Commit a34fc634 authored by unknown's avatar unknown

Fix for openssl on Solaris

Fix for grant bug with SELECT *


include/my_global.h:
  Fix for openssl on Solaris
sql/item_strfunc.cc:
  Fix for openssl on Solaris
sql/sql_acl.cc:
  Indentation cleanup
sql/sql_base.cc:
  Fix for grant bug with SELECT *
sql/sql_parse.cc:
  Added comment
tests/grant.pl:
  New grant test for SELECT *
tests/grant.res:
  new grant results
parent 31dc4b3c
......@@ -267,6 +267,10 @@ C_MODE_END
#include <asm/atomic.h>
#endif
#include <errno.h> /* Recommended by debian */
/* We need the following to go around a problem with openssl on solaris */
#if defined(HAVE_CRYPT)
#include <crypt.h>
#endif
/* Go around some bugs in different OS and compilers */
#if defined(_HPUX_SOURCE) && defined(HAVE_SYS_STREAM_H)
......
......@@ -27,9 +27,6 @@
#include "mysql_priv.h"
#include "sql_acl.h"
#include <m_ctype.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#endif /* HAVE_OPENSSL */
......
......@@ -1997,10 +1997,10 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
}
int mysql_table_grant (THD *thd, TABLE_LIST *table_list,
List <LEX_USER> &user_list,
List <LEX_COLUMN> &columns, ulong rights,
bool revoke_grant)
int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
List <LEX_USER> &user_list,
List <LEX_COLUMN> &columns, ulong rights,
bool revoke_grant)
{
ulong column_priv = 0;
List_iterator <LEX_USER> str_list (user_list);
......@@ -2374,7 +2374,7 @@ my_bool grant_init(THD *org_thd)
mem_check->ok() && hash_insert(&hash_tables,(byte*) mem_check))
{
/* This could only happen if we are out memory */
grant_option = FALSE; /* purecov: deadcode */
grant_option= FALSE; /* purecov: deadcode */
goto end_unlock;
}
}
......@@ -2404,7 +2404,8 @@ my_bool grant_init(THD *org_thd)
void grant_reload(THD *thd)
{
HASH old_hash_tables;bool old_grant_option;
HASH old_hash_tables;
bool old_grant_option;
MEM_ROOT old_mem;
DBUG_ENTER("grant_reload");
......@@ -2413,14 +2414,14 @@ void grant_reload(THD *thd)
pthread_mutex_lock(&LOCK_grant);
grant_version++;
old_hash_tables=hash_tables;
old_grant_option = grant_option;
old_grant_option= grant_option;
old_mem = memex;
if (grant_init(thd))
{ // Error. Revert to old hash
grant_free(); /* purecov: deadcode */
hash_tables=old_hash_tables; /* purecov: deadcode */
grant_option = old_grant_option; /* purecov: deadcode */
grant_option= old_grant_option; /* purecov: deadcode */
memex = old_mem; /* purecov: deadcode */
}
else
......
......@@ -1984,8 +1984,9 @@ insert_fields(THD *thd,TABLE_LIST *tables, const char *db_name,
(!db_name || !strcmp(tables->db,db_name))))
{
/* Ensure that we have access right to all columns */
if (grant_option && !thd->master_access &&
check_grant_all_columns(thd,SELECT_ACL,table) )
if (grant_option && !(table->grant.privilege &
table->grant.want_privilege) &&
check_grant_all_columns(thd,SELECT_ACL,table))
DBUG_RETURN(-1);
Field **ptr=table->field,*field;
thd->used_tables|=table->map;
......
......@@ -2519,12 +2519,20 @@ mysql_execute_command(void)
/****************************************************************************
Get the user (global) and database privileges for all used tables
Returns true (error) if we can't get the privileges and we don't use
table/column grants.
The idea of EXTRA_ACL is that one will be granted access to the table if
one has the asked privilege on any column combination of the table; For
example to be able to check a table one needs to have SELECT privilege on
any column of the table.
NOTES
The idea of EXTRA_ACL is that one will be granted access to the table if
one has the asked privilege on any column combination of the table; For
example to be able to check a table one needs to have SELECT privilege on
any column of the table.
RETURN
0 ok
1 If we can't get the privileges and we don't use table/column grants.
save_priv In this we store global and db level grants for the table
Note that we don't store db level grants if the global grants
is enough to satisfy the request.
****************************************************************************/
bool
......
......@@ -62,6 +62,12 @@ safe_query("create database $opt_database");
user_connect(1);
#goto test;
#
# Enable column grant code
#
safe_query("grant select(user) on mysql.user to $user");
safe_query("revoke select(user) on mysql.user from $user");
#
# Test grants on user level
#
......@@ -408,21 +414,29 @@ safe_query("grant ALL PRIVILEGES on $opt_database.test to $user identified by 'd
user_connect(0,"dummy");
safe_query("grant SELECT on $opt_database.* to $user identified by ''");
user_connect(0);
safe_query("revoke ALL PRIVILEGES on $opt_database.test from $user identified by ''");
safe_query("revoke ALL PRIVILEGES on $opt_database.test from $user identified by '', ${opt_user}\@127.0.0.1 identified by 'dummy2'");
safe_query("revoke ALL PRIVILEGES on $opt_database.* from $user identified by ''");
safe_query("show grants for $user");
#
# Test bug reported in SELECT INTO OUTFILE
#
safe_query("create table $opt_database.test3 (a int)");
safe_query("create table $opt_database.test3 (a int, b int)");
safe_query("grant SELECT on $opt_database.test3 to $user");
safe_query("grant FILE on *.* to $user");
safe_query("insert into $opt_database.test3 values (1)");
safe_query("insert into $opt_database.test3 values (1,1)");
user_connect(0);
user_query("select * into outfile '$tmp_table' from $opt_database.test3");
safe_query("revoke SELECT on $opt_database.test3 from $user");
safe_query("grant SELECT(a) on $opt_database.test3 to $user");
user_query("select a from $opt_database.test3");
user_query("select * from $opt_database.test3",1);
user_query("select a,b from $opt_database.test3",1);
user_query("select b from $opt_database.test3",1);
safe_query("revoke SELECT(a) on $opt_database.test3 from $user");
safe_query("revoke FILE on *.* from $user");
safe_query("drop table $opt_database.test3");
......
......@@ -10,6 +10,8 @@ Error in execute: Can't drop database 'grant_test'. Database doesn't exist
create database grant_test
Connecting grant_user
Error on connect: Access denied for user: '@localhost' to database 'grant_test'
grant select(user) on mysql.user to grant_user@localhost
revoke select(user) on mysql.user from grant_user@localhost
grant select on *.* to grant_user@localhost
set password FOR grant_user2@localhost = password('test')
Error in execute: Can't find any matching row in the user table
......@@ -106,21 +108,21 @@ select count(*) from grant_test.test
2
select * from mysql.user where user = 'grant_user'
Error in execute: select command denied to user: 'grant_user@localhost' for table 'user'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
insert into grant_test.test values (4,0)
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'test'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
update grant_test.test set a=1
Error in execute: update command denied to user: 'grant_user@localhost' for table 'test'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
delete from grant_test.test
Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
create table grant_test.test2 (a int)
Error in execute: create command denied to user: 'grant_user@localhost' for table 'test2'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
ALTER TABLE grant_test.test add c int
Error in execute: alter command denied to user: 'grant_user@localhost' for table 'test'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
CREATE INDEX dummy ON grant_test.test (a)
Error in execute: index command denied to user: 'grant_user@localhost' for table 'test'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
drop table grant_test.test
Error in execute: drop command denied to user: 'grant_user@localhost' for table 'test'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user2@localhost
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user@localhost WITH GRANT OPTION
......@@ -133,14 +135,14 @@ REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
REVOKE ALL PRIVILEGES on grant_test.* from grant_user@localhost
Connecting grant_user
insert into grant_test.test values (6,0)
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'test'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'grant_test'
REVOKE GRANT OPTION on grant_test.* from grant_user@localhost
Connecting grant_user
Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant ALL PRIVILEGES on grant_test.* to grant_user@localhost
Connecting grant_user
select * from mysql.user where user = 'grant_user'
Error in execute: select command denied to user: 'grant_user@localhost' for table 'user'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
insert into grant_test.test values (7,0)
update grant_test.test set a=3 where a=2
delete from grant_test.test where a=3
......@@ -152,7 +154,7 @@ show tables from grant_test
test
insert into mysql.user (host,user) values ('error','grant_user',0)
Error in execute: insert command denied to user: 'grant_user@localhost' for table 'user'
Error in execute: Access denied for user: 'grant_user@localhost' to database 'mysql'
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost
select * from mysql.user where user = 'grant_user'
localhost grant_user N N N N N N N N N N N N N N N N N N N N N 0 0 0
......@@ -200,7 +202,7 @@ Connecting grant_user
update grant_test.test set b=b+1
revoke SELECT on *.* from grant_user@localhost
Connecting grant_user
lect * from test
select * from test
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
grant select on grant_test.test to grant_user@localhost
delete from grant_test.test where a=1
......@@ -233,7 +235,7 @@ Error in execute: select command denied to user: 'grant_user@localhost' for tabl
select count(*) from test,test2
Error in execute: select command denied to user: 'grant_user@localhost' for table 'test2'
replace into test2 SELECT a from test
Error in execute: update command denied to user: 'grant_user@localhost' for table 'test2'
Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test2'
grant update on grant_test.test2 to grant_user@localhost
replace into test2 SELECT a,a from test
Error in execute: delete command denied to user: 'grant_user@localhost' for table 'test2'
......@@ -448,21 +450,34 @@ grant ALL PRIVILEGES on grant_test.test to grant_user@localhost identified by 'd
Connecting grant_user
grant SELECT on grant_test.* to grant_user@localhost identified by ''
Connecting grant_user
revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by ''
revoke ALL PRIVILEGES on grant_test.test from grant_user@localhost identified by '', grant_user@127.0.0.1 identified by 'dummy2'
revoke ALL PRIVILEGES on grant_test.* from grant_user@localhost identified by ''
show grants for grant_user@localhost
create table grant_test.test3 (a int)
GRANT USAGE ON *.* TO 'grant_user'@'localhost'
create table grant_test.test3 (a int, b int)
grant SELECT on grant_test.test3 to grant_user@localhost
grant FILE on *.* to grant_user@localhost
insert into grant_test.test3 values (1)
insert into grant_test.test3 values (1,1)
Connecting grant_user
select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
revoke SELECT on grant_test.test3 from grant_user@localhost
grant SELECT(a) on grant_test.test3 to grant_user@localhost
select a from grant_test.test3
1
select * from grant_test.test3
Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
select a,b from grant_test.test3
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
select b from grant_test.test3
Error in execute: SELECT command denied to user: 'grant_user@localhost' for column 'b' in table 'test3'
revoke SELECT(a) on grant_test.test3 from grant_user@localhost
revoke FILE on *.* from grant_user@localhost
drop table grant_test.test3
create table grant_test.test3 (a int)
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
grant INSERT on grant_test.test3 to grant_user@localhost
Connecting grant_user
select * into outfile '/tmp/mysql-grant.test' from grant_test.test3
......@@ -487,9 +502,11 @@ revoke SELECT,INSERT,UPDATE,DELETE on grant_test.test3 from grant_user@localhost
Connecting grant_user
revoke LOCK TABLES on *.* from grant_user@localhost
Connecting grant_user
Access denied for user: 'grant_user@localhost' to database 'grant_test'
Error on connect: Access denied for user: 'grant_user@localhost' to database 'grant_test'
drop table grant_test.test3
show grants for grant_user@localhost
GRANT USAGE ON *.* TO 'grant_user'@'localhost'
grant all on *.* to grant_user@localhost WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
show grants for grant_user@localhost
GRANT ALL PRIVILEGES ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
......@@ -501,6 +518,8 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, F
revoke ALL PRIVILEGES on *.* from grant_user@localhost
show grants for grant_user@localhost
GRANT USAGE ON *.* TO 'grant_user'@'localhost' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3
drop database grant_test
delete from user where user='grant_user'
delete from db where user='grant_user'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment