Commit 5d5d5b08 authored by monty@mashka.mysql.fi's avatar monty@mashka.mysql.fi

Merge to get security patch

parents 38bb63e1 71ce598f
...@@ -1454,7 +1454,7 @@ int main(int argc, char **argv) ...@@ -1454,7 +1454,7 @@ int main(int argc, char **argv)
else else
{ {
row = mysql_fetch_row(master); row = mysql_fetch_row(master);
if (row[0] && row[1]) if (row && row[0] && row[1])
{ {
fprintf(md_result_file, fprintf(md_result_file,
"\n--\n-- Position to start replication from\n--\n\n"); "\n--\n-- Position to start replication from\n--\n\n");
......
...@@ -2520,8 +2520,8 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, ...@@ -2520,8 +2520,8 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
} }
bool check_grant_column (THD *thd,TABLE *table, const char *name, bool check_grant_column(THD *thd,TABLE *table, const char *name,
uint length, uint show_tables) uint length, uint show_tables)
{ {
GRANT_TABLE *grant_table; GRANT_TABLE *grant_table;
GRANT_COLUMN *grant_column; GRANT_COLUMN *grant_column;
...@@ -2529,6 +2529,8 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name, ...@@ -2529,6 +2529,8 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name,
ulong want_access=table->grant.want_privilege; ulong want_access=table->grant.want_privilege;
if (!want_access) if (!want_access)
return 0; // Already checked return 0; // Already checked
if (!grant_option)
goto err2;
pthread_mutex_lock(&LOCK_grant); pthread_mutex_lock(&LOCK_grant);
...@@ -2560,8 +2562,9 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name, ...@@ -2560,8 +2562,9 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name,
#endif #endif
/* We must use my_printf_error() here! */ /* We must use my_printf_error() here! */
err: err:
pthread_mutex_unlock(&LOCK_grant); pthread_mutex_unlock(&LOCK_grant);
err2:
if (!show_tables) if (!show_tables)
{ {
char command[128]; char command[128];
......
...@@ -1694,7 +1694,7 @@ Field *find_field_in_table(THD *thd,TABLE *table,const char *name,uint length, ...@@ -1694,7 +1694,7 @@ Field *find_field_in_table(THD *thd,TABLE *table,const char *name,uint length,
else else
thd->dupp_field=field; thd->dupp_field=field;
} }
if (check_grants && check_grant_column(thd,table,name,length)) if (check_grants && check_grant_column(thd,table,name,length))
return WRONG_GRANT; return WRONG_GRANT;
return field; return field;
} }
...@@ -1719,8 +1719,8 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables) ...@@ -1719,8 +1719,8 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables)
{ {
found_table=1; found_table=1;
Field *find=find_field_in_table(thd,tables->table,name,length, Field *find=find_field_in_table(thd,tables->table,name,length,
grant_option && test(tables->table->grant.
tables->table->grant.want_privilege, want_privilege),
1); 1);
if (find) if (find)
{ {
...@@ -1760,8 +1760,7 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables) ...@@ -1760,8 +1760,7 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables)
for (; tables ; tables=tables->next) for (; tables ; tables=tables->next)
{ {
Field *field=find_field_in_table(thd,tables->table,name,length, Field *field=find_field_in_table(thd,tables->table,name,length,
grant_option && test(tables->table->grant.want_privilege),
tables->table->grant.want_privilege,
allow_rowid); allow_rowid);
if (field) if (field)
{ {
......
...@@ -2559,7 +2559,17 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, ...@@ -2559,7 +2559,17 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
if ((thd->master_access & want_access) == want_access) if ((thd->master_access & want_access) == want_access)
{ {
*save_priv=thd->master_access | thd->db_access; /*
If we don't have a global SELECT privilege, we have to get the database
specific access rights to be able to handle queries of type
UPDATE t1 SET a=1 WHERE b > 0
*/
db_access= thd->db_access;
if (!(thd->master_access & SELECT_ACL) &&
(db && (!thd->db || strcmp(db,thd->db))))
db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
thd->priv_user, db); /* purecov: inspected */
*save_priv=thd->master_access | db_access;
DBUG_RETURN(FALSE); DBUG_RETURN(FALSE);
} }
if (((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL)) || if (((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL)) ||
......
...@@ -223,8 +223,21 @@ user_query("update $opt_database.test set b=b+1",1); ...@@ -223,8 +223,21 @@ user_query("update $opt_database.test set b=b+1",1);
safe_query("grant SELECT on *.* to $user"); safe_query("grant SELECT on *.* to $user");
user_connect(0); user_connect(0);
user_query("update $opt_database.test set b=b+1"); user_query("update $opt_database.test set b=b+1");
user_query("update $opt_database.test set b=b+1 where a > 0");
safe_query("revoke SELECT on *.* from $user"); safe_query("revoke SELECT on *.* from $user");
safe_query("grant SELECT on $opt_database.* to $user");
user_connect(0); user_connect(0);
user_query("update $opt_database.test set b=b+1");
user_query("update $opt_database.test set b=b+1 where a > 0");
safe_query("grant UPDATE on *.* to $user");
user_connect(0);
user_query("update $opt_database.test set b=b+1");
user_query("update $opt_database.test set b=b+1 where a > 0");
safe_query("revoke UPDATE on *.* from $user");
safe_query("revoke SELECT on $opt_database.* from $user");
user_connect(0);
user_query("update $opt_database.test set b=b+1 where a > 0",1);
user_query("update $opt_database.test set b=b+1",1);
# Add one privilege at a time until the user has all privileges # Add one privilege at a time until the user has all privileges
user_query("select * from test",1); user_query("select * from test",1);
......
...@@ -200,8 +200,23 @@ Error in execute: SELECT command denied to user: 'grant_user@localhost' for colu ...@@ -200,8 +200,23 @@ Error in execute: SELECT command denied to user: 'grant_user@localhost' for colu
grant SELECT on *.* to grant_user@localhost grant SELECT on *.* to grant_user@localhost
Connecting grant_user Connecting grant_user
update grant_test.test set b=b+1 update grant_test.test set b=b+1
update grant_test.test set b=b+1 where a > 0
revoke SELECT on *.* from grant_user@localhost revoke SELECT on *.* from grant_user@localhost
grant SELECT on grant_test.* to grant_user@localhost
Connecting grant_user Connecting grant_user
update grant_test.test set b=b+1
update grant_test.test set b=b+1 where a > 0
grant UPDATE on *.* to grant_user@localhost
Connecting grant_user
update grant_test.test set b=b+1
update grant_test.test set b=b+1 where a > 0
revoke UPDATE on *.* from grant_user@localhost
revoke SELECT on grant_test.* from grant_user@localhost
Connecting grant_user
update grant_test.test set b=b+1 where a > 0
Error in execute: select command denied to user: 'grant_user@localhost' for column 'a' in table 'test'
update grant_test.test set b=b+1
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
select * from test select * from test
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test' Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
grant select on grant_test.test to grant_user@localhost grant select on grant_test.test to grant_user@localhost
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment