV_TABLE,
|
||||
PROXIES_PRIV_TABLE,
|
||||
ROLES_MAPPING_TABLE,
|
||||
TABLES_MAX // <== always the last
|
||||
USER_TABLE // <== always the last
|
||||
};
|
||||
// bits for open_grant_tables
|
||||
static const int Table_user= 1 << USER_TABLE;
|
||||
@ -697,16 +697,17 @@ static const int Table_procs_priv= 1 << PROCS_PRIV_TABLE;
|
||||
static const int Table_proxies_priv= 1 << PROXIES_PRIV_TABLE;
|
||||
static const int Table_roles_mapping= 1 << ROLES_MAPPING_TABLE;
|
||||
|
||||
static LEX_CSTRING MYSQL_TABLE_NAME[TABLES_MAX]= {
|
||||
{STRING_WITH_LEN("user")},
|
||||
static LEX_CSTRING MYSQL_TABLE_NAME[USER_TABLE+1]= {
|
||||
{STRING_WITH_LEN("db")},
|
||||
{STRING_WITH_LEN("tables_priv")},
|
||||
{STRING_WITH_LEN("columns_priv")},
|
||||
{STRING_WITH_LEN("host")},
|
||||
{STRING_WITH_LEN("procs_priv")},
|
||||
{STRING_WITH_LEN("proxies_priv")},
|
||||
{STRING_WITH_LEN("roles_mapping")}
|
||||
{STRING_WITH_LEN("roles_mapping")},
|
||||
{STRING_WITH_LEN("global_priv")}
|
||||
};
|
||||
static LEX_CSTRING MYSQL_TABLE_NAME_USER={STRING_WITH_LEN("user")};
|
||||
|
||||
/**
|
||||
Choose from either native or old password plugins when assigning a password
|
||||
@ -814,6 +815,57 @@ class User_table: public Grant_table_base
|
||||
return Grant_table_base::init_read_record(info) || setup_sysvars();
|
||||
}
|
||||
|
||||
virtual LEX_CSTRING& name() const = 0;
|
||||
virtual void get_auth(THD *, MEM_ROOT *, const char **, const char **) const= 0;
|
||||
virtual void set_auth(const char *, size_t, const char *, size_t) const = 0;
|
||||
virtual ulong get_access() const = 0;
|
||||
virtual void set_access(ulong rights, bool revoke) const = 0;
|
||||
|
||||
char *get_host(MEM_ROOT *root) const
|
||||
{ return ::get_field(root, m_table->field[0]); }
|
||||
int set_host(const char *s, size_t l) const
|
||||
{ return m_table->field[0]->store(s, l, system_charset_info); };
|
||||
char *get_user(MEM_ROOT *root) const
|
||||
{ return ::get_field(root, m_table->field[1]); }
|
||||
int set_user(const char *s, size_t l) const
|
||||
{ return m_table->field[1]->store(s, l, system_charset_info); };
|
||||
|
||||
virtual SSL_type get_ssl_type () const = 0;
|
||||
virtual int set_ssl_type (SSL_type x) const = 0;
|
||||
virtual const char* get_ssl_cipher (MEM_ROOT *root) const = 0;
|
||||
virtual int set_ssl_cipher (const char *s, size_t l) const = 0;
|
||||
virtual const char* get_x509_issuer (MEM_ROOT *root) const = 0;
|
||||
virtual int set_x509_issuer (const char *s, size_t l) const = 0;
|
||||
virtual const char* get_x509_subject (MEM_ROOT *root) const = 0;
|
||||
virtual int set_x509_subject (const char *s, size_t l) const = 0;
|
||||
virtual longlong get_max_questions () const = 0;
|
||||
virtual int set_max_questions (longlong x) const = 0;
|
||||
virtual longlong get_max_updates () const = 0;
|
||||
virtual int set_max_updates (longlong x) const = 0;
|
||||
virtual longlong get_max_connections () const = 0;
|
||||
virtual int set_max_connections (longlong x) const = 0;
|
||||
virtual longlong get_max_user_connections () const = 0;
|
||||
virtual int set_max_user_connections (longlong x) const = 0;
|
||||
virtual double get_max_statement_time () const = 0;
|
||||
virtual int set_max_statement_time (double x) const = 0;
|
||||
virtual bool get_is_role () const = 0;
|
||||
virtual int set_is_role (bool x) const = 0;
|
||||
virtual const char* get_default_role (MEM_ROOT *root) const = 0;
|
||||
virtual int set_default_role (const char *s, size_t l) const = 0;
|
||||
|
||||
virtual ~User_table() {}
|
||||
private:
|
||||
friend class Grant_tables;
|
||||
virtual int setup_sysvars() const = 0;
|
||||
};
|
||||
|
||||
/* MySQL-3.23 to MariaDB 10.3 `user` table */
|
||||
class User_table_tabular: public User_table
|
||||
{
|
||||
public:
|
||||
|
||||
LEX_CSTRING& name() const { return MYSQL_TABLE_NAME_USER; }
|
||||
|
||||
void get_auth(THD *thd, MEM_ROOT *root, const char **plugin, const char **authstr) const
|
||||
{
|
||||
if (have_password())
|
||||
@ -914,15 +966,6 @@ class User_table: public Grant_table_base
|
||||
}
|
||||
}
|
||||
|
||||
char *get_host(MEM_ROOT *root) const
|
||||
{ return ::get_field(root, m_table->field[0]); }
|
||||
int set_host(const char *s, size_t l) const
|
||||
{ return m_table->field[0]->store(s, l, system_charset_info); };
|
||||
char *get_user(MEM_ROOT *root) const
|
||||
{ return ::get_field(root, m_table->field[1]); }
|
||||
int set_user(const char *s, size_t l) const
|
||||
{ return m_table->field[1]->store(s, l, system_charset_info); };
|
||||
|
||||
SSL_type get_ssl_type () const
|
||||
{
|
||||
Field *f= get_field(end_priv_columns, MYSQL_TYPE_ENUM);
|
||||
@ -1056,11 +1099,12 @@ class User_table: public Grant_table_base
|
||||
return 1;
|
||||
};
|
||||
|
||||
virtual ~User_table_tabular() {}
|
||||
private:
|
||||
friend class Grant_tables;
|
||||
|
||||
/* Only Grant_tables can instantiate this class. */
|
||||
User_table() {}
|
||||
User_table_tabular() {}
|
||||
|
||||
/* The user table is a bit different compared to the other Grant tables.
|
||||
Usually, we only add columns to the grant tables when adding functionality.
|
||||
@ -1084,6 +1128,7 @@ class User_table: public Grant_table_base
|
||||
{
|
||||
username_char_length= MY_MIN(m_table->field[1]->char_length(),
|
||||
USERNAME_CHAR_LENGTH);
|
||||
using_global_priv_table= false;
|
||||
|
||||
if (have_password()) // Password column might be missing. (MySQL 5.7.6+)
|
||||
{
|
||||
@ -1140,6 +1185,48 @@ class User_table: public Grant_table_base
|
||||
Field* authstr() const { return get_field(end_priv_columns + 9, MYSQL_TYPE_BLOB); }
|
||||
};
|
||||
|
||||
/* MariaDB 10.4 and up `global_priv` table */
|
||||
class User_table_json: public User_table
|
||||
{
|
||||
LEX_CSTRING& name() const { return MYSQL_TABLE_NAME[USER_TABLE]; }
|
||||
void get_auth(THD *, MEM_ROOT *, const char **, const char **) const
|
||||
{ DBUG_ASSERT(0); }
|
||||
void set_auth(const char *, size_t, const char *, size_t) const
|
||||
{ DBUG_ASSERT(0); }
|
||||
ulong get_access() const
|
||||
{ DBUG_ASSERT(0); return 0; }
|
||||
void set_access(ulong rights, bool revoke) const
|
||||
{ DBUG_ASSERT(0); }
|
||||
|
||||
SSL_type get_ssl_type () const { DBUG_ASSERT(0); return SSL_TYPE_NONE; }
|
||||
int set_ssl_type (SSL_type x) const { DBUG_ASSERT(0); return 0; }
|
||||
const char* get_ssl_cipher (MEM_ROOT *root) const { DBUG_ASSERT(0); return 0; }
|
||||
int set_ssl_cipher (const char *s, size_t l) const { DBUG_ASSERT(0); return 0; }
|
||||
const char* get_x509_issuer (MEM_ROOT *root) const { DBUG_ASSERT(0); return 0; }
|
||||
int set_x509_issuer (const char *s, size_t l) const { DBUG_ASSERT(0); return 0; }
|
||||
const char* get_x509_subject (MEM_ROOT *root) const { DBUG_ASSERT(0); return 0; }
|
||||
int set_x509_subject (const char *s, size_t l) const { DBUG_ASSERT(0); return 0; }
|
||||
longlong get_max_questions () const { DBUG_ASSERT(0); return 0; }
|
||||
int set_max_questions (longlong x) const { DBUG_ASSERT(0); return 0; }
|
||||
longlong get_max_updates () const { DBUG_ASSERT(0); return 0; }
|
||||
int set_max_updates (longlong x) const { DBUG_ASSERT(0); return 0; }
|
||||
longlong get_max_connections () const { DBUG_ASSERT(0); return 0; }
|
||||
int set_max_connections (longlong x) const { DBUG_ASSERT(0); return 0; }
|
||||
longlong get_max_user_connections () const { DBUG_ASSERT(0); return 0; }
|
||||
int set_max_user_connections (longlong x) const { DBUG_ASSERT(0); return 0; }
|
||||
double get_max_statement_time () const { DBUG_ASSERT(0); return 0; }
|
||||
int set_max_statement_time (double x) const { DBUG_ASSERT(0); return 0; }
|
||||
bool get_is_role () const { DBUG_ASSERT(0); return 0; }
|
||||
int set_is_role (bool x) const { DBUG_ASSERT(0); return 0; }
|
||||
const char* get_default_role (MEM_ROOT *root) const { DBUG_ASSERT(0); return 0; }
|
||||
int set_default_role (const char *s, size_t l) const { DBUG_ASSERT(0); return 0; }
|
||||
|
||||
~User_table_json() {}
|
||||
private:
|
||||
friend class Grant_tables;
|
||||
int setup_sysvars() const { DBUG_ASSERT(0); return 1; }
|
||||
};
|
||||
|
||||
class Db_table: public Grant_table_base
|
||||
{
|
||||
public:
|
||||
@ -1255,56 +1342,14 @@ class Roles_mapping_table: public Grant_table_base
|
||||
class Grant_tables
|
||||
{
|
||||
public:
|
||||
Grant_tables() { }
|
||||
Grant_tables() : p_user_table(&m_user_table_json) { }
|
||||
|
||||
/* Before any operation is possible on grant tables, they must be opened.
|
||||
This opens the tables according to the lock type specified during
|
||||
construction.
|
||||
|
||||
@retval 1 replication filters matched. Abort the operation,
|
||||
but return OK (!)
|
||||
@retval 0 tables were opened successfully
|
||||
@retval -1 error, tables could not be opened
|
||||
*/
|
||||
int open_and_lock(THD *thd, int which_tables, enum thr_lock_type lock_type)
|
||||
{
|
||||
DBUG_ENTER("Grant_tables::open_and_lock");
|
||||
TABLE_LIST tables[TABLES_MAX], *first= NULL;
|
||||
TABLE_LIST tables[USER_TABLE+1], *first= NULL;
|
||||
|
||||
DBUG_ASSERT(which_tables); /* At least one table must be opened. */
|
||||
for (int i=TABLES_MAX-1; i >=0; i--)
|
||||
{
|
||||
TABLE_LIST *tl= tables + i;
|
||||
if (which_tables & (1 << i))
|
||||
{
|
||||
tl->init_one_table(&MYSQL_SCHEMA_NAME, &MYSQL_TABLE_NAME[i],
|
||||
NULL, lock_type);
|
||||
tl->open_type= OT_BASE_ONLY;
|
||||
tl->updating= lock_type >= TL_WRITE_ALLOW_WRITE;
|
||||
tl->open_strategy= i >= FIRST_OPTIONAL_TABLE
|
||||
? TABLE_LIST::OPEN_IF_EXISTS : TABLE_LIST::OPEN_NORMAL;
|
||||
tl->next_global= tl->next_local= first;
|
||||
first= tl;
|
||||
}
|
||||
else
|
||||
tl->table= NULL;
|
||||
}
|
||||
#ifdef HAVE_REPLICATION
|
||||
if (lock_type >= TL_WRITE_ALLOW_WRITE &&
|
||||
thd->slave_thread && !thd->spcont)
|
||||
{
|
||||
/*
|
||||
GRANT and REVOKE are applied the slave in/exclusion rules as they are
|
||||
some kind of updates to the mysql.% tables.
|
||||
*/
|
||||
Rpl_filter *rpl_filter= thd->system_thread_info.rpl_sql_info->rpl_filter;
|
||||
if (rpl_filter->is_on() && !rpl_filter->tables_ok(0, first))
|
||||
DBUG_RETURN(1);
|
||||
}
|
||||
#endif
|
||||
if (open_and_lock_tables(thd, first, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
|
||||
DBUG_RETURN(-1);
|
||||
|
||||
/*
|
||||
We can read privilege tables even when !initialized.
|
||||
This can be acl_load() - server startup or FLUSH PRIVILEGES
|
||||
@ -1315,7 +1360,45 @@ class Grant_tables
|
||||
DBUG_RETURN(-1);
|
||||
}
|
||||
|
||||
m_user_table.set_table(tables[USER_TABLE].table);
|
||||
for (int i=USER_TABLE; i >=0; i--)
|
||||
{
|
||||
TABLE_LIST *tl= tables + i;
|
||||
if (which_tables & (1 << i))
|
||||
{
|
||||
tl->init_one_table(&MYSQL_SCHEMA_NAME, &MYSQL_TABLE_NAME[i],
|
||||
NULL, lock_type);
|
||||
tl->updating= lock_type >= TL_WRITE_ALLOW_WRITE;
|
||||
if (i >= FIRST_OPTIONAL_TABLE)
|
||||
tl->open_strategy= TABLE_LIST::OPEN_IF_EXISTS;
|
||||
tl->next_global= tl->next_local= first;
|
||||
first= tl;
|
||||
}
|
||||
else
|
||||
tl->table= NULL;
|
||||
}
|
||||
|
||||
uint counter;
|
||||
int res= really_open(thd, first, &counter);
|
||||
|
||||
/* if User_table_json wasn't found, let's try User_table_tabular */
|
||||
if (!res && (which_tables & Table_user) && !(tables[USER_TABLE].table))
|
||||
{
|
||||
uint unused;
|
||||
TABLE_LIST *tl= tables + USER_TABLE;
|
||||
tl->init_one_table(&MYSQL_SCHEMA_NAME, &MYSQL_TABLE_NAME_USER,
|
||||
NULL, lock_type);
|
||||
tl->updating= lock_type >= TL_WRITE_ALLOW_WRITE;
|
||||
p_user_table= &m_user_table_tabular;
|
||||
counter++;
|
||||
res= really_open(thd, tl, &unused);
|
||||
}
|
||||
if (res)
|
||||
DBUG_RETURN(res);
|
||||
|
||||
if (lock_tables(thd, first, counter, MYSQL_LOCK_IGNORE_TIMEOUT))
|
||||
DBUG_RETURN(-1);
|
||||
|
||||
p_user_table->set_table(tables[USER_TABLE].table);
|
||||
m_db_table.set_table(tables[DB_TABLE].table);
|
||||
m_tables_priv_table.set_table(tables[TABLES_PRIV_TABLE].table);
|
||||
m_columns_priv_table.set_table(tables[COLUMNS_PRIV_TABLE].table);
|
||||
@ -1327,7 +1410,7 @@ class Grant_tables
|
||||
}
|
||||
|
||||
inline const User_table& user_table() const
|
||||
{ return m_user_table; }
|
||||
{ return *p_user_table; }
|
||||
|
||||
inline const Db_table& db_table() const
|
||||
{ return m_db_table; }
|
||||
@ -1351,7 +1434,38 @@ class Grant_tables
|
||||
{ return m_roles_mapping_table; }
|
||||
|
||||
private:
|
||||
User_table m_user_table;
|
||||
|
||||
/* Before any operation is possible on grant tables, they must be opened.
|
||||
|
||||
@retval 1 replication filters matched. Abort the operation,
|
||||
but return OK (!)
|
||||
@retval 0 tables were opened successfully
|
||||
@retval -1 error, tables could not be opened
|
||||
*/
|
||||
int really_open(THD *thd, TABLE_LIST* tables, uint *counter)
|
||||
{
|
||||
DBUG_ENTER("Grant_tables::really_open:");
|
||||
#ifdef HAVE_REPLICATION
|
||||
if (tables->lock_type >= TL_WRITE_ALLOW_WRITE &&
|
||||
thd->slave_thread && !thd->spcont)
|
||||
{
|
||||
/*
|
||||
GRANT and REVOKE are applied the slave in/exclusion rules as they are
|
||||
some kind of updates to the mysql.% tables.
|
||||
*/
|
||||
Rpl_filter *rpl_filter= thd->system_thread_info.rpl_sql_info->rpl_filter;
|
||||
if (rpl_filter->is_on() && !rpl_filter->tables_ok(0, tables))
|
||||
DBUG_RETURN(1);
|
||||
}
|
||||
#endif
|
||||
if (open_tables(thd, &tables, counter, MYSQL_LOCK_IGNORE_TIMEOUT))
|
||||
DBUG_RETURN(-1);
|
||||
DBUG_RETURN(0);
|
||||
}
|
||||
|
||||
User_table *p_user_table;
|
||||
User_table_json m_user_table_json;
|
||||
User_table_tabular m_user_table_tabular;
|
||||
Db_table m_db_table;
|
||||
Tables_priv_table m_tables_priv_table;
|
||||
Columns_priv_table m_columns_priv_table;
|
||||
@ -3105,7 +3219,7 @@ bool change_password(THD *thd, LEX_USER *user)
|
||||
save_binlog_format= thd->set_current_stmt_binlog_format_stmt();
|
||||
|
||||
if (WSREP(thd) && !IF_WSREP(thd->wsrep_applier, 0))
|
||||
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, (char*)"user", NULL);
|
||||
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
|
||||
|
||||
if ((result= tables.open_and_lock(thd, Table_user, TL_WRITE)))
|
||||
DBUG_RETURN(result != 1);
|
||||
@ -3228,7 +3342,7 @@ int acl_set_default_role(THD *thd, const char *host, const char *user,
|
||||
{
|
||||
thd->set_query(buff, query_length, system_charset_info);
|
||||
// Attention!!! here is implicit goto error;
|
||||
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, (char*)"user", NULL);
|
||||
WSREP_TO_ISOLATION_BEGIN(WSREP_MYSQL_DB, NULL, NULL);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -3759,7 +3873,8 @@ static int replace_user_table(THD *thd, const User_table &user_table,
|
||||
if (user_table.set_is_role(true))
|
||||
{
|
||||
my_error(ER_COL_COUNT_DOESNT_MATCH_PLEASE_UPDATE, MYF(0),
|
||||
"user", ROLE_ASSIGN_COLUMN_IDX + 1, user_table.num_fields(),
|
||||
user_table.name().str,
|
||||
ROLE_ASSIGN_COLUMN_IDX + 1, user_table.num_fields(),
|
||||
static_cast<int>(table->s->mysql_version), MYSQL_VERSION_ID);
|
||||
goto end;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user