diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-06-10 09:24:43 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-06-17 12:26:25 +0200 |
commit | fd00c449e33a5e4dda23832a16512d3af5939818 (patch) | |
tree | a9aeedc4e6ed1b111bfdb6e638dd14614faea62f | |
parent | d13080133f6de9d89975b4c1f09615d47a10748d (diff) | |
download | mariadb-git-fd00c449e33a5e4dda23832a16512d3af5939818.tar.gz |
bugfix: PROXY privilege matched usernames incorrectly
username can be empty, meaning anybody, or must match literally.
only db and host names are matched with wildcards.
-rw-r--r-- | mysql-test/main/plugin_auth_qa_1.result | 3 | ||||
-rw-r--r-- | mysql-test/main/plugin_auth_qa_1.test | 4 | ||||
-rw-r--r-- | sql/sql_acl.cc | 6 |
3 files changed, 9 insertions, 4 deletions
diff --git a/mysql-test/main/plugin_auth_qa_1.result b/mysql-test/main/plugin_auth_qa_1.result index d2d902cb6a6..261767d4cd2 100644 --- a/mysql-test/main/plugin_auth_qa_1.result +++ b/mysql-test/main/plugin_auth_qa_1.result @@ -4,6 +4,9 @@ User plugin authentication_string ========== test 1.1.3.2 ==================================== CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON `plug%dest` TO plug_user; +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +REVOKE PROXY ON `plug%dest` FROM plug_user; GRANT PROXY ON plug_dest TO plug_user; current_user() plug_dest@% diff --git a/mysql-test/main/plugin_auth_qa_1.test b/mysql-test/main/plugin_auth_qa_1.test index fb577fc178f..17fbf2ca25e 100644 --- a/mysql-test/main/plugin_auth_qa_1.test +++ b/mysql-test/main/plugin_auth_qa_1.test @@ -13,6 +13,10 @@ SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; # CREATE...WITH/CREATE...BY/GRANT CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON `plug%dest` TO plug_user; +--error 1 +--exec $MYSQL -S $MASTER_MYSOCK -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +REVOKE PROXY ON `plug%dest` FROM plug_user; GRANT PROXY ON plug_dest TO plug_user; --replace_result $MASTER_MYSOCK MASTER_MYSOCK --exec $MYSQL -S $MASTER_MYSOCK -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 49dad4a6e3e..f549d295a50 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -392,10 +392,8 @@ public: proxied_user_arg, proxied_user)); DBUG_RETURN(compare_hostname(&host, host_arg, ip_arg) && compare_hostname(&proxied_host, host_arg, ip_arg) && - (!*user || - (user_arg && !wild_compare(user_arg, user, TRUE))) && - (!*proxied_user || - !wild_compare(proxied_user_arg, proxied_user, TRUE))); + (!*user || !strcmp(user_arg, user)) && + (!*proxied_user || !strcmp(proxied_user_arg, proxied_user))); } |