Percona Server moved to https://jira.percona.com/projects/PS

Merge lp:~vlad-lesin/percona-server/5.5-bug-1354988 into lp:percona-server/5.5

  1. 5.5-bug-1354988
  2. Merge into 5.5
Proposed by Vlad Lesin on 2015-01-13
Status: Merged
Approved by: Laurynas Biveinis on 2015-02-13
Approved revision: 723
Merged at revision: 733
Proposed branch: lp:~vlad-lesin/percona-server/5.5-bug-1354988
Merge into: lp:percona-server/5.5
Diff against target: 255 lines (+125/-3)
5 files modified
mysql-test/r/grant.result (+13/-0)
mysql-test/r/grant_cache_no_prot.result (+2/-0)
mysql-test/r/percona_bug1354988.result (+50/-0)
mysql-test/t/percona_bug1354988.test (+53/-0)
sql/sql_acl.cc (+7/-3)
To merge this branch: bzr merge lp:~vlad-lesin/percona-server/5.5-bug-1354988
Reviewer Review Type Date Requested Status
Laurynas Biveinis (community) 2015-01-13 Approve on 2015-02-13
Review via email: mp+246277@code.launchpad.net

Description of the change

Bug #1354988 fix.

Use compare_hostname() function instead of my_strcasecmp() in mysql_show_grants().

To post a comment you must log in.
Vlad Lesin (vlad-lesin) wrote :
Laurynas Biveinis (laurynas-biveinis) wrote :

    - Grepping mysql_show_grants call tree for my_strcasecmp shows
      that the issue is fixed for database-level grants but should
      continue to exist for table, column and routine-level
      grants. This becomes quite unorthogonal, can you check this,
      expand the testcase, and fix this too?

    - Once the patch is reviewed, please make a patch against MySQL
      and submit by OCA to upstream 53645.

review: Needs Fixing
Vlad Lesin (vlad-lesin) wrote :

> - Grepping mysql_show_grants call tree for my_strcasecmp shows
> that the issue is fixed for database-level grants but should
> continue to exist for table, column and routine-level
> grants. This becomes quite unorthogonal, can you check this,
> expand the testcase, and fix this too?
Yes, you are right, I fixed mysql_show_grants() and it's subroutines so host name is compared with wildcards for all grant levels.

> - Once the patch is reviewed, please make a patch against MySQL
> and submit by OCA to upstream 53645.
Will do after code review.

http://jenkins.percona.com/view/PS%205.5/job/percona-server-5.5-param/1090/

Laurynas Biveinis (laurynas-biveinis) :
review: Approve
Vlad Lesin (vlad-lesin) wrote :

The patches for 5.5 and 5.6 are submitted by OCA for upstream 53645.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'mysql-test/r/grant.result'
2--- mysql-test/r/grant.result 2011-03-21 14:22:13 +0000
3+++ mysql-test/r/grant.result 2015-02-09 13:05:43 +0000
4@@ -777,6 +777,7 @@
5 Grants for mysqltest1@192.%
6 GRANT USAGE ON *.* TO 'mysqltest1'@'192.%'
7 GRANT SELECT ON `mysqltest`.`t1` TO 'mysqltest1'@'192.%'
8+GRANT DELETE ON `mysqltest`.`t1` TO 'mysqltest1'@'%'
9 show grants for mysqltest1@'%';
10 Grants for mysqltest1@%
11 GRANT USAGE ON *.* TO 'mysqltest1'@'%'
12@@ -832,6 +833,7 @@
13 Grants for mysqltest_8@%
14 GRANT USAGE ON *.* TO 'mysqltest_8'@'%'
15 GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'%'
16+GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@''
17 select * from information_schema.schema_privileges
18 where grantee like "'mysqltest_8'%";
19 GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
20@@ -871,6 +873,7 @@
21 show grants for mysqltest_8@'';
22 Grants for mysqltest_8@
23 GRANT USAGE ON *.* TO 'mysqltest_8'@''
24+GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%'
25 GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@''
26 show grants for mysqltest_8;
27 Grants for mysqltest_8@%
28@@ -880,11 +883,13 @@
29 show grants for mysqltest_8@'';
30 Grants for mysqltest_8@
31 GRANT USAGE ON *.* TO 'mysqltest_8'@''
32+GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%'
33 GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@''
34 show grants for mysqltest_8;
35 Grants for mysqltest_8@%
36 GRANT USAGE ON *.* TO 'mysqltest_8'@'%'
37 GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%'
38+GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@''
39 select * from information_schema.column_privileges;
40 GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE
41 'mysqltest_8'@'%' def test t1 a UPDATE NO
42@@ -914,6 +919,7 @@
43 show grants for mysqltest_8@'';
44 Grants for mysqltest_8@
45 GRANT USAGE ON *.* TO 'mysqltest_8'@''
46+GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%'
47 GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@''
48 show grants for mysqltest_8;
49 Grants for mysqltest_8@%
50@@ -923,11 +929,13 @@
51 show grants for mysqltest_8@'';
52 Grants for mysqltest_8@
53 GRANT USAGE ON *.* TO 'mysqltest_8'@''
54+GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%'
55 GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@''
56 show grants for mysqltest_8;
57 Grants for mysqltest_8@%
58 GRANT USAGE ON *.* TO 'mysqltest_8'@'%'
59 GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%'
60+GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@''
61 select * from information_schema.table_privileges;
62 GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
63 'mysqltest_8'@'%' def test t1 UPDATE NO
64@@ -960,12 +968,14 @@
65 show grants for mysqltest_8@'';
66 Grants for mysqltest_8@
67 GRANT USAGE ON *.* TO 'mysqltest_8'@''
68+GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%'
69 GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@''
70 GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@''
71 show grants for mysqltest_8;
72 Grants for mysqltest_8@%
73 GRANT USAGE ON *.* TO 'mysqltest_8'@'%'
74 GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%'
75+GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@''
76 select * from information_schema.user_privileges
77 where grantee like "'mysqltest_8'%";
78 GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
79@@ -978,12 +988,15 @@
80 show grants for mysqltest_8@'';
81 Grants for mysqltest_8@
82 GRANT USAGE ON *.* TO 'mysqltest_8'@''
83+GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%'
84 GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@''
85 GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@''
86 show grants for mysqltest_8;
87 Grants for mysqltest_8@%
88 GRANT USAGE ON *.* TO 'mysqltest_8'@'%'
89 GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%'
90+GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@''
91+GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@''
92 drop user mysqltest_8@'';
93 show grants for mysqltest_8@'';
94 ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host ''
95
96=== modified file 'mysql-test/r/grant_cache_no_prot.result'
97--- mysql-test/r/grant_cache_no_prot.result 2010-08-09 08:32:50 +0000
98+++ mysql-test/r/grant_cache_no_prot.result 2015-02-09 13:05:43 +0000
99@@ -121,6 +121,8 @@
100 show grants for current_user();
101 Grants for @localhost
102 GRANT USAGE ON *.* TO ''@'localhost'
103+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, EVENT, TRIGGER ON `test`.* TO ''@'%'
104+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, EVENT, TRIGGER ON `test\_%`.* TO ''@'%'
105 ----- establish connection user2 (user=mysqltest_2) -----
106 select "user2";
107 user2
108
109=== added file 'mysql-test/r/percona_bug1354988.result'
110--- mysql-test/r/percona_bug1354988.result 1970-01-01 00:00:00 +0000
111+++ mysql-test/r/percona_bug1354988.result 2015-02-09 13:05:43 +0000
112@@ -0,0 +1,50 @@
113+CREATE USER grantee@localhost IDENTIFIED BY 'grantee1';
114+CREATE USER grantee IDENTIFIED BY 'grantee2';
115+CREATE DATABASE db2;
116+CREATE DATABASE db3;
117+USE db3;
118+CREATE TABLE t1 (a INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, b INT(10) UNSIGNED NOT NULL DEFAULT 0);
119+CREATE TABLE t2 (a INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, b INT(10) UNSIGNED NOT NULL DEFAULT 0);
120+INSERT INTO t2 (b) VALUES (1), (2);
121+CREATE FUNCTION f1() RETURNS INT
122+BEGIN
123+RETURN 1;
124+END |
125+CREATE PROCEDURE p1()
126+BEGIN
127+SELECT 1;
128+END |
129+GRANT ALL PRIVILEGES ON db2.* TO grantee WITH GRANT OPTION;
130+GRANT SELECT(a) ON TABLE db3.t2 TO grantee WITH GRANT OPTION;
131+GRANT ALL PRIVILEGES ON TABLE db3.t1 TO grantee WITH GRANT OPTION;
132+GRANT ALL PRIVILEGES ON FUNCTION db3.f1 TO grantee WITH GRANT OPTION;
133+GRANT ALL PRIVILEGES ON PROCEDURE db3.p1 TO grantee WITH GRANT OPTION;
134+SELECT user(), current_user();
135+user() current_user()
136+grantee@localhost grantee@localhost
137+SHOW GRANTS;
138+Grants for grantee@localhost
139+GRANT USAGE ON *.* TO 'grantee'@'localhost' IDENTIFIED BY PASSWORD '*9823FF338D44DAF02422CF24DD1F879FB4F6B232'
140+GRANT ALL PRIVILEGES ON `db2`.* TO 'grantee'@'%' WITH GRANT OPTION
141+GRANT SELECT (a) ON `db3`.`t2` TO 'grantee'@'%' WITH GRANT OPTION
142+GRANT ALL PRIVILEGES ON `db3`.`t1` TO 'grantee'@'%' WITH GRANT OPTION
143+GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `db3`.`p1` TO 'grantee'@'%' WITH GRANT OPTION
144+GRANT EXECUTE, ALTER ROUTINE ON FUNCTION `db3`.`f1` TO 'grantee'@'%' WITH GRANT OPTION
145+USE db2;
146+CREATE TABLE t1(f1 int);
147+USE db3;
148+SELECT a FROM t2;
149+a
150+1
151+2
152+INSERT INTO t1 (b) VALUES (1), (2);
153+SELECT f1();
154+f1()
155+1
156+CALL p1();
157+1
158+1
159+DROP DATABASE db2;
160+DROP DATABASE db3;
161+DROP USER grantee@localhost;
162+DROP USER grantee;
163
164=== added file 'mysql-test/t/percona_bug1354988.test'
165--- mysql-test/t/percona_bug1354988.test 1970-01-01 00:00:00 +0000
166+++ mysql-test/t/percona_bug1354988.test 2015-02-09 13:05:43 +0000
167@@ -0,0 +1,53 @@
168+# The bug #1354988 test.
169+
170+CREATE USER grantee@localhost IDENTIFIED BY 'grantee1';
171+CREATE USER grantee IDENTIFIED BY 'grantee2';
172+
173+CREATE DATABASE db2;
174+
175+
176+CREATE DATABASE db3;
177+USE db3;
178+
179+CREATE TABLE t1 (a INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, b INT(10) UNSIGNED NOT NULL DEFAULT 0);
180+CREATE TABLE t2 (a INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, b INT(10) UNSIGNED NOT NULL DEFAULT 0);
181+INSERT INTO t2 (b) VALUES (1), (2);
182+
183+-- delimiter |
184+
185+CREATE FUNCTION f1() RETURNS INT
186+BEGIN
187+ RETURN 1;
188+END |
189+
190+CREATE PROCEDURE p1()
191+BEGIN
192+ SELECT 1;
193+END |
194+
195+-- delimiter ;
196+
197+GRANT ALL PRIVILEGES ON db2.* TO grantee WITH GRANT OPTION;
198+GRANT SELECT(a) ON TABLE db3.t2 TO grantee WITH GRANT OPTION;
199+GRANT ALL PRIVILEGES ON TABLE db3.t1 TO grantee WITH GRANT OPTION;
200+GRANT ALL PRIVILEGES ON FUNCTION db3.f1 TO grantee WITH GRANT OPTION;
201+GRANT ALL PRIVILEGES ON PROCEDURE db3.p1 TO grantee WITH GRANT OPTION;
202+
203+-- connect (con1, localhost, grantee,grantee1,)
204+-- connection con1
205+SELECT user(), current_user();
206+SHOW GRANTS;
207+USE db2;
208+CREATE TABLE t1(f1 int);
209+USE db3;
210+SELECT a FROM t2;
211+INSERT INTO t1 (b) VALUES (1), (2);
212+SELECT f1();
213+CALL p1();
214+-- disconnect con1
215+
216+-- connection default
217+DROP DATABASE db2;
218+DROP DATABASE db3;
219+DROP USER grantee@localhost;
220+DROP USER grantee;
221
222=== modified file 'sql/sql_acl.cc'
223--- sql/sql_acl.cc 2014-08-22 09:58:37 +0000
224+++ sql/sql_acl.cc 2015-02-09 13:05:43 +0000
225@@ -5685,7 +5685,7 @@
226 */
227
228 if (!strcmp(lex_user->user.str,user) &&
229- !my_strcasecmp(system_charset_info, lex_user->host.str, host))
230+ compare_hostname(&acl_db->host, lex_user->host.str, lex_user->host.str))
231 {
232 want_access=acl_db->access;
233 if (want_access)
234@@ -5755,7 +5755,9 @@
235 */
236
237 if (!strcmp(lex_user->user.str,user) &&
238- !my_strcasecmp(system_charset_info, lex_user->host.str, host))
239+ compare_hostname(&grant_table->host,
240+ lex_user->host.str,
241+ lex_user->host.str))
242 {
243 ulong table_access= grant_table->privs;
244 if ((table_access | grant_table->cols) != 0)
245@@ -5904,7 +5906,9 @@
246 */
247
248 if (!strcmp(lex_user->user.str,user) &&
249- !my_strcasecmp(system_charset_info, lex_user->host.str, host))
250+ compare_hostname(&grant_proc->host,
251+ lex_user->host.str,
252+ lex_user->host.str))
253 {
254 ulong proc_access= grant_proc->privs;
255 if (proc_access != 0)

Subscribers

People subscribed via source and target branches