Commit 4a5ca0bc authored by unknown's avatar unknown
Browse files

Make GRANTs, which change SSL attributes and/or user limits, 

to behave well on 5.0 tables (well now you can't use tables from 4.1
and 5.0 with 4.0 because former use utf8, but still it is nice to have
similar code in acl_init() and replace_user_table()).
This also will make such GRANTs working in 5.0 (they are broken now).


mysql-test/r/grant.result:
  Added test for GRANT which manipulates user limits.
mysql-test/t/grant.test:
  Added test for GRANT which manipulates user limits.
parent e6dfed9f

mysql-test/r/grant.result

+22 −0
Original line number Diff line number Diff line
@@ -36,6 +36,28 @@ Grants for mysqltest_1@localhost 
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'

delete from mysql.user where user='mysqltest_1';

flush privileges;

delete from mysql.user where user='mysqltest_1';

flush privileges;

grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;

select * from mysql.user where user="mysqltest_1";

Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections

localhost	mysqltest_1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					10	0	0

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10

grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;

select * from mysql.user where user="mysqltest_1";

Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections

localhost	mysqltest_1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					10	20	30

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30

flush privileges;

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30

delete from mysql.user where user='mysqltest_1';

flush privileges;

grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost;

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

mysql-test/t/grant.test

+17 −0
Original line number Diff line number Diff line
@@ -27,6 +27,23 @@ show grants for mysqltest_1@localhost; 
delete from mysql.user where user='mysqltest_1';

flush privileges;



#

# Test of GRANTS specifying user limits

#

delete from mysql.user where user='mysqltest_1';

flush privileges;

grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 10;

select * from mysql.user where user="mysqltest_1";

show grants for mysqltest_1@localhost;

grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 20 max_connections_per_hour 30;

select * from mysql.user where user="mysqltest_1";

show grants for mysqltest_1@localhost;

# This is just to double check that one won't ignore results of selects

flush privileges;

show grants for mysqltest_1@localhost;

delete from mysql.user where user='mysqltest_1';

flush privileges;



#

# Test that the new db privileges are stored/retrieved correctly

#

sql/sql_acl.cc

+30 −26
Original line number Diff line number Diff line
@@ -1403,6 +1403,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, 


  Field **tmp_field;

  ulong priv;

  uint next_field;

  for (tmp_field= table->field+3, priv = SELECT_ACL;

       *tmp_field && (*tmp_field)->real_type() == FIELD_TYPE_ENUM &&

	 ((Field_enum*) (*tmp_field))->typelib->count == 2 ;
@@ -1411,56 +1412,59 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, 
    if (priv & rights)				 // set requested privileges

      (*tmp_field)->store(&what,1);

  }

  rights=get_access(table,3,0);

  rights= get_access(table, 3, &next_field);

  DBUG_PRINT("info",("table->fields: %d",table->fields));

  if (table->fields >= 31)		/* From 4.0.0 we have more fields */

  {

    /* We write down SSL related ACL stuff */

    switch (thd->lex.ssl_type) {

    case SSL_TYPE_ANY:

      table->field[24]->store("ANY",3);

      table->field[25]->store("",0);

      table->field[26]->store("",0);

      table->field[27]->store("",0);

      table->field[next_field]->store("ANY", 3);

      table->field[next_field+1]->store("", 0);

      table->field[next_field+2]->store("", 0);

      table->field[next_field+3]->store("", 0);

      break;

    case SSL_TYPE_X509:

      table->field[24]->store("X509",4);

      table->field[25]->store("",0);

      table->field[26]->store("",0);

      table->field[27]->store("",0);

      table->field[next_field]->store("X509", 4);

      table->field[next_field+1]->store("", 0);

      table->field[next_field+2]->store("", 0);

      table->field[next_field+3]->store("", 0);

      break;

    case SSL_TYPE_SPECIFIED:

      table->field[24]->store("SPECIFIED",9);

      table->field[25]->store("",0);

      table->field[26]->store("",0);

      table->field[27]->store("",0);

      table->field[next_field]->store("SPECIFIED", 9);

      table->field[next_field+1]->store("", 0);

      table->field[next_field+2]->store("", 0);

      table->field[next_field+3]->store("", 0);

      if (thd->lex.ssl_cipher)

	table->field[25]->store(thd->lex.ssl_cipher,

        table->field[next_field+1]->store(thd->lex.ssl_cipher,

                                          strlen(thd->lex.ssl_cipher));

      if (thd->lex.x509_issuer)

	table->field[26]->store(thd->lex.x509_issuer,

        table->field[next_field+2]->store(thd->lex.x509_issuer,

                                          strlen(thd->lex.x509_issuer));

      if (thd->lex.x509_subject)

	table->field[27]->store(thd->lex.x509_subject,

        table->field[next_field+3]->store(thd->lex.x509_subject,

                                          strlen(thd->lex.x509_subject));

      break;

    case SSL_TYPE_NOT_SPECIFIED:

      break;

    case SSL_TYPE_NONE:

      table->field[24]->store("",0);

      table->field[25]->store("",0);

      table->field[26]->store("",0);

      table->field[27]->store("",0);

      table->field[next_field]->store("", 0);

      table->field[next_field+1]->store("", 0);

      table->field[next_field+2]->store("", 0);

      table->field[next_field+3]->store("", 0);

      break;

    }



    /* Skip over SSL related fields to first user limits related field */

    next_field+= 4;



    USER_RESOURCES mqh = thd->lex.mqh;

    if (mqh.bits & 1)

      table->field[28]->store((longlong) mqh.questions);

      table->field[next_field]->store((longlong) mqh.questions);

    if (mqh.bits & 2)

      table->field[29]->store((longlong) mqh.updates);

      table->field[next_field+1]->store((longlong) mqh.updates);

    if (mqh.bits & 4)

      table->field[30]->store((longlong) mqh.connections);

      table->field[next_field+2]->store((longlong) mqh.connections);

    mqh_used = mqh_used || mqh.questions || mqh.updates || mqh.connections;

  }

  if (old_row_exists)