Bug #23675 Partitions: possible security breach via alter

now we return different error message if user doesn't have
SELECT grants


mysql-test/r/partition_grant.result:
  test result
mysql-test/t/partition_grant.test:
  testcase
sql/mysql_priv.h:
  no_errors parameter added to check_single_table_access()
sql/partition_info.cc:
  access rights control added to the print_no_partition()
sql/share/errmsg.txt:
  message added
sql/sql_base.cc:
  no_errors parameter added to check_single_table_access()
sql/sql_parse.cc:
  no_errors parameter added to check_single_table_access()

7 files changed, 63 insertions, 16 deletions

diff --git a/mysql-test/r/partition_grant.result b/mysql-test/r/partition_grant.result
index e88427e5396..c334a473a2a 100644
--- a/mysql-test/r/partition_grant.result
+++ b/mysql-test/r/partition_grant.result
@@ -19,7 +19,16 @@ revoke alter on mysqltest_1.* from mysqltest_1@localhost;
 alter table t1 drop partition p3;
 ERROR 42000: ALTER command denied to user 'mysqltest_1'@'localhost' for table 't1'
 revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
-drop user mysqltest_1@localhost;
 drop table t1;
+create table t1 (s1 int);
+insert into t1 values (1);
+grant alter on mysqltest_1.* to mysqltest_1@localhost;
+alter table t1 partition by list (s1) (partition p1 values in (2));
+ERROR HY000: Table has no partition for some existing values
+grant select, alter on mysqltest_1.* to mysqltest_1@localhost;
+alter table t1 partition by list (s1) (partition p1 values in (2));
+ERROR HY000: Table has no partition for value 1
+drop table t1;
+drop user mysqltest_1@localhost;
 drop schema mysqltest_1;
 End of 5.1 tests
diff --git a/mysql-test/t/partition_grant.test b/mysql-test/t/partition_grant.test
index ee7c71b497a..0d30ad01c7a 100644
--- a/mysql-test/t/partition_grant.test
+++ b/mysql-test/t/partition_grant.test
@@ -52,8 +52,30 @@ disconnect conn3;
 connection default;
 
 revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
-drop user mysqltest_1@localhost;
 drop table t1;
+
+#
+# Bug #23675 Partitions: possible security breach via alter 
+#
+
+create table t1 (s1 int);
+insert into t1 values (1);
+grant alter on mysqltest_1.* to mysqltest_1@localhost;
+connect (conn4,localhost,mysqltest_1,,mysqltest_1);
+connection conn4;
+--error 1514
+alter table t1 partition by list (s1) (partition p1 values in (2));
+connection default;
+grant select, alter on mysqltest_1.* to mysqltest_1@localhost;
+disconnect conn4;
+connect (conn5,localhost,mysqltest_1,,mysqltest_1);
+--error 1514
+alter table t1 partition by list (s1) (partition p1 values in (2));
+disconnect conn5;
+connection default;
+drop table t1;
+
+drop user mysqltest_1@localhost;
 drop schema mysqltest_1;
 
 --echo End of 5.1 tests
diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h
index 099c9b98c1f..1fa92c00b1e 100644
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -598,7 +598,7 @@ class THD;
 void close_thread_tables(THD *thd, bool locked=0, bool skip_derived=0);
 bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *tables);
 bool check_single_table_access(THD *thd, ulong privilege,
-			   TABLE_LIST *tables);
+			   TABLE_LIST *tables, bool no_errors);
 bool check_routine_access(THD *thd,ulong want_access,char *db,char *name,
 			  bool is_proc, bool no_errors);
 bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);
diff --git a/sql/partition_info.cc b/sql/partition_info.cc
index a7f9bd413c6..98c2e5432ab 100644
--- a/sql/partition_info.cc
+++ b/sql/partition_info.cc
@@ -849,15 +849,27 @@ void partition_info::print_no_partition_found(TABLE *table)
 {
   char buf[100];
   char *buf_ptr= (char*)&buf;
-  my_bitmap_map *old_map= dbug_tmp_use_all_columns(table, table->read_set);
+  TABLE_LIST table_list;
 
-  if (part_expr->null_value)
-    buf_ptr= (char*)"NULL";
+  bzero(&table_list, sizeof(table_list));
+  table_list.db= table->s->db.str;
+  table_list.table_name= table->s->table_name.str;
+
+  if (check_single_table_access(current_thd,
+                                SELECT_ACL, &table_list, TRUE))
+    my_message(ER_NO_PARTITION_FOR_GIVEN_VALUE,
+               ER(ER_NO_PARTITION_FOR_GIVEN_VALUE_SILENT), MYF(0));
   else
-    longlong2str(err_value, buf,
-                 part_expr->unsigned_flag ? 10 : -10);
-  my_error(ER_NO_PARTITION_FOR_GIVEN_VALUE, MYF(0), buf_ptr);
-  dbug_tmp_restore_column_map(table->read_set, old_map);
+  {
+    my_bitmap_map *old_map= dbug_tmp_use_all_columns(table, table->read_set);
+    if (part_expr->null_value)
+      buf_ptr= (char*)"NULL";
+    else
+      longlong2str(err_value, buf,
+                   part_expr->unsigned_flag ? 10 : -10);
+    my_error(ER_NO_PARTITION_FOR_GIVEN_VALUE, MYF(0), buf_ptr);
+    dbug_tmp_restore_column_map(table->read_set, old_map);
+  }
 }
 /*
   Set up buffers and arrays for fields requiring preparation
diff --git a/sql/share/errmsg.txt b/sql/share/errmsg.txt
index 1d9c7c814fd..38b27b0b5df 100644
--- a/sql/share/errmsg.txt
+++ b/sql/share/errmsg.txt
@@ -6053,3 +6053,5 @@ ER_DUP_ENTRY_WITH_KEY_NAME 23000 S1009
 ER_BINLOG_PURGE_EMFILE
         eng "Too many files opened, please execute the command again"
         ger "Zu viele offene Dateien, bitte führen Sie den Befehl noch einmal aus"
+ER_NO_PARTITION_FOR_GIVEN_VALUE_SILENT
+        eng "Table has no partition for some existing values"
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index d4316f11491..06207492926 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -5781,7 +5781,7 @@ bool setup_tables_and_check_access(THD *thd,
   {
     if (leaves_tmp->belong_to_view && 
         check_single_table_access(thd, first_table ? want_access_first :
-                                  want_access,  leaves_tmp))
+                                  want_access, leaves_tmp, FALSE))
     {
       tables->hide_view_error(thd);
       return TRUE;
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index a396231b8a8..9c921286184 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -4433,6 +4433,8 @@ static bool execute_sqlcom_select(THD *thd, TABLE_LIST *all_tables)
     thd			Thread handler
     privilege		requested privilege
     all_tables		global table list of query
+    no_errors           FALSE/TRUE - report/don't report error to
+                            the client (using my_error() call).
 
   RETURN
     0 - OK
@@ -4440,7 +4442,7 @@ static bool execute_sqlcom_select(THD *thd, TABLE_LIST *all_tables)
 */
 
 bool check_single_table_access(THD *thd, ulong privilege, 
-                               TABLE_LIST *all_tables)
+                               TABLE_LIST *all_tables, bool no_errors)
 {
   Security_context * backup_ctx= thd->security_ctx;
 
@@ -4456,12 +4458,12 @@ bool check_single_table_access(THD *thd, ulong privilege,
     db_name= all_tables->db;
 
   if (check_access(thd, privilege, db_name,
-		   &all_tables->grant.privilege, 0, 0,
+		   &all_tables->grant.privilege, 0, no_errors,
                    test(all_tables->schema_table)))
     goto deny;
 
   /* Show only 1 table for check_grant */
-  if (grant_option && check_grant(thd, privilege, all_tables, 0, 1, 0))
+  if (grant_option && check_grant(thd, privilege, all_tables, 0, 1, no_errors))
     goto deny;
 
   thd->security_ctx= backup_ctx;
@@ -4489,7 +4491,7 @@ deny:
 
 bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
 {
-  if (check_single_table_access (thd,privilege,all_tables))
+  if (check_single_table_access (thd,privilege,all_tables, FALSE))
     return 1;
 
   /* Check rights on tables of subselects and implictly opened tables */
@@ -4502,7 +4504,7 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
     */
     if (view && subselects_tables->belong_to_view == view)
     {
-      if (check_single_table_access (thd, privilege, subselects_tables))
+      if (check_single_table_access (thd, privilege, subselects_tables, FALSE))
         return 1;
       subselects_tables= subselects_tables->next_global;
     }