Commit graph

961 commits

Author SHA1 Message Date
hery.ramilison@oracle.com
c74d844de3 Merge from mysql-5.5.14-release 2011-07-06 01:13:50 +02:00
Georgi Kodinov
455c676792 merged mysql-5.5->mysql-5.5-security 2011-06-06 16:17:58 +03:00
Georgi Kodinov
8ae2bb6eaa BUG 12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD
The check for empty password in the user account was checking the wrong field.
Fixed to check the proper password hash.
Test case added.
Fixed native_password and old_password plugins that suffered from the same
problems.
Unambuguated the auth_string ACL_USER member : previously it was used for 
both password and the authentication string (depending on the plugin). Now
fixed to contain either the authentication string specified or empty string.
2011-06-01 16:08:13 +03:00
Davi Arnaut
95dbf0539b Merge of mysql-5.1 into mysql-5.5. 2011-05-30 08:14:38 -03:00
Tatjana Azundris Nuernberg
cc694af17b auto-merge Bug#11745920 2011-05-26 13:33:21 +01:00
Guilhem Bichot
12f651ac9d Merge from 5.1. 2011-05-21 10:21:08 +02:00
Tatjana Azundris Nuernberg
92b901d297 Bug#11745920/Bug#21287: "SSL connection error" is not helpful! (ssl-verify-server-cert=true vs localhos)
SSL errors on client and now more specific to aid end-user
with debugging. Also restructures error handling for
compliance with SSL docs.
2011-05-19 10:47:43 +01:00
Guilhem Bichot
25221cccd2 Fix for BUG#11755168 '46895: test "outfile_loaddata" fails (reproducible)'.
In sql_class.cc, 'row_count', of type 'ha_rows', was used as last argument for
ER_TRUNCATED_WRONG_VALUE_FOR_FIELD which is
"Incorrect %-.32s value: '%-.128s' for column '%.192s' at row %ld".
So 'ha_rows' was used as 'long'.
On SPARC32 Solaris builds, 'long' is 4 bytes and 'ha_rows' is 'longlong' i.e. 8 bytes.
So the printf-like code was reading only the first 4 bytes.
Because the CPU is big-endian, 1LL is 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x01
so the first four bytes yield 0. So the warning message had "row 0" instead of
"row 1" in test outfile_loaddata.test:
-Warning	1366	Incorrect string value: '\xE1\xE2\xF7' for column 'b' at row 1
+Warning	1366	Incorrect string value: '\xE1\xE2\xF7' for column 'b' at row 0

All error-messaging functions which internally invoke some printf-life function
are potential candidate for such mistakes.
One apparently easy way to catch such mistakes is to use
ATTRIBUTE_FORMAT (from my_attribute.h).
But this works only when call site has both:
a) the format as a string literal
b) the types of arguments.
So:
  func(ER(ER_BLAH), 10);
will silently not be checked, because ER(ER_BLAH) is not known at
compile time (it is known at run-time, and depends on the chosen
language).
And
  func("%s", a va_list argument);
has the same problem, as the *real* type of arguments is not
known at this site at compile time (it's known in some caller).
Moreover,
  func(ER(ER_BLAH));
though possibly correct (if ER(ER_BLAH) has no '%' markers), will not
compile (gcc says "error: format not a string literal and no format
arguments").

Consequences:
1) ATTRIBUTE_FORMAT is here added only to functions which in practice
take "string literal" formats: "my_error_reporter" and "print_admin_msg".
2) it cannot be added to the other functions: my_error(),
push_warning_printf(), Table_check_intact::report_error(),
general_log_print().

To do a one-time check of functions listed in (2), the following
"static code analysis" has been done:
1) replace
  my_error(ER_xxx, arguments for substitution in format)
with the equivalent
  my_printf_error(ER_xxx,ER(ER_xxx), arguments for substitution in
format),
so that we have ER(ER_xxx) and the arguments *in the same call site*
2) add ATTRIBUTE_FORMAT to push_warning_printf(),
Table_check_intact::report_error(), general_log_print()
3) replace ER(xxx) with the hard-coded English text found in
errmsg.txt (like: ER(ER_UNKNOWN_ERROR) is replaced with
"Unknown error"), so that a call site has the format as string literal
4) this way, ATTRIBUTE_FORMAT can effectively do its job
5) compile, fix errors detected by ATTRIBUTE_FORMAT
6) revert steps 1-2-3.
The present patch has no compiler error when submitted again to the
static code analysis above.
It cannot catch all problems though: see Field::set_warning(), in
which a call to push_warning_printf() has a variable error
(thus, not replacable by a string literal); I checked set_warning() calls
by hand though.

See also WL 5883 for one proposal to avoid such bugs from appearing
again in the future.

The issues fixed in the patch are:
a) mismatch in types (like 'int' passed to '%ld')
b) more arguments passed than specified in the format.
This patch resolves mismatches by changing the type/number of arguments,
not by changing error messages of sql/share/errmsg.txt. The latter would be wrong,
per the following old rule: errmsg.txt must be as stable as possible; no insertions
or deletions of messages, no changes of type or number of printf-like format specifiers,
are allowed, as long as the change impacts a message already released in a GA version.
If this rule is not followed:
- Connectors, which use error message numbers, will be confused (by insertions/deletions
of messages)
- using errmsg.sys of MySQL 5.1.n with mysqld of MySQL 5.1.(n+1)
could produce wrong messages or crash; such usage can easily happen if
installing 5.1.(n+1) while /etc/my.cnf still has --language=/path/to/5.1.n/xxx;
or if copying mysqld from 5.1.(n+1) into a 5.1.n installation.
When fixing b), I have verified that the superfluous arguments were not used in the format
in the first 5.1 GA (5.1.30 'bteam@astra04-20081114162938-z8mctjp6st27uobm').
Had they been used, then passing them today, even if the message doesn't use them
anymore, would have been necessary, as explained above.
2011-05-16 22:04:01 +02:00
Georgi Kodinov
3b69f27e59 Bug : 59792: BIN/MYSQL -UUNKNOWN -PUNKNOWN
.-> USING PASSWORD: NO

The server was always setting the flag for using password to NO and
then relying on the server authentication plugin to update it if it uses
a password.
This creates compatibility problems with 5.1 when rejecting a 
nonexistent user login.
Set the default for the password supplied flag for non-existing users
as the default plugin (native password authentication) would do it
for compatibility reasons.
Test case added.
federated.result updated with the correct error message.
2011-05-16 19:46:44 +03:00
Alexander Nozdrin
da96e91524 A patch for Bug#12429877: QUERY_TABLES_LIST::SROUTINES IS NOT
FREED IN FLUSH_READ_LOCK (VALGRIND WARNING).

The problem was that under some circustances the memory allocated
for Query_tables_list::sroutines was not freed properly.
The cause of this problem was the absence of
LEX::restore_backup_query_tables_list() call in one of the branches
in mysql_table_grant() function.
2011-05-16 12:50:42 +04:00
Georgi Kodinov
ba6cf08db5 merge mysql-5.5->mysql-5.5-security 2011-03-21 16:22:13 +02:00
Georgi Kodinov
52edb4a5b9 Bug # 11766011: mysql.user.authentication_string column causes
configuration wizard to fail

Made the fields mysql.user.plugin and mysql.user.authentication_string
nullable to conform with some older clients doing inserts instead of 
using the commands.
2011-03-18 16:16:17 +02:00
Georgi Kodinov
f9756a6c16 Fixed a post-merge embedded compilation error 2011-03-17 13:29:59 +02:00
Kristofer Pettersson
9f29134a4a Certain fields in the protcol required a strict formatting. If
off bound values were sent to the server this could under some
circumstances lead to a crash on the Windows platform.
2011-03-14 11:13:11 +01:00
Georgi Kodinov
9a45cd3079 merge mysql-5.1->mysql-5.5 2011-03-09 16:04:50 +02:00
Alexander Barkov
b97cdadbe8 Bug#11765108 (Bug#58036) client utf32, utf16, ucs2 should be disallowed, they crash server
Problem: ucs2 was correctly disallowed in "SET NAMES" only,
while mysql_real_connect() and mysql_change_user() still allowed
to use ucs2, which made server crash.

Fix: disallow ucs2 in mysql_real_connect() and mysql_change_user().

  @ sql/set_var.cc
    Using new function.

  @ sql/sql_acl.cc
    - Return error if character set initialization failed
    - Getting rid of pointer aliasing:
      Initialize user_name to NULL, to avoid double free().

  @ sql/sql_connect.cc
    - in case of unsupported client character set send error and return true
    - in case of success return false

  @ sql/sql_connect.h
    - changing return type for thd_init_client_charset() to bool,
      to return errors to the caller

  @ sql/sql_parse.h
    - introducing a new function, to reuse in all places where we need
    to check client character set.

  @ tests/mysql_client_test.c
    Adding test
2011-02-18 12:46:55 +03:00
Dmitry Lenev
03e27ac161 Merged fix for bug "DROP USER does not remove stored
function privileges" into 5.5 tree. Did after-merge fixes.
2011-02-07 15:06:22 +03:00
Dmitry Lenev
e960abc7cf Fix for bug#36544 "DROP USER does not remove stored function
privileges".

The first problem was that DROP USER didn't properly remove privileges 
on stored functions from in-memory structures. So the dropped user
could have called stored functions on which he had privileges before
being dropped while his connection was still around.
Even worse if a new user with the same name was created he would
inherit privileges on stored functions from the dropped user.
Similar thing happened with old user name and function privileges
during RENAME USER.

This problem stemmed from the fact that the handle_grant_data() function
which handled DROP/RENAME USER didn't take any measures to update
in-memory hash with information about function privileges after
updating them on disk.

This patch solves this problem by adding code doing just that.

The second problem was that RENAME USER didn't properly update in-memory
structures describing table-level privileges and privileges on stored 
procedures. As result such privileges could have been lost after a rename
(i.e. not associated with the new name of user) and inherited by a new
user with the same name as the old name of the original user.

This problem was caused by code handling RENAME USER in
handle_grant_struct() which [sic!]:
a) tried to update wrong (tables) hash when updating stored procedure
   privileges for new user name.
b) passed wrong arguments to function performing the hash update and
   didn't take into account the way in which such update could have
   changed the order of the hash elements.

This patch solves this problem by ensuring that a) the correct hash
is updated, b) correct arguments are used for the hash_update()
function and c) we take into account possible changes in the order
of hash elements.
2011-02-07 14:01:19 +03:00
Georgi Kodinov
d037f626fa Bug : Non-ASCIIZ string kills protocol extensibility in MySQL 5.5
When the server sends the name of the plugin it's using in the handshake 
packet it was null terminating it in it's buffer, but was sending a length of 
the packet 1 byte short.
Fixed to send the terminating 0 as well by increasing the length of the 
packet to include it. 
In this way the handshake packet becomes similar to the change user packet
where the plugin name is null terminated.
No test suite added as the fix can only be observed by analyzing the bytes
sent over the wire.
2011-01-14 17:48:11 +02:00
Georgi Kodinov
1ab1cb8a77 Bug : Typo in warning on log: [Warning] 'proxes_priv' entry
Fixed a typo in an error message.
2010-11-19 13:37:25 +02:00
Georgi Kodinov
bb642a5cc0 Bug : Live upgrade fails between 5.1.52 -> 5.5.7-rc
Updated the server to treat a missing mysql.proxies_priv table 
as empty. 
Added some grants to make sure tables are correctly opened
when they must be opened.
Fixed a mysql_upgrade omission not adding rights to root to 
execute GRANT PROXY on other users.
Removed a redundant CREATE TABLE from 
mysql_system_tables_fix.sql since it's always executed after
mysql_system_tables.sql and the first file has CREATE TABLE 
in it. 
Added a test case for the above.
Fixed error handling code to close the cursor
2010-11-19 16:35:04 +02:00
Davi Arnaut
94c79b37a0 Fix a debug assertion caused by a missing DBUG_RETURN macro. 2010-11-17 19:02:48 -02:00
Georgi Kodinov
b69f9b397a Bug : Fix the naming of the proxy_priv table
1. Fixed the name of the table to proxies_priv
2. Fixed the column names to be of the form Capitalized_lowecarse instead of
Capitalized_Capitalized
3. Added Timestamp and Grantor columns
4. Added tests to plugin_auth to check the table structure
5. Updated the existing tests
2010-11-02 17:45:26 +02:00
Georgi Kodinov
777ad2dd98 Bug : mysql_change_user() breaks user connection on older clients
COM_CHANGE_USER was always handled like an implicit request to change the
client plugin, so that the client can re-use the same code path for both normal 
login and COM_CHANGE_USER. However this doesn't really work well with old 
clients because they don't understand the request to change a client plugin.

Fixed by implementing a special state in the code (and old client issuing 
COM_CHANGE_USER). In this state the server parses the COM_CHANGE_USER 
package and pushes back the password hash, the user name and the database 
to the input stream in the same order that the native password server side plugin 
expects. As a result it replies with an OK/FAIL just like the old server does thus
making the new server compatible with older clients.

No test case added, since it would requre an old client binary. Tested using 
accounts with and without passwords. Tested with a correct and incorrect 
password.
2010-10-25 18:11:58 +03:00
Davi Arnaut
1e1985eba7 Merge of mysql-5.1-bugteam into mysql-5.5-bugteam. 2010-10-20 17:02:59 -02:00
Davi Arnaut
560ee2158d Bug#45288: pb2 returns a lot of compilation warnings
Fix assorted warnings that are generated in optimized builds.
Most of it is silencing variables that are set but unused.

This patch also introduces the MY_ASSERT_UNREACHABLE macro
which helps the compiler to deduce that a certain piece of
code is unreachable.
2010-10-20 16:21:40 -02:00
Alexander Nozdrin
26e12a11bb Fix compilation warnings. 2010-10-12 14:07:13 +04:00
Alfranio Correia
361833796f BUG#57098 RBR breaks on changing user password on 5.1 master -> 5.5 slave
Backported the patch for BUG#55452.
2010-10-06 11:19:51 +01:00
Georgi Kodinov
dd2e3db48f merge 2010-10-04 15:42:16 +03:00
Georgi Kodinov
99039957fe WL#1054: code style remarks fixed. 2010-09-20 19:38:27 +03:00
Georgi Kodinov
702d559fd5 Bug : Wrong credentials assigned when using a proxy user.
Fixed incorrect handling of user credentials when authenticating
via proxy user. Now the server will use the proxies user's 
access mask and host to update the security context runtime 
structure when logging in.

Fixed a compilation warning with the embedded library.

Fixed a crash when doing a second GRANT PROXY on ''@'' due to 
incomplete equality check logic.
2010-09-20 16:51:42 +03:00
Alexander Nozdrin
6b9371bd45 Polish check_grant(): name TABLE_LIST instance "tl", not "table".
This allows to avoid mixing it up with pointer to TABLE object
which will be introduced to this function in one of upcoming
patches.
2010-08-31 13:55:32 +04:00
Georgi Kodinov
881a76699e WL#1054: Pluggable authentication support
Merged the implementation to a new base tree.
2010-08-09 11:32:50 +03:00
Alexander Nozdrin
dfc63866eb Auto-merge from mysql-trunk-merge. 2010-07-29 16:32:11 +04:00
Konstantin Osipov
0b217d9015 Fix a failing assert when running funcs_1.innodb_trig_03 test.
The failure was introduced by a precursor patch for the
fix for Bug#52044.

When opening tables for GRANT statement
to check that subject columns exist,
mysql_table_grant() would try to lock the
tables, and thus start a transaction.
This was unnecessary and lead to an assert.
2010-07-28 21:56:15 +04:00
Konstantin Osipov
ec2c3bf2c1 A pre-requisite patch for the fix for Bug#52044.
This patch also fixes Bug#55452 "SET PASSWORD is
replicated twice in RBR mode".

The goal of this patch is to remove the release of 
metadata locks from close_thread_tables().
This is necessary to not mistakenly release
the locks in the course of a multi-step
operation that involves multiple close_thread_tables()
or close_tables_for_reopen().

On the same token, move statement commit outside 
close_thread_tables().

Other cleanups:
Cleanup COM_FIELD_LIST.
Don't call close_thread_tables() in COM_SHUTDOWN -- there
are no open tables there that can be closed (we leave
the locked tables mode in THD destructor, and this
close_thread_tables() won't leave it anyway).

Make open_and_lock_tables() and open_and_lock_tables_derived()
call close_thread_tables() upon failure.
Remove the calls to close_thread_tables() that are now
unnecessary.

Simplify the back off condition in Open_table_context.

Streamline metadata lock handling in LOCK TABLES 
implementation.

Add asserts to ensure correct life cycle of 
statement transaction in a session.

Remove a piece of dead code that has also become redundant
after the fix for Bug 37521.
2010-07-27 14:25:53 +04:00
Davi Arnaut
6c15f6718f Merge of mysql-5.1-bugteam into mysql-trunk-merge. 2010-07-20 16:30:10 -03:00
Davi Arnaut
c96b249fc3 Bug#45288: pb2 returns a lot of compilation warnings on linux
Fix warnings flagged by the new warning option -Wunused-but-set-variable
that was added to GCC 4.6 and that is enabled by -Wunused and -Wall. The
option causes a warning whenever a local variable is assigned to but is
later unused. It also warns about meaningless pointer dereferences.
2010-07-20 15:07:36 -03:00
Jon Olav Hauglid
52b1e11ee1 merge from mysql-trunk-bugfixing 2010-07-19 10:27:53 +02:00
Davi Arnaut
e1f748c0bd Merge of mysql-5.1-bugteam into mysql-trunk-merge. 2010-07-09 09:28:51 -03:00
Davi Arnaut
ed9ffc6b09 Bug#45288: pb2 returns a lot of compilation warnings on linux
Although the C standard mandates that sprintf return the number
of bytes written, some very ancient systems (i.e. SunOS 4)
returned a pointer to the buffer instead. Since these systems
are not supported anymore and are hopefully long dead by now,
simply remove the portability wrapper that dealt with this
discrepancy. The autoconf check was causing trouble with GCC.
2010-07-09 09:00:17 -03:00
fe6ab9a06b Manul merge 2010-07-04 12:36:09 +08:00
42eecc539a The following statements support the CURRENT_USER() where a user is needed.
DROP USER 
RENAME USER CURRENT_USER() ...
GRANT ... TO CURRENT_USER()
REVOKE ... FROM CURRENT_USER()
ALTER DEFINER = CURRENT_USER() EVENTbut, When these statements are binlogged, CURRENT_USER() just is binlogged
as 'CURRENT_USER()', it is not expanded to the real user name. When slave 
executes the log event, 'CURRENT_USER()' is expand to the user of slave 
SQL thread, but SQL thread's user name always NULL. This breaks the replication.

After this patch, session's user will be written into query log events 
if these statements call CURREN_USER() or 'ALTER EVENT' does not assign a definer.
2010-07-04 12:02:49 +08:00
Jon Olav Hauglid
41a3dfe490 A 5.5 version of the fix for Bug "Deadlock DROP/ALTER/CREATE
DATABASE with open HANDLER"

Remove LOCK_create_db, database name locks, and use metadata locks instead.
This exposes CREATE/DROP/ALTER DATABASE statements to the graph-based
deadlock detector in MDL, and paves the way for a safe, deadlock-free
implementation of RENAME DATABASE.

Database DDL statements will now take exclusive metadata locks on
the database name, while table/view/routine DDL statements take
intention exclusive locks on the database name. This prevents race
conditions between database DDL and table/view/routine DDL.
(e.g. DROP DATABASE with concurrent CREATE/ALTER/DROP TABLE)

By adding database name locks, this patch implements
WL#4450 "DDL locking: CREATE/DROP DATABASE must use database locks" and
WL#4985 "DDL locking: namespace/hierarchical locks".

The patch also changes code to use init_one_table() where appropriate.
The new lock_table_names() function requires TABLE_LIST::db_length to
be set correctly, and this is taken care of by init_one_table().

This patch also adds a simple template to help work with 
the mysys HASH data structure.

Most of the patch was written by Konstantin Osipov.
2010-07-01 15:53:46 +02:00
Davi Arnaut
8675070131 Merge of mysql-5.1-bugteam into mysql-trunk-merge. 2010-06-28 19:18:22 -03:00
Davi Arnaut
1b504ab0b1 Revert Bug#48321 due to build breakage and failing tests. 2010-06-28 17:59:41 -03:00
c943bc7bbb Manual merge 2010-06-27 13:51:45 +08:00
899a1d694f The following statements support the CURRENT_USER() where a user is needed.
DROP USER 
RENAME USER CURRENT_USER() ...
GRANT ... TO CURRENT_USER()
REVOKE ... FROM CURRENT_USER()
ALTER DEFINER = CURRENT_USER() EVENTbut, When these statements are binlogged, CURRENT_USER() just is binlogged
as 'CURRENT_USER()', it is not expanded to the real user name. When slave 
executes the log event, 'CURRENT_USER()' is expand to the user of slave 
SQL thread, but SQL thread's user name always NULL. This breaks the replication.

After this patch, session's user will be written into query log events 
if these statements call CURREN_USER() or 'ALTER EVENT' does not assign a definer.
2010-06-27 12:42:06 +08:00
Alexander Nozdrin
4e633ec234 Auto-merge from mysql-trunk. 2010-05-28 09:47:58 +04:00
Alexey Kopytov
940ad61b71 Manual merge of mysql-5.1-bugteam to mysql-trunk-merge.
Conflicts:

Text conflict in configure.in
Text conflict in dbug/dbug.c
Text conflict in mysql-test/r/ps.result
Text conflict in mysql-test/t/ps.test
Text conflict in sql/CMakeLists.txt
Text conflict in sql/ha_ndbcluster.cc
Text conflict in sql/mysqld.cc
Text conflict in sql/sql_plugin.cc
Text conflict in sql/sql_table.cc
2010-04-30 00:33:06 +04:00