Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 10.0.10
-
Fix Version/s: 10.0
-
Component/s: None
-
Labels:None
Description
revno: 3690.1.180
committer: gopal.shankar@oracle.com
branch nick: mysql-flushpriv2
timestamp: Thu 2012-03-29 00:20:54 +0530
message:
Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
REQUIRES FLUSH PRIVILEGES
PROBLEM:
RENAME USER does not work as expected when from_user contains just
IP and to_user contains IP/MASK. Attempt to connect to MySQL using
renamed user fails. Attempts to connect succeed only after command
FLUSH PRIVILEGES.
ANALYSIS:
MySQL maintains access control list for users in global DYNAMIC ARRAY
'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
from mysql.user table.
For faster search we maintain HASH acl_check_hosts, which contains
user details with hostnames without any wild cards. All the users whose
host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.
ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
At the end of these operations init_check_hosts() is called to update
acl_check_hosts and acl_wild_cards based on 'acl_users'.
Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
REQUIRES FLUSH PRIVILEGES
PROBLEM:
RENAME USER does not work as expected when from_user contains just
IP and to_user contains IP/MASK. Attempt to connect to MySQL using
renamed user fails. Attempts to connect succeed only after command
FLUSH PRIVILEGES.
ANALYSIS:
MySQL maintains access control list for users in global DYNAMIC ARRAY
'acl_users'. This list is updated by acl_reload(), which loads 'acl_users'
from mysql.user table.
For faster search we maintain HASH acl_check_hosts, which contains
user details with hostnames without any wild cards. All the users whose
host name contains wild cards are stored in DYNAMIC_ARRAY acl_wild_hosts.
ADD/DROP/RENAME user basically updates 'acl_users' along with mysql.user.
At the end of these operations init_check_hosts() is called to update
acl_check_hosts and acl_wild_cards based on 'acl_users'.
During RENAME, when it updates 'acl_users' in handle_grant_struct(),
hostname is copied into 'acl_users' list updating only ACL_USER->hostname
but it does not update ACL_USER->host->ip, ACL_USER->host->ip_mask. This
is route cause for this bug.
FLUSH PRIVILEGES command invokes acl_reload(). This function updates all
members of ACL_USER->host (including ip and ip_mask). Hence attempts to connect
to MySQL succeeds there after.
FIX:
Make changes to handle_grant_struct() to properly update ACL_USER->host->ip,
ACL_USER->host->ip_mask. This is done using existing update_hostname().
Note:
In addition to the fix described above, the code related to acl_host_and_ip is
modified. The new code helps avoid doing similar mistakes, of updating
hostname, without updating ip_mask. These changes also improves the related code.
Gliffy Diagrams
Attachments
Issue Links
- is part of
-
MDEV-4784 merge test cases from 5.6
-
- Stalled
-
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions