Bug#25541837 PRIVILEGE_SUPER=FALSE RESETS ALMOST ALL PERMISSIONS

maras007 · maras007 · commit 6af0cdd3a705 · 2017-03-01T17:40:26.000+01:00
Problem:
========
Invalid boolean operator used during removal of the specified privilege, using
the sec context service.

Fix:
====
Unary complement (bit inversion) applied during unsetting specified privilege,
using the sec context service.

Reviewed-by:
============
Georgi Kodinov &lt;georgi.kodinov@oracle.com&gt;
Steinar Gunderson &lt;steinar.gunderson@oracle.com&gt;
diff --git a/sql/auth/service_security_context.cc b/sql/auth/service_security_context.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.
@@ -307,18 +307,18 @@ my_svc_bool security_context_set_option(MYSQL_SECURITY_CONTEXT ctx,
     {
       my_svc_bool value= *(my_svc_bool *) pvalue;
       if (value)
-        ctx->set_master_access(ctx->master_access() | SUPER_ACL);
+        ctx->set_master_access(ctx->master_access() | (SUPER_ACL));
       else
-        ctx->set_master_access(ctx->master_access() & !(SUPER_ACL));
+        ctx->set_master_access(ctx->master_access() & ~(SUPER_ACL));
 
     }
     else if (!strcmp(name, "privilege_execute"))
     {
       my_svc_bool value= *(my_svc_bool *) pvalue;
       if (value)
-        ctx->set_master_access(ctx->master_access() | EXECUTE_ACL);
+        ctx->set_master_access(ctx->master_access() | (EXECUTE_ACL));
       else
-        ctx->set_master_access(ctx->master_access() & !(EXECUTE_ACL));
+        ctx->set_master_access(ctx->master_access() & ~(EXECUTE_ACL));
     }
     else
       return MY_SVC_TRUE; /** invalid option */
