diff options
| author | Harin Vadodaria <harin.vadodaria@oracle.com> | 2012-10-09 18:15:40 +0530 |
|---|---|---|
| committer | Harin Vadodaria <harin.vadodaria@oracle.com> | 2012-10-09 18:15:40 +0530 |
| commit | bdf2c4deb41698626dde1fe8d08084075269933e (patch) | |
| tree | 9bdbfccf31874ad08ea196ca1016355135177bb6 /sql/sql_acl.cc | |
| parent | 1997639261cbefea49d6d784011bfafbbffb5ac4 (diff) | |
| download | mariadb-git-bdf2c4deb41698626dde1fe8d08084075269933e.tar.gz | |
Bug #14211140: CRASH WHEN GRANTING OR REVOKING PROXY
PRIVILEGES
Description: (user,host) pair from security context is used
privilege checking at the time of granting or
revoking proxy privileges. This creates problem
when server is started with
--skip-name-resolve option because host will not
contain any value. Checks should be dependent on
consistent values regardless the way server is
started. Further, privilege check should use
(priv_user,priv_host) pair rather than values
obtained from inbound connection because
this pair represents the correct account context
obtained from mysql.user table.
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 5c4a144247f..d99ca3ceb99 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -7256,14 +7256,25 @@ acl_check_proxy_grant_access(THD *thd, const char *host, const char *user, DBUG_RETURN(FALSE); } - /* one can grant proxy to himself to others */ - if (!strcmp(thd->security_ctx->user, user) && + /* + one can grant proxy for self to others. + Security context in THD contains two pairs of (user,host): + 1. (user,host) pair referring to inbound connection. + 2. (priv_user,priv_host) pair obtained from mysql.user table after doing + authnetication of incoming connection. + Privileges should be checked wrt (priv_user, priv_host) tuple, because + (user,host) pair obtained from inbound connection may have different + values than what is actually stored in mysql.user table and while granting + or revoking proxy privilege, user is expected to provide entries mentioned + in mysql.user table. + */ + if (!strcmp(thd->security_ctx->priv_user, user) && !my_strcasecmp(system_charset_info, host, - thd->security_ctx->host)) + thd->security_ctx->priv_host)) { DBUG_PRINT("info", ("strcmp (%s, %s) my_casestrcmp (%s, %s) equal", - thd->security_ctx->user, user, - host, thd->security_ctx->host)); + thd->security_ctx->priv_user, user, + host, thd->security_ctx->priv_host)); DBUG_RETURN(FALSE); } |