diff options
| -rw-r--r-- | mysql-test/r/grant.result | 212 | ||||
| -rw-r--r-- | mysql-test/t/grant.test | 144 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 112 |
3 files changed, 412 insertions, 56 deletions
diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index 3432de5179a..8185789a939 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -591,6 +591,7 @@ insert into tables_priv values ('','test_db','mysqltest_1','test_table','test_gr flush privileges; delete from tables_priv where host = '' and user = 'mysqltest_1'; flush privileges; +use test; set @user123="non-existent"; select * from mysql.db where user=@user123; Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv @@ -621,9 +622,218 @@ show grants for mysqltest_7@; Grants for mysqltest_7@ GRANT USAGE ON *.* TO 'mysqltest_7'@'' IDENTIFIED BY PASSWORD '*2FB071A056F9BB745219D9C876814231DAF46517' drop user mysqltest_7@; -flush privileges; show grants for mysqltest_7@; ERROR 42000: There is no such grant defined for user 'mysqltest_7' on host '' +create table t1 (a int); +create table t2 as select * from mysql.user where user=''; +delete from mysql.user where user=''; +flush privileges; +create user mysqltest_8@''; +create user mysqltest_8; +create user mysqltest_8@host8; +create user mysqltest_8@''; +ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'' +create user mysqltest_8; +ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'%' +create user mysqltest_8@host8; +ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'host8' +select user, QUOTE(host) from mysql.user where user="mysqltest_8"; +user QUOTE(host) +mysqltest_8 '' +mysqltest_8 '%' +mysqltest_8 'host8' +Schema privileges +grant select on mysqltest.* to mysqltest_8@''; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'' +grant select on mysqltest.* to mysqltest_8@; +show grants for mysqltest_8@; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'' +grant select on mysqltest.* to mysqltest_8; +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'%' +select * from information_schema.schema_privileges +where grantee like "'mysqltest_8'%"; +GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE +'mysqltest_8'@'%' NULL mysqltest SELECT NO +'mysqltest_8'@'' NULL mysqltest SELECT NO +select * from t1; +a +revoke select on mysqltest.* from mysqltest_8@''; +revoke select on mysqltest.* from mysqltest_8; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +select * from information_schema.schema_privileges +where grantee like "'mysqltest_8'%"; +GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE +flush privileges; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +show grants for mysqltest_8@; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +grant select on mysqltest.* to mysqltest_8@''; +flush privileges; +show grants for mysqltest_8@; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT SELECT ON `mysqltest`.* TO 'mysqltest_8'@'' +revoke select on mysqltest.* from mysqltest_8@''; +flush privileges; +Column privileges +grant update (a) on t1 to mysqltest_8@''; +grant update (a) on t1 to mysqltest_8; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' +flush privileges; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'%' +select * from information_schema.column_privileges; +GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE +'mysqltest_8'@'%' NULL test t1 a UPDATE NO +'mysqltest_8'@'' NULL test t1 a UPDATE NO +select * from t1; +a +revoke update (a) on t1 from mysqltest_8@''; +revoke update (a) on t1 from mysqltest_8; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +select * from information_schema.column_privileges; +GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE +flush privileges; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +Table privileges +grant update on t1 to mysqltest_8@''; +grant update on t1 to mysqltest_8; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' +flush privileges; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT UPDATE ON `test`.`t1` TO 'mysqltest_8'@'%' +select * from information_schema.table_privileges; +GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE +'mysqltest_8'@'%' NULL test t1 UPDATE NO +'mysqltest_8'@'' NULL test t1 UPDATE NO +select * from t1; +a +revoke update on t1 from mysqltest_8@''; +revoke update on t1 from mysqltest_8; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +select * from information_schema.table_privileges; +GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE +flush privileges; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +"DROP USER" should clear privileges +grant all privileges on mysqltest.* to mysqltest_8@''; +grant select on mysqltest.* to mysqltest_8@''; +grant update on t1 to mysqltest_8@''; +grant update (a) on t1 to mysqltest_8@''; +grant all privileges on mysqltest.* to mysqltest_8; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'' +GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' +select * from information_schema.user_privileges +where grantee like "'mysqltest_8'%"; +GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE +'mysqltest_8'@'host8' NULL USAGE NO +'mysqltest_8'@'%' NULL USAGE NO +'mysqltest_8'@'' NULL USAGE NO +select * from t1; +a +flush privileges; +show grants for mysqltest_8@''; +Grants for mysqltest_8@ +GRANT USAGE ON *.* TO 'mysqltest_8'@'' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'' +GRANT UPDATE, UPDATE (a) ON `test`.`t1` TO 'mysqltest_8'@'' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' +drop user mysqltest_8@''; +show grants for mysqltest_8@''; +ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host '' +show grants for mysqltest_8; +Grants for mysqltest_8@% +GRANT USAGE ON *.* TO 'mysqltest_8'@'%' +GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_8'@'%' +select * from information_schema.user_privileges +where grantee like "'mysqltest_8'%"; +GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE +'mysqltest_8'@'host8' NULL USAGE NO +'mysqltest_8'@'%' NULL USAGE NO +drop user mysqltest_8; +connect(localhost,mysqltest_8,,test,MASTER_PORT,MASTER_SOCKET); +ERROR 28000: Access denied for user 'mysqltest_8'@'localhost' (using password: NO) +show grants for mysqltest_8; +ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host '%' +drop user mysqltest_8@host8; +show grants for mysqltest_8@host8; +ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host 'host8' +insert into mysql.user select * from t2; +flush privileges; +drop table t2; +drop table t1; create database mysqltest; use mysqltest; create table t1(f1 int); diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index 97f13381557..97a6b9235dc 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -479,6 +479,7 @@ insert into tables_priv values ('','test_db','mysqltest_1','test_table','test_gr flush privileges; delete from tables_priv where host = '' and user = 'mysqltest_1'; flush privileges; +use test; # # Bug #10892 user variables not auto cast for comparisons @@ -507,7 +508,6 @@ create user mysqltest_7@; set password for mysqltest_7@ = password('systpass'); show grants for mysqltest_7@; drop user mysqltest_7@; -flush privileges; # BUG#16297(flush should be removed when that bug is fixed) --error 1141 show grants for mysqltest_7@; @@ -528,3 +528,145 @@ flush privileges; drop database mysqltest; # End of 4.1 tests + +# +# Bug #16297 In memory grant tables not flushed when users's hostname is "" +# + +create table t1 (a int); + +# Backup anonymous users and remove them. (They get in the way of +# the one we test with here otherwise.) +create table t2 as select * from mysql.user where user=''; +delete from mysql.user where user=''; +flush privileges; + +# Create some users with different hostnames +create user mysqltest_8@''; +create user mysqltest_8; +create user mysqltest_8@host8; + +# Try to create them again +--error 1396 +create user mysqltest_8@''; +--error 1396 +create user mysqltest_8; +--error 1396 +create user mysqltest_8@host8; + +select user, QUOTE(host) from mysql.user where user="mysqltest_8"; + +--echo Schema privileges +grant select on mysqltest.* to mysqltest_8@''; +show grants for mysqltest_8@''; +grant select on mysqltest.* to mysqltest_8@; +show grants for mysqltest_8@; +grant select on mysqltest.* to mysqltest_8; +show grants for mysqltest_8; +select * from information_schema.schema_privileges +where grantee like "'mysqltest_8'%"; +connect (conn3,localhost,mysqltest_8,,); +select * from t1; +disconnect conn3; +connection master; +revoke select on mysqltest.* from mysqltest_8@''; +revoke select on mysqltest.* from mysqltest_8; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +select * from information_schema.schema_privileges +where grantee like "'mysqltest_8'%"; +flush privileges; +show grants for mysqltest_8@''; +show grants for mysqltest_8@; +grant select on mysqltest.* to mysqltest_8@''; +flush privileges; +show grants for mysqltest_8@; +revoke select on mysqltest.* from mysqltest_8@''; +flush privileges; + +--echo Column privileges +grant update (a) on t1 to mysqltest_8@''; +grant update (a) on t1 to mysqltest_8; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +flush privileges; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +select * from information_schema.column_privileges; +connect (conn4,localhost,mysqltest_8,,); +select * from t1; +disconnect conn4; +connection master; +revoke update (a) on t1 from mysqltest_8@''; +revoke update (a) on t1 from mysqltest_8; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +select * from information_schema.column_privileges; +flush privileges; +show grants for mysqltest_8@''; +show grants for mysqltest_8; + +--echo Table privileges +grant update on t1 to mysqltest_8@''; +grant update on t1 to mysqltest_8; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +flush privileges; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +select * from information_schema.table_privileges; +connect (conn5,localhost,mysqltest_8,,); +select * from t1; +disconnect conn5; +connection master; +revoke update on t1 from mysqltest_8@''; +revoke update on t1 from mysqltest_8; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +select * from information_schema.table_privileges; +flush privileges; +show grants for mysqltest_8@''; +show grants for mysqltest_8; + +--echo "DROP USER" should clear privileges +grant all privileges on mysqltest.* to mysqltest_8@''; +grant select on mysqltest.* to mysqltest_8@''; +grant update on t1 to mysqltest_8@''; +grant update (a) on t1 to mysqltest_8@''; +grant all privileges on mysqltest.* to mysqltest_8; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +select * from information_schema.user_privileges +where grantee like "'mysqltest_8'%"; +connect (conn5,localhost,mysqltest_8,,); +select * from t1; +disconnect conn5; +connection master; +flush privileges; +show grants for mysqltest_8@''; +show grants for mysqltest_8; +drop user mysqltest_8@''; +--error 1141 +show grants for mysqltest_8@''; +show grants for mysqltest_8; +select * from information_schema.user_privileges +where grantee like "'mysqltest_8'%"; +drop user mysqltest_8; +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT +--error 1045 +connect (conn6,localhost,mysqltest_8,,); +connection master; +--error 1141 +show grants for mysqltest_8; +drop user mysqltest_8@host8; +--error 1141 +show grants for mysqltest_8@host8; + +# Restore the anonymous users. +insert into mysql.user select * from t2; +flush privileges; +drop table t2; + +drop table t1; + + diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 02b2f88676f..1cf326e2bc3 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -227,7 +227,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) "case that has been forced to lowercase because " "lower_case_table_names is set. It will not be " "possible to remove this privilege using REVOKE.", - host.host.hostname, host.db); + host.host.hostname ? host.host.hostname : "", + host.db ? host.db : ""); } host.access= get_access(table,2); host.access= fix_rights_for_db(host.access); @@ -236,7 +237,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) { sql_print_warning("'host' entry '%s|%s' " "ignored in --skip-name-resolve mode.", - host.host.hostname, host.db?host.db:""); + host.host.hostname ? host.host.hostname : "", + host.db ? host.db : ""); continue; } #ifndef TO_BE_REMOVED @@ -306,7 +308,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) { sql_print_warning("'user' entry '%s@%s' " "ignored in --skip-name-resolve mode.", - user.user, user.host.hostname); + user.user ? user.user : "", + user.host.hostname ? user.host.hostname : ""); continue; } @@ -415,8 +418,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) #endif } VOID(push_dynamic(&acl_users,(gptr) &user)); - if (!user.host.hostname || user.host.hostname[0] == wild_many && - !user.host.hostname[1]) + if (!user.host.hostname || + (user.host.hostname[0] == wild_many && !user.host.hostname[1])) allow_all_hosts=1; // Anyone can connect } } @@ -442,7 +445,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) { sql_print_warning("'db' entry '%s %s@%s' " "ignored in --skip-name-resolve mode.", - db.db, db.user, db.host.hostname); + db.db, + db.user ? db.user : "", + db.host.hostname ? db.host.hostname : ""); continue; } db.access=get_access(table,3); @@ -461,7 +466,9 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) "case that has been forced to lowercase because " "lower_case_table_names is set. It will not be " "possible to remove this privilege using REVOKE.", - db.db, db.user, db.host.hostname, db.host.hostname); + db.db, + db.user ? db.user : "", + db.host.hostname ? db.host.hostname : ""); } } db.sort=get_sort(3,db.host.hostname,db.db,db.user); @@ -1033,8 +1040,7 @@ static void acl_update_user(const char *user, const char *host, { ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); if (!acl_user->user && !user[0] || - acl_user->user && - !strcmp(user,acl_user->user)) + acl_user->user && !strcmp(user,acl_user->user)) { if (!acl_user->host.hostname && !host[0] || acl_user->host.hostname && @@ -1097,8 +1103,8 @@ static void acl_insert_user(const char *user, const char *host, set_user_salt(&acl_user, password, password_len); VOID(push_dynamic(&acl_users,(gptr) &acl_user)); - if (!acl_user.host.hostname || acl_user.host.hostname[0] == wild_many - && !acl_user.host.hostname[1]) + if (!acl_user.host.hostname || + (acl_user.host.hostname[0] == wild_many && !acl_user.host.hostname[1])) allow_all_hosts=1; // Anyone can connect /* purecov: tested */ qsort((gptr) dynamic_element(&acl_users,0,ACL_USER*),acl_users.elements, sizeof(ACL_USER),(qsort_cmp) acl_compare); @@ -1158,7 +1164,7 @@ static void acl_insert_db(const char *user, const char *host, const char *db, ACL_DB acl_db; safe_mutex_assert_owner(&acl_cache->lock); acl_db.user=strdup_root(&mem,user); - update_hostname(&acl_db.host,strdup_root(&mem,host)); + update_hostname(&acl_db.host, *host ? strdup_root(&mem,host) : 0); acl_db.db=strdup_root(&mem,db); acl_db.access=privileges; acl_db.sort=get_sort(3,acl_db.host.hostname,acl_db.db,acl_db.user); @@ -1546,11 +1552,10 @@ find_acl_user(const char *host, const char *user, my_bool exact) { ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); DBUG_PRINT("info",("strcmp('%s','%s'), compare_hostname('%s','%s'),", - user, - acl_user->user ? acl_user->user : "", - host, - acl_user->host.hostname ? acl_user->host.hostname : - "")); + user, acl_user->user ? acl_user->user : "", + host, + acl_user->host.hostname ? acl_user->host.hostname : + "")); if (!acl_user->user && !user[0] || acl_user->user && !strcmp(user,acl_user->user)) { @@ -1600,7 +1605,7 @@ static const char *calc_ip(const char *ip, long *val, char end) static void update_hostname(acl_host_and_ip *host, const char *hostname) { - host->hostname=(char*) hostname; // This will not be modified! + host->hostname=(char*) hostname; // This will not be modified! if (!hostname || (!(hostname=calc_ip(hostname,&host->ip,'/')) || !(hostname=calc_ip(hostname+1,&host->ip_mask,'\0')))) @@ -1620,8 +1625,8 @@ static bool compare_hostname(const acl_host_and_ip *host, const char *hostname, } return (!host->hostname || (hostname && !wild_case_compare(system_charset_info, - hostname,host->hostname)) || - (ip && !wild_compare(ip,host->hostname,0))); + hostname, host->hostname)) || + (ip && !wild_compare(ip, host->hostname, 0))); } bool hostname_requires_resolving(const char *hostname) @@ -3367,8 +3372,10 @@ static my_bool grant_load(TABLE_LIST *tables) { sql_print_warning("'tables_priv' entry '%s %s@%s' " "ignored in --skip-name-resolve mode.", - mem_check->tname, mem_check->user, - mem_check->host, mem_check->host); + mem_check->tname, + mem_check->user ? mem_check->user : "", + mem_check->host.hostname ? + mem_check->host.hostname : ""); continue; } } @@ -3406,7 +3413,8 @@ static my_bool grant_load(TABLE_LIST *tables) sql_print_warning("'procs_priv' entry '%s %s@%s' " "ignored in --skip-name-resolve mode.", mem_check->tname, mem_check->user, - mem_check->host); + mem_check->host.hostname ? + mem_check->host.hostname : ""); continue; } } @@ -4113,11 +4121,6 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) DBUG_RETURN(TRUE); } - if (!lex_user->host.str) - { - lex_user->host.str= (char*) "%"; - lex_user->host.length=1; - } if (lex_user->host.length > HOSTNAME_LENGTH || lex_user->user.length > USERNAME_LENGTH) { @@ -4327,16 +4330,17 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) /* Add table & column access */ for (index=0 ; index < column_priv_hash.records ; index++) { - const char *user; + const char *user, *host; GRANT_TABLE *grant_table= (GRANT_TABLE*) hash_element(&column_priv_hash, index); if (!(user=grant_table->user)) user= ""; + if (!(host= grant_table->host.hostname)) + host= ""; if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, - grant_table->host.hostname)) + !my_strcasecmp(system_charset_info, lex_user->host.str, host)) { ulong table_access= grant_table->privs; if ((table_access | grant_table->cols) != 0) @@ -4463,15 +4467,16 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash, /* Add routine access */ for (index=0 ; index < hash->records ; index++) { - const char *user; + const char *user, *host; GRANT_NAME *grant_proc= (GRANT_NAME*) hash_element(hash, index); if (!(user=grant_proc->user)) user= ""; + if (!(host= grant_proc->host.hostname)) + host= ""; if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, - grant_proc->host.hostname)) + !my_strcasecmp(system_charset_info, lex_user->host.str, host)) { ulong proc_access= grant_proc->privs; if (proc_access != 0) @@ -4923,35 +4928,30 @@ static int handle_grant_struct(uint struct_no, bool drop, { /* Get a pointer to the element. - Unfortunaltely, the host default differs for the structures. */ switch (struct_no) { case 0: acl_user= dynamic_element(&acl_users, idx, ACL_USER*); user= acl_user->user; - if (!(host= acl_user->host.hostname)) - host= "%"; - break; + host= acl_user->host.hostname; + break; case 1: acl_db= dynamic_element(&acl_dbs, idx, ACL_DB*); user= acl_db->user; - if (!(host= acl_db->host.hostname)) - host= "%"; + host= acl_db->host.hostname; break; case 2: grant_name= (GRANT_NAME*) hash_element(&column_priv_hash, idx); user= grant_name->user; - if (!(host= grant_name->host.hostname)) - host= "%"; + host= grant_name->host.hostname; break; case 3: grant_name= (GRANT_NAME*) hash_element(&proc_priv_hash, idx); user= grant_name->user; - if (!(host= grant_name->host.hostname)) - host= "%"; + host= grant_name->host.hostname; break; } if (! user) @@ -5540,8 +5540,10 @@ bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, LEX_USER lex_user; lex_user.user.str= grant_proc->user; lex_user.user.length= strlen(grant_proc->user); - lex_user.host.str= grant_proc->host.hostname; - lex_user.host.length= strlen(grant_proc->host.hostname); + lex_user.host.str= grant_proc->host.hostname ? + grant_proc->host.hostname : (char*)""; + lex_user.host.length= grant_proc->host.hostname ? + strlen(grant_proc->host.hostname) : 0; if (!replace_routine_table(thd,grant_proc,tables[4].table,lex_user, grant_proc->db, grant_proc->tname, is_proc, ~(ulong)0, 1)) @@ -5848,16 +5850,17 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) for (index=0 ; index < column_priv_hash.records ; index++) { - const char *user, *is_grantable= "YES"; + const char *user, *host, *is_grantable= "YES"; GRANT_TABLE *grant_table= (GRANT_TABLE*) hash_element(&column_priv_hash, index); if (!(user=grant_table->user)) user= ""; + if (!(host= grant_table->host.hostname)) + host= ""; if (no_global_access && (strcmp(thd->security_ctx->priv_user, user) || - my_strcasecmp(system_charset_info, curr_host, - grant_table->host.hostname))) + my_strcasecmp(system_charset_info, curr_host, host))) continue; ulong table_access= grant_table->privs; @@ -5873,7 +5876,7 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) if (!(table_access & GRANT_ACL)) is_grantable= "NO"; - strxmov(buff,"'",user,"'@'",grant_table->host.hostname,"'",NullS); + strxmov(buff, "'", user, "'@'", host, "'", NullS); if (!test_access) update_schema_privilege(table, buff, grant_table->db, grant_table->tname, 0, 0, STRING_WITH_LEN("USAGE"), is_grantable); @@ -5915,16 +5918,17 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) for (index=0 ; index < column_priv_hash.records ; index++) { - const char *user, *is_grantable= "YES"; + const char *user, *host, *is_grantable= "YES"; GRANT_TABLE *grant_table= (GRANT_TABLE*) hash_element(&column_priv_hash, index); if (!(user=grant_table->user)) user= ""; + if (!(host= grant_table->host.hostname)) + host= ""; if (no_global_access && (strcmp(thd->security_ctx->priv_user, user) || - my_strcasecmp(system_charset_info, curr_host, - grant_table->host.hostname))) + my_strcasecmp(system_charset_info, curr_host, host))) continue; ulong table_access= grant_table->cols; @@ -5934,7 +5938,7 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) is_grantable= "NO"; ulong test_access= table_access & ~GRANT_ACL; - strxmov(buff,"'",user,"'@'",grant_table->host.hostname,"'",NullS); + strxmov(buff, "'", user, "'@'", host, "'", NullS); if (!test_access) continue; else |