Merge lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.6 into lp:percona-server/5.6
- CVE-2012-5627-bug1172090-5.6
- Merge into 5.6
Proposed by
Sergei Glushchenko
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Approved by: | Laurynas Biveinis | ||||||||
Approved revision: | no longer in the source branch. | ||||||||
Merged at revision: | 344 | ||||||||
Proposed branch: | lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.6 | ||||||||
Merge into: | lp:percona-server/5.6 | ||||||||
Diff against target: |
758 lines (+357/-171) 11 files modified
Percona-Server/client/mysqltest.cc (+4/-1) Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0) Percona-Server/mysql-test/r/failed_auth_3909.result (+20/-0) Percona-Server/mysql-test/r/mysqltest.result (+3/-3) Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0) Percona-Server/mysql-test/t/failed_auth_3909.test (+37/-0) Percona-Server/sql/sql_acl.cc (+48/-6) Percona-Server/sql/sql_class.cc (+1/-0) Percona-Server/sql/sql_class.h (+1/-0) Percona-Server/sql/sql_parse.cc (+18/-1) Percona-Server/tests/mysql_client_test.c (+196/-160) |
||||||||
To merge this branch: | bzr merge lp:~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.6 | ||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Laurynas Biveinis (community) | Approve | ||
Review via email: mp+161800@code.launchpad.net |
Commit message
Description of the change
This is a manual merge fix for #1172090, #1171941 from 5.6
http://
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'Percona-Server/client/mysqltest.cc' |
2 | --- Percona-Server/client/mysqltest.cc 2013-03-05 12:46:43 +0000 |
3 | +++ Percona-Server/client/mysqltest.cc 2013-05-01 09:25:43 +0000 |
4 | @@ -4165,7 +4165,10 @@ |
5 | cur_con->name, ds_user.str, ds_passwd.str, ds_db.str)); |
6 | |
7 | if (mysql_change_user(mysql, ds_user.str, ds_passwd.str, ds_db.str)) |
8 | - die("change user failed: %s", mysql_error(mysql)); |
9 | + handle_error(command, mysql_errno(mysql), mysql_error(mysql), |
10 | + mysql_sqlstate(mysql), &ds_res); |
11 | + else |
12 | + handle_no_error(command); |
13 | |
14 | dynstr_free(&ds_user); |
15 | dynstr_free(&ds_passwd); |
16 | |
17 | === added file 'Percona-Server/mysql-test/r/change_user_notembedded.result' |
18 | --- Percona-Server/mysql-test/r/change_user_notembedded.result 1970-01-01 00:00:00 +0000 |
19 | +++ Percona-Server/mysql-test/r/change_user_notembedded.result 2013-05-01 09:25:43 +0000 |
20 | @@ -0,0 +1,5 @@ |
21 | +ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) |
22 | +ERROR 28000: Access denied for user 'foo'@'localhost' (using password: NO) |
23 | +ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) |
24 | +ERROR 08S01: Unknown command |
25 | +ERROR 08S01: Unknown command |
26 | |
27 | === added file 'Percona-Server/mysql-test/r/failed_auth_3909.result' |
28 | --- Percona-Server/mysql-test/r/failed_auth_3909.result 1970-01-01 00:00:00 +0000 |
29 | +++ Percona-Server/mysql-test/r/failed_auth_3909.result 2013-05-01 09:25:43 +0000 |
30 | @@ -0,0 +1,20 @@ |
31 | +optimize table mysql.user; |
32 | +Table Op Msg_type Msg_text |
33 | +mysql.user optimize status OK |
34 | +insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar'); |
35 | +Warnings: |
36 | +Warning 1364 Field 'ssl_cipher' doesn't have a default value |
37 | +Warning 1364 Field 'x509_issuer' doesn't have a default value |
38 | +Warning 1364 Field 'x509_subject' doesn't have a default value |
39 | +flush privileges; |
40 | +connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET); |
41 | +ERROR HY000: Plugin 'bar' is not loaded |
42 | +connect(localhost,u2,,test,MASTER_PORT,MASTER_SOCKET); |
43 | +ERROR 28000: Access denied for user 'u2'@'localhost' (using password: NO) |
44 | +connect(localhost,u2,password,test,MASTER_PORT,MASTER_SOCKET); |
45 | +ERROR 28000: Access denied for user 'u2'@'localhost' (using password: YES) |
46 | +ERROR HY000: Plugin 'bar' is not loaded |
47 | +ERROR 28000: Access denied for user 'u2'@'localhost' (using password: NO) |
48 | +ERROR 28000: Access denied for user 'u2'@'localhost' (using password: YES) |
49 | +delete from mysql.user where plugin = 'bar'; |
50 | +flush privileges; |
51 | |
52 | === modified file 'Percona-Server/mysql-test/r/mysqltest.result' |
53 | --- Percona-Server/mysql-test/r/mysqltest.result 2012-08-22 01:40:20 +0000 |
54 | +++ Percona-Server/mysql-test/r/mysqltest.result 2013-05-01 09:25:43 +0000 |
55 | @@ -929,9 +929,9 @@ |
56 | b varchar(255) YES NULL |
57 | c datetime YES NULL |
58 | drop table t1; |
59 | -mysqltest: At line 1: change user failed: Unknown database 'inexistent' |
60 | -mysqltest: At line 1: change user failed: Access denied for user 'inexistent'@'localhost' (using password: NO) |
61 | -mysqltest: At line 1: change user failed: Access denied for user 'root'@'localhost' (using password: YES) |
62 | +mysqltest: At line 1: query 'change_user root,,inexistent' failed: 1049: Unknown database 'inexistent' |
63 | +mysqltest: At line 1: query 'change_user inexistent,,test' failed: 1045: Access denied for user 'inexistent'@'localhost' (using password: NO) |
64 | +mysqltest: At line 1: query 'change_user root,inexistent,test' failed: 1045: Access denied for user 'root'@'localhost' (using password: YES) |
65 | REPLACED_FILE1.txt |
66 | file1.txt |
67 | file2.txt |
68 | |
69 | === added file 'Percona-Server/mysql-test/t/change_user_notembedded.test' |
70 | --- Percona-Server/mysql-test/t/change_user_notembedded.test 1970-01-01 00:00:00 +0000 |
71 | +++ Percona-Server/mysql-test/t/change_user_notembedded.test 2013-05-01 09:25:43 +0000 |
72 | @@ -0,0 +1,24 @@ |
73 | +source include/not_embedded.inc; |
74 | + |
75 | +# |
76 | +# MDEV-3915 COM_CHANGE_USER allows fast password brute-forcing |
77 | +# |
78 | +# only three failed change_user per connection. |
79 | +# successful change_user do NOT reset the counter |
80 | +# |
81 | +connect (test,localhost,root,,); |
82 | +connection test; |
83 | +--error 1045 |
84 | +change_user foo,bar; |
85 | +--error 1045 |
86 | +change_user foo; |
87 | +change_user; |
88 | +--error 1045 |
89 | +change_user foo,bar; |
90 | +--error 1047 |
91 | +change_user foo,bar; |
92 | +--error 1047 |
93 | +change_user; |
94 | +disconnect test; |
95 | +connection default; |
96 | + |
97 | |
98 | === added file 'Percona-Server/mysql-test/t/failed_auth_3909.test' |
99 | --- Percona-Server/mysql-test/t/failed_auth_3909.test 1970-01-01 00:00:00 +0000 |
100 | +++ Percona-Server/mysql-test/t/failed_auth_3909.test 2013-05-01 09:25:43 +0000 |
101 | @@ -0,0 +1,37 @@ |
102 | +source include/not_embedded.inc; |
103 | + |
104 | +# |
105 | +# MDEV-3909 remote user enumeration |
106 | +# |
107 | +# verify that for some failed login attemps (with wrong user names) |
108 | +# the server requests a plugin |
109 | +# |
110 | +optimize table mysql.user; |
111 | +insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar'); |
112 | +flush privileges; |
113 | + |
114 | +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT |
115 | +--error ER_PLUGIN_IS_NOT_LOADED |
116 | +connect (fail,localhost,u1); |
117 | + |
118 | +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT |
119 | +--error ER_ACCESS_DENIED_ERROR |
120 | +connect (fail,localhost,u2); |
121 | + |
122 | +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT |
123 | +--error ER_ACCESS_DENIED_ERROR |
124 | +connect (fail,localhost,u2,password); |
125 | + |
126 | +--error ER_PLUGIN_IS_NOT_LOADED |
127 | +change_user u1; |
128 | + |
129 | +--error ER_ACCESS_DENIED_ERROR |
130 | +change_user u2; |
131 | + |
132 | +--error ER_ACCESS_DENIED_ERROR |
133 | +change_user u2,password; |
134 | + |
135 | +delete from mysql.user where plugin = 'bar'; |
136 | +flush privileges; |
137 | + |
138 | + |
139 | |
140 | === modified file 'Percona-Server/sql/sql_acl.cc' |
141 | --- Percona-Server/sql/sql_acl.cc 2013-03-05 12:46:43 +0000 |
142 | +++ Percona-Server/sql/sql_acl.cc 2013-05-01 09:25:43 +0000 |
143 | @@ -9126,6 +9126,7 @@ |
144 | uint pkt_len; |
145 | } cached_server_packet; |
146 | int packets_read, packets_written; ///< counters for send/received packets |
147 | + bool make_it_fail; |
148 | /** when plugin returns a failure this tells us what really happened */ |
149 | enum { SUCCESS, FAILURE, RESTART } status; |
150 | |
151 | @@ -9488,14 +9489,14 @@ |
152 | /** |
153 | Finds acl entry in user database for authentication purposes. |
154 | |
155 | - Finds a user and copies it into mpvio. Reports an authentication |
156 | - failure if a user is not found. |
157 | + Finds a user and copies it into mpvio. Creates a fake user |
158 | + if no matching user account is found. |
159 | |
160 | @note find_acl_user is not the same, because it doesn't take into |
161 | account the case when user is not empty, but acl_user->user is empty |
162 | |
163 | @retval 0 found |
164 | - @retval 1 not found |
165 | + @retval 1 error |
166 | */ |
167 | static bool find_mpvio_user(MPVIO_EXT *mpvio) |
168 | { |
169 | @@ -9530,8 +9531,32 @@ |
170 | |
171 | if (!mpvio->acl_user) |
172 | { |
173 | - login_failed_error(mpvio, mpvio->auth_info.password_used); |
174 | - DBUG_RETURN (1); |
175 | + /* |
176 | + A matching user was not found. Fake it. Take any user, make the |
177 | + authentication fail later. |
178 | + This way we get a realistically looking failure, with occasional |
179 | + "change auth plugin" requests even for nonexistent users. The ratio |
180 | + of "change auth plugin" request will be the same for real and |
181 | + nonexistent users. |
182 | + Note, that we cannot pick any user at random, it must always be |
183 | + the same user account for the incoming sctx->user name. |
184 | + */ |
185 | + ulong nr1=1, nr2=4; |
186 | + CHARSET_INFO *cs= &my_charset_latin1; |
187 | + cs->coll->hash_sort(cs, (uchar*) mpvio->auth_info.user_name, |
188 | + mpvio->auth_info.user_name_length, &nr1, &nr2); |
189 | + |
190 | + mysql_mutex_lock(&acl_cache->lock); |
191 | + uint i= nr1 % acl_users.elements; |
192 | + ACL_USER *acl_user_tmp= dynamic_element(&acl_users, i, ACL_USER*); |
193 | + mpvio->acl_user= acl_user_tmp->copy(mpvio->mem_root); |
194 | + make_lex_string_root(mpvio->mem_root, |
195 | + &mpvio->acl_user_plugin, |
196 | + acl_user_tmp->plugin.str, |
197 | + acl_user_tmp->plugin.length, 0); |
198 | + mysql_mutex_unlock(&acl_cache->lock); |
199 | + |
200 | + mpvio->make_it_fail= true; |
201 | } |
202 | |
203 | if (my_strcasecmp(system_charset_info, mpvio->acl_user->plugin.str, |
204 | @@ -9638,6 +9663,9 @@ |
205 | uint passwd_len= (mpvio->client_capabilities & CLIENT_SECURE_CONNECTION ? |
206 | (uchar) (*passwd++) : strlen(passwd)); |
207 | |
208 | + if (passwd_len) |
209 | + mpvio->auth_info.password_used= PASSWORD_USED_YES; |
210 | + |
211 | db+= passwd_len + 1; |
212 | /* |
213 | Database name is always NUL-terminated, so in case of empty database |
214 | @@ -10431,6 +10459,10 @@ |
215 | *buf= (uchar*) mpvio->cached_client_reply.pkt; |
216 | mpvio->cached_client_reply.pkt= 0; |
217 | mpvio->packets_read++; |
218 | + |
219 | + if (mpvio->make_it_fail) |
220 | + goto err; |
221 | + |
222 | DBUG_RETURN ((int) mpvio->cached_client_reply.pkt_len); |
223 | } |
224 | |
225 | @@ -10473,12 +10505,21 @@ |
226 | else |
227 | *buf= mpvio->net->read_pos; |
228 | |
229 | + if (mpvio->make_it_fail) |
230 | + goto err; |
231 | + |
232 | DBUG_RETURN((int)pkt_len); |
233 | |
234 | err: |
235 | if (mpvio->status == MPVIO_EXT::FAILURE) |
236 | { |
237 | - my_error(ER_HANDSHAKE_ERROR, MYF(0)); |
238 | + if (!current_thd->is_error()) |
239 | + { |
240 | + if (mpvio->make_it_fail) |
241 | + login_failed_error(mpvio, mpvio->auth_info.password_used); |
242 | + else |
243 | + my_error(ER_HANDSHAKE_ERROR, MYF(0)); |
244 | + } |
245 | } |
246 | DBUG_RETURN(-1); |
247 | } |
248 | @@ -10686,6 +10727,7 @@ |
249 | #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */ |
250 | mpvio->vio_is_encrypted= 0; |
251 | mpvio->status= MPVIO_EXT::FAILURE; |
252 | + mpvio->make_it_fail= false; |
253 | |
254 | mpvio->client_capabilities= thd->client_capabilities; |
255 | mpvio->mem_root= thd->mem_root; |
256 | |
257 | === modified file 'Percona-Server/sql/sql_class.cc' |
258 | --- Percona-Server/sql/sql_class.cc 2013-03-05 12:46:43 +0000 |
259 | +++ Percona-Server/sql/sql_class.cc 2013-05-01 09:25:43 +0000 |
260 | @@ -899,6 +899,7 @@ |
261 | first_successful_insert_id_in_prev_stmt_for_binlog(0), |
262 | first_successful_insert_id_in_cur_stmt(0), |
263 | stmt_depends_on_first_successful_insert_id_in_prev_stmt(FALSE), |
264 | + failed_com_change_user(0), |
265 | m_examined_row_count(0), |
266 | m_statement_psi(NULL), |
267 | m_idle_psi(NULL), |
268 | |
269 | === modified file 'Percona-Server/sql/sql_class.h' |
270 | --- Percona-Server/sql/sql_class.h 2013-03-05 12:46:43 +0000 |
271 | +++ Percona-Server/sql/sql_class.h 2013-05-01 09:25:43 +0000 |
272 | @@ -2641,6 +2641,7 @@ |
273 | } |
274 | |
275 | ha_rows cuted_fields; |
276 | + uint8 failed_com_change_user; |
277 | |
278 | private: |
279 | /** |
280 | |
281 | === modified file 'Percona-Server/sql/sql_parse.cc' |
282 | --- Percona-Server/sql/sql_parse.cc 2013-03-31 06:08:39 +0000 |
283 | +++ Percona-Server/sql/sql_parse.cc 2013-05-01 09:25:43 +0000 |
284 | @@ -1252,7 +1252,22 @@ |
285 | const CHARSET_INFO *save_character_set_results= |
286 | thd->variables.character_set_results; |
287 | |
288 | - auth_rc= acl_authenticate(thd, packet_length); |
289 | + /* Ensure we don't free security_ctx->user in case we have to revert */ |
290 | + thd->security_ctx->user= 0; |
291 | + thd->set_user_connect(0); |
292 | + |
293 | + /* |
294 | + to limit COM_CHANGE_USER ability to brute-force passwords, |
295 | + we only allow three unsuccessful COM_CHANGE_USER per connection. |
296 | + */ |
297 | + if (thd->failed_com_change_user >= 3) |
298 | + { |
299 | + my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); |
300 | + auth_rc= 1; |
301 | + } |
302 | + else |
303 | + auth_rc= acl_authenticate(thd, packet_length); |
304 | + |
305 | MYSQL_AUDIT_NOTIFY_CONNECTION_CHANGE_USER(thd); |
306 | if (auth_rc) |
307 | { |
308 | @@ -1264,6 +1279,8 @@ |
309 | thd->variables.collation_connection= save_collation_connection; |
310 | thd->variables.character_set_results= save_character_set_results; |
311 | thd->update_charset(); |
312 | + thd->failed_com_change_user++; |
313 | + my_sleep(1000000); |
314 | } |
315 | else |
316 | { |
317 | |
318 | === modified file 'Percona-Server/tests/mysql_client_test.c' |
319 | --- Percona-Server/tests/mysql_client_test.c 2013-03-05 12:46:43 +0000 |
320 | +++ Percona-Server/tests/mysql_client_test.c 2013-05-01 09:25:43 +0000 |
321 | @@ -16266,6 +16266,7 @@ |
322 | const char *pw= "password"; |
323 | const char *db= "mysqltest_user_test_database"; |
324 | int rc; |
325 | + MYSQL *conn; |
326 | |
327 | DBUG_ENTER("test_change_user"); |
328 | myheader("test_change_user"); |
329 | @@ -16309,149 +16310,173 @@ |
330 | rc= mysql_query(mysql, buff); |
331 | myquery(rc); |
332 | |
333 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
334 | |
335 | /* Try some combinations */ |
336 | - rc= mysql_change_user(mysql, NULL, NULL, NULL); |
337 | - DIE_UNLESS(rc); |
338 | - if (! opt_silent) |
339 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
340 | - |
341 | - |
342 | - rc= mysql_change_user(mysql, "", NULL, NULL); |
343 | - DIE_UNLESS(rc); |
344 | - if (! opt_silent) |
345 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
346 | - |
347 | - rc= mysql_change_user(mysql, "", "", NULL); |
348 | - DIE_UNLESS(rc); |
349 | - if (! opt_silent) |
350 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
351 | - |
352 | - rc= mysql_change_user(mysql, "", "", ""); |
353 | - DIE_UNLESS(rc); |
354 | - if (! opt_silent) |
355 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
356 | - |
357 | - rc= mysql_change_user(mysql, NULL, "", ""); |
358 | - DIE_UNLESS(rc); |
359 | - if (! opt_silent) |
360 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
361 | - |
362 | - |
363 | - rc= mysql_change_user(mysql, NULL, NULL, ""); |
364 | - DIE_UNLESS(rc); |
365 | - if (! opt_silent) |
366 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
367 | - |
368 | - rc= mysql_change_user(mysql, "", NULL, ""); |
369 | - DIE_UNLESS(rc); |
370 | - if (! opt_silent) |
371 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
372 | - |
373 | - rc= mysql_change_user(mysql, user_pw, NULL, ""); |
374 | - DIE_UNLESS(rc); |
375 | - if (! opt_silent) |
376 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
377 | - |
378 | - rc= mysql_change_user(mysql, user_pw, "", ""); |
379 | - DIE_UNLESS(rc); |
380 | - if (! opt_silent) |
381 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
382 | - |
383 | - rc= mysql_change_user(mysql, user_pw, "", NULL); |
384 | - DIE_UNLESS(rc); |
385 | - if (! opt_silent) |
386 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
387 | - |
388 | - rc= mysql_change_user(mysql, user_pw, NULL, NULL); |
389 | - DIE_UNLESS(rc); |
390 | - if (! opt_silent) |
391 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
392 | - |
393 | - rc= mysql_change_user(mysql, user_pw, "", db); |
394 | - DIE_UNLESS(rc); |
395 | - if (! opt_silent) |
396 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
397 | - |
398 | - rc= mysql_change_user(mysql, user_pw, NULL, db); |
399 | - DIE_UNLESS(rc); |
400 | - if (! opt_silent) |
401 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
402 | - |
403 | - rc= mysql_change_user(mysql, user_pw, pw, db); |
404 | - myquery(rc); |
405 | - |
406 | - rc= mysql_change_user(mysql, user_pw, pw, NULL); |
407 | - myquery(rc); |
408 | - |
409 | - rc= mysql_change_user(mysql, user_pw, pw, ""); |
410 | - myquery(rc); |
411 | - |
412 | - rc= mysql_change_user(mysql, user_no_pw, pw, db); |
413 | - DIE_UNLESS(rc); |
414 | - if (! opt_silent) |
415 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
416 | - |
417 | - rc= mysql_change_user(mysql, user_no_pw, pw, ""); |
418 | - DIE_UNLESS(rc); |
419 | - if (! opt_silent) |
420 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
421 | - |
422 | - rc= mysql_change_user(mysql, user_no_pw, pw, NULL); |
423 | - DIE_UNLESS(rc); |
424 | - if (! opt_silent) |
425 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
426 | - |
427 | - rc= mysql_change_user(mysql, user_no_pw, "", NULL); |
428 | - myquery(rc); |
429 | - |
430 | - rc= mysql_change_user(mysql, user_no_pw, "", ""); |
431 | - myquery(rc); |
432 | - |
433 | - rc= mysql_change_user(mysql, user_no_pw, "", db); |
434 | - myquery(rc); |
435 | - |
436 | - rc= mysql_change_user(mysql, user_no_pw, NULL, db); |
437 | - myquery(rc); |
438 | - |
439 | - rc= mysql_change_user(mysql, "", pw, db); |
440 | - DIE_UNLESS(rc); |
441 | - if (! opt_silent) |
442 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
443 | - |
444 | - rc= mysql_change_user(mysql, "", pw, ""); |
445 | - DIE_UNLESS(rc); |
446 | - if (! opt_silent) |
447 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
448 | - |
449 | - rc= mysql_change_user(mysql, "", pw, NULL); |
450 | - DIE_UNLESS(rc); |
451 | - if (! opt_silent) |
452 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
453 | - |
454 | - rc= mysql_change_user(mysql, NULL, pw, NULL); |
455 | - DIE_UNLESS(rc); |
456 | - if (! opt_silent) |
457 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
458 | - |
459 | - rc= mysql_change_user(mysql, NULL, NULL, db); |
460 | - DIE_UNLESS(rc); |
461 | - if (! opt_silent) |
462 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
463 | - |
464 | - rc= mysql_change_user(mysql, NULL, "", db); |
465 | - DIE_UNLESS(rc); |
466 | - if (! opt_silent) |
467 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
468 | - |
469 | - rc= mysql_change_user(mysql, "", "", db); |
470 | - DIE_UNLESS(rc); |
471 | - if (! opt_silent) |
472 | - printf("Got error (as expected): %s\n", mysql_error(mysql)); |
473 | + rc= mysql_change_user(conn, NULL, NULL, NULL); |
474 | + DIE_UNLESS(rc); |
475 | + if (! opt_silent) |
476 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
477 | + |
478 | + |
479 | + rc= mysql_change_user(conn, "", NULL, NULL); |
480 | + DIE_UNLESS(rc); |
481 | + if (! opt_silent) |
482 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
483 | + |
484 | + rc= mysql_change_user(conn, "", "", NULL); |
485 | + DIE_UNLESS(rc); |
486 | + if (! opt_silent) |
487 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
488 | + |
489 | + mysql_close(conn); |
490 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
491 | + |
492 | + rc= mysql_change_user(conn, "", "", ""); |
493 | + DIE_UNLESS(rc); |
494 | + if (! opt_silent) |
495 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
496 | + |
497 | + rc= mysql_change_user(conn, NULL, "", ""); |
498 | + DIE_UNLESS(rc); |
499 | + if (! opt_silent) |
500 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
501 | + |
502 | + |
503 | + rc= mysql_change_user(conn, NULL, NULL, ""); |
504 | + DIE_UNLESS(rc); |
505 | + if (! opt_silent) |
506 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
507 | + |
508 | + mysql_close(conn); |
509 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
510 | + |
511 | + rc= mysql_change_user(conn, "", NULL, ""); |
512 | + DIE_UNLESS(rc); |
513 | + if (! opt_silent) |
514 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
515 | + |
516 | + rc= mysql_change_user(conn, user_pw, NULL, ""); |
517 | + DIE_UNLESS(rc); |
518 | + if (! opt_silent) |
519 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
520 | + |
521 | + rc= mysql_change_user(conn, user_pw, "", ""); |
522 | + DIE_UNLESS(rc); |
523 | + if (! opt_silent) |
524 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
525 | + |
526 | + mysql_close(conn); |
527 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
528 | + |
529 | + rc= mysql_change_user(conn, user_pw, "", NULL); |
530 | + DIE_UNLESS(rc); |
531 | + if (! opt_silent) |
532 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
533 | + |
534 | + rc= mysql_change_user(conn, user_pw, NULL, NULL); |
535 | + DIE_UNLESS(rc); |
536 | + if (! opt_silent) |
537 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
538 | + |
539 | + rc= mysql_change_user(conn, user_pw, "", db); |
540 | + DIE_UNLESS(rc); |
541 | + if (! opt_silent) |
542 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
543 | + |
544 | + mysql_close(conn); |
545 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
546 | + |
547 | + rc= mysql_change_user(conn, user_pw, NULL, db); |
548 | + DIE_UNLESS(rc); |
549 | + if (! opt_silent) |
550 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
551 | + |
552 | + rc= mysql_change_user(conn, user_pw, pw, db); |
553 | + myquery(rc); |
554 | + |
555 | + rc= mysql_change_user(conn, user_pw, pw, NULL); |
556 | + myquery(rc); |
557 | + |
558 | + rc= mysql_change_user(conn, user_pw, pw, ""); |
559 | + myquery(rc); |
560 | + |
561 | + rc= mysql_change_user(conn, user_no_pw, pw, db); |
562 | + DIE_UNLESS(rc); |
563 | + if (! opt_silent) |
564 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
565 | + |
566 | + rc= mysql_change_user(conn, user_no_pw, pw, ""); |
567 | + DIE_UNLESS(rc); |
568 | + if (! opt_silent) |
569 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
570 | + |
571 | + mysql_close(conn); |
572 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
573 | + |
574 | + rc= mysql_change_user(conn, user_no_pw, pw, NULL); |
575 | + DIE_UNLESS(rc); |
576 | + if (! opt_silent) |
577 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
578 | + |
579 | + rc= mysql_change_user(conn, user_no_pw, "", NULL); |
580 | + myquery(rc); |
581 | + |
582 | + rc= mysql_change_user(conn, user_no_pw, "", ""); |
583 | + myquery(rc); |
584 | + |
585 | + rc= mysql_change_user(conn, user_no_pw, "", db); |
586 | + myquery(rc); |
587 | + |
588 | + rc= mysql_change_user(conn, user_no_pw, NULL, db); |
589 | + myquery(rc); |
590 | + |
591 | + rc= mysql_change_user(conn, "", pw, db); |
592 | + DIE_UNLESS(rc); |
593 | + if (! opt_silent) |
594 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
595 | + |
596 | + rc= mysql_change_user(conn, "", pw, ""); |
597 | + DIE_UNLESS(rc); |
598 | + if (! opt_silent) |
599 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
600 | + |
601 | + mysql_close(conn); |
602 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
603 | + |
604 | + rc= mysql_change_user(conn, "", pw, NULL); |
605 | + DIE_UNLESS(rc); |
606 | + if (! opt_silent) |
607 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
608 | + |
609 | + rc= mysql_change_user(conn, NULL, pw, NULL); |
610 | + DIE_UNLESS(rc); |
611 | + if (! opt_silent) |
612 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
613 | + |
614 | + rc= mysql_change_user(conn, NULL, NULL, db); |
615 | + DIE_UNLESS(rc); |
616 | + if (! opt_silent) |
617 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
618 | + |
619 | + mysql_close(conn); |
620 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
621 | + |
622 | + rc= mysql_change_user(conn, NULL, "", db); |
623 | + DIE_UNLESS(rc); |
624 | + if (! opt_silent) |
625 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
626 | + |
627 | + rc= mysql_change_user(conn, "", "", db); |
628 | + DIE_UNLESS(rc); |
629 | + if (! opt_silent) |
630 | + printf("Got error (as expected): %s\n", mysql_error(conn)); |
631 | |
632 | /* Cleanup the environment */ |
633 | |
634 | - mysql_change_user(mysql, opt_user, opt_password, current_db); |
635 | + mysql_change_user(conn, opt_user, opt_password, current_db); |
636 | + |
637 | + mysql_close(conn); |
638 | |
639 | sprintf(buff, "drop database %s", db); |
640 | rc= mysql_query(mysql, buff); |
641 | @@ -17114,30 +17139,36 @@ |
642 | static char db[NAME_CHAR_LEN+1]; |
643 | static char query[LARGE_BUFFER_SIZE*2]; |
644 | #endif |
645 | + MYSQL* conn; |
646 | |
647 | DBUG_ENTER("test_bug31669"); |
648 | myheader("test_bug31669"); |
649 | |
650 | - rc= mysql_change_user(mysql, NULL, NULL, NULL); |
651 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
652 | + |
653 | + rc= mysql_change_user(conn, NULL, NULL, NULL); |
654 | DIE_UNLESS(rc); |
655 | |
656 | - rc= mysql_change_user(mysql, "", "", ""); |
657 | + rc= mysql_change_user(conn, "", "", ""); |
658 | DIE_UNLESS(rc); |
659 | |
660 | memset(buff, 'a', sizeof(buff)); |
661 | buff[sizeof(buff) - 1] = '\0'; |
662 | |
663 | - rc= mysql_change_user(mysql, buff, buff, buff); |
664 | + mysql_close(conn); |
665 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
666 | + |
667 | + rc= mysql_change_user(conn, buff, buff, buff); |
668 | DIE_UNLESS(rc); |
669 | |
670 | - rc = mysql_change_user(mysql, opt_user, opt_password, current_db); |
671 | + rc = mysql_change_user(conn, opt_user, opt_password, current_db); |
672 | DIE_UNLESS(!rc); |
673 | |
674 | #ifndef EMBEDDED_LIBRARY |
675 | memset(db, 'a', sizeof(db)); |
676 | db[NAME_CHAR_LEN]= 0; |
677 | strxmov(query, "CREATE DATABASE IF NOT EXISTS ", db, NullS); |
678 | - rc= mysql_query(mysql, query); |
679 | + rc= mysql_query(conn, query); |
680 | myquery(rc); |
681 | |
682 | memset(user, 'b', sizeof(user)); |
683 | @@ -17146,54 +17177,59 @@ |
684 | buff[LARGE_BUFFER_SIZE]= 0; |
685 | strxmov(query, "GRANT ALL PRIVILEGES ON *.* TO '", user, "'@'%' IDENTIFIED BY " |
686 | "'", buff, "' WITH GRANT OPTION", NullS); |
687 | - rc= mysql_query(mysql, query); |
688 | + rc= mysql_query(conn, query); |
689 | myquery(rc); |
690 | |
691 | strxmov(query, "GRANT ALL PRIVILEGES ON *.* TO '", user, "'@'localhost' IDENTIFIED BY " |
692 | "'", buff, "' WITH GRANT OPTION", NullS); |
693 | - rc= mysql_query(mysql, query); |
694 | - myquery(rc); |
695 | - |
696 | - rc= mysql_query(mysql, "FLUSH PRIVILEGES"); |
697 | - myquery(rc); |
698 | - |
699 | - rc= mysql_change_user(mysql, user, buff, db); |
700 | + rc= mysql_query(conn, query); |
701 | + myquery(rc); |
702 | + |
703 | + rc= mysql_query(conn, "FLUSH PRIVILEGES"); |
704 | + myquery(rc); |
705 | + |
706 | + rc= mysql_change_user(conn, user, buff, db); |
707 | DIE_UNLESS(!rc); |
708 | |
709 | user[USERNAME_CHAR_LENGTH-1]= 'a'; |
710 | - rc= mysql_change_user(mysql, user, buff, db); |
711 | + rc= mysql_change_user(conn, user, buff, db); |
712 | DIE_UNLESS(rc); |
713 | |
714 | user[USERNAME_CHAR_LENGTH-1]= 'b'; |
715 | buff[LARGE_BUFFER_SIZE-1]= 'd'; |
716 | - rc= mysql_change_user(mysql, user, buff, db); |
717 | + rc= mysql_change_user(conn, user, buff, db); |
718 | DIE_UNLESS(rc); |
719 | |
720 | buff[LARGE_BUFFER_SIZE-1]= 'c'; |
721 | db[NAME_CHAR_LEN-1]= 'e'; |
722 | - rc= mysql_change_user(mysql, user, buff, db); |
723 | + rc= mysql_change_user(conn, user, buff, db); |
724 | DIE_UNLESS(rc); |
725 | |
726 | + mysql_close(conn); |
727 | + conn= client_connect(0, MYSQL_PROTOCOL_TCP, 0); |
728 | + |
729 | db[NAME_CHAR_LEN-1]= 'a'; |
730 | - rc= mysql_change_user(mysql, user, buff, db); |
731 | + rc= mysql_change_user(conn, user, buff, db); |
732 | DIE_UNLESS(!rc); |
733 | |
734 | - rc= mysql_change_user(mysql, user + 1, buff + 1, db + 1); |
735 | + rc= mysql_change_user(conn, user + 1, buff + 1, db + 1); |
736 | DIE_UNLESS(rc); |
737 | |
738 | - rc = mysql_change_user(mysql, opt_user, opt_password, current_db); |
739 | + rc = mysql_change_user(conn, opt_user, opt_password, current_db); |
740 | DIE_UNLESS(!rc); |
741 | |
742 | strxmov(query, "DROP DATABASE ", db, NullS); |
743 | - rc= mysql_query(mysql, query); |
744 | + rc= mysql_query(conn, query); |
745 | myquery(rc); |
746 | |
747 | strxmov(query, "DELETE FROM mysql.user WHERE User='", user, "'", NullS); |
748 | - rc= mysql_query(mysql, query); |
749 | + rc= mysql_query(conn, query); |
750 | myquery(rc); |
751 | - DIE_UNLESS(mysql_affected_rows(mysql) == 2); |
752 | + DIE_UNLESS(mysql_affected_rows(conn) == 2); |
753 | #endif |
754 | |
755 | + mysql_close(conn); |
756 | + |
757 | DBUG_VOID_RETURN; |
758 | } |
759 |
Same comment as for 5.5, also the sql_acl.cc bit in rev 342 belongs to 343 instead. It is benign enough though.