Commit 51eed4b4 authored by monty@mashka.mysql.fi's avatar monty@mashka.mysql.fi

Fix for openssl on Solaris

Fix for grant bug with SELECT *
parent c1376737
...@@ -267,6 +267,10 @@ C_MODE_END ...@@ -267,6 +267,10 @@ C_MODE_END
#include <asm/atomic.h> #include <asm/atomic.h>
#endif #endif
#include <errno.h> /* Recommended by debian */ #include <errno.h> /* Recommended by debian */
/* We need the following to go around a problem with openssl on solaris */
#if defined(HAVE_CRYPT)
#include <crypt.h>
#endif
/* Go around some bugs in different OS and compilers */ /* Go around some bugs in different OS and compilers */
#if defined(_HPUX_SOURCE) && defined(HAVE_SYS_STREAM_H) #if defined(_HPUX_SOURCE) && defined(HAVE_SYS_STREAM_H)
......
...@@ -27,9 +27,6 @@ ...@@ -27,9 +27,6 @@
#include "mysql_priv.h" #include "mysql_priv.h"
#include "sql_acl.h" #include "sql_acl.h"
#include <m_ctype.h> #include <m_ctype.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <openssl/des.h> #include <openssl/des.h>
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
......
...@@ -1997,10 +1997,10 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, ...@@ -1997,10 +1997,10 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
} }
int mysql_table_grant (THD *thd, TABLE_LIST *table_list, int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
List <LEX_USER> &user_list, List <LEX_USER> &user_list,
List <LEX_COLUMN> &columns, ulong rights, List <LEX_COLUMN> &columns, ulong rights,
bool revoke_grant) bool revoke_grant)
{ {
ulong column_priv = 0; ulong column_priv = 0;
List_iterator <LEX_USER> str_list (user_list); List_iterator <LEX_USER> str_list (user_list);
...@@ -2374,7 +2374,7 @@ my_bool grant_init(THD *org_thd) ...@@ -2374,7 +2374,7 @@ my_bool grant_init(THD *org_thd)
mem_check->ok() && hash_insert(&hash_tables,(byte*) mem_check)) mem_check->ok() && hash_insert(&hash_tables,(byte*) mem_check))
{ {
/* This could only happen if we are out memory */ /* This could only happen if we are out memory */
grant_option = FALSE; /* purecov: deadcode */ grant_option= FALSE; /* purecov: deadcode */
goto end_unlock; goto end_unlock;
} }
} }
...@@ -2404,7 +2404,8 @@ end: ...@@ -2404,7 +2404,8 @@ end:
void grant_reload(THD *thd) void grant_reload(THD *thd)
{ {
HASH old_hash_tables;bool old_grant_option; HASH old_hash_tables;
bool old_grant_option;
MEM_ROOT old_mem; MEM_ROOT old_mem;
DBUG_ENTER("grant_reload"); DBUG_ENTER("grant_reload");
...@@ -2413,14 +2414,14 @@ void grant_reload(THD *thd) ...@@ -2413,14 +2414,14 @@ void grant_reload(THD *thd)
pthread_mutex_lock(&LOCK_grant); pthread_mutex_lock(&LOCK_grant);
grant_version++; grant_version++;
old_hash_tables=hash_tables; old_hash_tables=hash_tables;
old_grant_option = grant_option; old_grant_option= grant_option;
old_mem = memex; old_mem = memex;
if (grant_init(thd)) if (grant_init(thd))
{ // Error. Revert to old hash { // Error. Revert to old hash
grant_free(); /* purecov: deadcode */ grant_free(); /* purecov: deadcode */
hash_tables=old_hash_tables; /* purecov: deadcode */ hash_tables=old_hash_tables; /* purecov: deadcode */
grant_option = old_grant_option; /* purecov: deadcode */ grant_option= old_grant_option; /* purecov: deadcode */
memex = old_mem; /* purecov: deadcode */ memex = old_mem; /* purecov: deadcode */
} }
else else
......
...@@ -1984,8 +1984,9 @@ insert_fields(THD *thd,TABLE_LIST *tables, const char *db_name, ...@@ -1984,8 +1984,9 @@ insert_fields(THD *thd,TABLE_LIST *tables, const char *db_name,
(!db_name || !strcmp(tables->db,db_name)))) (!db_name || !strcmp(tables->db,db_name))))
{ {
/* Ensure that we have access right to all columns */ /* Ensure that we have access right to all columns */
if (grant_option && !thd->master_access && if (grant_option && !(table->grant.privilege &
check_grant_all_columns(thd,SELECT_ACL,table) ) table->grant.want_privilege) &&
check_grant_all_columns(thd,SELECT_ACL,table))
DBUG_RETURN(-1); DBUG_RETURN(-1);
Field **ptr=table->field,*field; Field **ptr=table->field,*field;
thd->used_tables|=table->map; thd->used_tables|=table->map;
......
...@@ -2519,12 +2519,20 @@ error: ...@@ -2519,12 +2519,20 @@ error:
/**************************************************************************** /****************************************************************************
Get the user (global) and database privileges for all used tables Get the user (global) and database privileges for all used tables
Returns true (error) if we can't get the privileges and we don't use
table/column grants. NOTES
The idea of EXTRA_ACL is that one will be granted access to the table if The idea of EXTRA_ACL is that one will be granted access to the table if
one has the asked privilege on any column combination of the table; For one has the asked privilege on any column combination of the table; For
example to be able to check a table one needs to have SELECT privilege on example to be able to check a table one needs to have SELECT privilege on
any column of the table. any column of the table.
RETURN
0 ok
1 If we can't get the privileges and we don't use table/column grants.
save_priv In this we store global and db level grants for the table
Note that we don't store db level grants if the global grants
is enough to satisfy the request.
****************************************************************************/ ****************************************************************************/
bool bool
......
...@@ -62,6 +62,12 @@ safe_query("create database $opt_database"); ...@@ -62,6 +62,12 @@ safe_query("create database $opt_database");
user_connect(1); user_connect(1);
#goto test; #goto test;
#
# Enable column grant code
#
safe_query("grant select(user) on mysql.user to $user");
safe_query("revoke select(user) on mysql.user from $user");
# #
# Test grants on user level # Test grants on user level
# #
...@@ -408,21 +414,29 @@ safe_query("grant ALL PRIVILEGES on $opt_database.test to $user identified by 'd ...@@ -408,21 +414,29 @@ safe_query("grant ALL PRIVILEGES on $opt_database.test to $user identified by 'd
user_connect(0,"dummy"); user_connect(0,"dummy");
safe_query("grant SELECT on $opt_database.* to $user identified by ''"); safe_query("grant SELECT on $opt_database.* to $user identified by ''");
user_connect(0); user_connect(0);
safe_query("revoke ALL PRIVILEGES on $opt_database.test from $user identified by ''"); safe_query("revoke ALL PRIVILEGES on $opt_database.test from $user identified by '', ${opt_user}\@127.0.0.1 identified by 'dummy2'");
safe_query("revoke ALL PRIVILEGES on $opt_database.* from $user identified by ''"); safe_query("revoke ALL PRIVILEGES on $opt_database.* from $user identified by ''");
safe_query("show grants for $user"); safe_query("show grants for $user");
# #
# Test bug reported in SELECT INTO OUTFILE # Test bug reported in SELECT INTO OUTFILE
# #
safe_query("create table $opt_database.test3 (a int)"); safe_query("create table $opt_database.test3 (a int, b int)");
safe_query("grant SELECT on $opt_database.test3 to $user"); safe_query("grant SELECT on $opt_database.test3 to $user");
safe_query("grant FILE on *.* to $user"); safe_query("grant FILE on *.* to $user");
safe_query("insert into $opt_database.test3 values (1)"); safe_query("insert into $opt_database.test3 values (1,1)");
user_connect(0); user_connect(0);
user_query("select * into outfile '$tmp_table' from $opt_database.test3"); user_query("select * into outfile '$tmp_table' from $opt_database.test3");
safe_query("revoke SELECT on $opt_database.test3 from $user"); safe_query("revoke SELECT on $opt_database.test3 from $user");
safe_query("grant SELECT(a) on $opt_database.test3 to $user");
user_query("select a from $opt_database.test3");
user_query("select * from $opt_database.test3",1);
user_query("select a,b from $opt_database.test3",1);
user_query("select b from $opt_database.test3",1);
safe_query("revoke SELECT(a) on $opt_database.test3 from $user");
safe_query("revoke FILE on *.* from $user"); safe_query("revoke FILE on *.* from $user");
safe_query("drop table $opt_database.test3"); safe_query("drop table $opt_database.test3");
......
...@@ -10,6 +10,8 @@ Error in execute: Can't drop database 'grant_test'. Database doesn't exist ...@@ -10,6 +10,8 @@ Error in execute: Can't drop database 'grant_test'. Database doesn't exist
create database grant_test create database grant_test
Connecting grant_user Connecting grant_user
Error on connect: Access denied for user: '@localhost' to database 'grant_test' Error on connect: Access denied for user: '@localhost' to database 'grant_test'
grant select(user) on mysql.user to grant_user@localhost
revoke select(user) on mysql.user from grant_user@localhost
grant select on *.* to grant_user@localhost grant select on *.* to grant_user@localhost
set password FOR grant_user2@localhost = password('test') set password FOR grant_user2@localhost = password('test')
Error in execute: Can't find any matching row in the user table Error in execute: Can't find any matching row in the user table
...@@ -106,21 +108,21 @@ select count(*) from grant_test.test ...@@ -106,21 +108,21 @@ select count(*) from grant_test.test
2 2
select * from mysql.user where user = 'grant_user' select * from mysql.user where user = 'grant_user'
Error in execute: select command denied to user: 'grant_user@localhost' for table 'user' Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
insert into grant_test.test values (4,0) insert into grant_test.test values (4,0)
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'test' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
update grant_test.test set a=1 update grant_test.test set a=1
Error in execute: update command denied to user: 'grant_user@localhost' for table 'test' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
delete from grant_test.test delete from grant_test.test
Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
create table grant_test.test2 (a int) create table grant_test.test2 (a int)
Error in execute: create command denied to user: 'grant_user@localhost' for table 'test2' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
ALTER TABLE grant_test.test add c int ALTER TABLE grant_test.test add c int
Error in execute: alter command denied to user: 'grant_user@localhost' for table 'test' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
CREATE INDEX dummy ON grant_test.test (a) CREATE INDEX dummy ON grant_test.test (a)
Error in execute: index command denied to user: 'grant_user@localhost' for table 'test' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
drop table grant_test.test drop table grant_test.test
Error in execute: drop command denied to user: 'grant_user@localhost' for table 'test' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user2@localhost grant ALL PRIVILEGES on grant_test.* to grant_user2@localhost
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user@localhost WITH GRANT OPTION grant ALL PRIVILEGES on grant_test.* to grant_user@localhost WITH GRANT OPTION
...@@ -133,14 +135,14 @@ REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost ...@@ -133,14 +135,14 @@ REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
Connecting grant_user Connecting grant_user
insert into grant_test.test values (6,0) insert into grant_test.test values (6,0)
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'test' Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
REVOKE GRANT OPTION on grant_test.* from grant_user@localhost REVOKE GRANT OPTION on grant_test.* from grant_user@localhost
Connecting grant_user Connecting grant_user
Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test' Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user@localhost grant ALL PRIVILEGES on grant_test.* to grant_user@localhost
Connecting grant_user Connecting grant_user
select * from mysql.user where user = 'grant_user' select * from mysql.user where user = 'grant_user'
Error in execute: select command denied to user: 'grant_user@localhost' for table 'user' Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
insert into grant_test.test values (7,0) insert into grant_test.test values (7,0)
update grant_test.test set a=3 where a=2 update grant_test.test set a=3 where a=2
delete from grant_test.test where a=3 delete from grant_test.test where a=3
...@@ -152,7 +154,7 @@ show tables from grant_test ...@@ -152,7 +154,7 @@ show tables from grant_test
test test
insert into mysql.user (host,user) values ('error','grant_user',0) insert into mysql.user (host,user) values ('error','grant_user',0)
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'user' Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost
select * from mysql.user where user = 'grant_user' select * from mysql.user where user = 'grant_user'
localhost grant_user N N N N N N N N N N N N N N N N N N N N N 0 0 0 localhost grant_user N N N N N N N N N N N N N N N N N N N N N 0 0 0
...@@ -200,7 +202,7 @@ Connecting grant_user ...@@ -200,7 +202,7 @@ Connecting grant_user
update grant_test.test set b=b+1 update grant_test.test set b=b+1
revoke SELECT on *.* from grant_user@localhost revoke SELECT on *.* from grant_user@localhost
Connecting grant_user Connecting grant_user
lect * from test select * from test
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test' Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
grant select on grant_test.test to grant_user@localhost grant select on grant_test.test to grant_user@localhost
delete from grant_test.test where a=1 delete from grant_test.test where a=1
...@@ -233,7 +235,7 @@ Error in execute: select command denied to user: 'grant_user@localhost' for tabl ...@@ -233,7 +235,7 @@ Error in execute: select command denied to user: 'grant_user@localhost' for tabl
select count(*) from test,test2 select count(*) from test,test2
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test2' Error in execute: select command denied to user: 'grant_user@localhost' for table 'test2'
replace into test2 SELECT a from test replace into test2 SELECT a from test
Error in execute: update command denied to user: 'grant_user@localhost' for table 'test2' Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test2'
grant update on grant_test.test2 to grant_user@localhost grant update on grant_test.test2 to grant_user@localhost
replace into test2 SELECT a,a from test replace into test2 SELECT a,a from test
Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test2' Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test2'
...@@ -448,21 +450,34 @@ grant ALL PRIVILEGES on grant_test.test to grant_user@localhost identified by 'd ...@@ -448,21 +450,34 @@ grant ALL PRIVILEGES on grant_test.test to grant_user@localhost identified by 'd
Connecting grant_user Connecting grant_user
grant SELECT on grant_test.* to grant_user@localhost identified by '' grant SELECT on grant_test.* to grant_user@localhost identified by ''
Connecting grant_user Connecting grant_user
revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by '' revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by '', grant_user@127.0.0.1 identified by 'dummy2'
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost identified by '' revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost identified by ''
show grants for grant_user@localhost show grants for grant_user@localhost
create table grant_test.test3 (a int) GRANT USAGE ON *.* TO 'grant_user'@'localhost'
create table grant_test.test3 (a int, b int)
grant SELECT on grant_test.test3 to grant_user@localhost grant SELECT on grant_test.test3 to grant_user@localhost
grant FILE on *.* to grant_user@localhost grant FILE on *.* to grant_user@localhost
insert into grant_test.test3 values (1) insert into grant_test.test3 values (1,1)
Connecting grant_user Connecting grant_user
select * into outfile '/tmp/mysql-grant.test' from grant_test.test3 select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
revoke SELECT on grant_test.test3 from grant_user@localhost revoke SELECT on grant_test.test3 from grant_user@localhost
grant SELECT(a) on grant_test.test3 to grant_user@localhost
select a from grant_test.test3
1
select * from grant_test.test3
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
select a,b from grant_test.test3
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
select b from grant_test.test3
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
revoke SELECT(a) on grant_test.test3 from grant_user@localhost
revoke FILE on *.* from grant_user@localhost revoke FILE on *.* from grant_user@localhost
drop table grant_test.test3 drop table grant_test.test3
create table grant_test.test3 (a int) create table grant_test.test3 (a int)
Connecting grant_user Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test' Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant INSERT on grant_test.test3 to grant_user@localhost grant INSERT on grant_test.test3 to grant_user@localhost
Connecting grant_user Connecting grant_user
select * into outfile '/tmp/mysql-grant.test' from grant_test.test3 select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
...@@ -487,9 +502,11 @@ revoke SELECT,INSERT,UPDATE,DELETE on grant_test.test3 from grant_user@localhost ...@@ -487,9 +502,11 @@ revoke SELECT,INSERT,UPDATE,DELETE on grant_test.test3 from grant_user@localhost
Connecting grant_user Connecting grant_user
revoke LOCK TABLES on *.* from grant_user@localhost revoke LOCK TABLES on *.* from grant_user@localhost
Connecting grant_user Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test' Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
drop table grant_test.test3 drop table grant_test.test3
show grants for grant_user@localhost show grants for grant_user@localhost
GRANT USAGE ON *.* TO 'grant_user'@'localhost'
grant all on *.* to grant_user@localhost WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3 grant all on *.* to grant_user@localhost WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
show grants for grant_user@localhost show grants for grant_user@localhost
GRANT ALL PRIVILEGES ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3 GRANT ALL PRIVILEGES ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
...@@ -501,6 +518,8 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, F ...@@ -501,6 +518,8 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, F
revoke ALL PRIVILEGES on *.* from grant_user@localhost revoke ALL PRIVILEGES on *.* from grant_user@localhost
show grants for grant_user@localhost show grants for grant_user@localhost
GRANT USAGE ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
drop database grant_test drop database grant_test
delete from user where user='grant_user' delete from user where user='grant_user'
delete from db where user='grant_user' delete from db where user='grant_user'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment