Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
40a0199e
Commit
40a0199e
authored
Dec 30, 2004
by
unknown
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
unsufficient privilege checks in GRANT, when a grantor has column-level privileges
parent
4ba981e5
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
55 additions
and
55 deletions
+55
-55
mysql-test/r/alter_table.result
mysql-test/r/alter_table.result
+1
-1
mysql-test/r/grant.result
mysql-test/r/grant.result
+1
-1
mysql-test/r/grant_cache.result
mysql-test/r/grant_cache.result
+3
-3
sql/sql_acl.cc
sql/sql_acl.cc
+50
-50
No files found.
mysql-test/r/alter_table.result
View file @
40a0199e
...
...
@@ -121,7 +121,7 @@ create database mysqltest;
create table mysqltest.t1 (a int,b int,c int);
grant all on mysqltest.t1 to mysqltest_1@localhost;
alter table t1 rename t2;
insert
command denied to user: 'mysqltest_1@localhost' for table 't2'
INSERT,CREATE
command denied to user: 'mysqltest_1@localhost' for table 't2'
revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
drop database mysqltest;
...
...
mysql-test/r/grant.result
View file @
40a0199e
...
...
@@ -198,7 +198,7 @@ GRANT UPDATE (d) ON `mysqltest_2`.`t2` TO 'mysqltest_3'@'localhost'
update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1;
UPDATE command denied to user: 'mysqltest_3@localhost' for column 'q' in table 't1'
update mysqltest_1.t1, mysqltest_2.t2 set d=20 where d=1;
select
command denied to user: 'mysqltest_3@localhost' for table 't1'
SELECT
command denied to user: 'mysqltest_3@localhost' for table 't1'
update mysqltest_2.t1, mysqltest_1.t2 set c=20 where b=1;
UPDATE command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
update mysqltest_2.t1, mysqltest_2.t2 set d=10 where s=2;
...
...
mysql-test/r/grant_cache.result
View file @
40a0199e
...
...
@@ -121,7 +121,7 @@ a b c a
1 1 1 test.t1
2 2 2 test.t1
select * from t2;
select
command denied to user: 'mysqltest_2@localhost' for table 't2'
SELECT
command denied to user: 'mysqltest_2@localhost' for table 't2'
show status like "Qcache_queries_in_cache";
Variable_name Value
Qcache_queries_in_cache 6
...
...
@@ -135,7 +135,7 @@ select "user3";
user3
user3
select * from t1;
select
command denied to user: 'mysqltest_3@localhost' for column 'b' in table 't1'
SELECT
command denied to user: 'mysqltest_3@localhost' for column 'b' in table 't1'
select a from t1;
a
1
...
...
@@ -143,7 +143,7 @@ a
select c from t1;
SELECT command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
select * from t2;
select
command denied to user: 'mysqltest_3@localhost' for table 't2'
SELECT
command denied to user: 'mysqltest_3@localhost' for table 't2'
select mysqltest.t1.c from test.t1,mysqltest.t1;
SELECT command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
show status like "Qcache_queries_in_cache";
...
...
sql/sql_acl.cc
View file @
40a0199e
...
...
@@ -2134,37 +2134,57 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
DBUG_RETURN
(
-
1
);
}
if
(
columns
.
elements
&&
!
revoke_grant
)
if
(
!
revoke_grant
)
{
TABLE
*
table
;
class
LEX_COLUMN
*
column
;
List_iterator
<
LEX_COLUMN
>
column_iter
(
columns
);
if
(
!
(
table
=
open_ltable
(
thd
,
table_list
,
TL_READ
)))
DBUG_RETURN
(
-
1
);
while
((
column
=
column_iter
++
))
if
(
columns
.
elements
&&
!
revoke_grant
)
{
if
(
!
find_field_in_table
(
thd
,
table
,
column
->
column
.
ptr
(),
column
->
column
.
length
(),
0
,
0
))
TABLE
*
table
;
class
LEX_COLUMN
*
column
;
List_iterator
<
LEX_COLUMN
>
column_iter
(
columns
);
if
(
!
(
table
=
open_ltable
(
thd
,
table_list
,
TL_READ
)))
DBUG_RETURN
(
-
1
);
while
((
column
=
column_iter
++
))
{
my_printf_error
(
ER_BAD_FIELD_ERROR
,
ER
(
ER_BAD_FIELD_ERROR
),
MYF
(
0
),
column
->
column
.
c_ptr
(),
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
Field
*
f
=
find_field_in_table
(
thd
,
table
,
column
->
column
.
ptr
(),
column
->
column
.
length
(),
1
,
0
);
if
(
!
f
)
{
my_printf_error
(
ER_BAD_FIELD_ERROR
,
ER
(
ER_BAD_FIELD_ERROR
),
MYF
(
0
),
column
->
column
.
c_ptr
(),
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
}
if
(
f
==
(
Field
*
)
-
1
)
{
DBUG_RETURN
(
-
1
);
}
column_priv
|=
column
->
rights
;
}
c
olumn_priv
|=
column
->
rights
;
c
lose_thread_tables
(
thd
)
;
}
close_thread_tables
(
thd
);
}
else
if
(
!
(
rights
&
CREATE_ACL
)
&&
!
revoke_grant
)
{
char
buf
[
FN_REFLEN
];
sprintf
(
buf
,
"%s/%s/%s.frm"
,
mysql_data_home
,
table_list
->
db
,
table_list
->
real_name
);
fn_format
(
buf
,
buf
,
""
,
""
,
4
+
16
+
32
);
if
(
access
(
buf
,
F_OK
))
else
{
my_error
(
ER_NO_SUCH_TABLE
,
MYF
(
0
),
table_list
->
db
,
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
if
(
!
(
rights
&
CREATE_ACL
))
{
char
buf
[
FN_REFLEN
];
sprintf
(
buf
,
"%s/%s/%s.frm"
,
mysql_data_home
,
table_list
->
db
,
table_list
->
real_name
);
fn_format
(
buf
,
buf
,
""
,
""
,
4
+
16
+
32
);
if
(
access
(
buf
,
F_OK
))
{
my_error
(
ER_NO_SUCH_TABLE
,
MYF
(
0
),
table_list
->
db
,
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
}
}
if
(
table_list
->
grant
.
want_privilege
)
{
char
command
[
128
];
get_privilege_desc
(
command
,
sizeof
(
command
),
table_list
->
grant
.
want_privilege
);
my_error
(
ER_TABLEACCESS_DENIED_ERROR
,
MYF
(
0
),
command
,
thd
->
priv_user
,
thd
->
host_or_ip
,
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
}
}
}
...
...
@@ -2189,7 +2209,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
*/
if
(
thd
->
slave_thread
&&
table_rules_on
)
{
/*
/*
The tables must be marked "updating" so that tables_ok() takes them into
account in tests.
*/
...
...
@@ -2636,25 +2656,8 @@ err:
pthread_mutex_unlock
(
&
LOCK_grant
);
if
(
!
no_errors
)
// Not a silent skip of table
{
const
char
*
command
=
""
;
if
(
want_access
&
SELECT_ACL
)
command
=
"select"
;
else
if
(
want_access
&
INSERT_ACL
)
command
=
"insert"
;
else
if
(
want_access
&
UPDATE_ACL
)
command
=
"update"
;
else
if
(
want_access
&
DELETE_ACL
)
command
=
"delete"
;
else
if
(
want_access
&
DROP_ACL
)
command
=
"drop"
;
else
if
(
want_access
&
CREATE_ACL
)
command
=
"create"
;
else
if
(
want_access
&
ALTER_ACL
)
command
=
"alter"
;
else
if
(
want_access
&
INDEX_ACL
)
command
=
"index"
;
else
if
(
want_access
&
GRANT_ACL
)
command
=
"grant"
;
char
command
[
128
];
get_privilege_desc
(
command
,
sizeof
(
command
),
want_access
);
net_printf
(
&
thd
->
net
,
ER_TABLEACCESS_DENIED_ERROR
,
command
,
thd
->
priv_user
,
...
...
@@ -2767,11 +2770,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access, TABLE *table)
err:
pthread_mutex_unlock
(
&
LOCK_grant
);
const
char
*
command
=
""
;
if
(
want_access
&
SELECT_ACL
)
command
=
"select"
;
else
if
(
want_access
&
INSERT_ACL
)
command
=
"insert"
;
char
command
[
128
];
get_privilege_desc
(
command
,
sizeof
(
command
),
want_access
);
my_printf_error
(
ER_COLUMNACCESS_DENIED_ERROR
,
ER
(
ER_COLUMNACCESS_DENIED_ERROR
),
MYF
(
0
),
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment