MDEV-18328: Make DISKS plugin check some privilege to access information_schema.DISKS table

Check FILE privelege.

MDEV-18328: Make DISKS plugin check some privilege to access information_schema.DISKS table
Check FILE privelege.
d1fa6ba8 · Oleksandr Byelkin · 65e0c9b9 · d1fa6ba8 · d1fa6ba8 · d1fa6ba8
Commit d1fa6ba8 authored Jun 08, 2019 by Oleksandr Byelkin
3 changed files
--- a/plugin/disks/information_schema_disks.cc
+++ b/plugin/disks/information_schema_disks.cc
@@ -19,6 +19,7 @@
 #include <mntent.h>
 #include <sql_class.h>
 #include <table.h>
+#include <sql_acl.h>                            /* check_global_access() */

 bool schema_table_store_record(THD *thd, TABLE *table);

@@ -83,6 +84,9 @@ int disks_fill_table(THD* pThd, TABLE_LIST* pTables, Item* pCond)
    int rv = 1;
    TABLE* pTable = pTables->table;

+    if (check_global_access(pThd, FILE_ACL, true))
+      return 0;
+
    FILE* pFile = setmntent("/etc/mtab", "r");

    if (pFile)
@@ -144,11 +148,11 @@ maria_declare_plugin(disks)
    PLUGIN_LICENSE_GPL,                /* license type */
    disks_table_init,                  /* init function */
    NULL,                              /* deinit function */
-    0x0100,                            /* version = 1.0 */
+    0x0101,                            /* version = 1.1 */
    NULL,                              /* no status variables */
    NULL,                              /* no system variables */
-    "1.0",                             /* String version representation */
-    MariaDB_PLUGIN_MATURITY_BETA       /* Maturity (see include/mysql/plugin.h)*/
+    "1.1",                             /* String version representation */
+    MariaDB_PLUGIN_MATURITY_STABLE     /* Maturity (see include/mysql/plugin.h)*/
 }
 mysql_declare_plugin_end;


--- a/plugin/disks/mysql-test/disks/disks_notembedded.result
+++ b/plugin/disks/mysql-test/disks/disks_notembedded.result
+#
+# MDEV-18328: Make DISKS plugin check some privilege to access
+# information_schema.DISKS table
+#
+CREATE USER user1@localhost;
+GRANT SELECT ON *.* TO user1@localhost;
+select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+sum(Total) > sum(Available)	sum(Total)>sum(Used)
+NULL	NULL
+GRANT FILE ON *.* TO user1@localhost;
+select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+sum(Total) > sum(Available)	sum(Total)>sum(Used)
+1	1
+DROP USER user1@localhost;
+# End of 10.1 tests
--- a/plugin/disks/mysql-test/disks/disks_notembedded.test
+++ b/plugin/disks/mysql-test/disks/disks_notembedded.test
+source include/not_embedded.inc;
+
+--echo #
+--echo # MDEV-18328: Make DISKS plugin check some privilege to access
+--echo # information_schema.DISKS table
+--echo #
+
+CREATE USER user1@localhost;
+GRANT SELECT ON *.* TO user1@localhost;
+
+connect (con1,localhost,user1,,);
+connection con1;
+select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+disconnect con1;
+
+connection default;
+GRANT FILE ON *.* TO user1@localhost;
+
+connect (con1,localhost,user1,,);
+connection con1;
+select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+connection default;
+DROP USER user1@localhost;
+
+--echo # End of 10.1 tests