diff options
| author | unknown <gluh@eagle.(none)> | 2007-10-23 19:08:21 +0500 |
|---|---|---|
| committer | unknown <gluh@eagle.(none)> | 2007-10-23 19:08:21 +0500 |
| commit | 95a8bb20fb0c43b95347a42f75f91b040ca1babc (patch) | |
| tree | 6a0f011ed453ad26ca914c42a6e2e8e45ce6b3ce /sql/sql_acl.cc | |
| parent | fc800ff76d0c1f47126645c7ec742ae07434056b (diff) | |
| parent | 6e8919b00d42888bc2ff45cddedba1cf9853a7c5 (diff) | |
| download | mariadb-git-95a8bb20fb0c43b95347a42f75f91b040ca1babc.tar.gz | |
Merge mysql.com:/home/gluh/MySQL/Merge/5.1
into mysql.com:/home/gluh/MySQL/Merge/5.1-opt
client/client_priv.h:
Auto merged
client/mysqldump.c:
Auto merged
include/config-win.h:
Auto merged
libmysql/libmysql.c:
Auto merged
mysql-test/mysql-test-run.pl:
Auto merged
mysql-test/r/create.result:
Auto merged
mysql-test/r/func_sapdb.result:
Auto merged
mysql-test/r/information_schema.result:
Auto merged
mysql-test/r/variables.result:
Auto merged
mysql-test/t/information_schema.test:
Auto merged
mysql-test/t/variables.test:
Auto merged
sql/field.cc:
Auto merged
sql/ha_partition.cc:
Auto merged
sql/item_func.cc:
Auto merged
sql/item_func.h:
Auto merged
sql/item_sum.cc:
Auto merged
sql/item_timefunc.h:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/protocol.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_class.h:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_lex.h:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_select.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
sql/table.cc:
Auto merged
storage/innobase/handler/ha_innodb.cc:
Auto merged
storage/myisam/sort.c:
Auto merged
tests/mysql_client_test.c:
Auto merged
mysql-test/r/query_cache.result:
manual merge
mysql-test/include/mix1.inc:
manual merge
mysql-test/r/innodb_mysql.result:
manual merge
mysql-test/r/type_datetime.result:
manual merge
mysql-test/r/type_decimal.result:
manual merge
mysql-test/t/query_cache.test:
manual merge
mysql-test/t/type_datetime.test:
manual merge
mysql-test/t/type_decimal.test:
manual merge
sql/item.cc:
manual merge
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 83 |
1 files changed, 57 insertions, 26 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 36ecf49acb5..0c8c4b8c2d8 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3991,47 +3991,78 @@ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, } -bool check_grant_all_columns(THD *thd, ulong want_access, GRANT_INFO *grant, - const char* db_name, const char *table_name, - Field_iterator *fields) +/** + @brief check if a query can access a set of columns + + @param thd the current thread + @param want_access_arg the privileges requested + @param fields an iterator over the fields of a table reference. + @return Operation status + @retval 0 Success + @retval 1 Falure + @details This function walks over the columns of a table reference + The columns may originate from different tables, depending on the kind of + table reference, e.g. join. + For each table it will retrieve the grant information and will use it + to check the required access privileges for the fields requested from it. +*/ +bool check_grant_all_columns(THD *thd, ulong want_access_arg, + Field_iterator_table_ref *fields) { Security_context *sctx= thd->security_ctx; - GRANT_TABLE *grant_table; - GRANT_COLUMN *grant_column; + ulong want_access= want_access_arg; + const char *table_name= NULL; - want_access &= ~grant->privilege; - if (!want_access) - return 0; // Already checked + const char* db_name; + GRANT_INFO *grant; + /* Initialized only to make gcc happy */ + GRANT_TABLE *grant_table= NULL; rw_rdlock(&LOCK_grant); - /* reload table if someone has modified any grants */ - - if (grant->version != grant_version) - { - grant->grant_table= - table_hash_search(sctx->host, sctx->ip, db_name, - sctx->priv_user, - table_name, 0); /* purecov: inspected */ - grant->version= grant_version; /* purecov: inspected */ - } - /* The following should always be true */ - if (!(grant_table= grant->grant_table)) - goto err; /* purecov: inspected */ - for (; !fields->end_of_fields(); fields->next()) { const char *field_name= fields->name(); - grant_column= column_hash_search(grant_table, field_name, - (uint) strlen(field_name)); - if (!grant_column || (~grant_column->rights & want_access)) - goto err; + + if (table_name != fields->table_name()) + { + table_name= fields->table_name(); + db_name= fields->db_name(); + grant= fields->grant(); + /* get a fresh one for each table */ + want_access= want_access_arg & ~grant->privilege; + if (want_access) + { + /* reload table if someone has modified any grants */ + if (grant->version != grant_version) + { + grant->grant_table= + table_hash_search(sctx->host, sctx->ip, db_name, + sctx->priv_user, + table_name, 0); /* purecov: inspected */ + grant->version= grant_version; /* purecov: inspected */ + } + + grant_table= grant->grant_table; + DBUG_ASSERT (grant_table); + } + } + + if (want_access) + { + GRANT_COLUMN *grant_column= + column_hash_search(grant_table, field_name, + (uint) strlen(field_name)); + if (!grant_column || (~grant_column->rights & want_access)) + goto err; + } } rw_unlock(&LOCK_grant); return 0; err: rw_unlock(&LOCK_grant); + char command[128]; get_privilege_desc(command, sizeof(command), want_access); my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0), |