Problem 1:
column_priv_hash uses utf8_general_ci collation
for the key comparison. The key consists of user name,
db name and table name. Thus user with privileges on table t1
is able to perform the same operation on T1
(the similar situation with user name & db name, see acl_cache).
So collation which is used for column_priv_hash and acl_cache
should be case sensitive.
The fix:
replace system_charset_info with my_charset_utf8_bin for
column_priv_hash and acl_cache
Problem 2:
The same situation with proc_priv_hash, func_priv_hash,
the only difference is that Routine name is case insensitive.
So the fix is to use my_charset_utf8_bin for
proc_priv_hash & func_priv_hash and convert routine name into lower
case before writing the element into the hash and
before looking up the key.
Additional fix: mysql.procs_priv Routine_name field collation
is changed to utf8_general_ci.
It's necessary for REVOKE command
(to find a field by routine hash element values).
Note:
It's safe for lower-case-table-names mode too because
db name & table name are converted into lower case
(see GRANT_NAME::GRANT_NAME).
mysql-test/include/have_case_insensitive_fs.inc:
test case
mysql-test/r/case_insensitive_fs.require:
test case
mysql-test/r/grant_lowercase_fs.result:
test result
mysql-test/r/lowercase_fs_off.result:
test result
mysql-test/r/ps_grant.result:
test result
mysql-test/r/system_mysql_db.result:
changed Routine_name field collation to case insensitive
mysql-test/t/grant_lowercase_fs.test:
test case
mysql-test/t/lowercase_fs_off.test:
test case
scripts/mysql_system_tables.sql:
changed Routine_name field collation to case insensitive
scripts/mysql_system_tables_fix.sql:
changed Routine_name field collation to case insensitive
sql/sql_acl.cc:
Problem 1:
column_priv_hash uses utf8_general_ci collation
for the key comparison. The key consists of user name,
db name and table name. Thus user with privileges on table t1
is able to perform the same operation on T1
(the similar situation with user name & db name, see acl_cache).
So collation which is used for column_priv_hash and acl_cache
should be case sensitive.
The fix:
replace system_charset_info with my_charset_utf8_bin for
column_priv_hash and acl_cache
Problem 2:
The same situation with proc_priv_hash, func_priv_hash,
the only difference is that Routine name is case insensitive.
So the fix is to use my_charset_utf8_bin for
proc_priv_hash & func_priv_hash and convert routine name into lower
case before writing the element into the hash and
before looking up the key.
Additional fix: mysql.procs_priv Routine_name field collation
is changed to utf8_general_ci.
It's necessary for REVOKE command
(to find a field by routine hash element values).
Note:
It's safe for lower-case-table-names mode too because
db name & table name are converted into lower case
(see GRANT_NAME::GRANT_NAME).
Reset session sql_mode before creating system tables as it
is done in the mysql_fix_privilege_tables.sql script.
scripts/mysql_system_tables.sql:
reset sql mode
- Allow mysql_install_db to be run a second time in the same
datadir to create and fill any missing system tables
scripts/mysql_install_db.sh:
Remove check that dissallowed running mysql_install_db a second time
in same directory
scripts/mysql_system_tables.sql:
Save information about if tables db and user already existed
scripts/mysql_system_tables_data.sql:
Fill tables db and user with initial data if tables
didn't already exist.
- Split out initial data in mysql_system_tables.sql to it's own file
- Use file from mysql_install_db and mysql-test-run
scripts/mysql_system_tables_fix.sql:
Rename: scripts/mysql_fix_privilege_tables.sql.in -> scripts/mysql_system_tables_fix.sql
mysql-test/mysql-test-run.pl:
- Add mysql_system_tables_data.sql as part of the bootstrap
- Remove the addition of pid to end of bootstrap.sql, now
to file used for bootstrap will be $opt_vardir/tmp/bootstrap.sql
- Improve error message descibing how to find cause of a
failed bootstrap
scripts/Makefile.am:
- Rename mysql_fix_privileg_tables.sql.in to mysql_system_tables_fix.sql
- Build mysql_fix_privilege_tables from mysql_system_tables.sql and
mysql_system_tables_fix.sql
- Add mysql_system_tables_fix.sql to EXTRA_DIST
scripts/mysql_install_db.sh:
- Use mysql_system_tables_data.sql file when bootstrapping
mysql, it will contain initial data for MysQL system tables
scripts/mysql_system_tables.sql:
Move initial data for system tables to it's own file
scripts/mysql_system_tables_data.sql:
Move initial data for system tables to it's own file
- Remove DEFAULT values for blob's in mysql_system_tables.sql
scripts/mysql_system_tables.sql:
Remove attempt to set default value for blob columns since
they can't have any. Depending on 'sql_mode' the default values
has either been silently dropped or thrown an error as reported
by the bug.
- Escape undercore character in mysql.db to only allow
access test_% and not test%
scripts/mysql_system_tables.sql:
underscore is a wildcard character so it need to be
expaed to only match one _
- Use mysql_system_tables.sql to create MySQL system tables in
all places where we create them(mysql_install_db, mysql-test-run-pl
and mysql_fix_privilege_tables.sql)
BitKeeper/deleted/.del-init_db.sql:
Rename: mysql-test/init_db.sql -> BitKeeper/deleted/.del-init_db.sql
BitKeeper/deleted/.del-init_db.sql~a77d572c39d5a1f8:
Rename: mysql-test/lib/init_db.sql -> BitKeeper/deleted/.del-init_db.sql~a77d572c39d5a1f8
BitKeeper/deleted/.del-mysql_create_system_tables.sh:
Rename: scripts/mysql_create_system_tables.sh -> BitKeeper/deleted/.del-mysql_create_system_tables.sh
BitKeeper/etc/ignore:
Added scripts/mysql_fix_privilege_tables.sql to the ignore list
mysql-test/Makefile.am:
lib/init_db.sql has been removed
mysql-test/mysql-test-run.pl:
- Build var/tmp/bootstrap.sql from mysql_system_tables.sql,
mysql_test_data_timezone.sql and fill_help_tables.sql and use
it when bootsraping the system tables to use during test.
mysql-test/r/create.result:
Update result file
mysql-test/r/derived.result:
Update result file
mysql-test/r/join.result:
Update result file
mysql-test/r/mysql_upgrade.result:
Update result file
mysql-test/r/sp-security.result:
Update result file
mysql-test/t/create.test:
Add user mysqltest_1 before trying to connect as that user - no
anon users by default anymore
mysql-test/t/derived.test:
Add user mysqltest_1 before trying to connect as that user - no
anon users by default anymore
mysql-test/t/grant2.test:
Add anonymous users for part of thes that need it.
mysql-test/t/grant_cache.test:
Add anonymous users for part of thes that need it.
mysql-test/t/init_connect.test:
Add anonymous users for part of thes that need it.
mysql-test/t/lock_multi.test:
Add anonymous users for part of thes that need it.
mysql-test/t/ndb_basic.test:
Connect as "root", blank user will take currently logged in
username
mysql-test/t/ndb_index_ordered.test:
Connect as "root", blank user will take currently logged in
username
mysql-test/t/ndb_multi.test:
Connect as "root", blank user will take currently logged in
username
mysql-test/t/overflow.test:
Connect as root - no anonymous users by default anymore
mysql-test/t/rpl_temporary.test:
Add anonymous users for the test
mysql-test/t/xa.test:
Connect as "root", blank user wil pick currently logged in user
scripts/Makefile.am:
Remove mysql_create_system_tables.sh
Add mysql_system_tables.sql and mysql_test_data_timezone.sql
Build mysql_fix_privilege_tables.sql from mysql_system_tables.sql
and mysql_fix_privilege_tables.sql.in
scripts/mysql_fix_privilege_tables.sh:
Update message describing what the script does
scripts/mysql_fix_privilege_tables.sql.in:
Remove the part that creates system tables as that will be added to
mysql_fix_privileg_tables.sql from mysql_system_tables.sql
Change all comments to use #
scripts/mysql_install_db.sh:
Use mysql_system_tables.sql to create the MySQL system tables
Update comments and indentation
Add more descriptive comments about --windows switch
Reduce number of hardcoded names for the SQL files the script
looks for
mysql-test/include/add_anonymous_users.inc:
New BitKeeper file ``mysql-test/include/add_anonymous_users.inc''
mysql-test/include/delete_anonymous_users.inc:
New BitKeeper file ``mysql-test/include/delete_anonymous_users.inc''
scripts/mysql_system_tables.sql:
New BitKeeper file ``scripts/mysql_system_tables.sql''
scripts/mysql_test_data_timezone.sql:
New BitKeeper file ``scripts/mysql_test_data_timezone.sql''
