Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5999

MySQL Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY - REQUIRES FLUSH PRIVILEGES

    Details

    • Sprint:
      10.0.29, 10.0.30

      Description

      revno: 3690.1.180
      committer: gopal.shankar@oracle.com
      branch nick: mysql-flushpriv2
      timestamp: Thu 2012-03-29 00:20:54 +0530
      message:
        Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
                              REQUIRES FLUSH PRIVILEGES
       
        PROBLEM:
          RENAME USER does not work as expected when from_user contains just
        IP and to_user contains IP/MASK. Attempt to connect to MySQL using
        renamed user fails. Attempts to connect succeed only after command
        FLUSH PRIVILEGES.
       
        ANALYSIS:
          MySQL maintains access control list for users in global DYNAMIC ARRAY
        'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
        from mysql.user table.
       
          For faster search we maintain HASH acl_check_hosts, which contains
        user details with hostnames without any wild cards. All the users whose
        host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.
       
          ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
        At the end of these operations init_check_hosts() is called to update
        acl_check_hosts and  acl_wild_cards based on 'acl_users'.
       
        Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
                              REQUIRES FLUSH PRIVILEGES
       
        PROBLEM:
          RENAME USER does not work as expected when from_user contains just
        IP and to_user contains IP/MASK. Attempt to connect to MySQL using
        renamed user fails. Attempts to connect succeed only after command
        FLUSH PRIVILEGES.
       
        ANALYSIS:
          MySQL maintains access control list for users in global DYNAMIC ARRAY
        'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
        from mysql.user table.
       
          For faster search we maintain HASH acl_check_hosts, which contains
        user details with hostnames without any wild cards. All the users whose
        host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.
       
          ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
        At the end of these operations init_check_hosts() is called to update
        acl_check_hosts and  acl_wild_cards based on 'acl_users'.
       
          During RENAME, when it updates 'acl_users' in handle_grant_struct(),
        hostname is copied into 'acl_users' list updating only ACL_USER->hostname
        but it does not update ACL_USER->host->ip, ACL_USER->host->ip_mask. This
        is route cause for this bug.
       
          FLUSH PRIVILEGES command invokes acl_reload(). This function updates all
        members of ACL_USER->host (including ip and ip_mask). Hence attempts to connect
        to MySQL succeeds there after.
       
        FIX:
          Make changes to handle_grant_struct() to properly update ACL_USER->host->ip,
        ACL_USER->host->ip_mask. This is done using existing update_hostname().
       
        Note:
          In addition to the fix described above, the code related to acl_host_and_ip is
        modified. The new code helps avoid doing similar mistakes, of updating
        hostname, without updating ip_mask. These changes also improves the related code.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                svoj Sergey Vojtovich
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: