• Dmitry Lenev's avatar
    Fix for bug#36544 "DROP USER does not remove stored function · e960abc7
    Dmitry Lenev authored
    privileges".
    
    The first problem was that DROP USER didn't properly remove privileges 
    on stored functions from in-memory structures. So the dropped user
    could have called stored functions on which he had privileges before
    being dropped while his connection was still around.
    Even worse if a new user with the same name was created he would
    inherit privileges on stored functions from the dropped user.
    Similar thing happened with old user name and function privileges
    during RENAME USER.
    
    This problem stemmed from the fact that the handle_grant_data() function
    which handled DROP/RENAME USER didn't take any measures to update
    in-memory hash with information about function privileges after
    updating them on disk.
    
    This patch solves this problem by adding code doing just that.
    
    The second problem was that RENAME USER didn't properly update in-memory
    structures describing table-level privileges and privileges on stored 
    procedures. As result such privileges could have been lost after a rename
    (i.e. not associated with the new name of user) and inherited by a new
    user with the same name as the old name of the original user.
    
    This problem was caused by code handling RENAME USER in
    handle_grant_struct() which [sic!]:
    a) tried to update wrong (tables) hash when updating stored procedure
       privileges for new user name.
    b) passed wrong arguments to function performing the hash update and
       didn't take into account the way in which such update could have
       changed the order of the hash elements.
    
    This patch solves this problem by ensuring that a) the correct hash
    is updated, b) correct arguments are used for the hash_update()
    function and c) we take into account possible changes in the order
    of hash elements.
    e960abc7
grant.result 62.3 KB