From: Date: February 27 2006 4:42pm
Subject: bk commit into 5.0 tree (msvensson:1.2068) BUG#17279
List-Archive: http://lists.mysql.com/commits/3197
X-Bug: 17279
Message-Id: <20060227154211.A34245454F@devsrv-b.mysql.com>

Below is the list of changes that have just been committed into a local
5.0 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2068 06/02/27 16:41:58 msvensson@stripped +3 -0
  Bug#17279 user with no global privs and with create priv in db can create databases
   - Use binary charset in acl_cache, to make searches case sensitive
   - Add testcase 

  sql/sql_acl.cc
    1.188 06/02/27 16:41:51 msvensson@stripped +3 -1
    Use binary charset for the acl_cache to make the hash lookups case sensitive.
    Thus denying user with access to "TESTDB" access to "TEStdb" 

  mysql-test/t/grant2.test
    1.31 06/02/27 16:41:50 msvensson@stripped +35 -0
    Add test case for bug#17279, checking that user with access to TESTDB can't create TEStdb

  mysql-test/r/grant2.result
    1.25 06/02/27 16:41:50 msvensson@stripped +22 -0
    Update test result

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	msvensson
# Host:	devsrv-b.mysql.com
# Root:	/space/magnus/bug17279/my50-bug17279

--- 1.187/sql/sql_acl.cc	2006-01-26 13:29:42 +01:00
+++ 1.188/sql/sql_acl.cc	2006-02-27 16:41:51 +01:00
@@ -148,7 +148,9 @@
 
   acl_cache= new hash_filo(ACL_CACHE_SIZE, 0, 0,
                            (hash_get_key) acl_entry_get_key,
-                           (hash_free_key) free, system_charset_info);
+                           (hash_free_key) free,
+                           /* Use the case sensitive "binary" charset */
+                           &my_charset_bin);
   if (dont_read_acl_tables)
   {
     DBUG_RETURN(0); /* purecov: tested */

--- 1.24/mysql-test/r/grant2.result	2006-01-26 17:54:26 +01:00
+++ 1.25/mysql-test/r/grant2.result	2006-02-27 16:41:50 +01:00
@@ -334,3 +334,25 @@
  revoke all on *.* from 'mysqltest_1'@'localhost';
 unlock tables;
 drop user 'mysqltest_1'@'localhost';
+create database TESTDB;
+create table t2(a int);
+create temporary table t1 as select * from mysql.user;
+delete from mysql.user where host='localhost';
+INSERT INTO mysql.user VALUES
+('%','mysqltest_1',password('password'),'N','N','N','N','N','N',
+'N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N',
+'','','','',0,0,0,0);
+INSERT INTO mysql.db VALUES
+('%','TESTDB','mysqltest_1','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','N','Y','Y','Y','
+Y','N');
+Warnings:
+Warning	1265	Data truncated for column 'Alter_routine_priv' at row 1
+FLUSH PRIVILEGES;
+create database TEStdb;
+ERROR 42000: Access denied for user 'mysqltest_1'@'%' to database 'TEStdb'
+delete from mysql.user;
+delete from mysql.db where host='%' and user='mysqltest_1' and db='TESTDB';
+insert into mysql.user select * from t1;
+drop table t1, t2;
+drop database TESTDB;
+flush privileges;

--- 1.30/mysql-test/t/grant2.test	2006-01-26 17:54:27 +01:00
+++ 1.31/mysql-test/t/grant2.test	2006-02-27 16:41:50 +01:00
@@ -429,3 +429,38 @@
 disconnect con3root;
 
 # End of 4.1 tests
+
+#
+# Bug#17279 user with no global privs and with create
+#           priv in db can create databases
+#
+
+create database TESTDB;
+create table t2(a int);
+create temporary table t1 as select * from mysql.user;
+delete from mysql.user where host='localhost';
+INSERT INTO mysql.user VALUES
+('%','mysqltest_1',password('password'),'N','N','N','N','N','N',
+'N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N',
+'','','','',0,0,0,0);
+INSERT INTO mysql.db VALUES
+('%','TESTDB','mysqltest_1','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','N','Y','Y','Y','
+Y','N');
+FLUSH PRIVILEGES;
+
+connect (con1,localhost,mysqltest_1,password,TESTDB);
+
+# The user mysqltest_1 should only be allowed access to
+# database TESTDB, not TEStdb
+--error 1044
+create database TEStdb;
+
+# Clean-up
+connection default;
+delete from mysql.user;
+delete from mysql.db where host='%' and user='mysqltest_1' and db='TESTDB';
+insert into mysql.user select * from t1;
+drop table t1, t2;
+drop database TESTDB;
+flush privileges;
+