Skip to content

Commit 91ad0cd

Browse files
committed
sql_acl.cc: better recognize the context to tell the role from a user
REQUIRE and MAX_QUERIES_PER_HOUR can not possibly apply to a role
1 parent bc603c6 commit 91ad0cd

File tree

4 files changed

+38
-25
lines changed

4 files changed

+38
-25
lines changed

mysql-test/suite/roles/password.result

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -10,25 +10,25 @@ ERROR HY000: Plugin 'plugin' is not loaded
1010
grant select on mysql.user to r1 identified via plugin using 'param';
1111
ERROR HY000: Plugin 'plugin' is not loaded
1212
grant select on *.* to r1 require subject 'foobar';
13-
ERROR 28000: Can't find any matching row in the user table
13+
drop user r1;
1414
grant select on mysql.user to r1 require issuer 'foobar';
15-
ERROR 28000: Can't find any matching row in the user table
15+
drop user r1;
1616
grant select on *.* to r1 require cipher 'foobar';
17-
ERROR 28000: Can't find any matching row in the user table
17+
drop user r1;
1818
grant select on mysql.user to r1 require ssl;
19-
ERROR 28000: Can't find any matching row in the user table
19+
drop user r1;
2020
grant select on *.* to r1 require x509;
21-
ERROR 28000: Can't find any matching row in the user table
21+
drop user r1;
2222
grant select on mysql.user to r1 require none;
23-
ERROR 28000: Can't find any matching row in the user table
23+
drop user r1;
2424
grant select on *.* to r1 with max_queries_per_hour 10;
25-
ERROR 28000: Can't find any matching row in the user table
25+
drop user r1;
2626
grant select on mysql.user to r1 with max_updates_per_hour 10;
27-
ERROR 28000: Can't find any matching row in the user table
27+
drop user r1;
2828
grant select on *.* to r1 with max_connections_per_hour 10;
29-
ERROR 28000: Can't find any matching row in the user table
29+
drop user r1;
3030
grant select on mysql.user to r1 with max_user_connections 10;
31-
ERROR 28000: Can't find any matching row in the user table
31+
drop user r1;
3232
set password for r1 = '00000000000000000000000000000000000000000';
3333
ERROR 28000: Can't find any matching row in the user table
3434
drop role r1;

mysql-test/suite/roles/password.test

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -24,26 +24,28 @@ grant select on *.* to r1 identified via plugin;
2424
--error ER_PLUGIN_IS_NOT_LOADED
2525
grant select on mysql.user to r1 identified via plugin using 'param';
2626

27-
--error ER_PASSWORD_NO_MATCH
27+
# same for REQUIRE and mqh
2828
grant select on *.* to r1 require subject 'foobar';
29-
--error ER_PASSWORD_NO_MATCH
29+
drop user r1;
3030
grant select on mysql.user to r1 require issuer 'foobar';
31-
--error ER_PASSWORD_NO_MATCH
31+
drop user r1;
3232
grant select on *.* to r1 require cipher 'foobar';
33-
--error ER_PASSWORD_NO_MATCH
33+
drop user r1;
3434
grant select on mysql.user to r1 require ssl;
35-
--error ER_PASSWORD_NO_MATCH
35+
drop user r1;
3636
grant select on *.* to r1 require x509;
37-
--error ER_PASSWORD_NO_MATCH
37+
drop user r1;
3838
grant select on mysql.user to r1 require none;
39-
--error ER_PASSWORD_NO_MATCH
39+
drop user r1;
4040
grant select on *.* to r1 with max_queries_per_hour 10;
41-
--error ER_PASSWORD_NO_MATCH
41+
drop user r1;
4242
grant select on mysql.user to r1 with max_updates_per_hour 10;
43-
--error ER_PASSWORD_NO_MATCH
43+
drop user r1;
4444
grant select on *.* to r1 with max_connections_per_hour 10;
45-
--error ER_PASSWORD_NO_MATCH
45+
drop user r1;
4646
grant select on mysql.user to r1 with max_user_connections 10;
47+
drop user r1;
48+
4749
--error ER_PASSWORD_NO_MATCH
4850
set password for r1 = '00000000000000000000000000000000000000000';
4951

sql/sql_acl.cc

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10806,6 +10806,12 @@ LEX_USER *get_current_user(THD *thd, LEX_USER *user, bool lock)
1080610806
return 0;
1080710807

1080810808
#ifndef NO_EMBEDDED_ACCESS_CHECKS
10809+
if (has_auth(user, thd->lex))
10810+
{
10811+
dup->host= host_not_specified;
10812+
return dup;
10813+
}
10814+
1080910815
if (is_invalid_role_name(user->user.str))
1081010816
return 0;
1081110817

sql/sql_yacc.yy

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14000,7 +14000,7 @@ user_maybe_role:
1400014000
MYSQL_YYABORT;
1400114001
$$->user = $1;
1400214002
$$->host= null_lex_str; // User or Role, see get_current_user()
14003-
$$->password= null_lex_str;
14003+
$$->password= null_lex_str;
1400414004
$$->plugin= empty_lex_str;
1400514005
$$->auth= empty_lex_str;
1400614006

@@ -14014,7 +14014,7 @@ user_maybe_role:
1401414014
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
1401514015
MYSQL_YYABORT;
1401614016
$$->user = $1; $$->host=$3;
14017-
$$->password= null_lex_str;
14017+
$$->password= null_lex_str;
1401814018
$$->plugin= empty_lex_str;
1401914019
$$->auth= empty_lex_str;
1402014020

@@ -14046,6 +14046,7 @@ user_maybe_role:
1404614046
if (!($$=(LEX_USER*)thd->calloc(sizeof(LEX_USER))))
1404714047
MYSQL_YYABORT;
1404814048
$$->user= current_user;
14049+
$$->password= null_lex_str;
1404914050
$$->plugin= empty_lex_str;
1405014051
$$->auth= empty_lex_str;
1405114052
}
@@ -15285,6 +15286,7 @@ current_role:
1528515286
if (!($$=(LEX_USER*) thd->calloc(sizeof(LEX_USER))))
1528615287
MYSQL_YYABORT;
1528715288
$$->user= current_role;
15289+
$$->password= null_lex_str;
1528815290
$$->plugin= empty_lex_str;
1528915291
$$->auth= empty_lex_str;
1529015292
}
@@ -15302,7 +15304,7 @@ grant_role:
1530215304
MYSQL_YYABORT;
1530315305
$$->user = $1;
1530415306
$$->host= empty_lex_str;
15305-
$$->password= null_lex_str;
15307+
$$->password= null_lex_str;
1530615308
$$->plugin= empty_lex_str;
1530715309
$$->auth= empty_lex_str;
1530815310

@@ -15565,7 +15567,7 @@ grant_user:
1556515567
$1->auth= $6;
1556615568
}
1556715569
| user_or_role
15568-
{ $$= $1; $1->password= null_lex_str; }
15570+
{ $$= $1; }
1556915571
;
1557015572

1557115573
opt_column_list:
@@ -16016,7 +16018,10 @@ no_definer:
1601616018
definer:
1601716019
DEFINER_SYM EQ user_or_role
1601816020
{
16019-
thd->lex->definer= $3;
16021+
Lex->definer= $3;
16022+
Lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
16023+
Lex->ssl_cipher= Lex->x509_subject= Lex->x509_issuer= 0;
16024+
bzero(&(Lex->mqh), sizeof(Lex->mqh));
1602016025
}
1602116026
;
1602216027

0 commit comments

Comments
 (0)