mysql-test/t/grant.test · mysql-cluster-7.3.3 · Rasoul Jahanshahi / Mysql Server

Mar 29, 2012

Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY - · 0abdeed1

gopal.shankar@oracle.com authored Mar 29, 2012

                      REQUIRES FLUSH PRIVILEGES

PROBLEM: 
  RENAME USER does not work as expected when from_user contains just
IP and to_user contains IP/MASK. Attempt to connect to MySQL using
renamed user fails. Attempts to connect succeed only after command
FLUSH PRIVILEGES. 

ANALYSIS:
  MySQL maintains access control list for users in global DYNAMIC ARRAY
'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
from mysql.user table.

  For faster search we maintain HASH acl_check_hosts, which contains
user details with hostnames without any wild cards. All the users whose
host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.

  ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
At the end of these operations init_check_hosts() is called to update
acl_check_hosts and  acl_wild_cards based on 'acl_users'.

Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
                      REQUIRES FLUSH PRIVILEGES

PROBLEM: 
  RENAME USER does not work as expected when from_user contains just
IP and to_user contains IP/MASK. Attempt to connect to MySQL using
renamed user fails. Attempts to connect succeed only after command
FLUSH PRIVILEGES. 

ANALYSIS:
  MySQL maintains access control list for users in global DYNAMIC ARRAY
'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
from mysql.user table.

  For faster search we maintain HASH acl_check_hosts, which contains
user details with hostnames without any wild cards. All the users whose
host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.

  ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
At the end of these operations init_check_hosts() is called to update
acl_check_hosts and  acl_wild_cards based on 'acl_users'.

  During RENAME, when it updates 'acl_users' in handle_grant_struct(),
hostname is copied into 'acl_users' list updating only ACL_USER->hostname
but it does not update ACL_USER->host->ip, ACL_USER->host->ip_mask. This
is route cause for this bug.

  FLUSH PRIVILEGES command invokes acl_reload(). This function updates all
members of ACL_USER->host (including ip and ip_mask). Hence attempts to connect
to MySQL succeeds there after.

FIX:
  Make changes to handle_grant_struct() to properly update ACL_USER->host->ip,
ACL_USER->host->ip_mask. This is done using existing update_hostname().

Note:
  In addition to the fix described above, the code related to acl_host_and_ip is
modified. The new code helps avoid doing similar mistakes, of updating
hostname, without updating ip_mask. These changes also improves the related code.

0abdeed1

Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -

gopal.shankar@oracle.com authored Mar 29, 2012

                      REQUIRES FLUSH PRIVILEGES

PROBLEM: 
  RENAME USER does not work as expected when from_user contains just
IP and to_user contains IP/MASK. Attempt to connect to MySQL using
renamed user fails. Attempts to connect succeed only after command
FLUSH PRIVILEGES. 

ANALYSIS:
  MySQL maintains access control list for users in global DYNAMIC ARRAY
'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
from mysql.user table.

  For faster search we maintain HASH acl_check_hosts, which contains
user details with hostnames without any wild cards. All the users whose
host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.

  ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
At the end of these operations init_check_hosts() is called to update
acl_check_hosts and  acl_wild_cards based on 'acl_users'.

Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
                      REQUIRES FLUSH PRIVILEGES

PROBLEM: 
  RENAME USER does not work as expected when from_user contains just
IP and to_user contains IP/MASK. Attempt to connect to MySQL using
renamed user fails. Attempts to connect succeed only after command
FLUSH PRIVILEGES. 

ANALYSIS:
  MySQL maintains access control list for users in global DYNAMIC ARRAY
'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
from mysql.user table.

  For faster search we maintain HASH acl_check_hosts, which contains
user details with hostnames without any wild cards. All the users whose
host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.

  ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
At the end of these operations init_check_hosts() is called to update
acl_check_hosts and  acl_wild_cards based on 'acl_users'.

  During RENAME, when it updates 'acl_users' in handle_grant_struct(),
hostname is copied into 'acl_users' list updating only ACL_USER->hostname
but it does not update ACL_USER->host->ip, ACL_USER->host->ip_mask. This
is route cause for this bug.

  FLUSH PRIVILEGES command invokes acl_reload(). This function updates all
members of ACL_USER->host (including ip and ip_mask). Hence attempts to connect
to MySQL succeeds there after.

FIX:
  Make changes to handle_grant_struct() to properly update ACL_USER->host->ip,
ACL_USER->host->ip_mask. This is done using existing update_hostname().

Note:
  In addition to the fix described above, the code related to acl_host_and_ip is
modified. The new code helps avoid doing similar mistakes, of updating
hostname, without updating ip_mask. These changes also improves the related code.