Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
51eed4b4
Commit
51eed4b4
authored
Apr 28, 2003
by
monty@mashka.mysql.fi
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix for openssl on Solaris
Fix for grant bug with SELECT *
parent
c1376737
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
84 additions
and
40 deletions
+84
-40
include/my_global.h
include/my_global.h
+4
-0
sql/item_strfunc.cc
sql/item_strfunc.cc
+0
-3
sql/sql_acl.cc
sql/sql_acl.cc
+9
-8
sql/sql_base.cc
sql/sql_base.cc
+3
-2
sql/sql_parse.cc
sql/sql_parse.cc
+14
-6
tests/grant.pl
tests/grant.pl
+17
-3
tests/grant.res
tests/grant.res
+37
-18
No files found.
include/my_global.h
View file @
51eed4b4
...
...
@@ -267,6 +267,10 @@ C_MODE_END
#include <asm/atomic.h>
#endif
#include <errno.h>
/* Recommended by debian */
/* We need the following to go around a problem with openssl on solaris */
#if defined(HAVE_CRYPT)
#include <crypt.h>
#endif
/* Go around some bugs in different OS and compilers */
#if defined(_HPUX_SOURCE) && defined(HAVE_SYS_STREAM_H)
...
...
sql/item_strfunc.cc
View file @
51eed4b4
...
...
@@ -27,9 +27,6 @@
#include "mysql_priv.h"
#include "sql_acl.h"
#include <m_ctype.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#endif
/* HAVE_OPENSSL */
...
...
sql/sql_acl.cc
View file @
51eed4b4
...
...
@@ -1997,10 +1997,10 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
}
int
mysql_table_grant
(
THD
*
thd
,
TABLE_LIST
*
table_list
,
List
<
LEX_USER
>
&
user_list
,
List
<
LEX_COLUMN
>
&
columns
,
ulong
rights
,
bool
revoke_grant
)
int
mysql_table_grant
(
THD
*
thd
,
TABLE_LIST
*
table_list
,
List
<
LEX_USER
>
&
user_list
,
List
<
LEX_COLUMN
>
&
columns
,
ulong
rights
,
bool
revoke_grant
)
{
ulong
column_priv
=
0
;
List_iterator
<
LEX_USER
>
str_list
(
user_list
);
...
...
@@ -2374,7 +2374,7 @@ my_bool grant_init(THD *org_thd)
mem_check
->
ok
()
&&
hash_insert
(
&
hash_tables
,(
byte
*
)
mem_check
))
{
/* This could only happen if we are out memory */
grant_option
=
FALSE
;
/* purecov: deadcode */
grant_option
=
FALSE
;
/* purecov: deadcode */
goto
end_unlock
;
}
}
...
...
@@ -2404,7 +2404,8 @@ my_bool grant_init(THD *org_thd)
void
grant_reload
(
THD
*
thd
)
{
HASH
old_hash_tables
;
bool
old_grant_option
;
HASH
old_hash_tables
;
bool
old_grant_option
;
MEM_ROOT
old_mem
;
DBUG_ENTER
(
"grant_reload"
);
...
...
@@ -2413,14 +2414,14 @@ void grant_reload(THD *thd)
pthread_mutex_lock
(
&
LOCK_grant
);
grant_version
++
;
old_hash_tables
=
hash_tables
;
old_grant_option
=
grant_option
;
old_grant_option
=
grant_option
;
old_mem
=
memex
;
if
(
grant_init
(
thd
))
{
// Error. Revert to old hash
grant_free
();
/* purecov: deadcode */
hash_tables
=
old_hash_tables
;
/* purecov: deadcode */
grant_option
=
old_grant_option
;
/* purecov: deadcode */
grant_option
=
old_grant_option
;
/* purecov: deadcode */
memex
=
old_mem
;
/* purecov: deadcode */
}
else
...
...
sql/sql_base.cc
View file @
51eed4b4
...
...
@@ -1984,8 +1984,9 @@ insert_fields(THD *thd,TABLE_LIST *tables, const char *db_name,
(
!
db_name
||
!
strcmp
(
tables
->
db
,
db_name
))))
{
/* Ensure that we have access right to all columns */
if
(
grant_option
&&
!
thd
->
master_access
&&
check_grant_all_columns
(
thd
,
SELECT_ACL
,
table
)
)
if
(
grant_option
&&
!
(
table
->
grant
.
privilege
&
table
->
grant
.
want_privilege
)
&&
check_grant_all_columns
(
thd
,
SELECT_ACL
,
table
))
DBUG_RETURN
(
-
1
);
Field
**
ptr
=
table
->
field
,
*
field
;
thd
->
used_tables
|=
table
->
map
;
...
...
sql/sql_parse.cc
View file @
51eed4b4
...
...
@@ -2519,12 +2519,20 @@ mysql_execute_command(void)
/****************************************************************************
Get the user (global) and database privileges for all used tables
Returns true (error) if we can't get the privileges and we don't use
table/column grants.
The idea of EXTRA_ACL is that one will be granted access to the table if
one has the asked privilege on any column combination of the table; For
example to be able to check a table one needs to have SELECT privilege on
any column of the table.
NOTES
The idea of EXTRA_ACL is that one will be granted access to the table if
one has the asked privilege on any column combination of the table; For
example to be able to check a table one needs to have SELECT privilege on
any column of the table.
RETURN
0 ok
1 If we can't get the privileges and we don't use table/column grants.
save_priv In this we store global and db level grants for the table
Note that we don't store db level grants if the global grants
is enough to satisfy the request.
****************************************************************************/
bool
...
...
tests/grant.pl
View file @
51eed4b4
...
...
@@ -62,6 +62,12 @@ safe_query("create database $opt_database");
user_connect
(
1
);
#goto test;
#
# Enable column grant code
#
safe_query
("
grant select(user) on mysql.user to
$user
");
safe_query
("
revoke select(user) on mysql.user from
$user
");
#
# Test grants on user level
#
...
...
@@ -408,21 +414,29 @@ safe_query("grant ALL PRIVILEGES on $opt_database.test to $user identified by 'd
user_connect
(
0
,"
dummy
");
safe_query
("
grant SELECT on
$opt_database
.* to
$user
identified by ''
");
user_connect
(
0
);
safe_query
("
revoke ALL PRIVILEGES on
$opt_database
.test from
$user
identified by ''
");
safe_query
("
revoke ALL PRIVILEGES on
$opt_database
.test from
$user
identified by ''
,
${opt_user}
\
@127.0.0.1 identified by 'dummy2'
");
safe_query
("
revoke ALL PRIVILEGES on
$opt_database
.* from
$user
identified by ''
");
safe_query
("
show grants for
$user
");
#
# Test bug reported in SELECT INTO OUTFILE
#
safe_query
("
create table
$opt_database
.test3 (a int)
");
safe_query
("
create table
$opt_database
.test3 (a int
, b int
)
");
safe_query
("
grant SELECT on
$opt_database
.test3 to
$user
");
safe_query
("
grant FILE on *.* to
$user
");
safe_query
("
insert into
$opt_database
.test3 values (1)
");
safe_query
("
insert into
$opt_database
.test3 values (1
,1
)
");
user_connect
(
0
);
user_query
("
select * into outfile '
$tmp_table
' from
$opt_database
.test3
");
safe_query
("
revoke SELECT on
$opt_database
.test3 from
$user
");
safe_query
("
grant SELECT(a) on
$opt_database
.test3 to
$user
");
user_query
("
select a from
$opt_database
.test3
");
user_query
("
select * from
$opt_database
.test3
",
1
);
user_query
("
select a,b from
$opt_database
.test3
",
1
);
user_query
("
select b from
$opt_database
.test3
",
1
);
safe_query
("
revoke SELECT(a) on
$opt_database
.test3 from
$user
");
safe_query
("
revoke FILE on *.* from
$user
");
safe_query
("
drop table
$opt_database
.test3
");
...
...
tests/grant.res
View file @
51eed4b4
...
...
@@ -10,6 +10,8 @@ Error in execute: Can't drop database 'grant_test'. Database doesn't exist
create database grant_test
Connecting grant_user
Error on connect: Access denied for user: '@localhost' to database 'grant_test'
grant select(user) on mysql.user to grant_user@localhost
revoke select(user) on mysql.user from grant_user@localhost
grant select on *.* to grant_user@localhost
set password FOR grant_user2@localhost = password('test')
Error in execute: Can't find any matching row in the user table
...
...
@@ -106,21 +108,21 @@ select count(*) from grant_test.test
2
select * from mysql.user where user = 'grant_user'
Error in execute:
select command denied to user: 'grant_user@localhost' for table 'user
'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'mysql
'
insert into grant_test.test values (4,0)
Error in execute:
insert command denied to user: 'grant_user@localhost' for table '
test'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'grant_
test'
update grant_test.test set a=1
Error in execute:
update command denied to user: 'grant_user@localhost' for table '
test'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'grant_
test'
delete from grant_test.test
Error in execute:
delete command denied to user: 'grant_user@localhost' for table '
test'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'grant_
test'
create table grant_test.test2 (a int)
Error in execute:
create command denied to user: 'grant_user@localhost' for table 'test2
'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'grant_test
'
ALTER TABLE grant_test.test add c int
Error in execute:
alter command denied to user: 'grant_user@localhost' for table '
test'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'grant_
test'
CREATE INDEX dummy ON grant_test.test (a)
Error in execute:
index command denied to user: 'grant_user@localhost' for table '
test'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'grant_
test'
drop table grant_test.test
Error in execute:
drop command denied to user: 'grant_user@localhost' for table '
test'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'grant_
test'
grant ALL PRIVILEGES on grant_test.* to grant_user2@localhost
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user@localhost WITH GRANT OPTION
...
...
@@ -133,14 +135,14 @@ REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
Connecting grant_user
insert into grant_test.test values (6,0)
Error in execute:
insert command denied to user: 'grant_user@localhost' for table '
test'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'grant_
test'
REVOKE GRANT OPTION on grant_test.* from grant_user@localhost
Connecting grant_user
Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user@localhost
Connecting grant_user
select * from mysql.user where user = 'grant_user'
Error in execute:
select command denied to user: 'grant_user@localhost' for table 'user
'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'mysql
'
insert into grant_test.test values (7,0)
update grant_test.test set a=3 where a=2
delete from grant_test.test where a=3
...
...
@@ -152,7 +154,7 @@ show tables from grant_test
test
insert into mysql.user (host,user) values ('error','grant_user',0)
Error in execute:
insert command denied to user: 'grant_user@localhost' for table 'user
'
Error in execute:
Access denied for user: 'grant_user@localhost' to database 'mysql
'
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost
select * from mysql.user where user = 'grant_user'
localhost grant_user N N N N N N N N N N N N N N N N N N N N N 0 0 0
...
...
@@ -200,7 +202,7 @@ Connecting grant_user
update grant_test.test set b=b+1
revoke SELECT on *.* from grant_user@localhost
Connecting grant_user
lect * from test
se
lect * from test
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
grant select on grant_test.test to grant_user@localhost
delete from grant_test.test where a=1
...
...
@@ -233,7 +235,7 @@ Error in execute: select command denied to user: 'grant_user@localhost' for tabl
select count(*) from test,test2
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test2'
replace into test2 SELECT a from test
Error in execute:
upda
te command denied to user: 'grant_user@localhost' for table 'test2'
Error in execute:
dele
te command denied to user: 'grant_user@localhost' for table 'test2'
grant update on grant_test.test2 to grant_user@localhost
replace into test2 SELECT a,a from test
Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test2'
...
...
@@ -448,21 +450,34 @@ grant ALL PRIVILEGES on grant_test.test to grant_user@localhost identified by 'd
Connecting grant_user
grant SELECT on grant_test.* to grant_user@localhost identified by ''
Connecting grant_user
revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by ''
revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by ''
, grant_user@127.0.0.1 identified by 'dummy2'
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost identified by ''
show grants for grant_user@localhost
create table grant_test.test3 (a int)
GRANT USAGE ON *.* TO 'grant_user'@'localhost'
create table grant_test.test3 (a int, b int)
grant SELECT on grant_test.test3 to grant_user@localhost
grant FILE on *.* to grant_user@localhost
insert into grant_test.test3 values (1)
insert into grant_test.test3 values (1
,1
)
Connecting grant_user
select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
revoke SELECT on grant_test.test3 from grant_user@localhost
grant SELECT(a) on grant_test.test3 to grant_user@localhost
select a from grant_test.test3
1
select * from grant_test.test3
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
select a,b from grant_test.test3
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
select b from grant_test.test3
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
revoke SELECT(a) on grant_test.test3 from grant_user@localhost
revoke FILE on *.* from grant_user@localhost
drop table grant_test.test3
create table grant_test.test3 (a int)
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error on connect:
Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant INSERT on grant_test.test3 to grant_user@localhost
Connecting grant_user
select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
...
...
@@ -487,9 +502,11 @@ revoke SELECT,INSERT,UPDATE,DELETE on grant_test.test3 from grant_user@localhost
Connecting grant_user
revoke LOCK TABLES on *.* from grant_user@localhost
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error on connect:
Access denied for user: 'grant_user@localhost' to database 'grant_test'
drop table grant_test.test3
show grants for grant_user@localhost
GRANT USAGE ON *.* TO 'grant_user'@'localhost'
grant all on *.* to grant_user@localhost WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
show grants for grant_user@localhost
GRANT ALL PRIVILEGES ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
...
...
@@ -501,6 +518,8 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, F
revoke ALL PRIVILEGES on *.* from grant_user@localhost
show grants for grant_user@localhost
GRANT USAGE ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
drop database grant_test
delete from user where user='grant_user'
delete from db where user='grant_user'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment