From 50a8e751ddb990bc738500b8dedac82d9ae74d2b Mon Sep 17 00:00:00 2001 From: Vlad Lesin Date: Wed, 25 Feb 2015 02:02:38 +0300 Subject: [PATCH] Bug #1354988 fix. Use compare_hostname() function instead of my_strcasecmp() in mysql_show_grants() and it's call tree. --- mysql-test/r/grant.result | 13 ++++++ mysql-test/r/grant_cache_no_prot.result | 2 + mysql-test/r/percona_bug1354988.result | 50 +++++++++++++++++++++++ mysql-test/t/percona_bug1354988.test | 53 +++++++++++++++++++++++++ sql/sql_acl.cc | 10 +++-- 5 files changed, 125 insertions(+), 3 deletions(-) create mode 100644 mysql-test/r/percona_bug1354988.result create mode 100644 mysql-test/t/percona_bug1354988.test diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index 7603e4b1b1c2..50217937189d 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -777,6 +777,7 @@ show grants for mysqltest1@'192.%'; Grants for mysqltest1@192.% GRANT USAGE ON *.* TO 'mysqltest1'@'192.%' GRANT SELECT ON `mysqltest`.`t1` TO 'mysqltest1'@'192.%' +GRANT DELETE ON `mysqltest`.`t1` TO 'mysqltest1'@'%' show grants for mysqltest1@'%'; Grants for mysqltest1@% GRANT USAGE ON *.* TO 'mysqltest1'@'%' @@ -832,6 +833,7 @@ show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'%' +GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'' select * from information_schema.schema_privileges where grantee like "'mysqltest_8'%"; GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE @@ -871,6 +873,7 @@ grant update (a) on t1 to mysqltest_8; show grants for mysqltest_8@''; Grants for mysqltest_8@ GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' show grants for mysqltest_8; Grants for mysqltest_8@% @@ -880,11 +883,13 @@ flush privileges; show grants for mysqltest_8@''; Grants for mysqltest_8@ GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' select * from information_schema.column_privileges; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_8'@'%' def test t1 a UPDATE NO @@ -914,6 +919,7 @@ grant update on t1 to mysqltest_8; show grants for mysqltest_8@''; Grants for mysqltest_8@ GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'' show grants for mysqltest_8; Grants for mysqltest_8@% @@ -923,11 +929,13 @@ flush privileges; show grants for mysqltest_8@''; Grants for mysqltest_8@ GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'' select * from information_schema.table_privileges; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_8'@'%' def test t1 UPDATE NO @@ -960,12 +968,14 @@ grant all privileges on mysqltest.* to mysqltest_8; show grants for mysqltest_8@''; Grants for mysqltest_8@ GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'' GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'' select * from information_schema.user_privileges where grantee like "'mysqltest_8'%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE @@ -978,12 +988,15 @@ flush privileges; show grants for mysqltest_8@''; Grants for mysqltest_8@ GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'' GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'' +GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' drop user mysqltest_8@''; show grants for mysqltest_8@''; ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host '' diff --git a/mysql-test/r/grant_cache_no_prot.result b/mysql-test/r/grant_cache_no_prot.result index 019edb72086a..d987dfe0c87c 100644 --- a/mysql-test/r/grant_cache_no_prot.result +++ b/mysql-test/r/grant_cache_no_prot.result @@ -121,6 +121,8 @@ Qcache_not_cached 1 show grants for current_user(); Grants for @localhost GRANT USAGE ON *.* TO ''@'localhost' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, EVENT, TRIGGER ON `test`.* TO ''@'%' +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, EVENT, TRIGGER ON `test\_%`.* TO ''@'%' ----- establish connection user2 (user=mysqltest_2) ----- select "user2"; user2 diff --git a/mysql-test/r/percona_bug1354988.result b/mysql-test/r/percona_bug1354988.result new file mode 100644 index 000000000000..6e1763d54b78 --- /dev/null +++ b/mysql-test/r/percona_bug1354988.result @@ -0,0 +1,50 @@ +CREATE USER grantee@localhost IDENTIFIED BY 'grantee1'; +CREATE USER grantee IDENTIFIED BY 'grantee2'; +CREATE DATABASE db2; +CREATE DATABASE db3; +USE db3; +CREATE TABLE t1 (a INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, b INT(10) UNSIGNED NOT NULL DEFAULT 0); +CREATE TABLE t2 (a INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, b INT(10) UNSIGNED NOT NULL DEFAULT 0); +INSERT INTO t2 (b) VALUES (1), (2); +CREATE FUNCTION f1() RETURNS INT +BEGIN +RETURN 1; +END | +CREATE PROCEDURE p1() +BEGIN +SELECT 1; +END | +GRANT ALL PRIVILEGES ON db2.* TO grantee WITH GRANT OPTION; +GRANT SELECT(a) ON TABLE db3.t2 TO grantee WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON TABLE db3.t1 TO grantee WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON FUNCTION db3.f1 TO grantee WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON PROCEDURE db3.p1 TO grantee WITH GRANT OPTION; +SELECT user(), current_user(); +user() current_user() +grantee@localhost grantee@localhost +SHOW GRANTS; +Grants for grantee@localhost +GRANT USAGE ON *.* TO 'grantee'@'localhost' IDENTIFIED BY PASSWORD '*9823FF338D44DAF02422CF24DD1F879FB4F6B232' +GRANT ALL PRIVILEGES ON `db2`.* TO 'grantee'@'%' WITH GRANT OPTION +GRANT SELECT (a) ON `db3`.`t2` TO 'grantee'@'%' WITH GRANT OPTION +GRANT ALL PRIVILEGES ON `db3`.`t1` TO 'grantee'@'%' WITH GRANT OPTION +GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `db3`.`p1` TO 'grantee'@'%' WITH GRANT OPTION +GRANT EXECUTE, ALTER ROUTINE ON FUNCTION `db3`.`f1` TO 'grantee'@'%' WITH GRANT OPTION +USE db2; +CREATE TABLE t1(f1 int); +USE db3; +SELECT a FROM t2; +a +1 +2 +INSERT INTO t1 (b) VALUES (1), (2); +SELECT f1(); +f1() +1 +CALL p1(); +1 +1 +DROP DATABASE db2; +DROP DATABASE db3; +DROP USER grantee@localhost; +DROP USER grantee; diff --git a/mysql-test/t/percona_bug1354988.test b/mysql-test/t/percona_bug1354988.test new file mode 100644 index 000000000000..6ae60995901d --- /dev/null +++ b/mysql-test/t/percona_bug1354988.test @@ -0,0 +1,53 @@ +# The bug #1354988 test. + +CREATE USER grantee@localhost IDENTIFIED BY 'grantee1'; +CREATE USER grantee IDENTIFIED BY 'grantee2'; + +CREATE DATABASE db2; + + +CREATE DATABASE db3; +USE db3; + +CREATE TABLE t1 (a INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, b INT(10) UNSIGNED NOT NULL DEFAULT 0); +CREATE TABLE t2 (a INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, b INT(10) UNSIGNED NOT NULL DEFAULT 0); +INSERT INTO t2 (b) VALUES (1), (2); + +-- delimiter | + +CREATE FUNCTION f1() RETURNS INT +BEGIN + RETURN 1; +END | + +CREATE PROCEDURE p1() +BEGIN + SELECT 1; +END | + +-- delimiter ; + +GRANT ALL PRIVILEGES ON db2.* TO grantee WITH GRANT OPTION; +GRANT SELECT(a) ON TABLE db3.t2 TO grantee WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON TABLE db3.t1 TO grantee WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON FUNCTION db3.f1 TO grantee WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON PROCEDURE db3.p1 TO grantee WITH GRANT OPTION; + +-- connect (con1, localhost, grantee,grantee1,) +-- connection con1 +SELECT user(), current_user(); +SHOW GRANTS; +USE db2; +CREATE TABLE t1(f1 int); +USE db3; +SELECT a FROM t2; +INSERT INTO t1 (b) VALUES (1), (2); +SELECT f1(); +CALL p1(); +-- disconnect con1 + +-- connection default +DROP DATABASE db2; +DROP DATABASE db3; +DROP USER grantee@localhost; +DROP USER grantee; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index a6e690a6597e..ec3b7cd7cb13 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -5685,7 +5685,7 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) */ if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, host)) + compare_hostname(&acl_db->host, lex_user->host.str, lex_user->host.str)) { want_access=acl_db->access; if (want_access) @@ -5755,7 +5755,9 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) */ if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, host)) + compare_hostname(&grant_table->host, + lex_user->host.str, + lex_user->host.str)) { ulong table_access= grant_table->privs; if ((table_access | grant_table->cols) != 0) @@ -5904,7 +5906,9 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash, */ if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, host)) + compare_hostname(&grant_proc->host, + lex_user->host.str, + lex_user->host.str)) { ulong proc_access= grant_proc->privs; if (proc_access != 0)