Commit e628ba73 authored by unknown's avatar unknown

Merge a88-113-38-195.elisa-laajakaista.fi:/home/my/new/mysql-5.0-marvel

into  a88-113-38-195.elisa-laajakaista.fi:/home/my/new/mysql-5.1-marvel


client/mysql.cc:
  Auto merged
client/mysql_upgrade.c:
  Auto merged
client/mysqlbinlog.cc:
  Auto merged
client/mysqldump.c:
  Auto merged
mysql-test/r/sp.result:
  Auto merged
mysql-test/t/grant.test:
  Auto merged
mysql-test/t/sp.test:
  Auto merged
mysys/my_malloc.c:
  Auto merged
mysys/my_static.c:
  Auto merged
mysys/safemalloc.c:
  Auto merged
sql/ha_ndbcluster.cc:
  Auto merged
sql/handler.cc:
  Auto merged
sql/item.cc:
  Auto merged
sql/item_cmpfunc.cc:
  Auto merged
sql/item_func.h:
  Auto merged
sql/log.cc:
  Auto merged
sql/log_event.cc:
  Auto merged
sql/mysql_priv.h:
  Auto merged
sql/mysqld.cc:
  Auto merged
sql/opt_range.cc:
  Auto merged
sql/sp.cc:
  Auto merged
sql/sp_head.cc:
  Auto merged
sql/sql_base.cc:
  Auto merged
sql/sql_class.cc:
  Auto merged
sql/sql_class.h:
  Auto merged
sql/sql_delete.cc:
  Auto merged
sql/sql_insert.cc:
  Auto merged
sql/sql_load.cc:
  Auto merged
sql/sql_select.cc:
  Auto merged
sql/sql_show.cc:
  Auto merged
sql/sql_table.cc:
  Auto merged
sql-common/client.c:
  Auto merged
sql-common/my_time.c:
  Auto merged
sql/sql_update.cc:
  Auto merged
sql/table.cc:
  Auto merged
storage/archive/ha_archive.cc:
  Auto merged
storage/heap/hp_write.c:
  Auto merged
storage/innobase/handler/ha_innodb.cc:
  Auto merged
storage/ndb/src/mgmclient/CommandInterpreter.cpp:
  Auto merged
mysql-test/r/grant.result:
  Merged from 5.0
sql/sql_db.cc:
  Merged from 5.0
sql/sql_parse.cc:
  Merged from 5.0
parents 830803a2 f036fbcd
......@@ -1099,7 +1099,7 @@ static int dump_remote_log_entries(PRINT_EVENT_INFO *print_event_info,
uint logname_len;
NET* net;
int error= 0;
my_off_t old_off= min(start_position_mot, BIN_LOG_HEADER_SIZE);
my_off_t old_off= start_position_mot;
char fname[FN_REFLEN+1];
DBUG_ENTER("dump_remote_log_entries");
......@@ -1217,6 +1217,18 @@ could be out of memory");
len= 1; // fake Rotate, so don't increment old_off
}
}
else if (type == FORMAT_DESCRIPTION_EVENT)
{
/*
This could be an fake Format_description_log_event that server
(5.0+) automatically sends to a slave on connect, before sending
a first event at the requested position. If this is the case,
don't increment old_off. Real Format_description_log_event always
starts from BIN_LOG_HEADER_SIZE position.
*/
if (old_off != BIN_LOG_HEADER_SIZE)
len= 1; // fake event, don't increment old_off
}
if ((error= process_event(print_event_info, ev, old_off)))
{
error= ((error < 0) ? 0 : 1);
......@@ -1253,14 +1265,7 @@ could be out of memory");
/*
Let's adjust offset for remote log as for local log to produce
similar text and to have --stop-position to work identically.
Exception - the server sends Format_description_log_event
in the beginning of the dump, and only after it the event from
start_position. Let the old_off reflect it.
*/
if (old_off < start_position_mot)
old_off= start_position_mot;
else
old_off+= len-1;
}
......
......@@ -1116,3 +1116,78 @@ drop user юзер_юзер@localhost;
grant select on test.* to очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_длинный_юзер' is too long for user name (should be no longer than 16)
set names default;
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost;
GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost;
CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER
SELECT 1;
---> connection: bug27337_con1
CREATE TABLE t1(c INT);
ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
CALL mysqltest1.p1();
1
1
CREATE TABLE t1(c INT);
ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
---> connection: bug27337_con2
CREATE TABLE t1(c INT);
ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
SHOW TABLES;
Tables_in_mysqltest2
---> connection: default
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_1@localhost;
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
CREATE TABLE mysqltest1.t1(c INT);
CREATE TABLE mysqltest2.t2(c INT);
GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost;
GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost;
---> connection: bug27337_con1
SHOW TABLES FROM mysqltest1;
Tables_in_mysqltest1
t1
PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1';
EXECUTE stmt1;
Tables_in_mysqltest1
t1
---> connection: bug27337_con2
SHOW COLUMNS FROM mysqltest2.t2;
Field Type Null Key Default Extra
c int(11) YES NULL
PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2';
EXECUTE stmt2;
Field Type Null Key Default Extra
c int(11) YES NULL
---> connection: default
REVOKE SELECT ON mysqltest1.t1 FROM mysqltest_1@localhost;
REVOKE SELECT ON mysqltest2.t2 FROM mysqltest_2@localhost;
---> connection: bug27337_con1
SHOW TABLES FROM mysqltest1;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest1'
EXECUTE stmt1;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest1'
---> connection: bug27337_con2
SHOW COLUMNS FROM mysqltest2.t2;
ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 't2'
EXECUTE stmt2;
ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 't2'
---> connection: default
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_1@localhost;
......@@ -1068,6 +1068,150 @@ DROP DATABASE mysqltest4;
DROP USER mysqltest_1@localhost;
#
# BUG#27337: Privileges are not restored properly.
#
# Actually, the patch for this bugs fixes two problems. So, here are two test
# cases.
# Test case 1: privileges are not restored properly after calling a stored
# routine defined with SQL SECURITY INVOKER clause.
# Prepare.
--disable_warnings
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
--enable_warnings
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost;
GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost;
CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER
SELECT 1;
# Test.
--connect (bug27337_con1,localhost,mysqltest_1,,mysqltest2)
--echo
--echo ---> connection: bug27337_con1
--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE t1(c INT);
CALL mysqltest1.p1();
--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE t1(c INT);
--disconnect bug27337_con1
--connect (bug27337_con2,localhost,mysqltest_1,,mysqltest2)
--echo
--echo ---> connection: bug27337_con2
--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE t1(c INT);
SHOW TABLES;
# Cleanup.
--connection default
--echo
--echo ---> connection: default
--disconnect bug27337_con2
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_1@localhost;
# Test case 2: priveleges are not checked properly for prepared statements.
# Prepare.
--disable_warnings
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
--enable_warnings
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
CREATE TABLE mysqltest1.t1(c INT);
CREATE TABLE mysqltest2.t2(c INT);
GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost;
GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost;
# Test.
--connect (bug27337_con1,localhost,mysqltest_1,,mysqltest1)
--echo
--echo ---> connection: bug27337_con1
SHOW TABLES FROM mysqltest1;
PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1';
EXECUTE stmt1;
--connect (bug27337_con2,localhost,mysqltest_2,,mysqltest2)
--echo
--echo ---> connection: bug27337_con2
SHOW COLUMNS FROM mysqltest2.t2;
PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2';
EXECUTE stmt2;
--connection default
--echo
--echo ---> connection: default
REVOKE SELECT ON mysqltest1.t1 FROM mysqltest_1@localhost;
REVOKE SELECT ON mysqltest2.t2 FROM mysqltest_2@localhost;
--connection bug27337_con1
--echo
--echo ---> connection: bug27337_con1
--error ER_DBACCESS_DENIED_ERROR
SHOW TABLES FROM mysqltest1;
--error ER_DBACCESS_DENIED_ERROR
EXECUTE stmt1;
--connection bug27337_con2
--echo
--echo ---> connection: bug27337_con2
--error ER_TABLEACCESS_DENIED_ERROR
SHOW COLUMNS FROM mysqltest2.t2;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt2;
# Cleanup.
--connection default
--echo
--echo ---> connection: default
--disconnect bug27337_con2
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_1@localhost;
--echo End of 5.0 tests
#
......
......@@ -1134,6 +1134,8 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
bool get_schema_tables_result(JOIN *join,
enum enum_schema_table_state executed_place);
enum enum_schema_tables get_schema_table_idx(ST_SCHEMA_TABLE *schema_table);
#define is_schema_db(X) \
!my_strcasecmp(system_charset_info, INFORMATION_SCHEMA_NAME.str, (X))
......
......@@ -1437,15 +1437,14 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
DBUG_PRINT("info",("Use database: %s", new_db_file_name.str));
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!force_switch) /* FIXME: this is BUG#27337. */
{
db_access= (test_all_bits(sctx->master_access, DB_ACLS) ?
db_access=
test_all_bits(sctx->master_access, DB_ACLS) ?
DB_ACLS :
acl_get(sctx->host,
sctx->ip,
sctx->priv_user,
new_db_file_name.str,
FALSE) | sctx->master_access);
FALSE) | sctx->master_access;
if (!force_switch &&
!(db_access & DB_ACLS) &&
......@@ -1456,12 +1455,10 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch)
sctx->priv_host,
new_db_file_name.str);
general_log_print(thd, COM_INIT_DB, ER(ER_DBACCESS_DENIED_ERROR),
sctx->priv_user, sctx->priv_host,
new_db_file_name.str);
sctx->priv_user, sctx->priv_host, new_db_file_name.str);
my_free(new_db_file_name.str, MYF(0));
DBUG_RETURN(TRUE);
}
}
#endif
if (check_db_dir_existence(new_db_file_name.str))
......
......@@ -1359,7 +1359,8 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident,
enum enum_schema_tables schema_table_idx)
{
DBUG_ENTER("prepare_schema_table");
SELECT_LEX *sel= 0;
SELECT_LEX *schema_select_lex= NULL;
switch (schema_table_idx) {
case SCH_SCHEMATA:
#if defined(DONT_ALLOW_SHOW_COMMANDS)
......@@ -1367,11 +1368,9 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident,
ER(ER_NOT_ALLOWED_COMMAND), MYF(0)); /* purecov: inspected */
DBUG_RETURN(1);
#else
if ((specialflag & SPECIAL_SKIP_SHOW_DB) &&
check_global_access(thd, SHOW_DB_ACL))
DBUG_RETURN(1);
break;
#endif
case SCH_TABLE_NAMES:
case SCH_TABLES:
case SCH_VIEWS:
......@@ -1390,23 +1389,15 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident,
{
DBUG_RETURN(1);
}
db.str= lex->select_lex.db;
schema_select_lex= new SELECT_LEX();
db.str= schema_select_lex->db= lex->select_lex.db;
schema_select_lex->table_list.first= NULL;
db.length= strlen(db.str);
if (check_db_name(&db))
{
my_error(ER_WRONG_DB_NAME, MYF(0), db.str);
DBUG_RETURN(1);
}
if (check_access(thd, SELECT_ACL, db.str, &thd->col_access, 0, 0,
is_schema_db(db.str)))
DBUG_RETURN(1); /* purecov: inspected */
if (!thd->col_access && check_grant_db(thd, db.str))
{
my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
thd->security_ctx->priv_user, thd->security_ctx->priv_host,
db.str);
DBUG_RETURN(1);
}
break;
}
#endif
......@@ -4698,6 +4689,83 @@ bool check_global_access(THD *thd, ulong want_access)
}
static bool check_show_access(THD *thd, TABLE_LIST *table)
{
switch (get_schema_table_idx(table->schema_table))
{
case SCH_SCHEMATA:
return (specialflag & SPECIAL_SKIP_SHOW_DB) &&
check_global_access(thd, SHOW_DB_ACL);
case SCH_TABLE_NAMES:
case SCH_TABLES:
case SCH_VIEWS:
case SCH_TRIGGERS:
{
const char *dst_db_name= table->schema_select_lex->db;
DBUG_ASSERT(dst_db_name);
if (check_access(thd, SELECT_ACL, dst_db_name,
&thd->col_access, FALSE, FALSE,
is_schema_db(dst_db_name)))
{
return TRUE;
}
if (!thd->col_access && check_grant_db(thd, dst_db_name))
{
my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
thd->security_ctx->priv_user,
thd->security_ctx->priv_host,
dst_db_name);
return TRUE;
}
return FALSE;
}
case SCH_COLUMNS:
case SCH_STATISTICS:
{
TABLE_LIST *dst_table=
(TABLE_LIST *) table->schema_select_lex->table_list.first;
DBUG_ASSERT(dst_table);
if (check_access(thd, SELECT_ACL | EXTRA_ACL,
dst_table->db,
&dst_table->grant.privilege,
FALSE, FALSE,
test(dst_table->schema_table)))
{
return FALSE;
}
return grant_option &&
check_grant(thd, SELECT_ACL, dst_table, 2, UINT_MAX, FALSE);
}
case SCH_OPEN_TABLES:
case SCH_VARIABLES:
case SCH_STATUS:
case SCH_PROCEDURES:
case SCH_CHARSETS:
case SCH_COLLATIONS:
case SCH_COLLATION_CHARACTER_SET_APPLICABILITY:
case SCH_USER_PRIVILEGES:
case SCH_SCHEMA_PRIVILEGES:
case SCH_TABLE_PRIVILEGES:
case SCH_COLUMN_PRIVILEGES:
case SCH_TABLE_CONSTRAINTS:
case SCH_KEY_COLUMN_USAGE:
break;
}
return FALSE;
}
/*
Check the privilege for all used tables.
......
......@@ -2564,7 +2564,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond)
*/
thd->reset_n_backup_open_tables_state(&open_tables_state_backup);
if (lsel)
if (lsel && lsel->table_list.first)
{
TABLE_LIST *show_table_list= (TABLE_LIST*) lsel->table_list.first;
bool res;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment