diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2019-06-08 17:36:52 +0200 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2019-06-19 10:19:17 +0200 |
| commit | d1fa6ba845aeaae5e4d8165bd6d7aeeb75d919b6 (patch) | |
| tree | 94644b9b3ae5af93bc67aed30d2ac24be25003ab /plugin | |
| parent | 65e0c9b91b46e2dfb4388c8c5c1bc76dd9f8fbd8 (diff) | |
| download | mariadb-git-d1fa6ba845aeaae5e4d8165bd6d7aeeb75d919b6.tar.gz | |
MDEV-18328: Make DISKS plugin check some privilege to access information_schema.DISKS table
Check FILE privelege.
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/disks/information_schema_disks.cc | 10 | ||||
| -rw-r--r-- | plugin/disks/mysql-test/disks/disks_notembedded.result | 15 | ||||
| -rw-r--r-- | plugin/disks/mysql-test/disks/disks_notembedded.test | 25 |
3 files changed, 47 insertions, 3 deletions
diff --git a/plugin/disks/information_schema_disks.cc b/plugin/disks/information_schema_disks.cc index 7f7f4f06711..c4b558ba107 100644 --- a/plugin/disks/information_schema_disks.cc +++ b/plugin/disks/information_schema_disks.cc @@ -19,6 +19,7 @@ #include <mntent.h> #include <sql_class.h> #include <table.h> +#include <sql_acl.h> /* check_global_access() */ bool schema_table_store_record(THD *thd, TABLE *table); @@ -83,6 +84,9 @@ int disks_fill_table(THD* pThd, TABLE_LIST* pTables, Item* pCond) int rv = 1; TABLE* pTable = pTables->table; + if (check_global_access(pThd, FILE_ACL, true)) + return 0; + FILE* pFile = setmntent("/etc/mtab", "r"); if (pFile) @@ -144,11 +148,11 @@ maria_declare_plugin(disks) PLUGIN_LICENSE_GPL, /* license type */ disks_table_init, /* init function */ NULL, /* deinit function */ - 0x0100, /* version = 1.0 */ + 0x0101, /* version = 1.1 */ NULL, /* no status variables */ NULL, /* no system variables */ - "1.0", /* String version representation */ - MariaDB_PLUGIN_MATURITY_BETA /* Maturity (see include/mysql/plugin.h)*/ + "1.1", /* String version representation */ + MariaDB_PLUGIN_MATURITY_STABLE /* Maturity (see include/mysql/plugin.h)*/ } mysql_declare_plugin_end; diff --git a/plugin/disks/mysql-test/disks/disks_notembedded.result b/plugin/disks/mysql-test/disks/disks_notembedded.result new file mode 100644 index 00000000000..f0f9e46aaca --- /dev/null +++ b/plugin/disks/mysql-test/disks/disks_notembedded.result @@ -0,0 +1,15 @@ +# +# MDEV-18328: Make DISKS plugin check some privilege to access +# information_schema.DISKS table +# +CREATE USER user1@localhost; +GRANT SELECT ON *.* TO user1@localhost; +select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks; +sum(Total) > sum(Available) sum(Total)>sum(Used) +NULL NULL +GRANT FILE ON *.* TO user1@localhost; +select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks; +sum(Total) > sum(Available) sum(Total)>sum(Used) +1 1 +DROP USER user1@localhost; +# End of 10.1 tests diff --git a/plugin/disks/mysql-test/disks/disks_notembedded.test b/plugin/disks/mysql-test/disks/disks_notembedded.test new file mode 100644 index 00000000000..a0f6c2e5887 --- /dev/null +++ b/plugin/disks/mysql-test/disks/disks_notembedded.test @@ -0,0 +1,25 @@ +source include/not_embedded.inc; + +--echo # +--echo # MDEV-18328: Make DISKS plugin check some privilege to access +--echo # information_schema.DISKS table +--echo # + +CREATE USER user1@localhost; +GRANT SELECT ON *.* TO user1@localhost; + +connect (con1,localhost,user1,,); +connection con1; +select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks; +disconnect con1; + +connection default; +GRANT FILE ON *.* TO user1@localhost; + +connect (con1,localhost,user1,,); +connection con1; +select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks; +connection default; +DROP USER user1@localhost; + +--echo # End of 10.1 tests |