regex_policy patterns are case-senstive

Bug #956153 reported by Daniel Nichter on 2012-03-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Vladimir Cernov

Bug Description

regex_policy plugin patterns are case-senstive but Drizzle is not case-senstive.

To reproduce:

1. create schema daniel
2. Use policy "daniel schema=daniel ACCEPT"
3. Login user=daniel and schema appears, OK, but...
4. Use policy "daniel schema=DANIEL ACCEPT" _or_ "DANIEL schema=daniel ACCEPT"
5. Login user=daniel and schema does not appear

Suggested fix: make all patterns case-insenstive by default. Maybe add an option: if there's a need for case-sensitivity?

Partial workaround:

daniel schema=daniel ACCEPT
daniel schema=DANIEL ACCEPT

That doesn't cover schema=Daniel, schema=DaNiEl, etc.

Henrik Ingo (hingo) wrote :

Seems like you could indeed just transform all the regexps to case insensitive, since all objects are that too. I don't think an option is even needed. (Or can be added later.)

This is clearly low-hanging-fruit

tags: added: low-hanging-fruit
Daniel Nichter (daniel-nichter) wrote :

There seems to be an internal difference, too, at least for whether it's DATA_DICTIONARY or data_dictionary:

drizzle> show schemas;
ERROR 1044 (42000): Access denied for user 'daniel' to schema 'data_dictionary'

drizzle> use DATA_DICTIONARY;
Schema changed

drizzle> show tables;
ERROR 1044 (42000): Access denied for user 'daniel' to schema 'data_dictionary'

Henrik Ingo (hingo) wrote :

Isn't this just consistent with how you describe the bug in general? It would also be fixed if the regexps are made case-insensitive.

Clint Byrum (clint-fewbar) wrote :

I think making it case-insensitivity is the right way to go, and should be fairly simple to enable. Perhaps the test cases should also be fleshed out at the same time to ensure that this isn't forgotten later.

Changed in drizzle:
assignee: nobody → Vladimir Cernov (cernov-vladimir)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers