Commit 7df5635f authored by bell@sanja.is.com.ua's avatar bell@sanja.is.com.ua

after-review fix

parent 38caf865
...@@ -59,6 +59,9 @@ static void refresh_status(void); ...@@ -59,6 +59,9 @@ static void refresh_status(void);
static bool append_file_to_dir(THD *thd, char **filename_ptr, static bool append_file_to_dir(THD *thd, char **filename_ptr,
char *table_name); char *table_name);
inline bool single_table_command_access(THD *thd, ulong privilege,
TABLE_LIST *tables, int *res);
const char *any_db="*any*"; // Special symbol for check_access const char *any_db="*any*"; // Special symbol for check_access
const char *command_name[]={ const char *command_name[]={
...@@ -2286,21 +2289,8 @@ mysql_execute_command(THD *thd) ...@@ -2286,21 +2289,8 @@ mysql_execute_command(THD *thd)
if (check_db_used(thd,tables)) if (check_db_used(thd,tables))
goto error; goto error;
if (check_access(thd,UPDATE_ACL,tables->db,&tables->grant.privilege)) if (single_table_command_access(thd, UPDATE_ACL, tables, &res))
goto error;
{
// Show only 1 table for check_grant
TABLE_LIST *subselects_tables= tables->next;
tables->next= 0;
if (grant_option && check_grant(thd, UPDATE_ACL, tables))
goto error;
tables->next= subselects_tables;
// check rights on tables of subselect (if exists)
if (subselects_tables &&
(res= check_table_access(thd, SELECT_ACL, subselects_tables)))
goto error; goto error;
}
if (select_lex->item_list.elements != lex->value_list.elements) if (select_lex->item_list.elements != lex->value_list.elements)
{ {
...@@ -2355,22 +2345,9 @@ mysql_execute_command(THD *thd) ...@@ -2355,22 +2345,9 @@ mysql_execute_command(THD *thd)
my_bool update=(lex->value_list.elements ? UPDATE_ACL : 0); my_bool update=(lex->value_list.elements ? UPDATE_ACL : 0);
ulong privilege= (lex->duplicates == DUP_REPLACE ? ulong privilege= (lex->duplicates == DUP_REPLACE ?
INSERT_ACL | DELETE_ACL : INSERT_ACL | update); INSERT_ACL | DELETE_ACL : INSERT_ACL | update);
if (check_access(thd,privilege,tables->db,&tables->grant.privilege))
goto error; /* purecov: inspected */
{ if (single_table_command_access(thd, privilege, tables, &res))
// Show only 1 table for check_grant
TABLE_LIST *subselects_tables= tables->next;
tables->next= 0;
if (grant_option && check_grant(thd, privilege, tables))
goto error; goto error;
tables->next= subselects_tables;
// check rights on tables of subselect (if exists)
if (subselects_tables &&
(res= check_table_access(thd, SELECT_ACL, subselects_tables)))
goto error;
}
if (select_lex->item_list.elements != lex->value_list.elements) if (select_lex->item_list.elements != lex->value_list.elements)
{ {
...@@ -2453,22 +2430,8 @@ mysql_execute_command(THD *thd) ...@@ -2453,22 +2430,8 @@ mysql_execute_command(THD *thd)
break; break;
case SQLCOM_DELETE: case SQLCOM_DELETE:
{ {
if (check_access(thd,DELETE_ACL,tables->db,&tables->grant.privilege)) if (single_table_command_access(thd, DELETE_ACL, tables, &res))
goto error; /* purecov: inspected */
{
// Show only 1 table for check_grant
TABLE_LIST *subselects_tables= tables->next;
tables->next= 0;
if (grant_option && check_grant(thd, DELETE_ACL, tables))
goto error;
tables->next= subselects_tables;
// check rights on tables of subselect (if exists)
if (subselects_tables &&
(res= check_table_access(thd, SELECT_ACL, subselects_tables)))
goto error; goto error;
}
// Set privilege for the WHERE clause // Set privilege for the WHERE clause
tables->grant.want_privilege=(SELECT_ACL & ~tables->grant.privilege); tables->grant.want_privilege=(SELECT_ACL & ~tables->grant.privilege);
...@@ -3128,6 +3091,44 @@ error: ...@@ -3128,6 +3091,44 @@ error:
} }
/*
Check grants for commands which work only with one table and all other
tables belong to subselects.
SYNOPSYS
single_table_command_access()
thd - Thread handler
privilege - asked privelage
tables - table list of command
res - pointer on result code variable
RETURN
0 - OK
1 - access denied
*/
inline bool single_table_command_access(THD *thd, ulong privilege,
TABLE_LIST *tables, int *res)
{
if (check_access(thd, privilege, tables->db, &tables->grant.privilege))
return 1;
// Show only 1 table for check_grant
TABLE_LIST *subselects_tables= tables->next;
tables->next= 0;
if (grant_option && check_grant(thd, privilege, tables))
return 1;
tables->next= subselects_tables;
// check rights on tables of subselect (if exists)
if (subselects_tables &&
(*res= check_table_access(thd, SELECT_ACL, subselects_tables)))
return 1;
return 0;
}
/**************************************************************************** /****************************************************************************
Get the user (global) and database privileges for all used tables Get the user (global) and database privileges for all used tables
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment