diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2015-02-17 18:07:56 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2015-02-17 18:07:56 +0100 |
| commit | 44cf4d675199bac0a9c23d38a68303e921c82cbe (patch) | |
| tree | 3c8c27e7f584b123f7cd36fc5baabc63748db5a2 | |
| parent | 865b83e9a4b834b1f58e60db4709031bef823f4a (diff) | |
| download | mariadb-git-44cf4d675199bac0a9c23d38a68303e921c82cbe.tar.gz | |
fix a case where automatic procedure grant was changing user's password
phase out make_password_from_salt() to be removed in 10.1
| -rw-r--r-- | include/mysql_com.h | 5 | ||||
| -rw-r--r-- | mysql-test/r/sp_notembedded.result | 19 | ||||
| -rw-r--r-- | mysql-test/t/sp_notembedded.test | 20 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 26 |
4 files changed, 44 insertions, 26 deletions
diff --git a/include/mysql_com.h b/include/mysql_com.h index 43be28f87a0..8fdac38dd66 100644 --- a/include/mysql_com.h +++ b/include/mysql_com.h @@ -618,14 +618,17 @@ void scramble_323(char *to, const char *message, const char *password); my_bool check_scramble_323(const unsigned char *reply, const char *message, unsigned long *salt); void get_salt_from_password_323(unsigned long *res, const char *password); +#if MYSQL_VERSION_ID < 100100 void make_password_from_salt_323(char *to, const unsigned long *salt); - +#endif void make_scrambled_password(char *to, const char *password); void scramble(char *to, const char *message, const char *password); my_bool check_scramble(const unsigned char *reply, const char *message, const unsigned char *hash_stage2); void get_salt_from_password(unsigned char *res, const char *password); +#if MYSQL_VERSION_ID < 100100 void make_password_from_salt(char *to, const unsigned char *hash_stage2); +#endif char *octet2hex(char *to, const char *str, unsigned int len); /* end of password.c */ diff --git a/mysql-test/r/sp_notembedded.result b/mysql-test/r/sp_notembedded.result index 410441b63e3..3cc4ff4238b 100644 --- a/mysql-test/r/sp_notembedded.result +++ b/mysql-test/r/sp_notembedded.result @@ -284,4 +284,23 @@ DROP EVENT teste_bug11763507; # ------------------------------------------------------------------ # -- End of 5.1 tests # ------------------------------------------------------------------ +grant create routine on test.* to foo1@localhost identified by 'foo'; +update mysql.user set password = replace(password, '*', '-') where user='foo1'; +show grants; +Grants for foo1@localhost +GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '*F3A2A51A9B0F2BE2468926B4132313728C250DBF' +GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost' +flush privileges; +show grants; +Grants for foo1@localhost +GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '-F3A2A51A9B0F2BE2468926B4132313728C250DBF' +GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost' +create procedure spfoo() select 1; +show grants; +Grants for foo1@localhost +GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '-F3A2A51A9B0F2BE2468926B4132313728C250DBF' +GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost' +GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `test`.`spfoo` TO 'foo1'@'localhost' +drop procedure spfoo; +drop user foo1@localhost; set @@global.concurrent_insert= @old_concurrent_insert; diff --git a/mysql-test/t/sp_notembedded.test b/mysql-test/t/sp_notembedded.test index 42a3dd193c4..2a24ab3d005 100644 --- a/mysql-test/t/sp_notembedded.test +++ b/mysql-test/t/sp_notembedded.test @@ -462,6 +462,26 @@ DROP EVENT teste_bug11763507; --echo # ------------------------------------------------------------------ # +# A case of SHOW GRANTS +# (creating a new procedure changes the password) +# +grant create routine on test.* to foo1@localhost identified by 'foo'; +update mysql.user set password = replace(password, '*', '-') where user='foo1'; +--connect (foo,localhost,foo1,foo) +show grants; +--connection default +flush privileges; +--connection foo +show grants; +create procedure spfoo() select 1; +show grants; + +--connection default +--disconnect foo +drop procedure spfoo; +drop user foo1@localhost; + +# # Restore global concurrent_insert value. Keep in the end of the test file. # diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 4b90209a472..e4975acfb55 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -9840,7 +9840,6 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, List<LEX_USER> user_list; bool result; ACL_USER *au; - char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1]; Dummy_error_handler error_handler; DBUG_ENTER("sp_grant_privileges"); @@ -9881,33 +9880,10 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, if(au) { - if (au->salt_len) - { - if (au->salt_len == SCRAMBLE_LENGTH) - { - make_password_from_salt(passwd_buff, au->salt); - combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH; - } - else if (au->salt_len == SCRAMBLE_LENGTH_323) - { - make_password_from_salt_323(passwd_buff, (ulong *) au->salt); - combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; - } - else - { - push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN, ER_PASSWD_LENGTH, - ER(ER_PASSWD_LENGTH), SCRAMBLED_PASSWORD_CHAR_LENGTH); - return TRUE; - } - combo->password.str= passwd_buff; - } - if (au->plugin.str != native_password_plugin_name.str && au->plugin.str != old_password_plugin_name.str) - { combo->plugin= au->plugin; - combo->auth= au->auth_string; - } + combo->auth= au->auth_string; } if (user_list.push_back(combo)) |