Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
7d2b182d
Commit
7d2b182d
authored
Dec 16, 2010
by
Martin Hansson
Browse files
Options
Browse Files
Download
Plain Diff
Merge.
parents
ff15ebdd
39036ca6
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
187 additions
and
0 deletions
+187
-0
mysql-test/r/grant.result
mysql-test/r/grant.result
+74
-0
mysql-test/t/grant.test
mysql-test/t/grant.test
+101
-0
sql/sql_base.cc
sql/sql_base.cc
+12
-0
No files found.
mysql-test/r/grant.result
View file @
7d2b182d
...
@@ -1156,4 +1156,78 @@ CURRENT_USER()
...
@@ -1156,4 +1156,78 @@ CURRENT_USER()
root@localhost
root@localhost
SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
SET PASSWORD FOR CURRENT_USER() = PASSWORD("");
SET PASSWORD FOR CURRENT_USER() = PASSWORD("");
# Bug#57952
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
use mysqltest1;
CREATE TABLE t1(a INT, b INT);
INSERT INTO t1 VALUES (1, 1);
CREATE TABLE t2(a INT);
INSERT INTO t2 VALUES (2);
CREATE TABLE mysqltest2.t3(a INT);
INSERT INTO mysqltest2.t3 VALUES (4);
CREATE USER testuser@localhost;
GRANT CREATE ROUTINE, EXECUTE ON mysqltest1.* TO testuser@localhost;
GRANT SELECT(b) ON t1 TO testuser@localhost;
GRANT SELECT ON t2 TO testuser@localhost;
GRANT SELECT ON mysqltest2.* TO testuser@localhost;
# Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
PREPARE s1 FROM 'SELECT b FROM t1';
PREPARE s2 FROM 'SELECT a FROM t2';
PREPARE s3 FROM 'SHOW TABLES FROM mysqltest2';
CREATE PROCEDURE p1() SELECT b FROM t1;
CREATE PROCEDURE p2() SELECT a FROM t2;
CREATE PROCEDURE p3() SHOW TABLES FROM mysqltest2;
CALL p1;
b
1
CALL p2;
a
2
CALL p3;
Tables_in_mysqltest2
t3
# Connection: default
REVOKE SELECT ON t1 FROM testuser@localhost;
GRANT SELECT(a) ON t1 TO testuser@localhost;
REVOKE SELECT ON t2 FROM testuser@localhost;
REVOKE SELECT ON mysqltest2.* FROM testuser@localhost;
# Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
# - Check column-level privileges...
EXECUTE s1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
SELECT b FROM t1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
EXECUTE s1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
CALL p1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
# - Check table-level privileges...
SELECT a FROM t2;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
EXECUTE s2;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
CALL p2;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
# - Check database-level privileges...
SHOW TABLES FROM mysqltest2;
ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
EXECUTE s3;
ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
CALL p3;
ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
# Connection: default
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER testuser@localhost;
use test;
End of 5.0 tests
End of 5.0 tests
mysql-test/t/grant.test
View file @
7d2b182d
...
@@ -1166,6 +1166,107 @@ SELECT CURRENT_USER();
...
@@ -1166,6 +1166,107 @@ SELECT CURRENT_USER();
SET
PASSWORD
FOR
CURRENT_USER
()
=
PASSWORD
(
"admin"
);
SET
PASSWORD
FOR
CURRENT_USER
()
=
PASSWORD
(
"admin"
);
SET
PASSWORD
FOR
CURRENT_USER
()
=
PASSWORD
(
""
);
SET
PASSWORD
FOR
CURRENT_USER
()
=
PASSWORD
(
""
);
#
# Bug#57952: privilege change is not taken into account by EXECUTE.
#
--
echo
--
echo
# Bug#57952
--
echo
--
disable_warnings
DROP
DATABASE
IF
EXISTS
mysqltest1
;
DROP
DATABASE
IF
EXISTS
mysqltest2
;
--
enable_warnings
CREATE
DATABASE
mysqltest1
;
CREATE
DATABASE
mysqltest2
;
use
mysqltest1
;
CREATE
TABLE
t1
(
a
INT
,
b
INT
);
INSERT
INTO
t1
VALUES
(
1
,
1
);
CREATE
TABLE
t2
(
a
INT
);
INSERT
INTO
t2
VALUES
(
2
);
CREATE
TABLE
mysqltest2
.
t3
(
a
INT
);
INSERT
INTO
mysqltest2
.
t3
VALUES
(
4
);
CREATE
USER
testuser
@
localhost
;
GRANT
CREATE
ROUTINE
,
EXECUTE
ON
mysqltest1
.*
TO
testuser
@
localhost
;
GRANT
SELECT
(
b
)
ON
t1
TO
testuser
@
localhost
;
GRANT
SELECT
ON
t2
TO
testuser
@
localhost
;
GRANT
SELECT
ON
mysqltest2
.*
TO
testuser
@
localhost
;
--
echo
--
echo
# Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
--
connect
(
bug57952_con1
,
localhost
,
testuser
,,
mysqltest1
)
PREPARE
s1
FROM
'SELECT b FROM t1'
;
PREPARE
s2
FROM
'SELECT a FROM t2'
;
PREPARE
s3
FROM
'SHOW TABLES FROM mysqltest2'
;
CREATE
PROCEDURE
p1
()
SELECT
b
FROM
t1
;
CREATE
PROCEDURE
p2
()
SELECT
a
FROM
t2
;
CREATE
PROCEDURE
p3
()
SHOW
TABLES
FROM
mysqltest2
;
CALL
p1
;
CALL
p2
;
CALL
p3
;
--
echo
--
echo
# Connection: default
--
connection
default
REVOKE
SELECT
ON
t1
FROM
testuser
@
localhost
;
GRANT
SELECT
(
a
)
ON
t1
TO
testuser
@
localhost
;
REVOKE
SELECT
ON
t2
FROM
testuser
@
localhost
;
REVOKE
SELECT
ON
mysqltest2
.*
FROM
testuser
@
localhost
;
--
echo
--
echo
# Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
--
connection
bug57952_con1
--
echo
# - Check column-level privileges...
--
error
ER_COLUMNACCESS_DENIED_ERROR
EXECUTE
s1
;
--
error
ER_COLUMNACCESS_DENIED_ERROR
SELECT
b
FROM
t1
;
--
error
ER_COLUMNACCESS_DENIED_ERROR
EXECUTE
s1
;
--
error
ER_COLUMNACCESS_DENIED_ERROR
CALL
p1
;
--
echo
# - Check table-level privileges...
--
error
ER_TABLEACCESS_DENIED_ERROR
SELECT
a
FROM
t2
;
--
error
ER_TABLEACCESS_DENIED_ERROR
EXECUTE
s2
;
--
error
ER_TABLEACCESS_DENIED_ERROR
CALL
p2
;
--
echo
# - Check database-level privileges...
--
error
ER_DBACCESS_DENIED_ERROR
SHOW
TABLES
FROM
mysqltest2
;
--
error
ER_DBACCESS_DENIED_ERROR
EXECUTE
s3
;
--
error
ER_DBACCESS_DENIED_ERROR
CALL
p3
;
--
echo
--
echo
# Connection: default
--
connection
default
--
disconnect
bug57952_con1
DROP
DATABASE
mysqltest1
;
DROP
DATABASE
mysqltest2
;
DROP
USER
testuser
@
localhost
;
use
test
;
--
echo
--
echo
End
of
5.0
tests
--
echo
End
of
5.0
tests
disconnect
master
;
disconnect
master
;
...
...
sql/sql_base.cc
View file @
7d2b182d
...
@@ -3657,6 +3657,8 @@ find_field_in_natural_join(THD *thd, TABLE_LIST *table_ref, const char *name,
...
@@ -3657,6 +3657,8 @@ find_field_in_natural_join(THD *thd, TABLE_LIST *table_ref, const char *name,
/*
/*
Find field by name in a base table or a view with temp table algorithm.
Find field by name in a base table or a view with temp table algorithm.
The caller is expected to check column-level privileges.
SYNOPSIS
SYNOPSIS
find_field_in_table()
find_field_in_table()
thd thread handler
thd thread handler
...
@@ -3753,6 +3755,8 @@ find_field_in_table(THD *thd, TABLE *table, const char *name, uint length,
...
@@ -3753,6 +3755,8 @@ find_field_in_table(THD *thd, TABLE *table, const char *name, uint length,
This procedure detects the type of the table reference 'table_list'
This procedure detects the type of the table reference 'table_list'
and calls the corresponding search routine.
and calls the corresponding search routine.
The routine checks column-level privieleges for the found field.
RETURN
RETURN
0 field is not found
0 field is not found
view_ref_found found value in VIEW (real result is in *ref)
view_ref_found found value in VIEW (real result is in *ref)
...
@@ -3944,8 +3948,16 @@ find_field_in_tables(THD *thd, Item_ident *item,
...
@@ -3944,8 +3948,16 @@ find_field_in_tables(THD *thd, Item_ident *item,
when table_ref->field_translation != NULL.
when table_ref->field_translation != NULL.
*/
*/
if
(
table_ref
->
table
&&
!
table_ref
->
view
)
if
(
table_ref
->
table
&&
!
table_ref
->
view
)
{
found
=
find_field_in_table
(
thd
,
table_ref
->
table
,
name
,
length
,
found
=
find_field_in_table
(
thd
,
table_ref
->
table
,
name
,
length
,
TRUE
,
&
(
item
->
cached_field_index
));
TRUE
,
&
(
item
->
cached_field_index
));
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Check if there are sufficient access rights to the found field. */
if
(
found
&&
check_privileges
&&
check_column_grant_in_table_ref
(
thd
,
table_ref
,
name
,
length
))
found
=
WRONG_GRANT
;
#endif
}
else
else
found
=
find_field_in_table_ref
(
thd
,
table_ref
,
name
,
length
,
item
->
name
,
found
=
find_field_in_table_ref
(
thd
,
table_ref
,
name
,
length
,
item
->
name
,
NULL
,
NULL
,
ref
,
check_privileges
,
NULL
,
NULL
,
ref
,
check_privileges
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment