Commit e4ba79d2 authored by tnurnberg@sin.intern.azundris.com's avatar tnurnberg@sin.intern.azundris.com

Merge tnurnberg@bk-internal.mysql.com:/home/bk/mysql-5.1-maint

into  sin.intern.azundris.com:/home/tnurnberg/19828/51-19828
parents f0fa6936 38ccaa1f
...@@ -1210,6 +1210,9 @@ SELECT * FROM test.t1; ...@@ -1210,6 +1210,9 @@ SELECT * FROM test.t1;
f1 f2 f1 f2
1 1 1 1
2 2 2 2
REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost';
REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost';
REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost';
DROP DATABASE db27878; DROP DATABASE db27878;
use test; use test;
DROP TABLE t1; DROP TABLE t1;
......
...@@ -16,3 +16,125 @@ delete from mysql.db where user like 'mysqltest\_%'; ...@@ -16,3 +16,125 @@ delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges; flush privileges;
grant select on test.* to CUser@localhost;
grant select on test.* to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
user host db select_priv
CUser LOCALHOST test Y
CUser localhost test Y
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
user host db select_priv
CUser localhost test Y
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
user host db select_priv
DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;
create table t1 (a int);
grant select on test.t1 to CUser@localhost;
grant select on test.t1 to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
user host db Table_name Table_priv Column_priv
CUser LOCALHOST test t1 Select
CUser localhost test t1 Select
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
user host db Table_name Table_priv Column_priv
CUser localhost test t1 Select
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
user host db Table_name Table_priv Column_priv
DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;
grant select(a) on test.t1 to CUser@localhost;
grant select(a) on test.t1 to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
user host db Table_name Table_priv Column_priv
CUser LOCALHOST test t1 Select
CUser localhost test t1 Select
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
user host db Table_name Table_priv Column_priv
CUser localhost test t1 Select
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
user host
CUser LOCALHOST
CUser localhost
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
user host db Table_name Table_priv Column_priv
DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;
drop table t1;
grant select on test.* to CUser2@localhost;
grant select on test.* to CUser2@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
user host
CUser2 LOCALHOST
CUser2 localhost
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
user host db select_priv
CUser2 LOCALHOST test Y
CUser2 localhost test Y
REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
user host
CUser2 LOCALHOST
CUser2 localhost
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
user host db select_priv
CUser2 localhost test Y
REVOKE SELECT ON test.* FROM 'CUser2'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
user host
CUser2 LOCALHOST
CUser2 localhost
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
user host db select_priv
DROP USER CUser2@localhost;
DROP USER CUser2@LOCALHOST;
...@@ -1257,6 +1257,9 @@ UPDATE v1 SET f2 = 4; ...@@ -1257,6 +1257,9 @@ UPDATE v1 SET f2 = 4;
SELECT * FROM test.t1; SELECT * FROM test.t1;
disconnect user1; disconnect user1;
connection default; connection default;
REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost';
REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost';
REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost';
DROP DATABASE db27878; DROP DATABASE db27878;
use test; use test;
DROP TABLE t1; DROP TABLE t1;
......
...@@ -34,3 +34,103 @@ delete from mysql.db where user like 'mysqltest\_%'; ...@@ -34,3 +34,103 @@ delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%'; delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%'; delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges; flush privileges;
#
# Bug: #19828 Case sensitivity in Grant/Revoke
#
grant select on test.* to CUser@localhost;
grant select on test.* to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;
#### table grants
create table t1 (a int);
grant select on test.t1 to CUser@localhost;
grant select on test.t1 to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;
### column grants
grant select(a) on test.t1 to CUser@localhost;
grant select(a) on test.t1 to CUser@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
DROP USER CUser@localhost;
DROP USER CUser@LOCALHOST;
drop table t1;
# revoke on a specific DB only
grant select on test.* to CUser2@localhost;
grant select on test.* to CUser2@LOCALHOST;
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
REVOKE SELECT ON test.* FROM 'CUser2'@'localhost';
flush privileges;
SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
DROP USER CUser2@localhost;
DROP USER CUser2@LOCALHOST;
...@@ -1264,7 +1264,7 @@ static void acl_update_db(const char *user, const char *host, const char *db, ...@@ -1264,7 +1264,7 @@ static void acl_update_db(const char *user, const char *host, const char *db,
{ {
if (!acl_db->host.hostname && !host[0] || if (!acl_db->host.hostname && !host[0] ||
acl_db->host.hostname && acl_db->host.hostname &&
!my_strcasecmp(system_charset_info, host, acl_db->host.hostname)) !strcmp(host, acl_db->host.hostname))
{ {
if (!acl_db->db && !db[0] || if (!acl_db->db && !db[0] ||
acl_db->db && !strcmp(db,acl_db->db)) acl_db->db && !strcmp(db,acl_db->db))
...@@ -4494,6 +4494,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) ...@@ -4494,6 +4494,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
if (!(host=acl_db->host.hostname)) if (!(host=acl_db->host.hostname))
host= ""; host= "";
/*
We do not make SHOW GRANTS case-sensitive here (like REVOKE),
but make it case-insensitive because that's the way they are
actually applied, and showing fewer privileges than are applied
would be wrong from a security point of view.
*/
if (!strcmp(lex_user->user.str,user) && if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host)) !my_strcasecmp(system_charset_info, lex_user->host.str, host))
{ {
...@@ -4529,8 +4536,8 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) ...@@ -4529,8 +4536,8 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
db.append(lex_user->user.str, lex_user->user.length, db.append(lex_user->user.str, lex_user->user.length,
system_charset_info); system_charset_info);
db.append (STRING_WITH_LEN("'@'")); db.append (STRING_WITH_LEN("'@'"));
db.append(lex_user->host.str, lex_user->host.length, // host and lex_user->host are equal except for case
system_charset_info); db.append(host, strlen(host), system_charset_info);
db.append ('\''); db.append ('\'');
if (want_access & GRANT_ACL) if (want_access & GRANT_ACL)
db.append(STRING_WITH_LEN(" WITH GRANT OPTION")); db.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
...@@ -4557,6 +4564,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) ...@@ -4557,6 +4564,13 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
if (!(host= grant_table->host.hostname)) if (!(host= grant_table->host.hostname))
host= ""; host= "";
/*
We do not make SHOW GRANTS case-sensitive here (like REVOKE),
but make it case-insensitive because that's the way they are
actually applied, and showing fewer privileges than are applied
would be wrong from a security point of view.
*/
if (!strcmp(lex_user->user.str,user) && if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host)) !my_strcasecmp(system_charset_info, lex_user->host.str, host))
{ {
...@@ -4637,8 +4651,8 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) ...@@ -4637,8 +4651,8 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user)
global.append(lex_user->user.str, lex_user->user.length, global.append(lex_user->user.str, lex_user->user.length,
system_charset_info); system_charset_info);
global.append(STRING_WITH_LEN("'@'")); global.append(STRING_WITH_LEN("'@'"));
global.append(lex_user->host.str,lex_user->host.length, // host and lex_user->host are equal except for case
system_charset_info); global.append(host, strlen(host), system_charset_info);
global.append('\''); global.append('\'');
if (table_access & GRANT_ACL) if (table_access & GRANT_ACL)
global.append(STRING_WITH_LEN(" WITH GRANT OPTION")); global.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
...@@ -4693,6 +4707,13 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash, ...@@ -4693,6 +4707,13 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash,
if (!(host= grant_proc->host.hostname)) if (!(host= grant_proc->host.hostname))
host= ""; host= "";
/*
We do not make SHOW GRANTS case-sensitive here (like REVOKE),
but make it case-insensitive because that's the way they are
actually applied, and showing fewer privileges than are applied
would be wrong from a security point of view.
*/
if (!strcmp(lex_user->user.str,user) && if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host)) !my_strcasecmp(system_charset_info, lex_user->host.str, host))
{ {
...@@ -4736,8 +4757,8 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash, ...@@ -4736,8 +4757,8 @@ static int show_routine_grants(THD* thd, LEX_USER *lex_user, HASH *hash,
global.append(lex_user->user.str, lex_user->user.length, global.append(lex_user->user.str, lex_user->user.length,
system_charset_info); system_charset_info);
global.append(STRING_WITH_LEN("'@'")); global.append(STRING_WITH_LEN("'@'"));
global.append(lex_user->host.str,lex_user->host.length, // host and lex_user->host are equal except for case
system_charset_info); global.append(host, strlen(host), system_charset_info);
global.append('\''); global.append('\'');
if (proc_access & GRANT_ACL) if (proc_access & GRANT_ACL)
global.append(STRING_WITH_LEN(" WITH GRANT OPTION")); global.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
...@@ -5713,7 +5734,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) ...@@ -5713,7 +5734,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
host= ""; host= "";
if (!strcmp(lex_user->user.str,user) && if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host)) !strcmp(lex_user->host.str, host))
{ {
if (!replace_db_table(tables[1].table, acl_db->db, *lex_user, if (!replace_db_table(tables[1].table, acl_db->db, *lex_user,
~(ulong)0, 1)) ~(ulong)0, 1))
...@@ -5745,7 +5766,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) ...@@ -5745,7 +5766,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
host= ""; host= "";
if (!strcmp(lex_user->user.str,user) && if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host)) !strcmp(lex_user->host.str, host))
{ {
if (replace_table_table(thd,grant_table,tables[2].table,*lex_user, if (replace_table_table(thd,grant_table,tables[2].table,*lex_user,
grant_table->db, grant_table->db,
...@@ -5791,7 +5812,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list) ...@@ -5791,7 +5812,7 @@ bool mysql_revoke_all(THD *thd, List <LEX_USER> &list)
host= ""; host= "";
if (!strcmp(lex_user->user.str,user) && if (!strcmp(lex_user->user.str,user) &&
!my_strcasecmp(system_charset_info, lex_user->host.str, host)) !strcmp(lex_user->host.str, host))
{ {
if (!replace_routine_table(thd,grant_proc,tables[4].table,*lex_user, if (!replace_routine_table(thd,grant_proc,tables[4].table,*lex_user,
grant_proc->db, grant_proc->db,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment