Bug #43444 RESTORE confused if image contains grants for users with certain names.
Submitted: 6 Mar 2009 9:16 Modified: 29 Aug 2009 23:16
Reporter: Rafal Somla Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Backup Severity:S3 (Non-critical)
Version:6.0 OS:Any
Assigned to: Jørgen Løland CPU Architecture:Any

[6 Mar 2009 9:16] Rafal Somla 
Description:
RESTORE code contains logic for checking if restored privileges have not been altered so that they will be applied to a wrong database (function bcat_create_item() in kernel.cc around line 2092). But this logic is based on parsing the serialization string of the privilege and this method can be easily confused if e.g. the name of the user or database has unexpected form.

How to repeat:
Run the following test case:

CREATE DATABASE db;
CREATE USER 'ON foo.';
GRANT SELECT ON db.* TO 'ON foo.';

BACKUP DATABASE db TO 'db.bkp';
DROP DATABASE db;
RESTORE FROM 'db.bkp';

another example:

CREATE DATABASE `db.x`;
CREATE USER tom;
GRANT SELECT ON `db.x`.* TO tom;

BACKUP DATABASE `db.x` TO 'db.bkp';
DROP DATABASE `db.x`;
RESTORE FROM 'db.bkp';

In both cases RESTORE fails with error:

1740: The grant <...> failed. Database not included in the backup image.

Suggested fix:
In si_objects, implement Grant_obj::get_db_name() method to correctly return the database for which the grant is defined. Then use it for the check in backup kernel.
[11 Mar 2009 0:10] Omer Barnir 
triage: setting to SR60RC (P2 is RC as needs to be fixed before GA ( backups should be able to be restored)
[6 Aug 2009 13:16] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/80272

2855 Jorgen Loland	2009-08-06
      BUG#43444 - RESTORE confused if image contains grants for 
      users with certain names.
      
      Before, RESTORE got confused if a username or objectname 
      (table, column etc) had to be quoted for a grant to work. 
      E.g.: "GRANT SELECT on `db.1`.`table.1` TO ...". This was
      Partially due to insuffiently sophisticated parsing of 
      grant strings in the restore code, and partially because
      these names were not quoted when GRANT was executed as
      part of RESTORE (i.e., the server rejected the statement).
      
      This path removes the parsing done in the restore code as 
      it is no longer needed, and adds backticks to all object-
      names for GRANT statements.
     @ mysql-test/suite/backup/r/backup_client.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_db_grants.result
        Added test for objects that need to be quoted for GRANT to work, and reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_db_grants_extra.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_namecase.result
        Remove test that checks if database name has been modified in the backup image.
     @ mysql-test/suite/backup/r/backup_table_grants.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_xpfm_compat_backup_lctn0.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_xpfm_compat_backup_lctn1.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/t/backup_db_grants.test
        Added test for objects that need to be quoted for GRANT to work
     @ mysql-test/suite/backup/t/backup_namecase.test
        Remove test that checks if database name has been modified in the backup image.
     @ sql/backup/kernel.cc
        Remove parsing of GRANT statements to check if they have been modified. This check does not make sense since GRANT statements can be injected anywhere in the backup image. Checking for modified statements need to be more sophisticated to make sense.
     @ sql/si_objects.cc
        Add backticks around object names for restore of GRANTs
[6 Aug 2009 13:47] Rafal Somla 
Good to push.
[6 Aug 2009 17:46] Chuck Bell 
Approved pending change requested (per your request).
[7 Aug 2009 7:51] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/80337

2856 Jorgen Loland	2009-08-07
      BUG#43444 - RESTORE confused if image contains grants for 
      users with certain names.
           
      Before, RESTORE got confused if a username or objectname 
      (table, column etc) had to be quoted for a grant to work. 
      E.g.: "GRANT SELECT on `db.1`.`table.1` TO ...". This was
      Partially due to insuffiently sophisticated parsing of 
      grant strings in the restore code, and partially because
      these names were not quoted when GRANT was executed as
      part of RESTORE (i.e., the server rejected the statement).
     @ mysql-test/suite/backup/r/backup_client.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_db_grants.result
        Added test for objects that need to be quoted for GRANT to work, and reflect that
        object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_db_grants_extra.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_namecase.result
        Remove test that checks if database name has been modified in the backup image.
     @ mysql-test/suite/backup/r/backup_table_grants.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_xpfm_compat_backup_lctn0.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_xpfm_compat_backup_lctn1.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/r/backup_xpfm_compat_backup_lctn2.result
        Reflect that object names are now enclosed in backticks (`<name>`)
     @ mysql-test/suite/backup/t/backup_db_grants.test
        Added test for objects that need to be quoted for GRANT to work
     @ mysql-test/suite/backup/t/backup_namecase.test
        Remove test that checks if database name has been modified in the backup image.
     @ sql/backup/kernel.cc
        Add backticks around object names for restore of GRANTs
     @ sql/si_objects.cc
        Remove parsing of GRANT statements to check if they have been modified. This check does not make sense since GRANT statements can be injected anywhere in the backup image. Checking for modified statements need to be more sophisticated to make sense.
[28 Aug 2009 10:01] Bugs System 
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090828100112-r73xkx8dhekz5bbb) (version source revid:jorgen.loland@sun.com-20090818084812-rlq2mh37241doswu) (merge vers: 5.4.4-alpha) (pib:11)
[29 Aug 2009 23:16] Paul DuBois 
Not in any released version. No changelog entry needed.