List:Internals« Previous MessageNext Message »
From:Jim Winstead Date:August 9 2005 12:57am
Subject:bk commit into 4.1 tree (jimw:1.2369) BUG#12302
View as plain text  
Below is the list of changes that have just been committed into a local
4.1 repository of jimw. When jimw does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2369 05/08/08 15:57:28 jimw@stripped +4 -0
  Use the hostname with which the user authenticated when determining which
  user to update with 'SET PASSWORD = ...'. (Bug #12302)

  sql/sql_acl.cc
    1.167 05/08/08 15:57:26 jimw@stripped +1 -1
    Check the host with which the user is authenticated to decide whether
    they are changing their own password and access to the mysql database
    is implied.

  sql/set_var.cc
    1.173 05/08/08 15:57:25 jimw@stripped +13 -1
    When handling 'SET PASSWORD = ...' (with no user specified), use the
    hostname with which the user was authenticated.

  mysql-test/t/grant2.test
    1.13 05/08/08 15:57:25 jimw@stripped +26 -0
    Add new regression test

  mysql-test/r/grant2.result
    1.12 05/08/08 15:57:25 jimw@stripped +15 -0
    Update results

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	jimw
# Host:	rama.(none)
# Root:	/home/jimw/my/mysql-4.1-12302

--- 1.166/sql/sql_acl.cc	2005-06-20 10:21:33 -07:00
+++ 1.167/sql/sql_acl.cc	2005-08-08 15:57:26 -07:00
@@ -1188,7 +1188,7 @@
   }
   if (!thd->slave_thread &&
       (strcmp(thd->user,user) ||
-       my_strcasecmp(&my_charset_latin1, host, thd->host_or_ip)))
+       my_strcasecmp(&my_charset_latin1, host, thd->priv_host)))
   {
     if (check_access(thd, UPDATE_ACL, "mysql",0,1,0))
       return(1);

--- 1.172/sql/set_var.cc	2005-07-15 12:43:48 -07:00
+++ 1.173/sql/set_var.cc	2005-08-08 15:57:25 -07:00
@@ -2944,7 +2944,19 @@
 {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   if (!user->host.str)
-    user->host.str= (char*) thd->host_or_ip;
+  {
+    if (thd->priv_host != 0)
+    {
+      user->host.str= (char*) thd->priv_host;
+      user->host.length= strlen(thd->priv_host);
+    }
+    else
+    {
+      user->host.str= (char *)"%";
+      user->host.length= 1;
+    }
+  }
+
   /* Returns 1 as the function sends error to client */
   return check_change_password(thd, user->host.str, user->user.str,
                                password, strlen(password)) ? 1 : 0;

--- 1.11/mysql-test/r/grant2.result	2005-03-27 05:46:00 -08:00
+++ 1.12/mysql-test/r/grant2.result	2005-08-08 15:57:25 -07:00
@@ -94,5 +94,20 @@
 2
 3
 REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0';
+delete from mysql.user where user like 'mysqltest\_1';
+flush privileges;
 drop table mysqltest_1.t1;
+grant all on mysqltest_1.* to mysqltest_1@'127.0.0.1';
+select current_user();
+current_user()
+mysqltest_1@stripped
+set password = password('changed');
+select length(password) from mysql.user where user like 'mysqltest\_1';
+length(password)
+41
+revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.1';
+delete from mysql.user where user like 'mysqltest\_1';
+flush privileges;
 drop database mysqltest_1;
+set password = password("changed");
+ERROR 42000: Access denied for user ''@'localhost' to database 'mysql'

--- 1.12/mysql-test/t/grant2.test	2005-07-27 17:21:42 -07:00
+++ 1.13/mysql-test/t/grant2.test	2005-08-08 15:57:25 -07:00
@@ -122,7 +122,33 @@
 disconnect n1;
 connection default;
 REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0';
+delete from mysql.user where user like 'mysqltest\_1';
+flush privileges;
 drop table mysqltest_1.t1;
+
+#
+# Bug #12302: 'SET PASSWORD = ...' didn't work if connecting hostname !=
+# hostname the current user is authenticated as
+#
+grant all on mysqltest_1.* to mysqltest_1@'127.0.0.1';
+connect (b12302,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,);
+connection b12302;
+select current_user();
+set password = password('changed');
+disconnect b12302;
+connection default;
+select length(password) from mysql.user where user like 'mysqltest\_1';
+revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.1';
+delete from mysql.user where user like 'mysqltest\_1';
+flush privileges;
 drop database mysqltest_1;
+
+# But anonymous users can't change their password
+connect (n5,localhost,test,,test,$MASTER_MYPORT,$MASTER_MYSOCK);
+connection n5;
+--error 1044
+set password = password("changed");
+disconnect n5;
+connection default;
 
 # End of 4.1 tests
Thread
bk commit into 4.1 tree (jimw:1.2369) BUG#12302Jim Winstead9 Aug