Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet
1.1941 05/06/01 17:28:29 gluh@stripped +5 -0
Fix for bug#10964: Information Schema:Authorization check on privilege tables is improper
added privilege check for USER_PRIVILEGES, SCHEMA_PRIVILEGES, TABLE_PRIVILEGES, COLUMN_PRIVILEGES tables
sql/sql_yacc.yy
1.385 05/06/01 17:27:32 gluh@stripped +2 -16
Fix for bug#10964: Information Schema:Authorization check on privilege tables is improper
sql/sql_acl.cc
1.154 05/06/01 17:27:32 gluh@stripped +73 -1
Fix for bug#10964: Information Schema:Authorization check on privilege tables is improper
sql/mysql_priv.h
1.305 05/06/01 17:27:32 gluh@stripped +3 -0
Fix for bug#10964: Information Schema:Authorization check on privilege tables is improper
mysql-test/t/information_schema.test
1.37 05/06/01 17:27:32 gluh@stripped +48 -0
Fix for bug#10964: Information Schema:Authorization check on privilege tables is improper
mysql-test/r/information_schema.result
1.54 05/06/01 17:27:31 gluh@stripped +74 -0
Fix for bug#10964: Information Schema:Authorization check on privilege tables is improper
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: gluh
# Host: eagle.intranet.mysql.r18.ru
# Root: /home/gluh/MySQL/Bugs/5.0.10964
--- 1.304/sql/mysql_priv.h Tue May 31 15:07:08 2005
+++ 1.305/sql/mysql_priv.h Wed Jun 1 17:27:32 2005
@@ -379,6 +379,8 @@
#define STRING_BUFFER_USUAL_SIZE 80
+const LEX_STRING null_lex_str={0,0};
+
enum enum_parsing_place
{
NO_MATTER,
@@ -600,6 +602,7 @@
bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
bool no_errors);
bool check_global_access(THD *thd, ulong want_access);
+void get_curr_user(THD *thd, LEX_USER *curr_user);
bool mysql_backup_table(THD* thd, TABLE_LIST* table_list);
bool mysql_restore_table(THD* thd, TABLE_LIST* table_list);
--- 1.153/sql/sql_acl.cc Wed May 18 21:00:15 2005
+++ 1.154/sql/sql_acl.cc Wed Jun 1 17:27:32 2005
@@ -5400,16 +5400,45 @@
}
+/*
+ Return current user
+
+ SYNOPSIS
+ get_curr_user()
+ thd thread handler
+ curr_user pointer to LEX_USER structure
+*/
+
+void get_curr_user(THD *thd, LEX_USER *curr_user)
+{
+ curr_user->user.str= thd->priv_user;
+ curr_user->user.length= strlen(thd->priv_user);
+ if (*thd->priv_host != 0)
+ {
+ curr_user->host.str= thd->priv_host;
+ curr_user->host.length= strlen(thd->priv_host);
+ }
+ else
+ {
+ curr_user->host.str= (char *) "%";
+ curr_user->host.length= 1;
+ }
+ curr_user->password= null_lex_str;
+}
+
+
int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
uint counter;
ACL_USER *acl_user;
ulong want_access;
-
char buff[100];
TABLE *table= tables->table;
+ LEX_USER curr_user;
+ bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
DBUG_ENTER("fill_schema_user_privileges");
+
for (counter=0 ; counter < acl_users.elements ; counter++)
{
const char *user,*host, *is_grantable="YES";
@@ -5418,6 +5447,15 @@
user= "";
if (!(host=acl_user->host.hostname))
host= "";
+
+ if (no_global_access)
+ {
+ get_curr_user(thd, &curr_user);
+ if (strcmp(curr_user.user.str, user) ||
+ my_strcasecmp(system_charset_info, curr_user.host.str, host))
+ continue;
+ }
+
want_access= acl_user->access;
if (!(want_access & GRANT_ACL))
is_grantable= "NO";
@@ -5453,6 +5491,8 @@
ulong want_access;
char buff[100];
TABLE *table= tables->table;
+ LEX_USER curr_user;
+ bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
DBUG_ENTER("fill_schema_schema_privileges");
for (counter=0 ; counter < acl_dbs.elements ; counter++)
@@ -5465,6 +5505,14 @@
if (!(host=acl_db->host.hostname))
host= "";
+ if (no_global_access)
+ {
+ get_curr_user(thd, &curr_user);
+ if (strcmp(curr_user.user.str, user) ||
+ my_strcasecmp(system_charset_info, curr_user.host.str, host))
+ continue;
+ }
+
want_access=acl_db->access;
if (want_access)
{
@@ -5501,6 +5549,8 @@
uint index;
char buff[100];
TABLE *table= tables->table;
+ LEX_USER curr_user;
+ bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
DBUG_ENTER("fill_schema_table_privileges");
for (index=0 ; index < column_priv_hash.records ; index++)
@@ -5510,6 +5560,16 @@
index);
if (!(user=grant_table->user))
user= "";
+
+ if (no_global_access)
+ {
+ get_curr_user(thd, &curr_user);
+ if (strcmp(curr_user.user.str, user) ||
+ my_strcasecmp(system_charset_info, curr_user.host.str,
+ grant_table->host.hostname))
+ continue;
+ }
+
ulong table_access= grant_table->privs;
if (table_access)
{
@@ -5554,6 +5614,8 @@
uint index;
char buff[100];
TABLE *table= tables->table;
+ LEX_USER curr_user;
+ bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1);
DBUG_ENTER("fill_schema_table_privileges");
for (index=0 ; index < column_priv_hash.records ; index++)
@@ -5563,6 +5625,16 @@
index);
if (!(user=grant_table->user))
user= "";
+
+ if (no_global_access)
+ {
+ get_curr_user(thd, &curr_user);
+ if (strcmp(curr_user.user.str, user) ||
+ my_strcasecmp(system_charset_info, curr_user.host.str,
+ grant_table->host.hostname))
+ continue;
+ }
+
ulong table_access= grant_table->cols;
if (table_access != 0)
{
--- 1.384/sql/sql_yacc.yy Mon May 30 14:06:22 2005
+++ 1.385/sql/sql_yacc.yy Wed Jun 1 17:27:32 2005
@@ -43,8 +43,6 @@
int yylex(void *yylval, void *yythd);
-const LEX_STRING null_lex_str={0,0};
-
#define yyoverflow(A,B,C,D,E,F) {ulong val= *(F); if(my_yyoverflow((B), (D), &val)) { yyerror((char*) (A)); return 2; } else { *(F)= (YYSIZE_T)val; }}
#define WARN_DEPRECATED(A,B) \
@@ -6311,20 +6309,8 @@
LEX_USER *curr_user;
if (!(curr_user= (LEX_USER*) thd->alloc(sizeof(st_lex_user))))
YYABORT;
- curr_user->user.str= thd->priv_user;
- curr_user->user.length= strlen(thd->priv_user);
- if (*thd->priv_host != 0)
- {
- curr_user->host.str= thd->priv_host;
- curr_user->host.length= strlen(thd->priv_host);
- }
- else
- {
- curr_user->host.str= (char *) "%";
- curr_user->host.length= 1;
- }
- curr_user->password=null_lex_str;
- lex->grant_user= curr_user;
+ get_curr_user(thd, curr_user);
+ lex->grant_user= curr_user;
}
| GRANTS FOR_SYM user
{
--- 1.53/mysql-test/r/information_schema.result Tue May 31 13:15:18 2005
+++ 1.54/mysql-test/r/information_schema.result Wed Jun 1 17:27:31 2005
@@ -752,3 +752,77 @@
table_schema count(*)
information_schema 15
mysql 17
+create database mysqltest;
+create table mysqltest.t1 (f1 int, f2 int);
+create table mysqltest.t2 (f1 int);
+grant select (f1) on mysqltest.t1 to user1@localhost;
+grant select on mysqltest.t2 to user2@localhost;
+grant select on mysqltest.* to user3@localhost;
+grant select on *.* to user4@localhost;
+select * from information_schema.column_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE
+'user1'@'localhost' NULL mysqltest t1 f1 SELECT NO
+select * from information_schema.table_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
+select * from information_schema.schema_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
+select * from information_schema.user_privileges;
+GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
+'user1'@'localhost' NULL USAGE NO
+show grants;
+Grants for user1@localhost
+GRANT USAGE ON *.* TO 'user1'@'localhost'
+GRANT SELECT (f1) ON `mysqltest`.`t1` TO 'user1'@'localhost'
+select * from information_schema.column_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE
+select * from information_schema.table_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
+'user2'@'localhost' NULL mysqltest t2 SELECT NO
+select * from information_schema.schema_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
+select * from information_schema.user_privileges;
+GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
+'user2'@'localhost' NULL USAGE NO
+show grants;
+Grants for user2@localhost
+GRANT USAGE ON *.* TO 'user2'@'localhost'
+GRANT SELECT ON `mysqltest`.`t2` TO 'user2'@'localhost'
+select * from information_schema.column_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE
+select * from information_schema.table_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
+select * from information_schema.schema_privileges;
+GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
+'user3'@'localhost' NULL mysqltest SELECT NO
+select * from information_schema.user_privileges;
+GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
+'user3'@'localhost' NULL USAGE NO
+show grants;
+Grants for user3@localhost
+GRANT USAGE ON *.* TO 'user3'@'localhost'
+GRANT SELECT ON `mysqltest`.* TO 'user3'@'localhost'
+select * from information_schema.column_privileges where grantee like '%user%';
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE
+'user1'@'localhost' NULL mysqltest t1 f1 SELECT NO
+select * from information_schema.table_privileges where grantee like '%user%';
+GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
+'user2'@'localhost' NULL mysqltest t2 SELECT NO
+select * from information_schema.schema_privileges where grantee like '%user%';
+GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
+'user3'@'localhost' NULL mysqltest SELECT NO
+select * from information_schema.user_privileges where grantee like '%user%';
+GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
+'user1'@'localhost' NULL USAGE NO
+'user2'@'localhost' NULL USAGE NO
+'user3'@'localhost' NULL USAGE NO
+'user4'@'localhost' NULL SELECT NO
+show grants;
+Grants for user4@localhost
+GRANT SELECT ON *.* TO 'user4'@'localhost'
+delete from mysql.user where user='user4' or user='user3' or user='user2' or user='user1';
+delete from mysql.db where user='user4' or user='user3' or user='user2' or user='user1';
+delete from mysql.tables_priv where user='user4' or user='user3' or user='user2' or user='user1';
+delete from mysql.columns_priv where user='user4' or user='user3' or user='user2' or user='user1';
+flush privileges;
+use test;
+drop database mysqltest;
--- 1.36/mysql-test/t/information_schema.test Mon May 9 22:21:39 2005
+++ 1.37/mysql-test/t/information_schema.test Wed Jun 1 17:27:32 2005
@@ -493,3 +493,51 @@
#
SELECT table_schema, count(*) FROM information_schema.TABLES GROUP BY TABLE_SCHEMA;
+#
+# Bug #10964 Information Schema:Authorization check on privilege tables is improper
+#
+
+create database mysqltest;
+create table mysqltest.t1 (f1 int, f2 int);
+create table mysqltest.t2 (f1 int);
+grant select (f1) on mysqltest.t1 to user1@localhost;
+grant select on mysqltest.t2 to user2@localhost;
+grant select on mysqltest.* to user3@localhost;
+grant select on *.* to user4@localhost;
+
+connect (con1,localhost,user1,,);
+connect (con2,localhost,user2,,);
+connect (con3,localhost,user3,,);
+connect (con4,localhost,user4,,);
+connection con1;
+select * from information_schema.column_privileges;
+select * from information_schema.table_privileges;
+select * from information_schema.schema_privileges;
+select * from information_schema.user_privileges;
+show grants;
+connection con2;
+select * from information_schema.column_privileges;
+select * from information_schema.table_privileges;
+select * from information_schema.schema_privileges;
+select * from information_schema.user_privileges;
+show grants;
+connection con3;
+select * from information_schema.column_privileges;
+select * from information_schema.table_privileges;
+select * from information_schema.schema_privileges;
+select * from information_schema.user_privileges;
+show grants;
+connection con4;
+select * from information_schema.column_privileges where grantee like '%user%';
+select * from information_schema.table_privileges where grantee like '%user%';
+select * from information_schema.schema_privileges where grantee like '%user%';
+select * from information_schema.user_privileges where grantee like '%user%';
+show grants;
+connection default;
+delete from mysql.user where user='user4' or user='user3' or user='user2' or user='user1';
+delete from mysql.db where user='user4' or user='user3' or user='user2' or user='user1';
+delete from mysql.tables_priv where user='user4' or user='user3' or user='user2' or user='user1';
+delete from mysql.columns_priv where user='user4' or user='user3' or user='user2' or user='user1';
+flush privileges;
+use test;
+drop database mysqltest;
| Thread |
|---|
| • bk commit into 5.0 tree (gluh:1.1941) BUG#10964 | gluh | 1 Jun |
