Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
12bf7dcd
Commit
12bf7dcd
authored
Dec 30, 2004
by
serg@sergbook.mysql.com
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
unsufficient privilege checks in GRANT, when a grantor has column-level privileges
parent
72d446ac
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
55 additions
and
55 deletions
+55
-55
mysql-test/r/alter_table.result
mysql-test/r/alter_table.result
+1
-1
mysql-test/r/grant.result
mysql-test/r/grant.result
+1
-1
mysql-test/r/grant_cache.result
mysql-test/r/grant_cache.result
+3
-3
sql/sql_acl.cc
sql/sql_acl.cc
+50
-50
No files found.
mysql-test/r/alter_table.result
View file @
12bf7dcd
...
...
@@ -121,7 +121,7 @@ create database mysqltest;
create table mysqltest.t1 (a int,b int,c int);
grant all on mysqltest.t1 to mysqltest_1@localhost;
alter table t1 rename t2;
insert
command denied to user: 'mysqltest_1@localhost' for table 't2'
INSERT,CREATE
command denied to user: 'mysqltest_1@localhost' for table 't2'
revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
drop database mysqltest;
...
...
mysql-test/r/grant.result
View file @
12bf7dcd
...
...
@@ -198,7 +198,7 @@ GRANT UPDATE (d) ON `mysqltest_2`.`t2` TO 'mysqltest_3'@'localhost'
update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1;
UPDATE command denied to user: 'mysqltest_3@localhost' for column 'q' in table 't1'
update mysqltest_1.t1, mysqltest_2.t2 set d=20 where d=1;
select
command denied to user: 'mysqltest_3@localhost' for table 't1'
SELECT
command denied to user: 'mysqltest_3@localhost' for table 't1'
update mysqltest_2.t1, mysqltest_1.t2 set c=20 where b=1;
UPDATE command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
update mysqltest_2.t1, mysqltest_2.t2 set d=10 where s=2;
...
...
mysql-test/r/grant_cache.result
View file @
12bf7dcd
...
...
@@ -121,7 +121,7 @@ a b c a
1 1 1 test.t1
2 2 2 test.t1
select * from t2;
select
command denied to user: 'mysqltest_2@localhost' for table 't2'
SELECT
command denied to user: 'mysqltest_2@localhost' for table 't2'
show status like "Qcache_queries_in_cache";
Variable_name Value
Qcache_queries_in_cache 6
...
...
@@ -135,7 +135,7 @@ select "user3";
user3
user3
select * from t1;
select
command denied to user: 'mysqltest_3@localhost' for column 'b' in table 't1'
SELECT
command denied to user: 'mysqltest_3@localhost' for column 'b' in table 't1'
select a from t1;
a
1
...
...
@@ -143,7 +143,7 @@ a
select c from t1;
SELECT command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
select * from t2;
select
command denied to user: 'mysqltest_3@localhost' for table 't2'
SELECT
command denied to user: 'mysqltest_3@localhost' for table 't2'
select mysqltest.t1.c from test.t1,mysqltest.t1;
SELECT command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'
show status like "Qcache_queries_in_cache";
...
...
sql/sql_acl.cc
View file @
12bf7dcd
...
...
@@ -2134,37 +2134,57 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
DBUG_RETURN
(
-
1
);
}
if
(
columns
.
elements
&&
!
revoke_grant
)
if
(
!
revoke_grant
)
{
TABLE
*
table
;
class
LEX_COLUMN
*
column
;
List_iterator
<
LEX_COLUMN
>
column_iter
(
columns
);
if
(
!
(
table
=
open_ltable
(
thd
,
table_list
,
TL_READ
)))
DBUG_RETURN
(
-
1
);
while
((
column
=
column_iter
++
))
if
(
columns
.
elements
&&
!
revoke_grant
)
{
if
(
!
find_field_in_table
(
thd
,
table
,
column
->
column
.
ptr
(),
column
->
column
.
length
(),
0
,
0
))
TABLE
*
table
;
class
LEX_COLUMN
*
column
;
List_iterator
<
LEX_COLUMN
>
column_iter
(
columns
);
if
(
!
(
table
=
open_ltable
(
thd
,
table_list
,
TL_READ
)))
DBUG_RETURN
(
-
1
);
while
((
column
=
column_iter
++
))
{
my_printf_error
(
ER_BAD_FIELD_ERROR
,
ER
(
ER_BAD_FIELD_ERROR
),
MYF
(
0
),
column
->
column
.
c_ptr
(),
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
Field
*
f
=
find_field_in_table
(
thd
,
table
,
column
->
column
.
ptr
(),
column
->
column
.
length
(),
1
,
0
);
if
(
!
f
)
{
my_printf_error
(
ER_BAD_FIELD_ERROR
,
ER
(
ER_BAD_FIELD_ERROR
),
MYF
(
0
),
column
->
column
.
c_ptr
(),
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
}
if
(
f
==
(
Field
*
)
-
1
)
{
DBUG_RETURN
(
-
1
);
}
column_priv
|=
column
->
rights
;
}
c
olumn_priv
|=
column
->
rights
;
c
lose_thread_tables
(
thd
)
;
}
close_thread_tables
(
thd
);
}
else
if
(
!
(
rights
&
CREATE_ACL
)
&&
!
revoke_grant
)
{
char
buf
[
FN_REFLEN
];
sprintf
(
buf
,
"%s/%s/%s.frm"
,
mysql_data_home
,
table_list
->
db
,
table_list
->
real_name
);
fn_format
(
buf
,
buf
,
""
,
""
,
4
+
16
+
32
);
if
(
access
(
buf
,
F_OK
))
else
{
my_error
(
ER_NO_SUCH_TABLE
,
MYF
(
0
),
table_list
->
db
,
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
if
(
!
(
rights
&
CREATE_ACL
))
{
char
buf
[
FN_REFLEN
];
sprintf
(
buf
,
"%s/%s/%s.frm"
,
mysql_data_home
,
table_list
->
db
,
table_list
->
real_name
);
fn_format
(
buf
,
buf
,
""
,
""
,
4
+
16
+
32
);
if
(
access
(
buf
,
F_OK
))
{
my_error
(
ER_NO_SUCH_TABLE
,
MYF
(
0
),
table_list
->
db
,
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
}
}
if
(
table_list
->
grant
.
want_privilege
)
{
char
command
[
128
];
get_privilege_desc
(
command
,
sizeof
(
command
),
table_list
->
grant
.
want_privilege
);
my_error
(
ER_TABLEACCESS_DENIED_ERROR
,
MYF
(
0
),
command
,
thd
->
priv_user
,
thd
->
host_or_ip
,
table_list
->
alias
);
DBUG_RETURN
(
-
1
);
}
}
}
...
...
@@ -2189,7 +2209,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
*/
if
(
thd
->
slave_thread
&&
table_rules_on
)
{
/*
/*
The tables must be marked "updating" so that tables_ok() takes them into
account in tests.
*/
...
...
@@ -2636,25 +2656,8 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
pthread_mutex_unlock
(
&
LOCK_grant
);
if
(
!
no_errors
)
// Not a silent skip of table
{
const
char
*
command
=
""
;
if
(
want_access
&
SELECT_ACL
)
command
=
"select"
;
else
if
(
want_access
&
INSERT_ACL
)
command
=
"insert"
;
else
if
(
want_access
&
UPDATE_ACL
)
command
=
"update"
;
else
if
(
want_access
&
DELETE_ACL
)
command
=
"delete"
;
else
if
(
want_access
&
DROP_ACL
)
command
=
"drop"
;
else
if
(
want_access
&
CREATE_ACL
)
command
=
"create"
;
else
if
(
want_access
&
ALTER_ACL
)
command
=
"alter"
;
else
if
(
want_access
&
INDEX_ACL
)
command
=
"index"
;
else
if
(
want_access
&
GRANT_ACL
)
command
=
"grant"
;
char
command
[
128
];
get_privilege_desc
(
command
,
sizeof
(
command
),
want_access
);
net_printf
(
&
thd
->
net
,
ER_TABLEACCESS_DENIED_ERROR
,
command
,
thd
->
priv_user
,
...
...
@@ -2767,11 +2770,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access, TABLE *table)
err:
pthread_mutex_unlock
(
&
LOCK_grant
);
const
char
*
command
=
""
;
if
(
want_access
&
SELECT_ACL
)
command
=
"select"
;
else
if
(
want_access
&
INSERT_ACL
)
command
=
"insert"
;
char
command
[
128
];
get_privilege_desc
(
command
,
sizeof
(
command
),
want_access
);
my_printf_error
(
ER_COLUMNACCESS_DENIED_ERROR
,
ER
(
ER_COLUMNACCESS_DENIED_ERROR
),
MYF
(
0
),
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment