Commit 30a23278 authored by unknown's avatar unknown
Browse files

sql_acl.cc, sql_acl.h, sql_parse.cc 

  New privilege CREATE USER (CREATE_USER_ACL, Create_user_priv) added
grant2.test:
  new tests (mostly backported from jani's patch)
system_mysql_db.result, sp.result, grant2.result, grant.result:
  results updated


mysql-test/r/grant.result:
  results updated
mysql-test/r/grant2.result:
  results updated
mysql-test/r/sp.result:
  results updated
mysql-test/r/system_mysql_db.result:
  results updated
mysql-test/t/grant2.test:
  new tests (mostly backported from jani's patch)
scripts/mysql_create_system_tables.sh:
  Create_user_priv added
scripts/mysql_fix_privilege_tables.sql:
  Create_user_priv added
sql/sql_acl.cc:
  Create_user_priv added
sql/sql_acl.h:
  Create_user_priv added
sql/sql_parse.cc:
  Create_user_priv added
sql/sql_show.cc:
  Create_user_priv added
sql/sql_yacc.yy:
  Create_user_priv added
BitKeeper/etc/logging_ok:
  Logging to logging@openlogging.org accepted
parent 135979d9

BitKeeper/etc/logging_ok

+1 −0
Original line number Diff line number Diff line
@@ -225,6 +225,7 @@ salle@vafla.online.bg 
sasha@mysql.sashanet.com

serg@build.mysql.com

serg@build.mysql2.com

serg@mysql.com

serg@serg.mylan

serg@serg.mysql.com

serg@sergbook.mylan

mysql-test/r/grant.result

+7 −6
Original line number Diff line number Diff line
@@ -10,8 +10,8 @@ GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE CIPHER 'EDH-RSA-DES-CBC3 
GRANT SELECT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'

grant delete on mysqltest.* to mysqltest_1@localhost;

select * from mysql.user where user="mysqltest_1";

Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections

localhost	mysqltest_1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	EDH-RSA-DES-CBC3-SHA			0	0	0	0

Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections

localhost	mysqltest_1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	EDH-RSA-DES-CBC3-SHA			0	0	0	0

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE CIPHER 'EDH-RSA-DES-CBC3-SHA'
@@ -41,15 +41,15 @@ delete from mysql.user where user='mysqltest_1'; 
flush privileges;

grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;

select * from mysql.user where user="mysqltest_1";

Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections

localhost	mysqltest_1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					10	0	0	0

Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections

localhost	mysqltest_1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					10	0	0	0

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10

grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;

select * from mysql.user where user="mysqltest_1";

Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections

localhost	mysqltest_1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					10	20	30	0

Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections

localhost	mysqltest_1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					10	20	30	0

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30
@@ -440,6 +440,7 @@ Create Databases,Tables,Indexes To create new databases and tables 
Create routine	Functions,Procedures	To use CREATE FUNCTION/PROCEDURE

Create temporary tables	Databases	To use CREATE TEMPORARY TABLE

Create view	Tables	To create new views

Create user	Server Admin	To create new users

Delete	Tables	To delete existing rows

Drop	Databases,Tables	To drop databases, tables, and views

Execute	Functions,Procedures	To execute stored routines

mysql-test/r/grant2.result

+27 −12
Original line number Diff line number Diff line
@@ -5,7 +5,25 @@ delete from mysql.db where user like 'mysqltest\_%'; 
delete from mysql.tables_priv where user like 'mysqltest\_%';

delete from mysql.columns_priv where user like 'mysqltest\_%';

flush privileges;

grant all privileges on `my\_1`.* to mysqltest_1@localhost with grant option;

grant create user on *.* to mysqltest_1@localhost;

create user mysqltest_2@localhost;

grant select on `my\_1`.* to mysqltest_2@localhost;

grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass';

ERROR 42000: You must have privileges to update tables in the mysql database to be able to change passwords for others

grant update on mysql.* to mysqltest_1@localhost;

grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass';

grant select on `my\_1`.* to mysqltest_3@localhost;

grant insert on mysql.* to mysqltest_1@localhost;

grant select on `my\_1`.* to mysqltest_3@localhost;

grant select on `my\_1`.* to mysqltest_4@localhost identified by 'pass';

delete from mysql.user where user like 'mysqltest\_%';

delete from mysql.db where user like 'mysqltest\_%';

delete from mysql.tables_priv where user like 'mysqltest\_%';

delete from mysql.columns_priv where user like 'mysqltest\_%';

flush privileges;

grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;

grant create user on *.* to mysqltest_1@localhost;

select current_user();

current_user()

mysqltest_1@localhost
@@ -23,10 +41,9 @@ grant select on `my\_1`.* to mysqltest_4@localhost with grant option; 
ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users

grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'

with grant option;

ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql'

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'

GRANT CREATE USER ON *.* TO 'mysqltest_1'@'localhost'

GRANT ALL PRIVILEGES ON `my\_%`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION

show grants for mysqltest_2@localhost;

Grants for mysqltest_2@localhost
@@ -212,7 +229,7 @@ GRANT USAGE ON *.* TO '%@a'@'a' 
GRANT SELECT ON "mysql".* TO '%@a'@'a'

drop user '%@a'@'a';

create user mysqltest_2@localhost;

grant usage on *.* to mysqltest_2@localhost with grant option;

grant create user on *.* to mysqltest_2@localhost;

select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;

ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 'user'

create user mysqltest_A@'%';
@@ -220,19 +237,17 @@ rename user mysqltest_A@'%' to mysqltest_B@'%'; 
drop user mysqltest_B@'%';

drop user mysqltest_2@localhost;

create user mysqltest_3@localhost;

grant all privileges on mysql.* to mysqltest_3@localhost;

grant INSERT,DELETE,UPDATE on mysql.* to mysqltest_3@localhost;

show grants;

Grants for mysqltest_3@localhost

GRANT USAGE ON *.* TO 'mysqltest_3'@'localhost'

GRANT INSERT, UPDATE, DELETE ON `mysql`.* TO 'mysqltest_3'@'localhost'

select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;

host	user	password

%	mysqltest_2	*BD447CBA355AF58578D3AE33BA2E2CD388BA08D1

localhost	mysqltest_3	

ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for table 'user'

insert into mysql.user set host='%', user='mysqltest_B';

create user mysqltest_A@'%';

ERROR 42000: Access denied for user 'mysqltest_3'@'localhost' to database 'mysql'

rename user mysqltest_B@'%' to mysqltest_C@'%';

ERROR 42000: Access denied for user 'mysqltest_3'@'localhost' to database 'mysql'

drop user mysqltest_B@'%';

ERROR 42000: Access denied for user 'mysqltest_3'@'localhost' to database 'mysql'

drop user mysqltest_B@'%';

drop user mysqltest_C@'%';

drop user mysqltest_3@localhost;

set @@sql_mode='';

create database mysqltest_1;

mysql-test/r/sp.result

+2 −0
Original line number Diff line number Diff line
@@ -2185,6 +2185,7 @@ Create Databases,Tables,Indexes To create new databases and tables 
Create routine	Functions,Procedures	To use CREATE FUNCTION/PROCEDURE

Create temporary tables	Databases	To use CREATE TEMPORARY TABLE

Create view	Tables	To create new views

Create user	Server Admin	To create new users

Delete	Tables	To delete existing rows

Drop	Databases,Tables	To drop databases, tables, and views

Execute	Functions,Procedures	To execute stored routines
@@ -2238,6 +2239,7 @@ Create Databases,Tables,Indexes To create new databases and tables 
Create routine	Functions,Procedures	To use CREATE FUNCTION/PROCEDURE

Create temporary tables	Databases	To use CREATE TEMPORARY TABLE

Create view	Tables	To create new views

Create user	Server Admin	To create new users

Delete	Tables	To delete existing rows

Drop	Databases,Tables	To drop databases, tables, and views

Execute	Functions,Procedures	To execute stored routines

mysql-test/r/system_mysql_db.result

+1 −0
Original line number Diff line number Diff line
@@ -96,6 +96,7 @@ user CREATE TABLE `user` ( 
  `Show_view_priv` enum('N','Y') character set utf8 NOT NULL default 'N',

  `Create_routine_priv` enum('N','Y') character set utf8 NOT NULL default 'N',

  `Alter_routine_priv` enum('N','Y') character set utf8 NOT NULL default 'N',

  `Create_user_priv` enum('N','Y') character set utf8 NOT NULL default 'N',

  `ssl_type` enum('','ANY','X509','SPECIFIED') character set utf8 NOT NULL default '',

  `ssl_cipher` blob NOT NULL,

  `x509_issuer` blob NOT NULL,