Bug #41354: Access control is bypassed when all columns

of a view are selected by * wildcard Backported a part of the fix for 36086 to 5.0 mysql-test/r/view_grant.result: Bug #41354: test case mysql-test/t/view_grant.test: Bug #41354: test case sql/sql_acl.cc: Bug #41354: return table error when no access and * sql/sql_base.cc: Bug #41354: backported the check in bug 36086 to 5.0

Bug #41354: Access control is bypassed when all columns
of a view are selected by * wildcard Backported a part of the fix for 36086 to 5.0 mysql-test/r/view_grant.result: Bug #41354: test case mysql-test/t/view_grant.test: Bug #41354: test case sql/sql_acl.cc: Bug #41354: return table error when no access and * sql/sql_base.cc: Bug #41354: backported the check in bug 36086 to 5.0
6f026345 · Georgi Kodinov · ec191ce2 · 6f026345 · 6f026345 · 6f026345
Commit 6f026345 authored Feb 26, 2009 by Georgi Kodinov
Showing with 89 additions and 7 deletions

mysql-test/r/view_grant.result mysql-test/r/view_grant.result +26 -0

mysql-test/t/view_grant.test mysql-test/t/view_grant.test +40 -0

sql/sql_acl.cc sql/sql_acl.cc +22 -6

sql/sql_base.cc sql/sql_base.cc +1 -1

No files found.
--- a/mysql-test/r/view_grant.result
+++ b/mysql-test/r/view_grant.result
@@ -919,4 +919,30 @@ c4
 DROP DATABASE mysqltest1;
 DROP DATABASE mysqltest2;
 DROP USER mysqltest_u1@localhost;
+CREATE DATABASE db1;
+USE db1;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE VIEW v1 AS SELECT f1, f2 FROM t1;
+GRANT SELECT (f1) ON t1 TO foo;
+GRANT SELECT (f1) ON v1 TO foo;
+USE db1;
+SELECT f1 FROM t1;
+f1
+SELECT f2 FROM t1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'f2' in table 't1'
+SELECT * FROM t1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1'
+SELECT f1 FROM v1;
+f1
+SELECT f2 FROM v1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'f2' in table 'v1'
+SELECT * FROM v1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 'v1'
+USE test;
+REVOKE SELECT (f1) ON db1.t1 FROM foo;
+REVOKE SELECT (f1) ON db1.v1 FROM foo;
+DROP USER foo;
+DROP VIEW db1.v1;
+DROP TABLE db1.t1;
+DROP DATABASE db1;
 End of 5.0 tests.
--- a/mysql-test/t/view_grant.test
+++ b/mysql-test/t/view_grant.test
@@ -1185,4 +1185,44 @@ DROP DATABASE mysqltest1;
 DROP DATABASE mysqltest2;
 DROP USER mysqltest_u1@localhost;

+
+#
+# Bug #41354: Access control is bypassed when all columns of a view are 
+# selected by * wildcard
+
+CREATE DATABASE db1;
+USE db1;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE VIEW v1 AS SELECT f1, f2 FROM t1;
+
+GRANT SELECT (f1) ON t1 TO foo;
+GRANT SELECT (f1) ON v1 TO foo;
+
+connect (addconfoo, localhost, foo,,);
+connection addconfoo;
+USE db1;
+
+
+SELECT f1 FROM t1;
+--error ER_COLUMNACCESS_DENIED_ERROR
+SELECT f2 FROM t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM t1;
+
+SELECT f1 FROM v1;
+--error ER_COLUMNACCESS_DENIED_ERROR
+SELECT f2 FROM v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM v1;
+
+connection default;
+USE test;
+disconnect addconfoo;
+REVOKE SELECT (f1) ON db1.t1 FROM foo;
+REVOKE SELECT (f1) ON db1.v1 FROM foo;
+DROP USER foo;
+DROP VIEW db1.v1;
+DROP TABLE db1.t1;
+DROP DATABASE db1;
+
 --echo End of 5.0 tests.
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -3866,6 +3866,11 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
  Security_context *sctx= thd->security_ctx;
  ulong want_access= want_access_arg;
  const char *table_name= NULL;
+  /*
+    Flag that gets set if privilege checking has to be performed on column
+    level.
+   */
+  bool using_column_privileges= FALSE;

  if (grant_option)
  {
@@ -3909,6 +3914,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
        GRANT_COLUMN *grant_column= 
          column_hash_search(grant_table, field_name,
                             (uint) strlen(field_name));
+        if (grant_column)
+          using_column_privileges= TRUE;
        if (!grant_column || (~grant_column->rights & want_access))
          goto err;
      }
@@ -3924,12 +3931,21 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,

  char command[128];
  get_privilege_desc(command, sizeof(command), want_access);
-  my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
-           command,
-           sctx->priv_user,
-           sctx->host_or_ip,
-           fields->name(),
-           table_name);
+  /*
+    Do not give an error message listing a column name unless the user has
+    privilege to see all columns.
+  */
+  if (using_column_privileges)
+    my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
+             command, sctx->priv_user,
+             sctx->host_or_ip, table_name); 
+  else
+    my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
+             command,
+             sctx->priv_user,
+             sctx->host_or_ip,
+             fields->name(),
+             table_name);
  return 1;
 }


--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -5479,7 +5479,7 @@ insert_fields(THD *thd, Name_resolution_context *context, const char *db_name,

 #ifndef NO_EMBEDDED_ACCESS_CHECKS
    /* Ensure that we have access rights to all fields to be inserted. */
-    if (!((table && (table->grant.privilege & SELECT_ACL) ||
+    if (!((table && !tables->view && (table->grant.privilege & SELECT_ACL) ||
           tables->view && (tables->grant.privilege & SELECT_ACL))) &&
        !any_privileges)
    {