Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5899

Merge problem in scripts/mysql_system_tables_data.sql disabled recent bugfixes

    XMLWordPrintable

    Details

      Description

      These two last changes in MySQL 5.1 scripts/mysql_system_tables_data.sql depend on @current_hostname which is set at the beginning of the script:

      revno: 4059
      revision-id: venkata.sidagam@oracle.com-20131031173244-9vf8hy0y4jepgkcj
      parent: balasubramanian.kandasamy@oracle.com-20131030030707-3qurl7q3l0qb8afc
      committer: Venkata Sidagam <venkata.sidagam@oracle.com>
      branch nick: 5.1
      timestamp: Thu 2013-10-31 23:02:44 +0530
      message:
        Bug #12917164 DROP USER CAN'T DROP USERS WITH LEGACY 
            UPPER CASE HOST NAME ANYMORE
        
        Description:
        It is not possible to drop users with host names with upper case
        letters in them. i.e DROP USER 'root'@'Tmp_Host_Name'; is failing
        with error.
        
        Analysis: Since the fix 11748570 we came up with lower case hostnames
        as standard. But in the current bug the hostname is created by
        mysql_install_db script is still having upper case hostnames. 
        So, if we have the hostname with upper case letters like(Tmp_Host_Name)
        then we will have as it is stored in the mysql.user table. 
        In this case if use "'DROP USER 'root'@'Tmp_Host_Name';" it gives 
        error because we do compare with the lower case of hostname since the 
        11748570 fix.
        
        Fix: We need to convert the hostname to lower case before storing into 
        the mysql.user table when we run the mysql_install_db script.

      revno: 3953
      revision-id: sujatha.sivakumar@oracle.com-20130219090111-98apjsj6myi5yrm1
      parent: harin.vadodaria@oracle.com-20130219064731-ggrchazff766r4gu
      committer: Sujatha Sivakumar <sujatha.sivakumar@oracle.com>
      branch nick: Bug11746817_mysql-5.1
      timestamp: Tue 2013-02-19 14:31:11 +0530
      message:
        Bug#11746817:MYSQL_INSTALL_DB CREATES WILDCARD GRANTS WHEN
        HOST HAS '_' IN THE HOSTNAME
        
        Problem:
        =======
        '_' and '%' are treated as a wildcards by the ACL code and
        this is documented in the manual. The problem with
        mysql_install_db is that it does not take this into account
        when creating the initial GRANT tables:
        
        --- cut ---
        REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y',
        'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
        'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',
        0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost';
        --- cut ---
        
        If @current_hostname contains any wildcard characters, then 
        a wildcard entry will be defined for the 'root' user, 
        which is a flaw.
        
        Analysis:
        ========
        As per the bug description when we have a hostname with a
        wildcard character in it, it allows clients from several other
        hosts with similar name pattern to connect to the server as root.
        For example, if the hostname is like 'host_.com' then the same
        name is logged in mysql.user table. This allows 'root' users
        from other hosts like 'host1.com', 'host2.com' ... to connect
        to the server as root user.
        
        While creating the intial GRANT tables we do not have a check
        for wildcard characters in hostname.
        
        Fix:
        ===
        As part of fix escape character "\" is added before wildcard
        character to make it a plain character, so that the one and
        only host with the exact name will be able to connect to the
        server.

      @current_hostname is set as a @@hostname converted to the lower case (for #12917164, a.k.a http://bugs.mysql.com/bug.php?id=62255) and with special symbols escaped (for #11746817). Later this variable is used for creating users in mysql.user.

      It went as is to MariaDB 5.1, but in MariaDB 5.2 the variable @current_hostname is still reset to initial @@hostname (as it used to be before the changes), so the modifications to the hostname get lost.

      revision-id: sergii@pisem.net-20140316125944-vcz27criv3mboxo1
      date: 2014-03-16 13:59:44 +0100
      build-date: 2014-03-19 04:02:43 +0400
      revno: 3230
      branch-nick: 5.2

      revision-id: sergii@pisem.net-20140316200301-s6v5h1t6d9feqwo9
      date: 2014-03-16 21:03:01 +0100
      build-date: 2014-03-19 04:03:03 +0400
      revno: 3773
      branch-nick: 5.3

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              serg Sergei Golubchik
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Git Integration