diff options
| author | unknown <dlenev@brandersnatch.localdomain> | 2004-10-20 16:04:43 +0400 |
|---|---|---|
| committer | unknown <dlenev@brandersnatch.localdomain> | 2004-10-20 16:04:43 +0400 |
| commit | b88150c96edf457099922a7e0a11831160bc5a67 (patch) | |
| tree | cc5a947dac611d8db606dd3485b05f87a26b8bcd /mysql-test/t/grant2.test | |
| parent | f125849dd1fa2b7eaca3aea5f84d7d79fb201ec2 (diff) | |
| download | mariadb-git-b88150c96edf457099922a7e0a11831160bc5a67.tar.gz | |
Fix for bug #6173 "One can circumvent missing UPDATE privilege if
he has SELECT and INSERT privileges for table with primary key"
Now we set lex->duplicates= DUP_UPDATE right in parser if INSERT has
ON DUPLICATE KEY UPDATE clause, this simplifies insert_precheck()
function (this also fixes a bug) and some other code.
mysql-test/r/grant2.result:
Added test for bug #6173 "One can circumvent missing UPDATE privilege if
he has SELECT and INSERT privileges for table with primary key"
mysql-test/t/grant2.test:
Added test for bug #6173 "One can circumvent missing UPDATE privilege if
he has SELECT and INSERT privileges for table with primary key"
sql/mysql_priv.h:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause.
sql/sql_parse.cc:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause, so it can determine whenever it is needed to
require UPDATE_ACL by itself. Also calling of mysql_insert() is
simplified.
sql/sql_prepare.cc:
insert_precheck() don't need "update" parameter any longer since
now we set lex->duplicates to DUP_UPDATE if INSERT has ON DUPLICATE
KEY UPDATE clause, so it can determine whenever it is needed to
require UPDATE_ACL by itself. Also calling of mysql_insert() is
simplified.
sql/sql_yacc.yy:
It is better to set Lex->duplicates= DUP_UPDATE right in parser if we
have INSERT with ON DUPLICATE KEY UPDATE clause, rather doing this later.
Diffstat (limited to 'mysql-test/t/grant2.test')
| -rw-r--r-- | mysql-test/t/grant2.test | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/mysql-test/t/grant2.test b/mysql-test/t/grant2.test index 3a9afa7453b..f86be0c95b9 100644 --- a/mysql-test/t/grant2.test +++ b/mysql-test/t/grant2.test @@ -6,13 +6,21 @@ SET NAMES binary; # +# prepare playground before tests +--disable_warnings +drop database if exists mysqltest; +--enable_warnings +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +delete from mysql.tables_priv where user like 'mysqltest\_%'; +delete from mysql.columns_priv where user like 'mysqltest\_%'; +flush privileges; + + # # wild_compare fun # -delete from mysql.user where user like 'mysqltest\_%'; -delete from mysql.db where user like 'mysqltest\_%'; -flush privileges; grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option; connect (user1,localhost,mysqltest_1,,); connection user1; @@ -31,3 +39,33 @@ delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; flush privileges; + +# +# Bug #6173: One can circumvent missing UPDATE privilege if he has SELECT +# and INSERT privilege for table with primary key +# +create database mysqltest; +grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost; +flush privileges; +use mysqltest; +create table t1 (id int primary key, data varchar(255)); + +connect (mrbad, localhost, mysqltest_1,,); +connection mrbad; +show grants for current_user(); +use mysqltest; +insert into t1 values (1, 'I can''t change it!'); +--error 1044 +update t1 set data='I can change it!' where id = 1; +# This should not be allowed since it too require UPDATE privilege. +--error 1044 +insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!'; +select * from t1; + +connection default; +drop table t1; +drop database mysqltest; +use test; +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +flush privileges; |