List:Commits« Previous MessageNext Message »
From:Tatjana A Nuernberg Date:September 20 2007 4:10pm
Subject:bk commit into 5.0 tree (tnurnberg:1.2476) BUG#19828
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of tnurnberg. When tnurnberg does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-09-20 18:10:35+02:00, tnurnberg@stripped +5 -0
  Bug#19828: Case sensitivity in hostname leads to inconsistent behavior
  
  clean up SHOW GRANTS so it will show host-names with case as entered.
  make REVOKE and friends case-sensitive to make things more intuitive.
  Patch by Martin Friebe.

  mysql-test/r/grant.result@stripped, 2007-09-20 18:10:34+02:00, tnurnberg@stripped +3 -0
    Bug#19828: Case sensitivity in hostname leads to inconsistent behavior
    
    clean up after test so random order of tests is possible

  mysql-test/r/grant3.result@stripped, 2007-09-20 18:10:34+02:00, tnurnberg@stripped +122 -0
    Bug#19828: Case sensitivity in hostname leads to inconsistent behavior
    
    Show that REVOKE, SHOW GRANTS etc. are now consistently case-sensitive.

  mysql-test/t/grant.test@stripped, 2007-09-20 18:10:34+02:00, tnurnberg@stripped +3 -0
    Bug#19828: Case sensitivity in hostname leads to inconsistent behavior
    
    clean up after test so random order of tests is possible

  mysql-test/t/grant3.test@stripped, 2007-09-20 18:10:34+02:00, tnurnberg@stripped +100 -0
    Bug#19828: Case sensitivity in hostname leads to inconsistent behavior
    
    Show that REVOKE, SHOW GRANTS etc. are now consistently case-sensitive.

  sql/sql_acl.cc@stripped, 2007-09-20 18:10:34+02:00, tnurnberg@stripped +31 -10
    Bug#19828: Case sensitivity in hostname leads to inconsistent behavior
    
    clean up SHOW GRANTS so it will show host-names with case as entered.
    make REVOKE and friends case-sensitive to make things more intuitive.
    Patch by Martin Friebe.

diff -Nrup a/mysql-test/r/grant.result b/mysql-test/r/grant.result
--- a/mysql-test/r/grant.result	2007-05-11 22:45:44 +02:00
+++ b/mysql-test/r/grant.result	2007-09-20 18:10:34 +02:00
@@ -1121,6 +1121,9 @@ SELECT * FROM test.t1;
 f1	f2
 1	1
 2	2
+REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost';
+REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost';
+REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost';
 DROP DATABASE db27878;
 use test;
 DROP TABLE t1;
diff -Nrup a/mysql-test/r/grant3.result b/mysql-test/r/grant3.result
--- a/mysql-test/r/grant3.result	2005-03-23 19:18:16 +01:00
+++ b/mysql-test/r/grant3.result	2007-09-20 18:10:34 +02:00
@@ -16,3 +16,125 @@ delete from mysql.db where user like 'my
 delete from mysql.tables_priv where user like 'mysqltest\_%';
 delete from mysql.columns_priv where user like 'mysqltest\_%';
 flush privileges;
+grant select on test.* to CUser@localhost;
+grant select on test.* to CUser@LOCALHOST;
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
+user	host	db	select_priv
+CUser	LOCALHOST	test	Y
+CUser	localhost	test	Y
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
+user	host	db	select_priv
+CUser	localhost	test	Y
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
+user	host	db	select_priv
+DROP USER CUser@localhost;
+DROP USER CUser@LOCALHOST;
+create table t1 (a int);
+grant select on test.t1 to CUser@localhost;
+grant select on test.t1 to CUser@LOCALHOST;
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+user	host	db	Table_name	Table_priv	Column_priv
+CUser	LOCALHOST	test	t1	Select	
+CUser	localhost	test	t1	Select	
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+user	host	db	Table_name	Table_priv	Column_priv
+CUser	localhost	test	t1	Select	
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+user	host	db	Table_name	Table_priv	Column_priv
+DROP USER CUser@localhost;
+DROP USER CUser@LOCALHOST;
+grant select(a) on test.t1 to CUser@localhost;
+grant select(a) on test.t1 to CUser@LOCALHOST;
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+user	host	db	Table_name	Table_priv	Column_priv
+CUser	LOCALHOST	test	t1		Select
+CUser	localhost	test	t1		Select
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+user	host	db	Table_name	Table_priv	Column_priv
+CUser	localhost	test	t1		Select
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+user	host
+CUser	LOCALHOST
+CUser	localhost
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+user	host	db	Table_name	Table_priv	Column_priv
+DROP USER CUser@localhost;
+DROP USER CUser@LOCALHOST;
+drop table t1;
+grant select on test.* to CUser2@localhost;
+grant select on test.* to CUser2@LOCALHOST;
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
+user	host
+CUser2	LOCALHOST
+CUser2	localhost
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
+user	host	db	select_priv
+CUser2	LOCALHOST	test	Y
+CUser2	localhost	test	Y
+REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST';
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
+user	host
+CUser2	LOCALHOST
+CUser2	localhost
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
+user	host	db	select_priv
+CUser2	localhost	test	Y
+REVOKE SELECT ON test.* FROM 'CUser2'@'localhost';
+flush privileges;
+SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
+user	host
+CUser2	LOCALHOST
+CUser2	localhost
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
+user	host	db	select_priv
+DROP USER CUser2@localhost;
+DROP USER CUser2@LOCALHOST;
diff -Nrup a/mysql-test/t/grant.test b/mysql-test/t/grant.test
--- a/mysql-test/t/grant.test	2007-06-01 13:39:53 +02:00
+++ b/mysql-test/t/grant.test	2007-09-20 18:10:34 +02:00
@@ -1144,6 +1144,9 @@ UPDATE v1 SET f2 = 4;
 SELECT * FROM test.t1;
 disconnect user1;
 connection default;
+REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost';
+REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost';
+REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost';
 DROP DATABASE db27878;
 use test;
 DROP TABLE t1;
diff -Nrup a/mysql-test/t/grant3.test b/mysql-test/t/grant3.test
--- a/mysql-test/t/grant3.test	2005-04-04 21:43:54 +02:00
+++ b/mysql-test/t/grant3.test	2007-09-20 18:10:34 +02:00
@@ -34,3 +34,103 @@ delete from mysql.db where user like 'my
 delete from mysql.tables_priv where user like 'mysqltest\_%';
 delete from mysql.columns_priv where user like 'mysqltest\_%';
 flush privileges;
+
+#
+# Bug: #19828 Case sensitivity in Grant/Revoke
+#
+
+grant select on test.* to CUser@localhost;
+grant select on test.* to CUser@LOCALHOST;
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
+
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
+
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser' order by 1,2;
+
+DROP USER CUser@localhost;
+DROP USER CUser@LOCALHOST;
+
+#### table grants
+create table t1 (a int);
+grant select on test.t1 to CUser@localhost;
+grant select on test.t1 to CUser@LOCALHOST;
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+
+DROP USER CUser@localhost;
+DROP USER CUser@LOCALHOST;
+
+### column grants
+
+grant select(a) on test.t1 to CUser@localhost;
+grant select(a) on test.t1 to CUser@LOCALHOST;
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'LOCALHOST';
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'CUser'@'localhost';
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser' order by 1,2;
+SELECT user, host, db, Table_name, Table_priv, Column_priv FROM mysql.tables_priv where user = 'CUser' order by 1,2;
+
+DROP USER CUser@localhost;
+DROP USER CUser@LOCALHOST;
+
+drop table t1;
+
+# revoke on a specific DB only
+
+grant select on test.* to CUser2@localhost;
+grant select on test.* to CUser2@LOCALHOST;
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
+
+REVOKE SELECT ON test.* FROM 'CUser2'@'LOCALHOST';
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
+
+REVOKE SELECT ON test.* FROM 'CUser2'@'localhost';
+flush privileges;
+
+SELECT user, host FROM mysql.user where user = 'CUser2' order by 1,2;
+SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by 1,2;
+
+DROP USER CUser2@localhost;
+DROP USER CUser2@LOCALHOST;
diff -Nrup a/sql/sql_acl.cc b/sql/sql_acl.cc
--- a/sql/sql_acl.cc	2007-06-20 14:24:27 +02:00
+++ b/sql/sql_acl.cc	2007-09-20 18:10:34 +02:00
@@ -1132,7 +1132,7 @@ static void acl_update_db(const char *us
     {
       if (!acl_db->host.hostname && !host[0] ||
 	  acl_db->host.hostname &&
-	  !my_strcasecmp(system_charset_info, host, acl_db->host.hostname))
+          !strcmp(host, acl_db->host.hostname))
       {
 	if (!acl_db->db && !db[0] ||
 	    acl_db->db && !strcmp(db,acl_db->db))
@@ -4344,6 +4344,13 @@ bool mysql_show_grants(THD *thd,LEX_USER
     if (!(host=acl_db->host.hostname))
       host= "";
 
+    /*
+      We do not make SHOW GRANTS case-sensitive here (like REVOKE),
+      but make it case-insensitive because that's the way they are
+      actually applied, and showing fewer privileges than are applied
+      would be wrong from a security point of view.
+    */
+
     if (!strcmp(lex_user->user.str,user) &&
 	!my_strcasecmp(system_charset_info, lex_user->host.str, host))
     {
@@ -4379,8 +4386,8 @@ bool mysql_show_grants(THD *thd,LEX_USER
 	db.append(lex_user->user.str, lex_user->user.length,
 		  system_charset_info);
 	db.append (STRING_WITH_LEN("'@'"));
-	db.append(lex_user->host.str, lex_user->host.length,
-                  system_charset_info);
+	// host and lex_user->host are equal except for case
+	db.append(host, strlen(host), system_charset_info);
 	db.append ('\'');
 	if (want_access & GRANT_ACL)
 	  db.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
@@ -4407,6 +4414,13 @@ bool mysql_show_grants(THD *thd,LEX_USER
     if (!(host= grant_table->host.hostname))
       host= "";
 
+    /*
+      We do not make SHOW GRANTS case-sensitive here (like REVOKE),
+      but make it case-insensitive because that's the way they are
+      actually applied, and showing fewer privileges than are applied
+      would be wrong from a security point of view.
+    */
+
     if (!strcmp(lex_user->user.str,user) &&
 	!my_strcasecmp(system_charset_info, lex_user->host.str, host))
     {
@@ -4487,8 +4501,8 @@ bool mysql_show_grants(THD *thd,LEX_USER
 	global.append(lex_user->user.str, lex_user->user.length,
 		      system_charset_info);
 	global.append(STRING_WITH_LEN("'@'"));
-	global.append(lex_user->host.str,lex_user->host.length,
-		      system_charset_info);
+	// host and lex_user->host are equal except for case
+	global.append(host, strlen(host), system_charset_info);
 	global.append('\'');
 	if (table_access & GRANT_ACL)
 	  global.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
@@ -4543,6 +4557,13 @@ static int show_routine_grants(THD* thd,
     if (!(host= grant_proc->host.hostname))
       host= "";
 
+    /*
+      We do not make SHOW GRANTS case-sensitive here (like REVOKE),
+      but make it case-insensitive because that's the way they are
+      actually applied, and showing fewer privileges than are applied
+      would be wrong from a security point of view.
+    */
+
     if (!strcmp(lex_user->user.str,user) &&
 	!my_strcasecmp(system_charset_info, lex_user->host.str, host))
     {
@@ -4586,8 +4607,8 @@ static int show_routine_grants(THD* thd,
 	global.append(lex_user->user.str, lex_user->user.length,
 		      system_charset_info);
 	global.append(STRING_WITH_LEN("'@'"));
-	global.append(lex_user->host.str,lex_user->host.length,
-		      system_charset_info);
+	// host and lex_user->host are equal except for case
+	global.append(host, strlen(host), system_charset_info);
 	global.append('\'');
 	if (proc_access & GRANT_ACL)
 	  global.append(STRING_WITH_LEN(" WITH GRANT OPTION"));
@@ -5541,7 +5562,7 @@ bool mysql_revoke_all(THD *thd,  List <L
 	  host= "";
 
 	if (!strcmp(lex_user->user.str,user) &&
-	    !my_strcasecmp(system_charset_info, lex_user->host.str, host))
+            !strcmp(lex_user->host.str, host))
 	{
 	  if (!replace_db_table(tables[1].table, acl_db->db, *lex_user, ~(ulong)0, 1))
 	  {
@@ -5572,7 +5593,7 @@ bool mysql_revoke_all(THD *thd,  List <L
 	  host= "";
 
 	if (!strcmp(lex_user->user.str,user) &&
-	    !my_strcasecmp(system_charset_info, lex_user->host.str, host))
+            !strcmp(lex_user->host.str, host))
 	{
 	  if (replace_table_table(thd,grant_table,tables[2].table,*lex_user,
 				  grant_table->db,
@@ -5618,7 +5639,7 @@ bool mysql_revoke_all(THD *thd,  List <L
 	  host= "";
 
 	if (!strcmp(lex_user->user.str,user) &&
-	    !my_strcasecmp(system_charset_info, lex_user->host.str, host))
+            !strcmp(lex_user->host.str, host))
 	{
 	  if (!replace_routine_table(thd,grant_proc,tables[4].table,*lex_user,
 				  grant_proc->db,
Thread
bk commit into 5.0 tree (tnurnberg:1.2476) BUG#19828Tatjana A Nuernberg20 Sep