diff options
| author | unknown <anozdrin/alik@booka.opbmk> | 2007-03-23 14:12:11 +0300 |
|---|---|---|
| committer | unknown <anozdrin/alik@booka.opbmk> | 2007-03-23 14:12:11 +0300 |
| commit | b77b84f4f398ac30e98a45200e1d19a435e06431 (patch) | |
| tree | 5bf7ae3a2e46723dd549f6affcf4c82a7890d903 /sql/sql_acl.cc | |
| parent | 420ef3ca7df89982e05968126e19b0dea0a51a43 (diff) | |
| download | mariadb-git-b77b84f4f398ac30e98a45200e1d19a435e06431.tar.gz | |
Fix for BUG#9504: Stored procedures: execute privilege doesn't
make 'use database' okay.
The problem was that we didn't check stored-routine privileges
in check_grant_db().
The patch adds this check.
mysql-test/r/grant.result:
Update result file.
mysql-test/r/sp-security.result:
Update result fil.
mysql-test/t/grant.test:
Added test case for BUG#9504.
mysql-test/t/sp-security.test:
Update test.
sql/sql_acl.cc:
Check stored routines privileges.
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ee15f95f305..ebf9385d177 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3893,6 +3893,26 @@ err2: } +static bool check_grant_db_routine(THD *thd, const char *db, HASH *hash) +{ + Security_context *sctx= thd->security_ctx; + + for (uint idx= 0; idx < hash->records; ++idx) + { + GRANT_NAME *item= (GRANT_NAME*) hash_element(hash, idx); + + if (strcmp(item->user, sctx->priv_user) == 0 && + strcmp(item->db, db) == 0 && + compare_hostname(&item->host, sctx->host, sctx->ip)) + { + return FALSE; + } + } + + return TRUE; +} + + /* Check if a user has the right to access a database Access is accepted if he has a grant for any table/routine in the database @@ -3904,9 +3924,10 @@ bool check_grant_db(THD *thd,const char *db) Security_context *sctx= thd->security_ctx; char helping [NAME_LEN+USERNAME_LENGTH+2]; uint len; - bool error= 1; + bool error= TRUE; len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1; + rw_rdlock(&LOCK_grant); for (uint idx=0 ; idx < column_priv_hash.records ; idx++) @@ -3917,11 +3938,17 @@ bool check_grant_db(THD *thd,const char *db) !memcmp(grant_table->hash_key,helping,len) && compare_hostname(&grant_table->host, sctx->host, sctx->ip)) { - error=0; // Found match + error= FALSE; /* Found match. */ break; } } + + if (error) + error= check_grant_db_routine(thd, db, &proc_priv_hash) && + check_grant_db_routine(thd, db, &func_priv_hash); + rw_unlock(&LOCK_grant); + return error; } |