Commit 4cc8cda3 authored by Sergei Golubchik's avatar Sergei Golubchik

Remove the very old historical but never documented behavior,

than an empty host '' is the same as any-host wildcard '%'.

Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables.

Side effect: one cannot have foo@'' and foo@'%' both at the same time
(but one can have foo@'%' and foo@'%%')
parent cefe5d96
......@@ -15,7 +15,7 @@ show grants;
Grants for root@localhost
GRANT r1 TO 'root'@'localhost'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
GRANT USAGE ON *.* TO 'r1'
drop role r1;
select * from mysql.roles_mapping;
......@@ -23,4 +23,4 @@ HostFk UserFk RoleFk
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
......@@ -16,25 +16,25 @@ update mysql.user set Reload_priv='Y' where user like 'r_rld';
update mysql.user set is_role='Y' where user like 'r\_%';
select * from mysql.user where user='r_sel';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
r_sel Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% r_sel Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_ins';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
r_ins N Y N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% r_ins N Y N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_upd';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
r_upd N N Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% r_upd N N Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_del';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
r_del N N N Y N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% r_del N N N Y N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_crt';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
r_crt N N N N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% r_crt N N N N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_drp';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
r_drp N N N N N Y N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% r_drp N N N N N Y N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_rld';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
r_rld N N N N N N Y N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% r_rld N N N N N N Y N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_user',
'r_sel');
......
......@@ -12,8 +12,8 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
flush privileges;
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_role2
test_role1 %
test_role2 %
test_user localhost
select * from mysql.roles_mapping where UserFk like 'test_user';
HostFk UserFk RoleFk
......@@ -24,10 +24,11 @@ HostFk UserFk RoleFk
grant select on *.* to 'test_role2'@'';
select * from mysql.user where user like 'test_role1';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
test_role1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% test_role1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user like 'test_role2';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
test_role2 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% test_role2 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
flush privileges;
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
......
......@@ -6,7 +6,7 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
'test_role1');
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_role1 %
test_user localhost
select * from mysql.roles_mapping;
HostFk UserFk RoleFk
......@@ -14,7 +14,7 @@ localhost test_user test_role1
grant select on *.* to 'test_role1'@'';
select * from mysql.user where user='test_role1';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
test_role1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
% test_role1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
flush privileges;
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
......
......@@ -569,7 +569,7 @@ USE test;
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
SET GLOBAL event_scheduler = ON;
CREATE TABLE events_test.event_log
(id int KEY AUTO_INCREMENT, ev_nm char(40), ev_cnt int, ev_tm timestamp)
......
This diff is collapsed.
......@@ -7,11 +7,11 @@ flush status;
show grants for current_user;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
create database if not exists mysqltest;
create table mysqltest.t1 (a int,b int,c int);
create table mysqltest.t2 (a int,b int,c int);
......
......@@ -7,11 +7,11 @@ flush status;
show grants for current_user;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
create database if not exists mysqltest;
create table mysqltest.t1 (a int,b int,c int);
create table mysqltest.t2 (a int,b int,c int);
......
......@@ -116,7 +116,7 @@ ERROR 42000: There is no such grant defined for user 'grant_plug' on host '%'
in grant_plug_dest_con
## testing what an ordinary user can grant
this should fail : no rights to grant all
GRANT PROXY ON ''@'' TO grant_plug;
GRANT PROXY ON ''@'%%' TO grant_plug;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : not the same user
GRANT PROXY ON grant_plug TO grant_plug_dest;
......@@ -139,15 +139,15 @@ ERROR 42000: You are not allowed to create a user with GRANT
in default connection
# test what root can grant
should work : root has PROXY to all users
GRANT PROXY ON ''@'' TO grant_plug;
REVOKE PROXY ON ''@'' FROM grant_plug;
GRANT PROXY ON ''@'%%' TO grant_plug;
REVOKE PROXY ON ''@'%%' FROM grant_plug;
should work : root has PROXY to all users
GRANT PROXY ON ''@'' TO proxy_admin IDENTIFIED BY 'test'
GRANT PROXY ON ''@'%%' TO proxy_admin IDENTIFIED BY 'test'
WITH GRANT OPTION;
need USAGE : PROXY doesn't contain it.
GRANT USAGE on *.* TO proxy_admin;
in proxy_admin_con;
should work : proxy_admin has proxy to ''@''
should work : proxy_admin has proxy to ''@'%%'
GRANT PROXY ON future_user TO grant_plug;
in default connection
SHOW GRANTS FOR grant_plug;
......@@ -234,25 +234,25 @@ DROP USER plug_dest;
# Bug #56798 : Wrong credentials assigned when using a proxy user.
#
GRANT ALL PRIVILEGES ON *.* TO power_user;
GRANT USAGE ON anonymous_db.* TO ''@''
GRANT USAGE ON anonymous_db.* TO ''@'%%'
IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
GRANT PROXY ON power_user TO ''@'';
GRANT PROXY ON power_user TO ''@'%%';
CREATE DATABASE confidential_db;
SELECT user(),current_user(),@@proxy_user;
user() current_user() @@proxy_user
test_login_user@localhost power_user@% ''@''
test_login_user@localhost power_user@% ''@'%%'
DROP USER power_user;
DROP USER ''@'';
DROP USER ''@'%%';
DROP DATABASE confidential_db;
# Test case #2 (crash with double grant proxy)
CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
CREATE USER ''@'%%' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
CREATE USER standard_user;
CREATE DATABASE shared;
GRANT ALL PRIVILEGES ON shared.* TO standard_user;
GRANT PROXY ON standard_user TO ''@'';
GRANT PROXY ON standard_user TO ''@'%%';
#should not crash
GRANT PROXY ON standard_user TO ''@'';
DROP USER ''@'';
GRANT PROXY ON standard_user TO ''@'%%';
DROP USER ''@'%%';
DROP USER standard_user;
DROP DATABASE shared;
#
......
......@@ -186,7 +186,7 @@ connection default;
disconnect plug_user;
DROP USER new_user,new_dest,plug_dest;
========== test 2, 2.1, 2.2 ================================
CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
......@@ -204,7 +204,7 @@ connection default;
disconnect proxy_con;
connect(proxy_con,localhost,proxy_user,proxied_user);
ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES)
GRANT PROXY ON proxied_user TO ''@'';
GRANT PROXY ON proxied_user TO ''@'%%';
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
......@@ -218,11 +218,11 @@ proxy_user@localhost proxied_user@%
========== test 2.2.1 ======================================
SELECT @@proxy_user;
@@proxy_user
''@''
''@'%%'
connection default;
disconnect proxy_con;
DROP USER ''@'',proxied_user;
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@''
DROP USER ''@'%%',proxied_user;
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'%%'
IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
......@@ -240,7 +240,7 @@ connection default;
disconnect proxy_con;
connect(proxy_con,localhost,proxy_user,proxied_user);
ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES)
GRANT PROXY ON proxied_user TO ''@'';
GRANT PROXY ON proxied_user TO ''@'%%';
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
......@@ -253,21 +253,21 @@ USER() CURRENT_USER()
proxy_user@localhost proxied_user@%
SELECT @@proxy_user;
@@proxy_user
''@''
''@'%%'
connection default;
disconnect proxy_con;
DROP USER ''@'',proxied_user;
CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
DROP USER ''@'%%',proxied_user;
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd';
CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd';
CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd';
CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd';
CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd';
GRANT PROXY ON proxied_user_1 TO ''@'';
GRANT PROXY ON proxied_user_2 TO ''@'';
GRANT PROXY ON proxied_user_3 TO ''@'';
GRANT PROXY ON proxied_user_4 TO ''@'';
GRANT PROXY ON proxied_user_5 TO ''@'';
GRANT PROXY ON proxied_user_1 TO ''@'%%';
GRANT PROXY ON proxied_user_2 TO ''@'%%';
GRANT PROXY ON proxied_user_3 TO ''@'%%';
GRANT PROXY ON proxied_user_4 TO ''@'%%';
GRANT PROXY ON proxied_user_5 TO ''@'%%';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
test_plugin_server proxied_user
......@@ -322,7 +322,7 @@ disconnect proxy_con_2;
disconnect proxy_con_3;
disconnect proxy_con_4;
disconnect proxy_con_5;
DROP USER ''@'',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;
DROP USER ''@'%%',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;
========== test 3 ==========================================
GRANT ALL PRIVILEGES ON *.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
......
......@@ -36,14 +36,14 @@ CREATE DEFINER=a@'' FUNCTION f3() RETURNS INT
RETURN 3;
SHOW CREATE VIEW v3;
View Create View character_set_client collation_connection
v3 CREATE ALGORITHM=UNDEFINED DEFINER=`a`@`` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`c` AS `c` from `t1` latin1 latin1_swedish_ci
v3 CREATE ALGORITHM=UNDEFINED DEFINER=`a`@`%` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`c` AS `c` from `t1` latin1 latin1_swedish_ci
SHOW CREATE PROCEDURE p3;
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
p3 CREATE DEFINER=`a`@`` PROCEDURE `p3`()
p3 CREATE DEFINER=`a`@`%` PROCEDURE `p3`()
SELECT 3 latin1 latin1_swedish_ci latin1_swedish_ci
SHOW CREATE FUNCTION f3;
Function sql_mode Create Function character_set_client collation_connection Database Collation
f3 CREATE DEFINER=`a`@`` FUNCTION `f3`() RETURNS int(11)
f3 CREATE DEFINER=`a`@`%` FUNCTION `f3`() RETURNS int(11)
RETURN 3 latin1 latin1_swedish_ci latin1_swedish_ci
DROP TRIGGER t1_bi;
DROP TRIGGER ti_ai;
......
......@@ -9,11 +9,11 @@ end|
call bug4902()|
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
call bug4902()|
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
drop procedure bug4902|
drop procedure if exists bug4902_2|
create procedure bug4902_2()
......@@ -156,11 +156,11 @@ create procedure 15298_2 () sql security definer show grants;
call 15298_1();
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
call 15298_2();
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
drop user mysqltest_1@localhost;
drop procedure 15298_1;
drop procedure 15298_2;
......
......@@ -531,13 +531,13 @@ drop user mysqltest_1@localhost;
drop database mysqltest;
create definer=some_user@`` sql security invoker view v1 as select 1;
Warnings:
Note 1449 The user specified as a definer ('some_user'@'') does not exist
Note 1449 The user specified as a definer ('some_user'@'%') does not exist
create definer=some_user@localhost sql security invoker view v2 as select 1;
Warnings:
Note 1449 The user specified as a definer ('some_user'@'localhost') does not exist
show create view v1;
View Create View character_set_client collation_connection
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`some_user`@`` SQL SECURITY INVOKER VIEW `v1` AS select 1 AS `1` latin1 latin1_swedish_ci
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`some_user`@`%` SQL SECURITY INVOKER VIEW `v1` AS select 1 AS `1` latin1 latin1_swedish_ci
show create view v2;
View Create View character_set_client collation_connection
v2 CREATE ALGORITHM=UNDEFINED DEFINER=`some_user`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select 1 AS `1` latin1 latin1_swedish_ci
......
......@@ -573,7 +573,7 @@ root@localhost
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
drop trigger trg1_1;
use priv_db;
......
......@@ -574,7 +574,7 @@ root@localhost
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
drop trigger trg1_1;
use priv_db;
......
......@@ -574,7 +574,7 @@ root@localhost
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
drop trigger trg1_1;
use priv_db;
......
......@@ -70,7 +70,7 @@ ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_
SHOW GRANTS;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
CREATE INDEX i_processlist ON processlist (user);
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
DROP TABLE processlist;
......
......@@ -70,7 +70,7 @@ ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_
SHOW GRANTS;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
CREATE INDEX i_processlist ON processlist (user);
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
DROP TABLE processlist;
......
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
grant usage on *.* to 'pfs_user_5'@localhost with GRANT OPTION;
grant SELECT(thread_id, event_id) on performance_schema.events_waits_current
to 'pfs_user_5'@localhost;
......
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
grant ALL on *.* to 'pfs_user_1'@localhost with GRANT OPTION;
grant ALL on performance_schema.* to 'pfs_user_2'@localhost
with GRANT OPTION;
......
......@@ -190,7 +190,7 @@ GRANT EXECUTE ON PROCEDURE `test`.`p1` TO 'user49119'@'localhost'
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
##############################################################
##############################################################
### Showing grants for both users: root and user49119 (master)
......@@ -201,7 +201,7 @@ GRANT EXECUTE ON PROCEDURE `test`.`p1` TO 'user49119'@'localhost'
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
##############################################################
## This statement will make the revoke fail because root has no
## execute grant. However, it will still revoke the grant for
......@@ -217,7 +217,7 @@ GRANT USAGE ON *.* TO 'user49119'@'localhost'
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
##############################################################
#############################################################
### Showing grants for both users: root and user49119 (slave)
......@@ -228,7 +228,7 @@ GRANT USAGE ON *.* TO 'user49119'@'localhost'
SHOW GRANTS FOR CURRENT_USER;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
##############################################################
DROP TABLE t1;
DROP PROCEDURE p1;
......
......@@ -587,7 +587,6 @@ flush privileges;
# Create some users with different hostnames
create user mysqltest_8@'';
create user mysqltest_8;
create user mysqltest_8@host8;
# Try to create them again
......@@ -614,7 +613,6 @@ select * from t1;
disconnect conn3;
connection master;
revoke select on mysqltest.* from mysqltest_8@'';
revoke select on mysqltest.* from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from information_schema.schema_privileges
......@@ -642,7 +640,6 @@ select * from t1;
disconnect conn4;
connection master;
revoke update (a) on t1 from mysqltest_8@'';
revoke update (a) on t1 from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from information_schema.column_privileges;
......@@ -664,7 +661,6 @@ select * from t1;
disconnect conn5;
connection master;
revoke update on t1 from mysqltest_8@'';
revoke update on t1 from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from information_schema.table_privileges;
......@@ -692,10 +688,6 @@ show grants for mysqltest_8;
drop user mysqltest_8@'';
--error ER_NONEXISTING_GRANT
show grants for mysqltest_8@'';
show grants for mysqltest_8;
select * from information_schema.user_privileges
where grantee like "'mysqltest_8'%";
drop user mysqltest_8;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (conn6,localhost,mysqltest_8,,);
......
......@@ -168,7 +168,7 @@ connection grant_plug_dest_con;
--echo ## testing what an ordinary user can grant
--echo this should fail : no rights to grant all
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
GRANT PROXY ON ''@'' TO grant_plug;
GRANT PROXY ON ''@'%%' TO grant_plug;
--echo this should fail : not the same user
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
......@@ -211,11 +211,11 @@ disconnect grant_plug_dest_con;
--echo # test what root can grant
--echo should work : root has PROXY to all users
GRANT PROXY ON ''@'' TO grant_plug;
REVOKE PROXY ON ''@'' FROM grant_plug;
GRANT PROXY ON ''@'%%' TO grant_plug;
REVOKE PROXY ON ''@'%%' FROM grant_plug;
--echo should work : root has PROXY to all users
GRANT PROXY ON ''@'' TO proxy_admin IDENTIFIED BY 'test'
GRANT PROXY ON ''@'%%' TO proxy_admin IDENTIFIED BY 'test'
WITH GRANT OPTION;
--echo need USAGE : PROXY doesn't contain it.
......@@ -225,7 +225,7 @@ connect (proxy_admin_con,localhost,proxy_admin,test);
connection proxy_admin_con;
--echo in proxy_admin_con;
--echo should work : proxy_admin has proxy to ''@''
--echo should work : proxy_admin has proxy to ''@'%%'
GRANT PROXY ON future_user TO grant_plug;
connection default;
......@@ -317,9 +317,9 @@ DROP USER plug_dest;
--echo #
GRANT ALL PRIVILEGES ON *.* TO power_user;
GRANT USAGE ON anonymous_db.* TO ''@''
GRANT USAGE ON anonymous_db.* TO ''@'%%'
IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
GRANT PROXY ON power_user TO ''@'';
GRANT PROXY ON power_user TO ''@'%%';
CREATE DATABASE confidential_db;
connect(plug_con,localhost, test_login_user, power_user, confidential_db);
......@@ -329,24 +329,23 @@ connection default;
disconnect plug_con;
DROP USER power_user;
DROP USER ''@'';
DROP USER ''@'%%';
DROP DATABASE confidential_db;
--echo # Test case #2 (crash with double grant proxy)
CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
CREATE USER ''@'%%' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
CREATE USER standard_user;
CREATE DATABASE shared;
GRANT ALL PRIVILEGES ON shared.* TO standard_user;
GRANT PROXY ON standard_user TO ''@'';
GRANT PROXY ON standard_user TO ''@'%%';
--echo #should not crash
GRANT PROXY ON standard_user TO ''@'';
GRANT PROXY ON standard_user TO ''@'%%';
DROP USER ''@'';
DROP USER ''@'%%';
DROP USER standard_user;
DROP DATABASE shared;
--echo #
--echo # Bug #57551 : Live upgrade fails between 5.1.52 -> 5.5.7-rc
--echo #
......
......@@ -184,7 +184,7 @@ DROP USER new_user,new_dest,plug_dest;
--echo ========== test 2, 2.1, 2.2 ================================
CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
......@@ -202,7 +202,7 @@ disconnect proxy_con;
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(proxy_con,localhost,proxy_user,proxied_user);
--enable_query_log
GRANT PROXY ON proxied_user TO ''@'';
GRANT PROXY ON proxied_user TO ''@'%%';
--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
......@@ -219,9 +219,9 @@ SELECT @@proxy_user;
connection default;
--echo disconnect proxy_con;
disconnect proxy_con;
DROP USER ''@'',proxied_user;
DROP USER ''@'%%',proxied_user;
#
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@''
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'%%'
IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
--sorted_result
......@@ -239,7 +239,7 @@ disconnect proxy_con;
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(proxy_con,localhost,proxy_user,proxied_user);
--enable_query_log
GRANT PROXY ON proxied_user TO ''@'';
GRANT PROXY ON proxied_user TO ''@'%%';
--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
......@@ -255,19 +255,19 @@ SELECT @@proxy_user;
connection default;
--echo disconnect proxy_con;
disconnect proxy_con;
DROP USER ''@'',proxied_user;
DROP USER ''@'%%',proxied_user;
#
CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd';
CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd';
CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd';
CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd';
CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd';
GRANT PROXY ON proxied_user_1 TO ''@'';
GRANT PROXY ON proxied_user_2 TO ''@'';
GRANT PROXY ON proxied_user_3 TO ''@'';
GRANT PROXY ON proxied_user_4 TO ''@'';
GRANT PROXY ON proxied_user_5 TO ''@'';
GRANT PROXY ON proxied_user_1 TO ''@'%%';
GRANT PROXY ON proxied_user_2 TO ''@'%%';
GRANT PROXY ON proxied_user_3 TO ''@'%%';
GRANT PROXY ON proxied_user_4 TO ''@'%%';
GRANT PROXY ON proxied_user_5 TO ''@'%%';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd');
......@@ -312,7 +312,7 @@ disconnect proxy_con_3;
disconnect proxy_con_4;
--echo disconnect proxy_con_5;
disconnect proxy_con_5;
DROP USER ''@'',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;
DROP USER ''@'%%',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;
--echo ========== test 3 ==========================================
......
......@@ -404,9 +404,7 @@ public:
}
void set_host(MEM_ROOT *mem, const char *host_arg)
{
update_hostname(&host,
(host_arg && *host_arg) ?
strdup_root(mem, host_arg) : NULL);
update_hostname(&host, safe_strdup_root(mem, host_arg));
}
bool check_validity(bool check_no_resolve)
......@@ -1319,14 +1317,17 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
while (!(read_record_info.read_record(&read_record_info)))
{
ACL_DB db;
update_hostname(&db.host,get_field(&mem, table->field[MYSQL_DB_FIELD_HOST]));
db.user=get_field(&mem, table->field[MYSQL_DB_FIELD_USER]);
const char *hostname= get_field(&mem, table->field[MYSQL_DB_FIELD_HOST]);
if (!hostname && find_acl_role(db.user))
hostname= "";
update_hostname(&db.host, hostname);
db.db=get_field(&mem, table->field[MYSQL_DB_FIELD_DB]);
if (!db.db)
{
sql_print_warning("Found an entry in the 'db' table with empty database name; Skipped");
continue;
}
db.user=get_field(&mem, table->field[MYSQL_DB_FIELD_USER]);
if (check_no_resolve && hostname_requires_resolving(db.host.hostname))
{
sql_print_warning("'db' entry '%s %s@%s' "
......@@ -1750,8 +1751,7 @@ bool acl_getroot(Security_context *sctx, char *user, char *host,
DBUG_ENTER("acl_getroot");
DBUG_PRINT("enter", ("Host: '%s', Ip: '%s', User: '%s', db: '%s'",
(host ? host : "(NULL)"), (ip ? ip : "(NULL)"),
user, (db ? db : "(NULL)")));
host, ip, user, db));
sctx->user= user;
sctx->host= host;
sctx->ip= ip;
......@@ -2105,7 +2105,7 @@ static void acl_insert_user(const char *user, const char *host,
acl_user.user.str=*user ? strdup_root(&mem,user) : 0;
acl_user.user.length= strlen(user);
update_hostname(&acl_user.host, *host ? strdup_root(&mem, host): 0);
update_hostname(&acl_user.host, safe_strdup_root(&mem, host));
if (plugin->str[0])
{
acl_user.plugin= *plugin;
......@@ -2207,7 +2207,7 @@ static void acl_insert_db(const char *user, const char *host, const char *db,
ACL_DB acl_db;
mysql_mutex_assert_owner(&acl_cache->lock);
acl_db.user=strdup_root(&mem,user);
update_hostname(&acl_db.host, *host ? strdup_root(&mem,host) : 0);
update_hostname(&acl_db.host, safe_strdup_root(&mem, host));
acl_db.db=strdup_root(&mem,db);
acl_db.access=privileges;
if (set_initial_access)
......@@ -3161,10 +3161,11 @@ static const char *calc_ip(const char *ip, long *val, char end)
static void update_hostname(acl_host_and_ip *host, const char *hostname)
{
// fix historical undocumented convention that empty host is the same as '%'
hostname=const_cast<char*>(hostname ? hostname : host_not_specified.str);
host->hostname=(char*) hostname; // This will not be modified!
if (!hostname ||
(!(hostname=calc_ip(hostname,&host->ip,'/')) ||
!(hostname=calc_ip(hostname+1,&host->ip_mask,'\0'))))
if (!(hostname= calc_ip(hostname,&host->ip,'/')) ||
!(hostname= calc_ip(hostname+1,&host->ip_mask,'\0')))
{
host->ip= host->ip_mask=0; // Not a masked ip
}
......@@ -4154,11 +4155,18 @@ GRANT_TABLE::GRANT_TABLE(GRANT_TABLE *source, char *u)
GRANT_NAME::GRANT_NAME(TABLE *form, bool is_routine)
{
update_hostname(&host, get_field(&memex, form->field[0]));
db= get_field(&memex,form->field[1]);
user= get_field(&memex,form->field[2]);
if (!user)
user= (char*) "";
const char *hostname= get_field(&memex, form->field[0]);
mysql_mutex_lock(&acl_cache->lock);
if (!hostname && find_acl_role(user))
hostname= "";
mysql_mutex_unlock(&acl_cache->lock);
update_hostname(&host, hostname);
db= get_field(&memex,form->field[1]);
sort= get_sort(3, host.hostname, db, user);
tname= get_field(&memex,form->field[3]);
if (!db || !tname)
......@@ -8897,6 +8905,9 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
}
}
if (!user_name->host.str)
user_name->host= host_not_specified;
/*
Search all in-memory structures and grant tables
for a mention of the new user/role name.
......
......@@ -13197,12 +13197,23 @@ user:
system_charset_info, 0) ||
check_host_name(&$$->host))
MYSQL_YYABORT;
/*
Convert hostname part of username to lowercase.
It's OK to use in-place lowercase as long as
the character set is utf8.
*/
my_casedn_str(system_charset_info, $$->host.str);
if ($$->host.str[0])
{
/*
Convert hostname part of username to lowercase.
It's OK to use in-place lowercase as long as
the character set is utf8.
*/
my_casedn_str(system_charset_info, $$->host.str);
}
else
{
/*
fix historical undocumented convention that empty host is the
same as '%'
*/
$$->host= host_not_specified;
}
}
| CURRENT_USER optional_braces
{
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment