Commit 2bbde22d authored by unknown's avatar unknown
Browse files

Fixed two bugs in MySQL ACL. 

First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.

Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)

Fixed tests grant.pl and grant2, which were wrong.
parent b766082b

mysql-test/r/grant2.result

+1 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ grant select on `my\_1`.* to mysqltest_4@localhost with grant option; 
ERROR 42000: 'mysqltest_1'@'localhost' is not allowed to create new users

grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'

with grant option;

ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysql'

show grants for mysqltest_1@localhost;

Grants for mysqltest_1@localhost

GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'

mysql-test/t/grant2.test

+1 −0
Original line number Diff line number Diff line
@@ -36,6 +36,7 @@ set @@sql_mode='NO_AUTO_CREATE_USER'; 
select @@sql_mode;

--error 1211

grant select on `my\_1`.* to mysqltest_4@localhost with grant option;

--error 1044

grant select on `my\_1`.* to mysqltest_4@localhost identified by 'mypass'

with grant option;

disconnect user1;

sql/sql_acl.cc

+0 −11
Original line number Diff line number Diff line
@@ -1642,17 +1642,6 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, 
  }

  else

  {

    /*

      Check that the user isn't trying to change a password for another

      user if he doesn't have UPDATE privilege to the MySQL database

    */

    DBUG_ASSERT(combo.host.str != 0);

    if (thd->user && combo.password.str &&

        (strcmp(thd->user,combo.user.str) ||

         my_strcasecmp(system_charset_info,

                       combo.host.str, thd->host_or_ip)) &&

        check_access(thd, UPDATE_ACL, "mysql",0,1,0))

      goto end;

    old_row_exists = 1;

    store_record(table,record[1]);			// Save copy for update

    if (combo.password.str)			// If password given

sql/sql_parse.cc

+18 −0
Original line number Diff line number Diff line
@@ -3626,6 +3626,24 @@ mysql_execute_command(THD *thd) 
		     first_table ? 0 : 1, 0))

      goto error;



    if (thd->user)				// If not replication

    {

      LEX_USER *user;

      List_iterator <LEX_USER> user_list(lex->users_list);

      while ((user=user_list++))

      {

	if (user->password.str &&

	    strcmp(thd->user, user->user.str) ||

	    user->host.str &&

	    my_strcasecmp(system_charset_info,

			  user->host.str, thd->host_or_ip))

	{

	  if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 0))

	    goto error;

	  break;			// We are allowed to do changes

	}

      }

    }

    if (specialflag & SPECIAL_NO_RESOLVE)

    {

      LEX_USER *user;

sql/sql_update.cc

+1 −1
Original line number Diff line number Diff line
@@ -219,7 +219,7 @@ int mysql_update(THD *thd, 
#ifndef NO_EMBEDDED_ACCESS_CHECKS

  /* Check values */

  table_list->grant.want_privilege= table->grant.want_privilege=

    (SELECT_ACL & ~~table->grant.privilege);

    (SELECT_ACL & ~table->grant.privilege);

#endif

  if (setup_fields(thd, 0, table_list, values, 1, 0, 0))

  {