when X.509 subject was required for a connect, we tested whether it was the right
one, but did not refuse the connexion if not. fixed.
(corrected CS now --replace_results socket-path)
mysql-test/r/openssl_1.result:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
test not only whether we can connect with a correct X.509 subject when one is
required, but also assure that we can't without one.
mysql-test/t/openssl_1.test:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
test not only whether we can connect with a correct X.509 subject when one is
required, but also assure that we can't without one.
sql/sql_acl.cc:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
actually refuse connexion if X.509 is required, but does not match. kudos to Al Smith.
into zippy.cornsilk.net:/home/cmiller/work/mysql/merge/mysql-5.0
BitKeeper/deleted/.del-mysql_client.result:
Auto merged
BitKeeper/deleted/.del-mysql_client.test:
Auto merged
client/mysql.cc:
Auto merged
mysql-test/r/func_time.result:
Auto merged
mysql-test/r/grant.result:
Auto merged
mysql-test/t/func_time.test:
Auto merged
mysql-test/t/grant.test:
Auto merged
sql/item_timefunc.cc:
Auto merged
sql/mysqld.cc:
Auto merged
sql/slave.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
into zippy.cornsilk.net:/home/cmiller/work/mysql/merge/mysql-5.0
mysql-test/r/grant.result:
Auto merged
mysql-test/t/grant.test:
Auto merged
sql/mysqld.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
slave.cc, sql_acl.cc:
- remove sql_print_error() for events that are not server errors
sql/slave.cc:
Bug #20402: DROP USER failure logged as ERROR rather than WARNING
remove sql_print_error() for events that are not server errors
sql/sql_acl.cc:
Bug #20402: DROP USER failure logged as ERROR rather than WARNING
remove sql_print_error() for events that are not server errors
The fix is: if user has privileges to view fields and user has any
(insert,select,delete,update) privileges on underlying view
then 'show fields' and select from I_S.COLUMNS table are sucsessful.
mysql-test/r/information_schema_db.result:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
test result
mysql-test/t/information_schema_db.test:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
test case
sql/sql_acl.cc:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
checked that user has privileges on underlying view and if it's true
set allowed_show to true for top view.
sql/sql_show.cc:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
removed unnecessary rights check.'tables->allowed_show' check is used instead
sql/sql_view.cc:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
skip the check of SHOW_VIEW_ACL privilege on underlying view. It is done later during
execution of find_field_in_table_ref function.
sql/table.h:
Bug#20543 select on information_schema strange warnings, view, different schemas/users
'allowed_show' is set during rights check for view. If true then user has privileges
for 'show create view', etc
This appears to have just been an oversight -- CREATE USER was not enforcing
the existing username limitations.
mysql-test/r/grant.result:
Add new results
mysql-test/t/grant.test:
Add new regression test
sql/sql_acl.cc:
Enforce the user and host name limits in mysql_create_user().
client/mysql.cc:
Auto merged
client/sql_string.h:
Auto merged
configure.in:
Auto merged
myisam/mi_create.c:
Auto merged
mysql-test/r/date_formats.result:
Auto merged
mysql-test/t/date_formats.test:
Auto merged
ndb/src/kernel/blocks/dbtup/DbtupMeta.cpp:
Auto merged
ndb/src/mgmsrv/ConfigInfo.cpp:
Auto merged
sql/item_strfunc.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_string.h:
Auto merged
sql/table.cc:
Auto merged
into mysql.com:/home/gluh/MySQL/Merge/5.0-kt
sql/item.cc:
Auto merged
sql/item.h:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_show.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
sql/table.cc:
Auto merged
tests/mysql_client_test.c:
Auto merged
user name is calculated on function execution stage instead of parse stage
mysql-test/r/sp_notembedded.result:
Bug#15298 SHOW GRANTS FOR CURRENT_USER: Incorrect output in DEFINER context
test case
mysql-test/t/sp_notembedded.test:
Bug#15298 SHOW GRANTS FOR CURRENT_USER: Incorrect output in DEFINER context
test case
sql/mysql_priv.h:
Bug#15298 SHOW GRANTS FOR CURRENT_USER: Incorrect output in DEFINER context
new get_current_user(THD *thd, LEX_USER *user) function
sql/sql_acl.cc:
Bug#15298 SHOW GRANTS FOR CURRENT_USER: Incorrect output in DEFINER context
user name is calculated using get_current_user() function
sql/sql_parse.cc:
Bug#15298 SHOW GRANTS FOR CURRENT_USER: Incorrect output in DEFINER context
new get_current_user() function
user name is calculated using get_current_user() function
sql/sql_yacc.yy:
Bug#15298 SHOW GRANTS FOR CURRENT_USER: Incorrect output in DEFINER context
empty LEX_USER struct for CURRENT USER,
user name is calculated on function execution stage
sp_grant_privileges(), the function that GRANTs EXECUTE + ALTER privs on a SP,
did so creating a user-entry with not password; mysql_routine_grant() would then
write that "change" to the user-table.
mysql-test/r/sp-security.result:
prove that creating a stored procedure will not destroy the creator's password
mysql-test/t/sp-security.test:
prove that creating a stored procedure will not destroy the creator's password
sql/sql_acl.cc:
get password from ACLs, convert to correct format, and use it when
forcing GRANTS for SPs
into neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint
mysql-test/r/grant.result:
Auto merged
mysql-test/t/grant.test:
Auto merged
sql/mysqld.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
mysql-test/r/grant.result:
Reorder test result
mysql-test/t/grant.test:
Add "use test"
sql/sql_acl.cc:
Add check if host is NULL
Add check if grant_name->host.hostname is null
into neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint
mysql-test/t/grant.test:
Auto merged
sql/sql_acl.cc:
Auto merged
mysql-test/r/grant.result:
SCCS merged
into mysql.com:/home/kgeorge/mysql/5.0/B18681
sql/sql_acl.cc:
Auto merged
sql/table.cc:
Auto merged
mysql-test/r/view_grant.result:
resolved conflict
mysql-test/t/view_grant.test:
resolved merge conflict
into mysql.com:/home/kgeorge/mysql/5.0/B18681
sql/mysql_priv.h:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_select.cc:
Auto merged
When reading a view definition from a .frm file it was
throwing a SQL error if the DEFINER user is not defined.
Changed it to a warning to match the (documented) case
when a view with undefined DEFINER user is created.
mysql-test/r/view_grant.result:
test case for the bug
mysql-test/t/view_grant.test:
test case for the bug
sql/sql_acl.cc:
Initialized the members to no privileges so even if
the subsequent checks fail it will still initialize
the security context.
sql/table.cc:
Turned the error of undefined DEFINER user in reading
a view definition to a warning.
The check for view security was lacking several points :
1. Check with the right set of permissions : for each table ref that
participates in a view there were the right credentials to use in it's
security_ctx member, but these weren't used for checking the credentials.
This makes hard enforcing the SQL SECURITY DEFINER|INVOKER property
consistently.
2. Because of the above the security checking for views was just ruled out
in explicit ways in several places.
3. The security was checked only for the columns of the tables that are
brought into the query from a view. So if there is no column reference
outside of the view definition it was not detecting the lack of access to
the tables in the view in SQL SECURITY INVOKER mode.
The fix below tries to fix the above 3 points.
mysql-test/r/grant.result:
removed nondeterminism (unspecified order) in some test output
mysql-test/r/view_grant.result:
Somewhat extended test case for the bug and similar queries.
mysql-test/t/grant.test:
removed nondeterminism (unspecified order) in some test output
mysql-test/t/view_grant.test:
Somewhat extended test case for the bug and similar queries.
sql/mysql_priv.h:
A wrapper for setup_tables that also checks access to the tables
sql/sql_acl.cc:
removed artificial security check stop and used the table ref's credentials.
sql/sql_base.cc:
a wrapper for setup_tables to check access to the tables
sql/sql_delete.cc:
wrapper called.
sql/sql_insert.cc:
wrapper called
sql/sql_load.cc:
wrapper called
sql/sql_parse.cc:
wrapper called and artificial check stop removed
sql/sql_select.cc:
wrapper called
sql/sql_update.cc:
wrapper called
sql/table.cc:
Mask table access to the view error as well.
- In function 'handle_grant_struct' when searching the memory structures for an
entry to modify, convert all entries here host.hostname is NULL to "" and compare that
with the host passed in argument "user_from".
- A user created with hostname "" is stored in "mysql.user" table as host="" but when loaded into
memory it'll be stored as host.hostname NULL. Specifiying "" as hostname means
that "any host" can connect. Thus is's correct to turn on allow_all_hosts
when such a user is found.
- Review and fix other places where host.hostname may be NULL.
mysql-test/init_db.sql:
Rename: BitKeeper/deleted/.del-init_db.sql~af2dfeabaa348dd7 -> mysql-test/init_db.sql
mysql-test/r/grant.result:
Add test cases for users with hostname ""
mysql-test/t/grant.test:
Add test cases for users with hostname ""
- Test create, grant and drop as well as connecting as the user with hostname "".
sql/sql_acl.cc:
Convert places where host.hostname is NULL to "" before using it.
after merge.
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
sql/sql_acl.cc:
Ensure that access to ACL data is protected by acl_cache->lock mutex.
Use system_charset_info for host names consistently.
Remove check_acl_user(). Use find_acl_user() instead.
sql/sql_acl.h:
Remove check_acl_user() declaration.
sql/sql_parse.cc:
Use is_acl_user() instead of check_acl_user().
Problem:
if a user was granted privileges on database "d1",
it also was able to act on "D1" (i.e. in upper case),
even on Unix with case sensitive file system.
Fix:
Initialize grant hash to use binary comparison
if lower_case_file_system is not set (on most unixes),
and case insensitive comparison otherwise (Windows, MacOSX).
sql/sql_acl.cc:
Initialize hash to use binary comparison with case sensitive FS.
mysql-test/include/have_case_sensitive_file_system.inc:
New BitKeeper file ``mysql-test/include/have_case_sensitive_file_system.inc''
Backporting from 5.1
mysql-test/r/case_sensitive_file_system.require:
New BitKeeper file ``mysql-test/r/case_sensitive_file_system.require''
Backporting from 5.1
mysql-test/r/lowercase_fs_off.result:
Adding test case
mysql-test/t/lowercase_fs_off.test:
Adding test case
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
sql/sql_acl.cc:
Ensure that access to ACL data is protected by acl_cache->lock mutex.
Use system_charset_info for host names consistently.
into neptunus.(none):/home/msvensson/mysql/bug17208/my50-bug17208
sql/mysql_priv.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql-common/client.c:
Auto merged
sql/sql_acl.cc:
Auto merged
Crash happened when one selected data from one of INFORMATION_SCHEMA
tables and in order to build its contents server had to open view which
used stored function and table or view on which one had not global or
database-level privileges (e.g. had only table-level or had no
privileges at all).
The crash was caused by usage of check_grant() function, which assumes
that either number of tables to be inspected by it is limited explicitly
or table list used and thd->lex->query_tables_own_last value correspond
to each other (the latter should be either 0 or point to next_global
member of one of elements of this table list), in conditions when
above assumptions were not true. This fix just explicitly limits
number of tables to be inspected. Other negative effects which are
caused by the fact that thd->lex->query_tables_own_last might not
be set properly during processing of I_S tables are less disastrous
and will be reported and fixed separetely.
mysql-test/r/information_schema_db.result:
Fix for bug #18113 "SELECT * FROM information_schema.xxx crashes server"
test case
mysql-test/t/information_schema_db.test:
Fix for bug #18113 "SELECT * FROM information_schema.xxx crashes server"
test case
sql/sql_acl.cc:
added note
Check if the host of table hash record exactly matches host from GRANT command
mysql-test/r/grant.result:
Fix for bug#14385 GRANT and mapping to correct user account problems
test case
mysql-test/t/grant.test:
Fix for bug#14385 GRANT and mapping to correct user account problems
test case
- Use binary charset in acl_cache, to make searches case sensitive
- Add testcase
mysql-test/r/grant2.result:
Update test result
mysql-test/t/grant2.test:
Add test case for bug#17279, checking that user with access to TESTDB can't create TEStdb
sql/sql_acl.cc:
Use binary charset for the acl_cache to make the hash lookups case sensitive.
Thus denying user with access to "TESTDB" access to "TEStdb"
Use a special lookup function for DROP, which doesn't attempt to parse the
definition.
mysql-test/r/sp-destruct.result:
Updated test result for BUG#16303.
mysql-test/t/sp-destruct.test:
Added test case for BUG#16303.
sql/sp.cc:
New function sp_routine_exists_in_table() for DROP PROCEDURE/FUNCTION; which doesn't
want to parse the definition, only know if it exists.
Renamed sp_exists_routine to sp_exist_routines and added comment,
and changed the misnamed parameter/variable 'tables'/'table' to
'routines'/'routine'.
sql/sp.h:
New function sp_routine_exists_in_table() for DROP PROCEDURE/FUNCTION.
Renamed sp_exists_routine to sp_exist_routines,
and changed the misnamed parameter 'tables' to 'routines'.
sql/sql_acl.cc:
Call to sp_exists_routine() renamed to sp_exist_routines().
sql/sql_parse.cc:
Use the new sp_routine_exists_in_table() instead of sp_find_routine(), since we don't
want the routine definition parsed when doing DROP PROCEDURE/FUNCTION.
into serg.mylan:/usr/home/serg/Abk/mysql-5.0
client/mysqldump.c:
Auto merged
sql/field.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_handler.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_show.cc:
Auto merged
There are two main idea of this fix:
- introduce a common function for server and client to split user value
(<user name>@<host name>) into user name and host name parts;
- dump DEFINER clause in correct format in mysqldump.
BitKeeper/etc/ignore:
added client/my_user.c libmysqld/my_user.c sql/my_user.c
client/Makefile.am:
Use my_user.c in linking of mysqldump executable.
client/mysqldump.c:
Fix for BUG#15110(mysqldump --triggers: does not include DEFINER clause)
include/Makefile.am:
Add my_user.c
include/mysql_com.h:
Introduce a constant for max user length.
libmysqld/Makefile.am:
Add my_user.c
mysql-test/r/mysqldump.result:
Update result file.
sql-common/Makefile.am:
Add my_user.c
sql/Makefile.am:
Add my_user.c
sql/sp.cc:
Use constant for max user length.
sql/sp_head.cc:
Use common function to parse user value.
sql/sql_acl.cc:
Use constant for max user length.
sql/sql_parse.cc:
Use constant for max user length.
sql/sql_show.cc:
Use constant for max user length.
sql/sql_trigger.cc:
Use constant for max user length.
include/my_user.h:
A header file for parse_user().
sql-common/my_user.c:
A new file for parse_user() implementation.
into neptunus.(none):/home/msvensson/mysql/bug15598/my50-bug15598
mysql-test/t/grant.test:
Auto merged
sql/sql_acl.cc:
Auto merged
mysql-test/r/grant.result:
SCCS merged
- When acl_user->host.hostname is NULL compare it as ""
mysql-test/r/grant.result:
Test user with host ''
mysql-test/t/grant.test:
Test user with host ''
sql/sql_acl.cc:
If acl_user->host.hostname is NULL compare it as ""
sql/field.cc:
Auto merged
sql/item.cc:
Auto merged
sql/log_event.cc:
Auto merged
sql/opt_range.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_handler.cc:
ur
into mysql.com:/home/my/mysql-5.0
mysql-test/r/create.result:
Auto merged
mysql-test/r/trigger.result:
Auto merged
mysql-test/r/view.result:
Auto merged
mysql-test/t/create.test:
Auto merged
mysql-test/t/trigger.test:
Auto merged
mysql-test/t/view.test:
Auto merged
sql/field.cc:
Auto merged
sql/ha_ndbcluster.cc:
Auto merged
sql/item.cc:
Auto merged
sql/item.h:
Auto merged
sql/log_event.cc:
Auto merged
sql/opt_range.cc:
Auto merged
sql/sp.cc:
Auto merged
sql/sp_head.h:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_select.cc:
Auto merged
mysql-test/t/disabled.def:
Manual merge
sql/mysqld.cc:
Manual merge
sql/sp_head.cc:
Manual merge
sql/sql_trigger.cc:
Manual merge
- Fixed tests
- Optimized new code
- Fixed some unlikely core dumps
- Better bug fixes for:
- #14397 - OPTIMIZE TABLE with an open HANDLER causes a crash
- #14850 (ERROR 1062 when a quering a view using a Group By on a column that can be null
mysql-test/r/create.result:
Update results after removing wrong warnings for CREATE ... SELECT
New tests
mysql-test/r/handler.result:
Drop used tables
mysql-test/r/kill.result:
Make test portable
mysql-test/r/mysqlshow.result:
Drop tables used by previous test
mysql-test/r/trigger.result:
Reuse old procedure name
mysql-test/r/view.result:
Extra tests
mysql-test/t/create.test:
New tests to test fix of removing wrong warnings for CREATE ... SELECT
mysql-test/t/disabled.def:
Enable 'kill' test (should now be portable)
mysql-test/t/handler.test:
Drop used tables
mysql-test/t/kill.test:
Make test portable even if kill doesn't work at once
mysql-test/t/mysqlshow.test:
Drop tables used by previous test
mysql-test/t/trigger.test:
Reuse old procedure name
mysql-test/t/view.test:
Extra tests
sql/field.cc:
Removed compiler warning
sql/ha_federated.cc:
my_snprintf -> strmake()
(Simple optimization)
sql/ha_ndbcluster.cc:
Indentation cleanups and trival optimization
sql/item.cc:
Moved save_org_in_field() to item.cc to make it easier to test
Remove setting of null_value as this is not needed
sql/item.h:
Moved save_org_in_field() to item.cc to make it easier to test
sql/log_event.cc:
Remove inline of slave_load_file_stem()
Added 'extension' parameter to slave_load_file_stem() to get smaller code
Removed not critical (or needed) DBUG_ASSERT()'s
Cleaned up usage of slave_load_file_stem() to not depend on constant string lengths
Indentation fixes
sql/opt_range.cc:
Moved code from declaration to function body
(To make it more readable)
sql/parse_file.cc:
Fixed DBUG_PRINT
sql/sp.cc:
Simple cleanups
- Removed not needed {} level
- Ensure saved variables starts with old_
sql/sp_head.cc:
Indentation fixes
Remove core dump when using --debug when m_next_cached_sp == 0
Fixed compiler warnings
Trivial optimizations
sql/sp_head.h:
Changed argument to set_definer() to const
Added THD argument to recursion_level_error() to avoid call to current_thd
sql/sql_acl.cc:
Removed not needed test (first_not_own_table is the guard)
sql/sql_base.cc:
Removed extra empty line
sql/sql_handler.cc:
Don't test table version in mysql_ha_read() as this is already tested in lock_tables()
Moved call to insert_fields to be after lock_table() to guard aganst reopen of tables
(Better fix for Bug#14397 - OPTIMIZE TABLE with an open HANDLER causes a crash)
sql/sql_insert.cc:
Mark fields that are set in CREATE ... SELECT as used
(Removed wrong warnings about field not having a default value)
sql/sql_parse.cc:
Removed not needed test of 'tables' (first_not_own_table is the guard)
Simplify code
sql/sql_select.cc:
Use group->field to check if value is null instead of item called by 'save_org_in_field'
This is a better bug fix for #14850 (ERROR 1062 when a quering a view using a Group By on a column that can be null)
sql/sql_trigger.cc:
Move sql_modes_parameters outside of function
Indentation fixes
Fixed compiler warning
Ensure that thd->lex->query_tables_own_last is set properly before calling check_table_access()
(This allows us to remove the extra test in check_grant() and check_table_access())
into mysql.com:/opt/local/work/mysql-5.0-merge
mysys/hash.c:
Auto merged
ndb/src/kernel/blocks/dbtup/DbtupCommit.cpp:
Auto merged
sql/lock.cc:
Auto merged
sql/sql_cache.cc:
Auto merged
sql/sql_acl.cc:
Manual merge.
sql/sql_base.cc:
Manual merge.
when high concurrency": remove HASH::current_record and make it
an external search parameter, so that it can not be the cause of a
race condition under high concurrent load.
The bug was in a race condition in table_hash_search,
when column_priv_hash.current_record was overwritten simultaneously
by multiple threads, causing the search for a suitable grant record
to fail.
No test case as the bug is repeatable only under concurrent load.
include/hash.h:
- remove current_record from HASH, instead modify hash_first,
hash_next to accept HASH_SEARCH_STATE as an IN/OUT parameter
mysys/hash.c:
- remove HASH::current_record
- change declarations of functions that use HASH in read-only mode
to accept const HASH * instead of HASH *.
- implement hash_search; move the old implementation of hash_search
to hash_first
mysys/testhash.c:
- adjust the test case to changed function declarations
sql/lock.cc:
- adjust to changed declarations of hash_search, hash_next
sql/sql_acl.cc:
- adjust to changed declarations of hash_search, hash_next
sql/sql_base.cc:
- adjust to changed declarations of hash_search, hash_nex
sql/sql_cache.cc:
- adjust to a changed declaration of hash_replace
myisam/mi_delete.c:
Auto merged
sql/field.cc:
Auto merged
sql/field.h:
Auto merged
sql/item_func.cc:
Auto merged
sql/opt_range.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_db.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_show.cc:
Auto merged
