From: Date: August 23 2005 12:48am Subject: bk commit into 4.1 tree (jimw:1.2387) BUG#12302 List-Archive: http://lists.mysql.com/internals/28657 X-Bug: 12302 Message-Id: <20050822224855.4CE36A8512@rama.trainedmonkey.com> Below is the list of changes that have just been committed into a local 4.1 repository of jimw. When jimw does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet 1.2387 05/08/22 15:48:50 jimw@stripped +4 -0 Use the hostname with which the user authenticated when determining which user to update with 'SET PASSWORD = ...'. (Bug #12302) sql/sql_acl.cc 1.167 05/08/22 15:48:47 jimw@stripped +11 -8 Add exact flag for find_acl_user, so we can specify that we want an exact match on the hostname. sql/set_var.cc 1.173 05/08/22 15:48:47 jimw@stripped +12 -1 Pass priv_host into check_change_password(). mysql-test/t/grant2.test 1.13 05/08/22 15:48:47 jimw@stripped +38 -0 Add new tests mysql-test/r/grant2.result 1.12 05/08/22 15:48:47 jimw@stripped +26 -0 Add new results # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: jimw # Host: rama.(none) # Root: /home/jimw/my/mysql-4.1-12302 --- 1.166/sql/sql_acl.cc 2005-06-20 10:21:33 -07:00 +++ 1.167/sql/sql_acl.cc 2005-08-22 15:48:47 -07:00 @@ -67,7 +67,8 @@ static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b); static ulong get_sort(uint count,...); static void init_check_host(void); -static ACL_USER *find_acl_user(const char *host, const char *user); +static ACL_USER *find_acl_user(const char *host, const char *user, + my_bool exact); static bool update_user_table(THD *thd, const char *host, const char *user, const char *new_password, uint new_password_len); static void update_hostname(acl_host_and_ip *host, const char *hostname); @@ -1188,7 +1189,7 @@ } if (!thd->slave_thread && (strcmp(thd->user,user) || - my_strcasecmp(&my_charset_latin1, host, thd->host_or_ip))) + my_strcasecmp(&my_charset_latin1, host, thd->priv_host))) { if (check_access(thd, UPDATE_ACL, "mysql",0,1,0)) return(1); @@ -1240,7 +1241,7 @@ VOID(pthread_mutex_lock(&acl_cache->lock)); ACL_USER *acl_user; - if (!(acl_user= find_acl_user(host, user))) + if (!(acl_user= find_acl_user(host, user, TRUE))) { VOID(pthread_mutex_unlock(&acl_cache->lock)); send_error(thd, ER_PASSWORD_NO_MATCH); @@ -1282,7 +1283,7 @@ */ static ACL_USER * -find_acl_user(const char *host, const char *user) +find_acl_user(const char *host, const char *user, my_bool exact) { DBUG_ENTER("find_acl_user"); DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user)); @@ -1298,7 +1299,9 @@ if (!acl_user->user && !user[0] || acl_user->user && !strcmp(user,acl_user->user)) { - if (compare_hostname(&acl_user->host,host,host)) + if (exact ? !my_strcasecmp(&my_charset_latin1, host, + acl_user->host.hostname) : + compare_hostname(&acl_user->host,host,host)) { DBUG_RETURN(acl_user); } @@ -1689,7 +1692,7 @@ } /* Check if there is such a user in user table in memory? */ - if (!find_acl_user(combo.host.str,combo.user.str)) + if (!find_acl_user(combo.host.str,combo.user.str, FALSE)) { my_error(ER_PASSWORD_NO_MATCH,MYF(0)); DBUG_RETURN(-1); @@ -2151,7 +2154,7 @@ The following should always succeed as new users are created before this function is called! */ - if (!find_acl_user(combo.host.str,combo.user.str)) + if (!find_acl_user(combo.host.str,combo.user.str, FALSE)) { my_error(ER_PASSWORD_NO_MATCH,MYF(0)); /* purecov: deadcode */ DBUG_RETURN(-1); /* purecov: deadcode */ @@ -3448,7 +3451,7 @@ void get_mqh(const char *user, const char *host, USER_CONN *uc) { ACL_USER *acl_user; - if (initialized && (acl_user= find_acl_user(host,user))) + if (initialized && (acl_user= find_acl_user(host,user, FALSE))) uc->user_resources= acl_user->user_resource; else bzero((char*) &uc->user_resources, sizeof(uc->user_resources)); --- 1.172/sql/set_var.cc 2005-07-15 12:43:48 -07:00 +++ 1.173/sql/set_var.cc 2005-08-22 15:48:47 -07:00 @@ -2944,7 +2944,18 @@ { #ifndef NO_EMBEDDED_ACCESS_CHECKS if (!user->host.str) - user->host.str= (char*) thd->host_or_ip; + { + if (thd->priv_host != 0) + { + user->host.str= (char *) thd->priv_host; + user->host.length= strlen(thd->priv_host); + } + else + { + user->host.str= (char *)"%"; + user->host.length= 1; + } + } /* Returns 1 as the function sends error to client */ return check_change_password(thd, user->host.str, user->user.str, password, strlen(password)) ? 1 : 0; --- 1.11/mysql-test/r/grant2.result 2005-03-27 05:46:00 -08:00 +++ 1.12/mysql-test/r/grant2.result 2005-08-22 15:48:47 -07:00 @@ -94,5 +94,31 @@ 2 3 REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; drop table mysqltest_1.t1; +grant all on mysqltest_1.* to mysqltest_1@'127.0.0.1'; +select current_user(); +current_user() +mysqltest_1@stripped +set password = password('changed'); +select host, length(password) from mysql.user where user like 'mysqltest\_1'; +host length(password) +127.0.0.1 41 +revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.1'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; +grant all on mysqltest_1.* to mysqltest_1@'127.0.0.0/255.0.0.0'; +select current_user(); +current_user() +mysqltest_1@stripped/255.0.0.0 +set password = password('changed'); +select host, length(password) from mysql.user where user like 'mysqltest\_1'; +host length(password) +127.0.0.0/255.0.0.0 41 +revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.0/255.0.0.0'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; drop database mysqltest_1; +set password = password("changed"); +ERROR 42000: Access denied for user ''@'localhost' to database 'mysql' --- 1.12/mysql-test/t/grant2.test 2005-07-27 17:21:42 -07:00 +++ 1.13/mysql-test/t/grant2.test 2005-08-22 15:48:47 -07:00 @@ -122,7 +122,45 @@ disconnect n1; connection default; REVOKE ALL ON mysqltest_1.t1 FROM mysqltest_1@'127.0.0.0/255.0.0.0'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; drop table mysqltest_1.t1; + +# +# Bug #12302: 'SET PASSWORD = ...' didn't work if connecting hostname != +# hostname the current user is authenticated as. Note that a test for this +# was also added to the test above. +# +grant all on mysqltest_1.* to mysqltest_1@'127.0.0.1'; +connect (b12302,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,); +connection b12302; +select current_user(); +set password = password('changed'); +disconnect b12302; +connection default; +select host, length(password) from mysql.user where user like 'mysqltest\_1'; +revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.1'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; +grant all on mysqltest_1.* to mysqltest_1@'127.0.0.0/255.0.0.0'; +connect (b12302_2,127.0.0.1,mysqltest_1,,mysqltest_1,$MASTER_MYPORT,); +connection b12302_2; +select current_user(); +set password = password('changed'); +disconnect b12302_2; +connection default; +select host, length(password) from mysql.user where user like 'mysqltest\_1'; +revoke all on mysqltest_1.* from mysqltest_1@'127.0.0.0/255.0.0.0'; +delete from mysql.user where user like 'mysqltest\_1'; +flush privileges; drop database mysqltest_1; + +# But anonymous users can't change their password +connect (n5,localhost,test,,test,$MASTER_MYPORT,$MASTER_MYSOCK); +connection n5; +--error 1044 +set password = password("changed"); +disconnect n5; +connection default; # End of 4.1 tests