Commit b5559f53 authored by Kristofer Pettersson's avatar Kristofer Pettersson

Bug#27145 EXTRA_ACL troubles

The flag EXTRA_ACL is used in conjugation with our access checks, yet it is
not clear what impact this flag has.
This is a code clean up which replaces use of EXTRA_ACL with an explicit
function parameter.
The patch also fixes privilege checks for:
- SHOW CREATE TABLE: The new privilege requirement is any privilege on
  the table-level.
- CHECKSUM TABLE: Requires SELECT on the table level.
- SHOW CREATE VIEW: Requires SHOW_VIEW and SELECT on the table level
  (just as the manual claims)
- SHOW INDEX: Requires any privilege on any column combination.
parent 4863e5ce
......@@ -914,13 +914,13 @@ SHOW CREATE VIEW mysqltest2.v_ny;
View Create View character_set_client collation_connection
v_ny CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_ny` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn` latin1 latin1_swedish_ci
SHOW CREATE TABLE mysqltest3.t_nn;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't_nn'
ERROR 42000: SHOW command denied to user 'mysqltest_1'@'localhost' for table 't_nn'
SHOW CREATE VIEW mysqltest3.t_nn;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't_nn'
SHOW CREATE VIEW mysqltest3.v_nn;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
SHOW CREATE TABLE mysqltest3.v_nn;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
ERROR 42000: SHOW command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
SHOW CREATE TABLE mysqltest2.t_nn;
Table Create Table
t_nn CREATE TABLE `t_nn` (
......
......@@ -391,7 +391,7 @@ grant all on mysqltest_1.* to mysqltest_u1@localhost;
use mysqltest_2;
create table t1 (i int);
show create table mysqltest_2.t1;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table 't1'
create table t1 like mysqltest_2.t1;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
grant select on mysqltest_2.t1 to mysqltest_u1@localhost;
......
drop database if exists mysqltest_db1;
create database mysqltest_db1;
use mysqltest_db1;
create table t_column_priv_only (a int, b int);
create table t_select_priv like t_column_priv_only;
create table t_no_priv like t_column_priv_only;
grant all privileges on test.* to mysqltest_u1@localhost;
grant insert (a) on mysqltest_db1.t_column_priv_only to mysqltest_u1@localhost;
grant select on mysqltest_db1.t_select_priv to mysqltest_u1@localhost;
** Connect as restricted user mysqltest_u1.
** Test column level privileges only. No SELECT privileges on the table.
** INSERT INTO ... VALUES ...
** Attempting to insert values to a table with only column privileges
** should work.
insert into mysqltest_db1.t_column_priv_only (a) VALUES (1);
** SHOW COLUMNS
** Should succeed because we have privileges (any) on at least one of the columns.
select column_name as 'Field',column_type as 'Type',is_nullable as 'Null',column_key as 'Key',column_default as 'Default',extra as 'Extra' from information_schema.columns where table_schema='mysqltest_db1' and table_name='t_column_priv_only';
Field Type Null Key Default Extra
a int(11) YES NULL
show columns from mysqltest_db1.t_column_priv_only;
Field Type Null Key Default Extra
a int(11) YES NULL
** SHOW COLUMNS
** Should fail because there are no privileges on any column combination.
show columns from mysqltest_db1.t_no_priv;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't_no_priv'
** However, select from I_S.COLUMNS will succeed but not show anything:
select column_name as 'Field',column_type as 'Type',is_nullable as 'Null',column_key as 'Key',column_default as 'Default',extra as 'Extra' from information_schema.columns where table_schema='mysqltest_db1' and table_name='t_no_priv';
Field Type Null Key Default Extra
** CREATE TABLE ... LIKE ... require SELECT privleges and will fail.
create table test.t_no_priv like mysqltest_db1.column_priv_only;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'column_priv_only'
** Just to be sure... SELECT also fails.
select * from mysqltest_db1.t_column_priv_only;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't_column_priv_only'
** SHOW CREATE TABLE ... require any privileges on all columns (the entire table).
** First we try and fail on a table with only one column privilege.
show create table mysqltest_db1.t_column_priv_only;
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table 't_column_priv_only'
** Now we do the same on a table with SELECT privileges.
** SHOW COLUMNS
** Success because we got some privileges on the table (SELECT_ACL)
show columns from mysqltest_db1.t_select_priv;
Field Type Null Key Default Extra
a int(11) YES NULL
b int(11) YES NULL
** CREATE TABLE ... LIKE ... require SELECT privleges and will SUCCEED.
drop table if exists test.t_duplicated;
create table test.t_duplicated like mysqltest_db1.t_select_priv;
drop table test.t_duplicated;
** SHOW CREATE TABLE will succeed because we have a privilege on all columns in the table (table-level privilege).
show create table mysqltest_db1.t_select_priv;
Table Create Table
t_select_priv CREATE TABLE `t_select_priv` (
`a` int(11) DEFAULT NULL,
`b` int(11) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
** SHOW CREATE TABLE will fail if there is no grants at all:
show create table mysqltest_db1.t_no_priv;
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table 't_no_priv'
use mysqltest_db1;
CREATE TABLE t5 (s1 INT);
CREATE INDEX i ON t5 (s1);
CREATE TABLE t6 (s1 INT, s2 INT);
CREATE VIEW v5 AS SELECT * FROM t5;
CREATE VIEW v6 AS SELECT * FROM t6;
CREATE VIEW v2 AS SELECT * FROM t_select_priv;
CREATE VIEW v3 AS SELECT * FROM t_select_priv;
CREATE INDEX i ON t6 (s1);
GRANT UPDATE (s2) ON t6 to mysqltest_u1@localhost;
GRANT UPDATE (s2) ON v6 to mysqltest_u1@localhost;
GRANT SHOW VIEW ON v2 to mysqltest_u1@localhost;
GRANT SHOW VIEW, SELECT ON v3 to mysqltest_u1@localhost;
use mysqltest_db1;
** Connect as restricted user mysqltest_u1.
** SELECT FROM INFORMATION_SCHEMA.STATISTICS will succeed because any privileges will do (authentication is enough).
SELECT * FROM INFORMATION_SCHEMA.STATISTICS WHERE table_name='t5';
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME NON_UNIQUE INDEX_SCHEMA INDEX_NAME SEQ_IN_INDEX COLUMN_NAME COLLATION CARDINALITY SUB_PART PACKED NULLABLE INDEX_TYPE COMMENT
NULL mysqltest_db1 t5 1 mysqltest_db1 i 1 s1 A NULL NULL NULL YES BTREE
** SHOW INDEX FROM t5 will fail because we don't have any privileges on any column combination.
SHOW INDEX FROM t5;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't5'
** SHOW INDEX FROM t6 will succeed because there exist a privilege on a column combination on t6.
SHOW INDEX FROM t6;
Table Non_unique Key_name Seq_in_index Column_name Collation Cardinality Sub_part Packed Null Index_type Comment
t6 1 i 1 s1 A NULL NULL NULL YES BTREE
** CHECK TABLE requires any privilege on any column combination and should succeed for t6:
CHECK TABLE t6;
Table Op Msg_type Msg_text
mysqltest_db1.t6 check status OK
** With no privileges access is naturally denied:
CHECK TABLE t5;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't5'
** CHECKSUM TABLE requires SELECT privileges on the table. The following should fail:
CHECKSUM TABLE t6;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't6'
** And this should work:
CHECKSUM TABLE t_select_priv;
Table Checksum
mysqltest_db1.t_select_priv 0
SHOW CREATE VIEW v5;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v5'
SHOW CREATE VIEW v6;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v6'
SHOW CREATE VIEW v2;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v2'
SHOW CREATE VIEW v3;
View Create View character_set_client collation_connection
v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t_select_priv`.`a` AS `a`,`t_select_priv`.`b` AS `b` from `t_select_priv` latin1 latin1_swedish_ci
drop database mysqltest_db1;
drop user mysqltest_u1@localhost;
......@@ -3,7 +3,7 @@ drop view if exists v1,v2;
drop function if exists f1;
drop function if exists f2;
use INFORMATION_SCHEMA;
show tables where Tables_in_information_schema not like "Innodb%";
show tables where Tables_in_information_schema NOT LIKE 'Innodb%';
Tables_in_information_schema
CHARACTER_SETS
COLLATIONS
......@@ -119,12 +119,12 @@ create table t1 (f1 char(4));
create view v1 as select f1 from t1;
grant insert on v1 to testdb_2@localhost;
create view v5 as select f1 from t1;
grant show view on v5 to testdb_2@localhost;
grant select, show view on v5 to testdb_2@localhost;
create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1;
ERROR 42000: Access denied; you need the SUPER privilege for this operation
use testdb_1;
create view v6 as select f1 from t1;
grant show view on v6 to testdb_2@localhost;
grant select, show view on v6 to testdb_2@localhost;
create table t2 (f1 char(4));
create definer=`no_such_user`@`no_such_host` view v7 as select * from t2;
Warnings:
......@@ -152,11 +152,13 @@ create view v2 as select f1 from testdb_1.v1;
create view v4 as select f1,f2 from testdb_1.v3;
show fields from testdb_1.v5;
Field Type Null Key Default Extra
f1 char(4) YES NULL
show create view testdb_1.v5;
View Create View character_set_client collation_connection
v5 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_1`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v5` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` latin1 latin1_swedish_ci
show fields from testdb_1.v6;
Field Type Null Key Default Extra
f1 char(4) YES NULL
show create view testdb_1.v6;
View Create View character_set_client collation_connection
v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v6` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` latin1 latin1_swedish_ci
......@@ -171,9 +173,9 @@ v7 CREATE ALGORITHM=UNDEFINED DEFINER=`no_such_user`@`no_such_host` SQL SECURITY
Warnings:
Warning 1356 View 'testdb_1.v7' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
revoke insert(f1) on v3 from testdb_2@localhost;
revoke show view on v5 from testdb_2@localhost;
revoke select,show view on v5 from testdb_2@localhost;
use testdb_1;
revoke show view on v6 from testdb_2@localhost;
revoke select,show view on v6 from testdb_2@localhost;
show fields from testdb_1.v5;
ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v5'
show create view testdb_1.v5;
......@@ -202,7 +204,7 @@ show create view v2;
View Create View character_set_client collation_connection
v2 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_2`@`localhost` SQL SECURITY DEFINER VIEW `v2` AS select `v1`.`f1` AS `f1` from `testdb_1`.`v1` latin1 latin1_swedish_ci
show create view testdb_1.v1;
ERROR 42000: SHOW VIEW command denied to user 'testdb_2'@'localhost' for table 'v1'
ERROR 42000: SELECT command denied to user 'testdb_2'@'localhost' for table 'v1'
select table_name from information_schema.columns a
where a.table_name = 'v2';
table_name
......
No preview for this file type
......@@ -799,12 +799,12 @@ CREATE USER u29908_1@localhost;
CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1;
CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS
SELECT f1 FROM t1;
GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost;
GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost;
GRANT SELECT, DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost;
GRANT SELECT, DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost;
GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost;
CREATE USER u29908_2@localhost;
GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost;
GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost;
GRANT SELECT, DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost;
GRANT SELECT, DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost;
GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost;
ALTER VIEW v1 AS SELECT f2 FROM t1;
ERROR 42000: Access denied; you need the SUPER privilege for this operation
......
--source include/not_embedded.inc
# Setup database, tables and user accounts
--disable_warnings
drop database if exists mysqltest_db1;
--enable_warnings
create database mysqltest_db1;
use mysqltest_db1;
create table t_column_priv_only (a int, b int);
create table t_select_priv like t_column_priv_only;
create table t_no_priv like t_column_priv_only;
grant all privileges on test.* to mysqltest_u1@localhost;
grant insert (a) on mysqltest_db1.t_column_priv_only to mysqltest_u1@localhost;
grant select on mysqltest_db1.t_select_priv to mysqltest_u1@localhost;
--echo ** Connect as restricted user mysqltest_u1.
--echo
connect (con1,localhost,mysqltest_u1,,);
connection con1;
########################################################################
--echo ** Test column level privileges only. No SELECT privileges on the table.
--echo ** INSERT INTO ... VALUES ...
--echo ** Attempting to insert values to a table with only column privileges
--echo ** should work.
insert into mysqltest_db1.t_column_priv_only (a) VALUES (1);
--echo
#########################################################################
--echo ** SHOW COLUMNS
--echo ** Should succeed because we have privileges (any) on at least one of the columns.
select column_name as 'Field',column_type as 'Type',is_nullable as 'Null',column_key as 'Key',column_default as 'Default',extra as 'Extra' from information_schema.columns where table_schema='mysqltest_db1' and table_name='t_column_priv_only';
show columns from mysqltest_db1.t_column_priv_only;
#########################################################################
--echo ** SHOW COLUMNS
--echo ** Should fail because there are no privileges on any column combination.
--error 1142
show columns from mysqltest_db1.t_no_priv;
--echo ** However, select from I_S.COLUMNS will succeed but not show anything:
select column_name as 'Field',column_type as 'Type',is_nullable as 'Null',column_key as 'Key',column_default as 'Default',extra as 'Extra' from information_schema.columns where table_schema='mysqltest_db1' and table_name='t_no_priv';
--echo
#########################################################################
--echo ** CREATE TABLE ... LIKE ... require SELECT privleges and will fail.
--error 1142
create table test.t_no_priv like mysqltest_db1.column_priv_only;
--echo
#########################################################################
--echo ** Just to be sure... SELECT also fails.
--error 1142
select * from mysqltest_db1.t_column_priv_only;
--echo
#########################################################################
--echo ** SHOW CREATE TABLE ... require any privileges on all columns (the entire table).
--echo ** First we try and fail on a table with only one column privilege.
--error 1142
show create table mysqltest_db1.t_column_priv_only;
--echo
#########################################################################
--echo ** Now we do the same on a table with SELECT privileges.
--echo
#########################################################################
--echo ** SHOW COLUMNS
--echo ** Success because we got some privileges on the table (SELECT_ACL)
show columns from mysqltest_db1.t_select_priv;
--echo
#########################################################################
--echo ** CREATE TABLE ... LIKE ... require SELECT privleges and will SUCCEED.
--disable_warnings
drop table if exists test.t_duplicated;
--enable_warnings
create table test.t_duplicated like mysqltest_db1.t_select_priv;
drop table test.t_duplicated;
--echo
#########################################################################
--echo ** SHOW CREATE TABLE will succeed because we have a privilege on all columns in the table (table-level privilege).
show create table mysqltest_db1.t_select_priv;
--echo
#########################################################################
--echo ** SHOW CREATE TABLE will fail if there is no grants at all:
--error 1142
show create table mysqltest_db1.t_no_priv;
--echo
connection default;
#
# SHOW INDEX
#
use mysqltest_db1;
CREATE TABLE t5 (s1 INT);
CREATE INDEX i ON t5 (s1);
CREATE TABLE t6 (s1 INT, s2 INT);
CREATE VIEW v5 AS SELECT * FROM t5;
CREATE VIEW v6 AS SELECT * FROM t6;
CREATE VIEW v2 AS SELECT * FROM t_select_priv;
CREATE VIEW v3 AS SELECT * FROM t_select_priv;
CREATE INDEX i ON t6 (s1);
GRANT UPDATE (s2) ON t6 to mysqltest_u1@localhost;
GRANT UPDATE (s2) ON v6 to mysqltest_u1@localhost;
GRANT SHOW VIEW ON v2 to mysqltest_u1@localhost;
GRANT SHOW VIEW, SELECT ON v3 to mysqltest_u1@localhost;
connection con1;
use mysqltest_db1;
--echo ** Connect as restricted user mysqltest_u1.
--echo ** SELECT FROM INFORMATION_SCHEMA.STATISTICS will succeed because any privileges will do (authentication is enough).
#
# this result is wrong. reported as bug#34104
#
SELECT * FROM INFORMATION_SCHEMA.STATISTICS WHERE table_name='t5';
#
# Bug27145 EXTRA_ACL trouble
#
--echo ** SHOW INDEX FROM t5 will fail because we don't have any privileges on any column combination.
--error 1142
SHOW INDEX FROM t5;
--echo ** SHOW INDEX FROM t6 will succeed because there exist a privilege on a column combination on t6.
SHOW INDEX FROM t6;
# CHECK TABLE
--echo ** CHECK TABLE requires any privilege on any column combination and should succeed for t6:
CHECK TABLE t6;
--echo ** With no privileges access is naturally denied:
--error 1142
CHECK TABLE t5;
# CHECKSUM
--echo ** CHECKSUM TABLE requires SELECT privileges on the table. The following should fail:
--error 1142
CHECKSUM TABLE t6;
--echo ** And this should work:
CHECKSUM TABLE t_select_priv;
# SHOW CREATE VIEW
--error 1142
SHOW CREATE VIEW v5;
--error 1142
SHOW CREATE VIEW v6;
--error 1142
SHOW CREATE VIEW v2;
SHOW CREATE VIEW v3;
connection default;
disconnect con1;
drop database mysqltest_db1;
drop user mysqltest_u1@localhost;
# this test mostly test privilege control (what doesn't work
# in the embedded server by default). So disabled in embedded-server mode
# in the embedded server by default). So skip the test in embedded-server mode.
-- source include/not_embedded.inc
-- source include/testdb_only.inc
......@@ -13,7 +13,7 @@ drop function if exists f2;
use INFORMATION_SCHEMA;
--replace_result Tables_in_INFORMATION_SCHEMA Tables_in_information_schema
show tables where Tables_in_information_schema not like "Innodb%";
show tables where Tables_in_INFORMATION_SCHEMA NOT LIKE 'Innodb%';
--replace_result 'Tables_in_INFORMATION_SCHEMA (T%)' 'Tables_in_information_schema (T%)'
show tables from INFORMATION_SCHEMA like 'T%';
create database `inf%`;
......@@ -123,7 +123,7 @@ create view v1 as select f1 from t1;
grant insert on v1 to testdb_2@localhost;
create view v5 as select f1 from t1;
grant show view on v5 to testdb_2@localhost;
grant select, show view on v5 to testdb_2@localhost;
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1;
......@@ -131,7 +131,7 @@ create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1;
connection default;
use testdb_1;
create view v6 as select f1 from t1;
grant show view on v6 to testdb_2@localhost;
grant select, show view on v6 to testdb_2@localhost;
create table t2 (f1 char(4));
create definer=`no_such_user`@`no_such_host` view v7 as select * from t2;
......@@ -163,10 +163,10 @@ show fields from testdb_1.v7;
show create view testdb_1.v7;
revoke insert(f1) on v3 from testdb_2@localhost;
revoke show view on v5 from testdb_2@localhost;
revoke select,show view on v5 from testdb_2@localhost;
connection default;
use testdb_1;
revoke show view on v6 from testdb_2@localhost;
revoke select,show view on v6 from testdb_2@localhost;
connection testdb_2;
--error ER_TABLEACCESS_DENIED_ERROR
......
......@@ -109,7 +109,7 @@ create user user_1@localhost;
grant all on mysqltest.* to user_1@localhost;
connect (con28181_1,localhost,user_1,,mysqltest);
--error ER_DBACCESS_DENIED_ERROR
--error ER_ACCESS_DENIED_ERROR
eval select schema_name
into outfile "../../tmp/outfile-test.4"
fields terminated by ',' optionally enclosed by '"'
......
......@@ -1072,12 +1072,12 @@ CREATE USER u29908_1@localhost;
CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1;
CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS
SELECT f1 FROM t1;
GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost;
GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost;
GRANT SELECT, DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost;
GRANT SELECT, DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost;
GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost;
CREATE USER u29908_2@localhost;
GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost;
GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost;
GRANT SELECT, DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost;
GRANT SELECT, DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost;
GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost;
connect (u2,localhost,u29908_2,,mysqltest_29908);
......
......@@ -1120,9 +1120,11 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
bool *write_to_binlog);
#ifndef NO_EMBEDDED_ACCESS_CHECKS
bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
bool no_grant, bool no_errors, bool schema_db);
bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
uint number, bool no_errors);
bool no_grant, bool no_errors, bool schema_db);
bool check_table_access(THD *thd, ulong requirements,TABLE_LIST *tables,
bool any_combination_of_privileges_will_do,
uint number,
bool no_errors);
#else
inline bool check_access(THD *thd, ulong access, const char *db,
ulong *save_priv, bool no_grant, bool no_errors,
......@@ -1132,8 +1134,10 @@ inline bool check_access(THD *thd, ulong access, const char *db,
*save_priv= GLOBAL_ACLS;
return false;
}
inline bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
uint number, bool no_errors)
inline bool check_table_access(THD *thd, ulong requirements,TABLE_LIST *tables,
bool no_errors,
bool any_combination_of_privileges_will_do,
uint number)
{ return false; }
#endif /*NO_EMBEDDED_ACCESS_CHECKS*/
......
......@@ -2362,7 +2362,8 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access)
bzero((char*) &tables,sizeof(tables));
tables.db= (char*) "mysql";
tables.table_name= tables.alias= (char*) "proc";
*full_access= (!check_table_access(thd, SELECT_ACL, &tables, 1, TRUE) ||
*full_access= (!check_table_access(thd, SELECT_ACL, &tables, FALSE,
1, TRUE) ||
(!strcmp(sp->m_definer_user.str,
thd->security_ctx->priv_user) &&
!strcmp(sp->m_definer_host.str,
......@@ -2808,7 +2809,7 @@ int sp_instr::exec_open_and_lock_tables(THD *thd, TABLE_LIST *tables)
Check whenever we have access to tables for this statement
and open and lock them before executing instructions core function.
*/
if (check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE)
if (check_table_access(thd, SELECT_ACL, tables, FALSE, UINT_MAX, FALSE)
|| open_and_lock_tables(thd, tables))
result= -1;
else
......
......@@ -1879,7 +1879,7 @@ static bool test_if_create_new_users(THD *thd)
sctx->priv_user, tl.db, 0);
if (!(db_access & INSERT_ACL))
{
if (check_grant(thd, INSERT_ACL, &tl, 0, UINT_MAX, 1))
if (check_grant(thd, INSERT_ACL, &tl, FALSE, UINT_MAX, TRUE))
create_new_users=0;
}
}
......@@ -3835,40 +3835,52 @@ my_bool grant_reload(THD *thd)
DBUG_RETURN(return_val);
}
/****************************************************************************
Check table level grants
SYNOPSIS
bool check_grant()
thd Thread handler
want_access Bits of privileges user needs to have
tables List of tables to check. The user should have 'want_access'
to all tables in list.
show_table <> 0 if we are in show table. In this case it's enough to have
any privilege for the table
number Check at most this number of tables.
no_errors If 0 then we write an error. The error is sent directly to
the client
/**
@brief Check table level grants
RETURN
0 ok
1 Error: User did not have the requested privileges
@param thd Thread handler
@param want_access Bits of privileges user needs to have.
@param tables List of tables to check. The user should have
'want_access' to all tables in list.
@param any_combination_will_do TRUE if it's enough to have any privilege for
any combination of the table columns.
@param number Check at most this number of tables.
@param no_errors TRUE if no error should be sent directly to the client.
NOTE
This functions assumes that either number of tables to be inspected
If table->grant.want_privilege != 0 then the requested privileges where
in the set of COL_ACLS but access was not granted on the table level. As
a consequence an extra check of column privileges is required.
Specifically if this function returns FALSE the user has some kind of
privilege on a combination of columns in each table.
This function is usually preceeded by check_access which establish the
User-, Db- and Host access rights.
@see check_access
@see check_table_access
@note This functions assumes that either number of tables to be inspected
by it is limited explicitly (i.e. is is not UINT_MAX) or table list
used and thd->lex->query_tables_own_last value correspond to each
other (the latter should be either 0 or point to next_global member
of one of elements of this table list).
****************************************************************************/
@return Access status
@retval FALSE Access granted; But column privileges might need to be
checked.
@retval TRUE The user did not have the requested privileges on any of the
tables.
*/
bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
uint show_table, uint number, bool no_errors)
bool any_combination_will_do, uint number, bool no_errors)
{
TABLE_LIST *table, *first_not_own_table= thd->lex->first_not_own_table();
Security_context *sctx= thd->security_ctx;
uint i;
ulong orig_want_access= want_access;
DBUG_ENTER("check_grant");
DBUG_ASSERT(number > 0);
......@@ -3886,7 +3898,10 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
i < number && table != first_not_own_table;
table= table->next_global, i++)
{
/* Remove SHOW_VIEW_ACL, because it will be checked during making view */
/*
Save a copy of the privileges without the SHOW_VIEW_ACL attribute.
It will be checked during making view.
*/
table->grant.orig_want_privilege= (want_access & ~SHOW_VIEW_ACL);
}
......@@ -3899,7 +3914,6 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
sctx = test(table->security_ctx) ?
table->security_ctx : thd->security_ctx;
want_access= orig_want_access;
want_access&= ~sctx->master_access;
if (!want_access)
continue; // ok
......@@ -3929,8 +3943,13 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
want_access &= ~table->grant.privilege;
goto err; // No grants
}
if (show_table)
continue; // We have some priv on this
/*
For SHOW COLUMNS, SHOW INDEX it is enough to have some
privileges on any column combination on the table.
*/
if (any_combination_will_do)
continue;
table->grant.grant_table=grant_table; // Remember for column test
table->grant.version=grant_version;
......@@ -3948,7 +3967,7 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
}
}
rw_unlock(&LOCK_grant);
DBUG_RETURN(0);
DBUG_RETURN(FALSE);
err:
rw_unlock(&LOCK_grant);
......@@ -3962,7 +3981,97 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
sctx->host_or_ip,
table ? table->get_table_name() : "unknown");
}
DBUG_RETURN(1);
DBUG_RETURN(TRUE);
}
/**
Check if all tables in the table list has any of the requested table level
privileges matching the current user.
@param thd A pointer to the thread context.
@param required_access Set of privileges to compare against.
@param tables[in,out] A list of tables to be checked.
@note If the table grant hash contains any grant table, this table will be
attached to the corresponding TABLE_LIST object in 'tables'.
@return
@retval TRUE There is a privilege on the table level granted to the
current user.
@retval FALSE There are no privileges on the table level granted to the
current user.
*/
bool has_any_table_level_privileges(THD *thd, ulong required_access,
TABLE_LIST *tables)
{
Security_context *sctx;
GRANT_TABLE *grant_table;
TABLE_LIST *table;
/* For each table in tables */
for (table= tables; table; table= table->next_global)
{
/*
If this table is a VIEW, then it will supply its own security context.
This is because VIEWs can have a DEFINER or an INVOKER security role.
*/
sctx= table->security_ctx ? table->security_ctx : thd->security_ctx;
/*
Get privileges from table_priv and column_priv tables by searching
the cache.
*/
rw_rdlock(&LOCK_grant);
grant_table= table_hash_search(sctx->host, sctx->ip,
table->db, sctx->priv_user,
table->table_name,0);
rw_unlock(&LOCK_grant);
/* Stop if there are no grants for the current user */
if (!grant_table)
return FALSE;
/*
Save a pointer to the found grant_table in the table object.
This pointer can later be used to verify other access requirements
without having to look up the grant table in the hash.
*/
table->grant.grant_table= grant_table;
table->grant.version= grant_version;
table->grant.privilege|= grant_table->privs;
/*
Save all privileges which might be subject to column privileges
but not which aren't yet granted by table level ACLs.
This is can later be used for column privilege checks.
*/
table->grant.want_privilege= ((required_access & COL_ACLS)
& ~table->grant.privilege);
/*
If the requested privileges share any intersection with the current
table privileges we have found at least one common privilege on the
table level.
*/
if (grant_table->privs & required_access)
continue; /* Check next table */
/*
There are no table level privileges which satisfies any of the
requested privileges. There might still be column privileges which
does though.
*/
return FALSE;
}
/*
All tables in TABLE_LIST satisfy the requirement of having any
privilege on the table level.
*/
return TRUE;
}
......
......@@ -51,7 +51,6 @@
4. acl_init() or whatever - to define behaviour for old privilege tables
5. sql_yacc.yy - for GRANT/REVOKE to work
*/
#define EXTRA_ACL (1L << 29)
#define NO_ACCESS (1L << 30)
#define DB_ACLS \
(UPDATE_ACL | SELECT_ACL | INSERT_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
......@@ -238,7 +237,7 @@ my_bool grant_init();
void grant_free(void);
my_bool grant_reload(THD *thd);
bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
uint show_command, uint number, bool dont_print_error);
bool any_combination_will_do, uint number, bool no_errors);
bool check_grant_column (THD *thd, GRANT_INFO *grant,
const char *db_name, const char *table_name,
const char *name, uint length, Security_context *sctx);
......@@ -269,6 +268,9 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
bool check_routine_level_acl(THD *thd, const char *db, const char *name,
bool is_proc);
bool is_acl_user(const char *host, const char *user);
bool has_any_table_level_privileges(THD *thd, ulong required_access,
TABLE_LIST *tables);
#ifdef NO_EMBEDDED_ACCESS_CHECKS
#define check_grant(A,B,C,D,E,F) 0
#define check_grant_db(A,B) 0
......
......@@ -731,7 +731,7 @@ OPEN_TABLE_LIST *list_open_tables(THD *thd, const char *db, const char *wild)
table_list.table_name= share->table_name.str;
table_list.grant.privilege=0;
if (check_table_access(thd,SELECT_ACL | EXTRA_ACL,&table_list, 1, TRUE))
if (check_table_access(thd,SELECT_ACL,&table_list, TRUE, 1, TRUE))
continue;
/* need to check if we haven't already listed it */
for (table= open_list ; table ; table=table->next)
......
......@@ -1545,7 +1545,7 @@ def_week_frmt: %lu, in_trans: %d, autocommit: %d",
table_list.db = table->db();
table_list.alias= table_list.table_name= table->table();
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (check_table_access(thd,SELECT_ACL,&table_list, 1, TRUE))
if (check_table_access(thd,SELECT_ACL,&table_list, FALSE, 1,TRUE))
{
DBUG_PRINT("qcache",
("probably no SELECT access to %s.%s => return to normal processing",
......
This diff is collapsed.
......@@ -1660,7 +1660,7 @@ bool mysql_install_plugin(THD *thd, const LEX_STRING *name, const LEX_STRING *dl
bzero(&tables, sizeof(tables));
tables.db= (char *)"mysql";
tables.table_name= tables.alias= (char *)"plugin";
if (check_table_access(thd, INSERT_ACL, &tables, 1, FALSE))
if (check_table_access(thd, INSERT_ACL, &tables, FALSE, 1, FALSE))
DBUG_RETURN(TRUE);
/* need to open before acquiring LOCK_plugin or it will deadlock */
......
......@@ -1336,7 +1336,7 @@ static int mysql_test_select(Prepared_statement *stmt,
ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL;
if (tables)
{
if (check_table_access(thd, privilege, tables, UINT_MAX, FALSE))
if (check_table_access(thd, privilege, tables, FALSE, UINT_MAX, FALSE))
goto error;
}
else if (check_access(thd, privilege, any_db,0,0,0,0))
......@@ -1405,7 +1405,8 @@ static bool mysql_test_do_fields(Prepared_statement *stmt,
THD *thd= stmt->thd;
DBUG_ENTER("mysql_test_do_fields");
if (tables && check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE))
if (tables && check_table_access(thd, SELECT_ACL, tables, FALSE,
UINT_MAX, FALSE))
DBUG_RETURN(TRUE);
if (open_normal_and_derived_tables(thd, tables, 0))
......@@ -1436,8 +1437,9 @@ static bool mysql_test_set_fields(Prepared_statement *stmt,
THD *thd= stmt->thd;
set_var_base *var;
if ((tables && check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE))
|| open_normal_and_derived_tables(thd, tables, 0))
if ((tables && check_table_access(thd, SELECT_ACL, tables, FALSE,
UINT_MAX, FALSE)) ||
open_normal_and_derived_tables(thd, tables, 0))
goto error;
while ((var= it++))
......@@ -1472,7 +1474,8 @@ static bool mysql_test_call_fields(Prepared_statement *stmt,
THD *thd= stmt->thd;
Item *item;
if ((tables && check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE)) ||
if ((tables && check_table_access(thd, SELECT_ACL, tables, FALSE,
UINT_MAX, FALSE)) ||
open_normal_and_derived_tables(thd, tables, 0))
goto err;
......
......@@ -560,7 +560,7 @@ find_files(THD *thd, List<LEX_STRING> *files, const char *db,
table_list.table_name= uname;
table_list.table_name_length= file_name_len;
table_list.grant.privilege=col_access;
if (check_grant(thd, TABLE_ACLS, &table_list, 1, 1, 1))
if (check_grant(thd, TABLE_ACLS, &table_list, TRUE, 1, TRUE))
continue;
}
#endif
......@@ -3745,8 +3745,9 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables,
#ifndef NO_EMBEDDED_ACCESS_CHECKS
uint col_access;
check_access(thd,SELECT_ACL | EXTRA_ACL, db_name->str,
&tables->grant.privilege, 0, 0, test(tables->schema_table));
check_access(thd,SELECT_ACL, db_name->str,
&tables->grant.privilege, FALSE, FALSE,
test(tables->schema_table));
col_access= get_column_grant(thd, &tables->grant,
db_name->str, table_name->str,
field->field_name) & COL_ACLS;
......@@ -4174,7 +4175,8 @@ int fill_schema_proc(THD *thd, TABLE_LIST *tables, COND *cond)
proc_tables.table_name= proc_tables.alias= (char*) "proc";
proc_tables.table_name_length= 4;
proc_tables.lock_type= TL_READ;
full_access= !check_table_access(thd, SELECT_ACL, &proc_tables, 1, TRUE);
full_access= !check_table_access(thd, SELECT_ACL, &proc_tables, FALSE,
1, TRUE);
if (!(proc_table= open_proc_table_for_read(thd, &open_tables_state_backup)))
{
DBUG_RETURN(1);
......@@ -4583,7 +4585,7 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
Table_triggers_list *triggers= tables->table->triggers;
int event, timing;
if (check_table_access(thd, TRIGGER_ACL, tables, 1, TRUE))
if (check_table_access(thd, TRIGGER_ACL, tables, FALSE, 1, TRUE))
goto ret;
for (event= 0; event < (int)TRG_EVENT_MAX; event++)
......@@ -7044,7 +7046,7 @@ bool show_create_trigger(THD *thd, const sp_name *trg_name)
if (!lst)
return TRUE;
if (check_table_access(thd, TRIGGER_ACL, lst, 1, TRUE))
if (check_table_access(thd, TRIGGER_ACL, lst, FALSE, 1, TRUE))
{
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "TRIGGER");
return TRUE;
......
......@@ -422,7 +422,7 @@ bool mysql_create_or_drop_trigger(THD *thd, TABLE_LIST *tables, bool create)
TABLE_LIST **save_query_tables_own_last= thd->lex->query_tables_own_last;
thd->lex->query_tables_own_last= 0;
err_status= check_table_access(thd, TRIGGER_ACL, tables, 1, FALSE);
err_status= check_table_access(thd, TRIGGER_ACL, tables, FALSE, 1, FALSE);
thd->lex->query_tables_own_last= save_query_tables_own_last;
......
......@@ -1077,7 +1077,7 @@ int mysql_multi_update_prepare(THD *thd)
if (check_access(thd, want_privilege,
tl->db, &tl->grant.privilege, 0, 0,
test(tl->schema_table)) ||
check_grant(thd, want_privilege, tl, 0, 1, 0))
check_grant(thd, want_privilege, tl, FALSE, 1, FALSE))
DBUG_RETURN(TRUE);
}
}
......
......@@ -269,11 +269,11 @@ bool create_view_precheck(THD *thd, TABLE_LIST *tables, TABLE_LIST *view,
*/
if ((check_access(thd, CREATE_VIEW_ACL, view->db, &view->grant.privilege,
0, 0, is_schema_db(view->db)) ||
check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) ||
check_grant(thd, CREATE_VIEW_ACL, view, FALSE, 1, FALSE)) ||
(mode != VIEW_CREATE_NEW &&
(check_access(thd, DROP_ACL, view->db, &view->grant.privilege,
0, 0, is_schema_db(view->db)) ||
check_grant(thd, DROP_ACL, view, 0, 1, 0))))
check_grant(thd, DROP_ACL, view, FALSE, 1, FALSE))))
goto err;
for (sl= select_lex; sl; sl= sl->next_select())
......@@ -323,7 +323,7 @@ bool create_view_precheck(THD *thd, TABLE_LIST *tables, TABLE_LIST *view,
{
if (check_access(thd, SELECT_ACL, tbl->db,
&tbl->grant.privilege, 0, 0, test(tbl->schema_table)) ||
check_grant(thd, SELECT_ACL, tbl, 0, 1, 0))
check_grant(thd, SELECT_ACL, tbl, FALSE, 1, FALSE))
goto err;
}
}
......@@ -1233,8 +1233,9 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
if (!table->prelocking_placeholder &&
(old_lex->sql_command == SQLCOM_SELECT && old_lex->describe))
{
if (check_table_access(thd, SELECT_ACL, view_tables, UINT_MAX, TRUE) &&
check_table_access(thd, SHOW_VIEW_ACL, table, UINT_MAX, TRUE))
if (check_table_access(thd, SELECT_ACL, view_tables, FALSE,
UINT_MAX, TRUE) &&
check_table_access(thd, SHOW_VIEW_ACL, table, FALSE, UINT_MAX, TRUE))
{
my_message(ER_VIEW_NO_EXPLAIN, ER(ER_VIEW_NO_EXPLAIN), MYF(0));
goto err;
......@@ -1244,7 +1245,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
(old_lex->sql_command == SQLCOM_SHOW_CREATE) &&
!table->belong_to_view)
{
if (check_table_access(thd, SHOW_VIEW_ACL, table, UINT_MAX, FALSE))
if (check_table_access(thd, SHOW_VIEW_ACL, table, FALSE, UINT_MAX, FALSE))
goto err;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment