Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
5d5d5b08
Commit
5d5d5b08
authored
May 08, 2003
by
monty@mashka.mysql.fi
Browse files
Options
Browse Files
Download
Plain Diff
Merge to get security patch
parents
38bb63e1
71ce598f
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
50 additions
and
10 deletions
+50
-10
client/mysqldump.c
client/mysqldump.c
+1
-1
sql/sql_acl.cc
sql/sql_acl.cc
+6
-3
sql/sql_base.cc
sql/sql_base.cc
+4
-5
sql/sql_parse.cc
sql/sql_parse.cc
+11
-1
tests/grant.pl
tests/grant.pl
+13
-0
tests/grant.res
tests/grant.res
+15
-0
No files found.
client/mysqldump.c
View file @
5d5d5b08
...
@@ -1454,7 +1454,7 @@ int main(int argc, char **argv)
...
@@ -1454,7 +1454,7 @@ int main(int argc, char **argv)
else
else
{
{
row
=
mysql_fetch_row
(
master
);
row
=
mysql_fetch_row
(
master
);
if
(
row
[
0
]
&&
row
[
1
])
if
(
row
&&
row
[
0
]
&&
row
[
1
])
{
{
fprintf
(
md_result_file
,
fprintf
(
md_result_file
,
"
\n
--
\n
-- Position to start replication from
\n
--
\n\n
"
);
"
\n
--
\n
-- Position to start replication from
\n
--
\n\n
"
);
...
...
sql/sql_acl.cc
View file @
5d5d5b08
...
@@ -2520,8 +2520,8 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
...
@@ -2520,8 +2520,8 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
}
}
bool
check_grant_column
(
THD
*
thd
,
TABLE
*
table
,
const
char
*
name
,
bool
check_grant_column
(
THD
*
thd
,
TABLE
*
table
,
const
char
*
name
,
uint
length
,
uint
show_tables
)
uint
length
,
uint
show_tables
)
{
{
GRANT_TABLE
*
grant_table
;
GRANT_TABLE
*
grant_table
;
GRANT_COLUMN
*
grant_column
;
GRANT_COLUMN
*
grant_column
;
...
@@ -2529,6 +2529,8 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name,
...
@@ -2529,6 +2529,8 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name,
ulong
want_access
=
table
->
grant
.
want_privilege
;
ulong
want_access
=
table
->
grant
.
want_privilege
;
if
(
!
want_access
)
if
(
!
want_access
)
return
0
;
// Already checked
return
0
;
// Already checked
if
(
!
grant_option
)
goto
err2
;
pthread_mutex_lock
(
&
LOCK_grant
);
pthread_mutex_lock
(
&
LOCK_grant
);
...
@@ -2560,8 +2562,9 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name,
...
@@ -2560,8 +2562,9 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name,
#endif
#endif
/* We must use my_printf_error() here! */
/* We must use my_printf_error() here! */
err:
err:
pthread_mutex_unlock
(
&
LOCK_grant
);
pthread_mutex_unlock
(
&
LOCK_grant
);
err2:
if
(
!
show_tables
)
if
(
!
show_tables
)
{
{
char
command
[
128
];
char
command
[
128
];
...
...
sql/sql_base.cc
View file @
5d5d5b08
...
@@ -1694,7 +1694,7 @@ Field *find_field_in_table(THD *thd,TABLE *table,const char *name,uint length,
...
@@ -1694,7 +1694,7 @@ Field *find_field_in_table(THD *thd,TABLE *table,const char *name,uint length,
else
else
thd
->
dupp_field
=
field
;
thd
->
dupp_field
=
field
;
}
}
if
(
check_grants
&&
check_grant_column
(
thd
,
table
,
name
,
length
))
if
(
check_grants
&&
check_grant_column
(
thd
,
table
,
name
,
length
))
return
WRONG_GRANT
;
return
WRONG_GRANT
;
return
field
;
return
field
;
}
}
...
@@ -1719,8 +1719,8 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables)
...
@@ -1719,8 +1719,8 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables)
{
{
found_table
=
1
;
found_table
=
1
;
Field
*
find
=
find_field_in_table
(
thd
,
tables
->
table
,
name
,
length
,
Field
*
find
=
find_field_in_table
(
thd
,
tables
->
table
,
name
,
length
,
grant_option
&&
test
(
tables
->
table
->
grant
.
tables
->
table
->
grant
.
want_privilege
,
want_privilege
)
,
1
);
1
);
if
(
find
)
if
(
find
)
{
{
...
@@ -1760,8 +1760,7 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables)
...
@@ -1760,8 +1760,7 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables)
for
(;
tables
;
tables
=
tables
->
next
)
for
(;
tables
;
tables
=
tables
->
next
)
{
{
Field
*
field
=
find_field_in_table
(
thd
,
tables
->
table
,
name
,
length
,
Field
*
field
=
find_field_in_table
(
thd
,
tables
->
table
,
name
,
length
,
grant_option
&&
test
(
tables
->
table
->
grant
.
want_privilege
),
tables
->
table
->
grant
.
want_privilege
,
allow_rowid
);
allow_rowid
);
if
(
field
)
if
(
field
)
{
{
...
...
sql/sql_parse.cc
View file @
5d5d5b08
...
@@ -2559,7 +2559,17 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
...
@@ -2559,7 +2559,17 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
if
((
thd
->
master_access
&
want_access
)
==
want_access
)
if
((
thd
->
master_access
&
want_access
)
==
want_access
)
{
{
*
save_priv
=
thd
->
master_access
|
thd
->
db_access
;
/*
If we don't have a global SELECT privilege, we have to get the database
specific access rights to be able to handle queries of type
UPDATE t1 SET a=1 WHERE b > 0
*/
db_access
=
thd
->
db_access
;
if
(
!
(
thd
->
master_access
&
SELECT_ACL
)
&&
(
db
&&
(
!
thd
->
db
||
strcmp
(
db
,
thd
->
db
))))
db_access
=
acl_get
(
thd
->
host
,
thd
->
ip
,
(
char
*
)
&
thd
->
remote
.
sin_addr
,
thd
->
priv_user
,
db
);
/* purecov: inspected */
*
save_priv
=
thd
->
master_access
|
db_access
;
DBUG_RETURN
(
FALSE
);
DBUG_RETURN
(
FALSE
);
}
}
if
(((
want_access
&
~
thd
->
master_access
)
&
~
(
DB_ACLS
|
EXTRA_ACL
))
||
if
(((
want_access
&
~
thd
->
master_access
)
&
~
(
DB_ACLS
|
EXTRA_ACL
))
||
...
...
tests/grant.pl
View file @
5d5d5b08
...
@@ -223,8 +223,21 @@ user_query("update $opt_database.test set b=b+1",1);
...
@@ -223,8 +223,21 @@ user_query("update $opt_database.test set b=b+1",1);
safe_query
("
grant SELECT on *.* to
$user
");
safe_query
("
grant SELECT on *.* to
$user
");
user_connect
(
0
);
user_connect
(
0
);
user_query
("
update
$opt_database
.test set b=b+1
");
user_query
("
update
$opt_database
.test set b=b+1
");
user_query
("
update
$opt_database
.test set b=b+1 where a > 0
");
safe_query
("
revoke SELECT on *.* from
$user
");
safe_query
("
revoke SELECT on *.* from
$user
");
safe_query
("
grant SELECT on
$opt_database
.* to
$user
");
user_connect
(
0
);
user_connect
(
0
);
user_query
("
update
$opt_database
.test set b=b+1
");
user_query
("
update
$opt_database
.test set b=b+1 where a > 0
");
safe_query
("
grant UPDATE on *.* to
$user
");
user_connect
(
0
);
user_query
("
update
$opt_database
.test set b=b+1
");
user_query
("
update
$opt_database
.test set b=b+1 where a > 0
");
safe_query
("
revoke UPDATE on *.* from
$user
");
safe_query
("
revoke SELECT on
$opt_database
.* from
$user
");
user_connect
(
0
);
user_query
("
update
$opt_database
.test set b=b+1 where a > 0
",
1
);
user_query
("
update
$opt_database
.test set b=b+1
",
1
);
# Add one privilege at a time until the user has all privileges
# Add one privilege at a time until the user has all privileges
user_query
("
select * from test
",
1
);
user_query
("
select * from test
",
1
);
...
...
tests/grant.res
View file @
5d5d5b08
...
@@ -200,8 +200,23 @@ Error in execute: SELECT command denied to user: 'grant_user@localhost' for colu
...
@@ -200,8 +200,23 @@ Error in execute: SELECT command denied to user: 'grant_user@localhost' for colu
grant SELECT on *.* to grant_user@localhost
grant SELECT on *.* to grant_user@localhost
Connecting grant_user
Connecting grant_user
update grant_test.test set b=b+1
update grant_test.test set b=b+1
update grant_test.test set b=b+1 where a > 0
revoke SELECT on *.* from grant_user@localhost
revoke SELECT on *.* from grant_user@localhost
grant SELECT on grant_test.* to grant_user@localhost
Connecting grant_user
Connecting grant_user
update grant_test.test set b=b+1
update grant_test.test set b=b+1 where a > 0
grant UPDATE on *.* to grant_user@localhost
Connecting grant_user
update grant_test.test set b=b+1
update grant_test.test set b=b+1 where a > 0
revoke UPDATE on *.* from grant_user@localhost
revoke SELECT on grant_test.* from grant_user@localhost
Connecting grant_user
update grant_test.test set b=b+1 where a > 0
Error in execute: select command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
update grant_test.test set b=b+1
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
select * from test
select * from test
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
grant select on grant_test.test to grant_user@localhost
grant select on grant_test.test to grant_user@localhost
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment