Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
4113dbc1
Commit
4113dbc1
authored
19 years ago
by
gluh@mysql.com
Browse files
Options
Browse Files
Download
Plain Diff
Merge sgluhov@bk-internal.mysql.com:/home/bk/mysql-5.0
into mysql.com:/home/gluh/MySQL/Bugs/5.0.cml
parents
0726bb62
5549bc33
Changes
11
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
174 additions
and
68 deletions
+174
-68
mysql-test/r/information_schema.result
mysql-test/r/information_schema.result
+23
-1
mysql-test/t/information_schema.test
mysql-test/t/information_schema.test
+37
-1
sql/mysql_priv.h
sql/mysql_priv.h
+3
-1
sql/repl_failsafe.cc
sql/repl_failsafe.cc
+1
-1
sql/sql_acl.cc
sql/sql_acl.cc
+5
-5
sql/sql_parse.cc
sql/sql_parse.cc
+93
-43
sql/sql_prepare.cc
sql/sql_prepare.cc
+1
-1
sql/sql_repl.cc
sql/sql_repl.cc
+2
-2
sql/sql_show.cc
sql/sql_show.cc
+4
-9
sql/sql_update.cc
sql/sql_update.cc
+2
-1
sql/sql_view.cc
sql/sql_view.cc
+3
-3
No files found.
mysql-test/r/information_schema.result
View file @
4113dbc1
...
...
@@ -594,7 +594,7 @@ TABLE_CONSTRAINTS
TABLE_PRIVILEGES
TRIGGERS
create database information_schema;
ERROR
HY000: Can't create database 'information_schema'; database exists
ERROR
42000: Access denied for user 'root'@'localhost' to database 'information_schema'
use information_schema;
show full tables like "T%";
Tables_in_information_schema (T%) Table_type
...
...
@@ -990,3 +990,25 @@ Field Type Null Key Default Extra
c int(11) YES NULL
drop view v1;
drop table t1;
alter database information_schema;
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
drop database information_schema;
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
drop table information_schema.tables;
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
alter table information_schema.tables;
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
use information_schema;
create temporary table schemata(f1 char(10));
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
CREATE PROCEDURE p1 ()
BEGIN
SELECT 'foo' FROM DUAL;
END |
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
select ROUTINE_NAME from routines;
ROUTINE_NAME
grant all on information_schema.* to 'user1'@'localhost';
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
grant select on information_schema.* to 'user1'@'localhost';
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'
This diff is collapsed.
Click to expand it.
mysql-test/t/information_schema.test
View file @
4113dbc1
...
...
@@ -338,7 +338,7 @@ from information_schema.tables
where
table_schema
=
'information_schema'
limit
2
;
show
tables
from
information_schema
like
"T%"
;
--
error
10
07
--
error
10
44
create
database
information_schema
;
use
information_schema
;
show
full
tables
like
"T%"
;
...
...
@@ -678,3 +678,39 @@ show fields from test.v1;
connection
default
;
drop
view
v1
;
drop
table
t1
;
#
# Bug #9846 Inappropriate error displayed while dropping table from 'INFORMATION_SCHEMA'
#
--
error
1044
alter
database
information_schema
;
--
error
1044
drop
database
information_schema
;
--
error
1044
drop
table
information_schema
.
tables
;
--
error
1044
alter
table
information_schema
.
tables
;
#
# Bug #9683 INFORMATION_SCH: Creation of temporary table allowed in Information_schema DB
#
use
information_schema
;
--
error
1044
create
temporary
table
schemata
(
f1
char
(
10
));
#
# Bug #10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
#
delimiter
|
;
--
error
1044
CREATE
PROCEDURE
p1
()
BEGIN
SELECT
'foo'
FROM
DUAL
;
END
|
delimiter
;
|
select
ROUTINE_NAME
from
routines
;
#
# Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema
#
--
error
1044
grant
all
on
information_schema
.*
to
'user1'
@
'localhost'
;
--
error
1044
grant
select
on
information_schema
.*
to
'user1'
@
'localhost'
;
This diff is collapsed.
Click to expand it.
sql/mysql_priv.h
View file @
4113dbc1
...
...
@@ -621,7 +621,7 @@ void close_connection(THD *thd, uint errcode, bool lock);
bool
reload_acl_and_cache
(
THD
*
thd
,
ulong
options
,
TABLE_LIST
*
tables
,
bool
*
write_to_binlog
);
bool
check_access
(
THD
*
thd
,
ulong
access
,
const
char
*
db
,
ulong
*
save_priv
,
bool
no_grant
,
bool
no_errors
);
bool
no_grant
,
bool
no_errors
,
bool
schema_db
);
bool
check_table_access
(
THD
*
thd
,
ulong
want_access
,
TABLE_LIST
*
tables
,
bool
no_errors
);
bool
check_global_access
(
THD
*
thd
,
ulong
want_access
);
...
...
@@ -848,6 +848,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond);
int
fill_schema_table_privileges
(
THD
*
thd
,
TABLE_LIST
*
tables
,
COND
*
cond
);
int
fill_schema_column_privileges
(
THD
*
thd
,
TABLE_LIST
*
tables
,
COND
*
cond
);
bool
get_schema_tables_result
(
JOIN
*
join
);
#define is_schema_db(X) \
!my_strcasecmp(system_charset_info, information_schema_name.str, (X))
/* sql_prepare.cc */
...
...
This diff is collapsed.
Click to expand it.
sql/repl_failsafe.cc
View file @
4113dbc1
...
...
@@ -162,7 +162,7 @@ int register_slave(THD* thd, uchar* packet, uint packet_length)
SLAVE_INFO
*
si
;
uchar
*
p
=
packet
,
*
p_end
=
packet
+
packet_length
;
if
(
check_access
(
thd
,
REPL_SLAVE_ACL
,
any_db
,
0
,
0
,
0
))
if
(
check_access
(
thd
,
REPL_SLAVE_ACL
,
any_db
,
0
,
0
,
0
,
0
))
return
1
;
if
(
!
(
si
=
(
SLAVE_INFO
*
)
my_malloc
(
sizeof
(
SLAVE_INFO
),
MYF
(
MY_WME
))))
goto
err2
;
...
...
This diff is collapsed.
Click to expand it.
sql/sql_acl.cc
View file @
4113dbc1
...
...
@@ -1337,7 +1337,7 @@ bool check_change_password(THD *thd, const char *host, const char *user,
(
strcmp
(
thd
->
user
,
user
)
||
my_strcasecmp
(
system_charset_info
,
host
,
thd
->
priv_host
)))
{
if
(
check_access
(
thd
,
UPDATE_ACL
,
"mysql"
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
UPDATE_ACL
,
"mysql"
,
0
,
1
,
0
,
0
))
return
(
1
);
}
if
(
!
thd
->
slave_thread
&&
!
thd
->
user
[
0
])
...
...
@@ -5533,7 +5533,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
ulong
want_access
;
char
buff
[
100
];
TABLE
*
table
=
tables
->
table
;
bool
no_global_access
=
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
1
);
bool
no_global_access
=
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
1
,
0
);
char
*
curr_host
=
thd
->
priv_host
?
thd
->
priv_host
:
(
char
*
)
"%"
;
DBUG_ENTER
(
"fill_schema_user_privileges"
);
...
...
@@ -5586,7 +5586,7 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
ulong
want_access
;
char
buff
[
100
];
TABLE
*
table
=
tables
->
table
;
bool
no_global_access
=
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
1
);
bool
no_global_access
=
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
1
,
0
);
char
*
curr_host
=
thd
->
priv_host
?
thd
->
priv_host
:
(
char
*
)
"%"
;
DBUG_ENTER
(
"fill_schema_schema_privileges"
);
...
...
@@ -5641,7 +5641,7 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
uint
index
;
char
buff
[
100
];
TABLE
*
table
=
tables
->
table
;
bool
no_global_access
=
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
1
);
bool
no_global_access
=
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
1
,
0
);
char
*
curr_host
=
thd
->
priv_host
?
thd
->
priv_host
:
(
char
*
)
"%"
;
DBUG_ENTER
(
"fill_schema_table_privileges"
);
...
...
@@ -5703,7 +5703,7 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
uint
index
;
char
buff
[
100
];
TABLE
*
table
=
tables
->
table
;
bool
no_global_access
=
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
1
);
bool
no_global_access
=
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
1
,
0
);
char
*
curr_host
=
thd
->
priv_host
?
thd
->
priv_host
:
(
char
*
)
"%"
;
DBUG_ENTER
(
"fill_schema_table_privileges"
);
...
...
This diff is collapsed.
Click to expand it.
sql/sql_parse.cc
View file @
4113dbc1
...
...
@@ -1776,7 +1776,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
remove_escape
(
table_list
.
table_name
);
// This can't have wildcards
if
(
check_access
(
thd
,
SELECT_ACL
,
table_list
.
db
,
&
table_list
.
grant
.
privilege
,
0
,
0
))
0
,
0
,
test
(
table_list
.
schema_table
)
))
break
;
if
(
grant_option
&&
check_grant
(
thd
,
SELECT_ACL
,
&
table_list
,
2
,
UINT_MAX
,
0
))
...
...
@@ -1817,7 +1817,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
my_error
(
ER_WRONG_DB_NAME
,
MYF
(
0
),
db
?
db
:
"NULL"
);
break
;
}
if
(
check_access
(
thd
,
CREATE_ACL
,
db
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
CREATE_ACL
,
db
,
0
,
1
,
0
,
is_schema_db
(
db
)
))
break
;
mysql_log
.
write
(
thd
,
command
,
packet
);
bzero
(
&
create_info
,
sizeof
(
create_info
));
...
...
@@ -1836,7 +1836,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
my_error
(
ER_WRONG_DB_NAME
,
MYF
(
0
),
db
?
db
:
"NULL"
);
break
;
}
if
(
check_access
(
thd
,
DROP_ACL
,
db
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
DROP_ACL
,
db
,
0
,
1
,
0
,
is_schema_db
(
db
)
))
break
;
if
(
thd
->
locked_tables
||
thd
->
active_transaction
())
{
...
...
@@ -2134,7 +2134,8 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident,
my_error
(
ER_WRONG_DB_NAME
,
MYF
(
0
),
db
);
DBUG_RETURN
(
1
);
}
if
(
check_access
(
thd
,
SELECT_ACL
,
db
,
&
thd
->
col_access
,
0
,
0
))
if
(
check_access
(
thd
,
SELECT_ACL
,
db
,
&
thd
->
col_access
,
0
,
0
,
is_schema_db
(
db
)))
DBUG_RETURN
(
1
);
/* purecov: inspected */
if
(
!
thd
->
col_access
&&
check_grant_db
(
thd
,
db
))
{
...
...
@@ -2173,7 +2174,8 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident,
remove_escape
(
db
);
// Fix escaped '_'
remove_escape
(
table_list
->
table_name
);
if
(
check_access
(
thd
,
SELECT_ACL
|
EXTRA_ACL
,
db
,
&
table_list
->
grant
.
privilege
,
0
,
0
))
&
table_list
->
grant
.
privilege
,
0
,
0
,
test
(
table_list
->
schema_table
)))
DBUG_RETURN
(
1
);
/* purecov: inspected */
if
(
grant_option
&&
check_grant
(
thd
,
SELECT_ACL
,
table_list
,
2
,
UINT_MAX
,
0
))
...
...
@@ -2430,7 +2432,7 @@ mysql_execute_command(THD *thd)
else
res
=
check_access
(
thd
,
lex
->
exchange
?
SELECT_ACL
|
FILE_ACL
:
SELECT_ACL
,
any_db
,
0
,
0
,
0
);
any_db
,
0
,
0
,
0
,
0
);
if
(
res
)
goto
error
;
...
...
@@ -2612,7 +2614,8 @@ mysql_execute_command(THD *thd)
DBUG_ASSERT
(
first_table
==
all_tables
&&
first_table
!=
0
);
if
(
check_db_used
(
thd
,
all_tables
)
||
check_access
(
thd
,
INDEX_ACL
,
first_table
->
db
,
&
first_table
->
grant
.
privilege
,
0
,
0
))
&
first_table
->
grant
.
privilege
,
0
,
0
,
test
(
first_table
->
schema_table
)))
goto
error
;
res
=
mysql_assign_to_keycache
(
thd
,
first_table
,
&
lex
->
ident
);
break
;
...
...
@@ -2622,7 +2625,8 @@ mysql_execute_command(THD *thd)
DBUG_ASSERT
(
first_table
==
all_tables
&&
first_table
!=
0
);
if
(
check_db_used
(
thd
,
all_tables
)
||
check_access
(
thd
,
INDEX_ACL
,
first_table
->
db
,
&
first_table
->
grant
.
privilege
,
0
,
0
))
&
first_table
->
grant
.
privilege
,
0
,
0
,
test
(
first_table
->
schema_table
)))
goto
error
;
res
=
mysql_preload_keys
(
thd
,
first_table
);
break
;
...
...
@@ -2688,7 +2692,8 @@ mysql_execute_command(THD *thd)
if
(
!
first_table
->
db
)
first_table
->
db
=
thd
->
db
;
if
(
check_access
(
thd
,
CREATE_ACL
,
first_table
->
db
,
&
first_table
->
grant
.
privilege
,
0
,
0
))
&
first_table
->
grant
.
privilege
,
0
,
0
,
test
(
first_table
->
schema_table
)))
goto
error
;
/* purecov: inspected */
if
(
grant_option
)
{
...
...
@@ -2953,8 +2958,10 @@ end_with_restore_list:
select_lex
->
db
=
first_table
->
db
;
}
if
(
check_access
(
thd
,
ALTER_ACL
,
first_table
->
db
,
&
first_table
->
grant
.
privilege
,
0
,
0
)
||
check_access
(
thd
,
INSERT_ACL
|
CREATE_ACL
,
select_lex
->
db
,
&
priv
,
0
,
0
)
||
&
first_table
->
grant
.
privilege
,
0
,
0
,
test
(
first_table
->
schema_table
))
||
check_access
(
thd
,
INSERT_ACL
|
CREATE_ACL
,
select_lex
->
db
,
&
priv
,
0
,
0
,
is_schema_db
(
select_lex
->
db
))
||
check_merge_table_access
(
thd
,
first_table
->
db
,
(
TABLE_LIST
*
)
lex
->
create_info
.
merge_list
.
first
))
...
...
@@ -3004,9 +3011,10 @@ end_with_restore_list:
for
(
table
=
first_table
;
table
;
table
=
table
->
next_local
->
next_local
)
{
if
(
check_access
(
thd
,
ALTER_ACL
|
DROP_ACL
,
table
->
db
,
&
table
->
grant
.
privilege
,
0
,
0
)
||
&
table
->
grant
.
privilege
,
0
,
0
,
test
(
table
->
schema_table
)
)
||
check_access
(
thd
,
INSERT_ACL
|
CREATE_ACL
,
table
->
next_local
->
db
,
&
table
->
next_local
->
grant
.
privilege
,
0
,
0
))
&
table
->
next_local
->
grant
.
privilege
,
0
,
0
,
test
(
table
->
next_local
->
schema_table
)))
goto
error
;
if
(
grant_option
)
{
...
...
@@ -3058,7 +3066,8 @@ end_with_restore_list:
if
(
check_db_used
(
thd
,
all_tables
)
||
check_access
(
thd
,
SELECT_ACL
|
EXTRA_ACL
,
first_table
->
db
,
&
first_table
->
grant
.
privilege
,
0
,
0
))
&
first_table
->
grant
.
privilege
,
0
,
0
,
test
(
first_table
->
schema_table
)))
goto
error
;
if
(
grant_option
&&
check_grant
(
thd
,
SELECT_ACL
,
all_tables
,
2
,
UINT_MAX
,
0
))
goto
error
;
...
...
@@ -3390,7 +3399,7 @@ end_with_restore_list:
goto
error
;
#else
{
if
(
grant_option
&&
check_access
(
thd
,
FILE_ACL
,
any_db
,
0
,
0
,
0
))
if
(
grant_option
&&
check_access
(
thd
,
FILE_ACL
,
any_db
,
0
,
0
,
0
,
0
))
goto
error
;
res
=
mysqld_show_logs
(
thd
);
break
;
...
...
@@ -3519,7 +3528,7 @@ end_with_restore_list:
break
;
}
#endif
if
(
check_access
(
thd
,
CREATE_ACL
,
lex
->
name
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
CREATE_ACL
,
lex
->
name
,
0
,
1
,
0
,
is_schema_db
(
lex
->
name
)
))
break
;
res
=
mysql_create_db
(
thd
,(
lower_case_table_names
==
2
?
alias
:
lex
->
name
),
&
lex
->
create_info
,
0
);
...
...
@@ -3553,7 +3562,7 @@ end_with_restore_list:
break
;
}
#endif
if
(
check_access
(
thd
,
DROP_ACL
,
lex
->
name
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
DROP_ACL
,
lex
->
name
,
0
,
1
,
0
,
is_schema_db
(
lex
->
name
)
))
break
;
if
(
thd
->
locked_tables
||
thd
->
active_transaction
())
{
...
...
@@ -3593,7 +3602,7 @@ end_with_restore_list:
break
;
}
#endif
if
(
check_access
(
thd
,
ALTER_ACL
,
db
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
ALTER_ACL
,
db
,
0
,
1
,
0
,
is_schema_db
(
db
)
))
break
;
if
(
thd
->
locked_tables
||
thd
->
active_transaction
())
{
...
...
@@ -3611,14 +3620,14 @@ end_with_restore_list:
my_error
(
ER_WRONG_DB_NAME
,
MYF
(
0
),
lex
->
name
);
break
;
}
if
(
check_access
(
thd
,
SELECT_ACL
,
lex
->
name
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
SELECT_ACL
,
lex
->
name
,
0
,
1
,
0
,
is_schema_db
(
lex
->
name
)
))
break
;
res
=
mysqld_show_create_db
(
thd
,
lex
->
name
,
&
lex
->
create_info
);
break
;
}
case
SQLCOM_CREATE_FUNCTION
:
// UDF function
{
if
(
check_access
(
thd
,
INSERT_ACL
,
"mysql"
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
INSERT_ACL
,
"mysql"
,
0
,
1
,
0
,
0
))
break
;
#ifdef HAVE_DLOPEN
if
(
sp_find_function
(
thd
,
lex
->
spname
))
...
...
@@ -3637,7 +3646,7 @@ end_with_restore_list:
#ifndef NO_EMBEDDED_ACCESS_CHECKS
case
SQLCOM_CREATE_USER
:
{
if
(
check_access
(
thd
,
INSERT_ACL
,
"mysql"
,
0
,
1
,
1
)
&&
if
(
check_access
(
thd
,
INSERT_ACL
,
"mysql"
,
0
,
1
,
1
,
0
)
&&
check_global_access
(
thd
,
CREATE_USER_ACL
))
break
;
if
(
!
(
res
=
mysql_create_user
(
thd
,
lex
->
users_list
)))
...
...
@@ -3653,7 +3662,7 @@ end_with_restore_list:
}
case
SQLCOM_DROP_USER
:
{
if
(
check_access
(
thd
,
DELETE_ACL
,
"mysql"
,
0
,
1
,
1
)
&&
if
(
check_access
(
thd
,
DELETE_ACL
,
"mysql"
,
0
,
1
,
1
,
0
)
&&
check_global_access
(
thd
,
CREATE_USER_ACL
))
break
;
if
(
!
(
res
=
mysql_drop_user
(
thd
,
lex
->
users_list
)))
...
...
@@ -3669,7 +3678,7 @@ end_with_restore_list:
}
case
SQLCOM_RENAME_USER
:
{
if
(
check_access
(
thd
,
UPDATE_ACL
,
"mysql"
,
0
,
1
,
1
)
&&
if
(
check_access
(
thd
,
UPDATE_ACL
,
"mysql"
,
0
,
1
,
1
,
0
)
&&
check_global_access
(
thd
,
CREATE_USER_ACL
))
break
;
if
(
!
(
res
=
mysql_rename_user
(
thd
,
lex
->
users_list
)))
...
...
@@ -3685,7 +3694,7 @@ end_with_restore_list:
}
case
SQLCOM_REVOKE_ALL
:
{
if
(
check_access
(
thd
,
UPDATE_ACL
,
"mysql"
,
0
,
1
,
1
)
&&
if
(
check_access
(
thd
,
UPDATE_ACL
,
"mysql"
,
0
,
1
,
1
,
0
)
&&
check_global_access
(
thd
,
CREATE_USER_ACL
))
break
;
if
(
!
(
res
=
mysql_revoke_all
(
thd
,
lex
->
users_list
)))
...
...
@@ -3705,7 +3714,9 @@ end_with_restore_list:
if
(
check_access
(
thd
,
lex
->
grant
|
lex
->
grant_tot_col
|
GRANT_ACL
,
first_table
?
first_table
->
db
:
select_lex
->
db
,
first_table
?
&
first_table
->
grant
.
privilege
:
0
,
first_table
?
0
:
1
,
0
))
first_table
?
0
:
1
,
0
,
first_table
?
(
bool
)
first_table
->
schema_table
:
select_lex
->
db
?
is_schema_db
(
select_lex
->
db
)
:
0
))
goto
error
;
if
(
thd
->
user
)
// If not replication
...
...
@@ -3730,7 +3741,7 @@ end_with_restore_list:
{
// TODO: use check_change_password()
if
(
check_acl_user
(
user
,
&
counter
)
&&
user
->
password
.
str
&&
check_access
(
thd
,
UPDATE_ACL
,
"mysql"
,
0
,
1
,
1
))
check_access
(
thd
,
UPDATE_ACL
,
"mysql"
,
0
,
1
,
1
,
0
))
{
my_message
(
ER_PASSWORD_NOT_ALLOWED
,
ER
(
ER_PASSWORD_NOT_ALLOWED
),
MYF
(
0
));
...
...
@@ -3855,7 +3866,7 @@ end_with_restore_list:
case
SQLCOM_SHOW_GRANTS
:
if
((
thd
->
priv_user
&&
!
strcmp
(
thd
->
priv_user
,
lex
->
grant_user
->
user
.
str
))
||
!
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
0
))
!
check_access
(
thd
,
SELECT_ACL
,
"mysql"
,
0
,
1
,
0
,
0
))
{
res
=
mysql_show_grants
(
thd
,
lex
->
grant_user
);
}
...
...
@@ -4010,7 +4021,8 @@ end_with_restore_list:
DBUG_ASSERT
(
lex
->
sphead
!=
0
);
if
(
check_access
(
thd
,
CREATE_PROC_ACL
,
lex
->
sphead
->
m_db
.
str
,
0
,
0
,
0
))
if
(
check_access
(
thd
,
CREATE_PROC_ACL
,
lex
->
sphead
->
m_db
.
str
,
0
,
0
,
0
,
is_schema_db
(
lex
->
sphead
->
m_db
.
str
)))
{
delete
lex
->
sphead
;
lex
->
sphead
=
0
;
...
...
@@ -4354,7 +4366,7 @@ end_with_restore_list:
lex
->
spname
->
m_name
.
length
);
if
(
udf
)
{
if
(
check_access
(
thd
,
DELETE_ACL
,
"mysql"
,
0
,
1
,
0
))
if
(
check_access
(
thd
,
DELETE_ACL
,
"mysql"
,
0
,
1
,
0
,
0
))
goto
error
;
if
(
!
(
res
=
mysql_drop_function
(
thd
,
&
lex
->
spname
->
m_name
)))
{
...
...
@@ -4719,7 +4731,8 @@ cleanup:
bool
check_one_table_access
(
THD
*
thd
,
ulong
privilege
,
TABLE_LIST
*
all_tables
)
{
if
(
check_access
(
thd
,
privilege
,
all_tables
->
db
,
&
all_tables
->
grant
.
privilege
,
0
,
0
))
&
all_tables
->
grant
.
privilege
,
0
,
0
,
test
(
all_tables
->
schema_table
)))
return
1
;
/* Show only 1 table for check_grant */
...
...
@@ -4758,13 +4771,14 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
bool
check_access
(
THD
*
thd
,
ulong
want_access
,
const
char
*
db
,
ulong
*
save_priv
,
bool
dont_check_global_grants
,
bool
no_errors
)
bool
dont_check_global_grants
,
bool
no_errors
,
bool
schema_db
)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
ulong
db_access
;
bool
db_is_pattern
=
test
(
want_access
&
GRANT_ACL
);
#endif
ulong
dummy
;
const
char
*
db_name
;
DBUG_ENTER
(
"check_access"
);
DBUG_PRINT
(
"enter"
,(
"db: %s want_access: %lu master_access: %lu"
,
db
?
db
:
""
,
want_access
,
thd
->
master_access
));
...
...
@@ -4782,6 +4796,23 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
DBUG_RETURN
(
TRUE
);
/* purecov: tested */
}
db_name
=
db
?
db
:
thd
->
db
;
if
(
schema_db
)
{
if
(
want_access
&
~
(
SELECT_ACL
|
EXTRA_ACL
))
{
if
(
!
no_errors
)
my_error
(
ER_DBACCESS_DENIED_ERROR
,
MYF
(
0
),
thd
->
priv_user
,
thd
->
priv_host
,
db_name
);
DBUG_RETURN
(
TRUE
);
}
else
{
*
save_priv
=
SELECT_ACL
;
DBUG_RETURN
(
FALSE
);
}
}
#ifdef NO_EMBEDDED_ACCESS_CHECKS
DBUG_RETURN
(
0
);
#else
...
...
@@ -4894,6 +4925,15 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
TABLE_LIST
*
org_tables
=
tables
;
for
(;
tables
;
tables
=
tables
->
next_global
)
{
if
(
tables
->
schema_table
&&
(
want_access
&
~
(
SELECT_ACL
|
EXTRA_ACL
)))
{
if
(
!
no_errors
)
my_error
(
ER_DBACCESS_DENIED_ERROR
,
MYF
(
0
),
thd
->
priv_user
,
thd
->
priv_host
,
information_schema_name
.
str
);
return
TRUE
;
}
if
(
tables
->
derived
||
tables
->
schema_table
||
tables
->
belong_to_view
||
(
tables
->
table
&&
(
int
)
tables
->
table
->
s
->
tmp_table
)
||
my_tz_check_n_skip_implicit_tables
(
&
tables
,
...
...
@@ -4909,14 +4949,14 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
else
{
if
(
check_access
(
thd
,
want_access
,
tables
->
db
,
&
tables
->
grant
.
privilege
,
0
,
no_errors
))
0
,
no_errors
,
test
(
tables
->
schema_table
)
))
return
TRUE
;
// Access denied
found_access
=
tables
->
grant
.
privilege
;
found
=
1
;
}
}
else
if
(
check_access
(
thd
,
want_access
,
tables
->
db
,
&
tables
->
grant
.
privilege
,
0
,
no_errors
))
0
,
no_errors
,
test
(
tables
->
schema_table
)
))
return
TRUE
;
}
if
(
grant_option
)
...
...
@@ -4939,7 +4979,7 @@ check_routine_access(THD *thd, ulong want_access,char *db, char *name,
if
((
thd
->
master_access
&
want_access
)
==
want_access
&&
!
thd
->
db
)
tables
->
grant
.
privilege
=
want_access
;
else
if
(
check_access
(
thd
,
want_access
,
db
,
&
tables
->
grant
.
privilege
,
0
,
no_errors
))
0
,
no_errors
,
test
(
tables
->
schema_table
)
))
return
TRUE
;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
...
...
@@ -4971,7 +5011,11 @@ bool check_some_routine_access(THD *thd, const char *db, const char *name,
ulong
save_priv
;
if
(
thd
->
master_access
&
SHOW_PROC_ACLS
)
return
FALSE
;
if
(
!
check_access
(
thd
,
SHOW_PROC_ACLS
,
db
,
&
save_priv
,
0
,
1
)
||
/*
There are no routines in information_schema db. So we can safely
pass zero to last paramter of check_access function
*/
if
(
!
check_access
(
thd
,
SHOW_PROC_ACLS
,
db
,
&
save_priv
,
0
,
1
,
0
)
||
(
save_priv
&
SHOW_PROC_ACLS
))
return
FALSE
;
return
check_routine_level_acl
(
thd
,
db
,
name
,
is_proc
);
...
...
@@ -5003,7 +5047,8 @@ bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table)
if
(
access
&
want_access
)
{
if
(
!
check_access
(
thd
,
access
,
table
->
db
,
&
table
->
grant
.
privilege
,
0
,
1
)
&&
&
table
->
grant
.
privilege
,
0
,
1
,
test
(
table
->
schema_table
))
&&
!
grant_option
||
!
check_grant
(
thd
,
access
,
table
,
0
,
1
,
1
))
DBUG_RETURN
(
0
);
}
...
...
@@ -6811,10 +6856,11 @@ static bool check_multi_update_lock(THD *thd)
{
TABLE_LIST
*
save
=
table
->
next_local
;
table
->
next_local
=
0
;
if
((
check_access
(
thd
,
UPDATE_ACL
,
table
->
db
,
&
table
->
grant
.
privilege
,
0
,
1
)
||
(
grant_option
&&
check_grant
(
thd
,
UPDATE_ACL
,
table
,
0
,
1
,
1
)))
&&
if
((
check_access
(
thd
,
UPDATE_ACL
,
table
->
db
,
&
table
->
grant
.
privilege
,
0
,
1
,
test
(
table
->
schema_table
))
||
(
grant_option
&&
check_grant
(
thd
,
UPDATE_ACL
,
table
,
0
,
1
,
1
)))
&&
check_one_table_access
(
thd
,
SELECT_ACL
,
table
))
goto
error
;
goto
error
;
table
->
next_local
=
save
;
}
...
...
@@ -6979,11 +7025,13 @@ bool multi_update_precheck(THD *thd, TABLE_LIST *tables)
if
(
table
->
derived
)
table
->
grant
.
privilege
=
SELECT_ACL
;
else
if
((
check_access
(
thd
,
UPDATE_ACL
,
table
->
db
,
&
table
->
grant
.
privilege
,
0
,
1
)
||
&
table
->
grant
.
privilege
,
0
,
1
,
test
(
table
->
schema_table
))
||
grant_option
&&
check_grant
(
thd
,
UPDATE_ACL
,
table
,
0
,
1
,
1
))
&&
(
check_access
(
thd
,
SELECT_ACL
,
table
->
db
,
&
table
->
grant
.
privilege
,
0
,
0
)
||
&
table
->
grant
.
privilege
,
0
,
0
,
test
(
table
->
schema_table
))
||
grant_option
&&
check_grant
(
thd
,
SELECT_ACL
,
table
,
0
,
1
,
0
)))
DBUG_RETURN
(
TRUE
);
...
...
@@ -7002,7 +7050,8 @@ bool multi_update_precheck(THD *thd, TABLE_LIST *tables)
!
table
->
table_in_first_from_clause
)
{
if
(
check_access
(
thd
,
SELECT_ACL
,
table
->
db
,
&
table
->
grant
.
privilege
,
0
,
0
)
||
&
table
->
grant
.
privilege
,
0
,
0
,
test
(
table
->
schema_table
))
||
grant_option
&&
check_grant
(
thd
,
SELECT_ACL
,
table
,
0
,
1
,
0
))
DBUG_RETURN
(
TRUE
);
}
...
...
@@ -7219,7 +7268,8 @@ bool create_table_precheck(THD *thd, TABLE_LIST *tables,
CREATE_TMP_ACL
:
CREATE_ACL
);
lex
->
create_info
.
alias
=
create_table
->
alias
;
if
(
check_access
(
thd
,
want_priv
,
create_table
->
db
,
&
create_table
->
grant
.
privilege
,
0
,
0
)
||
&
create_table
->
grant
.
privilege
,
0
,
0
,
test
(
create_table
->
schema_table
))
||
check_merge_table_access
(
thd
,
create_table
->
db
,
(
TABLE_LIST
*
)
lex
->
create_info
.
merge_list
.
first
))
...
...
This diff is collapsed.
Click to expand it.
sql/sql_prepare.cc
View file @
4113dbc1
...
...
@@ -1235,7 +1235,7 @@ static int mysql_test_select(Prepared_statement *stmt,
if
(
check_table_access
(
thd
,
privilege
,
tables
,
0
))
goto
error
;
}
else
if
(
check_access
(
thd
,
privilege
,
any_db
,
0
,
0
,
0
))
else
if
(
check_access
(
thd
,
privilege
,
any_db
,
0
,
0
,
0
,
0
))
goto
error
;
#endif
...
...
This diff is collapsed.
Click to expand it.
sql/sql_repl.cc
View file @
4113dbc1
...
...
@@ -769,7 +769,7 @@ int start_slave(THD* thd , MASTER_INFO* mi, bool net_report)
int
thread_mask
;
DBUG_ENTER
(
"start_slave"
);
if
(
check_access
(
thd
,
SUPER_ACL
,
any_db
,
0
,
0
,
0
))
if
(
check_access
(
thd
,
SUPER_ACL
,
any_db
,
0
,
0
,
0
,
0
))
DBUG_RETURN
(
1
);
lock_slave_threads
(
mi
);
// this allows us to cleanly read slave_running
// Get a mask of _stopped_ threads
...
...
@@ -894,7 +894,7 @@ int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report )
if
(
!
thd
)
thd
=
current_thd
;
if
(
check_access
(
thd
,
SUPER_ACL
,
any_db
,
0
,
0
,
0
))
if
(
check_access
(
thd
,
SUPER_ACL
,
any_db
,
0
,
0
,
0
,
0
))
return
1
;
thd
->
proc_info
=
"Killing slave"
;
int
thread_mask
;
...
...
This diff is collapsed.
Click to expand it.
sql/sql_show.cc
View file @
4113dbc1
...
...
@@ -2041,8 +2041,8 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond)
(
base_name
=
select_lex
->
db
)
&&
!
bases
.
elements
))
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if
(
with_i_schema
||
// don't check the rights if information schema db
!
check_access
(
thd
,
SELECT_ACL
,
base_name
,
&
thd
->
col_access
,
0
,
1
)
||
if
(
!
check_access
(
thd
,
SELECT_ACL
,
base_name
,
&
thd
->
col_access
,
0
,
1
,
with_i_schema
)
||
thd
->
master_access
&
(
DB_ACLS
|
SHOW_DB_ACL
)
||
acl_get
(
thd
->
host
,
thd
->
ip
,
thd
->
priv_user
,
base_name
,
0
)
||
(
grant_option
&&
!
check_grant_db
(
thd
,
base_name
)))
...
...
@@ -2464,7 +2464,7 @@ static int get_schema_column_record(THD *thd, struct st_table_list *tables,
#ifndef NO_EMBEDDED_ACCESS_CHECKS
uint
col_access
;
check_access
(
thd
,
SELECT_ACL
|
EXTRA_ACL
,
base_name
,
&
tables
->
grant
.
privilege
,
0
,
0
);
&
tables
->
grant
.
privilege
,
0
,
0
,
test
(
tables
->
schema_table
)
);
col_access
=
get_column_grant
(
thd
,
&
tables
->
grant
,
base_name
,
file_name
,
field
->
field_name
)
&
COL_ACLS
;
...
...
@@ -2480,12 +2480,7 @@ static int get_schema_column_record(THD *thd, struct st_table_list *tables,
end
=
strmov
(
end
,
grant_types
.
type_names
[
bitnr
]);
}
}
if
(
tables
->
schema_table
)
// any user has 'select' privilege on all
// I_S table columns
table
->
field
[
17
]
->
store
(
grant_types
.
type_names
[
0
],
strlen
(
grant_types
.
type_names
[
0
]),
cs
);
else
table
->
field
[
17
]
->
store
(
tmp
+
1
,
end
==
tmp
?
0
:
(
uint
)
(
end
-
tmp
-
1
),
cs
);
table
->
field
[
17
]
->
store
(
tmp
+
1
,
end
==
tmp
?
0
:
(
uint
)
(
end
-
tmp
-
1
),
cs
);
#endif
table
->
field
[
1
]
->
store
(
base_name
,
base_name_length
,
cs
);
...
...
This diff is collapsed.
Click to expand it.
sql/sql_update.cc
View file @
4113dbc1
...
...
@@ -720,7 +720,8 @@ bool mysql_multi_update_prepare(THD *thd)
{
uint
want_privilege
=
tl
->
updating
?
UPDATE_ACL
:
SELECT_ACL
;
if
(
check_access
(
thd
,
want_privilege
,
tl
->
db
,
&
tl
->
grant
.
privilege
,
0
,
0
)
||
tl
->
db
,
&
tl
->
grant
.
privilege
,
0
,
0
,
test
(
tl
->
schema_table
))
||
(
grant_option
&&
check_grant
(
thd
,
want_privilege
,
tl
,
0
,
1
,
0
)))
DBUG_RETURN
(
TRUE
);
}
...
...
This diff is collapsed.
Click to expand it.
sql/sql_view.cc
View file @
4113dbc1
...
...
@@ -224,11 +224,11 @@ bool mysql_create_view(THD *thd,
table (i.e. user will not get some privileges by view creation)
*/
if
((
check_access
(
thd
,
CREATE_VIEW_ACL
,
view
->
db
,
&
view
->
grant
.
privilege
,
0
,
0
)
||
0
,
0
,
is_schema_db
(
view
->
db
)
)
||
grant_option
&&
check_grant
(
thd
,
CREATE_VIEW_ACL
,
view
,
0
,
1
,
0
))
||
(
mode
!=
VIEW_CREATE_NEW
&&
(
check_access
(
thd
,
DROP_ACL
,
view
->
db
,
&
view
->
grant
.
privilege
,
0
,
0
)
||
0
,
0
,
is_schema_db
(
view
->
db
)
)
||
grant_option
&&
check_grant
(
thd
,
DROP_ACL
,
view
,
0
,
1
,
0
))))
{
res
=
TRUE
;
...
...
@@ -280,7 +280,7 @@ bool mysql_create_view(THD *thd,
if
(
!
tbl
->
table_in_first_from_clause
)
{
if
(
check_access
(
thd
,
SELECT_ACL
,
tbl
->
db
,
&
tbl
->
grant
.
privilege
,
0
,
0
)
||
&
tbl
->
grant
.
privilege
,
0
,
0
,
test
(
tbl
->
schema_table
)
)
||
grant_option
&&
check_grant
(
thd
,
SELECT_ACL
,
tbl
,
0
,
1
,
0
))
{
res
=
TRUE
;
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment