summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOleksandr Byelkin <sanja@mariadb.com>2019-06-08 17:36:52 +0200
committerOleksandr Byelkin <sanja@mariadb.com>2019-06-19 10:19:17 +0200
commitd1fa6ba845aeaae5e4d8165bd6d7aeeb75d919b6 (patch)
tree94644b9b3ae5af93bc67aed30d2ac24be25003ab
parent65e0c9b91b46e2dfb4388c8c5c1bc76dd9f8fbd8 (diff)
downloadmariadb-git-d1fa6ba845aeaae5e4d8165bd6d7aeeb75d919b6.tar.gz
MDEV-18328: Make DISKS plugin check some privilege to access information_schema.DISKS table
Check FILE privelege.
-rw-r--r--plugin/disks/information_schema_disks.cc10
-rw-r--r--plugin/disks/mysql-test/disks/disks_notembedded.result15
-rw-r--r--plugin/disks/mysql-test/disks/disks_notembedded.test25
3 files changed, 47 insertions, 3 deletions
diff --git a/plugin/disks/information_schema_disks.cc b/plugin/disks/information_schema_disks.cc
index 7f7f4f06711..c4b558ba107 100644
--- a/plugin/disks/information_schema_disks.cc
+++ b/plugin/disks/information_schema_disks.cc
@@ -19,6 +19,7 @@
#include <mntent.h>
#include <sql_class.h>
#include <table.h>
+#include <sql_acl.h> /* check_global_access() */
bool schema_table_store_record(THD *thd, TABLE *table);
@@ -83,6 +84,9 @@ int disks_fill_table(THD* pThd, TABLE_LIST* pTables, Item* pCond)
int rv = 1;
TABLE* pTable = pTables->table;
+ if (check_global_access(pThd, FILE_ACL, true))
+ return 0;
+
FILE* pFile = setmntent("/etc/mtab", "r");
if (pFile)
@@ -144,11 +148,11 @@ maria_declare_plugin(disks)
PLUGIN_LICENSE_GPL, /* license type */
disks_table_init, /* init function */
NULL, /* deinit function */
- 0x0100, /* version = 1.0 */
+ 0x0101, /* version = 1.1 */
NULL, /* no status variables */
NULL, /* no system variables */
- "1.0", /* String version representation */
- MariaDB_PLUGIN_MATURITY_BETA /* Maturity (see include/mysql/plugin.h)*/
+ "1.1", /* String version representation */
+ MariaDB_PLUGIN_MATURITY_STABLE /* Maturity (see include/mysql/plugin.h)*/
}
mysql_declare_plugin_end;
diff --git a/plugin/disks/mysql-test/disks/disks_notembedded.result b/plugin/disks/mysql-test/disks/disks_notembedded.result
new file mode 100644
index 00000000000..f0f9e46aaca
--- /dev/null
+++ b/plugin/disks/mysql-test/disks/disks_notembedded.result
@@ -0,0 +1,15 @@
+#
+# MDEV-18328: Make DISKS plugin check some privilege to access
+# information_schema.DISKS table
+#
+CREATE USER user1@localhost;
+GRANT SELECT ON *.* TO user1@localhost;
+select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+sum(Total) > sum(Available) sum(Total)>sum(Used)
+NULL NULL
+GRANT FILE ON *.* TO user1@localhost;
+select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+sum(Total) > sum(Available) sum(Total)>sum(Used)
+1 1
+DROP USER user1@localhost;
+# End of 10.1 tests
diff --git a/plugin/disks/mysql-test/disks/disks_notembedded.test b/plugin/disks/mysql-test/disks/disks_notembedded.test
new file mode 100644
index 00000000000..a0f6c2e5887
--- /dev/null
+++ b/plugin/disks/mysql-test/disks/disks_notembedded.test
@@ -0,0 +1,25 @@
+source include/not_embedded.inc;
+
+--echo #
+--echo # MDEV-18328: Make DISKS plugin check some privilege to access
+--echo # information_schema.DISKS table
+--echo #
+
+CREATE USER user1@localhost;
+GRANT SELECT ON *.* TO user1@localhost;
+
+connect (con1,localhost,user1,,);
+connection con1;
+select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+disconnect con1;
+
+connection default;
+GRANT FILE ON *.* TO user1@localhost;
+
+connect (con1,localhost,user1,,);
+connection con1;
+select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+connection default;
+DROP USER user1@localhost;
+
+--echo # End of 10.1 tests