Below is the list of changes that have just been committed into a local
5.0 repository of jani. When jani does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet
1.1817 05/03/17 08:16:56 jani@stripped +6 -0
Fixed two bugs in MySQL ACL.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.
Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)
Fixed tests grant.pl and grant2, which were wrong.
tests/grant.pl
1.17 05/03/17 08:15:54 jani@stripped +2 -2
Fixed two bugs in MySQL ACL.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.
Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)
Fixed tests grant.pl and grant2, which were wrong.
sql/sql_update.cc
1.151 05/03/17 08:15:54 jani@stripped +1 -1
Fixed two bugs in MySQL ACL.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.
Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)
Fixed tests grant.pl and grant2, which were wrong.
sql/sql_parse.cc
1.423 05/03/17 08:15:54 jani@stripped +18 -0
Fixed two bugs in MySQL ACL.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.
Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)
Fixed tests grant.pl and grant2, which were wrong.
sql/sql_acl.cc
1.142 05/03/17 08:15:54 jani@stripped +0 -11
Fixed two bugs in MySQL ACL.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.
Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)
Fixed tests grant.pl and grant2, which were wrong.
mysql-test/t/grant2.test
1.17 05/03/17 08:15:54 jani@stripped +1 -0
Fixed two bugs in MySQL ACL.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.
Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)
Fixed tests grant.pl and grant2, which were wrong.
mysql-test/r/grant2.result
1.19 05/03/17 08:15:53 jani@stripped +1 -0
Fixed two bugs in MySQL ACL.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.
Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)
Fixed tests grant.pl and grant2, which were wrong.
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: jani
# Host: a193-229-222-105.elisa-laajakaista.fi
# Root: /home/my/bk/mysql-5.0-new
--- 1.141/sql/sql_acl.cc Tue Mar 15 16:07:24 2005
+++ 1.142/sql/sql_acl.cc Thu Mar 17 08:15:54 2005
@@ -1642,17 +1642,6 @@
}
else
{
- /*
- Check that the user isn't trying to change a password for another
- user if he doesn't have UPDATE privilege to the MySQL database
- */
- DBUG_ASSERT(combo.host.str != 0);
- if (thd->user && combo.password.str &&
- (strcmp(thd->user,combo.user.str) ||
- my_strcasecmp(system_charset_info,
- combo.host.str, thd->host_or_ip)) &&
- check_access(thd, UPDATE_ACL, "mysql",0,1,0))
- goto end;
old_row_exists = 1;
store_record(table,record[1]); // Save copy for update
if (combo.password.str) // If password given
--- 1.422/sql/sql_parse.cc Thu Mar 17 01:22:08 2005
+++ 1.423/sql/sql_parse.cc Thu Mar 17 08:15:54 2005
@@ -3626,6 +3626,24 @@
first_table ? 0 : 1, 0))
goto error;
+ if (thd->user) // If not replication
+ {
+ LEX_USER *user;
+ List_iterator <LEX_USER> user_list(lex->users_list);
+ while ((user=user_list++))
+ {
+ if (user->password.str &&
+ strcmp(thd->user, user->user.str) ||
+ user->host.str &&
+ my_strcasecmp(system_charset_info,
+ user->host.str, thd->host_or_ip))
+ {
+ if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 0))
+ goto error;
+ break; // We are allowed to do changes
+ }
+ }
+ }
if (specialflag & SPECIAL_NO_RESOLVE)
{
LEX_USER *user;
--- 1.150/sql/sql_update.cc Wed Mar 16 16:10:55 2005
+++ 1.151/sql/sql_update.cc Thu Mar 17 08:15:54 2005
@@ -219,7 +219,7 @@
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Check values */
table_list->grant.want_privilege= table->grant.want_privilege=
- (SELECT_ACL & ~~table->grant.privilege);
+ (SELECT_ACL & ~table->grant.privilege);
#endif
if (setup_fields(thd, 0, table_list, values, 1, 0, 0))
{
--- 1.16/tests/grant.pl Thu Dec 2 11:06:18 2004
+++ 1.17/tests/grant.pl Thu Mar 17 08:15:54 2005
@@ -201,7 +201,7 @@
safe_query("grant CREATE,UPDATE,DROP on $opt_database.* to $user");
user_connect(0);
user_query("create table $opt_database.test2 (a int not null)");
-user_query("update test,test2 SET test.a=1 where 1");
+user_query("update test,test2 SET test.a=1 where 1",1);
user_query("update test,test2 SET test.a=test2.a where 1",1);
safe_query("grant SELECT on $opt_database.* to $user");
user_connect(0);
@@ -375,7 +375,7 @@
user_query("delete from $opt_database.test where A=2");
user_query("update test set b=5 where b>0");
user_query("update test set a=11 where b>5",1);
-user_query("update test,test2 SET test.b=5 where b>0");
+user_query("update test,test2 SET test.b=5 where b>0",1);
user_query("update test,test2 SET test.a=11 where b>0",1);
user_query("update test,test2 SET test.b=test2.a where b>0",1);
user_query("update test,test2 SET test.b=11 where test2.a>0",1);
--- 1.18/mysql-test/r/grant2.result Fri Mar 4 03:44:25 2005
+++ 1.19/mysql-test/r/grant2.result Thu Mar 17 08:15:53 2005
@@ -23,6 +23,7 @@
ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users
grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'
with grant option;
+ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql'
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
--- 1.16/mysql-test/t/grant2.test Fri Mar 4 03:44:25 2005
+++ 1.17/mysql-test/t/grant2.test Thu Mar 17 08:15:54 2005
@@ -36,6 +36,7 @@
select @@sql_mode;
--error 1211
grant select on `my\_1`.* to mysqltest_4@localhost with grant option;
+--error 1044
grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'
with grant option;
disconnect user1;
| Thread |
|---|
| • bk commit into 5.0 tree (jani:1.1817) BUG#7905 | jani | 17 Mar |
