#At file:///media/sdb2/hezx/work/mysql/bzrwork/b34227/6.0-rpl/
2834 He Zhenxing 2009-03-26
BUG#34227 Replication permission error message is misleading
When multiple privileges are checked via check_global_access(),
and any of them is sufficient, change the privileges separator
from ',' to '|' in the error message to make it clear that any
(not all) of the privileges listed is sufficient to grant the
access.
modified:
mysql-test/r/mysqldump.result
sql/sp_head.cc
sql/sql_acl.cc
sql/sql_acl.h
sql/sql_parse.cc
=== modified file 'mysql-test/r/mysqldump.result'
--- a/mysql-test/r/mysqldump.result 2009-03-12 16:18:40 +0000
+++ b/mysql-test/r/mysqldump.result 2009-03-26 06:34:23 +0000
@@ -3558,8 +3558,8 @@ reset master;
mysqldump: Couldn't execute 'FLUSH /*!40101 LOCAL */ TABLES': Access denied; you need the RELOAD privilege for this operation (1227)
mysqldump: Couldn't execute 'FLUSH /*!40101 LOCAL */ TABLES': Access denied; you need the RELOAD privilege for this operation (1227)
grant RELOAD on *.* to mysqltest_1@localhost;
-mysqldump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need the SUPER,REPLICATION CLIENT privilege for this operation (1227)
-mysqldump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need the SUPER,REPLICATION CLIENT privilege for this operation (1227)
+mysqldump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need the SUPER|REPLICATION CLIENT privilege for this operation (1227)
+mysqldump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need the SUPER|REPLICATION CLIENT privilege for this operation (1227)
grant REPLICATION CLIENT on *.* to mysqltest_1@localhost;
drop table t1;
drop user mysqltest_1@localhost;
=== modified file 'sql/sp_head.cc'
--- a/sql/sp_head.cc 2009-03-04 13:33:47 +0000
+++ b/sql/sp_head.cc 2009-03-26 06:34:23 +0000
@@ -1517,7 +1517,7 @@ sp_head::execute_trigger(THD *thd,
if (!(grant_info->privilege & TRIGGER_ACL))
{
char priv_desc[128];
- get_privilege_desc(priv_desc, sizeof(priv_desc), TRIGGER_ACL);
+ get_privilege_desc(priv_desc, sizeof(priv_desc), TRIGGER_ACL, FALSE);
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0), priv_desc,
thd->security_ctx->priv_user, thd->security_ctx->host_or_ip,
=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc 2009-03-09 12:17:41 +0000
+++ b/sql/sql_acl.cc 2009-03-26 06:34:23 +0000
@@ -3003,7 +3003,7 @@ int mysql_table_grant(THD *thd, TABLE_LI
{
char command[128];
get_privilege_desc(command, sizeof(command),
- table_list->grant.want_privilege);
+ table_list->grant.want_privilege, FALSE);
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
command, thd->security_ctx->priv_user,
thd->security_ctx->host_or_ip, table_list->alias);
@@ -3978,7 +3978,7 @@ err:
if (!no_errors) // Not a silent skip of table
{
char command[128];
- get_privilege_desc(command, sizeof(command), want_access);
+ get_privilege_desc(command, sizeof(command), want_access, FALSE);
my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
command,
sctx->priv_user,
@@ -4134,7 +4134,7 @@ bool check_grant_column(THD *thd, GRANT_
err:
rw_unlock(&LOCK_grant);
char command[128];
- get_privilege_desc(command, sizeof(command), want_access);
+ get_privilege_desc(command, sizeof(command), want_access, FALSE);
my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0),
command,
sctx->priv_user,
@@ -4296,7 +4296,7 @@ err:
rw_unlock(&LOCK_grant);
char command[128];
- get_privilege_desc(command, sizeof(command), want_access);
+ get_privilege_desc(command, sizeof(command), want_access, FALSE);
/*
Do not give an error message listing a column name unless the user has
privilege to see all columns.
@@ -5048,16 +5048,25 @@ static int show_routine_grants(THD* thd,
return error;
}
-/*
+/**
Make a clear-text version of the requested privilege.
+
+ @param to pointer to the buffer
+ @param max_length max length of the description message allowed
+ @param access privileges to check for access
+ @param any if TRUE, any of the privileges is sufficient,
+ if FALSE, all privileges are required
*/
-void get_privilege_desc(char *to, uint max_length, ulong access)
+void get_privilege_desc(char *to, uint max_length, ulong access, bool any)
{
uint pos;
char *start=to;
+ char sep=',';
DBUG_ASSERT(max_length >= 30); // For end ',' removal
+ if (any)
+ sep= '|';
if (access)
{
max_length--; // Reserve place for end-zero
@@ -5067,7 +5076,7 @@ void get_privilege_desc(char *to, uint m
command_lengths[pos] + (uint) (to-start) < max_length)
{
to= strmov(to, command_array[pos]);
- *to++=',';
+ *to++= sep;
}
}
to--; // Remove end ','
=== modified file 'sql/sql_acl.h'
--- a/sql/sql_acl.h 2008-08-18 05:43:50 +0000
+++ b/sql/sql_acl.h 2009-03-26 06:34:23 +0000
@@ -256,7 +256,7 @@ ulong get_column_grant(THD *thd, GRANT_I
const char *db_name, const char *table_name,
const char *field_name);
bool mysql_show_grants(THD *thd, LEX_USER *user);
-void get_privilege_desc(char *to, uint max_length, ulong access);
+void get_privilege_desc(char *to, uint max_length, ulong access, bool any);
void get_mqh(const char *user, const char *host, USER_CONN *uc);
bool mysql_create_user(THD *thd, List <LEX_USER> &list);
bool mysql_drop_user(THD *thd, List <LEX_USER> &list);
=== modified file 'sql/sql_parse.cc'
--- a/sql/sql_parse.cc 2009-03-23 12:46:20 +0000
+++ b/sql/sql_parse.cc 2009-03-26 06:34:23 +0000
@@ -5359,7 +5359,7 @@ bool check_global_access(THD *thd, ulong
char command[128];
if ((thd->security_ctx->master_access & want_access))
return 0;
- get_privilege_desc(command, sizeof(command), want_access);
+ get_privilege_desc(command, sizeof(command), want_access, TRUE);
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), command);
return 1;
#else
| Thread |
|---|
| • bzr commit into mysql-6.0-rpl branch (zhenxing.he:2834) Bug#34227 | He Zhenxing | 26 Mar |
