Merge branch 'mysql-5.6' into mysql-5.7

Daniel Blanchard · Daniel Blanchard · commit 41fb35a2df40 · 2018-12-20T15:07:12.000Z
diff --git a/mysql-test/r/mysqld--help-win.result b/mysql-test/r/mysqld--help-win.result
@@ -1449,7 +1449,7 @@ myisam-stats-method nulls_unequal
 myisam-use-mmap FALSE
 mysql-native-password-proxy-users FALSE
 named-pipe FALSE
-named-pipe-full-access-group everyone
+named-pipe-full-access-group *everyone*
 net-buffer-length 16384
 net-read-timeout 30
 net-retry-count 10
diff --git a/mysql-test/suite/sys_vars/r/named_pipe_full_access_group_basic.result b/mysql-test/suite/sys_vars/r/named_pipe_full_access_group_basic.result
@@ -1,17 +1,17 @@
 select @@global.named_pipe_full_access_group;
 @@global.named_pipe_full_access_group
-everyone
+*everyone*
 select @@session.named_pipe_full_access_group;
 ERROR HY000: Variable 'named_pipe_full_access_group' is a GLOBAL variable
 show global variables like 'named_pipe_full_access_group';
 Variable_name	Value
-named_pipe_full_access_group	everyone
+named_pipe_full_access_group	*everyone*
 show session variables like 'named_pipe_full_access_group';
 Variable_name	Value
-named_pipe_full_access_group	everyone
+named_pipe_full_access_group	*everyone*
 select * from performance_schema.global_variables where variable_name='named_pipe_full_access_group';
 VARIABLE_NAME	VARIABLE_VALUE
-named_pipe_full_access_group	everyone
+named_pipe_full_access_group	*everyone*
 select * from performance_schema.session_variables where variable_name='named_pipe_full_access_group';
 VARIABLE_NAME	VARIABLE_VALUE
-named_pipe_full_access_group	everyone
+named_pipe_full_access_group	*everyone*
diff --git a/sql/named_pipe.cc b/sql/named_pipe.cc
@@ -50,6 +50,13 @@ bool is_existing_windows_group_name(const char *group_name)
 
 bool is_valid_named_pipe_full_access_group(const char *group_name)
 {
+  // Treat the DEFAULT_NAMED_PIPE_FULL_ACCESS_GROUP value
+  // as a special case: we (later) convert it to the "world" SID
+  if (strcmp(group_name, DEFAULT_NAMED_PIPE_FULL_ACCESS_GROUP) == 0)
+  {
+    return true;
+  }
+
   if (!group_name || group_name[0] == '\0' ||
     is_existing_windows_group_name(group_name))
   {
@@ -74,25 +81,44 @@ bool my_security_attr_add_rights_to_group(SECURITY_ATTRIBUTES *psa,
   DWORD size_referencedDomainName= MAX_PATH;
   SID_NAME_USE sid_name_use;
 
-  if (!LookupAccountName(nullptr, group_name, soughtSID, &size_sid,
-    referencedDomainName, &size_referencedDomainName,
-    &sid_name_use))
+  // Treat the DEFAULT_NAMED_PIPE_FULL_ACCESS_GROUP value
+  // as a special case: we  convert it to the "world" SID
+  if (strcmp(group_name, DEFAULT_NAMED_PIPE_FULL_ACCESS_GROUP) == 0)
   {
-    DWORD last_error_num= GetLastError();
-    FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
-      NULL, last_error_num,
-      MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
-      sizeof(last_error_msg) / sizeof(TCHAR), NULL);
-    sql_print_error("my_security_attr_add_rights_to_group, LookupAccountName failed: %s",
-      last_error_msg);
-    return true;
+    if (!CreateWellKnownSid(WinWorldSid, NULL, soughtSID, &size_sid))
+    {
+      DWORD last_error_num= GetLastError();
+      FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
+                    NULL, last_error_num,
+                    MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
+                    sizeof(last_error_msg) / sizeof(TCHAR), NULL);
+      sql_print_error("my_security_attr_add_rights_to_group, CreateWellKnownSid failed: %s",
+                      last_error_msg);
+      return true;
+    }
   }
-
-  // sid_name_use is SidTypeAlias when group_name is a local group
-  if (sid_name_use != SidTypeAlias && sid_name_use != SidTypeWellKnownGroup)
+  else
   {
-    sql_print_error("LookupAccountName failed: unexpected sid_name_use");
-    return true;
+    if (!LookupAccountName(NULL, group_name, soughtSID, &size_sid,
+                           referencedDomainName, &size_referencedDomainName,
+                           &sid_name_use))
+    {
+      DWORD last_error_num= GetLastError();
+      FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
+                    NULL, last_error_num,
+                    MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
+                    sizeof(last_error_msg) / sizeof(TCHAR), NULL);
+      sql_print_error("my_security_attr_add_rights_to_group, LookupAccountName failed: %s",
+                      last_error_msg);
+      return true;
+    }
+
+    // sid_name_use is SidTypeAlias when group_name is a local group
+    if (sid_name_use != SidTypeAlias && sid_name_use != SidTypeWellKnownGroup)
+    {
+      sql_print_error("LookupAccountName failed: unexpected sid_name_use");
+      return true;
+    }
   }
 
   PACL pNewDACL= nullptr;
diff --git a/sql/named_pipe.h b/sql/named_pipe.h
@@ -35,5 +35,5 @@ bool is_valid_named_pipe_full_access_group(const char *group_name);
 bool my_security_attr_add_rights_to_group(SECURITY_ATTRIBUTES *psa,
   const char *group_name,
   DWORD group_rights);
-#define DEFAULT_NAMED_PIPE_FULL_ACCESS_GROUP "everyone"
+#define DEFAULT_NAMED_PIPE_FULL_ACCESS_GROUP "*everyone*"
 #endif /* NAMED_PIPE_INCLUDED */
