mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-15 19:37:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
171,452 commits 3,589 branches 380 tags 1.7 GiB
Commit graph

37 commits

Author SHA1 Message Date
Vicențiu Ciorbaru
b449612907 MDEV-8638: REVOKE ALL PRIVILEGES, GRANT OPTION FROM CURRENT_ROLE breaks replication 
Fix the replication failure caused by incorect initialization of
THD::invoker_host && THD::invoker_user.

Breakdown of the failure is this:
Query_log_event::host and Query_log_event::user can have their
LEX_STRING's set to length 0, but the actual str member points to
garbage. Code afterwards copies Query_log_event::host and user to
THD::invoker_host and THD::invoker_user.

Calling code for these members expects both members to be initialized.
Eg. the str member be a NULL terminated string and length have
appropriate size.
 2016-06-22 16:41:38 +03:00
Igor Pashev
5fd8087590 [MDEV-9614] Roles and Users longer than 6 characters 
The bug is apparent when the username is longer than the rolename.
It is caused by a simple typo that caused a memcmp call to compare a
different number of bytes than necessary.

The fix was proposed by Igor Pashev. I have reviewed it and it is the
correct approach. Test case introduced by me, using the details provided
in the MDEV.

Signed-off-by: Vicențiu Ciorbaru <vicentiu@mariadb.org>
 2016-06-22 16:41:38 +03:00
Sergei Golubchik
6f0754789c MDEV-8614 Assertion `status == 0' failed in add_role_user_mapping_action on RENAME USER 
don't forget to re-examine the current element when updating a HASH
 2015-10-22 13:09:38 +02:00
Sergei Golubchik
956e92d908 MDEV-8609 Server crashes in is_invalid_role_name on reloading ACL with a blank role name 
strip endspaces from the role name in the parser
because they'll be lost anyway when the name is stored
in the mysql.user.user column (of type CHAR)
 2015-10-22 11:58:54 +02:00
Sergei Golubchik
27328ca1f4 add comment to a test 2015-10-22 10:27:36 +02:00
Vicențiu Ciorbaru
6c55e52b10 MDEV-7774: Crash when dropping user within rebuild_role_grants 
The issue comes from not taking all possibilities to match an entry
within the roles_mapping HASH, when updating the data structure.
 2015-05-03 11:49:49 +03:00
Sergei Golubchik
b9ddeeff24 MDEV-6401 SET ROLE returning ERROR 1959 Invalid role specification for valid role 
Use user's ip address when verifying privileges for SET ROLE (just like check_access() does)
 2014-06-27 09:32:55 +02:00
Sergei Golubchik
3e3d627114 MDEV-5771 Privileges acquired via roles depend on the order of granting 
GRANT ROLE: don't forget to propagate privileges from granted role to a grantee
 2014-03-19 09:57:45 +01:00
Sergei Golubchik
04de6ccc31 MDEV-5668 Assertion `granted_role->is_role()' fails on granting role with empty name 
parser: error out on empty role names
 2014-03-01 11:55:31 +01:00
Sergei Golubchik
5e1d5d9bc0 fixes: 
* roles.grant_proxy-5526 test for --embedded
* gcc warning in Connect
 2014-02-02 10:09:05 +01:00
Sergei Golubchik
dba4e82a84 MDEV-5525 Assertion `status == 0' fails on creating user after granting it role admin option 
don't add entries to acl_roles_mappings hash for non-existing grantees.
 2014-01-29 11:00:06 +01:00
Sergei Golubchik
416148a4cf MDEV-5526 Assertion `proxied_user->host.length' fails on GRANT PROXY ON <role> 
recognize the context better:
always treat the barename as a username in the username context
 2014-01-29 00:05:24 +01:00
Sergei Golubchik
5a385146ae MDEV-5523 Server crashes on DROP USER <rolename> 
use 'user_name' for the error message (fixed, after get_current_user()),
not the original tmp_user_name, as it comes from the parser (host == NULL).
 2014-01-28 21:11:56 +01:00
Sergei Golubchik
92eafe1ab1 MDEV-5521 SET ROLE as prepared statement crashes the server 
set_role::light_check() was incorrect
 2014-01-28 21:02:17 +01:00
Sergei Golubchik
03b428d2cd MDEV-5520 Connection lost on wrong CREATE ROLE 2014-01-28 21:01:21 +01:00
Sergei Golubchik
5f2b07efc7 minor cleanup 2013-12-25 21:21:47 +01:00
Vicentiu Ciorbaru
ad5ddaff12 Fix for: 
MDEV-5221: User auto-creation does not work upon GRANT <role>
 2013-12-18 15:39:09 +02:00
Sergei Golubchik
09b63917be MDEV-5238 Server crashes in find_role_grant_pair on SHOW GRANTS for an anonymous user 2013-11-10 17:50:52 +01:00
Sergei Golubchik
80112232d1 misc fixes for buildbot 2013-11-07 14:30:21 +01:00
Sergei Golubchik
0150dc6ed9 10.0-base merge 2013-11-04 21:47:54 +01:00
Sergei Golubchik
79d2e6c82f MDEV-5232 SET ROLE checks privileges differently from check_access() 
use the same inconsistent priv_user@host pair for SET ROLE privilege checks,
just as check_access() does
 2013-11-04 13:37:39 +01:00
Sergei Golubchik
a30e87414c merge 10.0-base into 10.0 2013-11-04 08:43:56 +01:00
Sergei Golubchik
da122e85e8 remove hostname-dependent part of the test 2013-11-03 13:12:40 +01:00
Sergei Golubchik
ed4a31e8d5 10.0-base merge 2013-11-02 17:59:16 +01:00
Sergei Golubchik
320b85286b grant/revoke ... to/from current_role 2013-11-02 16:26:35 +01:00
Sergei Golubchik
1f0368658b MDEV-5225 Server crashes on CREATE USER|ROLE CURRENT_ROLE or DROP ROLE CURRENT_ROLE 2013-11-02 16:26:01 +01:00
Sergei Golubchik
0fdb3bcfdb 10.0-base merge (roles) 2013-10-29 15:08:44 +01:00
Sergei Golubchik
fef4166990 Don't allow authentication clauses for roles, in particular: 
GRANT ... IDENTIFIED BY [ PASSWORD ] ...
  GRANT ... IDENTIFIED VIA ... [ USING ... ]
  GRANT ... REQUIRE ...
  GRANT ... MAX_xxx ...
  SET PASSWORD FOR ... = ...
 2013-10-28 07:46:17 +01:00
Sergei Golubchik
d5c9712225 post-review cleanup 2013-10-27 08:19:21 +01:00
Sergei Golubchik
e46eea8660 remove inherited routine grants when a routine is dropped 2013-10-26 15:52:29 +02:00
Vicențiu Ciorbaru
2eed3b7d07 Implemented REVOKE ALL FROM for Roles and role grants. 2013-10-26 15:38:48 +02:00
Sergei Golubchik
65eee0be5f MDEV-5176 Server crashes in fill_schema_applicable_roles on select from APPLICABLE_ROLES after a suicide 
Don't assume that thd->security_ctx->priv_user is an actually existing user account
 2013-10-23 09:54:10 -07:00
Sergei Golubchik
7761a278f6 MDEV-5170 Assertion `(&(&acl_cache->lock)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&acl_cache->lock)->m_mutex)->thread)' fails after restarting server with a pre-created role grants 
lock acl_cache->lock mutex for the duration of acl_load
 2013-10-23 09:49:47 -07:00
Sergei Golubchik
f6b8f6d156 reset the db privilege cache when revoking db priviges on DROP ROLE 2013-10-23 05:09:17 -07:00
Sergei Golubchik
614478921f MDEV-5172 safe_mutex: Trying to lock mutex when the mutex was already locked on using a role and I_S role tables 
don't forget to unlock if the current role isn't found
 2013-10-23 03:28:41 -07:00
Sergei Golubchik
fd826cc3bd properly propagate privilege changes on DROP ROLE 2013-10-23 03:26:09 -07:00
Sergei Golubchik
a3f4b58dac move role tests to a dedicated suite 2013-10-21 19:57:25 -07:00