Loading mysql-test/r/grant2.result +22 −6 Original line number Diff line number Diff line Loading @@ -5,6 +5,23 @@ delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; grant all privileges on `my\_1`.* to mysqltest_1@localhost with grant option; create user mysqltest_2@localhost; grant select on `my\_1`.* to mysqltest_2@localhost; grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; ERROR 42000: You must have privileges to update tables in the mysql database to be able to change passwords for others grant update on mysql.* to mysqltest_1@localhost; grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; grant select on `my\_1`.* to mysqltest_3@localhost; ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant insert on mysql.* to mysqltest_1@localhost; grant select on `my\_1`.* to mysqltest_3@localhost; grant select on `my\_1`.* to mysqltest_4@localhost identified by 'pass'; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option; select current_user(); current_user() Loading @@ -13,6 +30,7 @@ select current_user; current_user mysqltest_1@localhost grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option; ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option; ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'my_%' set @@sql_mode='NO_AUTO_CREATE_USER'; Loading @@ -23,15 +41,13 @@ grant select on `my\_1`.* to mysqltest_4@localhost with grant option; ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass' with grant option; ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql' ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' GRANT ALL PRIVILEGES ON `my\_%`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION show grants for mysqltest_2@localhost; Grants for mysqltest_2@localhost GRANT USAGE ON *.* TO 'mysqltest_2'@'localhost' GRANT ALL PRIVILEGES ON `my\_1`.* TO 'mysqltest_2'@'localhost' WITH GRANT OPTION ERROR 42000: There is no such grant defined for user 'mysqltest_2' on host 'localhost' show grants for mysqltest_3@localhost; ERROR 42000: There is no such grant defined for user 'mysqltest_3' on host 'localhost' delete from mysql.user where user like 'mysqltest\_%'; Loading Loading @@ -61,9 +77,9 @@ flush privileges; create table t1 (a int, b int); grant select (a) on t1 to mysqltest_1@localhost with grant option; grant select (a,b) on t1 to mysqltest_2@localhost; ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 't1' ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant select on t1 to mysqltest_3@localhost; ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1' ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users drop table t1; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; Loading mysql-test/t/grant2.test +36 −3 Original line number Diff line number Diff line Loading @@ -17,6 +17,36 @@ delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; grant all privileges on `my\_1`.* to mysqltest_1@localhost with grant option; create user mysqltest_2@localhost; connect (user_a,localhost,mysqltest_1,,); connection user_a; grant select on `my\_1`.* to mysqltest_2@localhost; --error 1132 grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; disconnect user_a; connection default; grant update on mysql.* to mysqltest_1@localhost; connect (user_b,localhost,mysqltest_1,,); connection user_b; grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; --error 1211 grant select on `my\_1`.* to mysqltest_3@localhost; disconnect user_b; connection default; grant insert on mysql.* to mysqltest_1@localhost; connect (user_c,localhost,mysqltest_1,,); connection user_c; grant select on `my\_1`.* to mysqltest_3@localhost; grant select on `my\_1`.* to mysqltest_4@localhost identified by 'pass'; disconnect user_c; connection default; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; # # wild_compare fun # Loading @@ -26,9 +56,11 @@ connect (user1,localhost,mysqltest_1,,); connection user1; select current_user(); select current_user; --error 1211 grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option; --error 1044 grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option; # # NO_AUTO_CREATE_USER mode # Loading @@ -36,12 +68,13 @@ set @@sql_mode='NO_AUTO_CREATE_USER'; select @@sql_mode; --error 1211 grant select on `my\_1`.* to mysqltest_4@localhost with grant option; --error 1044 --error 1211 grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass' with grant option; disconnect user1; connection default; show grants for mysqltest_1@localhost; --error 1141 show grants for mysqltest_2@localhost; --error 1141 show grants for mysqltest_3@localhost; Loading Loading @@ -83,9 +116,9 @@ create table t1 (a int, b int); grant select (a) on t1 to mysqltest_1@localhost with grant option; connect (mrugly, localhost, mysqltest_1,,mysqltest); connection mrugly; --error 1143 --error 1211 grant select (a,b) on t1 to mysqltest_2@localhost; --error 1142 --error 1211 grant select on t1 to mysqltest_3@localhost; disconnect mrugly; Loading sql/sql_acl.h +2 −0 Original line number Diff line number Diff line Loading @@ -190,6 +190,8 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list, bool mysql_procedure_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list, ulong rights, bool revoke, bool no_error); ACL_USER *check_acl_user(LEX_USER *user_name, uint *acl_acl_userdx); my_bool grant_init(THD *thd); void grant_free(void); void grant_reload(THD *thd); Loading sql/sql_parse.cc +26 −8 Original line number Diff line number Diff line Loading @@ -3631,18 +3631,36 @@ mysql_execute_command(THD *thd) if (thd->user) // If not replication { LEX_USER *user; uint counter; List_iterator <LEX_USER> user_list(lex->users_list); while ((user=user_list++)) { if (user->password.str && (strcmp(thd->user, user->user.str) || if (strcmp(thd->user, user->user.str) || user->host.str && my_strcasecmp(system_charset_info, user->host.str, thd->host_or_ip))) user->host.str, thd->host_or_ip)) { if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 0)) goto error; break; // We are allowed to do changes // We are trying to update another user, or create a new user if (!check_access(thd, GRANT_ACL, "mysql", 0, 1, 1)) break; // We can update any existing, or add new users if (!check_acl_user(user, &counter) && check_access(thd, INSERT_ACL, "mysql", 0, 1, 1)) { my_error(ER_NO_PERMISSION_TO_CREATE_USER, MYF(0), thd->user, thd->host_or_ip); goto error; // Can't create new user, user does not exists } if (check_acl_user(user, &counter) && user->password.str && check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1)) { my_message(ER_PASSWORD_NOT_ALLOWED, ER(ER_PASSWORD_NOT_ALLOWED), MYF(0)); goto error; // Can't update password, user already exists } } } } Loading Loading
mysql-test/r/grant2.result +22 −6 Original line number Diff line number Diff line Loading @@ -5,6 +5,23 @@ delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; grant all privileges on `my\_1`.* to mysqltest_1@localhost with grant option; create user mysqltest_2@localhost; grant select on `my\_1`.* to mysqltest_2@localhost; grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; ERROR 42000: You must have privileges to update tables in the mysql database to be able to change passwords for others grant update on mysql.* to mysqltest_1@localhost; grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; grant select on `my\_1`.* to mysqltest_3@localhost; ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant insert on mysql.* to mysqltest_1@localhost; grant select on `my\_1`.* to mysqltest_3@localhost; grant select on `my\_1`.* to mysqltest_4@localhost identified by 'pass'; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option; select current_user(); current_user() Loading @@ -13,6 +30,7 @@ select current_user; current_user mysqltest_1@localhost grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option; ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option; ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'my_%' set @@sql_mode='NO_AUTO_CREATE_USER'; Loading @@ -23,15 +41,13 @@ grant select on `my\_1`.* to mysqltest_4@localhost with grant option; ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass' with grant option; ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql' ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' GRANT ALL PRIVILEGES ON `my\_%`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION show grants for mysqltest_2@localhost; Grants for mysqltest_2@localhost GRANT USAGE ON *.* TO 'mysqltest_2'@'localhost' GRANT ALL PRIVILEGES ON `my\_1`.* TO 'mysqltest_2'@'localhost' WITH GRANT OPTION ERROR 42000: There is no such grant defined for user 'mysqltest_2' on host 'localhost' show grants for mysqltest_3@localhost; ERROR 42000: There is no such grant defined for user 'mysqltest_3' on host 'localhost' delete from mysql.user where user like 'mysqltest\_%'; Loading Loading @@ -61,9 +77,9 @@ flush privileges; create table t1 (a int, b int); grant select (a) on t1 to mysqltest_1@localhost with grant option; grant select (a,b) on t1 to mysqltest_2@localhost; ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 't1' ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users grant select on t1 to mysqltest_3@localhost; ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1' ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users drop table t1; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; Loading
mysql-test/t/grant2.test +36 −3 Original line number Diff line number Diff line Loading @@ -17,6 +17,36 @@ delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; grant all privileges on `my\_1`.* to mysqltest_1@localhost with grant option; create user mysqltest_2@localhost; connect (user_a,localhost,mysqltest_1,,); connection user_a; grant select on `my\_1`.* to mysqltest_2@localhost; --error 1132 grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; disconnect user_a; connection default; grant update on mysql.* to mysqltest_1@localhost; connect (user_b,localhost,mysqltest_1,,); connection user_b; grant select on `my\_1`.* to mysqltest_2@localhost identified by 'pass'; --error 1211 grant select on `my\_1`.* to mysqltest_3@localhost; disconnect user_b; connection default; grant insert on mysql.* to mysqltest_1@localhost; connect (user_c,localhost,mysqltest_1,,); connection user_c; grant select on `my\_1`.* to mysqltest_3@localhost; grant select on `my\_1`.* to mysqltest_4@localhost identified by 'pass'; disconnect user_c; connection default; delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; # # wild_compare fun # Loading @@ -26,9 +56,11 @@ connect (user1,localhost,mysqltest_1,,); connection user1; select current_user(); select current_user; --error 1211 grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option; --error 1044 grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option; # # NO_AUTO_CREATE_USER mode # Loading @@ -36,12 +68,13 @@ set @@sql_mode='NO_AUTO_CREATE_USER'; select @@sql_mode; --error 1211 grant select on `my\_1`.* to mysqltest_4@localhost with grant option; --error 1044 --error 1211 grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass' with grant option; disconnect user1; connection default; show grants for mysqltest_1@localhost; --error 1141 show grants for mysqltest_2@localhost; --error 1141 show grants for mysqltest_3@localhost; Loading Loading @@ -83,9 +116,9 @@ create table t1 (a int, b int); grant select (a) on t1 to mysqltest_1@localhost with grant option; connect (mrugly, localhost, mysqltest_1,,mysqltest); connection mrugly; --error 1143 --error 1211 grant select (a,b) on t1 to mysqltest_2@localhost; --error 1142 --error 1211 grant select on t1 to mysqltest_3@localhost; disconnect mrugly; Loading
sql/sql_acl.h +2 −0 Original line number Diff line number Diff line Loading @@ -190,6 +190,8 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list, bool mysql_procedure_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list, ulong rights, bool revoke, bool no_error); ACL_USER *check_acl_user(LEX_USER *user_name, uint *acl_acl_userdx); my_bool grant_init(THD *thd); void grant_free(void); void grant_reload(THD *thd); Loading
sql/sql_parse.cc +26 −8 Original line number Diff line number Diff line Loading @@ -3631,18 +3631,36 @@ mysql_execute_command(THD *thd) if (thd->user) // If not replication { LEX_USER *user; uint counter; List_iterator <LEX_USER> user_list(lex->users_list); while ((user=user_list++)) { if (user->password.str && (strcmp(thd->user, user->user.str) || if (strcmp(thd->user, user->user.str) || user->host.str && my_strcasecmp(system_charset_info, user->host.str, thd->host_or_ip))) user->host.str, thd->host_or_ip)) { if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 0)) goto error; break; // We are allowed to do changes // We are trying to update another user, or create a new user if (!check_access(thd, GRANT_ACL, "mysql", 0, 1, 1)) break; // We can update any existing, or add new users if (!check_acl_user(user, &counter) && check_access(thd, INSERT_ACL, "mysql", 0, 1, 1)) { my_error(ER_NO_PERMISSION_TO_CREATE_USER, MYF(0), thd->user, thd->host_or_ip); goto error; // Can't create new user, user does not exists } if (check_acl_user(user, &counter) && user->password.str && check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1)) { my_message(ER_PASSWORD_NOT_ALLOWED, ER(ER_PASSWORD_NOT_ALLOWED), MYF(0)); goto error; // Can't update password, user already exists } } } } Loading
