• Sergey Glukhov's avatar
    Bug#41049 does syntax "grant" case insensitive? · f0a7ff84
    Sergey Glukhov authored
    Problem 1:
    column_priv_hash uses utf8_general_ci collation
    for the key comparison. The key consists of user name,
    db name and table name. Thus user with privileges on table t1
    is able to perform the same operation on T1
    (the similar situation with user name & db name, see acl_cache).
    So collation which is used for column_priv_hash and acl_cache
    should be case sensitive.
    The fix:
    replace system_charset_info with my_charset_utf8_bin for
    column_priv_hash and acl_cache
    Problem 2:
    The same situation with proc_priv_hash, func_priv_hash,
    the only difference is that Routine name is case insensitive.
    So the fix is to use my_charset_utf8_bin for
    proc_priv_hash & func_priv_hash and convert routine name into lower
    case before writing the element into the hash and
    before looking up the key.
    Additional fix: mysql.procs_priv Routine_name field collation
    is changed to utf8_general_ci.
    It's necessary for REVOKE command
    (to find a field by routine hash element values).
    Note: 
    It's safe for lower-case-table-names mode too because
    db name & table name are converted into lower case
    (see GRANT_NAME::GRANT_NAME).
    
    
    mysql-test/include/have_case_insensitive_fs.inc:
      test case
    mysql-test/r/case_insensitive_fs.require:
      test case
    mysql-test/r/grant_lowercase_fs.result:
      test result
    mysql-test/r/lowercase_fs_off.result:
      test result
    mysql-test/r/ps_grant.result:
      test result
    mysql-test/r/system_mysql_db.result:
      changed Routine_name field collation to case insensitive
    mysql-test/t/grant_lowercase_fs.test:
      test case
    mysql-test/t/lowercase_fs_off.test:
      test case
    scripts/mysql_system_tables.sql:
      changed Routine_name field collation to case insensitive
    scripts/mysql_system_tables_fix.sql:
      changed Routine_name field collation to case insensitive
    sql/sql_acl.cc:
      Problem 1:
      column_priv_hash uses utf8_general_ci collation
      for the key comparison. The key consists of user name,
      db name and table name. Thus user with privileges on table t1
      is able to perform the same operation on T1
      (the similar situation with user name & db name, see acl_cache).
      So collation which is used for column_priv_hash and acl_cache
      should be case sensitive.
      The fix:
      replace system_charset_info with my_charset_utf8_bin for
      column_priv_hash and acl_cache
      Problem 2:
      The same situation with proc_priv_hash, func_priv_hash,
      the only difference is that Routine name is case insensitive.
      So the fix is to use my_charset_utf8_bin for
      proc_priv_hash & func_priv_hash and convert routine name into lower
      case before writing the element into the hash and
      before looking up the key.
      Additional fix: mysql.procs_priv Routine_name field collation
      is changed to utf8_general_ci.
      It's necessary for REVOKE command
      (to find a field by routine hash element values).
      Note: 
      It's safe for lower-case-table-names mode too because
      db name & table name are converted into lower case
      (see GRANT_NAME::GRANT_NAME).
    f0a7ff84
ps_grant.result 4.08 KB