Commit cfc10401 authored by unknown's avatar unknown

Bug#19857: When a user with CREATE ROUTINE priv creates a routine it results in NULL p/w

  
sp_grant_privileges(), the function that GRANTs EXECUTE + ALTER privs on a SP,
did so creating a user-entry with not password; mysql_routine_grant() would then
write that "change" to the user-table.


mysql-test/r/sp-security.result:
  prove that creating a stored procedure will not destroy the creator's password
mysql-test/t/sp-security.test:
  prove that creating a stored procedure will not destroy the creator's password
sql/sql_acl.cc:
  get password from ACLs, convert to correct format, and use it when
  forcing GRANTS for SPs
parent 2f1780c9
......@@ -420,3 +420,34 @@ ERROR HY000: There is no 'mysqltest_1'@'localhost' registered
---> connection: root
DROP USER mysqltest_2@localhost;
DROP DATABASE mysqltest;
GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
user19857@localhost;
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
Host User Password
localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C
---> connection: mysqltest_2_con
use test;
CREATE PROCEDURE sp19857() DETERMINISTIC
BEGIN
DECLARE a INT;
SET a=1;
SELECT a;
END //
SHOW CREATE PROCEDURE test.sp19857;
Procedure sql_mode Create Procedure
sp19857 CREATE DEFINER=`user19857`@`localhost` PROCEDURE `sp19857`()
DETERMINISTIC
BEGIN
DECLARE a INT;
SET a=1;
SELECT a;
END
DROP PROCEDURE IF EXISTS test.sp19857;
---> connection: root
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
Host User Password
localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C
DROP USER user19857@localhost;
......@@ -744,4 +744,50 @@ DROP USER mysqltest_2@localhost;
DROP DATABASE mysqltest;
#
# Bug#19857 - When a user with CREATE ROUTINE priv creates a routine,
# it results in NULL p/w
#
# Can't test with embedded server that doesn't support grants
GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
user19857@localhost;
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
--connect (mysqltest_2_con,localhost,user19857,meow,test)
--echo
--echo ---> connection: mysqltest_2_con
--connection mysqltest_2_con
use test;
DELIMITER //;
CREATE PROCEDURE sp19857() DETERMINISTIC
BEGIN
DECLARE a INT;
SET a=1;
SELECT a;
END //
DELIMITER ;//
SHOW CREATE PROCEDURE test.sp19857;
--disconnect mysqltest_2_con
--connect (mysqltest_2_con,localhost,user19857,meow,test)
--connection mysqltest_2_con
DROP PROCEDURE IF EXISTS test.sp19857;
--echo
--echo ---> connection: root
--connection con1root
--disconnect mysqltest_2_con
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
DROP USER user19857@localhost;
# End of 5.0 bugs.
......@@ -5601,25 +5601,30 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
TABLE_LIST tables[1];
List<LEX_USER> user_list;
bool result;
ACL_USER *au;
char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
DBUG_ENTER("sp_grant_privileges");
if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
DBUG_RETURN(TRUE);
combo->user.str= sctx->user;
VOID(pthread_mutex_lock(&acl_cache->lock));
if (!find_acl_user(combo->host.str=(char*)sctx->host_or_ip, combo->user.str,
FALSE) &&
!find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str,
FALSE) &&
!find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str,
FALSE) &&
!find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE))
{
VOID(pthread_mutex_unlock(&acl_cache->lock));
DBUG_RETURN(TRUE);
}
if ((au= find_acl_user(combo->host.str=(char*)sctx->host_or_ip,combo->user.str,FALSE)))
goto found_acl;
if ((au= find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str,FALSE)))
goto found_acl;
if ((au= find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str,FALSE)))
goto found_acl;
if((au= find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE)))
goto found_acl;
VOID(pthread_mutex_unlock(&acl_cache->lock));
DBUG_RETURN(TRUE);
found_acl:
VOID(pthread_mutex_unlock(&acl_cache->lock));
bzero((char*)tables, sizeof(TABLE_LIST));
......@@ -5627,13 +5632,37 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
tables->db= (char*)sp_db;
tables->table_name= tables->alias= (char*)sp_name;
combo->host.length= strlen(combo->host.str);
combo->user.length= strlen(combo->user.str);
combo->host.str= thd->strmake(combo->host.str,combo->host.length);
combo->user.str= thd->strmake(combo->user.str,combo->user.length);
combo->password.str= (char*)"";
combo->password.length= 0;
if(au && au->salt_len)
{
if (au->salt_len == SCRAMBLE_LENGTH)
{
make_password_from_salt(passwd_buff, au->salt);
combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
}
else if (au->salt_len == SCRAMBLE_LENGTH_323)
{
make_password_from_salt_323(passwd_buff, (ulong *) au->salt);
combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
}
else
{
my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
return -1;
}
combo->password.str= passwd_buff;
}
else
{
combo->password.str= (char*)"";
combo->password.length= 0;
}
if (user_list.push_back(combo))
DBUG_RETURN(TRUE);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment