diff options
| author | unknown <tnurnberg@sin.intern.azundris.com> | 2007-10-05 13:11:38 +0200 |
|---|---|---|
| committer | unknown <tnurnberg@sin.intern.azundris.com> | 2007-10-05 13:11:38 +0200 |
| commit | 3ade0a6ed51fc06383c84bec1e7a896a62051bed (patch) | |
| tree | c6c44f3abcb606d1a0bb0b6357f7442372bd27ac | |
| parent | 866225919c303f36e83b6af10e3908bcb39bda62 (diff) | |
| parent | eeeeec8edcf26cc73438a6cb5d23365e45d50130 (diff) | |
| download | mariadb-git-3ade0a6ed51fc06383c84bec1e7a896a62051bed.tar.gz | |
Merge sin.intern.azundris.com:/home/tnurnberg/19828/50-19828
into sin.intern.azundris.com:/home/tnurnberg/19828/51-19828
mysql-test/t/grant.test:
Auto merged
sql/sql_acl.cc:
Auto merged
mysql-test/r/grant.result:
manual merge
| -rw-r--r-- | mysql-test/r/grant.result | 3 | ||||
| -rw-r--r-- | mysql-test/r/grant3.result | 122 | ||||
| -rw-r--r-- | mysql-test/t/grant.test | 3 | ||||
| -rw-r--r-- | mysql-test/t/grant3.test | 100 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 41 |
5 files changed, 259 insertions, 10 deletions
diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index 0d4dad39882..4e25ada43a0 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -1210,6 +1210,9 @@ SELECT * FROM test.t1; f1 f2 1 1 2 2 +REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost'; +REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost'; +REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost'; DROP DATABASE db27878; use test; DROP TABLE t1; diff --git a/mysql-test/r/grant3.result b/mysql-test/r/grant3.result index 6193c4fd49d..cc7f46855b2 100644 --- a/mysql-test/r/grant3.result +++ b/mysql-test/r/grant3.result @@ -16,3 +16,125 @@ delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; +grant select on test.* to CUser@localhost; +grant select on test.* to CUser@LOCALHOST; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; +user host db select_priv +CUser LOCALHOST test Y +CUser localhost test Y +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; +user host db select_priv +CUser localhost test Y +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; +user host db select_priv +DROP USER CUser@localhost; +DROP USER CUser@LOCALHOST; +create table t1 (a int); +grant select on test.t1 to CUser@localhost; +grant select on test.t1 to CUser@LOCALHOST; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; +user host db Table_name Table_priv Column_priv +CUser LOCALHOST test t1 Select +CUser localhost test t1 Select +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; +user host db Table_name Table_priv Column_priv +CUser localhost test t1 Select +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; +user host db Table_name Table_priv Column_priv +DROP USER CUser@localhost; +DROP USER CUser@LOCALHOST; +grant select(a) on test.t1 to CUser@localhost; +grant select(a) on test.t1 to CUser@LOCALHOST; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; +user host db Table_name Table_priv Column_priv +CUser LOCALHOST test t1 Select +CUser localhost test t1 Select +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; +user host db Table_name Table_priv Column_priv +CUser localhost test t1 Select +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +user host +CUser LOCALHOST +CUser localhost +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; +user host db Table_name Table_priv Column_priv +DROP USER CUser@localhost; +DROP USER CUser@LOCALHOST; +drop table t1; +grant select on test.* to CUser2@localhost; +grant select on test.* to CUser2@LOCALHOST; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +user host +CUser2 LOCALHOST +CUser2 localhost +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; +user host db select_priv +CUser2 LOCALHOST test Y +CUser2 localhost test Y +REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST'; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +user host +CUser2 LOCALHOST +CUser2 localhost +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; +user host db select_priv +CUser2 localhost test Y +REVOKE SELECT ON test.* FROM 'CUser2'@'localhost'; +flush privileges; +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +user host +CUser2 LOCALHOST +CUser2 localhost +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; +user host db select_priv +DROP USER CUser2@localhost; +DROP USER CUser2@LOCALHOST; diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index e33712e1ebf..8d909d63f51 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -1257,6 +1257,9 @@ UPDATE v1 SET f2 = 4; SELECT * FROM test.t1; disconnect user1; connection default; +REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost'; +REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost'; +REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost'; DROP DATABASE db27878; use test; DROP TABLE t1; diff --git a/mysql-test/t/grant3.test b/mysql-test/t/grant3.test index 115586e807d..fac577ef0ff 100644 --- a/mysql-test/t/grant3.test +++ b/mysql-test/t/grant3.test @@ -34,3 +34,103 @@ delete from mysql.db where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%'; flush privileges; + +# +# Bug: #19828 Case sensitivity in Grant/Revoke +# + +grant select on test.* to CUser@localhost; +grant select on test.* to CUser@LOCALHOST; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2; + +DROP USER CUser@localhost; +DROP USER CUser@LOCALHOST; + +#### table grants +create table t1 (a int); +grant select on test.t1 to CUser@localhost; +grant select on test.t1 to CUser@LOCALHOST; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +DROP USER CUser@localhost; +DROP USER CUser@LOCALHOST; + +### column grants + +grant select(a) on test.t1 to CUser@localhost; +grant select(a) on test.t1 to CUser@LOCALHOST; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2; +SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2; + +DROP USER CUser@localhost; +DROP USER CUser@LOCALHOST; + +drop table t1; + +# revoke on a specific DB only + +grant select on test.* to CUser2@localhost; +grant select on test.* to CUser2@LOCALHOST; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; + +REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; + +REVOKE SELECT ON test.* FROM 'CUser2'@'localhost'; +flush privileges; + +SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2; +SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2; + +DROP USER CUser2@localhost; +DROP USER CUser2@LOCALHOST; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 67fa380d313..f4b804bd172 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1264,7 +1264,7 @@ static void acl_update_db(const char *user, const char *host, const char *db, { if (!acl_db->host.hostname && !host[0] || acl_db->host.hostname && - !my_strcasecmp(system_charset_info, host, acl_db->host.hostname)) + !strcmp(host, acl_db->host.hostname)) { if (!acl_db->db && !db[0] || acl_db->db && !strcmp(db,acl_db->db)) @@ -4489,6 +4489,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) if (!(host=acl_db->host.hostname)) host= ""; + /* + We do not make SHOW GRANTS case-sensitive here (like REVOKE), + but make it case-insensitive because that's the way they are + actually applied, and showing fewer privileges than are applied + would be wrong from a security point of view. + */ + if (!strcmp(lex_user->user.str,user) && !my_strcasecmp(system_charset_info, lex_user->host.str, host)) { @@ -4524,8 +4531,8 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) db.append(lex_user->user.str, lex_user->user.length, system_charset_info); db.append (STRING_WITH_LEN("'@'")); - db.append(lex_user->host.str, lex_user->host.length, - system_charset_info); + // host and lex_user->host are equal except for case + db.append(host, strlen(host), system_charset_info); db.append ('\''); if (want_access & GRANT_ACL) db.append(STRING_WITH_LEN(" WITH GRANT OPTION")); @@ -4552,6 +4559,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) if (!(host= grant_table->host.hostname)) host= ""; + /* + We do not make SHOW GRANTS case-sensitive here (like REVOKE), + but make it case-insensitive because that's the way they are + actually applied, and showing fewer privileges than are applied + would be wrong from a security point of view. + */ + if (!strcmp(lex_user->user.str,user) && !my_strcasecmp(system_charset_info, lex_user->host.str, host)) { @@ -4632,8 +4646,8 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) global.append(lex_user->user.str, lex_user->user.length, system_charset_info); global.append(STRING_WITH_LEN("'@'")); - global.append(lex_user->host.str,lex_user->host.length, - system_charset_info); + // host and lex_user->host are equal except for case + global.append(host, strlen(host), system_charset_info); global.append('\''); if (table_access & GRANT_ACL) global.append(STRING_WITH_LEN(" WITH GRANT OPTION")); @@ -4688,6 +4702,13 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash, if (!(host= grant_proc->host.hostname)) host= ""; + /* + We do not make SHOW GRANTS case-sensitive here (like REVOKE), + but make it case-insensitive because that's the way they are + actually applied, and showing fewer privileges than are applied + would be wrong from a security point of view. + */ + if (!strcmp(lex_user->user.str,user) && !my_strcasecmp(system_charset_info, lex_user->host.str, host)) { @@ -4731,8 +4752,8 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash, global.append(lex_user->user.str, lex_user->user.length, system_charset_info); global.append(STRING_WITH_LEN("'@'")); - global.append(lex_user->host.str,lex_user->host.length, - system_charset_info); + // host and lex_user->host are equal except for case + global.append(host, strlen(host), system_charset_info); global.append('\''); if (proc_access & GRANT_ACL) global.append(STRING_WITH_LEN(" WITH GRANT OPTION")); @@ -5708,7 +5729,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) host= ""; if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, host)) + !strcmp(lex_user->host.str, host)) { if (!replace_db_table(tables[1].table, acl_db->db, *lex_user, ~(ulong)0, 1)) @@ -5740,7 +5761,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) host= ""; if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, host)) + !strcmp(lex_user->host.str, host)) { if (replace_table_table(thd,grant_table,tables[2].table,*lex_user, grant_table->db, @@ -5786,7 +5807,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) host= ""; if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, host)) + !strcmp(lex_user->host.str, host)) { if (!replace_routine_table(thd,grant_proc,tables[4].table,*lex_user, grant_proc->db, |