MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Satya B Date:October 20 2009 7:01am
Subject:bzr push into mysql-pe branch (satya.bn:3683)
View as plain text  
 3683 Satya B	2009-10-20 [merge]
      merge to mysql-pe

    modified:
      mysql-test/r/sp.result
      mysql-test/t/sp.test
      sql/sql_yacc.yy
=== modified file 'mysql-test/r/grant3.result'
--- a/mysql-test/r/grant3.result	2008-02-13 15:34:12 +0000
+++ b/mysql-test/r/grant3.result	2009-10-20 06:17:57 +0000
@@ -154,4 +154,42 @@ SELECT * FROM mysqltest_1.t1;
 a
 DROP USER 'mysqltest1'@'%';
 DROP DATABASE mysqltest_1;
+#
+# Bug#41597 - After rename of user, there are additional grants
+#             when grants are reapplied.
+#
+CREATE DATABASE temp;
+CREATE TABLE temp.t1(a INT, b VARCHAR(10));
+INSERT INTO temp.t1 VALUES(1, 'name1');
+INSERT INTO temp.t1 VALUES(2, 'name2');
+INSERT INTO temp.t1 VALUES(3, 'name3');
+CREATE USER 'user1'@'%';
+RENAME USER 'user1'@'%' TO 'user2'@'%';
+# Show privileges after rename and BEFORE grant
+SHOW GRANTS FOR 'user2'@'%';
+Grants for user2@%
+GRANT USAGE ON *.* TO 'user2'@'%'
+GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%';
+# Show privileges after rename and grant
+SHOW GRANTS FOR 'user2'@'%';
+Grants for user2@%
+GRANT USAGE ON *.* TO 'user2'@'%'
+GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%'
+# Connect as the renamed user
+SHOW GRANTS;
+Grants for user2@%
+GRANT USAGE ON *.* TO 'user2'@'%'
+GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%'
+SELECT a FROM temp.t1;
+a
+1
+2
+3
+# Check for additional privileges by accessing a
+# non privileged column. We shouldn't be able to 
+# access this column.
+SELECT b FROM temp.t1;
+ERROR 42000: SELECT command denied to user 'user2'@'localhost' for column 'b' in table 't1'
+DROP USER 'user2'@'%';
+DROP DATABASE temp;
 End of 5.0 tests

=== modified file 'mysql-test/t/grant3.test'
--- a/mysql-test/t/grant3.test	2009-02-02 21:20:25 +0000
+++ b/mysql-test/t/grant3.test	2009-10-20 06:17:57 +0000
@@ -163,6 +163,41 @@ connection default;
 DROP USER 'mysqltest1'@'%';
 DROP DATABASE mysqltest_1;
 
+--echo #
+--echo # Bug#41597 - After rename of user, there are additional grants
+--echo #             when grants are reapplied.
+--echo #
+
+CREATE DATABASE temp;
+CREATE TABLE temp.t1(a INT, b VARCHAR(10));
+INSERT INTO temp.t1 VALUES(1, 'name1');
+INSERT INTO temp.t1 VALUES(2, 'name2');
+INSERT INTO temp.t1 VALUES(3, 'name3');
+
+
+CREATE USER 'user1'@'%';
+RENAME USER 'user1'@'%' TO 'user2'@'%';
+--echo # Show privileges after rename and BEFORE grant
+SHOW GRANTS FOR 'user2'@'%';
+GRANT SELECT (a), INSERT (b) ON `temp`.`t1` TO 'user2'@'%';
+--echo # Show privileges after rename and grant
+SHOW GRANTS FOR 'user2'@'%';
+
+--echo # Connect as the renamed user
+connect (conn1, localhost, user2,,);
+connection conn1;
+SHOW GRANTS;
+SELECT a FROM temp.t1;
+--echo # Check for additional privileges by accessing a
+--echo # non privileged column. We shouldn't be able to 
+--echo # access this column.
+--error ER_COLUMNACCESS_DENIED_ERROR 
+SELECT b FROM temp.t1;
+disconnect conn1;
+
+connection default;
+DROP USER 'user2'@'%';
+DROP DATABASE temp;
 
 --echo End of 5.0 tests
 

=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc	2009-10-16 13:12:38 +0000
+++ b/sql/sql_acl.cc	2009-10-20 06:48:38 +0000
@@ -2320,6 +2320,8 @@ public:
   GRANT_NAME (TABLE *form);
   virtual ~GRANT_NAME() {};
   virtual bool ok() { return privs != 0; }
+  void set_user_details(const char *h, const char *d,
+                        const char *u, const char *t);
 };
 
 
@@ -2337,27 +2339,36 @@ public:
 };
 
 
-
-GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u,
-                       const char *t, ulong p)
-  :privs(p)
+void GRANT_NAME::set_user_details(const char *h, const char *d,
+                                  const char *u, const char *t)
 {
   /* Host given by user */
   update_hostname(&host, strdup_root(&memex, h));
-  db =   strdup_root(&memex,d);
+  if (db != d)
+  {
+    db= strdup_root(&memex, d);
+    if (lower_case_table_names)
+      my_casedn_str(files_charset_info, db);
+  }
   user = strdup_root(&memex,u);
   sort=  get_sort(3,host.hostname,db,user);
-  tname= strdup_root(&memex,t);
-  if (lower_case_table_names)
+  if (tname != t)
   {
-    my_casedn_str(files_charset_info, db);
-    my_casedn_str(files_charset_info, tname);
+    tname= strdup_root(&memex, t);
+    if (lower_case_table_names)
+      my_casedn_str(files_charset_info, tname);
   }
   key_length= strlen(d) + strlen(u)+ strlen(t)+3;
   hash_key=   (char*) alloc_root(&memex,key_length);
   strmov(strmov(strmov(hash_key,user)+1,db)+1,tname);
 }
 
+GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u,
+                       const char *t, ulong p)
+  :db(0), tname(0), privs(p)
+{
+  set_user_details(h, d, u, t);
+}
 
 GRANT_TABLE::GRANT_TABLE(const char *h, const char *d,const char *u,
                 	 const char *t, ulong p, ulong c)
@@ -5628,9 +5639,20 @@ static int handle_grant_struct(uint stru
 
       case 2:
       case 3:
-        grant_name->user= strdup_root(&mem, user_to->user.str);
-        update_hostname(&grant_name->host,
-                        strdup_root(&mem, user_to->host.str));
+        /* 
+          Update the grant structure with the new user name and
+          host name
+        */
+        grant_name->set_user_details(user_to->host.str, grant_name->db,
+                                   user_to->user.str, grant_name->tname);
+
+        /*
+          Since username is part of the hash key, when the user name
+          is renamed, the hash key is changed. Update the hash to
+          ensure that the position matches the new hash key value
+        */
+        my_hash_update(&column_priv_hash, (uchar*) grant_name,
+                    (uchar*) grant_name->hash_key, grant_name->key_length);
 	break;
       }
     }


Attachment: [text/bzr-bundle] bzr/satya.bn@sun.com-20091020070032-sl0lqtiauaxfumto.bundle
Thread
bzr push into mysql-pe branch (satya.bn:3683)Satya B20 Oct