mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

bugfix: PROXY privilege matched usernames incorrectly

Browse source 
username can be empty, meaning anybody, or must match literally.
only db and host names are matched with wildcards.
This commit is contained in:
Sergei Golubchik 2019-06-10 09:24:43 +02:00
parent d13080133f
commit fd00c449e3
3 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
mysql-test/main/plugin_auth_qa_1.result
View file

@ -4,6 +4,9 @@ User plugin authentication_string
========== test 1.1.3.2 ====================================
CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON `plug%dest` TO plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
REVOKE PROXY ON `plug%dest` FROM plug_user;
GRANT PROXY ON plug_dest TO plug_user;
current_user()
plug_dest@%

4
mysql-test/main/plugin_auth_qa_1.test
View file

@ -13,6 +13,10 @@ SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
# CREATE...WITH/CREATE...BY/GRANT
CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON `plug%dest` TO plug_user;
--error 1
--exec $MYSQL -S $MASTER_MYSOCK -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE PROXY ON `plug%dest` FROM plug_user;
GRANT PROXY ON plug_dest TO plug_user;
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--exec $MYSQL -S $MASTER_MYSOCK -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1

6
sql/sql_acl.cc
View file

@ -392,10 +392,8 @@ public:
proxied_user_arg, proxied_user));
DBUG_RETURN(compare_hostname(&host, host_arg, ip_arg) &&
compare_hostname(&proxied_host, host_arg, ip_arg) &&
(!*user ||
(user_arg && !wild_compare(user_arg, user, TRUE))) &&
(!*proxied_user ||
!wild_compare(proxied_user_arg, proxied_user, TRUE)));
(!*user || !strcmp(user_arg, user)) &&
(!*proxied_user || !strcmp(proxied_user_arg, proxied_user)));
}