Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21704

Add a new JSON field "version_id" into mysql.global_priv.priv

    XMLWordPrintable

Details

    Description

      Under terms of MDEV-21743, we'll add new global privilege flags.
      In order to help the server understand which version a privilege record was written by, let's add a new JSON field "version_id" in mysql.global_priv.priv.

      So the following script:

      GRANT FILE ON *.* TO user1@localhost;
      		 
      SELECT Host, User, JSON_DETAILED(Priv) FROM mysql.global_priv WHERE user='user1'\G

      returns about this output:

      *************************** 1. row ***************************
      		 
                     Host: localhost
      		 
                     User: user1
      		 
      JSON_DETAILED(Priv): {
      		 
          "access": 512,
      		 
          "plugin": "mysql_native_password",
      		 
          "authentication_string": "",
      		 
          "password_last_changed": 1581070979,
      		 
          "version_id": 100502
      		 
      }
      		 
      1 row in set (0.001 sec)

      Notice, the new "version_id" field in the JSON record.

      The version id is needed to translate a set of bits to a set of privileges.

      If the version_id JSON field is missing in a record, the server will consider that this record was created by MariaDB-10.5.1 or earlier.

      As version_id is determined per record, records of different formats will co-exist in the same table without conflicts, so no mysql_upgrade execution will be needed to make the global_priv table up-to-date after upgrade to a new server version with new privilege bits defined.

      If the version_id JSON field is missing in a record, the server will consider that this record was created by MariaDB-10.5.1 or earlier.

      As version_id is determined per record, records of different formats will co-exist in the same table without conflicts, so no mysql_upgrade execution will be needed to make the global_priv table up-to-date after upgrade to a new server version with new privilege bits defined.

      This change will also include:

      • Validation for the new "version_id" JSON field, to ignore records with obviously wrong version_id records.
      • Validation for the "access" JSON field, to ignore records when "access" has any bits set which are not known as of server version specified in version_od
      • Reporting ignored records to the server error log.

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. MDEV-21743 Split up SUPER privilege to smaller privileges

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              bar Alexander Barkov
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.