Skip to content

M
mariadb
Commit 319bcde9 authored by Sergei Golubchik's avatar Sergei Golubchik
Browse files
Options

MDEV-5861 MySQL Bug#12601974 - STORED PROCEDURE SQL_MODE=NO_BACKSLASH_ESCAPES... 

MDEV-5861 MySQL Bug#12601974 - STORED PROCEDURE SQL_MODE=NO_BACKSLASH_ESCAPES IGNORED AND BREAKS REPLICATION

escape usernames in CREATE/DROP USER error messages according to NO_BACKSLASH_ESCAPES
parent 218280bc
Hide whitespace changes
Inline Side-by-side
Showing with 218 additions and 25 deletions
mysql-test/r/not_embedded_server.result
View file @ 319bcde9
...@@ -48,3 +48,88 @@ DROP USER nopriv_user@localhost; ...@@ -48,3 +48,88 @@ DROP USER nopriv_user@localhost;
# #
# End Bug#54812 # End Bug#54812
# #
#
# Test for Bug#12601974 - STORED PROCEDURE SQL_MODE=NO_BACKSLASH_ESCAPES
# IGNORED AND BREAKS REPLICATION
#
SET @org_mode=@@sql_mode;
SET @@sql_mode='';
# USER NAME CONTAINING BACKSLASH IN CREATE USER OPERATION
CREATE USER 'user\'s_12601974'@'localhost';
CREATE USER 'user\'s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\'s_12601974'@'localhost'
DROP USER 'user\'s_12601974'@'localhost';
CREATE USER 'user\"s_12601974'@'localhost';
CREATE USER 'user\"s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\"s_12601974'@'localhost'
DROP USER 'user\"s_12601974'@'localhost';
CREATE USER 'user\bs_12601974'@'localhost';
CREATE USER 'user\bs_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'users_12601974'@'localhost'
DROP USER 'user\bs_12601974'@'localhost';
CREATE USER 'user\ns_12601974'@'localhost';
CREATE USER 'user\ns_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\ns_12601974'@'localhost'
DROP USER 'user\ns_12601974'@'localhost';
CREATE USER 'user\rs_12601974'@'localhost';
CREATE USER 'user\rs_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\rs_12601974'@'localhost'
DROP USER 'user\rs_12601974'@'localhost';
CREATE USER 'user\ts_12601974'@'localhost';
CREATE USER 'user\ts_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user s_12601974'@'localhost'
DROP USER 'user\ts_12601974'@'localhost';
CREATE USER 'user\\s_12601974'@'localhost';
CREATE USER 'user\\s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\\s_12601974'@'localhost'
DROP USER 'user\\s_12601974'@'localhost';
CREATE USER 'user\%s_12601974'@'localhost';
CREATE USER 'user\%s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\\%s_12601974'@'localhost'
DROP USER 'user\%s_12601974'@'localhost';
CREATE USER 'user\_s_12601974'@'localhost';
CREATE USER 'user\_s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\\_s_12601974'@'localhost'
DROP USER 'user\_s_12601974'@'localhost';
# END OF CASE - USER NAME CONTAINING BACKSLASH IN CREATE USER OPERATION
SET @@sql_mode='NO_BACKSLASH_ESCAPES';
# USER NAME CONTAINING BACKSLASH IN DROP USER OPERATION
CREATE USER 'user\"s_12601974'@'localhost';
CREATE USER 'user\"s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\"s_12601974'@'localhost'
DROP USER 'user\"s_12601974'@'localhost';
CREATE USER 'user\bs_12601974'@'localhost';
CREATE USER 'user\bs_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\bs_12601974'@'localhost'
DROP USER 'user\bs_12601974'@'localhost';
CREATE USER 'user\ns_12601974'@'localhost';
CREATE USER 'user\ns_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\ns_12601974'@'localhost'
DROP USER 'user\ns_12601974'@'localhost';
CREATE USER 'user\rs_12601974'@'localhost';
CREATE USER 'user\rs_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\rs_12601974'@'localhost'
DROP USER 'user\rs_12601974'@'localhost';
CREATE USER 'user\ts_12601974'@'localhost';
CREATE USER 'user\ts_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\ts_12601974'@'localhost'
DROP USER 'user\ts_12601974'@'localhost';
CREATE USER 'user\\s_12601974'@'localhost';
CREATE USER 'user\\s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\\s_12601974'@'localhost'
DROP USER 'user\\s_12601974'@'localhost';
CREATE USER 'user\%s_12601974'@'localhost';
CREATE USER 'user\%s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\%s_12601974'@'localhost'
DROP USER 'user\%s_12601974'@'localhost';
CREATE USER 'user\_s_12601974'@'localhost';
CREATE USER 'user\_s_12601974'@'localhost';
ERROR HY000: Operation CREATE USER failed for 'user\_s_12601974'@'localhost'
DROP USER 'user\_s_12601974'@'localhost';
# END OF CASE - USER NAME CONTAINING BACKSLASH IN CREATE USER OPERATION
SET @@sql_mode= @org_mode;
#End of Test for Bug#12601974
mysql-test/t/not_embedded_server.test
View file @ 319bcde9
...@@ -102,3 +102,110 @@ DROP USER nopriv_user@localhost; ...@@ -102,3 +102,110 @@ DROP USER nopriv_user@localhost;
--echo # --echo #
--echo # End Bug#54812 --echo # End Bug#54812
--echo # --echo #
--echo
--echo #
--echo # Test for Bug#12601974 - STORED PROCEDURE SQL_MODE=NO_BACKSLASH_ESCAPES
--echo # IGNORED AND BREAKS REPLICATION
--echo #
SET @org_mode=@@sql_mode;
SET @@sql_mode='';
--echo # USER NAME CONTAINING BACKSLASH IN CREATE USER OPERATION
CREATE USER 'user\'s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\'s_12601974'@'localhost';
DROP USER 'user\'s_12601974'@'localhost';
CREATE USER 'user\"s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\"s_12601974'@'localhost';
DROP USER 'user\"s_12601974'@'localhost';
CREATE USER 'user\bs_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\bs_12601974'@'localhost';
DROP USER 'user\bs_12601974'@'localhost';
CREATE USER 'user\ns_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\ns_12601974'@'localhost';
DROP USER 'user\ns_12601974'@'localhost';
CREATE USER 'user\rs_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\rs_12601974'@'localhost';
DROP USER 'user\rs_12601974'@'localhost';
CREATE USER 'user\ts_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\ts_12601974'@'localhost';
DROP USER 'user\ts_12601974'@'localhost';
CREATE USER 'user\\s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\\s_12601974'@'localhost';
DROP USER 'user\\s_12601974'@'localhost';
CREATE USER 'user\%s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\%s_12601974'@'localhost';
DROP USER 'user\%s_12601974'@'localhost';
CREATE USER 'user\_s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\_s_12601974'@'localhost';
DROP USER 'user\_s_12601974'@'localhost';
--echo
--echo # END OF CASE - USER NAME CONTAINING BACKSLASH IN CREATE USER OPERATION
SET @@sql_mode='NO_BACKSLASH_ESCAPES';
--echo # USER NAME CONTAINING BACKSLASH IN DROP USER OPERATION
CREATE USER 'user\"s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\"s_12601974'@'localhost';
DROP USER 'user\"s_12601974'@'localhost';
CREATE USER 'user\bs_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\bs_12601974'@'localhost';
DROP USER 'user\bs_12601974'@'localhost';
CREATE USER 'user\ns_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\ns_12601974'@'localhost';
DROP USER 'user\ns_12601974'@'localhost';
CREATE USER 'user\rs_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\rs_12601974'@'localhost';
DROP USER 'user\rs_12601974'@'localhost';
CREATE USER 'user\ts_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\ts_12601974'@'localhost';
DROP USER 'user\ts_12601974'@'localhost';
CREATE USER 'user\\s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\\s_12601974'@'localhost';
DROP USER 'user\\s_12601974'@'localhost';
CREATE USER 'user\%s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\%s_12601974'@'localhost';
DROP USER 'user\%s_12601974'@'localhost';
CREATE USER 'user\_s_12601974'@'localhost';
--error ER_CANNOT_USER
CREATE USER 'user\_s_12601974'@'localhost';
DROP USER 'user\_s_12601974'@'localhost';
--echo
--echo # END OF CASE - USER NAME CONTAINING BACKSLASH IN CREATE USER OPERATION
SET @@sql_mode= @org_mode;
--echo
--echo #End of Test for Bug#12601974
sql/sql_acl.cc
View file @ 319bcde9
...@@ -5808,24 +5808,25 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, ...@@ -5808,24 +5808,25 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc,
/** /**
append a user or role name to a buffer that will be later used as an error message append a user or role name to a buffer that will be later used as an error message
*/ */
static void append_user(String *str, const LEX_STRING *u, const LEX_STRING *h) static void append_user(THD *thd, String *str,
const LEX_STRING *u, const LEX_STRING *h)
{ {
if (str->length()) if (str->length())
str->append(','); str->append(',');
str->append('\''); append_query_string(system_charset_info, str, u->str, u->length,
str->append(u); thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES);
/* hostname part is not relevant for roles, it is always empty */ /* hostname part is not relevant for roles, it is always empty */
if (u->length == 0 || h->length != 0) if (u->length == 0 || h->length != 0)
{ {
str->append(STRING_WITH_LEN("'@'")); str->append('@');
str->append(h); append_query_string(system_charset_info, str, h->str, h->length,
thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES);
} }
str->append('\'');
} }
static void append_user(String *str, LEX_USER *user) static void append_user(THD *thd, String *str, LEX_USER *user)
{ {
append_user(str, & user->user, & user->host); append_user(thd, str, & user->user, & user->host);
} }
/** /**
...@@ -5965,7 +5966,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -5965,7 +5966,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
{ {
LEX_STRING ls= { thd->security_ctx->priv_role, LEX_STRING ls= { thd->security_ctx->priv_role,
strlen(thd->security_ctx->priv_role) }; strlen(thd->security_ctx->priv_role) };
append_user(&wrong_users, &ls, &empty_lex_str); append_user(thd, &wrong_users, &ls, &empty_lex_str);
result= 1; result= 1;
continue; continue;
} }
...@@ -5973,7 +5974,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -5973,7 +5974,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
/* can not grant current_role to current_role */ /* can not grant current_role to current_role */
if (granted_role->user.str == current_role.str) if (granted_role->user.str == current_role.str)
{ {
append_user(&wrong_users, &role_as_user->user, &empty_lex_str); append_user(thd, &wrong_users, &role_as_user->user, &empty_lex_str);
result= 1; result= 1;
continue; continue;
} }
...@@ -6000,7 +6001,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -6000,7 +6001,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
{ {
if (is_invalid_role_name(username.str)) if (is_invalid_role_name(username.str))
{ {
append_user(&wrong_users, &username, &empty_lex_str); append_user(thd, &wrong_users, &username, &empty_lex_str);
result= 1; result= 1;
continue; continue;
} }
...@@ -6026,7 +6027,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -6026,7 +6027,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
false, create_new_user, false, create_new_user,
no_auto_create_user)) no_auto_create_user))
{ {
append_user(&wrong_users, &username, &hostname); append_user(thd, &wrong_users, &username, &hostname);
result= 1; result= 1;
continue; continue;
} }
...@@ -6038,7 +6039,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -6038,7 +6039,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
if (!grantee) if (!grantee)
{ {
append_user(&wrong_users, &username, &hostname); append_user(thd, &wrong_users, &username, &hostname);
result= 1; result= 1;
continue; continue;
} }
...@@ -6060,7 +6061,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -6060,7 +6061,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
if (role_as_user && if (role_as_user &&
traverse_role_graph_down(role, 0, 0, 0) == ROLE_CYCLE_FOUND) traverse_role_graph_down(role, 0, 0, 0) == ROLE_CYCLE_FOUND)
{ {
append_user(&wrong_users, &username, &empty_lex_str); append_user(thd, &wrong_users, &username, &empty_lex_str);
result= 1; result= 1;
undo_add_role_user_mapping(grantee, role); undo_add_role_user_mapping(grantee, role);
continue; continue;
...@@ -6072,7 +6073,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -6072,7 +6073,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
/* grant was already removed or never existed */ /* grant was already removed or never existed */
if (!hash_entry) if (!hash_entry)
{ {
append_user(&wrong_users, &username, &hostname); append_user(thd, &wrong_users, &username, &hostname);
result= 1; result= 1;
continue; continue;
} }
...@@ -6093,7 +6094,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -6093,7 +6094,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
thd->lex->with_admin_option, thd->lex->with_admin_option,
hash_entry, revoke)) hash_entry, revoke))
{ {
append_user(&wrong_users, &username, &empty_lex_str); append_user(thd, &wrong_users, &username, &empty_lex_str);
result= 1; result= 1;
if (!revoke) if (!revoke)
{ {
...@@ -9188,7 +9189,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ...@@ -9188,7 +9189,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
if (handle_as_role && is_invalid_role_name(user_name->user.str)) if (handle_as_role && is_invalid_role_name(user_name->user.str))
{ {
append_user(&wrong_users, user_name); append_user(thd, &wrong_users, user_name);
result= TRUE; result= TRUE;
continue; continue;
} }
...@@ -9202,7 +9203,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ...@@ -9202,7 +9203,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
*/ */
if (handle_grant_data(tables, 0, user_name, NULL)) if (handle_grant_data(tables, 0, user_name, NULL))
{ {
append_user(&wrong_users, user_name); append_user(thd, &wrong_users, user_name);
result= TRUE; result= TRUE;
continue; continue;
...@@ -9211,7 +9212,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ...@@ -9211,7 +9212,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
some_users_created= TRUE; some_users_created= TRUE;
if (replace_user_table(thd, tables[0].table, *user_name, 0, 0, 1, 0)) if (replace_user_table(thd, tables[0].table, *user_name, 0, 0, 1, 0))
{ {
append_user(&wrong_users, user_name); append_user(thd, &wrong_users, user_name);
result= TRUE; result= TRUE;
continue; continue;
} }
...@@ -9236,7 +9237,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ...@@ -9236,7 +9237,7 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
&user_name->user, true, &user_name->user, true,
NULL, false)) NULL, false))
{ {
append_user(&wrong_users, user_name); append_user(thd, &wrong_users, user_name);
if (grantee) if (grantee)
undo_add_role_user_mapping(grantee, role); undo_add_role_user_mapping(grantee, role);
result= TRUE; result= TRUE;
...@@ -9309,14 +9310,14 @@ bool mysql_drop_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ...@@ -9309,14 +9310,14 @@ bool mysql_drop_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
if (handle_as_role != user_name->is_role()) if (handle_as_role != user_name->is_role())
{ {
append_user(&wrong_users, user_name); append_user(thd, &wrong_users, user_name);
result= TRUE; result= TRUE;
continue; continue;
} }
if (handle_grant_data(tables, 1, user_name, NULL) <= 0) if (handle_grant_data(tables, 1, user_name, NULL) <= 0)
{ {
append_user(&wrong_users, user_name); append_user(thd, &wrong_users, user_name);
result= TRUE; result= TRUE;
continue; continue;
} }
...@@ -9389,13 +9390,13 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list) ...@@ -9389,13 +9390,13 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
tmp_user_to= user_list++; tmp_user_to= user_list++;
if (!(user_from= get_current_user(thd, tmp_user_from, false))) if (!(user_from= get_current_user(thd, tmp_user_from, false)))
{ {
append_user(&wrong_users, user_from); append_user(thd, &wrong_users, user_from);
result= TRUE; result= TRUE;
continue; continue;
} }
if (!(user_to= get_current_user(thd, tmp_user_to, false))) if (!(user_to= get_current_user(thd, tmp_user_to, false)))
{ {
append_user(&wrong_users, user_to); append_user(thd, &wrong_users, user_to);
result= TRUE; result= TRUE;
continue; continue;
} }
...@@ -9410,7 +9411,7 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list) ...@@ -9410,7 +9411,7 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list)
handle_grant_data(tables, 0, user_from, user_to) <= 0) handle_grant_data(tables, 0, user_from, user_to) <= 0)
{ {
/* NOTE TODO renaming roles is not yet implemented */ /* NOTE TODO renaming roles is not yet implemented */
append_user(&wrong_users, user_from); append_user(thd, &wrong_users, user_from);
result= TRUE; result= TRUE;
continue; continue;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7