#At file:///Users/kgeorge/mysql/work/B41354-5.0-bugteam/ based on revid:davi.arnaut@stripped
2761 Georgi Kodinov 2009-02-26
Bug #41354: Access control is bypassed when all columns
of a view are selected by * wildcard
Backported a part of the fix for 36086 to 5.0
@ mysql-test/r/view_grant.result
Bug #41354: test case
@ mysql-test/t/view_grant.test
Bug #41354: test case
@ sql/sql_acl.cc
Bug #41354: return table error when no access and *
@ sql/sql_base.cc
Bug #41354: backported the check in bug 36086 to 5.0
modified:
mysql-test/r/view_grant.result
mysql-test/t/view_grant.test
sql/sql_acl.cc
sql/sql_base.cc
=== modified file 'mysql-test/r/view_grant.result'
--- a/mysql-test/r/view_grant.result 2008-02-21 09:17:32 +0000
+++ b/mysql-test/r/view_grant.result 2009-02-26 12:01:09 +0000
@@ -919,4 +919,29 @@ c4
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_u1@localhost;
+CREATE DATABASE db1;
+USE db1;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE VIEW v1 AS SELECT f1, f2 FROM t1;
+GRANT SELECT (f1) ON t1 TO foo;
+GRANT SELECT (f1) ON v1 TO foo;
+USE db1;
+SELECT f1 FROM t1;
+f1
+SELECT f2 FROM t1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'f2' in table 't1'
+SELECT * FROM t1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1'
+SELECT f1 FROM v1;
+f1
+SELECT f2 FROM v1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'f2' in table 'v1'
+SELECT * FROM v1;
+ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 'v1'
+USE test;
+REVOKE SELECT (f1) ON db1.t1 FROM foo;
+REVOKE SELECT (f1) ON db1.v1 FROM foo;
+DROP VIEW db1.v1;
+DROP TABLE db1.t1;
+DROP DATABASE db1;
End of 5.0 tests.
=== modified file 'mysql-test/t/view_grant.test'
--- a/mysql-test/t/view_grant.test 2008-02-21 09:17:32 +0000
+++ b/mysql-test/t/view_grant.test 2009-02-26 12:01:09 +0000
@@ -1185,4 +1185,43 @@ DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_u1@localhost;
+
+#
+# Bug #41354: Access control is bypassed when all columns of a view are
+# selected by * wildcard
+
+CREATE DATABASE db1;
+USE db1;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE VIEW v1 AS SELECT f1, f2 FROM t1;
+
+GRANT SELECT (f1) ON t1 TO foo;
+GRANT SELECT (f1) ON v1 TO foo;
+
+connect (addconfoo, localhost, foo,,);
+connection addconfoo;
+USE db1;
+
+
+SELECT f1 FROM t1;
+--error ER_COLUMNACCESS_DENIED_ERROR
+SELECT f2 FROM t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM t1;
+
+SELECT f1 FROM v1;
+--error ER_COLUMNACCESS_DENIED_ERROR
+SELECT f2 FROM v1;
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM v1;
+
+connection default;
+USE test;
+disconnect addconfoo;
+REVOKE SELECT (f1) ON db1.t1 FROM foo;
+REVOKE SELECT (f1) ON db1.v1 FROM foo;
+DROP VIEW db1.v1;
+DROP TABLE db1.t1;
+DROP DATABASE db1;
+
--echo End of 5.0 tests.
=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc 2008-12-24 14:45:47 +0000
+++ b/sql/sql_acl.cc 2009-02-26 12:01:09 +0000
@@ -3866,6 +3866,11 @@ bool check_grant_all_columns(THD *thd, u
Security_context *sctx= thd->security_ctx;
ulong want_access= want_access_arg;
const char *table_name= NULL;
+ /*
+ Flag that gets set if privilege checking has to be performed on column
+ level.
+ */
+ bool using_column_privileges= FALSE;
if (grant_option)
{
@@ -3909,6 +3914,8 @@ bool check_grant_all_columns(THD *thd, u
GRANT_COLUMN *grant_column=
column_hash_search(grant_table, field_name,
(uint) strlen(field_name));
+ if (grant_column)
+ using_column_privileges= TRUE;
if (!grant_column || (~grant_column->rights & want_access))
goto err;
}
@@ -3924,12 +3931,21 @@ err:
char command[128];
get_privilege_desc(command, sizeof(command), want_access);
- my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
- command,
- sctx->priv_user,
- sctx->host_or_ip,
- fields->name(),
- table_name);
+ /*
+ Do not give an error message listing a column name unless the user has
+ privilege to see all columns.
+ */
+ if (using_column_privileges)
+ my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
+ command, sctx->priv_user,
+ sctx->host_or_ip, table_name);
+ else
+ my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
+ command,
+ sctx->priv_user,
+ sctx->host_or_ip,
+ fields->name(),
+ table_name);
return 1;
}
=== modified file 'sql/sql_base.cc'
--- a/sql/sql_base.cc 2008-11-27 14:54:23 +0000
+++ b/sql/sql_base.cc 2009-02-26 12:01:09 +0000
@@ -5479,7 +5479,7 @@ insert_fields(THD *thd, Name_resolution_
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Ensure that we have access rights to all fields to be inserted. */
- if (!((table && (table->grant.privilege & SELECT_ACL) ||
+ if (!((table && !tables->view && (table->grant.privilege & SELECT_ACL) ||
tables->view && (tables->grant.privilege & SELECT_ACL))) &&
!any_privileges)
{
Attachment: [text/bzr-bundle] bzr/kgeorge@mysql.com-20090226120109-c7md6thnnb15gd20.bundle
| Thread |
|---|
| • bzr commit into mysql-5.0-bugteam branch (kgeorge:2761) Bug#41354 | Georgi Kodinov | 26 Feb |
