diff options
| author | unknown <gluh@eagle.intranet.mysql.r18.ru> | 2005-06-02 15:33:53 +0500 |
|---|---|---|
| committer | unknown <gluh@eagle.intranet.mysql.r18.ru> | 2005-06-02 15:33:53 +0500 |
| commit | a88d3cc149e4686bcca7b655d3ddaa437c42168e (patch) | |
| tree | 674e9da409c434950123ae751399e5370f3f94ff /sql/sql_acl.cc | |
| parent | a923940cf1397803aaa6886c363e5e8736605a34 (diff) | |
| download | mariadb-git-a88d3cc149e4686bcca7b655d3ddaa437c42168e.tar.gz | |
Fix for bug#10964: Information Schema:Authorization check on(2nd version, after review)
privilege tables is improper
added privilege check for USER_PRIVILEGES, SCHEMA_PRIVILEGES,
TABLE_PRIVILEGES, COLUMN_PRIVILEGES tables
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index a11871c55dc..bea3b55da3c 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -5406,10 +5406,12 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) uint counter; ACL_USER *acl_user; ulong want_access; - char buff[100]; TABLE *table= tables->table; + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_user_privileges"); + for (counter=0 ; counter < acl_users.elements ; counter++) { const char *user,*host, *is_grantable="YES"; @@ -5418,6 +5420,12 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) user= ""; if (!(host=acl_user->host.hostname)) host= ""; + + if (no_global_access && + (strcmp(thd->priv_user, user) || + my_strcasecmp(system_charset_info, curr_host, host))) + continue; + want_access= acl_user->access; if (!(want_access & GRANT_ACL)) is_grantable= "NO"; @@ -5453,6 +5461,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) ulong want_access; char buff[100]; TABLE *table= tables->table; + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_schema_privileges"); for (counter=0 ; counter < acl_dbs.elements ; counter++) @@ -5465,6 +5475,11 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) if (!(host=acl_db->host.hostname)) host= ""; + if (no_global_access && + (strcmp(thd->priv_user, user) || + my_strcasecmp(system_charset_info, curr_host, host))) + continue; + want_access=acl_db->access; if (want_access) { @@ -5501,6 +5516,8 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) uint index; char buff[100]; TABLE *table= tables->table; + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_table_privileges"); for (index=0 ; index < column_priv_hash.records ; index++) @@ -5510,6 +5527,13 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) index); if (!(user=grant_table->user)) user= ""; + + if (no_global_access && + (strcmp(thd->priv_user, user) || + my_strcasecmp(system_charset_info, curr_host, + grant_table->host.hostname))) + continue; + ulong table_access= grant_table->privs; if (table_access) { @@ -5554,6 +5578,8 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) uint index; char buff[100]; TABLE *table= tables->table; + bool no_global_access= check_access(thd, SELECT_ACL, "mysql",0,1,1); + char *curr_host= thd->priv_host ? thd->priv_host : (char *) "%"; DBUG_ENTER("fill_schema_table_privileges"); for (index=0 ; index < column_priv_hash.records ; index++) @@ -5563,6 +5589,13 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) index); if (!(user=grant_table->user)) user= ""; + + if (no_global_access && + (strcmp(thd->priv_user, user) || + my_strcasecmp(system_charset_info, curr_host, + grant_table->host.hostname))) + continue; + ulong table_access= grant_table->cols; if (table_access != 0) { |