Commit 22e41dae authored by Nikita Malyavin's avatar Nikita Malyavin Committed by Oleksandr Byelkin

MDEV-32501 KEY_PERIOD_USAGE reveals information to unprivileged user

Restrict access to KEY_PERIOD_USAGE: show the constraint record iff any
non-select privilege on any table column is granted.

Also drop the unprivileged user in the end of test and add merge anchor.
parent 5c2f8c01
...@@ -30,6 +30,12 @@ TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PERIOD START_COLUMN_NAME END_COLUMN_NAME ...@@ -30,6 +30,12 @@ TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PERIOD START_COLUMN_NAME END_COLUMN_NAME
connection default; connection default;
grant select(id) on test.t1 to periods_hidden@localhost; grant select(id) on test.t1 to periods_hidden@localhost;
connection chopped; connection chopped;
connection default;
revoke select(id) on test.t1 from periods_hidden@localhost;
connection chopped;
connection default;
grant update(id) on test.t1 to periods_hidden@localhost;
connection chopped;
select * from information_schema.periods where table_schema = 'test'; select * from information_schema.periods where table_schema = 'test';
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PERIOD START_COLUMN_NAME END_COLUMN_NAME TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PERIOD START_COLUMN_NAME END_COLUMN_NAME
def test t1 mytime NULL NULL def test t1 mytime NULL NULL
...@@ -56,7 +62,6 @@ def test t1 mytime s NULL ...@@ -56,7 +62,6 @@ def test t1 mytime s NULL
def test t2 SYSTEM_TIME vs ve def test t2 SYSTEM_TIME vs ve
def test t2 mytime s e def test t2 mytime s e
connection default; connection default;
drop user periods_hidden@localhost;
drop tables t1, t2; drop tables t1, t2;
# MDEV-32503 Queries from KEY_PERIOD_USAGE don't obey case-sensitivity # MDEV-32503 Queries from KEY_PERIOD_USAGE don't obey case-sensitivity
create table t (a int, b date, c date, period for app(b,c), create table t (a int, b date, c date, period for app(b,c),
...@@ -80,3 +85,34 @@ select constraint_name from information_schema.key_period_usage where constraint ...@@ -80,3 +85,34 @@ select constraint_name from information_schema.key_period_usage where constraint
constraint_name constraint_name
idx idx
drop table t; drop table t;
# MDEV-32501 KEY_PERIOD_USAGE reveals information to unprivileged user
create table t (a int, b date, c date, f int, period for app(b, c),
primary key(a, app without overlaps));
grant select (f) on t to periods_hidden@localhost;
connection chopped;
select period_name from information_schema.key_period_usage where table_name = 't';
period_name
connection default;
grant update (f) on t to periods_hidden@localhost;
connection chopped;
select 'can be seen', constraint_name, period_name from information_schema.key_period_usage where table_name = 't';
can be seen constraint_name period_name
can be seen PRIMARY app
connection default;
revoke update (f) on t from periods_hidden@localhost;
connection chopped;
update t set f = 1;
ERROR 42000: UPDATE command denied to user 'periods_hidden'@'localhost' for table `test`.`t`
select period_name from information_schema.key_period_usage where table_name = 't';
period_name
connection default;
grant alter on t to periods_hidden@localhost;
connection chopped;
select 'can be seen', constraint_name, period_name from information_schema.key_period_usage where table_name = 't';
can be seen constraint_name period_name
can be seen PRIMARY app
connection default;
drop table t;
disconnect chopped;
connection default;
drop user periods_hidden@localhost;
...@@ -29,6 +29,14 @@ select * from information_schema.periods where table_schema = 'test'; ...@@ -29,6 +29,14 @@ select * from information_schema.periods where table_schema = 'test';
grant select(id) on test.t1 to periods_hidden@localhost; grant select(id) on test.t1 to periods_hidden@localhost;
--connection chopped --connection chopped
--sorted_result --sorted_result
--connection default
revoke select(id) on test.t1 from periods_hidden@localhost;
--connection chopped
--sorted_result
--connection default
grant update(id) on test.t1 to periods_hidden@localhost;
--connection chopped
--sorted_result
select * from information_schema.periods where table_schema = 'test'; select * from information_schema.periods where table_schema = 'test';
--connection default --connection default
grant select(s) on test.t1 to periods_hidden@localhost; grant select(s) on test.t1 to periods_hidden@localhost;
...@@ -46,7 +54,6 @@ grant update on test.t2 to periods_hidden@localhost; ...@@ -46,7 +54,6 @@ grant update on test.t2 to periods_hidden@localhost;
--sorted_result --sorted_result
select * from information_schema.periods where table_schema = 'test'; select * from information_schema.periods where table_schema = 'test';
--connection default --connection default
drop user periods_hidden@localhost;
drop tables t1, t2; drop tables t1, t2;
--echo # MDEV-32503 Queries from KEY_PERIOD_USAGE don't obey case-sensitivity --echo # MDEV-32503 Queries from KEY_PERIOD_USAGE don't obey case-sensitivity
...@@ -72,3 +79,41 @@ select constraint_name from information_schema.key_period_usage where constraint ...@@ -72,3 +79,41 @@ select constraint_name from information_schema.key_period_usage where constraint
enable_warnings; enable_warnings;
drop table t; drop table t;
--echo # MDEV-32501 KEY_PERIOD_USAGE reveals information to unprivileged user
create table t (a int, b date, c date, f int, period for app(b, c),
primary key(a, app without overlaps));
grant select (f) on t to periods_hidden@localhost;
--connection chopped
select period_name from information_schema.key_period_usage where table_name = 't';
--connection default
grant update (f) on t to periods_hidden@localhost;
--connection chopped
select 'can be seen', constraint_name, period_name from information_schema.key_period_usage where table_name = 't';
--connection default
revoke update (f) on t from periods_hidden@localhost;
--connection chopped
--error ER_TABLEACCESS_DENIED_ERROR
update t set f = 1;
select period_name from information_schema.key_period_usage where table_name = 't';
--connection default
grant alter on t to periods_hidden@localhost;
--connection chopped
select 'can be seen', constraint_name, period_name from information_schema.key_period_usage where table_name = 't';
--connection default
drop table t;
#
# End of 11.4 tests
#
# Global cleanup
--disconnect chopped
--connection default
drop user periods_hidden@localhost;
...@@ -7789,6 +7789,13 @@ int get_schema_key_period_usage_record(THD *thd, TABLE_LIST *tables, ...@@ -7789,6 +7789,13 @@ int get_schema_key_period_usage_record(THD *thd, TABLE_LIST *tables,
if (!period_name) if (!period_name)
return 0; return 0;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Need any non-SELECT privilege on the table or any of its columns */
if (!get_schema_privileges_for_show(thd, tables, TABLE_ACLS & ~SELECT_ACL,
true))
return 0;
#endif
bool err= false; bool err= false;
for (uint k= 0; !err && k < keys_total; k++) for (uint k= 0; !err && k < keys_total; k++)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment