Commit b25cc8f2 authored by Tatiana A. Nurnberg's avatar Tatiana A. Nurnberg

auto-merge

parents 5ef63a4f 034627ae
...@@ -154,4 +154,42 @@ SELECT * FROM mysqltest_1.t1; ...@@ -154,4 +154,42 @@ SELECT * FROM mysqltest_1.t1;
a a
DROP USER 'mysqltest1'@'%'; DROP USER 'mysqltest1'@'%';
DROP DATABASE mysqltest_1; DROP DATABASE mysqltest_1;
#
# Bug#41597 - After rename of user, there are additional grants
# when grants are reapplied.
#
CREATE DATABASE temp;
CREATE TABLE temp.t1(a INT, b VARCHAR(10));
INSERT INTO temp.t1 VALUES(1, 'name1');
INSERT INTO temp.t1 VALUES(2, 'name2');
INSERT INTO temp.t1 VALUES(3, 'name3');
CREATE USER 'user1'@'%';
RENAME USER 'user1'@'%' TO 'user2'@'%';
# Show privileges after rename and BEFORE grant
SHOW GRANTS FOR 'user2'@'%';
Grants for user2@%
GRANT USAGE ON *.* TO 'user2'@'%'
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%';
# Show privileges after rename and grant
SHOW GRANTS FOR 'user2'@'%';
Grants for user2@%
GRANT USAGE ON *.* TO 'user2'@'%'
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%'
# Connect as the renamed user
SHOW GRANTS;
Grants for user2@%
GRANT USAGE ON *.* TO 'user2'@'%'
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%'
SELECT a FROM temp.t1;
a
1
2
3
# Check for additional privileges by accessing a
# non privileged column. We shouldn't be able to
# access this column.
SELECT b FROM temp.t1;
ERROR 42000: SELECT command denied to user 'user2'@'localhost' for column 'b' in table 't1'
DROP USER 'user2'@'%';
DROP DATABASE temp;
End of 5.0 tests End of 5.0 tests
...@@ -163,6 +163,41 @@ connection default; ...@@ -163,6 +163,41 @@ connection default;
DROP USER 'mysqltest1'@'%'; DROP USER 'mysqltest1'@'%';
DROP DATABASE mysqltest_1; DROP DATABASE mysqltest_1;
--echo #
--echo # Bug#41597 - After rename of user, there are additional grants
--echo # when grants are reapplied.
--echo #
CREATE DATABASE temp;
CREATE TABLE temp.t1(a INT, b VARCHAR(10));
INSERT INTO temp.t1 VALUES(1, 'name1');
INSERT INTO temp.t1 VALUES(2, 'name2');
INSERT INTO temp.t1 VALUES(3, 'name3');
CREATE USER 'user1'@'%';
RENAME USER 'user1'@'%' TO 'user2'@'%';
--echo # Show privileges after rename and BEFORE grant
SHOW GRANTS FOR 'user2'@'%';
GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%';
--echo # Show privileges after rename and grant
SHOW GRANTS FOR 'user2'@'%';
--echo # Connect as the renamed user
connect (conn1, localhost, user2,,);
connection conn1;
SHOW GRANTS;
SELECT a FROM temp.t1;
--echo # Check for additional privileges by accessing a
--echo # non privileged column. We shouldn't be able to
--echo # access this column.
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT b FROM temp.t1;
disconnect conn1;
connection default;
DROP USER 'user2'@'%';
DROP DATABASE temp;
--echo End of 5.0 tests --echo End of 5.0 tests
......
...@@ -2096,6 +2096,8 @@ public: ...@@ -2096,6 +2096,8 @@ public:
GRANT_NAME (TABLE *form); GRANT_NAME (TABLE *form);
virtual ~GRANT_NAME() {}; virtual ~GRANT_NAME() {};
virtual bool ok() { return privs != 0; } virtual bool ok() { return privs != 0; }
void set_user_details(const char *h, const char *d,
const char *u, const char *t);
}; };
...@@ -2113,20 +2115,23 @@ public: ...@@ -2113,20 +2115,23 @@ public:
}; };
void GRANT_NAME::set_user_details(const char *h, const char *d,
GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u, const char *u, const char *t)
const char *t, ulong p)
:privs(p)
{ {
/* Host given by user */ /* Host given by user */
update_hostname(&host, strdup_root(&memex, h)); update_hostname(&host, strdup_root(&memex, h));
db = strdup_root(&memex,d); if (db != d)
{
db= strdup_root(&memex, d);
if (lower_case_table_names)
my_casedn_str(files_charset_info, db);
}
user = strdup_root(&memex,u); user = strdup_root(&memex,u);
sort= get_sort(3,host.hostname,db,user); sort= get_sort(3,host.hostname,db,user);
tname= strdup_root(&memex,t); if (tname != t)
if (lower_case_table_names)
{ {
my_casedn_str(files_charset_info, db); tname= strdup_root(&memex, t);
if (lower_case_table_names)
my_casedn_str(files_charset_info, tname); my_casedn_str(files_charset_info, tname);
} }
key_length =(uint) strlen(d)+(uint) strlen(u)+(uint) strlen(t)+3; key_length =(uint) strlen(d)+(uint) strlen(u)+(uint) strlen(t)+3;
...@@ -2134,6 +2139,12 @@ GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u, ...@@ -2134,6 +2139,12 @@ GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u,
strmov(strmov(strmov(hash_key,user)+1,db)+1,tname); strmov(strmov(strmov(hash_key,user)+1,db)+1,tname);
} }
GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u,
const char *t, ulong p)
:db(0), tname(0), privs(p)
{
set_user_details(h, d, u, t);
}
GRANT_TABLE::GRANT_TABLE(const char *h, const char *d,const char *u, GRANT_TABLE::GRANT_TABLE(const char *h, const char *d,const char *u,
const char *t, ulong p, ulong c) const char *t, ulong p, ulong c)
...@@ -5183,9 +5194,20 @@ static int handle_grant_struct(uint struct_no, bool drop, ...@@ -5183,9 +5194,20 @@ static int handle_grant_struct(uint struct_no, bool drop,
case 2: case 2:
case 3: case 3:
grant_name->user= strdup_root(&mem, user_to->user.str); /*
update_hostname(&grant_name->host, Update the grant structure with the new user name and
strdup_root(&mem, user_to->host.str)); host name
*/
grant_name->set_user_details(user_to->host.str, grant_name->db,
user_to->user.str, grant_name->tname);
/*
Since username is part of the hash key, when the user name
is renamed, the hash key is changed. Update the hash to
ensure that the position matches the new hash key value
*/
hash_update(&column_priv_hash, (byte *)grant_name,
grant_name->hash_key, grant_name->key_length);
break; break;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment