Fixed privilege check problem with SELECT ... INTO OUTFILE

sql/sql_parse.cc: Fixed privilege check problem with SELECT ... INTO OUTFILE tests/grant.pl: Testing of grant problem with SELECT ... INTO OUTFILE tests/grant.res: Testing of grant problem with SELECT ... INTO OUTFILE

Fixed privilege check problem with SELECT ... INTO OUTFILE
sql/sql_parse.cc: Fixed privilege check problem with SELECT ... INTO OUTFILE tests/grant.pl: Testing of grant problem with SELECT ... INTO OUTFILE tests/grant.res: Testing of grant problem with SELECT ... INTO OUTFILE
7845e7f5 · unknown · e6ab3827 · 7845e7f5 · 7845e7f5 · 7845e7f5
Commit 7845e7f5 authored Jun 09, 2002 by unknown
Hide whitespace changes
Inline Side-by-side

Showing with 37 additions and 22 deletions

sql/sql_parse.cc sql/sql_parse.cc +4 -12

tests/grant.pl tests/grant.pl +19 -3

tests/grant.res tests/grant.res +14 -7

No files found.
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -2494,7 +2494,7 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
    *save_priv=thd->master_access;
    return FALSE;
  }
-  if ((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL) ||
+  if (((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL)) ||
      ! db && dont_check_global_grants)
  {						// We can never grant this
    if (!no_errors)
@@ -2513,7 +2513,8 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
 		      thd->priv_user, db); /* purecov: inspected */
  else
    db_access=thd->db_access;
-  want_access &= ~EXTRA_ACL;			// Remove SHOW attribute
+  // Remove SHOW attribute and access rights we already have
+  want_access &= ~(thd->master_access | EXTRA_ACL);
  db_access= ((*save_priv=(db_access | thd->master_access)) & want_access);

  /* grant_option is set if there exists a single table or column grant */
@@ -2567,16 +2568,7 @@ check_table_access(THD *thd,uint want_access,TABLE_LIST *tables,
    }
    else if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
 			  0, no_errors | grant_option))
-    {
-      if (grant_option) 
-      {
-	if ( check_access(thd,want_access & (uint) ~TABLE_ACLS,tables->db,&tables->grant.privilege,
-			  0, no_errors))
-	return TRUE;			
-      }
-      else
-	return TRUE;
-    }
+      return TRUE;
  }
  if (grant_option)
    return check_grant(thd,want_access & ~EXTRA_ACL,org_tables,

--- a/tests/grant.pl
+++ b/tests/grant.pl
@@ -8,9 +8,10 @@ use DBI;
 use Getopt::Long;
 use strict;

-use vars qw($dbh $user_dbh $opt_help $opt_Information $opt_force $opt_debug 
-	    $opt_verbose $opt_server $opt_root_user $opt_password $opt_user 
-	    $opt_database $opt_host $version $user $tables_cols $columns_cols);
+use vars qw($dbh $user_dbh $opt_help $opt_Information $opt_force $opt_debug
+	    $opt_verbose $opt_server $opt_root_user $opt_password $opt_user
+	    $opt_database $opt_host $version $user $tables_cols $columns_cols
+	    $tmp_table);

 $version="1.0";
 $opt_help=$opt_Information=$opt_force=$opt_debug=$opt_verbose=0;
@@ -35,6 +36,7 @@ $|=1;

 $tables_cols="Host, Db, User, Table_name, Grantor, Table_priv, Column_priv";
 $columns_cols="Host, Db, User, Table_name, Column_name, Column_priv";
+$tmp_table="/tmp/grant-$$.test";

 #
 # clear grant tables
@@ -294,6 +296,7 @@ safe_query("select $tables_cols from mysql.tables_priv");
 safe_query("revoke ALL PRIVILEGES on $opt_database.test from $user");
 safe_query("select $tables_cols from mysql.tables_priv");
 safe_query("revoke GRANT OPTION on $opt_database.test from $user",1);
+
 #
 # Test grants on database level
 #
@@ -387,11 +390,24 @@ safe_query("grant ALL PRIVILEGES on $opt_database.test to $user identified by 'd
 user_connect(0,"dummy");
 safe_query("grant SELECT on $opt_database.* to $user identified by ''");
 user_connect(0);
+safe_query("revoke SELECT on $opt_database.* from $user identified by ''");
+
+#
+# Test bug reported in SELECT INTO OUTFILE
+#
+
+safe_query("create table $opt_database.test3 (a int)");
+safe_query("grant SELECT on $opt_database.test3 to $user");
+safe_query("grant FILE on *.* to $user");
+safe_query("insert into $opt_database.test3 values (1)");
+user_connect(0);
+user_query("select * into outfile '$tmp_table' from $opt_database.test3");

 #
 # Clean up things
 #

+unlink($tmp_table);
 safe_query("drop database $opt_database");
 safe_query("delete from user where user='$opt_user'");
 safe_query("delete from db where user='$opt_user'");

--- a/tests/grant.res
+++ b/tests/grant.res
@@ -19,7 +19,7 @@ Access denied for user: 'grant_user@localhost' (Using password: NO)
 set password FOR grant_user=''
 Connecting grant_user
 select * from mysql.user where user = 'grant_user'
-localhost	grant_user		Y	N	N	N	N	N	N	N	N	N	N	N	N	N
+localhost	grant_user		Y	N	N	N	N	N	N	N	N	N	N	N	N	N	NONE			

 select * from mysql.db where user = 'grant_user'
 grant select on *.* to grant_user@localhost,grant_user@localhost
@@ -48,7 +48,7 @@ Error in execute: The host or user argument to GRANT is too long
 grant select on grant_test.test to grant_user with grant option
 Error in execute: grant command denied to user: 'grant_user@localhost' for table 'test'
 set password FOR ''@''=''
-Error in execute: You are using MySQL as an anonymous users and anonymous users are not allowed to change passwords
+Error in execute: Can't find any matching row in the user table
 set password FOR root@localhost = password('test')
 Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
 revoke select on *.* from grant_user@localhost
@@ -93,7 +93,7 @@ delete from user where user='grant_user'
 flush privileges
 grant select on grant_test.* to grant_user@localhost
 select * from mysql.user where user = 'grant_user'
-localhost	grant_user		N	N	N	N	N	N	N	N	N	N	N	N	N	N
+localhost	grant_user		N	N	N	N	N	N	N	N	N	N	N	N	N	N	NONE			

 select * from mysql.db where user = 'grant_user'
 localhost	grant_test	grant_user	Y	N	N	N	N	N	N	N	N	N
@@ -152,7 +152,7 @@ insert into mysql.user (host,user) values ('error','grant_user',0)
 Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
 revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost
 select * from mysql.user where user = 'grant_user'
-localhost	grant_user		N	N	N	N	N	N	N	N	N	N	N	N	N	N
+localhost	grant_user		N	N	N	N	N	N	N	N	N	N	N	N	N	N	NONE			

 select * from mysql.db where user = 'grant_user'
 Connecting grant_user
@@ -168,7 +168,7 @@ Error in execute: select command denied to user: 'grant_user@localhost' for tabl
 show keys from test
 Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
 show columns from test2
-a	int(11)			0		
+a	int(11)			0	

 show keys from test2
 select * from test
@@ -311,8 +311,8 @@ revoke GRANT OPTION on grant_test.test from grant_user@localhost
 Error in execute: There is no such grant defined for user 'grant_user' on host 'localhost' on table 'test'
 grant select(a) on grant_test.test to grant_user@localhost
 show columns from test
-a	int(11)	YES		NULL		select
-b	int(11)	YES		NULL		
+a	int(11)	YES		NULL	
+b	int(11)	YES		NULL	

 grant insert (b), update (b) on grant_test.test to grant_user@localhost
 select count(a) from test
@@ -437,6 +437,13 @@ grant ALL PRIVILEGES on grant_test.test to grant_user@localhost identified by 'd
 Connecting grant_user
 grant SELECT on grant_test.* to grant_user@localhost identified by ''
 Connecting grant_user
+revoke SELECT on grant_test.* from grant_user@localhost identified by ''
+create table grant_test.test3 (a int)
+grant SELECT on grant_test.test3 to grant_user@localhost
+grant FILE on *.* to grant_user@localhost
+insert into grant_test.test3 values (1)
+Connecting grant_user
+select * into outfile '/tmp/grant-11047.test' from grant_test.test3
 drop database grant_test
 delete from user where user='grant_user'
 delete from db where user='grant_user'