diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 11:38:13 -0700 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 11:38:13 -0700 |
| commit | 4cc8cda346bdd63c7e3882d687ba01143856b5dd (patch) | |
| tree | e2b85067af7ab64f3806a01f0e4c8b38060dd53f | |
| parent | cefe5d964b6b483be51ae7d643105374a4cfe0bf (diff) | |
| download | mariadb-git-4cc8cda346bdd63c7e3882d687ba01143856b5dd.tar.gz | |
Remove the very old historical but never documented behavior,
than an empty host '' is the same as any-host wildcard '%'.
Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables.
Side effect: one cannot have foo@'' and foo@'%' both at the same time
(but one can have foo@'%' and foo@'%%')
26 files changed, 187 insertions, 190 deletions
diff --git a/mysql-test/r/acl_roles_create_and_grant_role.result b/mysql-test/r/acl_roles_create_and_grant_role.result index 2901911aff6..aad17ae8013 100644 --- a/mysql-test/r/acl_roles_create_and_grant_role.result +++ b/mysql-test/r/acl_roles_create_and_grant_role.result @@ -15,7 +15,7 @@ show grants; Grants for root@localhost GRANT r1 TO 'root'@'localhost' GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION GRANT USAGE ON *.* TO 'r1' drop role r1; select * from mysql.roles_mapping; @@ -23,4 +23,4 @@ HostFk UserFk RoleFk show grants; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION diff --git a/mysql-test/r/acl_roles_set_role-multiple-role.result b/mysql-test/r/acl_roles_set_role-multiple-role.result index d4a432d6c03..13fdf5b1f46 100644 --- a/mysql-test/r/acl_roles_set_role-multiple-role.result +++ b/mysql-test/r/acl_roles_set_role-multiple-role.result @@ -16,25 +16,25 @@ update mysql.user set Reload_priv='Y' where user like 'r_rld'; update mysql.user set is_role='Y' where user like 'r\_%'; select * from mysql.user where user='r_sel'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - r_sel Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% r_sel Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y select * from mysql.user where user='r_ins'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - r_ins N Y N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% r_ins N Y N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y select * from mysql.user where user='r_upd'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - r_upd N N Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% r_upd N N Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y select * from mysql.user where user='r_del'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - r_del N N N Y N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% r_del N N N Y N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y select * from mysql.user where user='r_crt'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - r_crt N N N N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% r_crt N N N N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y select * from mysql.user where user='r_drp'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - r_drp N N N N N Y N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% r_drp N N N N N Y N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y select * from mysql.user where user='r_rld'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - r_rld N N N N N N Y N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% r_rld N N N N N N Y N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', 'test_user', 'r_sel'); diff --git a/mysql-test/r/acl_roles_set_role-recursive.result b/mysql-test/r/acl_roles_set_role-recursive.result index 864616cf255..168960fbe62 100644 --- a/mysql-test/r/acl_roles_set_role-recursive.result +++ b/mysql-test/r/acl_roles_set_role-recursive.result @@ -12,8 +12,8 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', flush privileges; select user, host from mysql.user where user not like 'root'; user host -test_role1 -test_role2 +test_role1 % +test_role2 % test_user localhost select * from mysql.roles_mapping where UserFk like 'test_user'; HostFk UserFk RoleFk @@ -24,10 +24,11 @@ HostFk UserFk RoleFk grant select on *.* to 'test_role2'@''; select * from mysql.user where user like 'test_role1'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - test_role1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% test_role1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y select * from mysql.user where user like 'test_role2'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role test_role2 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% test_role2 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y flush privileges; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' diff --git a/mysql-test/r/acl_roles_set_role-simple.result b/mysql-test/r/acl_roles_set_role-simple.result index cadc63624aa..7337f56e3b8 100644 --- a/mysql-test/r/acl_roles_set_role-simple.result +++ b/mysql-test/r/acl_roles_set_role-simple.result @@ -6,7 +6,7 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', 'test_role1'); select user, host from mysql.user where user not like 'root'; user host -test_role1 +test_role1 % test_user localhost select * from mysql.roles_mapping; HostFk UserFk RoleFk @@ -14,7 +14,7 @@ localhost test_user test_role1 grant select on *.* to 'test_role1'@''; select * from mysql.user where user='test_role1'; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role - test_role1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y +% test_role1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y flush privileges; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' diff --git a/mysql-test/r/events_bugs.result b/mysql-test/r/events_bugs.result index 30bc4f89d8c..efa4b89a0a8 100644 --- a/mysql-test/r/events_bugs.result +++ b/mysql-test/r/events_bugs.result @@ -569,7 +569,7 @@ USE test; SHOW GRANTS FOR CURRENT_USER; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION SET GLOBAL event_scheduler = ON; CREATE TABLE events_test.event_log (id int KEY AUTO_INCREMENT, ev_nm char(40), ev_cnt int, ev_tm timestamp) diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index bf67bb5dd6f..06f63b41212 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -750,28 +750,28 @@ show grants for root@localhost; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION GRANT SELECT ON `ÂÄ`.* TO 'root'@'localhost' -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION flush privileges; show grants for root@localhost; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION GRANT SELECT ON `ÂÄ`.* TO 'root'@'localhost' -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION drop database ÂÄ; revoke all privileges on ÂÄ.* from root@localhost; show grants for root@localhost; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION set names latin1; create user mysqltest_7@; set password for mysqltest_7@ = password('systpass'); show grants for mysqltest_7@; -Grants for mysqltest_7@ -GRANT USAGE ON *.* TO 'mysqltest_7'@'' IDENTIFIED BY PASSWORD '*2FB071A056F9BB745219D9C876814231DAF46517' +Grants for mysqltest_7@% +GRANT USAGE ON *.* TO 'mysqltest_7'@'%' IDENTIFIED BY PASSWORD '*2FB071A056F9BB745219D9C876814231DAF46517' drop user mysqltest_7@; show grants for mysqltest_7@; -ERROR 42000: There is no such grant defined for user 'mysqltest_7' on host '' +ERROR 42000: There is no such grant defined for user 'mysqltest_7' on host '%' create database mysqltest; use mysqltest; create table t1(f1 int); @@ -807,30 +807,28 @@ create table t2 as select * from mysql.user where user=''; delete from mysql.user where user=''; flush privileges; create user mysqltest_8@''; -create user mysqltest_8; create user mysqltest_8@host8; create user mysqltest_8@''; -ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'' +ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'%' create user mysqltest_8; ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'%' create user mysqltest_8@host8; ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'host8' select user, QUOTE(host) from mysql.user where user="mysqltest_8"; user QUOTE(host) -mysqltest_8 '' mysqltest_8 '%' mysqltest_8 'host8' Schema privileges grant select on mysqltest.* to mysqltest_8@''; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'%' grant select on mysqltest.* to mysqltest_8@; show grants for mysqltest_8@; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'%' grant select on mysqltest.* to mysqltest_8; show grants for mysqltest_8; Grants for mysqltest_8@% @@ -840,14 +838,12 @@ select * from information_schema.schema_privileges where grantee like "'mysqltest_8'%"; GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_8'@'%' def mysqltest SELECT NO -'mysqltest_8'@'' def mysqltest SELECT NO select * from t1; a revoke select on mysqltest.* from mysqltest_8@''; -revoke select on mysqltest.* from mysqltest_8; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' @@ -856,35 +852,35 @@ where grantee like "'mysqltest_8'%"; GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE flush privileges; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' show grants for mysqltest_8@; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' grant select on mysqltest.* to mysqltest_8@''; flush privileges; show grants for mysqltest_8@; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'%' revoke select on mysqltest.* from mysqltest_8@''; flush privileges; Column privileges grant update (a) on t1 to mysqltest_8@''; grant update (a) on t1 to mysqltest_8; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' flush privileges; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' @@ -892,14 +888,12 @@ GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' select * from information_schema.column_privileges; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_8'@'%' def test t1 a UPDATE NO -'mysqltest_8'@'' def test t1 a UPDATE NO select * from t1; a revoke update (a) on t1 from mysqltest_8@''; -revoke update (a) on t1 from mysqltest_8; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' @@ -907,8 +901,8 @@ select * from information_schema.column_privileges; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE flush privileges; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' @@ -916,18 +910,18 @@ Table privileges grant update on t1 to mysqltest_8@''; grant update on t1 to mysqltest_8; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' flush privileges; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' @@ -935,14 +929,12 @@ GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' select * from information_schema.table_privileges; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_8'@'%' def test t1 UPDATE NO -'mysqltest_8'@'' def test t1 UPDATE NO select * from t1; a revoke update on t1 from mysqltest_8@''; -revoke update on t1 from mysqltest_8; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' @@ -950,8 +942,8 @@ select * from information_schema.table_privileges; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE flush privileges; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' @@ -962,45 +954,36 @@ grant update on t1 to mysqltest_8@''; grant update (a) on t1 to mysqltest_8@''; grant all privileges on mysqltest.* to mysqltest_8; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'' -GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' +GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' +GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' select * from information_schema.user_privileges where grantee like "'mysqltest_8'%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_8'@'host8' def USAGE NO 'mysqltest_8'@'%' def USAGE NO -'mysqltest_8'@'' def USAGE NO select * from t1; a flush privileges; show grants for mysqltest_8@''; -Grants for mysqltest_8@ -GRANT USAGE ON *.* TO 'mysqltest_8'@'' -GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'' -GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' -show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' -drop user mysqltest_8@''; -show grants for mysqltest_8@''; -ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host '' +GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' show grants for mysqltest_8; Grants for mysqltest_8@% GRANT USAGE ON *.* TO 'mysqltest_8'@'%' GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' -select * from information_schema.user_privileges -where grantee like "'mysqltest_8'%"; -GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE -'mysqltest_8'@'host8' def USAGE NO -'mysqltest_8'@'%' def USAGE NO -drop user mysqltest_8; +GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' +drop user mysqltest_8@''; +show grants for mysqltest_8@''; +ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host '%' connect(localhost,mysqltest_8,,test,MASTER_PORT,MASTER_SOCKET); ERROR 28000: Access denied for user 'mysqltest_8'@'localhost' (using password: NO) show grants for mysqltest_8; diff --git a/mysql-test/r/grant_cache_no_prot.result b/mysql-test/r/grant_cache_no_prot.result index e95a858fd9a..777eb10cda6 100644 --- a/mysql-test/r/grant_cache_no_prot.result +++ b/mysql-test/r/grant_cache_no_prot.result @@ -7,11 +7,11 @@ flush status; show grants for current_user; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION show grants; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION create database if not exists mysqltest; create table mysqltest.t1 (a int,b int,c int); create table mysqltest.t2 (a int,b int,c int); diff --git a/mysql-test/r/grant_cache_ps_prot.result b/mysql-test/r/grant_cache_ps_prot.result index f9786298a81..b504dc4be35 100644 --- a/mysql-test/r/grant_cache_ps_prot.result +++ b/mysql-test/r/grant_cache_ps_prot.result @@ -7,11 +7,11 @@ flush status; show grants for current_user; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION show grants; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION create database if not exists mysqltest; create table mysqltest.t1 (a int,b int,c int); create table mysqltest.t2 (a int,b int,c int); diff --git a/mysql-test/r/plugin_auth.result b/mysql-test/r/plugin_auth.result index 356ac76962a..a58fea2fe5b 100644 --- a/mysql-test/r/plugin_auth.result +++ b/mysql-test/r/plugin_auth.result @@ -116,7 +116,7 @@ ERROR 42000: There is no such grant defined for user 'grant_plug' on host '%' in grant_plug_dest_con ## testing what an ordinary user can grant this should fail : no rights to grant all -GRANT PROXY ON ''@'' TO grant_plug; +GRANT PROXY ON ''@'%%' TO grant_plug; ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost' this should fail : not the same user GRANT PROXY ON grant_plug TO grant_plug_dest; @@ -139,15 +139,15 @@ ERROR 42000: You are not allowed to create a user with GRANT in default connection # test what root can grant should work : root has PROXY to all users -GRANT PROXY ON ''@'' TO grant_plug; -REVOKE PROXY ON ''@'' FROM grant_plug; +GRANT PROXY ON ''@'%%' TO grant_plug; +REVOKE PROXY ON ''@'%%' FROM grant_plug; should work : root has PROXY to all users -GRANT PROXY ON ''@'' TO proxy_admin IDENTIFIED BY 'test' +GRANT PROXY ON ''@'%%' TO proxy_admin IDENTIFIED BY 'test' WITH GRANT OPTION; need USAGE : PROXY doesn't contain it. GRANT USAGE on *.* TO proxy_admin; in proxy_admin_con; -should work : proxy_admin has proxy to ''@'' +should work : proxy_admin has proxy to ''@'%%' GRANT PROXY ON future_user TO grant_plug; in default connection SHOW GRANTS FOR grant_plug; @@ -234,25 +234,25 @@ DROP USER plug_dest; # Bug #56798 : Wrong credentials assigned when using a proxy user. # GRANT ALL PRIVILEGES ON *.* TO power_user; -GRANT USAGE ON anonymous_db.* TO ''@'' +GRANT USAGE ON anonymous_db.* TO ''@'%%' IDENTIFIED WITH 'test_plugin_server' AS 'power_user'; -GRANT PROXY ON power_user TO ''@''; +GRANT PROXY ON power_user TO ''@'%%'; CREATE DATABASE confidential_db; SELECT user(),current_user(),@@proxy_user; user() current_user() @@proxy_user -test_login_user@localhost power_user@% ''@'' +test_login_user@localhost power_user@% ''@'%%' DROP USER power_user; -DROP USER ''@''; +DROP USER ''@'%%'; DROP DATABASE confidential_db; # Test case #2 (crash with double grant proxy) -CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user'; +CREATE USER ''@'%%' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user'; CREATE USER standard_user; CREATE DATABASE shared; GRANT ALL PRIVILEGES ON shared.* TO standard_user; -GRANT PROXY ON standard_user TO ''@''; +GRANT PROXY ON standard_user TO ''@'%%'; #should not crash -GRANT PROXY ON standard_user TO ''@''; -DROP USER ''@''; +GRANT PROXY ON standard_user TO ''@'%%'; +DROP USER ''@'%%'; DROP USER standard_user; DROP DATABASE shared; # diff --git a/mysql-test/r/plugin_auth_qa_1.result b/mysql-test/r/plugin_auth_qa_1.result index d700be36ac0..44b5a88de1e 100644 --- a/mysql-test/r/plugin_auth_qa_1.result +++ b/mysql-test/r/plugin_auth_qa_1.result @@ -186,7 +186,7 @@ connection default; disconnect plug_user; DROP USER new_user,new_dest,plug_dest; ========== test 2, 2.1, 2.2 ================================ -CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd'; SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; user plugin authentication_string @@ -204,7 +204,7 @@ connection default; disconnect proxy_con; connect(proxy_con,localhost,proxy_user,proxied_user); ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES) -GRANT PROXY ON proxied_user TO ''@''; +GRANT PROXY ON proxied_user TO ''@'%%'; connect(proxy_con,localhost,proxied_user,proxied_user_passwd); SELECT USER(),CURRENT_USER(); USER() CURRENT_USER() @@ -218,11 +218,11 @@ proxy_user@localhost proxied_user@% ========== test 2.2.1 ====================================== SELECT @@proxy_user; @@proxy_user -''@'' +''@'%%' connection default; disconnect proxy_con; -DROP USER ''@'',proxied_user; -GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'' +DROP USER ''@'%%',proxied_user; +GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd'; SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; @@ -240,7 +240,7 @@ connection default; disconnect proxy_con; connect(proxy_con,localhost,proxy_user,proxied_user); ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES) -GRANT PROXY ON proxied_user TO ''@''; +GRANT PROXY ON proxied_user TO ''@'%%'; connect(proxy_con,localhost,proxied_user,proxied_user_passwd); SELECT USER(),CURRENT_USER(); USER() CURRENT_USER() @@ -253,21 +253,21 @@ USER() CURRENT_USER() proxy_user@localhost proxied_user@% SELECT @@proxy_user; @@proxy_user -''@'' +''@'%%' connection default; disconnect proxy_con; -DROP USER ''@'',proxied_user; -CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +DROP USER ''@'%%',proxied_user; +CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd'; CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd'; CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd'; CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd'; CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd'; -GRANT PROXY ON proxied_user_1 TO ''@''; -GRANT PROXY ON proxied_user_2 TO ''@''; -GRANT PROXY ON proxied_user_3 TO ''@''; -GRANT PROXY ON proxied_user_4 TO ''@''; -GRANT PROXY ON proxied_user_5 TO ''@''; +GRANT PROXY ON proxied_user_1 TO ''@'%%'; +GRANT PROXY ON proxied_user_2 TO ''@'%%'; +GRANT PROXY ON proxied_user_3 TO ''@'%%'; +GRANT PROXY ON proxied_user_4 TO ''@'%%'; +GRANT PROXY ON proxied_user_5 TO ''@'%%'; SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; user plugin authentication_string test_plugin_server proxied_user @@ -322,7 +322,7 @@ disconnect proxy_con_2; disconnect proxy_con_3; disconnect proxy_con_4; disconnect proxy_con_5; -DROP USER ''@'',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5; +DROP USER ''@'%%',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5; ========== test 3 ========================================== GRANT ALL PRIVILEGES ON *.* TO plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; diff --git a/mysql-test/r/skip_grants.result b/mysql-test/r/skip_grants.result index cd691d882fa..b178e0ecfa7 100644 --- a/mysql-test/r/skip_grants.result +++ b/mysql-test/r/skip_grants.result @@ -36,14 +36,14 @@ CREATE DEFINER=a@'' FUNCTION f3() RETURNS INT RETURN 3; SHOW CREATE VIEW v3; View Create View character_set_client collation_connection -v3 CREATE ALGORITHM=UNDEFINED DEFINER=`a`@`` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`c` AS `c` from `t1` latin1 latin1_swedish_ci +v3 CREATE ALGORITHM=UNDEFINED DEFINER=`a`@`%` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`c` AS `c` from `t1` latin1 latin1_swedish_ci SHOW CREATE PROCEDURE p3; Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation -p3 CREATE DEFINER=`a`@`` PROCEDURE `p3`() +p3 CREATE DEFINER=`a`@`%` PROCEDURE `p3`() SELECT 3 latin1 latin1_swedish_ci latin1_swedish_ci SHOW CREATE FUNCTION f3; Function sql_mode Create Function character_set_client collation_connection Database Collation -f3 CREATE DEFINER=`a`@`` FUNCTION `f3`() RETURNS int(11) +f3 CREATE DEFINER=`a`@`%` FUNCTION `f3`() RETURNS int(11) RETURN 3 latin1 latin1_swedish_ci latin1_swedish_ci DROP TRIGGER t1_bi; DROP TRIGGER ti_ai; diff --git a/mysql-test/r/sp_notembedded.result b/mysql-test/r/sp_notembedded.result index e95bae39920..410441b63e3 100644 --- a/mysql-test/r/sp_notembedded.result +++ b/mysql-test/r/sp_notembedded.result @@ -9,11 +9,11 @@ end| call bug4902()| Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION call bug4902()| Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION drop procedure bug4902| drop procedure if exists bug4902_2| create procedure bug4902_2() @@ -156,11 +156,11 @@ create procedure 15298_2 () sql security definer show grants; call 15298_1(); Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION call 15298_2(); Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION drop user mysqltest_1@localhost; drop procedure 15298_1; drop procedure 15298_2; diff --git a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result index ac09c19a4b4..330889f8df7 100644 --- a/mysql-test/r/view_grant.result +++ b/mysql-test/r/view_grant.result @@ -531,13 +531,13 @@ drop user mysqltest_1@localhost; drop database mysqltest; create definer=some_user@`` sql security invoker view v1 as select 1; Warnings: -Note 1449 The user specified as a definer ('some_user'@'') does not exist +Note 1449 The user specified as a definer ('some_user'@'%') does not exist create definer=some_user@localhost sql security invoker view v2 as select 1; Warnings: Note 1449 The user specified as a definer ('some_user'@'localhost') does not exist show create view v1; View Create View character_set_client collation_connection -v1 CREATE ALGORITHM=UNDEFINED DEFINER=`some_user`@`` SQL SECURITY INVOKER VIEW `v1` AS select 1 AS `1` latin1 latin1_swedish_ci +v1 CREATE ALGORITHM=UNDEFINED DEFINER=`some_user`@`%` SQL SECURITY INVOKER VIEW `v1` AS select 1 AS `1` latin1 latin1_swedish_ci show create view v2; View Create View character_set_client collation_connection v2 CREATE ALGORITHM=UNDEFINED DEFINER=`some_user`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select 1 AS `1` latin1 latin1_swedish_ci diff --git a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result index 5dfc734cf5c..cf93657885c 100644 --- a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result @@ -573,7 +573,7 @@ root@localhost show grants; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION drop trigger trg1_1; use priv_db; diff --git a/mysql-test/suite/funcs_1/r/memory_trig_03e.result b/mysql-test/suite/funcs_1/r/memory_trig_03e.result index 32252c93890..5f05f7c0af5 100644 --- a/mysql-test/suite/funcs_1/r/memory_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/memory_trig_03e.result @@ -574,7 +574,7 @@ root@localhost show grants; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION drop trigger trg1_1; use priv_db; diff --git a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result index 1b3342ea581..c34525a52f8 100644 --- a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result @@ -574,7 +574,7 @@ root@localhost show grants; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION drop trigger trg1_1; use priv_db; diff --git a/mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result b/mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result index ffe2b480dda..67bd7994913 100644 --- a/mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result +++ b/mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result @@ -70,7 +70,7 @@ ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_ SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION CREATE INDEX i_processlist ON processlist (user); ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' DROP TABLE processlist; diff --git a/mysql-test/suite/funcs_1/r/processlist_priv_ps.result b/mysql-test/suite/funcs_1/r/processlist_priv_ps.result index 22852fb159f..342c1839bfa 100644 --- a/mysql-test/suite/funcs_1/r/processlist_priv_ps.result +++ b/mysql-test/suite/funcs_1/r/processlist_priv_ps.result @@ -70,7 +70,7 @@ ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_ SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION CREATE INDEX i_processlist ON processlist (user); ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' DROP TABLE processlist; diff --git a/mysql-test/suite/perfschema/r/column_privilege.result b/mysql-test/suite/perfschema/r/column_privilege.result index aff5f3e6eee..7a0a5efcdda 100644 --- a/mysql-test/suite/perfschema/r/column_privilege.result +++ b/mysql-test/suite/perfschema/r/column_privilege.result @@ -1,7 +1,7 @@ show grants; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION grant usage on *.* to 'pfs_user_5'@localhost with GRANT OPTION; grant SELECT(thread_id, event_id) on performance_schema.events_waits_current to 'pfs_user_5'@localhost; diff --git a/mysql-test/suite/perfschema/r/privilege.result b/mysql-test/suite/perfschema/r/privilege.result index 32a502db34b..412a2ff7bce 100644 --- a/mysql-test/suite/perfschema/r/privilege.result +++ b/mysql-test/suite/perfschema/r/privilege.result @@ -1,7 +1,7 @@ show grants; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION grant ALL on *.* to 'pfs_user_1'@localhost with GRANT OPTION; grant ALL on performance_schema.* to 'pfs_user_2'@localhost with GRANT OPTION; diff --git a/mysql-test/suite/rpl/r/rpl_do_grant.result b/mysql-test/suite/rpl/r/rpl_do_grant.result index 1c477f011ac..e0ce3593b13 100644 --- a/mysql-test/suite/rpl/r/rpl_do_grant.result +++ b/mysql-test/suite/rpl/r/rpl_do_grant.result @@ -190,7 +190,7 @@ GRANT EXECUTE ON PROCEDURE `test`.`p1` TO 'user49119'@'localhost' SHOW GRANTS FOR CURRENT_USER; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION ############################################################## ############################################################## ### Showing grants for both users: root and user49119 (master) @@ -201,7 +201,7 @@ GRANT EXECUTE ON PROCEDURE `test`.`p1` TO 'user49119'@'localhost' SHOW GRANTS FOR CURRENT_USER; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION ############################################################## ## This statement will make the revoke fail because root has no ## execute grant. However, it will still revoke the grant for @@ -217,7 +217,7 @@ GRANT USAGE ON *.* TO 'user49119'@'localhost' SHOW GRANTS FOR CURRENT_USER; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION ############################################################## ############################################################# ### Showing grants for both users: root and user49119 (slave) @@ -228,7 +228,7 @@ GRANT USAGE ON *.* TO 'user49119'@'localhost' SHOW GRANTS FOR CURRENT_USER; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION -GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION ############################################################## DROP TABLE t1; DROP PROCEDURE p1; diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index 20284ec9ae9..2d51d5d2b20 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -587,7 +587,6 @@ flush privileges; # Create some users with different hostnames create user mysqltest_8@''; -create user mysqltest_8; create user mysqltest_8@host8; # Try to create them again @@ -614,7 +613,6 @@ select * from t1; disconnect conn3; connection master; revoke select on mysqltest.* from mysqltest_8@''; -revoke select on mysqltest.* from mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; select * from information_schema.schema_privileges @@ -642,7 +640,6 @@ select * from t1; disconnect conn4; connection master; revoke update (a) on t1 from mysqltest_8@''; -revoke update (a) on t1 from mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; select * from information_schema.column_privileges; @@ -664,7 +661,6 @@ select * from t1; disconnect conn5; connection master; revoke update on t1 from mysqltest_8@''; -revoke update on t1 from mysqltest_8; show grants for mysqltest_8@''; show grants for mysqltest_8; select * from information_schema.table_privileges; @@ -692,10 +688,6 @@ show grants for mysqltest_8; drop user mysqltest_8@''; --error ER_NONEXISTING_GRANT show grants for mysqltest_8@''; -show grants for mysqltest_8; -select * from information_schema.user_privileges -where grantee like "'mysqltest_8'%"; -drop user mysqltest_8; --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR connect (conn6,localhost,mysqltest_8,,); diff --git a/mysql-test/t/plugin_auth.test b/mysql-test/t/plugin_auth.test index 4a3187a33eb..d374d098109 100644 --- a/mysql-test/t/plugin_auth.test +++ b/mysql-test/t/plugin_auth.test @@ -168,7 +168,7 @@ connection grant_plug_dest_con; --echo ## testing what an ordinary user can grant --echo this should fail : no rights to grant all --error ER_ACCESS_DENIED_NO_PASSWORD_ERROR -GRANT PROXY ON ''@'' TO grant_plug; +GRANT PROXY ON ''@'%%' TO grant_plug; --echo this should fail : not the same user --error ER_ACCESS_DENIED_NO_PASSWORD_ERROR @@ -211,11 +211,11 @@ disconnect grant_plug_dest_con; --echo # test what root can grant --echo should work : root has PROXY to all users -GRANT PROXY ON ''@'' TO grant_plug; -REVOKE PROXY ON ''@'' FROM grant_plug; +GRANT PROXY ON ''@'%%' TO grant_plug; +REVOKE PROXY ON ''@'%%' FROM grant_plug; --echo should work : root has PROXY to all users -GRANT PROXY ON ''@'' TO proxy_admin IDENTIFIED BY 'test' +GRANT PROXY ON ''@'%%' TO proxy_admin IDENTIFIED BY 'test' WITH GRANT OPTION; --echo need USAGE : PROXY doesn't contain it. @@ -225,7 +225,7 @@ connect (proxy_admin_con,localhost,proxy_admin,test); connection proxy_admin_con; --echo in proxy_admin_con; ---echo should work : proxy_admin has proxy to ''@'' +--echo should work : proxy_admin has proxy to ''@'%%' GRANT PROXY ON future_user TO grant_plug; connection default; @@ -317,9 +317,9 @@ DROP USER plug_dest; --echo # GRANT ALL PRIVILEGES ON *.* TO power_user; -GRANT USAGE ON anonymous_db.* TO ''@'' +GRANT USAGE ON anonymous_db.* TO ''@'%%' IDENTIFIED WITH 'test_plugin_server' AS 'power_user'; -GRANT PROXY ON power_user TO ''@''; +GRANT PROXY ON power_user TO ''@'%%'; CREATE DATABASE confidential_db; connect(plug_con,localhost, test_login_user, power_user, confidential_db); @@ -329,24 +329,23 @@ connection default; disconnect plug_con; DROP USER power_user; -DROP USER ''@''; +DROP USER ''@'%%'; DROP DATABASE confidential_db; --echo # Test case #2 (crash with double grant proxy) -CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user'; +CREATE USER ''@'%%' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user'; CREATE USER standard_user; CREATE DATABASE shared; GRANT ALL PRIVILEGES ON shared.* TO standard_user; -GRANT PROXY ON standard_user TO ''@''; +GRANT PROXY ON standard_user TO ''@'%%'; --echo #should not crash -GRANT PROXY ON standard_user TO ''@''; +GRANT PROXY ON standard_user TO ''@'%%'; -DROP USER ''@''; +DROP USER ''@'%%'; DROP USER standard_user; DROP DATABASE shared; - --echo # --echo # Bug #57551 : Live upgrade fails between 5.1.52 -> 5.5.7-rc --echo # diff --git a/mysql-test/t/plugin_auth_qa_1.test b/mysql-test/t/plugin_auth_qa_1.test index 93e471da25d..55fef4254e1 100644 --- a/mysql-test/t/plugin_auth_qa_1.test +++ b/mysql-test/t/plugin_auth_qa_1.test @@ -184,7 +184,7 @@ DROP USER new_user,new_dest,plug_dest; --echo ========== test 2, 2.1, 2.2 ================================ -CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd'; --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; @@ -202,7 +202,7 @@ disconnect proxy_con; --error ER_ACCESS_DENIED_ERROR : this should fail : no grant connect(proxy_con,localhost,proxy_user,proxied_user); --enable_query_log -GRANT PROXY ON proxied_user TO ''@''; +GRANT PROXY ON proxied_user TO ''@'%%'; --echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd); connect(proxy_con,localhost,proxied_user,proxied_user_passwd); SELECT USER(),CURRENT_USER(); @@ -219,9 +219,9 @@ SELECT @@proxy_user; connection default; --echo disconnect proxy_con; disconnect proxy_con; -DROP USER ''@'',proxied_user; +DROP USER ''@'%%',proxied_user; # -GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'' +GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd'; --sorted_result @@ -239,7 +239,7 @@ disconnect proxy_con; --error ER_ACCESS_DENIED_ERROR : this should fail : no grant connect(proxy_con,localhost,proxy_user,proxied_user); --enable_query_log -GRANT PROXY ON proxied_user TO ''@''; +GRANT PROXY ON proxied_user TO ''@'%%'; --echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd); connect(proxy_con,localhost,proxied_user,proxied_user_passwd); SELECT USER(),CURRENT_USER(); @@ -255,19 +255,19 @@ SELECT @@proxy_user; connection default; --echo disconnect proxy_con; disconnect proxy_con; -DROP USER ''@'',proxied_user; +DROP USER ''@'%%',proxied_user; # -CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd'; CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd'; CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd'; CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd'; CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd'; -GRANT PROXY ON proxied_user_1 TO ''@''; -GRANT PROXY ON proxied_user_2 TO ''@''; -GRANT PROXY ON proxied_user_3 TO ''@''; -GRANT PROXY ON proxied_user_4 TO ''@''; -GRANT PROXY ON proxied_user_5 TO ''@''; +GRANT PROXY ON proxied_user_1 TO ''@'%%'; +GRANT PROXY ON proxied_user_2 TO ''@'%%'; +GRANT PROXY ON proxied_user_3 TO ''@'%%'; +GRANT PROXY ON proxied_user_4 TO ''@'%%'; +GRANT PROXY ON proxied_user_5 TO ''@'%%'; --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; --echo connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd'); @@ -312,7 +312,7 @@ disconnect proxy_con_3; disconnect proxy_con_4; --echo disconnect proxy_con_5; disconnect proxy_con_5; -DROP USER ''@'',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5; +DROP USER ''@'%%',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5; --echo ========== test 3 ========================================== diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index b384e11f0d5..17f89f3360b 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -404,9 +404,7 @@ public: } void set_host(MEM_ROOT *mem, const char *host_arg) { - update_hostname(&host, - (host_arg && *host_arg) ? - strdup_root(mem, host_arg) : NULL); + update_hostname(&host, safe_strdup_root(mem, host_arg)); } bool check_validity(bool check_no_resolve) @@ -1319,14 +1317,17 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) while (!(read_record_info.read_record(&read_record_info))) { ACL_DB db; - update_hostname(&db.host,get_field(&mem, table->field[MYSQL_DB_FIELD_HOST])); + db.user=get_field(&mem, table->field[MYSQL_DB_FIELD_USER]); + const char *hostname= get_field(&mem, table->field[MYSQL_DB_FIELD_HOST]); + if (!hostname && find_acl_role(db.user)) + hostname= ""; + update_hostname(&db.host, hostname); db.db=get_field(&mem, table->field[MYSQL_DB_FIELD_DB]); if (!db.db) { sql_print_warning("Found an entry in the 'db' table with empty database name; Skipped"); continue; } - db.user=get_field(&mem, table->field[MYSQL_DB_FIELD_USER]); if (check_no_resolve && hostname_requires_resolving(db.host.hostname)) { sql_print_warning("'db' entry '%s %s@%s' " @@ -1750,8 +1751,7 @@ bool acl_getroot(Security_context *sctx, char *user, char *host, DBUG_ENTER("acl_getroot"); DBUG_PRINT("enter", ("Host: '%s', Ip: '%s', User: '%s', db: '%s'", - (host ? host : "(NULL)"), (ip ? ip : "(NULL)"), - user, (db ? db : "(NULL)"))); + host, ip, user, db)); sctx->user= user; sctx->host= host; sctx->ip= ip; @@ -2105,7 +2105,7 @@ static void acl_insert_user(const char *user, const char *host, acl_user.user.str=*user ? strdup_root(&mem,user) : 0; acl_user.user.length= strlen(user); - update_hostname(&acl_user.host, *host ? strdup_root(&mem, host): 0); + update_hostname(&acl_user.host, safe_strdup_root(&mem, host)); if (plugin->str[0]) { acl_user.plugin= *plugin; @@ -2207,7 +2207,7 @@ static void acl_insert_db(const char *user, const char *host, const char *db, ACL_DB acl_db; mysql_mutex_assert_owner(&acl_cache->lock); acl_db.user=strdup_root(&mem,user); - update_hostname(&acl_db.host, *host ? strdup_root(&mem,host) : 0); + update_hostname(&acl_db.host, safe_strdup_root(&mem, host)); acl_db.db=strdup_root(&mem,db); acl_db.access=privileges; if (set_initial_access) @@ -3161,10 +3161,11 @@ static const char *calc_ip(const char *ip, long *val, char end) static void update_hostname(acl_host_and_ip *host, const char *hostname) { + // fix historical undocumented convention that empty host is the same as '%' + hostname=const_cast<char*>(hostname ? hostname : host_not_specified.str); host->hostname=(char*) hostname; // This will not be modified! - if (!hostname || - (!(hostname=calc_ip(hostname,&host->ip,'/')) || - !(hostname=calc_ip(hostname+1,&host->ip_mask,'\0')))) + if (!(hostname= calc_ip(hostname,&host->ip,'/')) || + !(hostname= calc_ip(hostname+1,&host->ip_mask,'\0'))) { host->ip= host->ip_mask=0; // Not a masked ip } @@ -4154,11 +4155,18 @@ GRANT_TABLE::GRANT_TABLE(GRANT_TABLE *source, char *u) GRANT_NAME::GRANT_NAME(TABLE *form, bool is_routine) { - update_hostname(&host, get_field(&memex, form->field[0])); - db= get_field(&memex,form->field[1]); user= get_field(&memex,form->field[2]); if (!user) user= (char*) ""; + + const char *hostname= get_field(&memex, form->field[0]); + mysql_mutex_lock(&acl_cache->lock); + if (!hostname && find_acl_role(user)) + hostname= ""; + mysql_mutex_unlock(&acl_cache->lock); + update_hostname(&host, hostname); + + db= get_field(&memex,form->field[1]); sort= get_sort(3, host.hostname, db, user); tname= get_field(&memex,form->field[3]); if (!db || !tname) @@ -8897,6 +8905,9 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) } } + if (!user_name->host.str) + user_name->host= host_not_specified; + /* Search all in-memory structures and grant tables for a mention of the new user/role name. diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 756a6bf5ca4..0c77d66c30f 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -13197,12 +13197,23 @@ user: system_charset_info, 0) || check_host_name(&$$->host)) MYSQL_YYABORT; - /* - Convert hostname part of username to lowercase. - It's OK to use in-place lowercase as long as - the character set is utf8. - */ - my_casedn_str(system_charset_info, $$->host.str); + if ($$->host.str[0]) + { + /* + Convert hostname part of username to lowercase. + It's OK to use in-place lowercase as long as + the character set is utf8. + */ + my_casedn_str(system_charset_info, $$->host.str); + } + else + { + /* + fix historical undocumented convention that empty host is the + same as '%' + */ + $$->host= host_not_specified; + } } | CURRENT_USER optional_braces { |