Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
a10ce662
Commit
a10ce662
authored
Oct 20, 2004
by
dlenev@mysql.com
Browse files
Options
Browse Files
Download
Plain Diff
Merge bk-internal.mysql.com:/home/bk/mysql-4.1
into mysql.com:/home/dlenev/src/mysql-4.1-secfix
parents
0130f466
75d81662
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
85 additions
and
18 deletions
+85
-18
mysql-test/r/grant2.result
mysql-test/r/grant2.result
+27
-0
mysql-test/t/grant2.test
mysql-test/t/grant2.test
+41
-3
sql/mysql_priv.h
sql/mysql_priv.h
+1
-1
sql/sql_parse.cc
sql/sql_parse.cc
+6
-6
sql/sql_prepare.cc
sql/sql_prepare.cc
+2
-4
sql/sql_yacc.yy
sql/sql_yacc.yy
+8
-4
No files found.
mysql-test/r/grant2.result
View file @
a10ce662
SET NAMES binary;
SET NAMES binary;
drop database if exists mysqltest;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.tables_priv where user like 'mysqltest\_%';
delete from mysql.columns_priv where user like 'mysqltest\_%';
flush privileges;
flush privileges;
grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
select current_user();
select current_user();
...
@@ -25,3 +28,27 @@ ERROR 42000: There is no such grant defined for user 'mysqltest_3' on host 'loca
...
@@ -25,3 +28,27 @@ ERROR 42000: There is no such grant defined for user 'mysqltest_3' on host 'loca
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
flush privileges;
flush privileges;
create database mysqltest;
grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost;
flush privileges;
use mysqltest;
create table t1 (id int primary key, data varchar(255));
show grants for current_user();
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT SELECT, INSERT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
use mysqltest;
insert into t1 values (1, 'I can''t change it!');
update t1 set data='I can change it!' where id = 1;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest'
insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest'
select * from t1;
id data
1 I can't change it!
drop table t1;
drop database mysqltest;
use test;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
flush privileges;
mysql-test/t/grant2.test
View file @
a10ce662
...
@@ -6,13 +6,21 @@ SET NAMES binary;
...
@@ -6,13 +6,21 @@ SET NAMES binary;
#
#
# prepare playground before tests
--
disable_warnings
drop
database
if
exists
mysqltest
;
--
enable_warnings
delete
from
mysql
.
user
where
user
like
'mysqltest\_%'
;
delete
from
mysql
.
db
where
user
like
'mysqltest\_%'
;
delete
from
mysql
.
tables_priv
where
user
like
'mysqltest\_%'
;
delete
from
mysql
.
columns_priv
where
user
like
'mysqltest\_%'
;
flush
privileges
;
#
#
# wild_compare fun
# wild_compare fun
#
#
delete
from
mysql
.
user
where
user
like
'mysqltest\_%'
;
delete
from
mysql
.
db
where
user
like
'mysqltest\_%'
;
flush
privileges
;
grant
all
privileges
on
`my\_%`
.*
to
mysqltest_1
@
localhost
with
grant
option
;
grant
all
privileges
on
`my\_%`
.*
to
mysqltest_1
@
localhost
with
grant
option
;
connect
(
user1
,
localhost
,
mysqltest_1
,,);
connect
(
user1
,
localhost
,
mysqltest_1
,,);
connection
user1
;
connection
user1
;
...
@@ -31,3 +39,33 @@ delete from mysql.user where user like 'mysqltest\_%';
...
@@ -31,3 +39,33 @@ delete from mysql.user where user like 'mysqltest\_%';
delete
from
mysql
.
db
where
user
like
'mysqltest\_%'
;
delete
from
mysql
.
db
where
user
like
'mysqltest\_%'
;
flush
privileges
;
flush
privileges
;
#
# Bug #6173: One can circumvent missing UPDATE privilege if he has SELECT
# and INSERT privilege for table with primary key
#
create
database
mysqltest
;
grant
INSERT
,
SELECT
on
mysqltest
.*
to
mysqltest_1
@
localhost
;
flush
privileges
;
use
mysqltest
;
create
table
t1
(
id
int
primary
key
,
data
varchar
(
255
));
connect
(
mrbad
,
localhost
,
mysqltest_1
,,);
connection
mrbad
;
show
grants
for
current_user
();
use
mysqltest
;
insert
into
t1
values
(
1
,
'I can''t change it!'
);
--
error
1044
update
t1
set
data
=
'I can change it!'
where
id
=
1
;
# This should not be allowed since it too require UPDATE privilege.
--
error
1044
insert
into
t1
values
(
1
,
'XXX'
)
on
duplicate
key
update
data
=
'I can change it!'
;
select
*
from
t1
;
connection
default
;
drop
table
t1
;
drop
database
mysqltest
;
use
test
;
delete
from
mysql
.
user
where
user
like
'mysqltest\_%'
;
delete
from
mysql
.
db
where
user
like
'mysqltest\_%'
;
flush
privileges
;
sql/mysql_priv.h
View file @
a10ce662
...
@@ -374,7 +374,7 @@ int multi_delete_precheck(THD *thd, TABLE_LIST *tables, uint *table_count);
...
@@ -374,7 +374,7 @@ int multi_delete_precheck(THD *thd, TABLE_LIST *tables, uint *table_count);
int
insert_select_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
);
int
insert_select_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
);
int
update_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
);
int
update_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
);
int
delete_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
);
int
delete_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
);
int
insert_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
,
bool
update
);
int
insert_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
);
int
create_table_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
,
int
create_table_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
,
TABLE_LIST
*
create_table
);
TABLE_LIST
*
create_table
);
Item
*
negate_expression
(
THD
*
thd
,
Item
*
expr
);
Item
*
negate_expression
(
THD
*
thd
,
Item
*
expr
);
...
...
sql/sql_parse.cc
View file @
a10ce662
...
@@ -2682,12 +2682,11 @@ mysql_execute_command(THD *thd)
...
@@ -2682,12 +2682,11 @@ mysql_execute_command(THD *thd)
case
SQLCOM_REPLACE
:
case
SQLCOM_REPLACE
:
case
SQLCOM_INSERT
:
case
SQLCOM_INSERT
:
{
{
my_bool
update
=
(
lex
->
value_list
.
elements
?
UPDATE_ACL
:
0
);
if
((
res
=
insert_precheck
(
thd
,
tables
)))
if
((
res
=
insert_precheck
(
thd
,
tables
,
update
)))
break
;
break
;
res
=
mysql_insert
(
thd
,
tables
,
lex
->
field_list
,
lex
->
many_values
,
res
=
mysql_insert
(
thd
,
tables
,
lex
->
field_list
,
lex
->
many_values
,
select_lex
->
item_list
,
lex
->
value_list
,
select_lex
->
item_list
,
lex
->
value_list
,
(
update
?
DUP_UPDATE
:
lex
->
duplicates
)
);
lex
->
duplicates
);
if
(
thd
->
net
.
report_error
)
if
(
thd
->
net
.
report_error
)
res
=
-
1
;
res
=
-
1
;
break
;
break
;
...
@@ -5366,13 +5365,14 @@ int delete_precheck(THD *thd, TABLE_LIST *tables)
...
@@ -5366,13 +5365,14 @@ int delete_precheck(THD *thd, TABLE_LIST *tables)
-1 error (message is not sent to user)
-1 error (message is not sent to user)
*/
*/
int
insert_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
,
bool
update
)
int
insert_precheck
(
THD
*
thd
,
TABLE_LIST
*
tables
)
{
{
LEX
*
lex
=
thd
->
lex
;
LEX
*
lex
=
thd
->
lex
;
DBUG_ENTER
(
"insert_precheck"
);
DBUG_ENTER
(
"insert_precheck"
);
ulong
privilege
=
(
lex
->
duplicates
==
DUP_REPLACE
?
ulong
privilege
=
INSERT_ACL
|
INSERT_ACL
|
DELETE_ACL
:
INSERT_ACL
|
update
);
(
lex
->
duplicates
==
DUP_REPLACE
?
DELETE_ACL
:
0
)
|
(
lex
->
duplicates
==
DUP_UPDATE
?
UPDATE_ACL
:
0
);
if
(
check_one_table_access
(
thd
,
privilege
,
tables
))
if
(
check_one_table_access
(
thd
,
privilege
,
tables
))
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
...
...
sql/sql_prepare.cc
View file @
a10ce662
...
@@ -895,10 +895,9 @@ static int mysql_test_insert(Prepared_statement *stmt,
...
@@ -895,10 +895,9 @@ static int mysql_test_insert(Prepared_statement *stmt,
int
res
=
-
1
;
int
res
=
-
1
;
TABLE_LIST
*
insert_table_list
=
TABLE_LIST
*
insert_table_list
=
(
TABLE_LIST
*
)
lex
->
select_lex
.
table_list
.
first
;
(
TABLE_LIST
*
)
lex
->
select_lex
.
table_list
.
first
;
my_bool
update
=
(
lex
->
value_list
.
elements
?
UPDATE_ACL
:
0
);
DBUG_ENTER
(
"mysql_test_insert"
);
DBUG_ENTER
(
"mysql_test_insert"
);
if
((
res
=
insert_precheck
(
thd
,
table_list
,
update
)))
if
((
res
=
insert_precheck
(
thd
,
table_list
)))
DBUG_RETURN
(
res
);
DBUG_RETURN
(
res
);
/*
/*
...
@@ -1388,8 +1387,7 @@ static int send_prepare_results(Prepared_statement *stmt, bool text_protocol)
...
@@ -1388,8 +1387,7 @@ static int send_prepare_results(Prepared_statement *stmt, bool text_protocol)
res
=
mysql_test_insert
(
stmt
,
tables
,
lex
->
field_list
,
res
=
mysql_test_insert
(
stmt
,
tables
,
lex
->
field_list
,
lex
->
many_values
,
lex
->
many_values
,
select_lex
->
item_list
,
lex
->
value_list
,
select_lex
->
item_list
,
lex
->
value_list
,
(
lex
->
value_list
.
elements
?
lex
->
duplicates
);
DUP_UPDATE
:
lex
->
duplicates
));
break
;
break
;
case
SQLCOM_UPDATE
:
case
SQLCOM_UPDATE
:
...
...
sql/sql_yacc.yy
View file @
a10ce662
...
@@ -4136,14 +4136,18 @@ expr_or_default:
...
@@ -4136,14 +4136,18 @@ expr_or_default:
opt_insert_update:
opt_insert_update:
/* empty */
/* empty */
| ON DUPLICATE_SYM
| ON DUPLICATE_SYM
{ /* for simplisity, let's forget about
{
INSERT ... SELECT ... UPDATE
LEX *lex= Lex;
for a moment */
/*
if (Lex->sql_command != SQLCOM_INSERT)
For simplicity, let's forget about INSERT ... SELECT ... UPDATE
for a moment.
*/
if (lex->sql_command != SQLCOM_INSERT)
{
{
yyerror(ER(ER_SYNTAX_ERROR));
yyerror(ER(ER_SYNTAX_ERROR));
YYABORT;
YYABORT;
}
}
lex->duplicates= DUP_UPDATE;
}
}
KEY_SYM UPDATE_SYM update_list
KEY_SYM UPDATE_SYM update_list
;
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment