=== modified file 'debian/patches/33_scripts__mysql_create_system_tables__no_test.dpatch' --- debian/patches/33_scripts__mysql_create_system_tables__no_test.dpatch 2014-02-03 14:22:39 +0000 +++ debian/patches/33_scripts__mysql_create_system_tables__no_test.dpatch 2014-11-22 12:19:17 +0000 @@ -28,9 +28,9 @@ -- from local machine if "user" table didn't exist before CREATE TEMPORARY TABLE tmp_user LIKE user; @@ -43,8 +33,6 @@ INSERT INTO tmp_user VALUES ('localhost' - REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N' FROM dual WHERE @current_hostname != 'localhost'; - REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N'); - REPLACE INTO tmp_user VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N'); + REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N',0,0,0 FROM dual WHERE @current_hostname != 'localhost'; + REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N',0,0,0); + REPLACE INTO tmp_user VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N',0,0,0); -INSERT INTO tmp_user (host,user) VALUES ('localhost',''); -INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE @current_hostname != 'localhost'; INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0; === modified file 'mysql-test/suite/sys_vars/r/gtid_domain_id_basic.result' --- mysql-test/suite/sys_vars/r/gtid_domain_id_basic.result 2013-03-26 09:35:34 +0000 +++ mysql-test/suite/sys_vars/r/gtid_domain_id_basic.result 2014-11-24 09:59:24 +0000 @@ -27,3 +27,205 @@ @@session.gtid_domain_id 0 SET GLOBAL gtid_domain_id= @old_gtid_domain_id; +** Creating new user without super privilege** +CREATE user 'gtid_dom'@'localhost'; +CREATE user 'gtid_root'@'localhost'; +GRANT SUPER ON *.* TO 'gtid_root'@'localhost'; +UPDATE mysql.user SET domain_id_default=4, domain_id_min=10, domain_id_max=20 WHERE user='gtid_dom' AND host='localhost'; +UPDATE mysql.user SET domain_id_default=4, domain_id_min=10, domain_id_max=20 WHERE user='gtid_root' AND host='localhost'; +FLUSH PRIVILEGES; +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; +domain_id_default domain_id_min domain_id_max +4 10 20 +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; +domain_id_default domain_id_min domain_id_max +4 10 20 +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; +domain_id_default domain_id_min domain_id_max +4 10 20 +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; +domain_id_default domain_id_min domain_id_max +4 10 20 +** Connecting connn using username 'gtid_dom' ** +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +SELECT @@session.gtid_domain_id_default; +@@session.gtid_domain_id_default +4 +SELECT @@session.gtid_domain_id_min; +@@session.gtid_domain_id_min +10 +SELECT @@session.gtid_domain_id_max; +@@session.gtid_domain_id_max +20 +SET SESSION gtid_domain_id=10; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +10 +SET SESSION gtid_domain_id=11; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +11 +SET SESSION gtid_domain_id=19; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +19 +SET SESSION gtid_domain_id=20; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +20 +SET SESSION gtid_domain_id=4; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +** Things that should fail when not running as super user.** +SET SESSION gtid_domain_id=3; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +SET SESSION gtid_domain_id=5; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +SET SESSION gtid_domain_id=9; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +SET SESSION gtid_domain_id=21; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +SET SESSION gtid_domain_id=0; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +SET SESSION gtid_domain_id_min=0; +ERROR HY000: Variable 'gtid_domain_id_min' is a read only variable +SET SESSION gtid_domain_id_max=300; +ERROR HY000: Variable 'gtid_domain_id_max' is a read only variable +SET GLOBAL gtid_domain_id=4; +ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation +SET GLOBAL gtid_domain_id=10; +ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation +SET GLOBAL gtid_domain_id=20; +ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation +SET GLOBAL gtid_domain_id_min=0; +ERROR HY000: Variable 'gtid_domain_id_min' is a read only variable +SET GLOBAL gtid_domain_id_max=300; +ERROR HY000: Variable 'gtid_domain_id_max' is a read only variable +SET GLOBAL gtid_domain_id_default=300; +ERROR HY000: Variable 'gtid_domain_id_default' is a read only variable +** Connecting connroot using username 'gtid_root' ** +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +SELECT @@session.gtid_domain_id_default; +@@session.gtid_domain_id_default +4 +SELECT @@session.gtid_domain_id_min; +@@session.gtid_domain_id_min +0 +SELECT @@session.gtid_domain_id_max; +@@session.gtid_domain_id_max +4294967295 +SET SESSION gtid_domain_id=10; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +10 +SET SESSION gtid_domain_id=11; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +11 +SET SESSION gtid_domain_id=19; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +19 +SET SESSION gtid_domain_id=20; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +20 +SET SESSION gtid_domain_id=4; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +4 +** Used to fail because of gtid_domain_id_limits however don't apply to super user.** +SET SESSION gtid_domain_id=3; +SET SESSION gtid_domain_id=5; +SET SESSION gtid_domain_id=9; +SET SESSION gtid_domain_id=21; +SET SESSION gtid_domain_id=0; +SET SESSION gtid_domain_id_min=0; +ERROR HY000: Variable 'gtid_domain_id_min' is a read only variable +SET SESSION gtid_domain_id_max=300; +ERROR HY000: Variable 'gtid_domain_id_max' is a read only variable +SET GLOBAL gtid_domain_id_min=0; +ERROR HY000: Variable 'gtid_domain_id_min' is a read only variable +SET GLOBAL gtid_domain_id_max=300; +ERROR HY000: Variable 'gtid_domain_id_max' is a read only variable +SET GLOBAL gtid_domain_id_default=300; +ERROR HY000: Variable 'gtid_domain_id_default' is a read only variable +** Check acl cache cleared ** +UPDATE mysql.user SET domain_id_default=24, domain_id_min=30, domain_id_max=40 WHERE user='gtid_dom' AND host='localhost'; +FLUSH PRIVILEGES; +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; +domain_id_default domain_id_min domain_id_max +24 30 40 +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +24 +SELECT @@session.gtid_domain_id_default; +@@session.gtid_domain_id_default +24 +SELECT @@session.gtid_domain_id_min; +@@session.gtid_domain_id_min +30 +SELECT @@session.gtid_domain_id_max; +@@session.gtid_domain_id_max +40 +SET SESSION gtid_domain_id=24; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +24 +SET SESSION gtid_domain_id=30; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +30 +SET SESSION gtid_domain_id=40; +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +40 +** Things that should fail after user changed.** +SET SESSION gtid_domain_id=10; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +40 +SET SESSION gtid_domain_id=11; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +40 +SET SESSION gtid_domain_id=19; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +40 +SET SESSION gtid_domain_id=20; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +40 +SET SESSION gtid_domain_id=4; +ERROR HY000: Incorrect arguments to gtid_domain_id +SELECT @@session.gtid_domain_id; +@@session.gtid_domain_id +40 +** Disconnecting connn ** +DROP USER 'gtid_dom'@'localhost'; +DROP USER 'gtid_root'@'localhost'; === modified file 'mysql-test/suite/sys_vars/t/gtid_domain_id_basic.test' --- mysql-test/suite/sys_vars/t/gtid_domain_id_basic.test 2013-03-26 09:35:34 +0000 +++ mysql-test/suite/sys_vars/t/gtid_domain_id_basic.test 2014-11-24 09:56:40 +0000 @@ -15,3 +15,189 @@ SELECT @@session.gtid_domain_id; SET GLOBAL gtid_domain_id= @old_gtid_domain_id; + +######################################### +# MDEV-6901 - user settable session gtid_domain_id within bounds +######################################### + +--echo ** Creating new user without super privilege** +CREATE user 'gtid_dom'@'localhost'; +CREATE user 'gtid_root'@'localhost'; +GRANT SUPER ON *.* TO 'gtid_root'@'localhost'; +#GRANT USAGE ON *.* TO 'gtid_dom'@'localhost' WITH MAX_USER_CONNECTIONS 3 DOMAIN_ID_DEFAULT 4 MAX_UPDATES_PER_HOURS 3 DOMAIN_ID_MIN 10 DOMAIN_ID_MAX 20; + +# Work around while GRANT parser failing +UPDATE mysql.user SET domain_id_default=4, domain_id_min=10, domain_id_max=20 WHERE user='gtid_dom' AND host='localhost'; +UPDATE mysql.user SET domain_id_default=4, domain_id_min=10, domain_id_max=20 WHERE user='gtid_root' AND host='localhost'; +FLUSH PRIVILEGES; + +# check variations of grant don't reset values to 0 +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; +#GRANT USAGE ON *.* TO 'gtid_dom'@'localhost' WITH DOMAIN_ID_DEFAULT 4 +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; +#GRANT USAGE ON *.* TO 'gtid_dom'@'localhost' WITH DOMAIN_ID_MIN 10 +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; +#GRANT USAGE ON *.* TO 'gtid_dom'@'localhost' WITH DOMAIN_ID_MAX 20 +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; + +--echo ** Connecting connn using username 'gtid_dom' ** +CONNECT (connn,localhost,gtid_dom,,); + +SELECT @@session.gtid_domain_id; +SELECT @@session.gtid_domain_id_default; +SELECT @@session.gtid_domain_id_min; +SELECT @@session.gtid_domain_id_max; + +SET SESSION gtid_domain_id=10; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=11; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=19; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=20; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=4; +SELECT @@session.gtid_domain_id; + +# fail + +--echo ** Things that should fail when not running as super user.** + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=3; +SELECT @@session.gtid_domain_id; + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=5; +SELECT @@session.gtid_domain_id; + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=9; +SELECT @@session.gtid_domain_id; + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=21; +SELECT @@session.gtid_domain_id; + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=0; +SELECT @@session.gtid_domain_id; + +--error 1238 +SET SESSION gtid_domain_id_min=0; +--error 1238 +SET SESSION gtid_domain_id_max=300; + +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SET GLOBAL gtid_domain_id=4; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SET GLOBAL gtid_domain_id=10; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SET GLOBAL gtid_domain_id=20; +--error 1238 +SET GLOBAL gtid_domain_id_min=0; +--error 1238 +SET GLOBAL gtid_domain_id_max=300; +--error 1238 +SET GLOBAL gtid_domain_id_default=300; + + + + + +--echo ** Connecting connroot using username 'gtid_root' ** +CONNECT (connroot,localhost,gtid_root,,); + +SELECT @@session.gtid_domain_id; +SELECT @@session.gtid_domain_id_default; +SELECT @@session.gtid_domain_id_min; +SELECT @@session.gtid_domain_id_max; + +SET SESSION gtid_domain_id=10; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=11; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=19; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=20; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=4; +SELECT @@session.gtid_domain_id; + +--echo ** Used to fail because of gtid_domain_id_limits however don't apply to super user.** + +SET SESSION gtid_domain_id=3; +SET SESSION gtid_domain_id=5; +SET SESSION gtid_domain_id=9; +SET SESSION gtid_domain_id=21; +SET SESSION gtid_domain_id=0; + +--error 1238 +SET SESSION gtid_domain_id_min=0; +--error 1238 +SET SESSION gtid_domain_id_max=300; +--error 1238 +SET GLOBAL gtid_domain_id_min=0; +--error 1238 +SET GLOBAL gtid_domain_id_max=300; +--error 1238 +SET GLOBAL gtid_domain_id_default=300; + +--echo ** Check acl cache cleared ** +connection default; + +#GRANT gtid_dom WITH DOMAIN_ID_DEFAULT 24 DOMAIN_ID_MIN 30 DOMAIN_ID_MAX 40; +# Work around while GRANT parser failing +UPDATE mysql.user SET domain_id_default=24, domain_id_min=30, domain_id_max=40 WHERE user='gtid_dom' AND host='localhost'; +FLUSH PRIVILEGES; + +SELECT domain_id_default, domain_id_min, domain_id_max from mysql.user where user='gtid_dom' AND host='localhost'; + +CONNECT (conn2,localhost,gtid_dom,,); +SELECT @@session.gtid_domain_id; +SELECT @@session.gtid_domain_id_default; +SELECT @@session.gtid_domain_id_min; +SELECT @@session.gtid_domain_id_max; + +SET SESSION gtid_domain_id=24; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=30; +SELECT @@session.gtid_domain_id; +SET SESSION gtid_domain_id=40; +SELECT @@session.gtid_domain_id; + +# fail +--echo ** Things that should fail after user changed.** + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=10; +SELECT @@session.gtid_domain_id; + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=11; +SELECT @@session.gtid_domain_id; + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=19; +SELECT @@session.gtid_domain_id; + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=20; +SELECT @@session.gtid_domain_id; + +--error ER_WRONG_ARGUMENTS +SET SESSION gtid_domain_id=4; +SELECT @@session.gtid_domain_id; + +# cleanup + +connection default; + +--echo ** Disconnecting connn ** +DISCONNECT connn; +DISCONNECT connroot; +DISCONNECT conn2; + +DROP USER 'gtid_dom'@'localhost'; +DROP USER 'gtid_root'@'localhost'; + === modified file 'scripts/fill_help_tables.sql' --- scripts/fill_help_tables.sql 2014-11-18 21:25:59 +0000 +++ scripts/fill_help_tables.sql 2014-11-24 04:55:19 +0000 @@ -269,7 +269,7 @@ insert into help_topic (help_topic_id,help_category_id,name,description,example,url) values (196,4,'CRC32','Syntax:\nCRC32(expr)\n\nComputes a cyclic redundancy check value and returns a 32-bit unsigned\nvalue. The result is NULL if the argument is NULL. The argument is\nexpected to be a string and (if possible) is treated as one if it is\nnot.\n\nURL: http://dev.mysql.com/doc/refman/5.5/en/mathematical-functions.html\n\n','mysql> SELECT CRC32(\'MySQL\');\n -> 3259397556\nmysql> SELECT CRC32(\'mysql\');\n -> 2501908538\n','http://dev.mysql.com/doc/refman/5.5/en/mathematical-functions.html'); insert into help_topic (help_topic_id,help_category_id,name,description,example,url) values (197,15,'XOR','Syntax:\nXOR\n\nLogical XOR. Returns NULL if either operand is NULL. For non-NULL\noperands, evaluates to 1 if an odd number of operands is nonzero,\notherwise 0 is returned.\n\nURL: http://dev.mysql.com/doc/refman/5.5/en/logical-operators.html\n\n','mysql> SELECT 1 XOR 1;\n -> 0\nmysql> SELECT 1 XOR 0;\n -> 1\nmysql> SELECT 1 XOR NULL;\n -> NULL\nmysql> SELECT 1 XOR 1 XOR 1;\n -> 1\n','http://dev.mysql.com/doc/refman/5.5/en/logical-operators.html'); insert into help_topic (help_topic_id,help_category_id,name,description,example,url) values (198,13,'STARTPOINT','StartPoint(ls)\n\nReturns the Point that is the start point of the LineString value ls.\n\nURL: http://dev.mysql.com/doc/refman/5.5/en/geometry-property-functions.html#linestring-property-functions\n\n','mysql> SET @ls = \'LineString(1 1,2 2,3 3)\';\nmysql> SELECT AsText(StartPoint(GeomFromText(@ls)));\n+---------------------------------------+\n| AsText(StartPoint(GeomFromText(@ls))) |\n+---------------------------------------+\n| POINT(1 1) |\n+---------------------------------------+\n','http://dev.mysql.com/doc/refman/5.5/en/geometry-property-functions.html#linestring-property-functions'); -insert into help_topic (help_topic_id,help_category_id,name,description,example,url) values (199,10,'GRANT','Syntax:\nGRANT\n priv_type [(column_list)]\n [, priv_type [(column_list)]] ...\n ON [object_type] priv_level\n TO user_specification [, user_specification] ...\n [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]\n [WITH with_option ...]\n\nGRANT PROXY ON user_specification\n TO user_specification [, user_specification] ...\n [WITH GRANT OPTION]\n\nobject_type:\n TABLE\n | FUNCTION\n | PROCEDURE\n\npriv_level:\n *\n | *.*\n | db_name.*\n | db_name.tbl_name\n | tbl_name\n | db_name.routine_name\n\nuser_specification:\n user\n [\n IDENTIFIED BY [PASSWORD] \'password\'\n | IDENTIFIED WITH auth_plugin [AS \'auth_string\']\n ]\n\nssl_option:\n SSL\n | X509\n | CIPHER \'cipher\'\n | ISSUER \'issuer\'\n | SUBJECT \'subject\'\n\nwith_option:\n GRANT OPTION\n | MAX_QUERIES_PER_HOUR count\n | MAX_UPDATES_PER_HOUR count\n | MAX_CONNECTIONS_PER_HOUR count\n | MAX_USER_CONNECTIONS count\n\nThe GRANT statement grants privileges to MySQL user accounts. GRANT\nalso serves to specify other account characteristics such as use of\nsecure connections and limits on access to server resources. To use\nGRANT, you must have the GRANT OPTION privilege, and you must have the\nprivileges that you are granting.\n\nNormally, a database administrator first uses CREATE USER to create an\naccount, then GRANT to define its privileges and characteristics. For\nexample:\n\nCREATE USER \'jeffrey\'@\'localhost\' IDENTIFIED BY \'mypass\';\nGRANT ALL ON db1.* TO \'jeffrey\'@\'localhost\';\nGRANT SELECT ON db2.invoice TO \'jeffrey\'@\'localhost\';\nGRANT USAGE ON *.* TO \'jeffrey\'@\'localhost\' WITH MAX_QUERIES_PER_HOUR 90;\n\nHowever, if an account named in a GRANT statement does not already\nexist, GRANT may create it under the conditions described later in the\ndiscussion of the NO_AUTO_CREATE_USER SQL mode.\n\nThe REVOKE statement is related to GRANT and enables administrators to\nremove account privileges. See [HELP REVOKE].\n\nWhen successfully executed from the mysql program, GRANT responds with\nQuery OK, 0 rows affected. To determine what privileges result from the\noperation, use SHOW GRANTS. See [HELP SHOW GRANTS].\n\nURL: http://dev.mysql.com/doc/refman/5.5/en/grant.html\n\n','','http://dev.mysql.com/doc/refman/5.5/en/grant.html'); +insert into help_topic (help_topic_id,help_category_id,name,description,example,url) values (199,10,'GRANT','Syntax:\nGRANT\n priv_type [(column_list)]\n [, priv_type [(column_list)]] ...\n ON [object_type] priv_level\n TO user_specification [, user_specification] ...\n [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]\n [WITH with_option ...]\n\nGRANT PROXY ON user_specification\n TO user_specification [, user_specification] ...\n [WITH GRANT OPTION]\n\nobject_type:\n TABLE\n | FUNCTION\n | PROCEDURE\n\npriv_level:\n *\n | *.*\n | db_name.*\n | db_name.tbl_name\n | tbl_name\n | db_name.routine_name\n\nuser_specification:\n user\n [\n IDENTIFIED BY [PASSWORD] \'password\'\n | IDENTIFIED WITH auth_plugin [AS \'auth_string\']\n ]\n\nssl_option:\n SSL\n | X509\n | CIPHER \'cipher\'\n | ISSUER \'issuer\'\n | SUBJECT \'subject\'\n\nwith_option:\n GRANT OPTION\n | MAX_QUERIES_PER_HOUR count\n | MAX_UPDATES_PER_HOUR count\n | MAX_CONNECTIONS_PER_HOUR count\n | MAX_USER_CONNECTIONS count\n | DOMAIN_ID_DEFAULT domain_id_default\n | DOMAIN_ID_MIN domain_id_min\n | DOMAIN_ID_MAX domain_id_max\n\nThe GRANT statement grants privileges to MySQL user accounts. GRANT\nalso serves to specify other account characteristics such as use of\nsecure connections and limits on access to server resources. To use\nGRANT, you must have the GRANT OPTION privilege, and you must have the\nprivileges that you are granting.\n\nNormally, a database administrator first uses CREATE USER to create an\naccount, then GRANT to define its privileges and characteristics. For\nexample:\n\nCREATE USER \'jeffrey\'@\'localhost\' IDENTIFIED BY \'mypass\';\nGRANT ALL ON db1.* TO \'jeffrey\'@\'localhost\';\nGRANT SELECT ON db2.invoice TO \'jeffrey\'@\'localhost\';\nGRANT USAGE ON *.* TO \'jeffrey\'@\'localhost\' WITH MAX_QUERIES_PER_HOUR 90;\n\nHowever, if an account named in a GRANT statement does not already\nexist, GRANT may create it under the conditions described later in the\ndiscussion of the NO_AUTO_CREATE_USER SQL mode.\n\nThe REVOKE statement is related to GRANT and enables administrators to\nremove account privileges. See [HELP REVOKE].\n\nWhen successfully executed from the mysql program, GRANT responds with\nQuery OK, 0 rows affected. To determine what privileges result from the\noperation, use SHOW GRANTS. See [HELP SHOW GRANTS].\n\nURL: http://dev.mysql.com/doc/refman/5.5/en/grant.html\n\n','','http://dev.mysql.com/doc/refman/5.5/en/grant.html'); insert into help_topic (help_topic_id,help_category_id,name,description,example,url) values (200,23,'DECLARE VARIABLE','Syntax:\nDECLARE var_name [, var_name] ... type [DEFAULT value]\n\nThis statement declares local variables within stored programs. To\nprovide a default value for a variable, include a DEFAULT clause. The\nvalue can be specified as an expression; it need not be a constant. If\nthe DEFAULT clause is missing, the initial value is NULL.\n\nLocal variables are treated like stored routine parameters with respect\nto data type and overflow checking. See [HELP CREATE PROCEDURE].\n\nVariable declarations must appear before cursor or handler\ndeclarations.\n\nLocal variable names are not case sensitive. Permissible characters and\nquoting rules are the same as for other identifiers, as described in\nhttp://dev.mysql.com/doc/refman/5.5/en/identifiers.html.\n\nThe scope of a local variable is the BEGIN ... END block within which\nit is declared. The variable can be referred to in blocks nested within\nthe declaring block, except those blocks that declare a variable with\nthe same name.\n\nURL: http://dev.mysql.com/doc/refman/5.5/en/declare-local-variable.html\n\n','','http://dev.mysql.com/doc/refman/5.5/en/declare-local-variable.html'); insert into help_topic (help_topic_id,help_category_id,name,description,example,url) values (201,3,'MPOLYFROMTEXT','MPolyFromText(wkt[,srid]), MultiPolygonFromText(wkt[,srid])\n\nConstructs a MULTIPOLYGON value using its WKT representation and SRID.\n\nURL: http://dev.mysql.com/doc/refman/5.5/en/creating-spatial-values.html#gis-wkt-functions\n\n','','http://dev.mysql.com/doc/refman/5.5/en/creating-spatial-values.html#gis-wkt-functions'); insert into help_topic (help_topic_id,help_category_id,name,description,example,url) values (202,6,'MBRINTERSECTS','MBRIntersects(g1,g2)\n\nReturns 1 or 0 to indicate whether the Minimum Bounding Rectangles of\nthe two geometries g1 and g2 intersect.\n\nURL: http://dev.mysql.com/doc/refman/5.5/en/functions-for-testing-spatial-relations-between-geometric-objects.html#relations-on-geometry-mbr\n\n','','http://dev.mysql.com/doc/refman/5.5/en/functions-for-testing-spatial-relations-between-geometric-objects.html#relations-on-geometry-mbr'); === modified file 'scripts/mysql_system_tables.sql' --- scripts/mysql_system_tables.sql 2014-06-05 07:04:43 +0000 +++ scripts/mysql_system_tables.sql 2014-11-22 06:41:45 +0000 @@ -33,7 +33,7 @@ CREATE TABLE IF NOT EXISTS host ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY Host (Host,Db) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Host privileges; Merged with database privileges'; -CREATE TABLE IF NOT EXISTS user ( Host char(60) binary DEFAULT '' NOT NULL, User char(80) binary DEFAULT '' NOT NULL, Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Reload_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Shutdown_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Process_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, File_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_db_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Super_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_slave_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_client_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_user_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tablespace_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, ssl_type enum('','ANY','X509', 'SPECIFIED') COLLATE utf8_general_ci DEFAULT '' NOT NULL, ssl_cipher BLOB NOT NULL, x509_issuer BLOB NOT NULL, x509_subject BLOB NOT NULL, max_questions int(11) unsigned DEFAULT 0 NOT NULL, max_updates int(11) unsigned DEFAULT 0 NOT NULL, max_connections int(11) unsigned DEFAULT 0 NOT NULL, max_user_connections int(11) DEFAULT 0 NOT NULL, plugin char(64) CHARACTER SET latin1 DEFAULT '' NOT NULL, authentication_string TEXT NOT NULL, password_expired ENUM('N', 'Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, is_role enum('N', 'Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, PRIMARY KEY Host (Host,User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges'; +CREATE TABLE IF NOT EXISTS user ( Host char(60) binary DEFAULT '' NOT NULL, User char(80) binary DEFAULT '' NOT NULL, Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL, Select_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Insert_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Update_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Delete_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Drop_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Reload_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Shutdown_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Process_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, File_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Grant_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, References_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Index_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_db_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Super_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tmp_table_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Lock_tables_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Execute_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_slave_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Repl_client_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Show_view_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Alter_routine_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_user_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Event_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Trigger_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, Create_tablespace_priv enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, ssl_type enum('','ANY','X509', 'SPECIFIED') COLLATE utf8_general_ci DEFAULT '' NOT NULL, ssl_cipher BLOB NOT NULL, x509_issuer BLOB NOT NULL, x509_subject BLOB NOT NULL, max_questions int(11) unsigned DEFAULT 0 NOT NULL, max_updates int(11) unsigned DEFAULT 0 NOT NULL, max_connections int(11) unsigned DEFAULT 0 NOT NULL, max_user_connections int(11) DEFAULT 0 NOT NULL, plugin char(64) CHARACTER SET latin1 DEFAULT '' NOT NULL, authentication_string TEXT NOT NULL, password_expired ENUM('N', 'Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, is_role enum('N', 'Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, domain_id_default int(11) unsigned NOT NULL DEFAULT 0, domain_id_min int(11) unsigned NOT NULL DEFAULT 0, domain_id_max int(11) unsigned NOT NULL DEFAULT 0, PRIMARY KEY Host (Host,User) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges'; -- Remember for later if user table already existed set @had_user_table= @@warning_count != 0; === modified file 'scripts/mysql_system_tables_data.sql' --- scripts/mysql_system_tables_data.sql 2014-03-26 21:25:38 +0000 +++ scripts/mysql_system_tables_data.sql 2014-11-22 12:18:39 +0000 @@ -14,7 +14,7 @@ -- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -- --- The inital data for system tables of MySQL Server +-- The initial data for system tables of MySQL Server -- -- When setting up a "cross bootstrap" database (e.g., creating data on a Unix @@ -39,10 +39,10 @@ -- Fill "user" table with default users allowing root access -- from local machine if "user" table didn't exist before CREATE TEMPORARY TABLE tmp_user LIKE user; -INSERT INTO tmp_user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N', 'N'); -REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N' FROM dual WHERE @current_hostname != 'localhost'; -REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N'); -REPLACE INTO tmp_user VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N'); +INSERT INTO tmp_user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N', 'N',0,0,0); +REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N',0,0,0 FROM dual WHERE @current_hostname != 'localhost'; +REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N',0,0,0); +REPLACE INTO tmp_user VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N',0,0,0); INSERT INTO tmp_user (host,user) VALUES ('localhost',''); INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE @current_hostname != 'localhost'; INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0; === modified file 'scripts/mysql_system_tables_fix.sql' --- scripts/mysql_system_tables_fix.sql 2014-11-18 21:25:52 +0000 +++ scripts/mysql_system_tables_fix.sql 2014-11-22 03:48:09 +0000 @@ -696,6 +696,13 @@ alter table procs_priv modify Grantor char(141) COLLATE utf8_bin not null default ''; alter table tables_priv modify Grantor char(141) COLLATE utf8_bin not null default ''; +# MDEV-6901 user settable domain_id + +ALTER TABLE user +ADD domain_id_default int(11) unsigned NOT NULL DEFAULT 0 AFTER is_role, +ADD domain_id_min int(11) unsigned NOT NULL DEFAULT 0 AFTER domain_id_default, +ADD domain_id_max int(11) unsigned NOT NULL DEFAULT 0 AFTER domain_id_min; + # Activate the new, possible modified privilege tables # This should not be needed, but gives us some extra testing that the above # changes was correct === modified file 'sql/sql_acl.cc' --- sql/sql_acl.cc 2014-10-09 08:30:11 +0000 +++ sql/sql_acl.cc 2014-11-24 09:32:49 +0000 @@ -265,6 +265,8 @@ const char *ssl_cipher, *x509_issuer, *x509_subject; LEX_STRING plugin; LEX_STRING auth_string; + /* Allowed domain_id that can be set by a user: MDEV-6901 */ + uint32 domain_id_default, domain_id_min, domain_id_max; ACL_USER *copy(MEM_ROOT *root) { @@ -285,6 +287,9 @@ dst->auth_string.str= safe_strdup_root(root, auth_string.str); dst->host.hostname= safe_strdup_root(root, host.hostname); bzero(&dst->role_grants, sizeof(role_grants)); + dst->domain_id_default= domain_id_default; + dst->domain_id_min= domain_id_min; + dst->domain_id_max= domain_id_max; return dst; } @@ -341,6 +346,9 @@ acl_host_and_ip host; char *user,*db; ulong initial_access; /* access bits present in the table */ + uint32 domain_id_default; /* default gtid_domain_id for user */ + uint32 domain_id_min; + uint32 domain_id_max; }; #ifndef DBUG_OFF @@ -714,6 +722,8 @@ /* Flag to mark that on_node was already called for this role */ #define ROLE_OPENED (1L << 3) +#define DOMAIN_ID_COLUMN_IDX 44 + static DYNAMIC_ARRAY acl_hosts, acl_users, acl_dbs, acl_proxy_users; static HASH acl_roles; /* @@ -1171,6 +1181,16 @@ user.auth_string.length= password_len; set_user_salt(&user, password, password_len); + if (table->s->fields >= DOMAIN_ID_COLUMN_IDX) + { + char *ptr = get_field(thd->mem_root, table->field[DOMAIN_ID_COLUMN_IDX]); + user.domain_id_default = ptr ? atoi(ptr) : 0; + ptr = get_field(thd->mem_root, table->field[DOMAIN_ID_COLUMN_IDX+1]); + user.domain_id_min = ptr ? atoi(ptr) : 0; + ptr = get_field(thd->mem_root, table->field[DOMAIN_ID_COLUMN_IDX+2]); + user.domain_id_max = ptr ? atoi(ptr) : 0; + } + if (!is_role && set_user_plugin(&user, password_len)) continue; @@ -1956,7 +1976,10 @@ USER_RESOURCES *mqh, ulong privileges, const LEX_STRING *plugin, - const LEX_STRING *auth) + const LEX_STRING *auth, + const uint32 domain_id_default, + const uint32 domain_id_min, + const uint32 domain_id_max) { mysql_mutex_assert_owner(&acl_cache->lock); @@ -2001,6 +2024,9 @@ acl_user->x509_subject= (x509_subject ? strdup_root(&acl_memroot,x509_subject) : 0); } + acl_user->domain_id_default= domain_id_default; + acl_user->domain_id_min= domain_id_min; + acl_user->domain_id_max= domain_id_max; /* search complete: */ break; } @@ -2032,7 +2058,10 @@ USER_RESOURCES *mqh, ulong privileges, const LEX_STRING *plugin, - const LEX_STRING *auth) + const LEX_STRING *auth, + const uint32 domain_id_default, + const uint32 domain_id_min, + const uint32 domain_id_max) { ACL_USER acl_user; @@ -2071,6 +2100,10 @@ (void) my_init_dynamic_array(&acl_user.role_grants, sizeof(ACL_USER *), 8, 8, MYF(0)); + acl_user.domain_id_default= domain_id_default; + acl_user.domain_id_min= domain_id_min; + acl_user.domain_id_max= domain_id_max; + (void) push_dynamic(&acl_users,(uchar*) &acl_user); if (!acl_user.host.hostname || (acl_user.host.hostname[0] == wild_many && !acl_user.host.hostname[1])) @@ -2090,7 +2123,9 @@ static void acl_update_db(const char *user, const char *host, const char *db, - ulong privileges) + ulong privileges, const uint32 domain_id_default, + const uint32 domain_id_min, + const uint32 domain_id_max) { mysql_mutex_assert_owner(&acl_cache->lock); @@ -2117,6 +2152,9 @@ else delete_dynamic_element(&acl_dbs,i); } + acl_db->domain_id_default= domain_id_default; + acl_db->domain_id_min= domain_id_min; + acl_db->domain_id_max= domain_id_max; } } } @@ -2132,13 +2170,18 @@ host Host name db Database name privileges Bitmap of privileges + domain_id_default Default gtid_domain_id for user + domain_id_min Minium gtid_domain_id setable by non-root user + domain_id_min Maximium gtid_domain_id setable by non-root user NOTES acl_cache->lock must be locked when calling this */ static void acl_insert_db(const char *user, const char *host, const char *db, - ulong privileges) + ulong privileges, const uint32 domain_id_default, + const uint32 domain_id_min, + const uint32 domain_id_max) { ACL_DB acl_db; mysql_mutex_assert_owner(&acl_cache->lock); @@ -2146,6 +2189,9 @@ update_hostname(&acl_db.host, safe_strdup_root(&acl_memroot, host)); acl_db.db=strdup_root(&acl_memroot,db); acl_db.initial_access= acl_db.access= privileges; + acl_db.domain_id_default= domain_id_default; + acl_db.domain_id_min= domain_id_min; + acl_db.domain_id_max= domain_id_max; acl_db.sort=get_sort(3,acl_db.host.hostname,acl_db.db,acl_db.user); (void) push_dynamic(&acl_dbs,(uchar*) &acl_db); my_qsort((uchar*) dynamic_element(&acl_dbs,0,ACL_DB*),acl_dbs.elements, @@ -3203,14 +3249,26 @@ } table->field[ROLE_ASSIGN_COLUMN_IDX]->store("Y", 1, system_charset_info); } + + /* MDEV-6901 - domain ids */ + if (table->s->fields >= DOMAIN_ID_COLUMN_IDX) + { + table->field[DOMAIN_ID_COLUMN_IDX]->store((longlong) + combo.domain_id_default, TRUE); + table->field[DOMAIN_ID_COLUMN_IDX+1]->store((longlong) + combo.domain_id_min, TRUE); + table->field[DOMAIN_ID_COLUMN_IDX+2]->store((longlong) + combo.domain_id_max, TRUE); + } + } if (old_row_exists) { /* - We should NEVER delete from the user table, as a uses can still + We should NEVER delete from the user table, as a user can still use mysqld even if he doesn't have any privileges in the user table! - */ + */ if (cmp_record(table,record[1])) { if ((error= @@ -3254,7 +3312,10 @@ &lex->mqh, rights, &combo.plugin, - &combo.auth); + &combo.auth, + combo.domain_id_default, + combo.domain_id_min, + combo.domain_id_max); } else { @@ -3270,7 +3331,10 @@ &lex->mqh, rights, &combo.plugin, - &combo.auth); + &combo.auth, + combo.domain_id_default, + combo.domain_id_min, + combo.domain_id_max); } } DBUG_RETURN(error); @@ -3375,10 +3439,14 @@ acl_cache->clear(1); // Clear privilege cache if (old_row_exists) - acl_update_db(combo.user.str,combo.host.str,db,rights); + acl_update_db(combo.user.str,combo.host.str,db,rights, + combo.domain_id_default,combo.domain_id_min, + combo.domain_id_max); else if (rights) - acl_insert_db(combo.user.str,combo.host.str,db,rights); + acl_insert_db(combo.user.str,combo.host.str,db,rights, + combo.domain_id_default,combo.domain_id_min, + combo.domain_id_max); DBUG_RETURN(0); /* This could only happen if the grant tables got corrupted */ @@ -12171,6 +12239,18 @@ DBUG_RETURN(1); } + thd->variables.gtid_domain_id= acl_user->domain_id_default; + thd->variables.gtid_domain_id_default= acl_user->domain_id_default; + if (thd->main_security_ctx.master_access & SUPER_ACL) + { + thd->variables.gtid_domain_id_min= 0; + thd->variables.gtid_domain_id_max= UINT32_MAX; + } + else + { + thd->variables.gtid_domain_id_min= acl_user->domain_id_min; + thd->variables.gtid_domain_id_max= acl_user->domain_id_max; + } /* Don't allow the user to connect if he has done too many queries. As we are testing max_user_connections == 0 here, it means that we === modified file 'sql/sql_class.h' --- sql/sql_class.h 2014-11-13 09:31:20 +0000 +++ sql/sql_class.h 2014-11-24 09:11:39 +0000 @@ -597,6 +597,14 @@ uint64 gtid_seq_no; /** + Helpers to application as to what gtid_domain_id values can be set. + (read only). + */ + uint32 gtid_domain_id_default; + uint32 gtid_domain_id_min; + uint32 gtid_domain_id_max; + + /** Default transaction access mode. READ ONLY (true) or READ WRITE (false). */ my_bool tx_read_only; === modified file 'sql/sql_connect.cc' --- sql/sql_connect.cc 2014-11-18 21:25:47 +0000 +++ sql/sql_connect.cc 2014-11-22 05:27:14 +0000 @@ -85,6 +85,7 @@ uc->host= uc->user + user_len + 1; uc->len= temp_len; uc->connections= uc->questions= uc->updates= uc->conn_per_hour= 0; + uc->domain_id_default = uc->domain_id_min= uc->domain_id_max= 0; uc->user_resources= *mqh; uc->reset_utime= thd->thr_create_utime; if (my_hash_insert(&hash_user_connections, (uchar*) uc)) === modified file 'sql/sql_yacc.yy' --- sql/sql_yacc.yy 2014-11-19 16:23:39 +0000 +++ sql/sql_yacc.yy 2014-11-24 08:40:36 +0000 @@ -1128,6 +1128,9 @@ %token DISABLE_SYM %token DISCARD %token DISK_SYM +%token DOMAIN_ID_DEFAULT /* MDEV-6901 */ +%token DOMAIN_ID_MIN /* MDEV-6901 */ +%token DOMAIN_ID_MAX /* MDEV-6901 */ %token DISTINCT /* SQL-2003-R */ %token DIV_SYM %token DOUBLE_SYM /* SQL-2003-R */ @@ -13905,6 +13908,9 @@ $$->password= null_lex_str; $$->plugin= empty_lex_str; $$->auth= empty_lex_str; + $$->domain_id_default= 0; + $$->domain_id_min= 0; + $$->domain_id_max= 0; if (check_string_char_length(&$$->user, ER(ER_USERNAME), username_char_length, @@ -13919,6 +13925,9 @@ $$->password= null_lex_str; $$->plugin= empty_lex_str; $$->auth= empty_lex_str; + $$->domain_id_default= 0; + $$->domain_id_min= 0; + $$->domain_id_max= 0; if (check_string_char_length(&$$->user, ER(ER_USERNAME), username_char_length, @@ -13950,6 +13959,9 @@ $$->user= current_user; $$->plugin= empty_lex_str; $$->auth= empty_lex_str; + $$->domain_id_default= 0; + $$->domain_id_min= 0; + $$->domain_id_max= 0; } ; @@ -14103,6 +14115,9 @@ | DISABLE_SYM {} | DISCARD {} | DISK_SYM {} + | DOMAIN_ID_DEFAULT {} + | DOMAIN_ID_MIN {} + | DOMAIN_ID_MAX {} | DUMPFILE {} | DUPLICATE_SYM {} | DYNAMIC_SYM {} @@ -15513,6 +15528,21 @@ lex->mqh.user_conn= $2; lex->mqh.specified_limits|= USER_RESOURCES::USER_CONNECTIONS; } + | DOMAIN_ID_DEFAULT ulong_num + { + LEX *lex=Lex; + lex->grant_user->domain_id_default= $2; + } + | DOMAIN_ID_MIN ulong_num + { + LEX *lex=Lex; + lex->grant_user->domain_id_min= $2; + } + | DOMAIN_ID_MAX ulong_num + { + LEX *lex=Lex; + lex->grant_user->domain_id_max= $2; + } ; begin: === modified file 'sql/structs.h' --- sql/structs.h 2013-11-20 11:05:39 +0000 +++ sql/structs.h 2014-11-22 04:26:31 +0000 @@ -190,6 +190,7 @@ typedef struct st_lex_user { LEX_STRING user, host, password, plugin, auth; + uint32 domain_id_default, domain_id_min, domain_id_max; bool is_role() { return user.str[0] && !host.str[0]; } void set_lex_string(LEX_STRING *l, char *buf) { @@ -244,6 +245,9 @@ char *user; /* Pointer to host part of the key. */ char *host; + + /* Allowed domain_id that can be set by a user: MDEV-6901 */ + uint32 domain_id_default, domain_id_min, domain_id_max; /** The moment of time when per hour counters were reset last time (i.e. start of "hour" for conn_per_hour, updates, questions counters). === modified file 'sql/sys_vars.cc' --- sql/sys_vars.cc 2014-10-09 08:30:11 +0000 +++ sql/sys_vars.cc 2014-11-24 09:26:08 +0000 @@ -1381,15 +1381,35 @@ static bool check_gtid_domain_id(sys_var *self, THD *thd, set_var *var) { - if (check_has_super(self, thd, var)) - return true; - if (var->type != OPT_GLOBAL && - error_if_in_trans_or_substatement(thd, - ER_STORED_FUNCTION_PREVENTS_SWITCH_GTID_DOMAIN_ID_SEQ_NO, - ER_INSIDE_TRANSACTION_PREVENTS_SWITCH_GTID_DOMAIN_ID_SEQ_NO)) - return true; - - return false; + bool super = thd->security_ctx->master_access & SUPER_ACL; + uint32 val; + if (var->type == OPT_GLOBAL) + { + /* only super can set global */ + if (!super) my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER"); + return !super; + } + else /* session var */ + { + /* non-global - super can set any value, other have limited range */ + val = var->value->val_int(); + if (!super) + /* limit range for non-super users */ + if (!(val == thd->variables.gtid_domain_id_default + || ( thd->variables.gtid_domain_id_min <= val && + val <= thd->variables.gtid_domain_id_max))) + { + my_error(ER_WRONG_ARGUMENTS, MYF(0), var->var->name.str); + return true; + } + if (error_if_in_trans_or_substatement(thd, + ER_STORED_FUNCTION_PREVENTS_SWITCH_GTID_DOMAIN_ID_SEQ_NO, + ER_INSIDE_TRANSACTION_PREVENTS_SWITCH_GTID_DOMAIN_ID_SEQ_NO)) + { + return true; + } + return false; + } } @@ -1405,6 +1425,31 @@ BLOCK_SIZE(1), NO_MUTEX_GUARD, NOT_IN_BINLOG, ON_CHECK(check_gtid_domain_id)); +static Sys_var_uint Sys_gtid_domain_id_default( + "gtid_domain_id_default", + "Read only advise on the default value for gtid_domain_id for this " + "user.", + READ_ONLY SESSION_VAR(gtid_domain_id_default), + NO_CMD_LINE, VALID_RANGE(0, UINT_MAX32), DEFAULT(0), + BLOCK_SIZE(1), NO_MUTEX_GUARD, NOT_IN_BINLOG); + +static Sys_var_uint Sys_gtid_domain_id_min( + "gtid_domain_id_min", + "Read only advise on the minimum possible value for gtid_domain_id. " + "The default gtid_domain_id for the user is still possible if less " + "than this value.", + READ_ONLY SESSION_VAR(gtid_domain_id_min), + NO_CMD_LINE, VALID_RANGE(0, UINT_MAX32), DEFAULT(0), + BLOCK_SIZE(1), NO_MUTEX_GUARD, NOT_IN_BINLOG); + +static Sys_var_uint Sys_gtid_domain_id_max( + "gtid_domain_id_max", + "Read only advise on the maximium possible value for gtid_domain_id. " + "The default gtid_domain_id for the user is still possible if more " + "than this value.", + READ_ONLY SESSION_VAR(gtid_domain_id_max), + NO_CMD_LINE, VALID_RANGE(0, UINT_MAX32), DEFAULT(0), + BLOCK_SIZE(1), NO_MUTEX_GUARD, NOT_IN_BINLOG); static bool check_gtid_seq_no(sys_var *self, THD *thd, set_var *var) {