bugfix: PROXY privilege matched usernames incorrectly

username can be empty, meaning anybody, or must match literally. only db and host names are matched with wildcards.

bugfix: PROXY privilege matched usernames incorrectly
username can be empty, meaning anybody, or must match literally. only db and host names are matched with wildcards.
fd00c449 · Sergei Golubchik · d1308013 · fd00c449 · fd00c449 · fd00c449
Commit fd00c449 authored Jun 10, 2019 by Sergei Golubchik
Showing with 9 additions and 4 deletions

mysql-test/main/plugin_auth_qa_1.result mysql-test/main/plugin_auth_qa_1.result +3 -0

mysql-test/main/plugin_auth_qa_1.test mysql-test/main/plugin_auth_qa_1.test +4 -0

sql/sql_acl.cc sql/sql_acl.cc +2 -4

No files found.
--- a/mysql-test/main/plugin_auth_qa_1.result
+++ b/mysql-test/main/plugin_auth_qa_1.result
@@ -4,6 +4,9 @@ User	plugin	authentication_string
 ========== test 1.1.3.2 ====================================
 CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
 CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
+GRANT PROXY ON `plug%dest` TO plug_user;
+ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
+REVOKE PROXY ON `plug%dest` FROM plug_user;
 GRANT PROXY ON plug_dest TO plug_user;
 current_user()
 plug_dest@%

--- a/mysql-test/main/plugin_auth_qa_1.test
+++ b/mysql-test/main/plugin_auth_qa_1.test
@@ -13,6 +13,10 @@ SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 # CREATE...WITH/CREATE...BY/GRANT
 CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
 CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
+GRANT PROXY ON `plug%dest` TO plug_user;
+--error 1
+--exec $MYSQL -S $MASTER_MYSOCK -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
+REVOKE PROXY ON `plug%dest` FROM plug_user;
 GRANT PROXY ON plug_dest TO plug_user;
 --replace_result $MASTER_MYSOCK MASTER_MYSOCK
 --exec $MYSQL -S $MASTER_MYSOCK -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -392,10 +392,8 @@ class ACL_PROXY_USER :public ACL_ACCESS
                        proxied_user_arg, proxied_user));
    DBUG_RETURN(compare_hostname(&host, host_arg, ip_arg) &&
                compare_hostname(&proxied_host, host_arg, ip_arg) &&
-                (!*user ||
-                 (user_arg && !wild_compare(user_arg, user, TRUE))) &&
-                (!*proxied_user ||
-                 !wild_compare(proxied_user_arg, proxied_user, TRUE)));
+                (!*user || !strcmp(user_arg, user)) &&
+                (!*proxied_user || !strcmp(proxied_user_arg, proxied_user)));
  }