maria-developers team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Alexander!

Just a couple of issues that were left open after our slack chat.

Everything else looks fine, nothing new below.

On Mar 01, Alexander Barkov wrote:
> revision-id: 9aace068f0c (mariadb-10.5.0-277-g9aace068f0c)
> parent(s): 607960c7722
> author: Alexander Barkov <bar@xxxxxxxxxxx>
> committer: Alexander Barkov <bar@xxxxxxxxxxx>
> timestamp: 2020-03-01 11:49:25 +0400
> message:
> 
> MDEV-21743 Split up SUPER privilege to smaller privileges
 
> +constexpr uint PRIVILEGE_T_MAX_BIT= 36;
> +
> +static_assert((privilege_t)(1ULL << PRIVILEGE_T_MAX_BIT) == LAST_CURRENT_ACL,
> +              "LAST_CURRENT_ACL and PRIVILEGE_T_MAX_BIT do not match");

I'd still prefer to get rid of static_assert here.
E.g. with

  constexpr uint PRIVILEGE_T_MAX_BIT= my_bit_log2(LAST_CURRENT_ACL);

(and fixing my_bit_log2 to work with ulonglong).

> @@ -7151,6 +7150,18 @@ bool check_global_access(THD *thd, privilege_t want_access, bool no_errors)
>  {
>  #ifndef NO_EMBEDDED_ACCESS_CHECKS
>    char command[128];
> +  /*
> +    The userstat plugin in
> +      plugin/userstat/client_stats.cc
> +      plugin/userstat/user_stats.cc
> +    calls
> +      check_global_access(SUPER_ACL | PROCESS_ACL)
> +    when populating CLIENT_STATISTICS and USER_STATISTICS
> +    INFORMATION_SCHEMA tables.
> +    We should eventually fix it to use one privilege only and uncomment
> +    the DBUG_ASSERT below:
> +  */
> +  //DBUG_ASSERT(my_count_bits(want_access) <= 1);

I think you can remove SUPER_ACL from the userstat plugin and uncomment
the assert above.

Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx