Commit 5031a418 authored by unknown's avatar unknown

Bug#18660 Can't grant any privileges on single table in database with underscore char

In case of database level grant the database name may be a pattern,
in case of table|column level grant the database name can not be a pattern.
We use 'dont_check_global_grants' as a flag to determine
if it's database level grant command 
(see SQLCOM_GRANT case, mysql_execute_command() function) and
set db_is_pattern according to 'dont_check_global_grants' value.


mysql-test/r/grant2.result:
  test result
mysql-test/t/grant2.test:
  test case
sql/sql_parse.cc:
  In case of database level grant the database name may be a pattern,
  in case of table|column level grant the database name can not be a pattern.
  We use 'dont_check_global_grants' as a flag to determine
  if it's database level grant command 
  (see SQLCOM_GRANT case, mysql_execute_command() function) and
  set db_is_pattern according to 'dont_check_global_grants' value.
parent 88d5c014
...@@ -403,4 +403,22 @@ use test; ...@@ -403,4 +403,22 @@ use test;
drop database mysqltest_1; drop database mysqltest_1;
drop database mysqltest_2; drop database mysqltest_2;
drop user mysqltest_u1@localhost; drop user mysqltest_u1@localhost;
grant all on `mysqltest\_%`.* to mysqltest_1@localhost with grant option;
grant usage on *.* to mysqltest_2@localhost;
create database mysqltest_1;
use mysqltest_1;
create table t1 (f1 int);
grant create on `mysqltest\_1`.* to mysqltest_2@localhost;
grant select on mysqltest_1.t1 to mysqltest_2@localhost;
create database mysqltest_3;
ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysqltest_3'
use mysqltest_1;
create table t2(f1 int);
select * from t1;
f1
drop database mysqltest_1;
revoke all privileges, grant option from mysqltest_1@localhost;
revoke all privileges, grant option from mysqltest_2@localhost;
drop user mysqltest_1@localhost;
drop user mysqltest_2@localhost;
End of 5.0 tests End of 5.0 tests
...@@ -555,5 +555,35 @@ drop database mysqltest_1; ...@@ -555,5 +555,35 @@ drop database mysqltest_1;
drop database mysqltest_2; drop database mysqltest_2;
drop user mysqltest_u1@localhost; drop user mysqltest_u1@localhost;
#
# Bug#18660 Can't grant any privileges on single table in database
# with underscore char
#
grant all on `mysqltest\_%`.* to mysqltest_1@localhost with grant option;
grant usage on *.* to mysqltest_2@localhost;
connect (con18600_1,localhost,mysqltest_1,,);
create database mysqltest_1;
use mysqltest_1;
create table t1 (f1 int);
grant create on `mysqltest\_1`.* to mysqltest_2@localhost;
grant select on mysqltest_1.t1 to mysqltest_2@localhost;
connect (con3,localhost,mysqltest_2,,);
connection con3;
--error 1044
create database mysqltest_3;
use mysqltest_1;
create table t2(f1 int);
select * from t1;
connection default;
drop database mysqltest_1;
revoke all privileges, grant option from mysqltest_1@localhost;
revoke all privileges, grant option from mysqltest_2@localhost;
drop user mysqltest_1@localhost;
drop user mysqltest_2@localhost;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -5252,7 +5252,17 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, ...@@ -5252,7 +5252,17 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
Security_context *sctx= thd->security_ctx; Security_context *sctx= thd->security_ctx;
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
ulong db_access; ulong db_access;
bool db_is_pattern= test(want_access & GRANT_ACL); /*
GRANT command:
In case of database level grant the database name may be a pattern,
in case of table|column level grant the database name can not be a pattern.
We use 'dont_check_global_grants' as a flag to determine
if it's database level grant command
(see SQLCOM_GRANT case, mysql_execute_command() function) and
set db_is_pattern according to 'dont_check_global_grants' value.
*/
bool db_is_pattern= (test(want_access & GRANT_ACL) &&
dont_check_global_grants);
#endif #endif
ulong dummy; ulong dummy;
DBUG_ENTER("check_access"); DBUG_ENTER("check_access");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment