#At file:///home/gluh/MySQL/mysql-5.0-bug-41049/ based on revid:chad@stripped
2730 Sergey Glukhov 2009-01-28
Bug#41049 does syntax "grant" case insensitive?
The problem:
column_priv_hash uses utf8_general_ci collation
for the key comparison. The key consists of user name,
db name and table name. Thus user with privileges on table t1
is able to perform the same operation on T1
(the similar situation with user name & db name).
So collation which is used for column_priv_hash
should be case sensitive.
The fix:
replace system_charset_info with my_charset_utf8_bin
Note:
It's safe for lower-case-table-names mode too because
db name & table name are converted into lower case
(see GRANT_NAME::GRANT_NAME).
modified:
mysql-test/r/lowercase_fs_off.result
mysql-test/t/lowercase_fs_off.test
sql/sql_acl.cc
per-file messages:
mysql-test/r/lowercase_fs_off.result
test result
mysql-test/t/lowercase_fs_off.test
test case
sql/sql_acl.cc
The problem:
column_priv_hash uses utf8_general_ci collation
for the key comparison. The key consists of user name,
db name and table name. Thus user with privileges on table t1
is able to perform the same operation on T1
(the similar situation with user name & db name).
So collation which is used for column_priv_hash
should be case sensitive.
The fix:
replace system_charset_info with my_charset_utf8_bin
Note:
It's safe for lower-case-table-names mode too because
db name & table name are converted into lower case
(see GRANT_NAME::GRANT_NAME).
=== modified file 'mysql-test/r/lowercase_fs_off.result'
--- a/mysql-test/r/lowercase_fs_off.result 2006-11-14 18:45:52 +0000
+++ b/mysql-test/r/lowercase_fs_off.result 2009-01-28 15:39:22 +0000
@@ -10,3 +10,21 @@ create database D1;
ERROR 42000: Access denied for user 'sample'@'localhost' to database 'D1'
drop user 'sample'@'localhost';
drop database if exists d1;
+CREATE DATABASE d1;
+USE d1;
+CREATE TABLE T1(f1 INT);
+CREATE TABLE t1(f1 INT);
+GRANT SELECT ON T1 to user_1@localhost;
+select * from t1;
+ERROR 42000: SELECT command denied to user 'user_1'@'localhost' for table 't1'
+select * from T1;
+f1
+GRANT SELECT ON t1 to user_1@localhost;
+select * from information_schema.table_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
+'user_1'@'localhost' NULL d1 T1 SELECT NO
+'user_1'@'localhost' NULL d1 t1 SELECT NO
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM user_1@localhost;
+DROP USER user_1@localhost;
+DROP DATABASE d1;
+USE test;
=== modified file 'mysql-test/t/lowercase_fs_off.test'
--- a/mysql-test/t/lowercase_fs_off.test 2006-11-14 18:45:52 +0000
+++ b/mysql-test/t/lowercase_fs_off.test 2009-01-28 15:39:22 +0000
@@ -27,3 +27,30 @@ disconnect master;
connection default;
# End of 4.1 tests
+
+#
+# Bug#41049 does syntax "grant" case insensitive?
+#
+CREATE DATABASE d1;
+USE d1;
+CREATE TABLE T1(f1 INT);
+CREATE TABLE t1(f1 INT);
+GRANT SELECT ON T1 to user_1@localhost;
+
+connect (con1,localhost,user_1,,d1);
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from t1;
+select * from T1;
+connection default;
+GRANT SELECT ON t1 to user_1@localhost;
+connection con1;
+select * from information_schema.table_privileges;
+connection default;
+disconnect con1;
+
+REVOKE ALL PRIVILEGES, GRANT OPTION FROM user_1@localhost;
+DROP USER user_1@localhost;
+DROP DATABASE d1;
+USE test;
+
+# End of 5.0 tests
=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc 2008-12-24 14:45:47 +0000
+++ b/sql/sql_acl.cc 2009-01-28 15:39:22 +0000
@@ -3380,7 +3380,7 @@ static my_bool grant_load(TABLE_LIST *ta
THR_MALLOC);
DBUG_ENTER("grant_load");
- (void) hash_init(&column_priv_hash,system_charset_info,
+ (void) hash_init(&column_priv_hash,&my_charset_utf8_bin,
0,0,0, (hash_get_key) get_grant_table,
(hash_free_key) free_grant_table,0);
(void) hash_init(&proc_priv_hash,system_charset_info,
| Thread |
|---|
| • bzr commit into mysql-5.0-bugteam branch (Sergey.Glukhov:2730)Bug#41049 | Sergey Glukhov | 28 Jan |
