database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00
Code Activity

Bug #14211140: CRASH WHEN GRANTING OR REVOKING PROXY

Browse Source 
PRIVILEGES

Description: (user,host) pair from security context is used
             privilege checking at the time of granting or
             revoking proxy privileges. This creates problem
             when server is started with
             --skip-name-resolve option because host will not
             contain any value. Checks should be dependent on
             consistent values regardless the way server is
             started. Further, privilege check should use
             (priv_user,priv_host) pair rather than values
             obtained from inbound connection because
             this pair represents the correct account context
             obtained from mysql.user table.
This commit is contained in:
Harin Vadodaria
2012-10-09 18:15:40 +05:30
parent d5d53d1902
commit 5427d33e62
3 changed files with 47 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
mysql-test/r/plugin_auth.result
View File

@ -124,17 +124,20 @@ ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : not the same user
GRANT PROXY ON grant_plug TO grant_plug_dest;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : same user, but on a different host
This is a valid grant
GRANT PROXY ON grant_plug_dest TO grant_plug;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should work : same user
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug_dest2;
REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug_dest2;
REVOKE PROXY ON grant_plug_dest FROM grant_plug;
this should work : same user
GRANT PROXY ON grant_plug_dest TO grant_plug_dest2;
REVOKE PROXY ON grant_plug_dest FROM grant_plug_dest2;
this should fail : not the same user
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug WITH GRANT OPTION;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : not the same user
REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : can't create users
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug@localhost;
GRANT PROXY ON grant_plug_dest TO grant_plug@localhost;
ERROR 42000: You are not allowed to create a user with GRANT
in default connection
# test what root can grant
@ -152,12 +155,12 @@ GRANT PROXY ON future_user TO grant_plug;
in default connection
SHOW GRANTS FOR grant_plug;
Grants for grant_plug@%
GRANT ALL PRIVILEGES ON *.* TO 'grant_plug'@'%' WITH GRANT OPTION
GRANT ALL PRIVILEGES ON *.* TO 'grant_plug'@'%'
GRANT PROXY ON 'future_user'@'%' TO 'grant_plug'@'%'
REVOKE PROXY ON future_user FROM grant_plug;
SHOW GRANTS FOR grant_plug;
Grants for grant_plug@%
GRANT ALL PRIVILEGES ON *.* TO 'grant_plug'@'%' WITH GRANT OPTION
GRANT ALL PRIVILEGES ON *.* TO 'grant_plug'@'%'
## testing drop user
CREATE USER test_drop@localhost;
GRANT PROXY ON future_user TO test_drop@localhost;