Re: e6cacca0b39: MDEV-23729 MDEV-32218 INFORMATION_SCHEMA table for user data
Hi, Nikita, no test for FLUSH PRIVILEGES no test for a user with manually expired password doesn't compile in embedded hostname 'neo' is replaced, but not everywhere I'll try to fix it myself, but no guarantees On Mar 15, Nikita Malyavin wrote:
revision-id: e6cacca0b39 (mariadb-11.4.1-10-ge6cacca0b39) parent(s): 929c2e06aae author: Nikita Malyavin committer: Nikita Malyavin timestamp: 2024-03-15 15:32:45 +0100 message:
MDEV-23729 MDEV-32218 INFORMATION_SCHEMA table for user data
* A new table INFORMATION_SCHEMA.USERS is introduced. * It stores auxiliary user data * An unprivileged user can access their own data, and that is the main difference with what mysql.global_priv provides * The fields are currently: USER, PASSWORD_ERRORS, PASSWORD_EXPIRATION_TIME * If password_errors is ignored for the user, PASSWORD_ERRORS is NULL * PASSWORD_EXPIRATION_TIME is a timestamp with exact point in time, calculated from password_last_changed and password_lifetime (i.e. days) stored for the user
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 14450a5a610..a87b04f3d39 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc ... +int fill_users_schema_table(THD *thd, TABLE_LIST *tables, COND *cond) +{ + int res= 0; +#ifndef NO_EMBEDDED_ACCESS_CHECKS + bool see_whole_table= check_access(thd, SELECT_ACL, "mysql", NULL, NULL, + true, true) == 0; + TABLE *table= tables->table; + + if (!see_whole_table) + { + mysql_mutex_lock(&acl_cache->lock); + ACL_USER *cur_user= find_user_exact(thd->security_ctx->priv_host, + thd->security_ctx->priv_user); + if (!cur_user) + { + mysql_mutex_unlock(&acl_cache->lock); + my_error(ER_INVALID_CURRENT_USER, MYF(0));
Hmm. Questionable. I'd just return an empty result set here, I_S tables normally don't throw errors. But this is an exceptional situation and I cannot say that an error is wrong here, let's keep it your way.
+ return 1; + } + + res= fill_users_schema_record(thd, table, cur_user); + mysql_mutex_unlock(&acl_cache->lock); + return res; + } + + mysql_mutex_lock(&acl_cache->lock); + for (size_t i= 0; res == 0 && i < acl_users.elements; i++) + { + ACL_USER *user= dynamic_element(&acl_users, i, ACL_USER*); + res= fill_users_schema_record(thd, table, user); + } + mysql_mutex_unlock(&acl_cache->lock); +#endif + return res; +} +
Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org
participants (1)
-
Sergei Golubchik