Skip to content
This repository was archived by the owner on Mar 1, 2026. It is now read-only.

Commit 5c17643

Browse files
Revert "Bug #33897859: Unexpected behaviour seen with revoking a privilege from"
This reverts commit 8e6d9af733f9afe12580136e4f17cc9fef081afa. RB #27795
1 parent 95d7bed commit 5c17643

3 files changed

Lines changed: 26 additions & 144 deletions

File tree

‎mysql-test/r/grant_revoke_not_existing_privilege.result‎

Lines changed: 0 additions & 45 deletions
This file was deleted.

‎mysql-test/t/grant_revoke_not_existing_privilege.test‎

Lines changed: 0 additions & 57 deletions
This file was deleted.

‎sql/auth/sql_user_table.cc‎

Lines changed: 26 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -816,7 +816,7 @@ int replace_db_table(THD *thd, TABLE *table, const char *db,
816816
const LEX_USER &combo, ulong rights, bool revoke_grant) {
817817
uint i;
818818
ulong priv, store_rights;
819-
ulong old_rights, nonexisting_rights;
819+
bool old_row_exists = false;
820820
int error;
821821
char what = (revoke_grant) ? 'N' : 'Y';
822822
uchar user_key[MAX_KEY_LENGTH];
@@ -850,45 +850,31 @@ int replace_db_table(THD *thd, TABLE *table, const char *db,
850850
if (error != HA_ERR_KEY_NOT_FOUND && error != HA_ERR_END_OF_FILE)
851851
goto table_error;
852852

853-
old_rights = 0;
854-
if (!revoke_grant) {
855-
restore_record(table, s->default_values);
856-
table->field[0]->store(combo.host.str, combo.host.length,
857-
system_charset_info);
858-
table->field[1]->store(db, strlen(db), system_charset_info);
859-
table->field[2]->store(combo.user.str, combo.user.length,
860-
system_charset_info);
861-
}
862-
} else {
863-
store_record(table, record[1]);
864-
old_rights = get_access(table, 3, nullptr);
865-
old_rights = fix_rights_for_db(old_rights);
866-
}
867-
868-
store_rights = get_rights_for_db(rights);
869-
nonexisting_rights = store_rights - (store_rights & old_rights);
870-
871-
if (revoke_grant) {
872-
if (nonexisting_rights != 0) {
873-
/* trying to revoke nonexisting privilege */
853+
if (what == 'N') { // no row, no revoke
854+
/*
855+
Return 1 as an indication that expected error occurred during
856+
handling of REVOKE statement for an unknown user.
857+
*/
874858
if (report_missing_user_grant_message(thd, true, combo.user.str,
875859
combo.host.str, nullptr,
876860
ER_NONEXISTING_GRANT))
877-
/* error reported - return error */
878861
return 1;
879-
else {
880-
/* warning reported -ignore nonexisting_rights */
881-
store_rights -= nonexisting_rights;
882-
if (store_rights == 0) return 0;
883-
}
862+
else
863+
return 0;
884864
}
885-
865+
old_row_exists = false;
866+
restore_record(table, s->default_values);
867+
table->field[0]->store(combo.host.str, combo.host.length,
868+
system_charset_info);
869+
table->field[1]->store(db, strlen(db), system_charset_info);
870+
table->field[2]->store(combo.user.str, combo.user.length,
871+
system_charset_info);
886872
} else {
887-
if (nonexisting_rights == 0)
888-
/* trying to grant already existing privileges */
889-
return 0;
873+
old_row_exists = true;
874+
store_record(table, record[1]);
890875
}
891876

877+
store_rights = get_rights_for_db(rights);
892878
for (i = 3, priv = 1; i < table->s->fields; i++, priv <<= 1) {
893879
if (priv & store_rights) // do it if priv is chosen
894880
table->field[i]->store(&what, 1,
@@ -897,7 +883,7 @@ int replace_db_table(THD *thd, TABLE *table, const char *db,
897883
rights = get_access(table, 3, nullptr);
898884
rights = fix_rights_for_db(rights);
899885

900-
if (old_rights != 0) {
886+
if (old_row_exists) {
901887
/* update old existing row */
902888
if (rights) {
903889
error = table->file->ha_update_row(table->record[1], table->record[0]);
@@ -921,7 +907,6 @@ int replace_db_table(THD *thd, TABLE *table, const char *db,
921907
if (error) goto table_error; /* purecov: deadcode */
922908
}
923909
} else if (rights) {
924-
/* add a row */
925910
error = table->file->ha_write_row(table->record[0]);
926911
assert(error != HA_ERR_FOUND_DUPP_KEY);
927912
assert(table->file->ht->db_type == DB_TYPE_NDBCLUSTER ||
@@ -936,7 +921,7 @@ int replace_db_table(THD *thd, TABLE *table, const char *db,
936921
}
937922

938923
clear_and_init_db_cache(); // Clear privilege cache
939-
if (old_rights != 0)
924+
if (old_row_exists)
940925
acl_update_db(combo.user.str, combo.host.str, db, rights);
941926
else if (rights)
942927
acl_insert_db(combo.user.str, combo.host.str, db, rights);
@@ -1107,8 +1092,8 @@ int replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user,
11071092
@param g_t Pointer to a cached table grant object
11081093
@param table Pointer to a TABLE object for open mysql.columns_priv
11091094
table
1110-
@param combo Pointer to a LEX_USER object containing info about a
1111-
user being processed
1095+
@param combo Pointer to a LEX_USER object containing info about a user
1096+
being processed
11121097
@param columns List of columns to give/revoke grant
11131098
@param db Database name of table for which column privileges are
11141099
modified
@@ -1564,9 +1549,8 @@ int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
15641549
@return Operation result
15651550
@retval 0 OK.
15661551
@retval < 0 System error or storage engine error happen
1567-
@retval > 0 Error in handling current routine entry but still can
1568-
continue processing subsequent user specified in the ACL
1569-
statement.
1552+
@retval > 0 Error in handling current routine entry but still can continue
1553+
processing subsequent user specified in the ACL statement.
15701554
*/
15711555

15721556
int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table,
@@ -2157,8 +2141,8 @@ int handle_grant_table(THD *, TABLE_LIST *tables, ACL_TABLES table_no,
21572141
}
21582142
} else {
21592143
/*
2160-
Iterate over range of records returned as part of index search done
2161-
based on user and host values.
2144+
Iterate over range of records returned as part of index search done based
2145+
on user and host values.
21622146
*/
21632147
while (!error) {
21642148
/* If requested, delete or update the record. */

0 commit comments

Comments
 (0)