diff options
author | Sergei Golubchik <serg@mariadb.org> | 2022-10-06 19:09:44 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2022-10-07 14:41:03 +0200 |
commit | 3fe55fa8be9bdfbaefc69e0cd7dea12833fe9cbb (patch) | |
tree | ee021c1486e3c91d2e442e1d84d9e9106428128b | |
parent | 1d35ec1ae1d1ea27d4b352f54fe5a3e720851e83 (diff) | |
download | mariadb-git-3fe55fa8be9bdfbaefc69e0cd7dea12833fe9cbb.tar.gz |
CREATE ... VALUES ... didn't require INSERT privilege
-rw-r--r-- | mysql-test/main/grant3.result | 19 | ||||
-rw-r--r-- | mysql-test/main/grant3.test | 20 | ||||
-rw-r--r-- | sql/sql_parse.cc | 8 |
3 files changed, 42 insertions, 5 deletions
diff --git a/mysql-test/main/grant3.result b/mysql-test/main/grant3.result index 63e343aaf4d..cd686e19a9b 100644 --- a/mysql-test/main/grant3.result +++ b/mysql-test/main/grant3.result @@ -195,4 +195,21 @@ connection default; DROP USER 'user2'@'%'; DROP DATABASE temp; set global sql_mode=default; -End of 5.0 tests +# +# End of 5.0 tests +# +create database db1; +create user foo@localhost; +grant create on db1.* to foo@localhost; +connect foo,localhost,foo; +create temporary table t as values (1),(2),(3); +use db1; +create table t1 as select * from test.t; +ERROR 42000: INSERT command denied to user 'foo'@'localhost' for table `db1`.`t1` +create table t1 as values (1),(2),(3); +ERROR 42000: INSERT command denied to user 'foo'@'localhost' for table `db1`.`t1` +create table t1 (a int); +disconnect foo; +connection default; +drop user foo@localhost; +drop database db1; diff --git a/mysql-test/main/grant3.test b/mysql-test/main/grant3.test index 27f565916f7..67c185bcccd 100644 --- a/mysql-test/main/grant3.test +++ b/mysql-test/main/grant3.test @@ -207,7 +207,25 @@ DROP USER 'user2'@'%'; DROP DATABASE temp; set global sql_mode=default; ---echo End of 5.0 tests +--echo # +--echo # End of 5.0 tests +--echo # + +create database db1; +create user foo@localhost; +grant create on db1.* to foo@localhost; +connect foo,localhost,foo; +create temporary table t as values (1),(2),(3); +use db1; +--error ER_TABLEACCESS_DENIED_ERROR +create table t1 as select * from test.t; +--error ER_TABLEACCESS_DENIED_ERROR +create table t1 as values (1),(2),(3); +create table t1 (a int); +disconnect foo; +connection default; +drop user foo@localhost; +drop database db1; # Wait till we reached the initial number of concurrent sessions --source include/wait_until_count_sessions.inc diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 471d93d97f6..57d7f93eacc 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -9857,7 +9857,7 @@ bool create_table_precheck(THD *thd, TABLE_LIST *tables, { LEX *lex= thd->lex; SELECT_LEX *select_lex= lex->first_select_lex(); - ulong want_priv; + ulong want_priv= CREATE_ACL; bool error= TRUE; // Error message is given DBUG_ENTER("create_table_precheck"); @@ -9866,8 +9866,10 @@ bool create_table_precheck(THD *thd, TABLE_LIST *tables, CREATE TABLE ... SELECT, also require INSERT. */ - want_priv= lex->tmp_table() ? CREATE_TMP_ACL : - (CREATE_ACL | (select_lex->item_list.elements ? INSERT_ACL : 0)); + if (lex->tmp_table()) + want_priv= CREATE_TMP_ACL; + else if (select_lex->item_list.elements || select_lex->tvc) + want_priv= INSERT_ACL; /* CREATE OR REPLACE on not temporary tables require DROP_ACL */ if (lex->create_info.or_replace() && !lex->tmp_table()) |