Commit 8b5ddf22 authored by unknown's avatar unknown

Don't give the anonymous user create temp table or lock tables privileges.

SET PASSWORD=... closed connection on error.


Docs/manual.texi:
  Changelog
mysql-test/r/rpl_rotate_logs.result:
  Fixed test
scripts/mysql_fix_privilege_tables.sh:
  Don't give the anonymous user create temp table or lock tables privileges.
sql/set_var.cc:
  SET PASSWORD=... closed connection on error, because MySQL sent the error message twice.
sql/set_var.h:
  SET PASSWORD=... closed connection on error, because MySQL sent the error message twice.
sql/sql_acl.cc:
  Added function comment
sql/sql_db.cc:
  Change type of variable
sql/sql_parse.cc:
  SET PASSWORD=... closed connection on error, because MySQL sent the error message twice.
tests/grant.pl:
  Updated grant test case to work with latest MySQL version
tests/grant.res:
  updated test results
parent 86ce202f
......@@ -50448,6 +50448,9 @@ each individual 4.0.x release.
@itemize @bullet
@item
@code{SET PASSWORD FOR ...} closed the connection in case of errors (bug
from 4.0.3).
@item
Increased max possible @code{max_allowed_packet} in @code{mysqld} to 1G.
@item
Fixed bug when doing a multi-line @code{INSERT} on a table with an
......@@ -80,4 +80,4 @@ select count(*) from t3 where n >= 4;
count(*)
100
unlock tables;
drop table if exists t1,t2,t3;
drop table if exists t1,t2,t3,t4;
......@@ -160,7 +160,7 @@ then
echo ""
echo "Updating new privileges in MySQL 4.0.2 from old ones"
@bindir@/mysql --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
update user set show_db_priv= select_priv, super_priv=process_priv, execute_priv=process_priv, create_tmp_table_priv='Y', Lock_tables_priv='Y', Repl_slave_priv=file_priv, Repl_client_priv=file_priv;
update user set show_db_priv= select_priv, super_priv=process_priv, execute_priv=process_priv, create_tmp_table_priv='Y', Lock_tables_priv='Y', Repl_slave_priv=file_priv, Repl_client_priv=file_priv where user<>"";
END_OF_DATA
echo ""
fi
......
......@@ -896,7 +896,7 @@ byte *sys_var_thd_enum::value_ptr(THD *thd, enum_var_type type)
bool sys_var_thd_bit::update(THD *thd, set_var *var)
{
bool res= (*update_func)(thd, var);
int res= (*update_func)(thd, var);
thd->lex.select_lex.options=thd->options;
return res;
}
......@@ -1010,7 +1010,7 @@ byte *sys_var_insert_id::value_ptr(THD *thd, enum_var_type type)
bool sys_var_slave_skip_counter::check(THD *thd, set_var *var)
{
bool result=0;
int result= 0;
LOCK_ACTIVE_MI;
pthread_mutex_lock(&active_mi->rli.run_lock);
if (active_mi->rli.slave_running)
......@@ -1236,26 +1236,24 @@ sys_var *find_sys_var(const char *str, uint length)
RETURN VALUE
0 ok
1 Something got wrong (normally no variables was updated)
1 ERROR, message sent (normally no variables was updated)
-1 ERROR, message not sent
*/
bool sql_set_variables(THD *thd, List<set_var_base> *var_list)
int sql_set_variables(THD *thd, List<set_var_base> *var_list)
{
bool error=0;
int error= 0;
List_iterator<set_var_base> it(*var_list);
set_var_base *var;
while ((var=it++))
{
if (var->check(thd))
return 1;
if ((error=var->check(thd)))
return error;
}
it.rewind();
while ((var=it++))
{
if (var->update(thd))
error=1;
}
error|= var->update(thd); // Returns 0, -1 or 1
return error;
}
......@@ -1264,14 +1262,14 @@ bool sql_set_variables(THD *thd, List<set_var_base> *var_list)
Functions to handle SET mysql_internal_variable=const_expr
*****************************************************************************/
bool set_var::check(THD *thd)
int set_var::check(THD *thd)
{
if (var->check_type(type))
{
my_error(type == OPT_GLOBAL ? ER_LOCAL_VARIABLE : ER_GLOBAL_VARIABLE,
MYF(0),
var->name);
return 1;
return -1;
}
if ((type == OPT_GLOBAL && check_global_access(thd, SUPER_ACL)))
return 1;
......@@ -1282,28 +1280,29 @@ bool set_var::check(THD *thd)
if (var->check_default(type))
{
my_error(ER_NO_DEFAULT, MYF(0), var->name);
return 1;
return -1;
}
return 0;
}
if (value->fix_fields(thd,0))
return 1;
return -1;
if (var->check_update_type(value->result_type()))
{
my_error(ER_WRONG_TYPE_FOR_VAR, MYF(0), var->name);
return 1;
return -1;
}
return var->check(thd, this);
return var->check(thd, this) ? -1 : 0;
}
bool set_var::update(THD *thd)
int set_var::update(THD *thd)
{
int error;
if (!value)
var->set_default(thd, type);
else if (var->update(thd, this))
return 1; // should never happen
return -1; // should never happen
if (var->after_update)
(*var->after_update)(thd, type);
return 0;
......@@ -1314,19 +1313,19 @@ bool set_var::update(THD *thd)
Functions to handle SET @user_variable=const_expr
*****************************************************************************/
bool set_var_user::check(THD *thd)
int set_var_user::check(THD *thd)
{
return user_var_item->fix_fields(thd,0);
return user_var_item->fix_fields(thd,0) ? -1 : 0;
}
bool set_var_user::update(THD *thd)
int set_var_user::update(THD *thd)
{
if (user_var_item->update())
{
/* Give an error if it's not given already */
send_error(&thd->net, ER_SET_CONSTANTS_ONLY);
return 1;
my_error(ER_SET_CONSTANTS_ONLY, MYF(0));
return -1;
}
return 0;
}
......@@ -1336,16 +1335,19 @@ bool set_var_user::update(THD *thd)
Functions to handle SET PASSWORD
*****************************************************************************/
bool set_var_password::check(THD *thd)
int set_var_password::check(THD *thd)
{
if (!user->host.str)
user->host.str= (char*) thd->host_or_ip;
return check_change_password(thd, user->host.str, user->user.str);
/* Returns 1 as the function sends error to client */
return check_change_password(thd, user->host.str, user->user.str) ? 1 : 0;
}
bool set_var_password::update(THD *thd)
int set_var_password::update(THD *thd)
{
return change_password(thd, user->host.str, user->user.str, password);
/* Returns 1 as the function sends error to client */
return (change_password(thd, user->host.str, user->user.str, password) ?
1 : 0);
}
/****************************************************************************
......
......@@ -359,8 +359,8 @@ class set_var_base :public Sql_alloc
public:
set_var_base() {}
virtual ~set_var_base() {}
virtual bool check(THD *thd)=0; /* To check privileges etc. */
virtual bool update(THD *thd)=0; /* To set the value */
virtual int check(THD *thd)=0; /* To check privileges etc. */
virtual int update(THD *thd)=0; /* To set the value */
};
......@@ -394,8 +394,8 @@ class set_var :public set_var_base
else
value=value_arg;
}
bool check(THD *thd);
bool update(THD *thd);
int check(THD *thd);
int update(THD *thd);
};
......@@ -408,8 +408,8 @@ class set_var_user: public set_var_base
set_var_user(Item_func_set_user_var *item)
:user_var_item(item)
{}
bool check(THD *thd);
bool update(THD *thd);
int check(THD *thd);
int update(THD *thd);
};
/* For SET PASSWORD */
......@@ -422,8 +422,8 @@ class set_var_password: public set_var_base
set_var_password(LEX_USER *user_arg,char *password_arg)
:user(user_arg), password(password_arg)
{}
bool check(THD *thd);
bool update(THD *thd);
int check(THD *thd);
int update(THD *thd);
};
......@@ -434,7 +434,7 @@ class set_var_password: public set_var_base
void set_var_init();
void set_var_free();
sys_var *find_sys_var(const char *str, uint length=0);
bool sql_set_variables(THD *thd, List<set_var_base> *var_list);
int sql_set_variables(THD *thd, List<set_var_base> *var_list);
void fix_delay_key_write(THD *thd, enum_var_type type);
extern sys_var_str sys_charset;
......@@ -783,7 +783,6 @@ ulong acl_get(const char *host, const char *ip, const char *bin_ip,
db_access=0; host_access= ~0;
char key[ACL_KEY_LENGTH],*tmp_db,*end;
acl_entry *entry;
THD *thd= current_thd;
VOID(pthread_mutex_lock(&acl_cache->lock));
memcpy_fixed(&key,bin_ip,sizeof(struct in_addr));
......@@ -1015,6 +1014,21 @@ bool check_change_password(THD *thd, const char *host, const char *user)
}
/*
Change a password for a user
SYNOPSIS
change_password()
thd Thread handle
host Hostname
user User name
new_password New password for host@user
RETURN VALUES
0 ok
1 ERROR; In this case the error is sent to the client.
*/
bool change_password(THD *thd, const char *host, const char *user,
char *new_password)
{
......
......@@ -332,7 +332,7 @@ bool mysql_change_db(THD *thd,const char *name)
int length, db_length;
char *dbname=my_strdup((char*) name,MYF(MY_WME));
char path[FN_REFLEN];
uint db_access;
ulong db_access;
DBUG_ENTER("mysql_change_db");
if (!dbname || !(db_length=strip_sp(dbname)))
......
......@@ -2202,9 +2202,7 @@ mysql_execute_command(void)
break;
}
case SQLCOM_SET_OPTION:
if (sql_set_variables(thd, &lex->var_list))
res= -1;
else
if (!(res=sql_set_variables(thd, &lex->var_list)))
send_ok(&thd->net);
break;
case SQLCOM_UNLOCK_TABLES:
......
......@@ -435,8 +435,9 @@ user_connect(0);
user_query("LOCK TABLES $opt_database.test3 READ");
user_query("UNLOCK TABLES");
safe_query("revoke SELECT,INSERT,UPDATE,DELETE on $opt_database.test3 from $user");
user_connect(1);
user_connect(0);
safe_query("revoke LOCK TABLES on *.* from $user");
user_connect(1);
safe_query("drop table $opt_database.test3");
#
......
......@@ -27,11 +27,11 @@ show grants for grant_user@localhost
GRANT SELECT ON *.* TO 'grant_user'@'localhost'
insert into mysql.user (host,user) values ('error','grant_user')
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'user'
update mysql.user set host='error' WHERE user='grant_user'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
Error in execute: update command denied to user: 'grant_user@localhost' for table 'user'
create table grant_test.test (a int,b int)
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: create command denied to user: 'grant_user@localhost' for table 'test'
grant select on *.* to grant_user2@localhost
Error in execute: Access denied for user: 'grant_user@localhost' (Using password: NO)
revoke select on grant_test.test from grant_user@opt_host
......@@ -99,28 +99,28 @@ select * from mysql.user where user = 'grant_user'
localhost grant_user N N N N N N N N N N N N N N N N N N N N N 0 0 0
select * from mysql.db where user = 'grant_user'
localhost grant_test grant_user Y N N N N N N N N N
localhost grant_test grant_user Y N N N N N N N N N N N
Connecting grant_user
select count(*) from grant_test.test
2
select * from mysql.user where user = 'grant_user'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
Error in execute: select command denied to user: 'grant_user@localhost' for table 'user'
insert into grant_test.test values (4,0)
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'test'
update grant_test.test set a=1
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: update command denied to user: 'grant_user@localhost' for table 'test'
delete from grant_test.test
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test'
create table grant_test.test2 (a int)
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: create command denied to user: 'grant_user@localhost' for table 'test2'
ALTER TABLE grant_test.test add c int
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: alter command denied to user: 'grant_user@localhost' for table 'test'
CREATE INDEX dummy ON grant_test.test (a)
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: index command denied to user: 'grant_user@localhost' for table 'test'
drop table grant_test.test
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: drop command denied to user: 'grant_user@localhost' for table 'test'
grant ALL PRIVILEGES on grant_test.* to grant_user2@localhost
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user@localhost WITH GRANT OPTION
......@@ -133,14 +133,14 @@ REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
Connecting grant_user
insert into grant_test.test values (6,0)
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'test'
REVOKE GRANT OPTION on grant_test.* from grant_user@localhost
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user@localhost
Connecting grant_user
select * from mysql.user where user = 'grant_user'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
Error in execute: select command denied to user: 'grant_user@localhost' for table 'user'
insert into grant_test.test values (7,0)
update grant_test.test set a=3 where a=2
delete from grant_test.test where a=3
......@@ -152,7 +152,7 @@ show tables from grant_test
test
insert into mysql.user (host,user) values ('error','grant_user',0)
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'user'
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost
select * from mysql.user where user = 'grant_user'
localhost grant_user N N N N N N N N N N N N N N N N N N N N N 0 0 0
......@@ -190,11 +190,11 @@ delete from grant_test.test
Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test'
grant delete on grant_test.test to grant_user@localhost
delete from grant_test.test where a=1
Error in execute: select command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
update grant_test.test set b=3 where b=1
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
update grant_test.test set b=b+1
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
select * from test
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
grant select on grant_test.test to grant_user@localhost
......@@ -267,7 +267,7 @@ Error in execute: Access denied for user: 'grant_user@localhost' to database 'gr
drop database grant_test
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
flush tables
Error in execute: Access denied for user: 'grant_user@localhost' (Using password: NO)
Error in execute: Access denied. You need the RELOAD privilege for this operation
flush privileges
select Host, Db, User, Table_name, Grantor, Table_priv, Column_priv from mysql.tables_priv
localhost grant_test grant_user test2 root@localhost Update,Delete,Create,Grant,Index,Alter Insert
......@@ -291,15 +291,15 @@ grant update(b),delete on grant_test.test to grant_user@localhost
revoke update(a) on grant_test.test from grant_user@localhost
Error in execute: There is no such grant defined for user 'grant_user' on host 'localhost' on table 'test'
delete from grant_test.test where a=2
Error in execute: select command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
update test set b=5 where b>0
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
grant select(a),select(b) on grant_test.test to grant_user@localhost
delete from grant_test.test where a=2
delete from grant_test.test where A=2
update test set b=5 where b>0
update test set a=11 where b>5
Error in execute: update command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
Error in execute: UPDATE command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
select a,A from test
8 8
5 5
......@@ -313,8 +313,8 @@ select Host, Db, User, Table_name, Grantor, Table_priv, Column_priv from mysql.t
revoke GRANT OPTION on grant_test.test from grant_user@localhost
Error in execute: There is no such grant defined for user 'grant_user' on host 'localhost' on table 'test'
grant select(a) on grant_test.test to grant_user@localhost
show columns from test
a int(11) YES NULL
show full columns from test
a int(11) YES NULL select
b int(11) YES NULL
grant insert (b), update (b) on grant_test.test to grant_user@localhost
......@@ -333,19 +333,19 @@ update test set b=3 where a > 0
select * from test
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
select b from test
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
select a from test where b > 0
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
insert into test (a) values (10)
Error in execute: insert command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
Error in execute: INSERT command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
insert into test (b) values (b)
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
insert into test (a,b) values (1,5)
Error in execute: insert command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
Error in execute: INSERT command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
insert into test (b) values (1),(b)
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
update test set b=3 where b > 0
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
select Host, Db, User, Table_name, Grantor, Table_priv, Column_priv from mysql.tables_priv
localhost grant_test grant_user test root@localhost Select,Insert,Update
......@@ -379,13 +379,13 @@ localhost grant_test grant_user test b Select,Insert,Update
localhost grant_test grant_user test a Select,Update
insert into test (a,b) values (12,12)
Error in execute: insert command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
Error in execute: INSERT command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
grant insert on grant_test.* to grant_user@localhost
Connecting grant_user
insert into test (a,b) values (13,13)
revoke select(b) on grant_test.test from grant_user@localhost
select count(a) from test where a+b > 0
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
update test set b=5 where a=2
grant select on grant_test.test to grant_user@localhost
Connecting grant_user
......@@ -402,7 +402,7 @@ select count(a) from test where a+b > 0
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
grant select(a) on grant_test.test to grant_user@localhost
select count(a) from test where a+b > 0
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
grant select on *.* to grant_user@localhost
Connecting grant_user
select count(a) from test where a+b > 0
......@@ -415,7 +415,7 @@ select count(a) from test where a+b > 0
4
select * from mysql.db where user = 'grant_user'
localhost grant_test grant_user N Y N N N N N N N N
localhost grant_test grant_user N Y N N N N N N N N N N
select Host, Db, User, Table_name, Grantor, Table_priv, Column_priv from mysql.tables_priv where user = 'grant_user'
localhost grant_test grant_user test root@localhost Select,Insert,Update
......@@ -430,7 +430,7 @@ Error in execute: select command denied to user: 'grant_user@localhost' for tabl
select * from mysql.user
Error in execute: select command denied to user: 'grant_user@localhost' for table 'user'
select * from mysql.db where user = 'grant_user'
localhost grant_test grant_user N Y N N N N N N N N
localhost grant_test grant_user N Y N N N N N N N N N N
select Host, Db, User, Table_name, Grantor, Table_priv, Column_priv from mysql.tables_priv where user = 'grant_user'
select Host, Db, User, Table_name, Column_name, Column_priv from mysql.columns_priv where user = 'grant_user'
......@@ -465,7 +465,7 @@ Error in execute: Access denied for user: 'grant_user@localhost' (Using password
grant SELECT on grant_test.test3 to grant_user@localhost
Connecting grant_user
LOCK TABLES grant_test.test3 READ
Error in execute: Access denied for user: 'grant_user@localhost' (Using password: NO)
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant LOCK TABLES on *.* to grant_user@localhost
show grants for grant_user@localhost
GRANT LOCK TABLES ON *.* TO 'grant_user'@'localhost'
......@@ -480,8 +480,9 @@ LOCK TABLES grant_test.test3 READ
UNLOCK TABLES
revoke SELECT,INSERT,UPDATE,DELETE on grant_test.test3 from grant_user@localhost
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
revoke LOCK TABLES on *.* from grant_user@localhost
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
drop table grant_test.test3
show grants for grant_user@localhost
grant all on *.* to grant_user@localhost WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment