Bug #34053: normal users can enable innodb_monitor logging

The check_global_access() function was made available to InnoDB, but was not defined in the embedded server library. InnoDB, as a plugin, is not recompiled when the embedded server is built. This caused a link failure when compiling applications which use the embedded server. The fix here is to always define check_global_access() externally; in the embedded server case, it is defined to just return OK. Also, don't run the test case for this bug in embedded server. mysql-test/t/innodb_bug34053.test: Disable this test on embedded server - it tests privilege checks which are not in place there. sql/mysql_priv.h: Since check_global_access() may be used from some storage engine plugins (InnoDB, currently), and the plugins are not recompiled for the embedded server, it must be defined externally even for NO_EMBEDDED_ACCESS_CHECKS. sql/sql_parse.cc: Since check_global_access() may be used from some storage engine plugins (InnoDB, currently), and the plugins are not recompiled for the embedded server, it must be defined externally even for NO_EMBEDDED_ACCESS_CHECKS.

Bug #34053: normal users can enable innodb_monitor logging
The check_global_access() function was made available to InnoDB, but was not defined in the embedded server library. InnoDB, as a plugin, is not recompiled when the embedded server is built. This caused a link failure when compiling applications which use the embedded server. The fix here is to always define check_global_access() externally; in the embedded server case, it is defined to just return OK. Also, don't run the test case for this bug in embedded server. mysql-test/t/innodb_bug34053.test: Disable this test on embedded server - it tests privilege checks which are not in place there. sql/mysql_priv.h: Since check_global_access() may be used from some storage engine plugins (InnoDB, currently), and the plugins are not recompiled for the embedded server, it must be defined externally even for NO_EMBEDDED_ACCESS_CHECKS. sql/sql_parse.cc: Since check_global_access() may be used from some storage engine plugins (InnoDB, currently), and the plugins are not recompiled for the embedded server, it must be defined externally even for NO_EMBEDDED_ACCESS_CHECKS.
ea109791 · unknown · efce7728 · ea109791 · ea109791 · ea109791
Commit ea109791 authored Feb 22, 2008 by unknown
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 34 deletions

mysql-test/t/innodb_bug34053.test mysql-test/t/innodb_bug34053.test +1 -0

sql/mysql_priv.h sql/mysql_priv.h +0 -5

sql/sql_parse.cc sql/sql_parse.cc +33 -29

No files found.
--- a/mysql-test/t/innodb_bug34053.test
+++ b/mysql-test/t/innodb_bug34053.test
@@ -2,6 +2,7 @@
 # Make sure http://bugs.mysql.com/34053 remains fixed.
 #

+-- source include/not_embedded.inc
 -- source include/have_innodb.inc

 SET storage_engine=InnoDB;

--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -1051,12 +1051,7 @@ inline bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,

 #endif /* MYSQL_SERVER */
 #if defined MYSQL_SERVER || defined INNODB_COMPATIBILITY_HOOKS
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
 bool check_global_access(THD *thd, ulong want_access);
-#else
-inline bool check_global_access(THD *thd, ulong want_access)
-{ return false; }
-#endif /*NO_EMBEDDED_ACCESS_CHECKS*/
 #endif /* MYSQL_SERVER || INNODB_COMPATIBILITY_HOOKS */
 #ifdef MYSQL_SERVER


--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -4989,35 +4989,6 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
 }


-/**
-  check for global access and give descriptive error message if it fails.
-
-  @param thd			Thread handler
-  @param want_access		Use should have any of these global rights
-
-  @warning
-    One gets access right if one has ANY of the rights in want_access.
-    This is useful as one in most cases only need one global right,
-    but in some case we want to check if the user has SUPER or
-    REPL_CLIENT_ACL rights.
-
-  @retval
-    0	ok
-  @retval
-    1	Access denied.  In this case an error is sent to the client
-*/
-
-bool check_global_access(THD *thd, ulong want_access)
-{
-  char command[128];
-  if ((thd->security_ctx->master_access & want_access))
-    return 0;
-  get_privilege_desc(command, sizeof(command), want_access);
-  my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), command);
-  return 1;
-}
-
-
 static bool check_show_access(THD *thd, TABLE_LIST *table)
 {
  switch (get_schema_table_idx(table->schema_table)) {
@@ -5260,6 +5231,39 @@ bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table)

 #endif /*NO_EMBEDDED_ACCESS_CHECKS*/

+
+/**
+  check for global access and give descriptive error message if it fails.
+
+  @param thd			Thread handler
+  @param want_access		Use should have any of these global rights
+
+  @warning
+    One gets access right if one has ANY of the rights in want_access.
+    This is useful as one in most cases only need one global right,
+    but in some case we want to check if the user has SUPER or
+    REPL_CLIENT_ACL rights.
+
+  @retval
+    0	ok
+  @retval
+    1	Access denied.  In this case an error is sent to the client
+*/
+
+bool check_global_access(THD *thd, ulong want_access)
+{
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+  char command[128];
+  if ((thd->security_ctx->master_access & want_access))
+    return 0;
+  get_privilege_desc(command, sizeof(command), want_access);
+  my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), command);
+  return 1;
+#else
+  return 0;
+#endif
+}
+
 /****************************************************************************
 	Check stack size; Send error if there isn't enough stack to continue
 ****************************************************************************/