Commit b58586aa authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-21560 Assertion `grant_table || grant_table_role' failed in check_grant_all_columns

With RETURNING it can happen that the user has some privileges on
the table (namely, DELETE), but later needs different privileges
on individual columns (namely, SELECT).

Do the same as in check_grant_column() - ER_COLUMNACCESS_DENIED_ERROR,
not an assert.
parent 80534093
...@@ -225,4 +225,21 @@ drop user twg@'%'; ...@@ -225,4 +225,21 @@ drop user twg@'%';
insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('localhost','','otto','t1','root@localhost','select'); insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('localhost','','otto','t1','root@localhost','select');
flush privileges; flush privileges;
delete from mysql.tables_priv where db=''; delete from mysql.tables_priv where db='';
create database db;
create table db.t1 (a int);
insert into db.t1 values (1);
create user foo;
grant delete on db.* to foo;
connect con1,localhost,foo,,;
show create table db.t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
delete from db.t1 returning *;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'a' in table 't1'
disconnect con1;
connection default;
drop database db;
drop user foo;
# End of 10.4 tests # End of 10.4 tests
...@@ -182,4 +182,21 @@ insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('l ...@@ -182,4 +182,21 @@ insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('l
flush privileges; flush privileges;
delete from mysql.tables_priv where db=''; delete from mysql.tables_priv where db='';
#
# MDEV-21560 Assertion `grant_table || grant_table_role' failed in check_grant_all_columns
#
create database db;
create table db.t1 (a int);
insert into db.t1 values (1);
create user foo;
grant delete on db.* to foo;
--connect (con1,localhost,foo,,)
show create table db.t1;
--error ER_COLUMNACCESS_DENIED_ERROR
delete from db.t1 returning *;
--disconnect con1
--connection default
drop database db;
drop user foo;
--echo # End of 10.4 tests --echo # End of 10.4 tests
...@@ -8335,7 +8335,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg, ...@@ -8335,7 +8335,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
grant_table= grant->grant_table_user; grant_table= grant->grant_table_user;
grant_table_role= grant->grant_table_role; grant_table_role= grant->grant_table_role;
DBUG_ASSERT (grant_table || grant_table_role); if (!grant_table && !grant_table_role)
goto err;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment