Bug#19857: When a user with CREATE ROUTINE priv creates a routine it results in NULL p/w

sp_grant_privileges(), the function that GRANTs EXECUTE + ALTER privs on a SP, did so creating a user-entry with not password; mysql_routine_grant() would then write that "change" to the user-table. mysql-test/r/sp-security.result: prove that creating a stored procedure will not destroy the creator's password mysql-test/t/sp-security.test: prove that creating a stored procedure will not destroy the creator's password sql/sql_acl.cc: get password from ACLs, convert to correct format, and use it when forcing GRANTS for SPs
2026-05-16 20:07:13 +02:00 · 2006-06-28 12:40:17 +02:00 · 2006-06-28 12:40:17 +02:00 · 5312b34910
commit 5312b34910
parent 3ddea20d8d
3 changed files with 121 additions and 15 deletions
--- a/mysql-test/r/sp-security.result
+++ b/mysql-test/r/sp-security.result
@ -420,3 +420,34 @@ ERROR HY000: There is no 'mysqltest_1'@'localhost' registered
 ---> connection: root
 DROP USER mysqltest_2@localhost;
 DROP DATABASE mysqltest;
+GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
+user19857@localhost;
+SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
+Host	User	Password
+localhost	user19857	*82DC221D557298F6CE9961037DB1C90604792F5C
+
+---> connection: mysqltest_2_con
+use test;
+CREATE PROCEDURE sp19857() DETERMINISTIC
+BEGIN
+DECLARE a INT;
+SET a=1;
+SELECT a;
+END //
+SHOW CREATE PROCEDURE test.sp19857;
+Procedure	sql_mode	Create Procedure
+sp19857		CREATE DEFINER=`user19857`@`localhost` PROCEDURE `sp19857`()
+    DETERMINISTIC
+BEGIN
+DECLARE a INT;
+SET a=1;
+SELECT a;
+END
+DROP PROCEDURE IF EXISTS test.sp19857;
+
+---> connection: root
+SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
+Host	User	Password
+localhost	user19857	*82DC221D557298F6CE9961037DB1C90604792F5C
+DROP USER user19857@localhost;
--- a/mysql-test/t/sp-security.test
+++ b/mysql-test/t/sp-security.test
@ -744,4 +744,50 @@ DROP USER mysqltest_2@localhost;
 DROP DATABASE mysqltest;


+#
+# Bug#19857 - When a user with CREATE ROUTINE priv creates a routine,
+#             it results in NULL p/w
+#
+
+# Can't test with embedded server that doesn't support grants
+
+GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
+user19857@localhost;
+SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
+
+--connect (mysqltest_2_con,localhost,user19857,meow,test)
+--echo
+--echo ---> connection: mysqltest_2_con
+--connection mysqltest_2_con
+
+use test;
+
+DELIMITER //;
+  CREATE PROCEDURE sp19857() DETERMINISTIC
+  BEGIN
+    DECLARE a INT;
+    SET a=1;
+    SELECT a;
+  END //
+DELIMITER ;//
+
+SHOW CREATE PROCEDURE test.sp19857;
+
+--disconnect mysqltest_2_con
+--connect (mysqltest_2_con,localhost,user19857,meow,test)
+--connection mysqltest_2_con
+
+DROP PROCEDURE IF EXISTS test.sp19857;
+
+--echo
+--echo ---> connection: root
+--connection con1root
+
+--disconnect mysqltest_2_con
+
+SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
+
+DROP USER user19857@localhost;
+
 # End of 5.0 bugs.
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -5601,6 +5601,8 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
  TABLE_LIST tables[1];
  List<LEX_USER> user_list;
  bool result;
+  ACL_USER *au;
+  char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
  DBUG_ENTER("sp_grant_privileges");

  if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
@ -5609,17 +5611,20 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
  combo->user.str= sctx->user;

  VOID(pthread_mutex_lock(&acl_cache->lock));
-  if (!find_acl_user(combo->host.str=(char*)sctx->host_or_ip, combo->user.str,
-                     FALSE) &&
-      !find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str,
-                     FALSE) &&
-      !find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str,
-                     FALSE) &&
-      !find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE))
-  {
+
+  if ((au= find_acl_user(combo->host.str=(char*)sctx->host_or_ip,combo->user.str,FALSE)))
+    goto found_acl;
+  if ((au= find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str,FALSE)))
+    goto found_acl;
+  if ((au= find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str,FALSE)))
+    goto found_acl;
+  if((au= find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE)))
+    goto found_acl;
+
  VOID(pthread_mutex_unlock(&acl_cache->lock));
  DBUG_RETURN(TRUE);
-  }
+
+ found_acl:
  VOID(pthread_mutex_unlock(&acl_cache->lock));

  bzero((char*)tables, sizeof(TABLE_LIST));
@ -5632,8 +5637,32 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
  combo->user.length= strlen(combo->user.str);
  combo->host.str= thd->strmake(combo->host.str,combo->host.length);
  combo->user.str= thd->strmake(combo->user.str,combo->user.length);
+
+
+  if(au && au->salt_len)
+  {
+    if (au->salt_len == SCRAMBLE_LENGTH)
+    {
+      make_password_from_salt(passwd_buff, au->salt);
+      combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
+    }
+    else if (au->salt_len == SCRAMBLE_LENGTH_323)
+    {
+      make_password_from_salt_323(passwd_buff, (ulong *) au->salt);
+      combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
+    }
+    else
+    {
+      my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
+      return -1;
+    }
+    combo->password.str= passwd_buff;
+  }
+  else
+  {
    combo->password.str= (char*)"";
    combo->password.length= 0;
+  }

  if (user_list.push_back(combo))
    DBUG_RETURN(TRUE);