Merge lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.5 into lp:percona-server/5.5

Proposed by Sergei Glushchenko
Status: Merged
Approved by: Laurynas Biveinis
Approved revision: 462
Merged at revision: 514
Proposed branch: lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.5
Merge into: lp:percona-server/5.5
Diff against target: 758 lines (+357/-171)
11 files modified
Percona-Server/client/mysqltest.cc (+4/-1)
Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0)
Percona-Server/mysql-test/r/failed_auth_3909.result (+20/-0)
Percona-Server/mysql-test/r/mysqltest.result (+3/-3)
Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0)
Percona-Server/mysql-test/t/failed_auth_3909.test (+37/-0)
Percona-Server/sql/sql_acl.cc (+48/-6)
Percona-Server/sql/sql_class.cc (+1/-0)
Percona-Server/sql/sql_class.h (+1/-0)
Percona-Server/sql/sql_parse.cc (+18/-1)
Percona-Server/tests/mysql_client_test.c (+196/-160)
To merge this branch: bzr merge lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.5
Reviewer Review Type Date Requested Status
Laurynas Biveinis (community) Approve
Review via email: mp+161799@code.launchpad.net

Description of the change

This is a port from MariaDB of fix for bug 1172090, 1171941.

The fix for bug 1172090 introduces limitation of unsuccessful COM_CHANGE_USER to 3 per client thread.
The fix for bug 1171941 make failed authentication is the case when user not found not fail too early.
Instead an attempt to authenticate fake user being made.

http://jenkins.percona.com/view/PS%205.5/job/percona-server-5.5-param/726/

To post a comment you must log in.

(I'd have preferred the separate MPs for the separate bugs as I had to review the commits instead of the MP diff).

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Percona-Server/client/mysqltest.cc'
2--- Percona-Server/client/mysqltest.cc 2013-02-18 04:48:10 +0000
3+++ Percona-Server/client/mysqltest.cc 2013-05-01 09:24:33 +0000
4@@ -4075,7 +4075,10 @@
5 cur_con->name, ds_user.str, ds_passwd.str, ds_db.str));
6
7 if (mysql_change_user(mysql, ds_user.str, ds_passwd.str, ds_db.str))
8- die("change user failed: %s", mysql_error(mysql));
9+ handle_error(command, mysql_errno(mysql), mysql_error(mysql),
10+ mysql_sqlstate(mysql), &ds_res);
11+ else
12+ handle_no_error(command);
13
14 dynstr_free(&ds_user);
15 dynstr_free(&ds_passwd);
16
17=== added file 'Percona-Server/mysql-test/r/change_user_notembedded.result'
18--- Percona-Server/mysql-test/r/change_user_notembedded.result 1970-01-01 00:00:00 +0000
19+++ Percona-Server/mysql-test/r/change_user_notembedded.result 2013-05-01 09:24:33 +0000
20@@ -0,0 +1,5 @@
21+ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES)
22+ERROR 28000: Access denied for user 'foo'@'localhost' (using password: NO)
23+ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES)
24+ERROR 08S01: Unknown command
25+ERROR 08S01: Unknown command
26
27=== added file 'Percona-Server/mysql-test/r/failed_auth_3909.result'
28--- Percona-Server/mysql-test/r/failed_auth_3909.result 1970-01-01 00:00:00 +0000
29+++ Percona-Server/mysql-test/r/failed_auth_3909.result 2013-05-01 09:24:33 +0000
30@@ -0,0 +1,20 @@
31+optimize table mysql.user;
32+Table Op Msg_type Msg_text
33+mysql.user optimize status OK
34+insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar');
35+Warnings:
36+Warning 1364 Field 'ssl_cipher' doesn't have a default value
37+Warning 1364 Field 'x509_issuer' doesn't have a default value
38+Warning 1364 Field 'x509_subject' doesn't have a default value
39+flush privileges;
40+connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET);
41+ERROR HY000: Plugin 'bar' is not loaded
42+connect(localhost,u2,,test,MASTER_PORT,MASTER_SOCKET);
43+ERROR 28000: Access denied for user 'u2'@'localhost' (using password: NO)
44+connect(localhost,u2,password,test,MASTER_PORT,MASTER_SOCKET);
45+ERROR 28000: Access denied for user 'u2'@'localhost' (using password: YES)
46+ERROR HY000: Plugin 'bar' is not loaded
47+ERROR 28000: Access denied for user 'u2'@'localhost' (using password: NO)
48+ERROR 28000: Access denied for user 'u2'@'localhost' (using password: YES)
49+delete from mysql.user where plugin = 'bar';
50+flush privileges;
51
52=== modified file 'Percona-Server/mysql-test/r/mysqltest.result'
53--- Percona-Server/mysql-test/r/mysqltest.result 2011-11-08 14:55:25 +0000
54+++ Percona-Server/mysql-test/r/mysqltest.result 2013-05-01 09:24:33 +0000
55@@ -922,9 +922,9 @@
56 b varchar(255) YES NULL
57 c datetime YES NULL
58 drop table t1;
59-mysqltest: At line 1: change user failed: Unknown database 'inexistent'
60-mysqltest: At line 1: change user failed: Access denied for user 'inexistent'@'localhost' (using password: NO)
61-mysqltest: At line 1: change user failed: Access denied for user 'root'@'localhost' (using password: YES)
62+mysqltest: At line 1: query 'change_user root,,inexistent' failed: 1049: Unknown database 'inexistent'
63+mysqltest: At line 1: query 'change_user inexistent,,test' failed: 1045: Access denied for user 'inexistent'@'localhost' (using password: NO)
64+mysqltest: At line 1: query 'change_user root,inexistent,test' failed: 1045: Access denied for user 'root'@'localhost' (using password: YES)
65 REPLACED_FILE1.txt
66 file1.txt
67 file2.txt
68
69=== added file 'Percona-Server/mysql-test/t/change_user_notembedded.test'
70--- Percona-Server/mysql-test/t/change_user_notembedded.test 1970-01-01 00:00:00 +0000
71+++ Percona-Server/mysql-test/t/change_user_notembedded.test 2013-05-01 09:24:33 +0000
72@@ -0,0 +1,24 @@
73+source include/not_embedded.inc;
74+
75+#
76+# MDEV-3915 COM_CHANGE_USER allows fast password brute-forcing
77+#
78+# only three failed change_user per connection.
79+# successful change_user do NOT reset the counter
80+#
81+connect (test,localhost,root,,);
82+connection test;
83+--error 1045
84+change_user foo,bar;
85+--error 1045
86+change_user foo;
87+change_user;
88+--error 1045
89+change_user foo,bar;
90+--error 1047
91+change_user foo,bar;
92+--error 1047
93+change_user;
94+disconnect test;
95+connection default;
96+
97
98=== added file 'Percona-Server/mysql-test/t/failed_auth_3909.test'
99--- Percona-Server/mysql-test/t/failed_auth_3909.test 1970-01-01 00:00:00 +0000
100+++ Percona-Server/mysql-test/t/failed_auth_3909.test 2013-05-01 09:24:33 +0000
101@@ -0,0 +1,37 @@
102+source include/not_embedded.inc;
103+
104+#
105+# MDEV-3909 remote user enumeration
106+#
107+# verify that for some failed login attemps (with wrong user names)
108+# the server requests a plugin
109+#
110+optimize table mysql.user;
111+insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar');
112+flush privileges;
113+
114+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
115+--error ER_PLUGIN_IS_NOT_LOADED
116+connect (fail,localhost,u1);
117+
118+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
119+--error ER_ACCESS_DENIED_ERROR
120+connect (fail,localhost,u2);
121+
122+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
123+--error ER_ACCESS_DENIED_ERROR
124+connect (fail,localhost,u2,password);
125+
126+--error ER_PLUGIN_IS_NOT_LOADED
127+change_user u1;
128+
129+--error ER_ACCESS_DENIED_ERROR
130+change_user u2;
131+
132+--error ER_ACCESS_DENIED_ERROR
133+change_user u2,password;
134+
135+delete from mysql.user where plugin = 'bar';
136+flush privileges;
137+
138+
139
140=== modified file 'Percona-Server/sql/sql_acl.cc'
141--- Percona-Server/sql/sql_acl.cc 2013-03-22 03:29:56 +0000
142+++ Percona-Server/sql/sql_acl.cc 2013-05-01 09:24:33 +0000
143@@ -8206,6 +8206,7 @@
144 } cached_server_packet;
145 int packets_read, packets_written; ///< counters for send/received packets
146 uint connect_errors; ///< if there were connect errors for this host
147+ bool make_it_fail;
148 /** when plugin returns a failure this tells us what really happened */
149 enum { SUCCESS, FAILURE, RESTART } status;
150
151@@ -8526,14 +8527,14 @@
152 /**
153 Finds acl entry in user database for authentication purposes.
154
155- Finds a user and copies it into mpvio. Reports an authentication
156- failure if a user is not found.
157+ Finds a user and copies it into mpvio. Creates a fake user
158+ if no matching user account is found.
159
160 @note find_acl_user is not the same, because it doesn't take into
161 account the case when user is not empty, but acl_user->user is empty
162
163 @retval 0 found
164- @retval 1 not found
165+ @retval 1 error
166 */
167 static bool find_mpvio_user(MPVIO_EXT *mpvio)
168 {
169@@ -8564,8 +8565,32 @@
170
171 if (!mpvio->acl_user)
172 {
173- login_failed_error(mpvio, mpvio->auth_info.password_used);
174- DBUG_RETURN (1);
175+ /*
176+ A matching user was not found. Fake it. Take any user, make the
177+ authentication fail later.
178+ This way we get a realistically looking failure, with occasional
179+ "change auth plugin" requests even for nonexistent users. The ratio
180+ of "change auth plugin" request will be the same for real and
181+ nonexistent users.
182+ Note, that we cannot pick any user at random, it must always be
183+ the same user account for the incoming sctx->user name.
184+ */
185+ ulong nr1=1, nr2=4;
186+ CHARSET_INFO *cs= &my_charset_latin1;
187+ cs->coll->hash_sort(cs, (uchar*) mpvio->auth_info.user_name,
188+ mpvio->auth_info.user_name_length, &nr1, &nr2);
189+
190+ mysql_mutex_lock(&acl_cache->lock);
191+ uint i= nr1 % acl_users.elements;
192+ ACL_USER *acl_user_tmp= dynamic_element(&acl_users, i, ACL_USER*);
193+ mpvio->acl_user= acl_user_tmp->copy(mpvio->mem_root);
194+ make_lex_string_root(mpvio->mem_root,
195+ &mpvio->acl_user_plugin,
196+ acl_user_tmp->plugin.str,
197+ acl_user_tmp->plugin.length, 0);
198+ mysql_mutex_unlock(&acl_cache->lock);
199+
200+ mpvio->make_it_fail= true;
201 }
202
203 /* user account requires non-default plugin and the client is too old */
204@@ -8632,6 +8657,9 @@
205 uint passwd_len= (mpvio->client_capabilities & CLIENT_SECURE_CONNECTION ?
206 (uchar) (*passwd++) : strlen(passwd));
207
208+ if (passwd_len)
209+ mpvio->auth_info.password_used= PASSWORD_USED_YES;
210+
211 db+= passwd_len + 1;
212 /*
213 Database name is always NUL-terminated, so in case of empty database
214@@ -9357,6 +9385,10 @@
215 *buf= (uchar*) mpvio->cached_client_reply.pkt;
216 mpvio->cached_client_reply.pkt= 0;
217 mpvio->packets_read++;
218+
219+ if (mpvio->make_it_fail)
220+ goto err;
221+
222 DBUG_RETURN ((int) mpvio->cached_client_reply.pkt_len);
223 }
224
225@@ -9399,13 +9431,22 @@
226 else
227 *buf= mpvio->net->read_pos;
228
229+ if (mpvio->make_it_fail)
230+ goto err;
231+
232 DBUG_RETURN((int)pkt_len);
233
234 err:
235 if (mpvio->status == MPVIO_EXT::FAILURE)
236 {
237 inc_host_errors(mpvio->ip);
238- my_error(ER_HANDSHAKE_ERROR, MYF(0));
239+ if (!current_thd->is_error())
240+ {
241+ if (mpvio->make_it_fail)
242+ login_failed_error(mpvio, mpvio->auth_info.password_used);
243+ else
244+ my_error(ER_HANDSHAKE_ERROR, MYF(0));
245+ }
246 }
247 DBUG_RETURN(-1);
248 }
249@@ -9597,6 +9638,7 @@
250 mpvio->auth_info.user_name_length= 0;
251 mpvio->connect_errors= connect_errors;
252 mpvio->status= MPVIO_EXT::FAILURE;
253+ mpvio->make_it_fail= false;
254
255 mpvio->client_capabilities= thd->client_capabilities;
256 mpvio->mem_root= thd->mem_root;
257
258=== modified file 'Percona-Server/sql/sql_class.cc'
259--- Percona-Server/sql/sql_class.cc 2013-03-25 05:45:50 +0000
260+++ Percona-Server/sql/sql_class.cc 2013-05-01 09:24:33 +0000
261@@ -856,6 +856,7 @@
262 first_successful_insert_id_in_prev_stmt_for_binlog(0),
263 first_successful_insert_id_in_cur_stmt(0),
264 stmt_depends_on_first_successful_insert_id_in_prev_stmt(FALSE),
265+ failed_com_change_user(0),
266 examined_row_count(0),
267 warning_info(&main_warning_info),
268 stmt_da(&main_da),
269
270=== modified file 'Percona-Server/sql/sql_class.h'
271--- Percona-Server/sql/sql_class.h 2013-03-05 12:16:18 +0000
272+++ Percona-Server/sql/sql_class.h 2013-05-01 09:24:33 +0000
273@@ -2086,6 +2086,7 @@
274 }
275
276 ha_rows cuted_fields;
277+ uint8 failed_com_change_user;
278
279 /*
280 number of rows we actually sent to the client, including "synthetic"
281
282=== modified file 'Percona-Server/sql/sql_parse.cc'
283--- Percona-Server/sql/sql_parse.cc 2013-03-25 05:45:50 +0000
284+++ Percona-Server/sql/sql_parse.cc 2013-05-01 09:24:33 +0000
285@@ -984,7 +984,22 @@
286 CHARSET_INFO *save_character_set_results=
287 thd->variables.character_set_results;
288
289- rc= acl_authenticate(thd, 0, packet_length);
290+ /* Ensure we don't free security_ctx->user in case we have to revert */
291+ thd->security_ctx->user= 0;
292+ thd->set_user_connect(0);
293+
294+ /*
295+ to limit COM_CHANGE_USER ability to brute-force passwords,
296+ we only allow three unsuccessful COM_CHANGE_USER per connection.
297+ */
298+ if (thd->failed_com_change_user >= 3)
299+ {
300+ my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));
301+ rc= 1;
302+ }
303+ else
304+ rc= acl_authenticate(thd, 0, packet_length);
305+
306 MYSQL_AUDIT_NOTIFY_CONNECTION_CHANGE_USER(thd);
307 if (rc)
308 {
309@@ -996,6 +1011,8 @@
310 thd->variables.collation_connection= save_collation_connection;
311 thd->variables.character_set_results= save_character_set_results;
312 thd->update_charset();
313+ thd->failed_com_change_user++;
314+ my_sleep(1000000);
315 }
316 else
317 {
318
319=== modified file 'Percona-Server/tests/mysql_client_test.c'
320--- Percona-Server/tests/mysql_client_test.c 2013-03-22 03:29:56 +0000
321+++ Percona-Server/tests/mysql_client_test.c 2013-05-01 09:24:33 +0000
322@@ -15959,6 +15959,7 @@
323 const char *pw= "password";
324 const char *db= "mysqltest_user_test_database";
325 int rc;
326+ MYSQL *conn;
327
328 DBUG_ENTER("test_change_user");
329 myheader("test_change_user");
330@@ -16002,149 +16003,173 @@
331 rc= mysql_query(mysql, buff);
332 myquery(rc);
333
334+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
335
336 /* Try some combinations */
337- rc= mysql_change_user(mysql, NULL, NULL, NULL);
338- DIE_UNLESS(rc);
339- if (! opt_silent)
340- printf("Got error (as expected): %s\n", mysql_error(mysql));
341-
342-
343- rc= mysql_change_user(mysql, "", NULL, NULL);
344- DIE_UNLESS(rc);
345- if (! opt_silent)
346- printf("Got error (as expected): %s\n", mysql_error(mysql));
347-
348- rc= mysql_change_user(mysql, "", "", NULL);
349- DIE_UNLESS(rc);
350- if (! opt_silent)
351- printf("Got error (as expected): %s\n", mysql_error(mysql));
352-
353- rc= mysql_change_user(mysql, "", "", "");
354- DIE_UNLESS(rc);
355- if (! opt_silent)
356- printf("Got error (as expected): %s\n", mysql_error(mysql));
357-
358- rc= mysql_change_user(mysql, NULL, "", "");
359- DIE_UNLESS(rc);
360- if (! opt_silent)
361- printf("Got error (as expected): %s\n", mysql_error(mysql));
362-
363-
364- rc= mysql_change_user(mysql, NULL, NULL, "");
365- DIE_UNLESS(rc);
366- if (! opt_silent)
367- printf("Got error (as expected): %s\n", mysql_error(mysql));
368-
369- rc= mysql_change_user(mysql, "", NULL, "");
370- DIE_UNLESS(rc);
371- if (! opt_silent)
372- printf("Got error (as expected): %s\n", mysql_error(mysql));
373-
374- rc= mysql_change_user(mysql, user_pw, NULL, "");
375- DIE_UNLESS(rc);
376- if (! opt_silent)
377- printf("Got error (as expected): %s\n", mysql_error(mysql));
378-
379- rc= mysql_change_user(mysql, user_pw, "", "");
380- DIE_UNLESS(rc);
381- if (! opt_silent)
382- printf("Got error (as expected): %s\n", mysql_error(mysql));
383-
384- rc= mysql_change_user(mysql, user_pw, "", NULL);
385- DIE_UNLESS(rc);
386- if (! opt_silent)
387- printf("Got error (as expected): %s\n", mysql_error(mysql));
388-
389- rc= mysql_change_user(mysql, user_pw, NULL, NULL);
390- DIE_UNLESS(rc);
391- if (! opt_silent)
392- printf("Got error (as expected): %s\n", mysql_error(mysql));
393-
394- rc= mysql_change_user(mysql, user_pw, "", db);
395- DIE_UNLESS(rc);
396- if (! opt_silent)
397- printf("Got error (as expected): %s\n", mysql_error(mysql));
398-
399- rc= mysql_change_user(mysql, user_pw, NULL, db);
400- DIE_UNLESS(rc);
401- if (! opt_silent)
402- printf("Got error (as expected): %s\n", mysql_error(mysql));
403-
404- rc= mysql_change_user(mysql, user_pw, pw, db);
405- myquery(rc);
406-
407- rc= mysql_change_user(mysql, user_pw, pw, NULL);
408- myquery(rc);
409-
410- rc= mysql_change_user(mysql, user_pw, pw, "");
411- myquery(rc);
412-
413- rc= mysql_change_user(mysql, user_no_pw, pw, db);
414- DIE_UNLESS(rc);
415- if (! opt_silent)
416- printf("Got error (as expected): %s\n", mysql_error(mysql));
417-
418- rc= mysql_change_user(mysql, user_no_pw, pw, "");
419- DIE_UNLESS(rc);
420- if (! opt_silent)
421- printf("Got error (as expected): %s\n", mysql_error(mysql));
422-
423- rc= mysql_change_user(mysql, user_no_pw, pw, NULL);
424- DIE_UNLESS(rc);
425- if (! opt_silent)
426- printf("Got error (as expected): %s\n", mysql_error(mysql));
427-
428- rc= mysql_change_user(mysql, user_no_pw, "", NULL);
429- myquery(rc);
430-
431- rc= mysql_change_user(mysql, user_no_pw, "", "");
432- myquery(rc);
433-
434- rc= mysql_change_user(mysql, user_no_pw, "", db);
435- myquery(rc);
436-
437- rc= mysql_change_user(mysql, user_no_pw, NULL, db);
438- myquery(rc);
439-
440- rc= mysql_change_user(mysql, "", pw, db);
441- DIE_UNLESS(rc);
442- if (! opt_silent)
443- printf("Got error (as expected): %s\n", mysql_error(mysql));
444-
445- rc= mysql_change_user(mysql, "", pw, "");
446- DIE_UNLESS(rc);
447- if (! opt_silent)
448- printf("Got error (as expected): %s\n", mysql_error(mysql));
449-
450- rc= mysql_change_user(mysql, "", pw, NULL);
451- DIE_UNLESS(rc);
452- if (! opt_silent)
453- printf("Got error (as expected): %s\n", mysql_error(mysql));
454-
455- rc= mysql_change_user(mysql, NULL, pw, NULL);
456- DIE_UNLESS(rc);
457- if (! opt_silent)
458- printf("Got error (as expected): %s\n", mysql_error(mysql));
459-
460- rc= mysql_change_user(mysql, NULL, NULL, db);
461- DIE_UNLESS(rc);
462- if (! opt_silent)
463- printf("Got error (as expected): %s\n", mysql_error(mysql));
464-
465- rc= mysql_change_user(mysql, NULL, "", db);
466- DIE_UNLESS(rc);
467- if (! opt_silent)
468- printf("Got error (as expected): %s\n", mysql_error(mysql));
469-
470- rc= mysql_change_user(mysql, "", "", db);
471- DIE_UNLESS(rc);
472- if (! opt_silent)
473- printf("Got error (as expected): %s\n", mysql_error(mysql));
474+ rc= mysql_change_user(conn, NULL, NULL, NULL);
475+ DIE_UNLESS(rc);
476+ if (! opt_silent)
477+ printf("Got error (as expected): %s\n", mysql_error(conn));
478+
479+
480+ rc= mysql_change_user(conn, "", NULL, NULL);
481+ DIE_UNLESS(rc);
482+ if (! opt_silent)
483+ printf("Got error (as expected): %s\n", mysql_error(conn));
484+
485+ rc= mysql_change_user(conn, "", "", NULL);
486+ DIE_UNLESS(rc);
487+ if (! opt_silent)
488+ printf("Got error (as expected): %s\n", mysql_error(conn));
489+
490+ mysql_close(conn);
491+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
492+
493+ rc= mysql_change_user(conn, "", "", "");
494+ DIE_UNLESS(rc);
495+ if (! opt_silent)
496+ printf("Got error (as expected): %s\n", mysql_error(conn));
497+
498+ rc= mysql_change_user(conn, NULL, "", "");
499+ DIE_UNLESS(rc);
500+ if (! opt_silent)
501+ printf("Got error (as expected): %s\n", mysql_error(conn));
502+
503+
504+ rc= mysql_change_user(conn, NULL, NULL, "");
505+ DIE_UNLESS(rc);
506+ if (! opt_silent)
507+ printf("Got error (as expected): %s\n", mysql_error(conn));
508+
509+ mysql_close(conn);
510+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
511+
512+ rc= mysql_change_user(conn, "", NULL, "");
513+ DIE_UNLESS(rc);
514+ if (! opt_silent)
515+ printf("Got error (as expected): %s\n", mysql_error(conn));
516+
517+ rc= mysql_change_user(conn, user_pw, NULL, "");
518+ DIE_UNLESS(rc);
519+ if (! opt_silent)
520+ printf("Got error (as expected): %s\n", mysql_error(conn));
521+
522+ rc= mysql_change_user(conn, user_pw, "", "");
523+ DIE_UNLESS(rc);
524+ if (! opt_silent)
525+ printf("Got error (as expected): %s\n", mysql_error(conn));
526+
527+ mysql_close(conn);
528+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
529+
530+ rc= mysql_change_user(conn, user_pw, "", NULL);
531+ DIE_UNLESS(rc);
532+ if (! opt_silent)
533+ printf("Got error (as expected): %s\n", mysql_error(conn));
534+
535+ rc= mysql_change_user(conn, user_pw, NULL, NULL);
536+ DIE_UNLESS(rc);
537+ if (! opt_silent)
538+ printf("Got error (as expected): %s\n", mysql_error(conn));
539+
540+ rc= mysql_change_user(conn, user_pw, "", db);
541+ DIE_UNLESS(rc);
542+ if (! opt_silent)
543+ printf("Got error (as expected): %s\n", mysql_error(conn));
544+
545+ mysql_close(conn);
546+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
547+
548+ rc= mysql_change_user(conn, user_pw, NULL, db);
549+ DIE_UNLESS(rc);
550+ if (! opt_silent)
551+ printf("Got error (as expected): %s\n", mysql_error(conn));
552+
553+ rc= mysql_change_user(conn, user_pw, pw, db);
554+ myquery(rc);
555+
556+ rc= mysql_change_user(conn, user_pw, pw, NULL);
557+ myquery(rc);
558+
559+ rc= mysql_change_user(conn, user_pw, pw, "");
560+ myquery(rc);
561+
562+ rc= mysql_change_user(conn, user_no_pw, pw, db);
563+ DIE_UNLESS(rc);
564+ if (! opt_silent)
565+ printf("Got error (as expected): %s\n", mysql_error(conn));
566+
567+ rc= mysql_change_user(conn, user_no_pw, pw, "");
568+ DIE_UNLESS(rc);
569+ if (! opt_silent)
570+ printf("Got error (as expected): %s\n", mysql_error(conn));
571+
572+ mysql_close(conn);
573+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
574+
575+ rc= mysql_change_user(conn, user_no_pw, pw, NULL);
576+ DIE_UNLESS(rc);
577+ if (! opt_silent)
578+ printf("Got error (as expected): %s\n", mysql_error(conn));
579+
580+ rc= mysql_change_user(conn, user_no_pw, "", NULL);
581+ myquery(rc);
582+
583+ rc= mysql_change_user(conn, user_no_pw, "", "");
584+ myquery(rc);
585+
586+ rc= mysql_change_user(conn, user_no_pw, "", db);
587+ myquery(rc);
588+
589+ rc= mysql_change_user(conn, user_no_pw, NULL, db);
590+ myquery(rc);
591+
592+ rc= mysql_change_user(conn, "", pw, db);
593+ DIE_UNLESS(rc);
594+ if (! opt_silent)
595+ printf("Got error (as expected): %s\n", mysql_error(conn));
596+
597+ rc= mysql_change_user(conn, "", pw, "");
598+ DIE_UNLESS(rc);
599+ if (! opt_silent)
600+ printf("Got error (as expected): %s\n", mysql_error(conn));
601+
602+ mysql_close(conn);
603+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
604+
605+ rc= mysql_change_user(conn, "", pw, NULL);
606+ DIE_UNLESS(rc);
607+ if (! opt_silent)
608+ printf("Got error (as expected): %s\n", mysql_error(conn));
609+
610+ rc= mysql_change_user(conn, NULL, pw, NULL);
611+ DIE_UNLESS(rc);
612+ if (! opt_silent)
613+ printf("Got error (as expected): %s\n", mysql_error(conn));
614+
615+ rc= mysql_change_user(conn, NULL, NULL, db);
616+ DIE_UNLESS(rc);
617+ if (! opt_silent)
618+ printf("Got error (as expected): %s\n", mysql_error(conn));
619+
620+ mysql_close(conn);
621+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
622+
623+ rc= mysql_change_user(conn, NULL, "", db);
624+ DIE_UNLESS(rc);
625+ if (! opt_silent)
626+ printf("Got error (as expected): %s\n", mysql_error(conn));
627+
628+ rc= mysql_change_user(conn, "", "", db);
629+ DIE_UNLESS(rc);
630+ if (! opt_silent)
631+ printf("Got error (as expected): %s\n", mysql_error(conn));
632
633 /* Cleanup the environment */
634
635- mysql_change_user(mysql, opt_user, opt_password, current_db);
636+ mysql_change_user(conn, opt_user, opt_password, current_db);
637+
638+ mysql_close(conn);
639
640 sprintf(buff, "drop database %s", db);
641 rc= mysql_query(mysql, buff);
642@@ -16807,29 +16832,35 @@
643 static char db[NAME_CHAR_LEN+1];
644 static char query[LARGE_BUFFER_SIZE*2];
645 #endif
646+ MYSQL* conn;
647
648 DBUG_ENTER("test_bug31669");
649 myheader("test_bug31669");
650
651- rc= mysql_change_user(mysql, NULL, NULL, NULL);
652+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
653+
654+ rc= mysql_change_user(conn, NULL, NULL, NULL);
655 DIE_UNLESS(rc);
656
657- rc= mysql_change_user(mysql, "", "", "");
658+ rc= mysql_change_user(conn, "", "", "");
659 DIE_UNLESS(rc);
660
661 memset(buff, 'a', sizeof(buff));
662
663- rc= mysql_change_user(mysql, buff, buff, buff);
664+ mysql_close(conn);
665+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
666+
667+ rc= mysql_change_user(conn, buff, buff, buff);
668 DIE_UNLESS(rc);
669
670- rc = mysql_change_user(mysql, opt_user, opt_password, current_db);
671+ rc = mysql_change_user(conn, opt_user, opt_password, current_db);
672 DIE_UNLESS(!rc);
673
674 #ifndef EMBEDDED_LIBRARY
675 memset(db, 'a', sizeof(db));
676 db[NAME_CHAR_LEN]= 0;
677 strxmov(query, "CREATE DATABASE IF NOT EXISTS ", db, NullS);
678- rc= mysql_query(mysql, query);
679+ rc= mysql_query(conn, query);
680 myquery(rc);
681
682 memset(user, 'b', sizeof(user));
683@@ -16838,54 +16869,59 @@
684 buff[LARGE_BUFFER_SIZE]= 0;
685 strxmov(query, "GRANT ALL PRIVILEGES ON *.* TO '", user, "'@'%' IDENTIFIED BY "
686 "'", buff, "' WITH GRANT OPTION", NullS);
687- rc= mysql_query(mysql, query);
688+ rc= mysql_query(conn, query);
689 myquery(rc);
690
691 strxmov(query, "GRANT ALL PRIVILEGES ON *.* TO '", user, "'@'localhost' IDENTIFIED BY "
692 "'", buff, "' WITH GRANT OPTION", NullS);
693- rc= mysql_query(mysql, query);
694- myquery(rc);
695-
696- rc= mysql_query(mysql, "FLUSH PRIVILEGES");
697- myquery(rc);
698-
699- rc= mysql_change_user(mysql, user, buff, db);
700+ rc= mysql_query(conn, query);
701+ myquery(rc);
702+
703+ rc= mysql_query(conn, "FLUSH PRIVILEGES");
704+ myquery(rc);
705+
706+ rc= mysql_change_user(conn, user, buff, db);
707 DIE_UNLESS(!rc);
708
709 user[USERNAME_CHAR_LENGTH-1]= 'a';
710- rc= mysql_change_user(mysql, user, buff, db);
711+ rc= mysql_change_user(conn, user, buff, db);
712 DIE_UNLESS(rc);
713
714 user[USERNAME_CHAR_LENGTH-1]= 'b';
715 buff[LARGE_BUFFER_SIZE-1]= 'd';
716- rc= mysql_change_user(mysql, user, buff, db);
717+ rc= mysql_change_user(conn, user, buff, db);
718 DIE_UNLESS(rc);
719
720 buff[LARGE_BUFFER_SIZE-1]= 'c';
721 db[NAME_CHAR_LEN-1]= 'e';
722- rc= mysql_change_user(mysql, user, buff, db);
723+ rc= mysql_change_user(conn, user, buff, db);
724 DIE_UNLESS(rc);
725
726+ mysql_close(conn);
727+ conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0);
728+
729 db[NAME_CHAR_LEN-1]= 'a';
730- rc= mysql_change_user(mysql, user, buff, db);
731+ rc= mysql_change_user(conn, user, buff, db);
732 DIE_UNLESS(!rc);
733
734- rc= mysql_change_user(mysql, user + 1, buff + 1, db + 1);
735+ rc= mysql_change_user(conn, user + 1, buff + 1, db + 1);
736 DIE_UNLESS(rc);
737
738- rc = mysql_change_user(mysql, opt_user, opt_password, current_db);
739+ rc = mysql_change_user(conn, opt_user, opt_password, current_db);
740 DIE_UNLESS(!rc);
741
742 strxmov(query, "DROP DATABASE ", db, NullS);
743- rc= mysql_query(mysql, query);
744+ rc= mysql_query(conn, query);
745 myquery(rc);
746
747 strxmov(query, "DELETE FROM mysql.user WHERE User='", user, "'", NullS);
748- rc= mysql_query(mysql, query);
749+ rc= mysql_query(conn, query);
750 myquery(rc);
751- DIE_UNLESS(mysql_affected_rows(mysql) == 2);
752+ DIE_UNLESS(mysql_affected_rows(conn) == 2);
753 #endif
754
755+ mysql_close(conn);
756+
757 DBUG_VOID_RETURN;
758 }
759

Subscribers

People subscribed via source and target branches