Commit 4945aa8d authored by unknown's avatar unknown

Fix for checking global_access rights

parent d4210825
...@@ -1482,9 +1482,8 @@ mysql_execute_command(void) ...@@ -1482,9 +1482,8 @@ mysql_execute_command(void)
} }
case SQLCOM_SHOW_SLAVE_STAT: case SQLCOM_SHOW_SLAVE_STAT:
{ {
/* Accept two privileges */ /* Accept one of two privileges */
if (check_global_access(thd, SUPER_ACL) && if (check_global_access(thd, SUPER_ACL | REPL_CLIENT_ACL))
check_global_access(thd, REPL_CLIENT_ACL))
goto error; goto error;
LOCK_ACTIVE_MI; LOCK_ACTIVE_MI;
res = show_master_info(thd,active_mi); res = show_master_info(thd,active_mi);
...@@ -1493,9 +1492,8 @@ mysql_execute_command(void) ...@@ -1493,9 +1492,8 @@ mysql_execute_command(void)
} }
case SQLCOM_SHOW_MASTER_STAT: case SQLCOM_SHOW_MASTER_STAT:
{ {
/* Accept two privileges */ /* Accept one of two privileges */
if (check_global_access(thd, SUPER_ACL) && if (check_global_access(thd, SUPER_ACL | REPL_CLIENT_ACL))
check_global_access(thd, REPL_CLIENT_ACL))
goto error; goto error;
res = show_binlog_info(thd); res = show_binlog_info(thd);
break; break;
...@@ -2620,12 +2618,29 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, ...@@ -2620,12 +2618,29 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
} }
/* check for global access and give descriptive error message if it fails */ /*
check for global access and give descriptive error message if it fails
SYNOPSIS
check_global_access()
thd Thread handler
want_access Use should have any of these global rights
WARNING
One gets access rigth if one has ANY of the rights in want_access
This is useful as one in most cases only need one global right,
but in some case we want to check if the user has SUPER or
REPL_CLIENT_ACL rights.
RETURN
0 ok
1 Access denied. In this case an error is sent to the client
*/
bool check_global_access(THD *thd, ulong want_access) bool check_global_access(THD *thd, ulong want_access)
{ {
char command[128]; char command[128];
if ((thd->master_access & want_access) == want_access) if ((thd->master_access & want_access))
return 0; return 0;
get_privilege_desc(command, sizeof(command), want_access); get_privilege_desc(command, sizeof(command), want_access);
net_printf(&thd->net,ER_SPECIFIC_ACCESS_DENIED_ERROR, net_printf(&thd->net,ER_SPECIFIC_ACCESS_DENIED_ERROR,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment