diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 11:41:40 -0700 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-10-18 11:41:40 -0700 |
| commit | ac6877d420a70e215c59f1c85cfe80c6a71cf349 (patch) | |
| tree | eacddfe96382dcd8f07d60b5e171049381247c58 /sql | |
| parent | 4cc8cda346bdd63c7e3882d687ba01143856b5dd (diff) | |
| download | mariadb-git-ac6877d420a70e215c59f1c85cfe80c6a71cf349.tar.gz | |
SET PASSWORD bugfixes:
* work as documented, use CURRENT_USER()
* move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/set_var.cc | 18 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 21 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 40 | ||||
| -rw-r--r-- | sql/sql_yacc.yy | 5 |
4 files changed, 44 insertions, 40 deletions
diff --git a/sql/set_var.cc b/sql/set_var.cc index 4eb53dd04f4..fc5c549b9de 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -832,23 +832,7 @@ int set_var_user::update(THD *thd) int set_var_password::check(THD *thd) { #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (!user->host.str) - { - DBUG_ASSERT(thd->security_ctx->priv_host); - if (*thd->security_ctx->priv_host != 0) - { - user->host.str= (char *) thd->security_ctx->priv_host; - user->host.length= strlen(thd->security_ctx->priv_host); - } - else - user->host= host_not_specified; - } - if (user->user.str == current_user.str) - { - DBUG_ASSERT(thd->security_ctx->user); - user->user.str= (char *) thd->security_ctx->user; - user->user.length= strlen(thd->security_ctx->user); - } + user= get_current_user(thd, user); /* Returns 1 as the function sends error to client */ return check_change_password(thd, user->host.str, user->user.str, password, strlen(password)) ? 1 : 0; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 17f89f3360b..3179d853a87 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -2883,20 +2883,25 @@ int check_change_password(THD *thd, const char *host, const char *user, my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables"); return(1); } + if (!thd->slave_thread && !thd->security_ctx->priv_user[0]) + { + my_message(ER_PASSWORD_ANONYMOUS_USER, ER(ER_PASSWORD_ANONYMOUS_USER), + MYF(0)); + return(1); + } + if (!host) // Role + { + my_error(ER_PASSWORD_NO_MATCH, MYF(0)); + return 1; + } if (!thd->slave_thread && - (strcmp(thd->security_ctx->user, user) || + (strcmp(thd->security_ctx->priv_user, user) || my_strcasecmp(system_charset_info, host, thd->security_ctx->priv_host))) { if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 0)) return(1); } - if (!thd->slave_thread && !thd->security_ctx->user[0]) - { - my_message(ER_PASSWORD_ANONYMOUS_USER, ER(ER_PASSWORD_ANONYMOUS_USER), - MYF(0)); - return(1); - } size_t len= strlen(new_password); if (len && len != SCRAMBLED_PASSWORD_CHAR_LENGTH && len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323) @@ -3037,7 +3042,7 @@ end: RETURN FALSE user not fond - TRUE there are such user + TRUE there is such user */ bool is_acl_user(const char *host, const char *user) diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 7aecdff761a..e414921765d 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3791,38 +3791,54 @@ end_with_restore_list: if (thd->security_ctx->user) // If not replication { - LEX_USER *user, *tmp_user; + LEX_USER *user; bool first_user= TRUE; List_iterator <LEX_USER> user_list(lex->users_list); - while ((tmp_user= user_list++)) + while ((user= user_list++)) { - if (!(user= get_current_user(thd, tmp_user))) - goto error; if (specialflag & SPECIAL_NO_RESOLVE && hostname_requires_resolving(user->host.str)) push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN, ER_WARN_HOSTNAME_WONT_WORK, ER(ER_WARN_HOSTNAME_WONT_WORK)); - // Are we trying to change a password of another user - DBUG_ASSERT(user->host.str != 0); /* GRANT/REVOKE PROXY has the target user as a first entry in the list. */ if (lex->type == TYPE_ENUM_PROXY && first_user) { + if (!(user= get_current_user(thd, user)) || !user->host.str) + goto error; + first_user= FALSE; if (acl_check_proxy_grant_access (thd, user->host.str, user->user.str, lex->grant & GRANT_ACL)) goto error; } - else if (is_acl_user(user->host.str, user->user.str) && - user->password.str && - check_change_password (thd, user->host.str, user->user.str, - user->password.str, - user->password.length)) - goto error; + else if (user->password.str) + { + // Are we trying to change a password of another user? + const char *hostname= user->host.str, *username=user->user.str; + bool userok; + if (username == current_user.str) + { + username= thd->security_ctx->priv_user; + hostname= thd->security_ctx->priv_host; + userok= true; + } + else + { + if (!hostname) + hostname= host_not_specified.str; + userok= is_acl_user(hostname, username); + } + + if (userok && check_change_password (thd, hostname, username, + user->password.str, + user->password.length)) + goto error; + } } } if (first_table) diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 0c77d66c30f..dd874caf4b0 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -13884,10 +13884,9 @@ option_value: my_error(ER_SP_BAD_VAR_SHADOW, MYF(0), pw.str); MYSQL_YYABORT; } - if (!(user=(LEX_USER*) thd->alloc(sizeof(LEX_USER)))) + if (!(user=(LEX_USER*) thd->calloc(sizeof(LEX_USER)))) MYSQL_YYABORT; - user->host=null_lex_str; - user->user.str=thd->security_ctx->user; + user->user= current_user; set_var_password *var= new set_var_password(user, $3); if (var == NULL) MYSQL_YYABORT; |