diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2022-12-10 12:08:31 +0100 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2023-02-06 14:31:48 +0100 |
| commit | d6e3d89c805725a9940952964157bfdcba0973a3 (patch) | |
| tree | afde2b8b51e11d27ed3d87ae20e36b79acff9f3d /sql/sql_acl.cc | |
| parent | 0ac5132505513a7eaf9a33d4494e9110061cf24b (diff) | |
| download | mariadb-git-d6e3d89c805725a9940952964157bfdcba0973a3.tar.gz | |
MDEV-29668 SUPER should not allow actions that have fine-grained dedicated privileges
SUPER privilege used to allow various actions that were alternatively
allowed by one of BINLOG ADMIN, BINLOG MONITOR, BINLOG REPLAY,
CONNECTION ADMIN, FEDERATED ADMIN, REPL MASTER ADMIN, REPL SLAVE ADMIN,
SET USER, SLAVE MONITOR.
Now SUPER no longer does that, one has to grant one of the fine-grained
privileges above to be to perform corresponding actions.
On upgrade from MariaDB versions 10.11 and below all the privileges
above are granted automatically if the user has SUPER.
As a side-effect, such an upgrade will allow SUPER-user to run SHOW
BINLOG EVENTS, SHOW RELAYLOG EVENTS, SHOW SLAVE HOSTS, even if he wasn't
able to do it before the upgrade.
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 29 |
1 files changed, 7 insertions, 22 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 1ba056ff89e..fccf6ef304f 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1058,7 +1058,7 @@ class User_table_tabular: public User_table access|= DELETE_HISTORY_ACL; if (access & SUPER_ACL) - access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS; + access|= ALLOWED_BY_SUPER_BEFORE_101100 | ALLOWED_BY_SUPER_BEFORE_110000; /* The SHOW SLAVE HOSTS statement : @@ -1545,10 +1545,15 @@ class User_table_json: public User_table { privilege_t mask= ALL_KNOWN_ACL_100304; ulonglong orig_access= access; + if (version_id < 110000) + { + if (access & SUPER_ACL) + access|= ALLOWED_BY_SUPER_BEFORE_110000; + } if (version_id < 101100) { if (access & SUPER_ACL) - access|= READ_ONLY_ADMIN_ACL; + access|= ALLOWED_BY_SUPER_BEFORE_101100; } if (version_id >= 100509) { @@ -1566,26 +1571,6 @@ class User_table_json: public User_table else // 100501 or earlier { /* - Address changes in SUPER and REPLICATION SLAVE made in 10.5.2. - This also covers a special case: if the user had ALL PRIVILEGES before - the upgrade, it gets ALL PRIVILEGES after the upgrade. - */ - if (access & SUPER_ACL) - { - if (access & REPL_SLAVE_ACL) - { - /* - The user could do both before the upgrade: - - set global variables (because of SUPER_ACL) - - execute "SHOW SLAVE HOSTS" (because of REPL_SLAVE_ACL) - Grant all new privileges that were splitted from SUPER (in 10.5.2), - and REPLICATION MASTER ADMIN, so it still can do "SHOW SLAVE HOSTS". - */ - access|= REPL_MASTER_ADMIN_ACL; - } - access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS; - } - /* REPLICATION_CLIENT(BINLOG_MONITOR_ACL) should allow SHOW SLAVE STATUS REPLICATION SLAVE should allow SHOW RELAYLOG EVENTS */ |