Skip to content

M
mariadb
Commit 9c123d0c authored by monty@mashka.mysql.fi's avatar monty@mashka.mysql.fi
Browse files
Options

Don't give the anonymous user create temp table or lock tables privileges. 

SET PASSWORD=... closed connection on error.
parent 378d977d
Expand all Show whitespace changes
Inline Side-by-side
Showing with 103 additions and 84 deletions
Docs/manual.texi
View file @ 9c123d0c
...@@ -50448,6 +50448,9 @@ each individual 4.0.x release. ...@@ -50448,6 +50448,9 @@ each individual 4.0.x release.
@itemize @bullet @itemize @bullet
@item @item
@code{SET PASSWORD FOR ...} closed the connection in case of errors (bug
from 4.0.3).
@item
Increased max possible @code{max_allowed_packet} in @code{mysqld} to 1G. Increased max possible @code{max_allowed_packet} in @code{mysqld} to 1G.
@item @item
Fixed bug when doing a multi-line @code{INSERT} on a table with an Fixed bug when doing a multi-line @code{INSERT} on a table with an
mysql-test/r/rpl_rotate_logs.result
View file @ 9c123d0c
...@@ -80,4 +80,4 @@ select count(*) from t3 where n >= 4; ...@@ -80,4 +80,4 @@ select count(*) from t3 where n >= 4;
count(*) count(*)
100 100
unlock tables; unlock tables;
drop table if exists t1,t2,t3; drop table if exists t1,t2,t3,t4;
scripts/mysql_fix_privilege_tables.sh
View file @ 9c123d0c
...@@ -160,7 +160,7 @@ then ...@@ -160,7 +160,7 @@ then
echo "" echo ""
echo "Updating new privileges in MySQL 4.0.2 from old ones" echo "Updating new privileges in MySQL 4.0.2 from old ones"
@bindir@/mysql --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA @bindir@/mysql --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
update user set show_db_priv= select_priv, super_priv=process_priv, execute_priv=process_priv, create_tmp_table_priv='Y', Lock_tables_priv='Y', Repl_slave_priv=file_priv, Repl_client_priv=file_priv; update user set show_db_priv= select_priv, super_priv=process_priv, execute_priv=process_priv, create_tmp_table_priv='Y', Lock_tables_priv='Y', Repl_slave_priv=file_priv, Repl_client_priv=file_priv where user<>"";
END_OF_DATA END_OF_DATA
echo "" echo ""
fi fi
......
sql/set_var.cc
View file @ 9c123d0c
...@@ -896,7 +896,7 @@ byte *sys_var_thd_enum::value_ptr(THD *thd, enum_var_type type) ...@@ -896,7 +896,7 @@ byte *sys_var_thd_enum::value_ptr(THD *thd, enum_var_type type)
bool sys_var_thd_bit::update(THD *thd, set_var *var) bool sys_var_thd_bit::update(THD *thd, set_var *var)
{ {
bool res= (*update_func)(thd, var); int res= (*update_func)(thd, var);
thd->lex.select_lex.options=thd->options; thd->lex.select_lex.options=thd->options;
return res; return res;
} }
...@@ -1010,7 +1010,7 @@ byte *sys_var_insert_id::value_ptr(THD *thd, enum_var_type type) ...@@ -1010,7 +1010,7 @@ byte *sys_var_insert_id::value_ptr(THD *thd, enum_var_type type)
bool sys_var_slave_skip_counter::check(THD *thd, set_var *var) bool sys_var_slave_skip_counter::check(THD *thd, set_var *var)
{ {
bool result=0; int result= 0;
LOCK_ACTIVE_MI; LOCK_ACTIVE_MI;
pthread_mutex_lock(&active_mi->rli.run_lock); pthread_mutex_lock(&active_mi->rli.run_lock);
if (active_mi->rli.slave_running) if (active_mi->rli.slave_running)
...@@ -1236,26 +1236,24 @@ sys_var *find_sys_var(const char *str, uint length) ...@@ -1236,26 +1236,24 @@ sys_var *find_sys_var(const char *str, uint length)
RETURN VALUE RETURN VALUE
0 ok 0 ok
1 Something got wrong (normally no variables was updated) 1 ERROR, message sent (normally no variables was updated)
-1 ERROR, message not sent
*/ */
bool sql_set_variables(THD *thd, List<set_var_base> *var_list) int sql_set_variables(THD *thd, List<set_var_base> *var_list)
{ {
bool error=0; int error= 0;
List_iterator<set_var_base> it(*var_list); List_iterator<set_var_base> it(*var_list);
set_var_base *var; set_var_base *var;
while ((var=it++)) while ((var=it++))
{ {
if (var->check(thd)) if ((error=var->check(thd)))
return 1; return error;
} }
it.rewind(); it.rewind();
while ((var=it++)) while ((var=it++))
{ error|= var->update(thd); // Returns 0, -1 or 1
if (var->update(thd))
error=1;
}
return error; return error;
} }
...@@ -1264,14 +1262,14 @@ bool sql_set_variables(THD *thd, List<set_var_base> *var_list) ...@@ -1264,14 +1262,14 @@ bool sql_set_variables(THD *thd, List<set_var_base> *var_list)
Functions to handle SET mysql_internal_variable=const_expr Functions to handle SET mysql_internal_variable=const_expr
*****************************************************************************/ *****************************************************************************/
bool set_var::check(THD *thd) int set_var::check(THD *thd)
{ {
if (var->check_type(type)) if (var->check_type(type))
{ {
my_error(type == OPT_GLOBAL ? ER_LOCAL_VARIABLE : ER_GLOBAL_VARIABLE, my_error(type == OPT_GLOBAL ? ER_LOCAL_VARIABLE : ER_GLOBAL_VARIABLE,
MYF(0), MYF(0),
var->name); var->name);
return 1; return -1;
} }
if ((type == OPT_GLOBAL && check_global_access(thd, SUPER_ACL))) if ((type == OPT_GLOBAL && check_global_access(thd, SUPER_ACL)))
return 1; return 1;
...@@ -1282,28 +1280,29 @@ bool set_var::check(THD *thd) ...@@ -1282,28 +1280,29 @@ bool set_var::check(THD *thd)
if (var->check_default(type)) if (var->check_default(type))
{ {
my_error(ER_NO_DEFAULT, MYF(0), var->name); my_error(ER_NO_DEFAULT, MYF(0), var->name);
return 1; return -1;
} }
return 0; return 0;
} }
if (value->fix_fields(thd,0)) if (value->fix_fields(thd,0))
return 1; return -1;
if (var->check_update_type(value->result_type())) if (var->check_update_type(value->result_type()))
{ {
my_error(ER_WRONG_TYPE_FOR_VAR, MYF(0), var->name); my_error(ER_WRONG_TYPE_FOR_VAR, MYF(0), var->name);
return 1; return -1;
} }
return var->check(thd, this); return var->check(thd, this) ? -1 : 0;
} }
bool set_var::update(THD *thd) int set_var::update(THD *thd)
{ {
int error;
if (!value) if (!value)
var->set_default(thd, type); var->set_default(thd, type);
else if (var->update(thd, this)) else if (var->update(thd, this))
return 1; // should never happen return -1; // should never happen
if (var->after_update) if (var->after_update)
(*var->after_update)(thd, type); (*var->after_update)(thd, type);
return 0; return 0;
...@@ -1314,19 +1313,19 @@ bool set_var::update(THD *thd) ...@@ -1314,19 +1313,19 @@ bool set_var::update(THD *thd)
Functions to handle SET @user_variable=const_expr Functions to handle SET @user_variable=const_expr
*****************************************************************************/ *****************************************************************************/
bool set_var_user::check(THD *thd) int set_var_user::check(THD *thd)
{ {
return user_var_item->fix_fields(thd,0); return user_var_item->fix_fields(thd,0) ? -1 : 0;
} }
bool set_var_user::update(THD *thd) int set_var_user::update(THD *thd)
{ {
if (user_var_item->update()) if (user_var_item->update())
{ {
/* Give an error if it's not given already */ /* Give an error if it's not given already */
send_error(&thd->net, ER_SET_CONSTANTS_ONLY); my_error(ER_SET_CONSTANTS_ONLY, MYF(0));
return 1; return -1;
} }
return 0; return 0;
} }
...@@ -1336,16 +1335,19 @@ bool set_var_user::update(THD *thd) ...@@ -1336,16 +1335,19 @@ bool set_var_user::update(THD *thd)
Functions to handle SET PASSWORD Functions to handle SET PASSWORD
*****************************************************************************/ *****************************************************************************/
bool set_var_password::check(THD *thd) int set_var_password::check(THD *thd)
{ {
if (!user->host.str) if (!user->host.str)
user->host.str= (char*) thd->host_or_ip; user->host.str= (char*) thd->host_or_ip;
return check_change_password(thd, user->host.str, user->user.str); /* Returns 1 as the function sends error to client */
return check_change_password(thd, user->host.str, user->user.str) ? 1 : 0;
} }
bool set_var_password::update(THD *thd) int set_var_password::update(THD *thd)
{ {
return change_password(thd, user->host.str, user->user.str, password); /* Returns 1 as the function sends error to client */
return (change_password(thd, user->host.str, user->user.str, password) ?
1 : 0);
} }
/**************************************************************************** /****************************************************************************
......
sql/set_var.h
View file @ 9c123d0c
...@@ -359,8 +359,8 @@ class set_var_base :public Sql_alloc ...@@ -359,8 +359,8 @@ class set_var_base :public Sql_alloc
public: public:
set_var_base() {} set_var_base() {}
virtual ~set_var_base() {} virtual ~set_var_base() {}
virtual bool check(THD *thd)=0; /* To check privileges etc. */ virtual int check(THD *thd)=0; /* To check privileges etc. */
virtual bool update(THD *thd)=0; /* To set the value */ virtual int update(THD *thd)=0; /* To set the value */
}; };
...@@ -394,8 +394,8 @@ public: ...@@ -394,8 +394,8 @@ public:
else else
value=value_arg; value=value_arg;
} }
bool check(THD *thd); int check(THD *thd);
bool update(THD *thd); int update(THD *thd);
}; };
...@@ -408,8 +408,8 @@ public: ...@@ -408,8 +408,8 @@ public:
set_var_user(Item_func_set_user_var *item) set_var_user(Item_func_set_user_var *item)
:user_var_item(item) :user_var_item(item)
{} {}
bool check(THD *thd); int check(THD *thd);
bool update(THD *thd); int update(THD *thd);
}; };
/* For SET PASSWORD */ /* For SET PASSWORD */
...@@ -422,8 +422,8 @@ public: ...@@ -422,8 +422,8 @@ public:
set_var_password(LEX_USER *user_arg,char *password_arg) set_var_password(LEX_USER *user_arg,char *password_arg)
:user(user_arg), password(password_arg) :user(user_arg), password(password_arg)
{} {}
bool check(THD *thd); int check(THD *thd);
bool update(THD *thd); int update(THD *thd);
}; };
...@@ -434,7 +434,7 @@ public: ...@@ -434,7 +434,7 @@ public:
void set_var_init(); void set_var_init();
void set_var_free(); void set_var_free();
sys_var *find_sys_var(const char *str, uint length=0); sys_var *find_sys_var(const char *str, uint length=0);
bool sql_set_variables(THD *thd, List<set_var_base> *var_list); int sql_set_variables(THD *thd, List<set_var_base> *var_list);
void fix_delay_key_write(THD *thd, enum_var_type type); void fix_delay_key_write(THD *thd, enum_var_type type);
extern sys_var_str sys_charset; extern sys_var_str sys_charset;
sql/sql_acl.cc
View file @ 9c123d0c
...@@ -783,7 +783,6 @@ ulong acl_get(const char *host, const char *ip, const char *bin_ip, ...@@ -783,7 +783,6 @@ ulong acl_get(const char *host, const char *ip, const char *bin_ip,
db_access=0; host_access= ~0; db_access=0; host_access= ~0;
char key[ACL_KEY_LENGTH],*tmp_db,*end; char key[ACL_KEY_LENGTH],*tmp_db,*end;
acl_entry *entry; acl_entry *entry;
THD *thd= current_thd;
VOID(pthread_mutex_lock(&acl_cache->lock)); VOID(pthread_mutex_lock(&acl_cache->lock));
memcpy_fixed(&key,bin_ip,sizeof(struct in_addr)); memcpy_fixed(&key,bin_ip,sizeof(struct in_addr));
...@@ -1015,6 +1014,21 @@ bool check_change_password(THD *thd, const char *host, const char *user) ...@@ -1015,6 +1014,21 @@ bool check_change_password(THD *thd, const char *host, const char *user)
} }
/*
Change a password for a user
SYNOPSIS
change_password()
thd Thread handle
host Hostname
user User name
new_password New password for host@user
RETURN VALUES
0 ok
1 ERROR; In this case the error is sent to the client.
*/
bool change_password(THD *thd, const char *host, const char *user, bool change_password(THD *thd, const char *host, const char *user,
char *new_password) char *new_password)
{ {
......
sql/sql_db.cc
View file @ 9c123d0c
...@@ -332,7 +332,7 @@ bool mysql_change_db(THD *thd,const char *name) ...@@ -332,7 +332,7 @@ bool mysql_change_db(THD *thd,const char *name)
int length, db_length; int length, db_length;
char *dbname=my_strdup((char*) name,MYF(MY_WME)); char *dbname=my_strdup((char*) name,MYF(MY_WME));
char path[FN_REFLEN]; char path[FN_REFLEN];
uint db_access; ulong db_access;
DBUG_ENTER("mysql_change_db"); DBUG_ENTER("mysql_change_db");
if (!dbname || !(db_length=strip_sp(dbname))) if (!dbname || !(db_length=strip_sp(dbname)))
......
sql/sql_parse.cc
View file @ 9c123d0c
...@@ -2202,9 +2202,7 @@ mysql_execute_command(void) ...@@ -2202,9 +2202,7 @@ mysql_execute_command(void)
break; break;
} }
case SQLCOM_SET_OPTION: case SQLCOM_SET_OPTION:
if (sql_set_variables(thd, &lex->var_list)) if (!(res=sql_set_variables(thd, &lex->var_list)))
res= -1;
else
send_ok(&thd->net); send_ok(&thd->net);
break; break;
case SQLCOM_UNLOCK_TABLES: case SQLCOM_UNLOCK_TABLES:
......
tests/grant.pl
View file @ 9c123d0c
...@@ -435,8 +435,9 @@ user_connect(0); ...@@ -435,8 +435,9 @@ user_connect(0);
user_query("LOCK TABLES $opt_database.test3 READ"); user_query("LOCK TABLES $opt_database.test3 READ");
user_query("UNLOCK TABLES"); user_query("UNLOCK TABLES");
safe_query("revoke SELECT,INSERT,UPDATE,DELETE on $opt_database.test3 from $user"); safe_query("revoke SELECT,INSERT,UPDATE,DELETE on $opt_database.test3 from $user");
user_connect(1); user_connect(0);
safe_query("revoke LOCK TABLES on *.* from $user"); safe_query("revoke LOCK TABLES on *.* from $user");
user_connect(1);
safe_query("drop table $opt_database.test3"); safe_query("drop table $opt_database.test3");
# #
......
tests/grant.res
View file @ 9c123d0c
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7