mysql · MikeWang000000 · Nov 21, 2024
diff --git a/sql/auth/partial_revokes.cc b/sql/auth/partial_revokes.cc
@@ -185,7 +185,7 @@ bool DB_restrictions::add(const Json_object &json_object) {
           const Json_string *priv = down_cast<const Json_string *>(priv_dom);
           const auto &itr = global_acls_map.find(priv->value());
           if (itr == global_acls_map.end()) return true;
-          priv_mask |= (1UL << itr->second);
+          priv_mask |= ((Access_bitmask)1 << itr->second);
         }
         add(db_string->value(), priv_mask);
       }

diff --git a/sql/event_data_objects.cc b/sql/event_data_objects.cc
@@ -1177,7 +1177,7 @@ bool Event_job_data::execute(THD *thd, bool drop) {
     if (construct_drop_event_sql(thd, &sp_sql, m_schema_name, m_event_name))
       ret = true;
     else {
-      ulong saved_master_access;
+      Access_bitmask saved_master_access;
 
       thd->set_query(sp_sql.c_ptr_safe(), sp_sql.length());
       /*

diff --git a/sql/server_component/persistent_dynamic_loader.cc b/sql/server_component/persistent_dynamic_loader.cc
@@ -152,7 +152,7 @@ static Component_db_intact table_intact;
   @retval false success
 */
 static bool open_component_table(THD *thd, enum thr_lock_type lock_type,
-                                 TABLE **table, ulong acl_to_check) {
+                                 TABLE **table, Access_bitmask acl_to_check) {
   Table_ref tables("mysql", "component", lock_type);
 
   if (mysql_persistent_dynamic_loader_imp::initialized() && !opt_noacl &&

diff --git a/sql/sql_db.cc b/sql/sql_db.cc
@@ -125,7 +125,7 @@ static bool find_db_tables(THD *thd, const dd::Schema &schema, const char *db,
 static long mysql_rm_arc_files(THD *thd, MY_DIR *dirp, const char *org_path);
 static bool rm_dir_w_symlink(const char *org_path, bool send_error);
 static void mysql_change_db_impl(THD *thd, const LEX_CSTRING &new_db_name,
-                                 ulong new_db_access,
+                                 Access_bitmask new_db_access,
                                  const CHARSET_INFO *new_db_charset);
 
 bool get_default_db_collation(const dd::Schema &schema,
@@ -1332,7 +1332,7 @@ long mysql_rm_arc_files(THD *thd, MY_DIR *dirp, const char *org_path) {
 */
 
 static void mysql_change_db_impl(THD *thd, const LEX_CSTRING &new_db_name,
-                                 ulong new_db_access,
+                                 Access_bitmask new_db_access,
                                  const CHARSET_INFO *new_db_charset) {
   /* 1. Change current database in THD. */
 
@@ -1490,7 +1490,7 @@ bool mysql_change_db(THD *thd, const LEX_CSTRING &new_db_name,
   LEX_CSTRING new_db_file_name_cstr;
 
   Security_context *sctx = thd->security_context();
-  ulong db_access = sctx->current_db_access();
+  Access_bitmask db_access = sctx->current_db_access();
   const CHARSET_INFO *db_default_cl = nullptr;
 
   // We must make sure the schema is released and unlocked in the right order.

diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
@@ -433,8 +433,9 @@ bool Sql_cmd_insert_base::precheck(THD *thd) {
     Check that we have modify privileges for the first table and
     select privileges for the rest
   */
-  ulong privilege = INSERT_ACL | (duplicates == DUP_REPLACE ? DELETE_ACL : 0) |
-                    (update_value_list.empty() ? 0 : UPDATE_ACL);
+  Access_bitmask privilege = INSERT_ACL |
+                             (duplicates == DUP_REPLACE ? DELETE_ACL : 0) |
+                             (update_value_list.empty() ? 0 : UPDATE_ACL);
 
   if (check_one_table_access(thd, privilege, lex->query_tables)) return true;
 
@@ -1054,9 +1055,9 @@ bool Sql_cmd_insert_base::prepare_inner(THD *thd) {
       Require proper privileges for all leaf tables of the view.
       @todo - Check for target table only.
     */
-    ulong privilege = INSERT_ACL |
-                      (duplicates == DUP_REPLACE ? DELETE_ACL : 0) |
-                      (update_value_list.empty() ? 0 : UPDATE_ACL);
+    Access_bitmask privilege = INSERT_ACL |
+                               (duplicates == DUP_REPLACE ? DELETE_ACL : 0) |
+                               (update_value_list.empty() ? 0 : UPDATE_ACL);
 
     if (select->check_view_privileges(thd, privilege, privilege)) return true;
     /*

diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
@@ -1798,7 +1798,8 @@ bool dispatch_command(THD *thd, const COM_DATA *com_data,
         TODO: remove this when we have full 64 bit my_time_t support
       */
       LogErr(ERROR_LEVEL, ER_UNSUPPORTED_DATE);
-      const ulong master_access = thd->security_context()->master_access();
+      const Access_bitmask master_access =
+          thd->security_context()->master_access();
       thd->security_context()->set_master_access(master_access | SHUTDOWN_ACL);
       error = true;
       kill_mysql();

diff --git a/sql/sql_update.cc b/sql/sql_update.cc
@@ -145,7 +145,7 @@ bool Sql_cmd_update::precheck(THD *thd) {
       if (tr->is_derived() || tr->uses_materialization())
         tr->grant.privilege = SELECT_ACL;
       else {
-        auto chk = [&](long want_access) {
+        auto chk = [&](Access_bitmask want_access) {
           const bool ignore_errors = (want_access == UPDATE_ACL);
           return check_access(thd, want_access, tr->db, &tr->grant.privilege,
                               &tr->grant.m_internal, false, ignore_errors) ||