List:Commits« Previous MessageNext Message »
From:holyfoot Date:April 4 2007 11:01am
Subject:bk commit into 5.1 tree (holyfoot:1.2506) BUG#23675
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of hf. When hf does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-04-04 14:01:47+05:00, holyfoot@stripped +7 -0
   Bug #23675 Partitions: possible security breach via alter
  now we return different error message if user doesn't have
  SELECT grants

  mysql-test/r/partition_grant.result@stripped, 2007-04-04 14:01:44+05:00, holyfoot@stripped
+10 -1
    test result

  mysql-test/t/partition_grant.test@stripped, 2007-04-04 14:01:44+05:00, holyfoot@stripped +23
-1
    testcase

  sql/mysql_priv.h@stripped, 2007-04-04 14:01:44+05:00, holyfoot@stripped +1 -1
    no_errors parameter added to check_single_table_access()

  sql/partition_info.cc@stripped, 2007-04-04 14:01:44+05:00, holyfoot@stripped +19 -7
    access rights control added to the print_no_partition()

  sql/share/errmsg.txt@stripped, 2007-04-04 14:01:44+05:00, holyfoot@stripped +2 -0
    message added

  sql/sql_base.cc@stripped, 2007-04-04 14:01:44+05:00, holyfoot@stripped +1 -1
    no_errors parameter added to check_single_table_access()

  sql/sql_parse.cc@stripped, 2007-04-04 14:01:44+05:00, holyfoot@stripped +7 -5
    no_errors parameter added to check_single_table_access()

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	holyfoot
# Host:	hfmain.(none)
# Root:	/home/hf/work/23675/my51-23675

--- 1.489/sql/mysql_priv.h	2007-04-04 14:01:52 +05:00
+++ 1.490/sql/mysql_priv.h	2007-04-04 14:01:52 +05:00
@@ -598,7 +598,7 @@ class THD;
 void close_thread_tables(THD *thd, bool locked=0, bool skip_derived=0);
 bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *tables);
 bool check_single_table_access(THD *thd, ulong privilege,
-			   TABLE_LIST *tables);
+			   TABLE_LIST *tables, bool no_errors);
 bool check_routine_access(THD *thd,ulong want_access,char *db,char *name,
 			  bool is_proc, bool no_errors);
 bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);

--- 1.386/sql/sql_base.cc	2007-04-04 14:01:52 +05:00
+++ 1.387/sql/sql_base.cc	2007-04-04 14:01:52 +05:00
@@ -5781,7 +5781,7 @@ bool setup_tables_and_check_access(THD *
   {
     if (leaves_tmp->belong_to_view && 
         check_single_table_access(thd, first_table ? want_access_first :
-                                  want_access,  leaves_tmp))
+                                  want_access, leaves_tmp, FALSE))
     {
       tables->hide_view_error(thd);
       return TRUE;

--- 1.647/sql/sql_parse.cc	2007-04-04 14:01:52 +05:00
+++ 1.648/sql/sql_parse.cc	2007-04-04 14:01:52 +05:00
@@ -4433,6 +4433,8 @@ static bool execute_sqlcom_select(THD *t
     thd			Thread handler
     privilege		requested privilege
     all_tables		global table list of query
+    no_errors           FALSE/TRUE - report/don't report error to
+                            the client (using my_error() call).
 
   RETURN
     0 - OK
@@ -4440,7 +4442,7 @@ static bool execute_sqlcom_select(THD *t
 */
 
 bool check_single_table_access(THD *thd, ulong privilege, 
-                               TABLE_LIST *all_tables)
+                               TABLE_LIST *all_tables, bool no_errors)
 {
   Security_context * backup_ctx= thd->security_ctx;
 
@@ -4456,12 +4458,12 @@ bool check_single_table_access(THD *thd,
     db_name= all_tables->db;
 
   if (check_access(thd, privilege, db_name,
-		   &all_tables->grant.privilege, 0, 0,
+		   &all_tables->grant.privilege, 0, no_errors,
                    test(all_tables->schema_table)))
     goto deny;
 
   /* Show only 1 table for check_grant */
-  if (grant_option && check_grant(thd, privilege, all_tables, 0, 1, 0))
+  if (grant_option && check_grant(thd, privilege, all_tables, 0, 1, no_errors))
     goto deny;
 
   thd->security_ctx= backup_ctx;
@@ -4489,7 +4491,7 @@ deny:
 
 bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
 {
-  if (check_single_table_access (thd,privilege,all_tables))
+  if (check_single_table_access (thd,privilege,all_tables, FALSE))
     return 1;
 
   /* Check rights on tables of subselects and implictly opened tables */
@@ -4502,7 +4504,7 @@ bool check_one_table_access(THD *thd, ul
     */
     if (view && subselects_tables->belong_to_view == view)
     {
-      if (check_single_table_access (thd, privilege, subselects_tables))
+      if (check_single_table_access (thd, privilege, subselects_tables, FALSE))
         return 1;
       subselects_tables= subselects_tables->next_global;
     }

--- 1.148/sql/share/errmsg.txt	2007-04-04 14:01:52 +05:00
+++ 1.149/sql/share/errmsg.txt	2007-04-04 14:01:52 +05:00
@@ -6053,3 +6053,5 @@ ER_DUP_ENTRY_WITH_KEY_NAME 23000 S1009
 ER_BINLOG_PURGE_EMFILE
         eng "Too many files opened, please execute the command again"
         ger "Zu viele offene Dateien, bitte führen Sie den Befehl noch einmal aus"
+ER_NO_PARTITION_FOR_GIVEN_VALUE_SILENT
+        eng "Table has no partition for some existing values"

--- 1.2/mysql-test/r/partition_grant.result	2007-04-04 14:01:52 +05:00
+++ 1.3/mysql-test/r/partition_grant.result	2007-04-04 14:01:52 +05:00
@@ -19,7 +19,16 @@ revoke alter on mysqltest_1.* from mysql
 alter table t1 drop partition p3;
 ERROR 42000: ALTER command denied to user 'mysqltest_1'@'localhost' for table 't1'
 revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
-drop user mysqltest_1@localhost;
 drop table t1;
+create table t1 (s1 int);
+insert into t1 values (1);
+grant alter on mysqltest_1.* to mysqltest_1@localhost;
+alter table t1 partition by list (s1) (partition p1 values in (2));
+ERROR HY000: Table has no partition for some existing values
+grant select, alter on mysqltest_1.* to mysqltest_1@localhost;
+alter table t1 partition by list (s1) (partition p1 values in (2));
+ERROR HY000: Table has no partition for value 1
+drop table t1;
+drop user mysqltest_1@localhost;
 drop schema mysqltest_1;
 End of 5.1 tests

--- 1.2/mysql-test/t/partition_grant.test	2007-04-04 14:01:52 +05:00
+++ 1.3/mysql-test/t/partition_grant.test	2007-04-04 14:01:52 +05:00
@@ -52,8 +52,30 @@ disconnect conn3;
 connection default;
 
 revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
-drop user mysqltest_1@localhost;
 drop table t1;
+
+#
+# Bug #23675 Partitions: possible security breach via alter 
+#
+
+create table t1 (s1 int);
+insert into t1 values (1);
+grant alter on mysqltest_1.* to mysqltest_1@localhost;
+connect (conn4,localhost,mysqltest_1,,mysqltest_1);
+connection conn4;
+--error 1514
+alter table t1 partition by list (s1) (partition p1 values in (2));
+connection default;
+grant select, alter on mysqltest_1.* to mysqltest_1@localhost;
+disconnect conn4;
+connect (conn5,localhost,mysqltest_1,,mysqltest_1);
+--error 1514
+alter table t1 partition by list (s1) (partition p1 values in (2));
+disconnect conn5;
+connection default;
+drop table t1;
+
+drop user mysqltest_1@localhost;
 drop schema mysqltest_1;
 
 --echo End of 5.1 tests

--- 1.34/sql/partition_info.cc	2007-04-04 14:01:52 +05:00
+++ 1.35/sql/partition_info.cc	2007-04-04 14:01:52 +05:00
@@ -849,15 +849,27 @@ void partition_info::print_no_partition_
 {
   char buf[100];
   char *buf_ptr= (char*)&buf;
-  my_bitmap_map *old_map= dbug_tmp_use_all_columns(table, table->read_set);
+  TABLE_LIST table_list;
 
-  if (part_expr->null_value)
-    buf_ptr= (char*)"NULL";
+  bzero(&table_list, sizeof(table_list));
+  table_list.db= table->s->db.str;
+  table_list.table_name= table->s->table_name.str;
+
+  if (check_single_table_access(current_thd,
+                                SELECT_ACL, &table_list, TRUE))
+    my_message(ER_NO_PARTITION_FOR_GIVEN_VALUE,
+               ER(ER_NO_PARTITION_FOR_GIVEN_VALUE_SILENT), MYF(0));
   else
-    longlong2str(err_value, buf,
-                 part_expr->unsigned_flag ? 10 : -10);
-  my_error(ER_NO_PARTITION_FOR_GIVEN_VALUE, MYF(0), buf_ptr);
-  dbug_tmp_restore_column_map(table->read_set, old_map);
+  {
+    my_bitmap_map *old_map= dbug_tmp_use_all_columns(table, table->read_set);
+    if (part_expr->null_value)
+      buf_ptr= (char*)"NULL";
+    else
+      longlong2str(err_value, buf,
+                   part_expr->unsigned_flag ? 10 : -10);
+    my_error(ER_NO_PARTITION_FOR_GIVEN_VALUE, MYF(0), buf_ptr);
+    dbug_tmp_restore_column_map(table->read_set, old_map);
+  }
 }
 /*
   Set up buffers and arrays for fields requiring preparation
Thread
bk commit into 5.1 tree (holyfoot:1.2506) BUG#23675holyfoot4 Apr