Revert "Bug#24670738 SHOW CREATE USER DOESN'T SHOW DEFAULT ROLE"

HopHippy · Aug 10, 2017 · 9e31402 · 9e31402
1 parent 896ab68
commit 9e31402
Show file tree

Hide file tree

Showing 8 changed files with 3 additions and 189 deletions.
diff --git a/mysql-test/r/roles.result b/mysql-test/r/roles.result
@@ -1175,49 +1175,3 @@ baseuser@%
 DROP USER baseuser, admin1, admin2, r1, r2;
 SET @@global.check_proxy_users = OFF;
 SET @@global.mysql_native_password_proxy_users = OFF;
-#
-# SHOW CREATE USER DOESN'T SHOW DEFAULT ROLE
-#
-CREATE USER u1 IDENTIFIED BY 'foo' DEFAULT ROLE r1,r2@localhost,`r3`,`r3`@local,`r 4`;
-SHOW CREATE USER u1;
-CREATE USER for u1@%
-CREATE USER 'u1'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<hash>' DEFAULT ROLE `r 4`@`%`,`r3`@`local`,`r3`@`%`,`r2`@`localhost`,`r1`@`%` REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK
-CREATE USER u1;
-ERROR HY000: Operation CREATE USER failed for 'u1'@'%'
-# Same as before and don't crash.
-SHOW CREATE USER u1;
-CREATE USER for u1@%
-CREATE USER 'u1'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<hash>' DEFAULT ROLE `r2`@`localhost`,`r3`@`local`,`r3`@`%`,`r1`@`%`,`r 4`@`%` REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK
-# check that we can combine different properties with default roles.
-CREATE USER u2 DEFAULT ROLE r1 REQUIRE SSL ACCOUNT LOCK;
-SHOW CREATE USER u2;
-CREATE USER for u2@%
-CREATE USER 'u2'@'%' IDENTIFIED WITH 'mysql_native_password' DEFAULT ROLE `r1`@`%` REQUIRE SSL PASSWORD EXPIRE DEFAULT ACCOUNT LOCK
-SELECT user,host FROM mysql.user;
-user	host
-u1	%
-u2	%
-mysql.session	localhost
-mysql.sys	localhost
-root	localhost
-SELECT * FROM mysql.default_roles;
-HOST	USER	DEFAULT_ROLE_HOST	DEFAULT_ROLE_USER
-%	u1	%	r 4
-%	u1	%	r1
-%	u1	%	r3
-%	u1	local	r3
-%	u1	localhost	r2
-%	u2	%	r1
-DROP USER u1,u2;
-CREATE USER u1;
-# If I alter user this will show up in show create user
-ALTER USER u1 DEFAULT ROLE r1;
-SHOW CREATE USER u1;
-CREATE USER for u1@%
-CREATE USER 'u1'@'%' IDENTIFIED WITH 'mysql_native_password' DEFAULT ROLE `r1`@`%` REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK
-SELECT * FROM mysql.default_roles;
-HOST	USER	DEFAULT_ROLE_HOST	DEFAULT_ROLE_USER
-%	u1	%	r1
-DROP USER u1;
-SELECT * FROM mysql.default_roles;
-HOST	USER	DEFAULT_ROLE_HOST	DEFAULT_ROLE_USER
diff --git a/mysql-test/t/roles.test b/mysql-test/t/roles.test
@@ -929,30 +929,3 @@ CONNECTION default;
 DROP USER baseuser, admin1, admin2, r1, r2;
 SET @@global.check_proxy_users = OFF;
 SET @@global.mysql_native_password_proxy_users = OFF;
-
---echo #
---echo # SHOW CREATE USER DOESN'T SHOW DEFAULT ROLE
---echo #
-CREATE USER u1 IDENTIFIED BY 'foo' DEFAULT ROLE r1,r2@localhost,`r3`,`r3`@local,`r 4`;
---replace_regex /AS '(.*)'/AS '<hash>'/
-SHOW CREATE USER u1;
---error ER_CANNOT_USER
-CREATE USER u1;
---echo # Same as before and don't crash.
---replace_regex /AS '(.*)'/AS '<hash>'/
-SHOW CREATE USER u1;
---echo # check that we can combine different properties with default roles.
-CREATE USER u2 DEFAULT ROLE r1 REQUIRE SSL ACCOUNT LOCK;
-SHOW CREATE USER u2;
-SELECT user,host FROM mysql.user;
-SELECT * FROM mysql.default_roles;
-DROP USER u1,u2;
-CREATE USER u1;
---echo # If I alter user this will show up in show create user
-ALTER USER u1 DEFAULT ROLE r1;
-SHOW CREATE USER u1;
-SELECT * FROM mysql.default_roles;
-DROP USER u1;
-SELECT * FROM mysql.default_roles;
-
-
diff --git a/sql/auth/auth_internal.h b/sql/auth/auth_internal.h
@@ -348,6 +348,4 @@ extern std::vector<Role_id > *g_mandatory_roles;
 void create_role_vertex(ACL_USER *role_acl_user);
 void activate_all_granted_and_mandatory_roles(const ACL_USER *acl_user,
                                               Security_context *sctx);
-bool alter_user_set_default_roles(THD *thd, TABLE *table, LEX_USER *user,
-                                  const List_of_auth_id_refs &new_auth_ids);
 #endif /* AUTH_INTERNAL_INCLUDED */
diff --git a/sql/auth/sql_authorization.cc b/sql/auth/sql_authorization.cc
@@ -6558,19 +6558,6 @@ bool mysql_alter_user_set_default_roles_all(THD *thd, LEX_USER *user)
   return errors;
 }
 
-
-/**
-  Set the default roles for a particular user.
-
-  @param thd           Thread handle
-  @param table         Table handle to an open table
-  @param user          AST component for the user for which we set def roles
-  @param new_auth_ids  Default roles to set
-  @return
-   @retval true  Operation failed
-   @retval false Operation was successful.
-*/
-
 bool alter_user_set_default_roles(THD *thd, TABLE *table, LEX_USER *user,
                                   const List_of_auth_id_refs &new_auth_ids)
 {

diff --git a/sql/auth/sql_user.cc b/sql/auth/sql_user.cc
@@ -301,8 +301,6 @@ bool mysql_show_create_user(THD *thd, LEX_USER *user_name)
   List<Item> field_list;
   String sql_text(buff,sizeof(buff),system_charset_info);
   LEX_ALTER alter_info;
-  List_of_auth_id_refs default_roles;
-  List<LEX_USER> *old_default_roles= lex->default_roles;
 
   DBUG_ENTER("mysql_show_create_user");
   Acl_cache_lock_guard acl_cache_lock(thd, Acl_cache_lock_mode::READ_MODE);
@@ -373,44 +371,6 @@ bool mysql_show_create_user(THD *thd, LEX_USER *user_name)
     goto err;
   }
   sql_text.length(0);
-  if (lex->sql_command == SQLCOM_SHOW_CREATE_USER ||
-      lex->sql_command == SQLCOM_CREATE_USER)
-  {
-    /*
-      Recreate LEX for default roles given an ACL_USER. This will later be used
-      by rewrite_default_roles() called from mysql_rewrite_create_alter_user()
-      below.
-    */
-    get_default_roles(create_authid_from(acl_user), &default_roles);
-    if (default_roles.size() > 0)
-    {
-      LEX_STRING *tmp_user;
-      LEX_STRING *tmp_host;
-      /*
-        Make sure we reallocate the default_roles list when using it outside of
-        parser code so it has the same mem root as its items.
-      */
-      lex->default_roles= new (thd->mem_root) List<LEX_USER>;
-      for (auto &&role : default_roles)
-      {
-        if (!(tmp_user= thd->make_lex_string(tmp_user, role.first.str,
-                                  role.first.length, true)) ||
-            !(tmp_host= thd->make_lex_string(tmp_host, role.second.str,
-                                  role.second.length, true)))
-        {
-          error= 1;
-          goto err;
-        }
-        LEX_USER *lex_role= LEX_USER::alloc(thd, tmp_user, tmp_host);
-        if (lex_role == 0)
-        {
-          error= 1;
-          goto err;
-        }
-        lex->default_roles->push_back(lex_role);
-      }
-    }
-  }
   lex->users_list.push_back(user_name);
   mysql_rewrite_create_alter_user(thd, &sql_text);
   /* send the result row to client */
@@ -423,7 +383,6 @@ bool mysql_show_create_user(THD *thd, LEX_USER *user_name)
   }
 
 err:
-  lex->default_roles= old_default_roles;
   /* restore user resources, ssl and password expire attributes */
   lex->mqh= tmp_user_resource;
   lex->ssl_type= ssl_type;
@@ -1510,27 +1469,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool if_not_exists, bool
 
       continue;
     }
-
-    /*
-      Update default roles if any were specified. The roles don't have to
-      exist and won't be granted to the user.
-    */
-    if (thd->lex->default_roles != 0 &&
-        thd->lex->sql_command == SQLCOM_CREATE_USER)
-    {
-      List_of_auth_id_refs default_roles;
-      List_iterator<LEX_USER> role_it(*(thd->lex->default_roles));
-      LEX_USER *role;
-      while ((role= role_it++))
-      {
-        default_roles.push_back(create_authid_from(role));
-      }
-      alter_user_set_default_roles(thd,
-                                   tables[ACL_TABLES::TABLE_DEFAULT_ROLES].table,
-                                   tmp_user_name,
-                                   default_roles);
-    }
-
   } // END while tmp_user_name= user_lists++
   /* In case of SE error, we would have raised error before reaching here. */
   if (result && !thd->is_error())

diff --git a/sql/sql_lex.h b/sql/sql_lex.h
@@ -3526,7 +3526,6 @@ struct LEX: public Query_tables_list
   List<LEX_USER>      users_list;
   List<LEX_COLUMN>    columns;
   List<LEX_CSTRING>   dynamic_privileges;
-  List<LEX_USER>      *default_roles;
 
   ulonglong           bulk_insert_row_cnt;
 

diff --git a/sql/sql_rewrite.cc b/sql/sql_rewrite.cc
@@ -93,7 +93,6 @@
 #include "sql_string.h"     // String
 #include "table.h"
 #include "violite.h"
-#include "auth_internal.h"
 
 #ifndef DBUG_OFF
 #define HASH_STRING_WITH_QUOTE \
@@ -174,24 +173,6 @@ static bool append_str(String *str, bool comma, const char *key,
   return comma;
 }
 
-static void rewrite_default_roles(LEX *lex, String *rlb)
-{
-  bool comma= false;
-  if (lex->default_roles && lex->default_roles->elements > 0)
-  {
-    rlb->append(" DEFAULT ROLE ");
-    List_iterator<LEX_USER> role_it((*lex->default_roles));
-    LEX_USER *role;
-    while ((role= role_it++))
-    {
-      if (comma)
-        rlb->append(',');
-      rlb->append(create_authid_str_from(role).c_str());
-      comma= true;
-    }
-  }
-}
-
 static void rewrite_ssl_properties(LEX *lex, String *rlb)
 {
   if (lex->ssl_type != SSL_TYPE_NOT_SPECIFIED)
@@ -564,8 +545,6 @@ void mysql_rewrite_create_alter_user(THD *thd, String *rlb,
     }
   }
 
-  if (thd->lex->sql_command == SQLCOM_SHOW_CREATE_USER)
-    rewrite_default_roles(lex, rlb);
   rewrite_ssl_properties(lex, rlb);
   rewrite_user_resources(lex, rlb);
 

diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
@@ -1588,7 +1588,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, YYLTYPE **c, ulong *yystacksize);
 
 %type <join_type> outer_join_type natural_join_type inner_join_type
 
-%type <user_list> user_list role_list default_role_clause opt_except_role_list
+%type <user_list> user_list role_list opt_except_role_list
 
 %type <alter_instance_action> alter_instance_action
 
@@ -2551,13 +2551,11 @@ create:
           }
           view_or_trigger_or_sp_or_event
           {}
-        | CREATE USER opt_if_not_exists grant_list default_role_clause
-                      require_clause connect_options
-                      opt_account_lock_password_expire_options
+        | CREATE USER opt_if_not_exists grant_list require_clause
+                      connect_options opt_account_lock_password_expire_options
           {
             LEX *lex=Lex;
             lex->sql_command = SQLCOM_CREATE_USER;
-            lex->default_roles= $5;
             Lex->create_info= YYTHD->alloc_typed<HA_CREATE_INFO>();
             if (Lex->create_info == NULL)
               MYSQL_YYABORT; // OOM
@@ -2592,18 +2590,6 @@ create:
           }
         ;
 
-default_role_clause:
-          /* empty */
-          {
-            $$= 0;
-          }
-        |
-          DEFAULT_SYM ROLE_SYM role_list
-          {
-            $$= $3;
-          }
-        ;
-
 create_index_stmt:
           CREATE opt_unique INDEX_SYM opt_index_name_and_type
           ON_SYM table_ident '(' key_list ')' opt_index_options