[Commits] Rev 4602: fix a case where automatic procedure grant was changing user's password in lp:~maria-captains/maria/10.0

Sergei Golubchik serg at mariadb.org
Tue Feb 17 19:07:56 EET 2015


At lp:~maria-captains/maria/10.0

------------------------------------------------------------
revno: 4602
revision-id: sergii at pisem.net-20150217170756-olnl0ilokj8abwa3
parent: jplindst at mariadb.org-20150213094931-809ad51opg831vlh
committer: Sergei Golubchik <sergii at pisem.net>
branch nick: 10.0
timestamp: Tue 2015-02-17 18:07:56 +0100
message:
  fix a case where automatic procedure grant was changing user's password
  
  phase out make_password_from_salt() to be removed in 10.1
=== modified file 'include/mysql_com.h'
--- a/include/mysql_com.h	2014-07-19 10:38:40 +0000
+++ b/include/mysql_com.h	2015-02-17 17:07:56 +0000
@@ -618,14 +618,17 @@ void scramble_323(char *to, const char *
 my_bool check_scramble_323(const unsigned char *reply, const char *message,
                            unsigned long *salt);
 void get_salt_from_password_323(unsigned long *res, const char *password);
+#if MYSQL_VERSION_ID < 100100
 void make_password_from_salt_323(char *to, const unsigned long *salt);
-
+#endif
 void make_scrambled_password(char *to, const char *password);
 void scramble(char *to, const char *message, const char *password);
 my_bool check_scramble(const unsigned char *reply, const char *message,
                        const unsigned char *hash_stage2);
 void get_salt_from_password(unsigned char *res, const char *password);
+#if MYSQL_VERSION_ID < 100100
 void make_password_from_salt(char *to, const unsigned char *hash_stage2);
+#endif
 char *octet2hex(char *to, const char *str, unsigned int len);
 
 /* end of password.c */

=== modified file 'mysql-test/r/sp_notembedded.result'
--- a/mysql-test/r/sp_notembedded.result	2013-10-18 18:38:13 +0000
+++ b/mysql-test/r/sp_notembedded.result	2015-02-17 17:07:56 +0000
@@ -284,4 +284,23 @@ DROP EVENT teste_bug11763507;
 # ------------------------------------------------------------------
 # -- End of 5.1 tests
 # ------------------------------------------------------------------
+grant create routine on test.* to foo1 at localhost identified by 'foo';
+update mysql.user set password = replace(password, '*', '-') where user='foo1';
+show grants;
+Grants for foo1 at localhost
+GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '*F3A2A51A9B0F2BE2468926B4132313728C250DBF'
+GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost'
+flush privileges;
+show grants;
+Grants for foo1 at localhost
+GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '-F3A2A51A9B0F2BE2468926B4132313728C250DBF'
+GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost'
+create procedure spfoo() select 1;
+show grants;
+Grants for foo1 at localhost
+GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '-F3A2A51A9B0F2BE2468926B4132313728C250DBF'
+GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost'
+GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `test`.`spfoo` TO 'foo1'@'localhost'
+drop procedure spfoo;
+drop user foo1 at localhost;
 set @@global.concurrent_insert= @old_concurrent_insert;

=== modified file 'mysql-test/t/sp_notembedded.test'
--- a/mysql-test/t/sp_notembedded.test	2015-01-19 13:07:41 +0000
+++ b/mysql-test/t/sp_notembedded.test	2015-02-17 17:07:56 +0000
@@ -462,6 +462,26 @@ DROP EVENT teste_bug11763507;
 --echo # ------------------------------------------------------------------
 
 #
+# A case of SHOW GRANTS
+# (creating a new procedure changes the password)
+#
+grant create routine on test.* to foo1 at localhost identified by 'foo';
+update mysql.user set password = replace(password, '*', '-') where user='foo1';
+--connect (foo,localhost,foo1,foo)
+show grants;
+--connection default
+flush privileges;
+--connection foo
+show grants;
+create procedure spfoo() select 1;
+show grants;
+
+--connection default
+--disconnect foo
+drop procedure spfoo;
+drop user foo1 at localhost;
+
+#
 # Restore global concurrent_insert value. Keep in the end of the test file.
 #
 

=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc	2014-10-09 08:30:11 +0000
+++ b/sql/sql_acl.cc	2015-02-17 17:07:56 +0000
@@ -9840,7 +9840,6 @@ bool sp_grant_privileges(THD *thd, const
   List<LEX_USER> user_list;
   bool result;
   ACL_USER *au;
-  char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
   Dummy_error_handler error_handler;
   DBUG_ENTER("sp_grant_privileges");
 
@@ -9881,33 +9880,10 @@ bool sp_grant_privileges(THD *thd, const
 
   if(au)
   {
-    if (au->salt_len)
-    {
-      if (au->salt_len == SCRAMBLE_LENGTH)
-      {
-        make_password_from_salt(passwd_buff, au->salt);
-        combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
-      }
-      else if (au->salt_len == SCRAMBLE_LENGTH_323)
-      {
-        make_password_from_salt_323(passwd_buff, (ulong *) au->salt);
-        combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
-      }
-      else
-      {
-        push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN, ER_PASSWD_LENGTH,
-                            ER(ER_PASSWD_LENGTH), SCRAMBLED_PASSWORD_CHAR_LENGTH);
-        return TRUE;
-      }
-      combo->password.str= passwd_buff;
-    }
-
     if (au->plugin.str != native_password_plugin_name.str &&
         au->plugin.str != old_password_plugin_name.str)
-    {
       combo->plugin= au->plugin;
-      combo->auth= au->auth_string;
-    }
+    combo->auth= au->auth_string;
   }
 
   if (user_list.push_back(combo))



More information about the commits mailing list