List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:September 20 2010 1:52pm
Subject:bzr push into mysql-5.5 branch (Georgi.Kodinov:3081 to 3082) Bug#56798
View as plain text  
 3082 Georgi Kodinov	2010-09-20
      Bug #56798 : Wrong credentials assigned when using a proxy user.
      
      Fixed incorrect handling of user credentials when authenticating
      via proxy user. Now the server will use the proxies user's 
      access mask and host to update the security context runtime 
      structure when logging in.
      
      Fixed a compilation warning with the embedded library.
      
      Fixed a crash when doing a second GRANT PROXY on ''@'' due to 
      incomplete equality check logic.

    modified:
      mysql-test/r/plugin_auth.result
      mysql-test/t/plugin_auth.test
      sql/sql_acl.cc
 3081 Georgi Kodinov	2010-08-16 [merge]
      merged mysql-5.5 into WL1054-5.5

    removed:
      BUILD/compile-pentium-mysqlfs-debug
    added:
      mysql-test/include/mysql_upgrade_preparation.inc
      mysql-test/r/mysql_upgrade_ssl.result
      mysql-test/t/mysql_upgrade_ssl.test
    modified:
      BUILD/Makefile.am
      BUILD/SETUP.sh
      BUILD/build_mccge.sh
      BUILD/check-cpu
      BUILD/compile-ndb-autotest
      BUILD/compile-pentium-debug
      BUILD/compile-pentium-debug-max
      BUILD/compile-pentium-debug-max-no-ndb
      BUILD/compile-pentium-debug-openssl
      BUILD/compile-pentium-debug-yassl
      BUILD/compile-pentium64-debug
      BUILD/compile-pentium64-debug-max
      CMakeLists.txt
      client/CMakeLists.txt
      client/mysql_upgrade.c
      client/mysqltest.cc
      cmake/configure.pl
      cmake/plugin.cmake
      cmd-line-utils/libedit/CMakeLists.txt
      cmd-line-utils/readline/CMakeLists.txt
      config/ac-macros/ha_ndbcluster.m4
      configure.in
      dbug/CMakeLists.txt
      extra/CMakeLists.txt
      extra/yassl/CMakeLists.txt
      extra/yassl/taocrypt/CMakeLists.txt
      include/CMakeLists.txt
      libmysql/CMakeLists.txt
      libmysqld/CMakeLists.txt
      libmysqld/examples/CMakeLists.txt
      libservices/CMakeLists.txt
      man/CMakeLists.txt
      mysql-test/CMakeLists.txt
      mysql-test/extra/rpl_tests/create_recursive_construct.inc
      mysql-test/include/mix2.inc
      mysql-test/lib/My/Config.pm
      mysql-test/lib/My/ConfigFactory.pm
      mysql-test/lib/My/SafeProcess.pm
      mysql-test/lib/My/SafeProcess/CMakeLists.txt
      mysql-test/lib/mtr_cases.pm
      mysql-test/lib/mtr_report.pm
      mysql-test/lib/v1/mysql-test-run.pl
      mysql-test/mysql-test-run.pl
      mysql-test/r/csv.result
      mysql-test/r/func_group.result
      mysql-test/r/mysqltest.result
      mysql-test/suite/binlog/r/binlog_stm_unsafe_warning.result
      mysql-test/suite/binlog/r/binlog_unsafe.result
      mysql-test/suite/binlog/t/binlog_stm_unsafe_warning.test
      mysql-test/suite/binlog/t/binlog_unsafe.test
      mysql-test/suite/binlog/t/disabled.def
      mysql-test/suite/funcs_1/r/innodb_storedproc_06.result
      mysql-test/suite/funcs_1/r/innodb_storedproc_10.result
      mysql-test/suite/funcs_1/r/innodb_trig_03.result
      mysql-test/suite/funcs_1/r/innodb_trig_03e.result
      mysql-test/suite/funcs_1/r/innodb_trig_0407.result
      mysql-test/suite/funcs_1/r/innodb_trig_08.result
      mysql-test/suite/funcs_1/r/memory_storedproc_06.result
      mysql-test/suite/funcs_1/r/memory_storedproc_10.result
      mysql-test/suite/funcs_1/r/memory_trig_03.result
      mysql-test/suite/funcs_1/r/memory_trig_03e.result
      mysql-test/suite/funcs_1/r/memory_trig_0407.result
      mysql-test/suite/funcs_1/r/memory_trig_08.result
      mysql-test/suite/funcs_1/r/myisam_storedproc_06.result
      mysql-test/suite/funcs_1/r/myisam_storedproc_10.result
      mysql-test/suite/funcs_1/r/myisam_trig_03.result
      mysql-test/suite/funcs_1/r/myisam_trig_03e.result
      mysql-test/suite/funcs_1/r/myisam_trig_0407.result
      mysql-test/suite/funcs_1/r/myisam_trig_08.result
      mysql-test/suite/funcs_1/r/ndb_storedproc_06.result
      mysql-test/suite/funcs_1/r/ndb_storedproc_10.result
      mysql-test/suite/funcs_1/r/ndb_trig_03.result
      mysql-test/suite/funcs_1/r/ndb_trig_03e.result
      mysql-test/suite/funcs_1/r/ndb_trig_0407.result
      mysql-test/suite/funcs_1/r/ndb_trig_08.result
      mysql-test/suite/funcs_1/r/storedproc.result
      mysql-test/suite/funcs_1/storedproc/storedproc_06.inc
      mysql-test/suite/funcs_1/storedproc/storedproc_10.inc
      mysql-test/suite/funcs_1/triggers/triggers_03.inc
      mysql-test/suite/funcs_1/triggers/triggers_03e_columns.inc
      mysql-test/suite/funcs_1/triggers/triggers_03e_db_level.inc
      mysql-test/suite/funcs_1/triggers/triggers_03e_db_table_mix.inc
      mysql-test/suite/funcs_1/triggers/triggers_03e_definer.inc
      mysql-test/suite/funcs_1/triggers/triggers_03e_global_db_mix.inc
      mysql-test/suite/funcs_1/triggers/triggers_03e_prepare.inc
      mysql-test/suite/funcs_1/triggers/triggers_03e_table_level.inc
      mysql-test/suite/funcs_1/triggers/triggers_03e_transaction.inc
      mysql-test/suite/funcs_1/triggers/triggers_0407.inc
      mysql-test/suite/funcs_1/triggers/triggers_08.inc
      mysql-test/suite/innodb/t/innodb_mysql.test
      mysql-test/suite/ndb/r/ndb_cursor.result
      mysql-test/suite/rpl/r/rpl_begin_commit_rollback.result
      mysql-test/suite/rpl/r/rpl_non_direct_stm_mixing_engines.result
      mysql-test/suite/rpl/r/rpl_stm_auto_increment_bug33029.result
      mysql-test/suite/rpl_ndb/r/rpl_ndb_sp006.result
      mysql-test/suite/rpl_ndb/t/disabled.def
      mysql-test/t/csv.test
      mysql-test/t/func_group.test
      mysql-test/t/mysql_upgrade.test
      mysql-test/t/mysqltest.test
      mysys/CMakeLists.txt
      plugin/audit_null/CMakeLists.txt
      plugin/audit_null/audit_null.c
      plugin/daemon_example/CMakeLists.txt
      plugin/fulltext/CMakeLists.txt
      plugin/semisync/CMakeLists.txt
      regex/CMakeLists.txt
      scripts/CMakeLists.txt
      scripts/mysql_config.sh
      sql-bench/CMakeLists.txt
      sql/CMakeLists.txt
      sql/examples/CMakeLists.txt
      sql/item.cc
      sql/log.cc
      sql/log_event.cc
      sql/share/CMakeLists.txt
      sql/sp_head.cc
      sql/sql_class.cc
      sql/sql_class.h
      sql/sql_lex.cc
      sql/sql_lex.h
      sql/sql_parse.cc
      storage/archive/CMakeLists.txt
      storage/blackhole/CMakeLists.txt
      storage/csv/CMakeLists.txt
      storage/example/CMakeLists.txt
      storage/federated/CMakeLists.txt
      storage/heap/CMakeLists.txt
      storage/ibmdb2i/CMakeLists.txt
      storage/innobase/CMakeLists.txt
      storage/myisam/CMakeLists.txt
      storage/myisammrg/CMakeLists.txt
      storage/perfschema/pfs.cc
      storage/perfschema/pfs_events_waits.cc
      storage/perfschema/pfs_events_waits.h
      storage/perfschema/table_events_waits.cc
      strings/CMakeLists.txt
      support-files/CMakeLists.txt
      tests/CMakeLists.txt
      unittest/examples/CMakeLists.txt
      unittest/mysys/CMakeLists.txt
      unittest/mytap/CMakeLists.txt
      vio/CMakeLists.txt
      zlib/CMakeLists.txt
=== modified file 'mysql-test/r/plugin_auth.result'
--- a/mysql-test/r/plugin_auth.result	2010-08-09 08:32:50 +0000
+++ b/mysql-test/r/plugin_auth.result	2010-09-20 13:51:42 +0000
@@ -210,3 +210,28 @@ SELECT @@LOCAL.external_user;
 DROP USER plug;
 DROP USER plug_dest;
 ## END @@external_user tests
+#
+#  Bug #56798 : Wrong credentials assigned when using a proxy user.
+#
+GRANT ALL PRIVILEGES ON *.* TO power_user;
+GRANT USAGE ON anonymous_db.* TO ''@''
+  IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
+GRANT PROXY ON power_user TO ''@'';
+CREATE DATABASE confidential_db;
+SELECT user(),current_user(),@@proxy_user;
+user()	current_user()	@@proxy_user
+test_login_user@localhost	power_user@%	''@''
+DROP USER power_user;
+DROP USER ''@'';
+DROP DATABASE confidential_db;
+# Test case #2 (crash with double grant proxy)
+CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
+CREATE USER standard_user;
+CREATE DATABASE shared;
+GRANT ALL PRIVILEGES ON shared.* TO standard_user;
+GRANT PROXY ON standard_user TO ''@'';
+#should not crash
+GRANT PROXY ON standard_user TO ''@'';
+DROP USER ''@'';
+DROP USER standard_user;
+DROP DATABASE shared;

=== modified file 'mysql-test/t/plugin_auth.test'
--- a/mysql-test/t/plugin_auth.test	2010-08-09 08:32:50 +0000
+++ b/mysql-test/t/plugin_auth.test	2010-09-20 13:51:42 +0000
@@ -296,3 +296,37 @@ disconnect plug_con;
 DROP USER plug;
 DROP USER plug_dest;
 --echo ## END @@external_user tests
+
+--echo #
+--echo #  Bug #56798 : Wrong credentials assigned when using a proxy user.
+--echo #
+
+GRANT ALL PRIVILEGES ON *.* TO power_user;
+GRANT USAGE ON anonymous_db.* TO ''@''
+  IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
+GRANT PROXY ON power_user TO ''@'';
+CREATE DATABASE confidential_db;
+
+connect(plug_con,localhost, test_login_user, power_user, confidential_db);
+SELECT user(),current_user(),@@proxy_user;
+
+connection default;
+disconnect plug_con;
+
+DROP USER power_user;
+DROP USER ''@'';
+DROP DATABASE confidential_db;
+
+--echo # Test case #2 (crash with double grant proxy)
+
+CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
+CREATE USER standard_user;
+CREATE DATABASE shared;
+GRANT ALL PRIVILEGES ON shared.* TO standard_user;
+GRANT PROXY ON standard_user TO ''@'';
+--echo #should not crash
+GRANT PROXY ON standard_user TO ''@'';
+
+DROP USER ''@'';
+DROP USER standard_user;
+DROP DATABASE shared;

=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc	2010-08-09 08:32:50 +0000
+++ b/sql/sql_acl.cc	2010-09-20 13:51:42 +0000
@@ -318,6 +318,8 @@ public:
   bool get_with_grant() { return with_grant; }
   const char *get_user() { return user; }
   const char *get_host() { return host.hostname; }
+  const char *get_proxied_user() { return proxied_user; }
+  const char *get_proxied_host() { return proxied_host.hostname; }
   void set_user(MEM_ROOT *mem, const char *user_arg) 
   { 
     user= user_arg && *user_arg ?  strdup_root (mem, user_arg) : NULL; 
@@ -373,6 +375,13 @@ public:
                                                   proxied_user, TRUE))));
   }
 
+
+  inline static bool auth_element_equals(const char *a, const char *b)
+  {
+    return (a == b || (a != NULL && b != NULL && !strcmp(a,b)));
+  }
+
+
   bool pk_equals (ACL_PROXY_USER *grant)
   {
     DBUG_ENTER ("pk_equals");
@@ -389,15 +398,15 @@ public:
                           proxied_host.hostname ? proxied_host.hostname : "<NULL>",
                           grant->proxied_host.hostname ? 
                             grant->proxied_host.hostname : "<NULL>"));
-    DBUG_RETURN(((!user && !grant->user) || !strcmp (user, grant->user)) &&
-                ((!proxied_user && !grant->proxied_user) ||
-                 !strcmp (proxied_user, grant->proxied_user)) &&
-                ((!host.hostname && !grant->host.hostname) || 
-                 !strcmp (host.hostname, grant->host.hostname)) &&
-                ((!proxied_host.hostname && !grant->proxied_host.hostname) || 
-                 !strcmp (proxied_host.hostname, grant->proxied_host.hostname)));
+
+    DBUG_RETURN(auth_element_equals(user, grant->user) &&
+                auth_element_equals(proxied_user, grant->proxied_user) &&
+                auth_element_equals(host.hostname, grant->host.hostname) &&
+                auth_element_equals(proxied_host.hostname, 
+                                    grant->proxied_host.hostname));
   }
 
+
   bool granted_on (const char *host_arg, const char *user_arg)
   {
     return (((!user && (!user_arg || !user_arg[0])) ||
@@ -406,6 +415,7 @@ public:
              (host.hostname && host_arg && !strcmp (host.hostname, host_arg))));
   }
 
+
   void print_grant (String *str)
   {
     str->append(STRING_WITH_LEN("GRANT PROXY ON '"));
@@ -7044,12 +7054,12 @@ template class List<LEX_USER>;
   @param user              the logged in user (proxy user)
   @param authenticated_as  the effective user a plugin is trying to 
                            impersonate as (proxied user)
-  @return                  status
-    @retval FALSE          OK
-    @retval TRUE           user can't impersonate proxied user
+  @return                  proxy user definition
+    @retval NULL           proxy user definition not found or not applicable
+    @retval non-null       the proxy user data
 */
 
-static bool 
+static ACL_PROXY_USER *
 acl_find_proxy_user(const char *user, const char *host, const char *ip, 
                     const char *authenticated_as, bool *proxy_used)
 {
@@ -7061,7 +7071,7 @@ acl_find_proxy_user(const char *user, co
   if (!strcmp (authenticated_as, user))
   {
     DBUG_PRINT ("info", ("user is the same as authenticated_as"));
-    DBUG_RETURN (FALSE);
+    DBUG_RETURN (NULL);
   }
 
   *proxy_used= TRUE; 
@@ -7070,10 +7080,10 @@ acl_find_proxy_user(const char *user, co
     ACL_PROXY_USER *proxy= dynamic_element (&acl_proxy_users, i, 
                                             ACL_PROXY_USER *);
     if (proxy->matches (host, user, ip, authenticated_as))
-      DBUG_RETURN(FALSE);
+      DBUG_RETURN(proxy);
   }
 
-  DBUG_RETURN (TRUE);
+  DBUG_RETURN (NULL);
 }
 
 
@@ -8676,6 +8686,7 @@ static void server_mpvio_info(MYSQL_PLUG
   mpvio_info(mpvio->net->vio, info);
 }
 
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
 static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
 {
 #if defined(HAVE_OPENSSL)
@@ -8780,6 +8791,7 @@ static bool acl_check_ssl(THD *thd, cons
   }
   return 1;
 }
+#endif
 
 
 static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name,
@@ -9006,25 +9018,51 @@ acl_authenticate(THD *thd, uint connect_
   {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
     bool is_proxy_user= FALSE;
-    const char *auth_user = mpvio.acl_user->user ? mpvio.acl_user->user : "";
+    const char *auth_user = acl_user->user ? acl_user->user : "";
+    ACL_PROXY_USER *proxy_user;
     /* check if the user is allowed to proxy as another user */
-    if (acl_find_proxy_user(auth_user, sctx->host, sctx->ip, 
-                            mpvio.auth_info.authenticated_as,
-                            &is_proxy_user))
+    proxy_user= acl_find_proxy_user(auth_user, sctx->host, sctx->ip,
+                                    mpvio.auth_info.authenticated_as,
+                                          &is_proxy_user);
+    if (is_proxy_user)
     {
-      if (!thd->is_error())
-        login_failed_error(&mpvio, mpvio.auth_info.password_used);
-      DBUG_RETURN(1);
-    }
+      ACL_USER *acl_proxy_user;
+
+      /* we need to find the proxy user, but there was none */
+      if (!proxy_user)
+      {
+        if (!thd->is_error())
+          login_failed_error(&mpvio, mpvio.auth_info.password_used);
+        DBUG_RETURN(1);
+      }
 
-    if (is_proxy_user)
       my_snprintf(sctx->proxy_user, sizeof (sctx->proxy_user) - 1,
                   "'%s'@'%s'", auth_user,
                   acl_user->host.hostname ? acl_user->host.hostname : "");
+
+      /* we're proxying : find the proxy user definition */
+      mysql_mutex_lock(&acl_cache->lock);
+      acl_proxy_user= find_acl_user(proxy_user->get_proxied_host() ? 
+                                    proxy_user->get_proxied_host() : "",
+                                    mpvio.auth_info.authenticated_as, TRUE);
+      if (!acl_proxy_user)
+      {
+        if (!thd->is_error())
+          login_failed_error(&mpvio, mpvio.auth_info.password_used);
+        mysql_mutex_unlock(&acl_cache->lock);
+        DBUG_RETURN(1);
+      }
+      acl_user= acl_proxy_user->copy(thd->mem_root);
+      mysql_mutex_unlock(&acl_cache->lock);
+    }
 #endif
 
     sctx->master_access= acl_user->access;
-    strmake(sctx->priv_user, mpvio.auth_info.authenticated_as, USERNAME_LENGTH - 1);
+    if (acl_user->user)
+      strmake(sctx->priv_user, acl_user->user, USERNAME_LENGTH - 1);
+    else
+      *sctx->priv_user= 0;
+
     if (acl_user->host.hostname)
       strmake(sctx->priv_host, acl_user->host.hostname, MAX_HOSTNAME - 1);
     else


Attachment: [text/bzr-bundle] bzr/georgi.kodinov@oracle.com-20100920135142-10mbvief1g6i2hy9.bundle
Thread
bzr push into mysql-5.5 branch (Georgi.Kodinov:3081 to 3082) Bug#56798Georgi Kodinov20 Sep