Loading mysql-test/r/sp-security.result +31 −0 Original line number Diff line number Diff line Loading @@ -420,3 +420,34 @@ ERROR HY000: There is no 'mysqltest_1'@'localhost' registered ---> connection: root DROP USER mysqltest_2@localhost; DROP DATABASE mysqltest; GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO user19857@localhost; SELECT Host,User,Password FROM mysql.user WHERE User='user19857'; Host User Password localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C ---> connection: mysqltest_2_con use test; CREATE PROCEDURE sp19857() DETERMINISTIC BEGIN DECLARE a INT; SET a=1; SELECT a; END // SHOW CREATE PROCEDURE test.sp19857; Procedure sql_mode Create Procedure sp19857 CREATE DEFINER=`user19857`@`localhost` PROCEDURE `sp19857`() DETERMINISTIC BEGIN DECLARE a INT; SET a=1; SELECT a; END DROP PROCEDURE IF EXISTS test.sp19857; ---> connection: root SELECT Host,User,Password FROM mysql.user WHERE User='user19857'; Host User Password localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C DROP USER user19857@localhost; mysql-test/t/mysqldump.test +1 −1 Original line number Diff line number Diff line Loading @@ -610,7 +610,7 @@ drop database db1; # BUG#15328 Segmentation fault occured if my.cnf is invalid for escape sequence # --exec $MYSQL_MY_PRINT_DEFAULTS --defaults-extra-file=$MYSQL_TEST_DIR/std_data/bug15328.cnf mysqldump --exec $MYSQL_MY_PRINT_DEFAULTS --config-file=$MYSQL_TEST_DIR/std_data/bug15328.cnf mysqldump # Loading mysql-test/t/sp-security.test +46 −0 Original line number Diff line number Diff line Loading @@ -744,4 +744,50 @@ DROP USER mysqltest_2@localhost; DROP DATABASE mysqltest; # # Bug#19857 - When a user with CREATE ROUTINE priv creates a routine, # it results in NULL p/w # # Can't test with embedded server that doesn't support grants GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO user19857@localhost; SELECT Host,User,Password FROM mysql.user WHERE User='user19857'; --connect (mysqltest_2_con,localhost,user19857,meow,test) --echo --echo ---> connection: mysqltest_2_con --connection mysqltest_2_con use test; DELIMITER //; CREATE PROCEDURE sp19857() DETERMINISTIC BEGIN DECLARE a INT; SET a=1; SELECT a; END // DELIMITER ;// SHOW CREATE PROCEDURE test.sp19857; --disconnect mysqltest_2_con --connect (mysqltest_2_con,localhost,user19857,meow,test) --connection mysqltest_2_con DROP PROCEDURE IF EXISTS test.sp19857; --echo --echo ---> connection: root --connection con1root --disconnect mysqltest_2_con SELECT Host,User,Password FROM mysql.user WHERE User='user19857'; DROP USER user19857@localhost; # End of 5.0 bugs. sql/sql_acl.cc +44 −15 Original line number Diff line number Diff line Loading @@ -5601,6 +5601,8 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, TABLE_LIST tables[1]; List<LEX_USER> user_list; bool result; ACL_USER *au; char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1]; DBUG_ENTER("sp_grant_privileges"); if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user)))) Loading @@ -5609,17 +5611,20 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, combo->user.str= sctx->user; VOID(pthread_mutex_lock(&acl_cache->lock)); if (!find_acl_user(combo->host.str=(char*)sctx->host_or_ip, combo->user.str, FALSE) && !find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str, FALSE) && !find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str, FALSE) && !find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE)) { if ((au= find_acl_user(combo->host.str=(char*)sctx->host_or_ip,combo->user.str,FALSE))) goto found_acl; if ((au= find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str,FALSE))) goto found_acl; if ((au= find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str,FALSE))) goto found_acl; if((au= find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE))) goto found_acl; VOID(pthread_mutex_unlock(&acl_cache->lock)); DBUG_RETURN(TRUE); } found_acl: VOID(pthread_mutex_unlock(&acl_cache->lock)); bzero((char*)tables, sizeof(TABLE_LIST)); Loading @@ -5632,8 +5637,32 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, combo->user.length= strlen(combo->user.str); combo->host.str= thd->strmake(combo->host.str,combo->host.length); combo->user.str= thd->strmake(combo->user.str,combo->user.length); if(au && au->salt_len) { if (au->salt_len == SCRAMBLE_LENGTH) { make_password_from_salt(passwd_buff, au->salt); combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH; } else if (au->salt_len == SCRAMBLE_LENGTH_323) { make_password_from_salt_323(passwd_buff, (ulong *) au->salt); combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; } else { my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH); return -1; } combo->password.str= passwd_buff; } else { combo->password.str= (char*)""; combo->password.length= 0; } if (user_list.push_back(combo)) DBUG_RETURN(TRUE); Loading Loading
mysql-test/r/sp-security.result +31 −0 Original line number Diff line number Diff line Loading @@ -420,3 +420,34 @@ ERROR HY000: There is no 'mysqltest_1'@'localhost' registered ---> connection: root DROP USER mysqltest_2@localhost; DROP DATABASE mysqltest; GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO user19857@localhost; SELECT Host,User,Password FROM mysql.user WHERE User='user19857'; Host User Password localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C ---> connection: mysqltest_2_con use test; CREATE PROCEDURE sp19857() DETERMINISTIC BEGIN DECLARE a INT; SET a=1; SELECT a; END // SHOW CREATE PROCEDURE test.sp19857; Procedure sql_mode Create Procedure sp19857 CREATE DEFINER=`user19857`@`localhost` PROCEDURE `sp19857`() DETERMINISTIC BEGIN DECLARE a INT; SET a=1; SELECT a; END DROP PROCEDURE IF EXISTS test.sp19857; ---> connection: root SELECT Host,User,Password FROM mysql.user WHERE User='user19857'; Host User Password localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C DROP USER user19857@localhost;
mysql-test/t/mysqldump.test +1 −1 Original line number Diff line number Diff line Loading @@ -610,7 +610,7 @@ drop database db1; # BUG#15328 Segmentation fault occured if my.cnf is invalid for escape sequence # --exec $MYSQL_MY_PRINT_DEFAULTS --defaults-extra-file=$MYSQL_TEST_DIR/std_data/bug15328.cnf mysqldump --exec $MYSQL_MY_PRINT_DEFAULTS --config-file=$MYSQL_TEST_DIR/std_data/bug15328.cnf mysqldump # Loading
mysql-test/t/sp-security.test +46 −0 Original line number Diff line number Diff line Loading @@ -744,4 +744,50 @@ DROP USER mysqltest_2@localhost; DROP DATABASE mysqltest; # # Bug#19857 - When a user with CREATE ROUTINE priv creates a routine, # it results in NULL p/w # # Can't test with embedded server that doesn't support grants GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO user19857@localhost; SELECT Host,User,Password FROM mysql.user WHERE User='user19857'; --connect (mysqltest_2_con,localhost,user19857,meow,test) --echo --echo ---> connection: mysqltest_2_con --connection mysqltest_2_con use test; DELIMITER //; CREATE PROCEDURE sp19857() DETERMINISTIC BEGIN DECLARE a INT; SET a=1; SELECT a; END // DELIMITER ;// SHOW CREATE PROCEDURE test.sp19857; --disconnect mysqltest_2_con --connect (mysqltest_2_con,localhost,user19857,meow,test) --connection mysqltest_2_con DROP PROCEDURE IF EXISTS test.sp19857; --echo --echo ---> connection: root --connection con1root --disconnect mysqltest_2_con SELECT Host,User,Password FROM mysql.user WHERE User='user19857'; DROP USER user19857@localhost; # End of 5.0 bugs.
sql/sql_acl.cc +44 −15 Original line number Diff line number Diff line Loading @@ -5601,6 +5601,8 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, TABLE_LIST tables[1]; List<LEX_USER> user_list; bool result; ACL_USER *au; char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1]; DBUG_ENTER("sp_grant_privileges"); if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user)))) Loading @@ -5609,17 +5611,20 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, combo->user.str= sctx->user; VOID(pthread_mutex_lock(&acl_cache->lock)); if (!find_acl_user(combo->host.str=(char*)sctx->host_or_ip, combo->user.str, FALSE) && !find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str, FALSE) && !find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str, FALSE) && !find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE)) { if ((au= find_acl_user(combo->host.str=(char*)sctx->host_or_ip,combo->user.str,FALSE))) goto found_acl; if ((au= find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str,FALSE))) goto found_acl; if ((au= find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str,FALSE))) goto found_acl; if((au= find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE))) goto found_acl; VOID(pthread_mutex_unlock(&acl_cache->lock)); DBUG_RETURN(TRUE); } found_acl: VOID(pthread_mutex_unlock(&acl_cache->lock)); bzero((char*)tables, sizeof(TABLE_LIST)); Loading @@ -5632,8 +5637,32 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, combo->user.length= strlen(combo->user.str); combo->host.str= thd->strmake(combo->host.str,combo->host.length); combo->user.str= thd->strmake(combo->user.str,combo->user.length); if(au && au->salt_len) { if (au->salt_len == SCRAMBLE_LENGTH) { make_password_from_salt(passwd_buff, au->salt); combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH; } else if (au->salt_len == SCRAMBLE_LENGTH_323) { make_password_from_salt_323(passwd_buff, (ulong *) au->salt); combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; } else { my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH); return -1; } combo->password.str= passwd_buff; } else { combo->password.str= (char*)""; combo->password.length= 0; } if (user_list.push_back(combo)) DBUG_RETURN(TRUE); Loading
