Commit a134f1eb authored by Anel Husakovic's avatar Anel Husakovic Committed by Vicențiu Ciorbaru

PR #1127 and PR #1150

PR#1127: Fix is_check_constraints.result to be compatibile with 10.3

The patch is done according to the original patch for MDEV-14474
1edd09c325525cba33152 and not one which is merged on server
d526679e.
This patch includes:
- Rename from `is_check_constraint` to `is_check_constraints` to tests
and results
- Per review, change the order of fields in IS check_constraints table by adding
the column `table_name` before `constraint_name`. According to the standard
2006 there is no `table_name` column.
- Original patch and one in `10.3` supports embedded server this patch doesn't
support. After the merge `10.3` will not support also.
- Don't use patch c8b8b01b61 to change the length of `CHECK_CLAUSE` field

PR#1150: MDEV-18440: Information_schema.check_constraints possible data leak

This patch is extension of PR 1127 and includes:
- Check for table grants
- Additional test according to the MDEV specification
parent f0aa073f
...@@ -119,3 +119,29 @@ disconnect con1; ...@@ -119,3 +119,29 @@ disconnect con1;
connection default; connection default;
DROP USER boo1; DROP USER boo1;
DROP USER boo2; DROP USER boo2;
#
# MDEV-18440: Information_schema.check_constraints possible data leak
#
CREATE USER foo;
CREATE DATABASE db;
USE db;
CREATE TABLE t1 (a int, b int, CONSTRAINT CHECK (b > 0));
INSERT INTO t1 VALUES (1, 2), (2, 3);
GRANT SELECT (a) ON t1 TO foo;
SHOW GRANTS FOR foo;
Grants for foo@%
GRANT USAGE ON *.* TO 'foo'@'%'
GRANT SELECT (a) ON `db`.`t1` TO 'foo'@'%'
SELECT * FROM information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA TABLE_NAME CONSTRAINT_NAME CHECK_CLAUSE
def db t1 CONSTRAINT_1 `b` > 0
CONNECT con1,localhost, foo,, db;
SELECT a FROM t1;
a
1
2
SELECT * FROM information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA TABLE_NAME CONSTRAINT_NAME CHECK_CLAUSE
connection default;
DROP USER foo;
DROP DATABASE db;
...@@ -40,7 +40,7 @@ CREATE TABLE t1 ...@@ -40,7 +40,7 @@ CREATE TABLE t1
CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints
CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint
) ENGINE=InnoDB; ) ENGINE=InnoDB;
--sorted_result --sorted_result
SELECT * from information_schema.check_constraints; SELECT * from information_schema.check_constraints;
ALTER TABLE t1 ALTER TABLE t1
...@@ -55,7 +55,7 @@ start_date DATE, ...@@ -55,7 +55,7 @@ start_date DATE,
end_date DATE, end_date DATE,
CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint
)ENGINE=Innodb; )ENGINE=Innodb;
--sorted_result --sorted_result
SELECT * from information_schema.check_constraints; SELECT * from information_schema.check_constraints;
ALTER TABLE t1 ALTER TABLE t1
...@@ -70,12 +70,12 @@ a int, ...@@ -70,12 +70,12 @@ a int,
b int check (b>0), # field constraint named 'b' b int check (b>0), # field constraint named 'b'
CONSTRAINT b check (b>10) # table constraint CONSTRAINT b check (b>10) # table constraint
) ENGINE=InnoDB; ) ENGINE=InnoDB;
--sorted_result --sorted_result
SELECT * from information_schema.check_constraints; SELECT * from information_schema.check_constraints;
DISCONNECT con1; DISCONNECT con1;
CONNECT(con2, localhost, boo2,, test); CONNECT(con2, localhost, boo2,, test);
--sorted_result --sorted_result
SELECT * from information_schema.check_constraints; SELECT * from information_schema.check_constraints;
DISCONNECT con2; DISCONNECT con2;
...@@ -90,3 +90,28 @@ DISCONNECT con1; ...@@ -90,3 +90,28 @@ DISCONNECT con1;
--CONNECTION default --CONNECTION default
DROP USER boo1; DROP USER boo1;
DROP USER boo2; DROP USER boo2;
--echo #
--echo # MDEV-18440: Information_schema.check_constraints possible data leak
--echo #
CREATE USER foo;
CREATE DATABASE db;
USE db;
CREATE TABLE t1 (a int, b int, CONSTRAINT CHECK (b > 0));
INSERT INTO t1 VALUES (1, 2), (2, 3);
GRANT SELECT (a) ON t1 TO foo;
SHOW GRANTS FOR foo;
--sorted_result
SELECT * FROM information_schema.check_constraints;
CONNECT(con1,localhost, foo,, db);
SELECT a FROM t1;
--sorted_result
SELECT * FROM information_schema.check_constraints;
--CONNECTION default
DROP USER foo;
DROP DATABASE db;
...@@ -6526,7 +6526,7 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables, ...@@ -6526,7 +6526,7 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables,
LEX_STRING *table_name) LEX_STRING *table_name)
{ {
DBUG_ENTER("get_check_constraints_record"); DBUG_ENTER("get_check_constraints_record");
if(res) if (res)
{ {
if (thd->is_error()) if (thd->is_error())
push_warning(thd, Sql_condition::WARN_LEVEL_WARN, push_warning(thd, Sql_condition::WARN_LEVEL_WARN,
...@@ -6535,15 +6535,32 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables, ...@@ -6535,15 +6535,32 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables,
thd->clear_error(); thd->clear_error();
DBUG_RETURN(0); DBUG_RETURN(0);
} }
if(!tables->view) if (!tables->view)
{ {
StringBuffer<MAX_FIELD_WIDTH> str(system_charset_info); StringBuffer<MAX_FIELD_WIDTH> str(system_charset_info);
#ifndef NO_EMBEDDED_ACCESS_CHECKS
TABLE_LIST table_acl_check;
bzero((char*) &table_acl_check, sizeof(table_acl_check));
#endif
for (uint i= 0; i < tables->table->s->table_check_constraints; i++) for (uint i= 0; i < tables->table->s->table_check_constraints; i++)
{ {
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!(thd->col_access & TABLE_ACLS))
{
table_acl_check.db= db_name->str;
table_acl_check.db_length= db_name->length;
table_acl_check.table_name= table_name->str;
table_acl_check.table_name_length= table_name->length;
table_acl_check.grant.privilege= thd->col_access;
if (check_grant(thd, TABLE_ACLS, &table_acl_check, FALSE, 1, TRUE))
continue;
}
#endif
Virtual_column_info *check= tables->table->check_constraints[i]; Virtual_column_info *check= tables->table->check_constraints[i];
table->field[0]->store(STRING_WITH_LEN("def"), system_charset_info); table->field[0]->store(STRING_WITH_LEN("def"), system_charset_info);
table->field[3]->store(check->name.str, check->name.length, table->field[3]->store(check->name.str, check->name.length,
system_charset_info); system_charset_info);
/* Make sure the string is empty between each print. */
str.length(0); str.length(0);
check->print(&str); check->print(&str);
table->field[4]->store(str.ptr(), str.length(), system_charset_info); table->field[4]->store(str.ptr(), str.length(), system_charset_info);
...@@ -6551,8 +6568,7 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables, ...@@ -6551,8 +6568,7 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables,
DBUG_RETURN(1); DBUG_RETURN(1);
} }
} }
DBUG_RETURN(res);
DBUG_RETURN(0);
} }
static int get_schema_constraints_record(THD *thd, TABLE_LIST *tables, static int get_schema_constraints_record(THD *thd, TABLE_LIST *tables,
...@@ -9370,11 +9386,14 @@ ST_FIELD_INFO spatial_ref_sys_fields_info[]= ...@@ -9370,11 +9386,14 @@ ST_FIELD_INFO spatial_ref_sys_fields_info[]=
ST_FIELD_INFO check_constraints_fields_info[]= ST_FIELD_INFO check_constraints_fields_info[]=
{ {
{"CONSTRAINT_CATALOG", FN_REFLEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, {"CONSTRAINT_CATALOG", FN_REFLEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
{"CONSTRAINT_SCHEMA", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, {"CONSTRAINT_SCHEMA", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
OPEN_FULL_TABLE},
{"TABLE_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, {"TABLE_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
{"CONSTRAINT_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, {"CONSTRAINT_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
{"CHECK_CLAUSE", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, OPEN_FULL_TABLE},
{0, 0, MYSQL_TYPE_STRING, 0, 0, 0, SKIP_OPEN_TABLE } {"CHECK_CLAUSE", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
OPEN_FULL_TABLE},
{0, 0, MYSQL_TYPE_STRING, 0, 0, 0, SKIP_OPEN_TABLE}
}; };
/* /*
...@@ -9393,7 +9412,7 @@ ST_SCHEMA_TABLE schema_tables[]= ...@@ -9393,7 +9412,7 @@ ST_SCHEMA_TABLE schema_tables[]=
{"CHARACTER_SETS", charsets_fields_info, 0, {"CHARACTER_SETS", charsets_fields_info, 0,
fill_schema_charsets, make_character_sets_old_format, 0, -1, -1, 0, 0}, fill_schema_charsets, make_character_sets_old_format, 0, -1, -1, 0, 0},
{"CHECK_CONSTRAINTS", check_constraints_fields_info, 0, get_all_tables, 0, {"CHECK_CONSTRAINTS", check_constraints_fields_info, 0, get_all_tables, 0,
get_check_constraints_record, 1, 2, 0, OPTIMIZE_I_S_TABLE|OPEN_TABLE_ONLY}, get_check_constraints_record, 1, 2, 0, OPTIMIZE_I_S_TABLE|OPEN_TABLE_ONLY},
{"COLLATIONS", collation_fields_info, 0, {"COLLATIONS", collation_fields_info, 0,
fill_schema_collation, make_old_format, 0, -1, -1, 0, 0}, fill_schema_collation, make_old_format, 0, -1, -1, 0, 0},
{"COLLATION_CHARACTER_SET_APPLICABILITY", coll_charset_app_fields_info, {"COLLATION_CHARACTER_SET_APPLICABILITY", coll_charset_app_fields_info,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment