MDEV-21702 Add a data type for privileges

Author: abarkov

libmysqld/lib_sql.cc

@@ -704,7 +704,7 @@ void *create_embedded_thd(int client_flag)
   thd->db= null_clex_str;
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   thd->security_ctx->db_access= DB_ACLS;
-  thd->security_ctx->master_access= ~NO_ACCESS;
+  thd->security_ctx->master_access= ALL_KNOWN_ACL;
 #endif
   thd->cur_data= 0;
   thd->first_data= 0;

plugin/feedback/sender_thread.cc

@@ -106,7 +106,7 @@ static int prepare_for_fill(TABLE_LIST *tables)
   thd->db= null_clex_str;
   thd->security_ctx->host_or_ip= "";
   thd->security_ctx->db_access= DB_ACLS;
-  thd->security_ctx->master_access= ~NO_ACCESS;
+  thd->security_ctx->master_access= ALL_KNOWN_ACL;
   bzero((char*) &thd->net, sizeof(thd->net));
   lex_start(thd);
   mysql_init_select(thd->lex);

plugin/userstat/index_stats.cc

@@ -29,7 +29,7 @@ static int index_stats_fill(THD *thd, TABLE_LIST *tables, COND *cond)
     tmp_table.db.length= strlen(index_stats->index);
     tmp_table.table_name.str= index_stats->index + tmp_table.db.length + 1;
     tmp_table.table_name.length= strlen(tmp_table.table_name.str);
-    tmp_table.grant.privilege= 0;
+    tmp_table.grant.privilege= NO_ACL;
     if (check_access(thd, SELECT_ACL, tmp_table.db.str,
                       &tmp_table.grant.privilege, NULL, 0, 1) ||
         check_grant(thd, SELECT_ACL, &tmp_table, 1, UINT_MAX, 1))

plugin/userstat/table_stats.cc

@@ -34,7 +34,7 @@ static int table_stats_fill(THD *thd, TABLE_LIST *tables, COND *cond)
     tmp_table.db.length= schema_length;
     tmp_table.table_name.str= end_of_schema+1;
     tmp_table.table_name.length= table_name_length;
-    tmp_table.grant.privilege= 0;
+    tmp_table.grant.privilege= NO_ACL;
     if (check_access(thd, SELECT_ACL, tmp_table.db.str,
                      &tmp_table.grant.privilege, NULL, 0, 1) ||
         check_grant(thd, SELECT_ACL, &tmp_table, 1, UINT_MAX,

sql/event_data_objects.cc

@@ -1480,8 +1480,6 @@ Event_job_data::execute(THD *thd, bool drop)
       ret= 1;
     else
     {
-      ulong saved_master_access;
-
       thd->set_query(sp_sql.c_ptr_safe(), sp_sql.length());
 
       /*
@@ -1493,7 +1491,7 @@ Event_job_data::execute(THD *thd, bool drop)
         Temporarily reset it to read-write.
       */
 
-      saved_master_access= thd->security_ctx->master_access;
+      privilege_t saved_master_access(thd->security_ctx->master_access);
       thd->security_ctx->master_access |= SUPER_ACL;
       bool save_tx_read_only= thd->tx_read_only;
       thd->tx_read_only= false;

sql/event_scheduler.cc

@@ -177,8 +177,8 @@ pre_init_event_thread(THD* thd)
 
   set_current_thd(thd);
   thd->client_capabilities= 0;
-  thd->security_ctx->master_access= 0;
-  thd->security_ctx->db_access= 0;
+  thd->security_ctx->master_access= NO_ACL;
+  thd->security_ctx->db_access= NO_ACL;
   thd->security_ctx->host_or_ip= (char*)my_localhost;
   my_net_init(&thd->net, NULL, thd, MYF(MY_THREAD_SPECIFIC));
   thd->security_ctx->set_user((char*)"event_scheduler");

sql/events.cc

@@ -1145,7 +1145,6 @@ Events::load_events_from_db(THD *thd)
   READ_RECORD read_record_info;
   bool ret= TRUE;
   uint count= 0;
-  ulong saved_master_access;
   DBUG_ENTER("Events::load_events_from_db");
   DBUG_PRINT("enter", ("thd: %p", thd));
 
@@ -1158,7 +1157,7 @@ Events::load_events_from_db(THD *thd)
     Temporarily reset it to read-write.
   */
 
-  saved_master_access= thd->security_ctx->master_access;
+  privilege_t saved_master_access(thd->security_ctx->master_access);
   thd->security_ctx->master_access |= SUPER_ACL;
   bool save_tx_read_only= thd->tx_read_only;
   thd->tx_read_only= false;

sql/grant.cc

@@ -20,7 +20,7 @@
 
 bool Grant_privilege::add_column_privilege(THD *thd,
                                            const Lex_ident_sys &name,
-                                           uint which_grant)
+                                           privilege_t which_grant)
 {
   String *new_str= new (thd->mem_root) String((const char*) name.str,
                                               name.length,
@@ -51,7 +51,7 @@ bool Grant_privilege::add_column_privilege(THD *thd,
 
 bool Grant_privilege::add_column_list_privilege(THD *thd,
                                                 List<Lex_ident_sys> &list,
-                                                uint privilege)
+                                                privilege_t privilege)
 {
   Lex_ident_sys *col;
   List_iterator<Lex_ident_sys> it(list);
@@ -64,22 +64,22 @@ bool Grant_privilege::add_column_list_privilege(THD *thd,
 }
 
 
-uint Grant_object_name::all_privileges_by_type() const
+privilege_t Grant_object_name::all_privileges_by_type() const
 {
   switch (m_type) {
   case STAR:        return DB_ACLS & ~GRANT_ACL;
   case IDENT_STAR:  return DB_ACLS & ~GRANT_ACL;
   case STAR_STAR:   return GLOBAL_ACLS & ~GRANT_ACL;
   case TABLE_IDENT: return TABLE_ACLS & ~GRANT_ACL;
   }
-  return 0;
+  return NO_ACL;
 }
 
 
 bool Grant_privilege::set_object_name(THD *thd,
                                       const Grant_object_name &ident,
                                       SELECT_LEX *sel,
-                                      uint with_grant_option)
+                                      privilege_t with_grant_option)
 {
   DBUG_ASSERT(!m_all_privileges || !m_columns.elements);
 

sql/grant.h

@@ -18,6 +18,7 @@
 #define SQL_GRANT_INCLUDED
 
 #include "lex_string.h"
+#include "privilege.h"
 
 class LEX_COLUMN;
 class Lex_ident_sys;
@@ -50,7 +51,7 @@ class Grant_object_name
     m_table_ident(NULL),
     m_type(type)
   { }
-  uint all_privileges_by_type() const;
+  privilege_t all_privileges_by_type() const;
 };
 
 
@@ -65,30 +66,32 @@ class Grant_privilege
 protected:
   List<LEX_COLUMN> m_columns;
   Lex_cstring m_db;
-  uint m_object_privilege;
-  uint m_column_privilege_total;
+  privilege_t m_object_privilege;
+  privilege_t m_column_privilege_total;
   bool m_all_privileges;
 public:
   Grant_privilege()
-   :m_object_privilege(0), m_column_privilege_total(0), m_all_privileges(false)
+   :m_object_privilege(NO_ACL),
+    m_column_privilege_total(NO_ACL),
+    m_all_privileges(false)
   { }
-  Grant_privilege(uint privilege, bool all_privileges)
+  Grant_privilege(privilege_t privilege, bool all_privileges)
    :m_object_privilege(privilege),
-    m_column_privilege_total(0),
+    m_column_privilege_total(NO_ACL),
     m_all_privileges(all_privileges)
   { }
-  void add_object_privilege(uint privilege)
+  void add_object_privilege(privilege_t privilege)
   {
     m_object_privilege|= privilege;
   }
   bool add_column_privilege(THD *thd, const Lex_ident_sys &col,
-                            uint privilege);
+                            privilege_t privilege);
   bool add_column_list_privilege(THD *thd, List<Lex_ident_sys> &list,
-                                 uint privilege);
+                                 privilege_t privilege);
   bool set_object_name(THD *thd,
                        const Grant_object_name &ident,
                        SELECT_LEX *sel,
-                       uint with_grant_option);
+                       privilege_t with_grant_option);
   const List<LEX_COLUMN> & columns() const { return m_columns; }
 };
 

sql/item.cc

@@ -2892,7 +2892,7 @@ Item_field::Item_field(THD *thd, Field *f)
   :Item_ident(thd, 0, null_clex_str,
               Lex_cstring_strlen(*f->table_name), f->field_name),
    item_equal(0),
-   have_privileges(0), any_privileges(0)
+   have_privileges(NO_ACL), any_privileges(0)
 {
   set_field(f);
   /*
@@ -2917,7 +2917,7 @@ Item_field::Item_field(THD *thd, Name_resolution_context *context_arg,
   :Item_ident(thd, context_arg, f->table->s->db,
               Lex_cstring_strlen(*f->table_name), f->field_name),
    item_equal(0),
-   have_privileges(0), any_privileges(0)
+   have_privileges(NO_ACL), any_privileges(0)
 {
   /*
     We always need to provide Item_field with a fully qualified field
@@ -2961,7 +2961,7 @@ Item_field::Item_field(THD *thd, Name_resolution_context *context_arg,
                        const LEX_CSTRING &field_name_arg)
   :Item_ident(thd, context_arg, db_arg, table_name_arg, field_name_arg),
    field(0), item_equal(0),
-   have_privileges(0), any_privileges(0)
+   have_privileges(NO_ACL), any_privileges(0)
 {
   SELECT_LEX *select= thd->lex->current_select;
   collation.set(DERIVATION_IMPLICIT);