Fixed bug#31194: Privilege ordering does not order properly

for wildcard values.
The server ignored escape character before wildcards during
the calculation of priority values for sorting of a privilege
list. (Actually the server counted an escape character as an
ordinary wildcard like % or _). I.e. the table name template
with a wildcard character like 'tbl_1' had higher priority in
a privilege list than concrete table name without wildcards
like 'tbl\_1', and some privileges of 'tbl\_1' was hidden
by privileges for 'tbl_1'.

The get_sort function has been modified to ignore escaped
wildcards as usual.



mysql-test/r/grant3.result:
  Added test case for bug#31194.
mysql-test/t/grant3.test:
  Added test case for bug#31194.
sql/sql_acl.cc:
  Fixed bug#31194.
  The server used the wild_prefix escape character (usually \-character)
  like % and _ wildcards in the get_sort function for sorting weights
  calculation.
  
  The get_sort function has been modified to ignore escaped wildcards
  and alone escapes like in the wild_case_compare function.
This commit is contained in:
unknown 2008-02-13 19:34:12 +04:00
parent 247efb9cf0
commit 7a290b55f7
3 changed files with 46 additions and 1 deletions

View file

@ -138,3 +138,20 @@ SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by
user host db select_priv
DROP USER CUser2@localhost;
DROP USER CUser2@LOCALHOST;
CREATE DATABASE mysqltest_1;
CREATE TABLE mysqltest_1.t1 (a INT);
CREATE USER 'mysqltest1'@'%';
GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%';
REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%';
GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%';
FLUSH PRIVILEGES;
SHOW GRANTS;
Grants for mysqltest1@%
GRANT USAGE ON *.* TO 'mysqltest1'@'%'
GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%'
GRANT UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%'
SELECT * FROM mysqltest_1.t1;
a
DROP USER 'mysqltest1'@'%';
DROP DATABASE mysqltest_1;
End of 5.0 tests

View file

@ -134,3 +134,29 @@ SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by
DROP USER CUser2@localhost;
DROP USER CUser2@LOCALHOST;
#
# Bug#31194: Privilege ordering does not order properly for wildcard values
#
CREATE DATABASE mysqltest_1;
CREATE TABLE mysqltest_1.t1 (a INT);
CREATE USER 'mysqltest1'@'%';
GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%';
REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%';
GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%';
FLUSH PRIVILEGES;
connect (conn1,localhost,mysqltest1,,);
connection conn1;
SHOW GRANTS;
SELECT * FROM mysqltest_1.t1;
disconnect conn1;
connection default;
DROP USER 'mysqltest1'@'%';
DROP DATABASE mysqltest_1;
--echo End of 5.0 tests

View file

@ -668,7 +668,9 @@ static ulong get_sort(uint count,...)
{
for (; *str ; str++)
{
if (*str == wild_many || *str == wild_one || *str == wild_prefix)
if (*str == wild_prefix && str[1])
str++;
else if (*str == wild_many || *str == wild_one)
{
wild_pos= (uint) (str - start) + 1;
break;