From: pem Date: December 15 2005 2:24pm Subject: bk commit into 5.0 tree (pem:1.1982) BUG#14834 List-Archive: http://lists.mysql.com/commits/179 X-Bug: 14834 Message-Id: <200512151424.jBFEOJHN013784@mail.mysql.com> Below is the list of changes that have just been committed into a local 5.0 repository of pem. When pem does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet 1.1982 05/12/15 15:23:16 pem@stripped +3 -0 Fixed BUG#14834: Server denies to execute Stored Procedure The problem was that databases with '_' in the name did not match a correct ACL with a literal '_' (i.e. '\_') in the db name, only identical strings matched. The fix makes this work, and also ACLs with wildcards in the db name work. sql/sql_acl.cc 1.185 05/12/15 15:23:09 pem@stripped +1 -1 Match wild db:s in ACL in acl_getroot_no_password() (used for "suid" security context switching when invoking stored routines) mysql-test/t/sp-security.test 1.26 05/12/15 15:23:09 pem@stripped +44 -0 New test case for BUG#14834 mysql-test/r/sp-security.result 1.23 05/12/15 15:23:09 pem@stripped +21 -0 New test case for BUG#14834 # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: pem # Host: mysql.comhem.se # Root: /usr/home/pem/bug14834/mysql-5.0 --- 1.184/sql/sql_acl.cc 2005-12-06 17:04:21 +01:00 +++ 1.185/sql/sql_acl.cc 2005-12-15 15:23:09 +01:00 @@ -987,7 +987,7 @@ { if (compare_hostname(&acl_db->host, host, ip)) { - if (!acl_db->db || (db && !strcmp(acl_db->db, db))) + if (!acl_db->db || (db && !wild_compare(db, acl_db->db, 0))) { sctx->db_access= acl_db->access; break; --- 1.22/mysql-test/r/sp-security.result 2005-10-17 17:08:51 +02:00 +++ 1.23/mysql-test/r/sp-security.result 2005-12-15 15:23:09 +01:00 @@ -263,3 +263,24 @@ ERROR 42000: execute command denied to user 'user_bug12812'@'localhost' for routine 'test.bug12812' DROP USER user_bug12812@localhost| drop function bug12812| +create database db_bug14834; +create user user1_bug14834@localhost identified by ''; +grant all on `db\_bug14834`.* to user1_bug14834@localhost; +create user user2_bug14834@localhost identified by ''; +grant all on `db\_bug14834`.* to user2_bug14834@localhost; +create user user3_bug14834@localhost identified by ''; +grant all on `db__ug14834`.* to user3_bug14834@localhost; +create procedure p_bug14834() select user(), current_user(); +call p_bug14834(); +user() current_user() +user1_bug14834@localhost user1_bug14834@localhost +call p_bug14834(); +user() current_user() +user2_bug14834@localhost user1_bug14834@localhost +call p_bug14834(); +user() current_user() +user3_bug14834@localhost user1_bug14834@localhost +drop user user1_bug14834@localhost; +drop user user2_bug14834@localhost; +drop user user3_bug14834@localhost; +drop database db_bug14834; --- 1.25/mysql-test/t/sp-security.test 2005-10-28 11:00:48 +02:00 +++ 1.26/mysql-test/t/sp-security.test 2005-12-15 15:23:09 +01:00 @@ -437,4 +437,48 @@ DROP USER user_bug12812@localhost| drop function bug12812| delimiter ;| + + +# +# BUG#14834: Server denies to execute Stored Procedure +# +# The problem here was with '_' in the database name. +# +create database db_bug14834; + +create user user1_bug14834@localhost identified by ''; +# The exact name of the database (no wildcard) +grant all on `db\_bug14834`.* to user1_bug14834@localhost; + +create user user2_bug14834@localhost identified by ''; +# The exact name of the database (no wildcard) +grant all on `db\_bug14834`.* to user2_bug14834@localhost; + +create user user3_bug14834@localhost identified by ''; +# Wildcards in the database name +grant all on `db__ug14834`.* to user3_bug14834@localhost; + +connect (user1_bug14834,localhost,user1_bug14834,,db_bug14834); +# Create the procedure and check that we can call it +create procedure p_bug14834() select user(), current_user(); +call p_bug14834(); + +connect (user2_bug14834,localhost,user2_bug14834,,db_bug14834); +# This didn't work before +call p_bug14834(); + +connect (user3_bug14834,localhost,user3_bug14834,,db_bug14834); +# Should also work +call p_bug14834(); + +# Cleanup +connection default; +disconnect user1_bug14834; +disconnect user2_bug14834; +disconnect user3_bug14834; +drop user user1_bug14834@localhost; +drop user user2_bug14834@localhost; +drop user user3_bug14834@localhost; +drop database db_bug14834; + # End of 5.0 bugs.