revno: 3690.1.180
|
committer: gopal.shankar@oracle.com
|
branch nick: mysql-flushpriv2
|
timestamp: Thu 2012-03-29 00:20:54 +0530
|
message:
|
Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
|
REQUIRES FLUSH PRIVILEGES
|
|
PROBLEM:
|
RENAME USER does not work as expected when from_user contains just
|
IP and to_user contains IP/MASK. Attempt to connect to MySQL using
|
renamed user fails. Attempts to connect succeed only after command
|
FLUSH PRIVILEGES.
|
|
ANALYSIS:
|
MySQL maintains access control list for users in global DYNAMIC ARRAY
|
'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
|
from mysql.user table.
|
|
For faster search we maintain HASH acl_check_hosts, which contains
|
user details with hostnames without any wild cards. All the users whose
|
host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.
|
|
ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
|
At the end of these operations init_check_hosts() is called to update
|
acl_check_hosts and acl_wild_cards based on 'acl_users'.
|
|
Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
|
REQUIRES FLUSH PRIVILEGES
|
|
PROBLEM:
|
RENAME USER does not work as expected when from_user contains just
|
IP and to_user contains IP/MASK. Attempt to connect to MySQL using
|
renamed user fails. Attempts to connect succeed only after command
|
FLUSH PRIVILEGES.
|
|
ANALYSIS:
|
MySQL maintains access control list for users in global DYNAMIC ARRAY
|
'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
|
from mysql.user table.
|
|
For faster search we maintain HASH acl_check_hosts, which contains
|
user details with hostnames without any wild cards. All the users whose
|
host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.
|
|
ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
|
At the end of these operations init_check_hosts() is called to update
|
acl_check_hosts and acl_wild_cards based on 'acl_users'.
|
|
During RENAME, when it updates 'acl_users' in handle_grant_struct(),
|
hostname is copied into 'acl_users' list updating only ACL_USER->hostname
|
but it does not update ACL_USER->host->ip, ACL_USER->host->ip_mask. This
|
is route cause for this bug.
|
|
FLUSH PRIVILEGES command invokes acl_reload(). This function updates all
|
members of ACL_USER->host (including ip and ip_mask). Hence attempts to connect
|
to MySQL succeeds there after.
|
|
FIX:
|
Make changes to handle_grant_struct() to properly update ACL_USER->host->ip,
|
ACL_USER->host->ip_mask. This is done using existing update_hostname().
|
|
Note:
|
In addition to the fix described above, the code related to acl_host_and_ip is
|
modified. The new code helps avoid doing similar mistakes, of updating
|
hostname, without updating ip_mask. These changes also improves the related code.
|
Bug
Major
MDEV-4784 merge test cases from 5.6
