Merge lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.5 into lp:percona-server/5.5
- CVE-2012-5627-bug1172090-5.5
- Merge into 5.5
Proposed by
Sergei Glushchenko
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Approved by: | Laurynas Biveinis | ||||||||
Approved revision: | no longer in the source branch. | ||||||||
Merged at revision: | 514 | ||||||||
Proposed branch: | lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.5 | ||||||||
Merge into: | lp:percona-server/5.5 | ||||||||
Diff against target: |
758 lines (+357/-171) 11 files modified
Percona-Server/client/mysqltest.cc (+4/-1) Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0) Percona-Server/mysql-test/r/failed_auth_3909.result (+20/-0) Percona-Server/mysql-test/r/mysqltest.result (+3/-3) Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0) Percona-Server/mysql-test/t/failed_auth_3909.test (+37/-0) Percona-Server/sql/sql_acl.cc (+48/-6) Percona-Server/sql/sql_class.cc (+1/-0) Percona-Server/sql/sql_class.h (+1/-0) Percona-Server/sql/sql_parse.cc (+18/-1) Percona-Server/tests/mysql_client_test.c (+196/-160) |
||||||||
To merge this branch: | bzr merge lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.5 | ||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Laurynas Biveinis (community) | Approve | ||
Review via email: mp+161799@code.launchpad.net |
Commit message
Description of the change
This is a port from MariaDB of fix for bug 1172090, 1171941.
The fix for bug 1172090 introduces limitation of unsuccessful COM_CHANGE_USER to 3 per client thread.
The fix for bug 1171941 make failed authentication is the case when user not found not fail too early.
Instead an attempt to authenticate fake user being made.
http://
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'Percona-Server/client/mysqltest.cc' |
2 | --- Percona-Server/client/mysqltest.cc 2013-02-18 04:48:10 +0000 |
3 | +++ Percona-Server/client/mysqltest.cc 2013-05-01 09:24:33 +0000 |
4 | @@ -4075,7 +4075,10 @@ |
5 | cur_con->name, ds_user.str, ds_passwd.str, ds_db.str)); |
6 | |
7 | if (mysql_change_user(mysql, ds_user.str, ds_passwd.str, ds_db.str)) |
8 | - die("change user failed: %s", mysql_error(mysql)); |
9 | + handle_error(command, mysql_errno(mysql), mysql_error(mysql), |
10 | + mysql_sqlstate(mysql), &ds_res); |
11 | + else |
12 | + handle_no_error(command); |
13 | |
14 | dynstr_free(&ds_user); |
15 | dynstr_free(&ds_passwd); |
16 | |
17 | === added file 'Percona-Server/mysql-test/r/change_user_notembedded.result' |
18 | --- Percona-Server/mysql-test/r/change_user_notembedded.result 1970-01-01 00:00:00 +0000 |
19 | +++ Percona-Server/mysql-test/r/change_user_notembedded.result 2013-05-01 09:24:33 +0000 |
20 | @@ -0,0 +1,5 @@ |
21 | +ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) |
22 | +ERROR 28000: Access denied for user 'foo'@'localhost' (using password: NO) |
23 | +ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) |
24 | +ERROR 08S01: Unknown command |
25 | +ERROR 08S01: Unknown command |
26 | |
27 | === added file 'Percona-Server/mysql-test/r/failed_auth_3909.result' |
28 | --- Percona-Server/mysql-test/r/failed_auth_3909.result 1970-01-01 00:00:00 +0000 |
29 | +++ Percona-Server/mysql-test/r/failed_auth_3909.result 2013-05-01 09:24:33 +0000 |
30 | @@ -0,0 +1,20 @@ |
31 | +optimize table mysql.user; |
32 | +Table Op Msg_type Msg_text |
33 | +mysql.user optimize status OK |
34 | +insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar'); |
35 | +Warnings: |
36 | +Warning 1364 Field 'ssl_cipher' doesn't have a default value |
37 | +Warning 1364 Field 'x509_issuer' doesn't have a default value |
38 | +Warning 1364 Field 'x509_subject' doesn't have a default value |
39 | +flush privileges; |
40 | +connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET); |
41 | +ERROR HY000: Plugin 'bar' is not loaded |
42 | +connect(localhost,u2,,test,MASTER_PORT,MASTER_SOCKET); |
43 | +ERROR 28000: Access denied for user 'u2'@'localhost' (using password: NO) |
44 | +connect(localhost,u2,password,test,MASTER_PORT,MASTER_SOCKET); |
45 | +ERROR 28000: Access denied for user 'u2'@'localhost' (using password: YES) |
46 | +ERROR HY000: Plugin 'bar' is not loaded |
47 | +ERROR 28000: Access denied for user 'u2'@'localhost' (using password: NO) |
48 | +ERROR 28000: Access denied for user 'u2'@'localhost' (using password: YES) |
49 | +delete from mysql.user where plugin = 'bar'; |
50 | +flush privileges; |
51 | |
52 | === modified file 'Percona-Server/mysql-test/r/mysqltest.result' |
53 | --- Percona-Server/mysql-test/r/mysqltest.result 2011-11-08 14:55:25 +0000 |
54 | +++ Percona-Server/mysql-test/r/mysqltest.result 2013-05-01 09:24:33 +0000 |
55 | @@ -922,9 +922,9 @@ |
56 | b varchar(255) YES NULL |
57 | c datetime YES NULL |
58 | drop table t1; |
59 | -mysqltest: At line 1: change user failed: Unknown database 'inexistent' |
60 | -mysqltest: At line 1: change user failed: Access denied for user 'inexistent'@'localhost' (using password: NO) |
61 | -mysqltest: At line 1: change user failed: Access denied for user 'root'@'localhost' (using password: YES) |
62 | +mysqltest: At line 1: query 'change_user root,,inexistent' failed: 1049: Unknown database 'inexistent' |
63 | +mysqltest: At line 1: query 'change_user inexistent,,test' failed: 1045: Access denied for user 'inexistent'@'localhost' (using password: NO) |
64 | +mysqltest: At line 1: query 'change_user root,inexistent,test' failed: 1045: Access denied for user 'root'@'localhost' (using password: YES) |
65 | REPLACED_FILE1.txt |
66 | file1.txt |
67 | file2.txt |
68 | |
69 | === added file 'Percona-Server/mysql-test/t/change_user_notembedded.test' |
70 | --- Percona-Server/mysql-test/t/change_user_notembedded.test 1970-01-01 00:00:00 +0000 |
71 | +++ Percona-Server/mysql-test/t/change_user_notembedded.test 2013-05-01 09:24:33 +0000 |
72 | @@ -0,0 +1,24 @@ |
73 | +source include/not_embedded.inc; |
74 | + |
75 | +# |
76 | +# MDEV-3915 COM_CHANGE_USER allows fast password brute-forcing |
77 | +# |
78 | +# only three failed change_user per connection. |
79 | +# successful change_user do NOT reset the counter |
80 | +# |
81 | +connect (test,localhost,root,,); |
82 | +connection test; |
83 | +--error 1045 |
84 | +change_user foo,bar; |
85 | +--error 1045 |
86 | +change_user foo; |
87 | +change_user; |
88 | +--error 1045 |
89 | +change_user foo,bar; |
90 | +--error 1047 |
91 | +change_user foo,bar; |
92 | +--error 1047 |
93 | +change_user; |
94 | +disconnect test; |
95 | +connection default; |
96 | + |
97 | |
98 | === added file 'Percona-Server/mysql-test/t/failed_auth_3909.test' |
99 | --- Percona-Server/mysql-test/t/failed_auth_3909.test 1970-01-01 00:00:00 +0000 |
100 | +++ Percona-Server/mysql-test/t/failed_auth_3909.test 2013-05-01 09:24:33 +0000 |
101 | @@ -0,0 +1,37 @@ |
102 | +source include/not_embedded.inc; |
103 | + |
104 | +# |
105 | +# MDEV-3909 remote user enumeration |
106 | +# |
107 | +# verify that for some failed login attemps (with wrong user names) |
108 | +# the server requests a plugin |
109 | +# |
110 | +optimize table mysql.user; |
111 | +insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar'); |
112 | +flush privileges; |
113 | + |
114 | +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT |
115 | +--error ER_PLUGIN_IS_NOT_LOADED |
116 | +connect (fail,localhost,u1); |
117 | + |
118 | +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT |
119 | +--error ER_ACCESS_DENIED_ERROR |
120 | +connect (fail,localhost,u2); |
121 | + |
122 | +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT |
123 | +--error ER_ACCESS_DENIED_ERROR |
124 | +connect (fail,localhost,u2,password); |
125 | + |
126 | +--error ER_PLUGIN_IS_NOT_LOADED |
127 | +change_user u1; |
128 | + |
129 | +--error ER_ACCESS_DENIED_ERROR |
130 | +change_user u2; |
131 | + |
132 | +--error ER_ACCESS_DENIED_ERROR |
133 | +change_user u2,password; |
134 | + |
135 | +delete from mysql.user where plugin = 'bar'; |
136 | +flush privileges; |
137 | + |
138 | + |
139 | |
140 | === modified file 'Percona-Server/sql/sql_acl.cc' |
141 | --- Percona-Server/sql/sql_acl.cc 2013-03-22 03:29:56 +0000 |
142 | +++ Percona-Server/sql/sql_acl.cc 2013-05-01 09:24:33 +0000 |
143 | @@ -8206,6 +8206,7 @@ |
144 | } cached_server_packet; |
145 | int packets_read, packets_written; ///< counters for send/received packets |
146 | uint connect_errors; ///< if there were connect errors for this host |
147 | + bool make_it_fail; |
148 | /** when plugin returns a failure this tells us what really happened */ |
149 | enum { SUCCESS, FAILURE, RESTART } status; |
150 | |
151 | @@ -8526,14 +8527,14 @@ |
152 | /** |
153 | Finds acl entry in user database for authentication purposes. |
154 | |
155 | - Finds a user and copies it into mpvio. Reports an authentication |
156 | - failure if a user is not found. |
157 | + Finds a user and copies it into mpvio. Creates a fake user |
158 | + if no matching user account is found. |
159 | |
160 | @note find_acl_user is not the same, because it doesn't take into |
161 | account the case when user is not empty, but acl_user->user is empty |
162 | |
163 | @retval 0 found |
164 | - @retval 1 not found |
165 | + @retval 1 error |
166 | */ |
167 | static bool find_mpvio_user(MPVIO_EXT *mpvio) |
168 | { |
169 | @@ -8564,8 +8565,32 @@ |
170 | |
171 | if (!mpvio->acl_user) |
172 | { |
173 | - login_failed_error(mpvio, mpvio->auth_info.password_used); |
174 | - DBUG_RETURN (1); |
175 | + /* |
176 | + A matching user was not found. Fake it. Take any user, make the |
177 | + authentication fail later. |
178 | + This way we get a realistically looking failure, with occasional |
179 | + "change auth plugin" requests even for nonexistent users. The ratio |
180 | + of "change auth plugin" request will be the same for real and |
181 | + nonexistent users. |
182 | + Note, that we cannot pick any user at random, it must always be |
183 | + the same user account for the incoming sctx->user name. |
184 | + */ |
185 | + ulong nr1=1, nr2=4; |
186 | + CHARSET_INFO *cs= &my_charset_latin1; |
187 | + cs->coll->hash_sort(cs, (uchar*) mpvio->auth_info.user_name, |
188 | + mpvio->auth_info.user_name_length, &nr1, &nr2); |
189 | + |
190 | + mysql_mutex_lock(&acl_cache->lock); |
191 | + uint i= nr1 % acl_users.elements; |
192 | + ACL_USER *acl_user_tmp= dynamic_element(&acl_users, i, ACL_USER*); |
193 | + mpvio->acl_user= acl_user_tmp->copy(mpvio->mem_root); |
194 | + make_lex_string_root(mpvio->mem_root, |
195 | + &mpvio->acl_user_plugin, |
196 | + acl_user_tmp->plugin.str, |
197 | + acl_user_tmp->plugin.length, 0); |
198 | + mysql_mutex_unlock(&acl_cache->lock); |
199 | + |
200 | + mpvio->make_it_fail= true; |
201 | } |
202 | |
203 | /* user account requires non-default plugin and the client is too old */ |
204 | @@ -8632,6 +8657,9 @@ |
205 | uint passwd_len= (mpvio->client_capabilities & CLIENT_SECURE_CONNECTION ? |
206 | (uchar) (*passwd++) : strlen(passwd)); |
207 | |
208 | + if (passwd_len) |
209 | + mpvio->auth_info.password_used= PASSWORD_USED_YES; |
210 | + |
211 | db+= passwd_len + 1; |
212 | /* |
213 | Database name is always NUL-terminated, so in case of empty database |
214 | @@ -9357,6 +9385,10 @@ |
215 | *buf= (uchar*) mpvio->cached_client_reply.pkt; |
216 | mpvio->cached_client_reply.pkt= 0; |
217 | mpvio->packets_read++; |
218 | + |
219 | + if (mpvio->make_it_fail) |
220 | + goto err; |
221 | + |
222 | DBUG_RETURN ((int) mpvio->cached_client_reply.pkt_len); |
223 | } |
224 | |
225 | @@ -9399,13 +9431,22 @@ |
226 | else |
227 | *buf= mpvio->net->read_pos; |
228 | |
229 | + if (mpvio->make_it_fail) |
230 | + goto err; |
231 | + |
232 | DBUG_RETURN((int)pkt_len); |
233 | |
234 | err: |
235 | if (mpvio->status == MPVIO_EXT::FAILURE) |
236 | { |
237 | inc_host_errors(mpvio->ip); |
238 | - my_error(ER_HANDSHAKE_ERROR, MYF(0)); |
239 | + if (!current_thd->is_error()) |
240 | + { |
241 | + if (mpvio->make_it_fail) |
242 | + login_failed_error(mpvio, mpvio->auth_info.password_used); |
243 | + else |
244 | + my_error(ER_HANDSHAKE_ERROR, MYF(0)); |
245 | + } |
246 | } |
247 | DBUG_RETURN(-1); |
248 | } |
249 | @@ -9597,6 +9638,7 @@ |
250 | mpvio->auth_info.user_name_length= 0; |
251 | mpvio->connect_errors= connect_errors; |
252 | mpvio->status= MPVIO_EXT::FAILURE; |
253 | + mpvio->make_it_fail= false; |
254 | |
255 | mpvio->client_capabilities= thd->client_capabilities; |
256 | mpvio->mem_root= thd->mem_root; |
257 | |
258 | === modified file 'Percona-Server/sql/sql_class.cc' |
259 | --- Percona-Server/sql/sql_class.cc 2013-03-25 05:45:50 +0000 |
260 | +++ Percona-Server/sql/sql_class.cc 2013-05-01 09:24:33 +0000 |
261 | @@ -856,6 +856,7 @@ |
262 | first_successful_insert_id_in_prev_stmt_for_binlog(0), |
263 | first_successful_insert_id_in_cur_stmt(0), |
264 | stmt_depends_on_first_successful_insert_id_in_prev_stmt(FALSE), |
265 | + failed_com_change_user(0), |
266 | examined_row_count(0), |
267 | warning_info(&main_warning_info), |
268 | stmt_da(&main_da), |
269 | |
270 | === modified file 'Percona-Server/sql/sql_class.h' |
271 | --- Percona-Server/sql/sql_class.h 2013-03-05 12:16:18 +0000 |
272 | +++ Percona-Server/sql/sql_class.h 2013-05-01 09:24:33 +0000 |
273 | @@ -2086,6 +2086,7 @@ |
274 | } |
275 | |
276 | ha_rows cuted_fields; |
277 | + uint8 failed_com_change_user; |
278 | |
279 | /* |
280 | number of rows we actually sent to the client, including "synthetic" |
281 | |
282 | === modified file 'Percona-Server/sql/sql_parse.cc' |
283 | --- Percona-Server/sql/sql_parse.cc 2013-03-25 05:45:50 +0000 |
284 | +++ Percona-Server/sql/sql_parse.cc 2013-05-01 09:24:33 +0000 |
285 | @@ -984,7 +984,22 @@ |
286 | CHARSET_INFO *save_character_set_results= |
287 | thd->variables.character_set_results; |
288 | |
289 | - rc= acl_authenticate(thd, 0, packet_length); |
290 | + /* Ensure we don't free security_ctx->user in case we have to revert */ |
291 | + thd->security_ctx->user= 0; |
292 | + thd->set_user_connect(0); |
293 | + |
294 | + /* |
295 | + to limit COM_CHANGE_USER ability to brute-force passwords, |
296 | + we only allow three unsuccessful COM_CHANGE_USER per connection. |
297 | + */ |
298 | + if (thd->failed_com_change_user >= 3) |
299 | + { |
300 | + my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); |
301 | + rc= 1; |
302 | + } |
303 | + else |
304 | + rc= acl_authenticate(thd, 0, packet_length); |
305 | + |
306 | MYSQL_AUDIT_NOTIFY_CONNECTION_CHANGE_USER(thd); |
307 | if (rc) |
308 | { |
309 | @@ -996,6 +1011,8 @@ |
310 | thd->variables.collation_connection= save_collation_connection; |
311 | thd->variables.character_set_results= save_character_set_results; |
312 | thd->update_charset(); |
313 | + thd->failed_com_change_user++; |
314 | + my_sleep(1000000); |
315 | } |
316 | else |
317 | { |
318 | |
319 | === modified file 'Percona-Server/tests/mysql_client_test.c' |
320 | --- Percona-Server/tests/mysql_client_test.c 2013-03-22 03:29:56 +0000 |
321 | +++ Percona-Server/tests/mysql_client_test.c 2013-05-01 09:24:33 +0000 |
322 | @@ -15959,6 +15959,7 @@ |
323 | const char *pw= "password"; |
324 | const char *db= "mysqltest_user_test_database"; |
325 | int rc; |
326 | + MYSQL *conn; |
327 | |
328 | DBUG_ENTER("test_change_user"); |
329 | myheader("test_change_user"); |
330 | @@ -16002,149 +16003,173 @@ |
331 | rc= mysql_query(mysql, buff); |
332 | myquery(rc); |
333 | |
334 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
335 | |
336 | /* Try some combinations */ |
337 | - rc= mysql_change_user(mysql, NULL, NULL, NULL); |
338 | - DIE_UNLESS(rc); |
339 | - if (! opt_silent) |
340 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
341 | - |
342 | - |
343 | - rc= mysql_change_user(mysql, "", NULL, NULL); |
344 | - DIE_UNLESS(rc); |
345 | - if (! opt_silent) |
346 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
347 | - |
348 | - rc= mysql_change_user(mysql, "", "", NULL); |
349 | - DIE_UNLESS(rc); |
350 | - if (! opt_silent) |
351 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
352 | - |
353 | - rc= mysql_change_user(mysql, "", "", ""); |
354 | - DIE_UNLESS(rc); |
355 | - if (! opt_silent) |
356 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
357 | - |
358 | - rc= mysql_change_user(mysql, NULL, "", ""); |
359 | - DIE_UNLESS(rc); |
360 | - if (! opt_silent) |
361 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
362 | - |
363 | - |
364 | - rc= mysql_change_user(mysql, NULL, NULL, ""); |
365 | - DIE_UNLESS(rc); |
366 | - if (! opt_silent) |
367 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
368 | - |
369 | - rc= mysql_change_user(mysql, "", NULL, ""); |
370 | - DIE_UNLESS(rc); |
371 | - if (! opt_silent) |
372 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
373 | - |
374 | - rc= mysql_change_user(mysql, user_pw, NULL, ""); |
375 | - DIE_UNLESS(rc); |
376 | - if (! opt_silent) |
377 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
378 | - |
379 | - rc= mysql_change_user(mysql, user_pw, "", ""); |
380 | - DIE_UNLESS(rc); |
381 | - if (! opt_silent) |
382 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
383 | - |
384 | - rc= mysql_change_user(mysql, user_pw, "", NULL); |
385 | - DIE_UNLESS(rc); |
386 | - if (! opt_silent) |
387 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
388 | - |
389 | - rc= mysql_change_user(mysql, user_pw, NULL, NULL); |
390 | - DIE_UNLESS(rc); |
391 | - if (! opt_silent) |
392 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
393 | - |
394 | - rc= mysql_change_user(mysql, user_pw, "", db); |
395 | - DIE_UNLESS(rc); |
396 | - if (! opt_silent) |
397 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
398 | - |
399 | - rc= mysql_change_user(mysql, user_pw, NULL, db); |
400 | - DIE_UNLESS(rc); |
401 | - if (! opt_silent) |
402 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
403 | - |
404 | - rc= mysql_change_user(mysql, user_pw, pw, db); |
405 | - myquery(rc); |
406 | - |
407 | - rc= mysql_change_user(mysql, user_pw, pw, NULL); |
408 | - myquery(rc); |
409 | - |
410 | - rc= mysql_change_user(mysql, user_pw, pw, ""); |
411 | - myquery(rc); |
412 | - |
413 | - rc= mysql_change_user(mysql, user_no_pw, pw, db); |
414 | - DIE_UNLESS(rc); |
415 | - if (! opt_silent) |
416 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
417 | - |
418 | - rc= mysql_change_user(mysql, user_no_pw, pw, ""); |
419 | - DIE_UNLESS(rc); |
420 | - if (! opt_silent) |
421 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
422 | - |
423 | - rc= mysql_change_user(mysql, user_no_pw, pw, NULL); |
424 | - DIE_UNLESS(rc); |
425 | - if (! opt_silent) |
426 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
427 | - |
428 | - rc= mysql_change_user(mysql, user_no_pw, "", NULL); |
429 | - myquery(rc); |
430 | - |
431 | - rc= mysql_change_user(mysql, user_no_pw, "", ""); |
432 | - myquery(rc); |
433 | - |
434 | - rc= mysql_change_user(mysql, user_no_pw, "", db); |
435 | - myquery(rc); |
436 | - |
437 | - rc= mysql_change_user(mysql, user_no_pw, NULL, db); |
438 | - myquery(rc); |
439 | - |
440 | - rc= mysql_change_user(mysql, "", pw, db); |
441 | - DIE_UNLESS(rc); |
442 | - if (! opt_silent) |
443 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
444 | - |
445 | - rc= mysql_change_user(mysql, "", pw, ""); |
446 | - DIE_UNLESS(rc); |
447 | - if (! opt_silent) |
448 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
449 | - |
450 | - rc= mysql_change_user(mysql, "", pw, NULL); |
451 | - DIE_UNLESS(rc); |
452 | - if (! opt_silent) |
453 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
454 | - |
455 | - rc= mysql_change_user(mysql, NULL, pw, NULL); |
456 | - DIE_UNLESS(rc); |
457 | - if (! opt_silent) |
458 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
459 | - |
460 | - rc= mysql_change_user(mysql, NULL, NULL, db); |
461 | - DIE_UNLESS(rc); |
462 | - if (! opt_silent) |
463 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
464 | - |
465 | - rc= mysql_change_user(mysql, NULL, "", db); |
466 | - DIE_UNLESS(rc); |
467 | - if (! opt_silent) |
468 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
469 | - |
470 | - rc= mysql_change_user(mysql, "", "", db); |
471 | - DIE_UNLESS(rc); |
472 | - if (! opt_silent) |
473 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
474 | + rc= mysql_change_user(conn, NULL, NULL, NULL); |
475 | + DIE_UNLESS(rc); |
476 | + if (! opt_silent) |
477 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
478 | + |
479 | + |
480 | + rc= mysql_change_user(conn, "", NULL, NULL); |
481 | + DIE_UNLESS(rc); |
482 | + if (! opt_silent) |
483 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
484 | + |
485 | + rc= mysql_change_user(conn, "", "", NULL); |
486 | + DIE_UNLESS(rc); |
487 | + if (! opt_silent) |
488 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
489 | + |
490 | + mysql_close(conn); |
491 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
492 | + |
493 | + rc= mysql_change_user(conn, "", "", ""); |
494 | + DIE_UNLESS(rc); |
495 | + if (! opt_silent) |
496 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
497 | + |
498 | + rc= mysql_change_user(conn, NULL, "", ""); |
499 | + DIE_UNLESS(rc); |
500 | + if (! opt_silent) |
501 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
502 | + |
503 | + |
504 | + rc= mysql_change_user(conn, NULL, NULL, ""); |
505 | + DIE_UNLESS(rc); |
506 | + if (! opt_silent) |
507 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
508 | + |
509 | + mysql_close(conn); |
510 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
511 | + |
512 | + rc= mysql_change_user(conn, "", NULL, ""); |
513 | + DIE_UNLESS(rc); |
514 | + if (! opt_silent) |
515 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
516 | + |
517 | + rc= mysql_change_user(conn, user_pw, NULL, ""); |
518 | + DIE_UNLESS(rc); |
519 | + if (! opt_silent) |
520 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
521 | + |
522 | + rc= mysql_change_user(conn, user_pw, "", ""); |
523 | + DIE_UNLESS(rc); |
524 | + if (! opt_silent) |
525 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
526 | + |
527 | + mysql_close(conn); |
528 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
529 | + |
530 | + rc= mysql_change_user(conn, user_pw, "", NULL); |
531 | + DIE_UNLESS(rc); |
532 | + if (! opt_silent) |
533 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
534 | + |
535 | + rc= mysql_change_user(conn, user_pw, NULL, NULL); |
536 | + DIE_UNLESS(rc); |
537 | + if (! opt_silent) |
538 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
539 | + |
540 | + rc= mysql_change_user(conn, user_pw, "", db); |
541 | + DIE_UNLESS(rc); |
542 | + if (! opt_silent) |
543 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
544 | + |
545 | + mysql_close(conn); |
546 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
547 | + |
548 | + rc= mysql_change_user(conn, user_pw, NULL, db); |
549 | + DIE_UNLESS(rc); |
550 | + if (! opt_silent) |
551 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
552 | + |
553 | + rc= mysql_change_user(conn, user_pw, pw, db); |
554 | + myquery(rc); |
555 | + |
556 | + rc= mysql_change_user(conn, user_pw, pw, NULL); |
557 | + myquery(rc); |
558 | + |
559 | + rc= mysql_change_user(conn, user_pw, pw, ""); |
560 | + myquery(rc); |
561 | + |
562 | + rc= mysql_change_user(conn, user_no_pw, pw, db); |
563 | + DIE_UNLESS(rc); |
564 | + if (! opt_silent) |
565 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
566 | + |
567 | + rc= mysql_change_user(conn, user_no_pw, pw, ""); |
568 | + DIE_UNLESS(rc); |
569 | + if (! opt_silent) |
570 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
571 | + |
572 | + mysql_close(conn); |
573 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
574 | + |
575 | + rc= mysql_change_user(conn, user_no_pw, pw, NULL); |
576 | + DIE_UNLESS(rc); |
577 | + if (! opt_silent) |
578 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
579 | + |
580 | + rc= mysql_change_user(conn, user_no_pw, "", NULL); |
581 | + myquery(rc); |
582 | + |
583 | + rc= mysql_change_user(conn, user_no_pw, "", ""); |
584 | + myquery(rc); |
585 | + |
586 | + rc= mysql_change_user(conn, user_no_pw, "", db); |
587 | + myquery(rc); |
588 | + |
589 | + rc= mysql_change_user(conn, user_no_pw, NULL, db); |
590 | + myquery(rc); |
591 | + |
592 | + rc= mysql_change_user(conn, "", pw, db); |
593 | + DIE_UNLESS(rc); |
594 | + if (! opt_silent) |
595 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
596 | + |
597 | + rc= mysql_change_user(conn, "", pw, ""); |
598 | + DIE_UNLESS(rc); |
599 | + if (! opt_silent) |
600 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
601 | + |
602 | + mysql_close(conn); |
603 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
604 | + |
605 | + rc= mysql_change_user(conn, "", pw, NULL); |
606 | + DIE_UNLESS(rc); |
607 | + if (! opt_silent) |
608 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
609 | + |
610 | + rc= mysql_change_user(conn, NULL, pw, NULL); |
611 | + DIE_UNLESS(rc); |
612 | + if (! opt_silent) |
613 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
614 | + |
615 | + rc= mysql_change_user(conn, NULL, NULL, db); |
616 | + DIE_UNLESS(rc); |
617 | + if (! opt_silent) |
618 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
619 | + |
620 | + mysql_close(conn); |
621 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
622 | + |
623 | + rc= mysql_change_user(conn, NULL, "", db); |
624 | + DIE_UNLESS(rc); |
625 | + if (! opt_silent) |
626 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
627 | + |
628 | + rc= mysql_change_user(conn, "", "", db); |
629 | + DIE_UNLESS(rc); |
630 | + if (! opt_silent) |
631 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
632 | |
633 | /* Cleanup the environment */ |
634 | |
635 | - mysql_change_user(mysql, opt_user, opt_password, current_db); |
636 | + mysql_change_user(conn, opt_user, opt_password, current_db); |
637 | + |
638 | + mysql_close(conn); |
639 | |
640 | sprintf(buff, "drop database %s", db); |
641 | rc= mysql_query(mysql, buff); |
642 | @@ -16807,29 +16832,35 @@ |
643 | static char db[NAME_CHAR_LEN+1]; |
644 | static char query[LARGE_BUFFER_SIZE*2]; |
645 | #endif |
646 | + MYSQL* conn; |
647 | |
648 | DBUG_ENTER("test_bug31669"); |
649 | myheader("test_bug31669"); |
650 | |
651 | - rc= mysql_change_user(mysql, NULL, NULL, NULL); |
652 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
653 | + |
654 | + rc= mysql_change_user(conn, NULL, NULL, NULL); |
655 | DIE_UNLESS(rc); |
656 | |
657 | - rc= mysql_change_user(mysql, "", "", ""); |
658 | + rc= mysql_change_user(conn, "", "", ""); |
659 | DIE_UNLESS(rc); |
660 | |
661 | memset(buff, 'a', sizeof(buff)); |
662 | |
663 | - rc= mysql_change_user(mysql, buff, buff, buff); |
664 | + mysql_close(conn); |
665 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
666 | + |
667 | + rc= mysql_change_user(conn, buff, buff, buff); |
668 | DIE_UNLESS(rc); |
669 | |
670 | - rc = mysql_change_user(mysql, opt_user, opt_password, current_db); |
671 | + rc = mysql_change_user(conn, opt_user, opt_password, current_db); |
672 | DIE_UNLESS(!rc); |
673 | |
674 | #ifndef EMBEDDED_LIBRARY |
675 | memset(db, 'a', sizeof(db)); |
676 | db[NAME_CHAR_LEN]= 0; |
677 | strxmov(query, "CREATE DATABASE IF NOT EXISTS ", db, NullS); |
678 | - rc= mysql_query(mysql, query); |
679 | + rc= mysql_query(conn, query); |
680 | myquery(rc); |
681 | |
682 | memset(user, 'b', sizeof(user)); |
683 | @@ -16838,54 +16869,59 @@ |
684 | buff[LARGE_BUFFER_SIZE]= 0; |
685 | strxmov(query, "GRANT ALL PRIVILEGES ON *.* TO '", user, "'@'%' IDENTIFIED BY " |
686 | "'", buff, "' WITH GRANT OPTION", NullS); |
687 | - rc= mysql_query(mysql, query); |
688 | + rc= mysql_query(conn, query); |
689 | myquery(rc); |
690 | |
691 | strxmov(query, "GRANT ALL PRIVILEGES ON *.* TO '", user, "'@'localhost' IDENTIFIED BY " |
692 | "'", buff, "' WITH GRANT OPTION", NullS); |
693 | - rc= mysql_query(mysql, query); |
694 | - myquery(rc); |
695 | - |
696 | - rc= mysql_query(mysql, "FLUSH PRIVILEGES"); |
697 | - myquery(rc); |
698 | - |
699 | - rc= mysql_change_user(mysql, user, buff, db); |
700 | + rc= mysql_query(conn, query); |
701 | + myquery(rc); |
702 | + |
703 | + rc= mysql_query(conn, "FLUSH PRIVILEGES"); |
704 | + myquery(rc); |
705 | + |
706 | + rc= mysql_change_user(conn, user, buff, db); |
707 | DIE_UNLESS(!rc); |
708 | |
709 | user[USERNAME_CHAR_LENGTH-1]= 'a'; |
710 | - rc= mysql_change_user(mysql, user, buff, db); |
711 | + rc= mysql_change_user(conn, user, buff, db); |
712 | DIE_UNLESS(rc); |
713 | |
714 | user[USERNAME_CHAR_LENGTH-1]= 'b'; |
715 | buff[LARGE_BUFFER_SIZE-1]= 'd'; |
716 | - rc= mysql_change_user(mysql, user, buff, db); |
717 | + rc= mysql_change_user(conn, user, buff, db); |
718 | DIE_UNLESS(rc); |
719 | |
720 | buff[LARGE_BUFFER_SIZE-1]= 'c'; |
721 | db[NAME_CHAR_LEN-1]= 'e'; |
722 | - rc= mysql_change_user(mysql, user, buff, db); |
723 | + rc= mysql_change_user(conn, user, buff, db); |
724 | DIE_UNLESS(rc); |
725 | |
726 | + mysql_close(conn); |
727 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
728 | + |
729 | db[NAME_CHAR_LEN-1]= 'a'; |
730 | - rc= mysql_change_user(mysql, user, buff, db); |
731 | + rc= mysql_change_user(conn, user, buff, db); |
732 | DIE_UNLESS(!rc); |
733 | |
734 | - rc= mysql_change_user(mysql, user + 1, buff + 1, db + 1); |
735 | + rc= mysql_change_user(conn, user + 1, buff + 1, db + 1); |
736 | DIE_UNLESS(rc); |
737 | |
738 | - rc = mysql_change_user(mysql, opt_user, opt_password, current_db); |
739 | + rc = mysql_change_user(conn, opt_user, opt_password, current_db); |
740 | DIE_UNLESS(!rc); |
741 | |
742 | strxmov(query, "DROP DATABASE ", db, NullS); |
743 | - rc= mysql_query(mysql, query); |
744 | + rc= mysql_query(conn, query); |
745 | myquery(rc); |
746 | |
747 | strxmov(query, "DELETE FROM mysql.user WHERE User='", user, "'", NullS); |
748 | - rc= mysql_query(mysql, query); |
749 | + rc= mysql_query(conn, query); |
750 | myquery(rc); |
751 | - DIE_UNLESS(mysql_affected_rows(mysql) == 2); |
752 | + DIE_UNLESS(mysql_affected_rows(conn) == 2); |
753 | #endif |
754 | |
755 | + mysql_close(conn); |
756 | + |
757 | DBUG_VOID_RETURN; |
758 | } |
759 |
(I'd have preferred the separate MPs for the separate bugs as I had to review the commits instead of the MP diff).