| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Almost no logic changes except for 1:
* Printing the hostname uses the user's hostname instead of the
routine's hostname
|
| | |
|
| |
|
|
|
|
|
| |
This commit introduces the logic to show denies for table and column
TODO: more test cases, more showing only denies that don't leak object
information
|
| |
|
|
|
| |
* Remove code duplication and reuse functions.
* my_hash_get_key -> pair_first_key now a template function, made public
|
| | |
|
| | |
|
| |
|
|
| |
During insert, the value isn't mutated so we can accept a const ptr.
|
| |
|
|
|
| |
Delete the copy constructor for Dynamic_array and use proper move
semantics for acl_dbs.
|
| |
|
|
| |
The String isn't mutated so it can be marked as const.
|
| |
|
|
|
|
| |
command_array wasn't particularly meaningful as a name.
Also use LEX_CSTRING instead of 2 separate arrays.
|
| |
|
|
|
|
|
| |
The *ptr could end up dereferencing to an invalid memory address
if the function's parameter is ill-formed.
Adjust the where clause to ensure that can not happen.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The issue manifests due to a bug in mysql_routine_grant. This was a side
effect of e46eea8660fb which fixed the problem of not giving appropriate error
message (ER_NONEXISTING_PROC_GRANT) when a routine grant existed due to role
inheritance.
When granting a routine privilege, it is possible to have a GRANT_NAME
entry already created from an inherited role, but with it's init_privs
set to 0.
In this case we must not create a *new* grant entry, but we must edit
this grant entry to set its init_privs.
Note that this case was already covered by MDEV-29458, however due to a
forgotten "flush privileges;" the actual code path never got hit.
Remove the flush privilege command as it was never intended to be there
in the first place.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was an issue in updating in-memory role datastructures when
propagating role grants.
The issue is that changing a particular role's privilege (on any
privilege level, global, database, etc.)
was done such that it overwrote the entire set of bits for that
particular level of privileges.
For example:
grant select on *.* to r1 -> sets the access bits to r1 to select,
regardless of what bits were present for role r1 (inherited from any
other roles).
Before this fix, the rights of role r1 were propagated to any roles r1
was granted to, however the propagated rights did *not* include the
complete rights r1 inherited from its own grants.
For example:
grant r2 to r1;
grant select on *.* to r2;
grant insert on *.* to r1; # This command completely disregards the
# select privilege from r2.
In order to correct this, ensure that before rights are propagated
onwards, that the current's role rights have been updated from its
grants.
Additionally, the patch exposed a flaw in the DROP ROLE code.
When deleting a role we removed all its previous grants, but what
remained was the actual links of roles granted to the dropped role.
Having these links present when propagating grants meant that we would
have leftover ACL_xxx entries.
Ensure that the links are removed before propagating grants.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
column
There was a bug in the ACL internal data structures GRANT_TABLE and
GRANT_COLUMN. The semantics are: GRANT_TABLE::init_cols and
GRANT_COLUMN::init_privs represent the bits that correspond to the
privilege bits stored in the physical tables. The other struct members
GRANT_TABLE::cols and GRANT_COLUMN::privs represent the actual access
bits, as they may be modified through role grants.
The error in logic was mixing the two fields and thus we ended up
storing the logical access bits in the physical tables, instead of the
physical (init_xxx) bits.
This caused subsequent DBUG_ASSERT failures when dropping the involved
roles.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Includes WIP test case
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This commit fixes show view and select privilege denies.
Other cleanup work:
- TODO(cvicentiu) describe this when rebasing.
- get_table_grant -> Take in table strings, not a TABLE_LIST
- get_column_grant -> Take in sctx.
- check_some_grants_remain -> take in role denies.
- check_column_access_denied -> Utility function for show view.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
check_grant_db now takes TABLE level denies into account.
|
| | |
|
| | |
|
| |
|
|
|
| |
This is an intermediate cleanup commit, aimed at removing the need for strlens
by passing in already computed LEX_CSTRINGS.
|
| |
|
|
| |
Update string to match DENY clause too.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
