diff options
| author | Kristofer Pettersson <kristofer.pettersson@sun.com> | 2009-10-19 14:58:13 +0200 |
|---|---|---|
| committer | Kristofer Pettersson <kristofer.pettersson@sun.com> | 2009-10-19 14:58:13 +0200 |
| commit | 0659b857e7fe232ebfe7f48c5e0affd59dbf5862 (patch) | |
| tree | 6cca0ec3f77cd78ef0e2d87c40077591bd4364d2 /sql/sql_cache.cc | |
| parent | 80f6940f07978bff7de4433a9bc3626b974698f0 (diff) | |
| download | mariadb-git-0659b857e7fe232ebfe7f48c5e0affd59dbf5862.tar.gz | |
Bug#27145 EXTRA_ACL troubles
The flag EXTRA_ACL is used in conjugation with our access checks, yet it is
not clear what impact this flag has.
This is a code clean up which replaces use of EXTRA_ACL with an explicit
function parameter.
The patch also fixes privilege checks for:
- SHOW CREATE TABLE: The new privilege requirement is any privilege on
the table-level.
- CHECKSUM TABLE: Requires SELECT on the table level.
- SHOW CREATE VIEW: Requires SHOW_VIEW and SELECT on the table level
(just as the manual claims)
- SHOW INDEX: Requires any privilege on any column combination.
mysql-test/r/grant.result:
* Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant2.result:
* Error message now shows correct command (SHOW instead of SELECT)
mysql-test/r/grant4.result:
* This test file tests privilege requirements for
SHOW COLUMNS
CREATE TABLE .. LIKE
SHOW CREATE TABLE
SHOW INDEX
CHECKSUM TABLE
SHOW CREATE VIEW
mysql-test/r/information_schema_db.result:
* Added SELECT privilege to testdb_2 as
SHOW CREATE VIEW now demands this privilege
as well as SHOW VIEW.
mysql-test/r/outfile.result:
* Changed error code
mysql-test/r/view_grant.result:
* Additional SELECT privilege is now needed
for SHOW CREATE VIEW
mysql-test/t/grant4.test:
* This test file tests privilege requirements for
SHOW COLUMNS
CREATE TABLE .. LIKE
SHOW CREATE TABLE
SHOW INDEX
CHECKSUM TABLE
SHOW CREATE VIEW
mysql-test/t/information_schema_db.test:
* Added SELECT privilege to testdb_2 as
SHOW CREATE VIEW now demands this privilege
as well as SHOW VIEW.
mysql-test/t/outfile.test:
* Changed error code
mysql-test/t/view_grant.test:
* Additional SELECT privilege is now needed
for SHOW CREATE VIEW
sql/mysql_priv.h:
* Replaced EXTRA_ACL with a parameter
sql/sp_head.cc:
* Replaced EXTRA_ACL with a parameter
sql/sql_acl.cc:
* Converted function documentation to doxygen and clarified some behaviors.
* Changed value from uint to bool to better reflect its meaning.
* Removed pointless variable orig_want_access
* Added function has_any_table_level_privileges to help with requirements
checks during SHOW CREATE TABLE.
sql/sql_acl.h:
* changed signature of check_grant()
* introduced access control function has_any_table_leevl_privileges()
sql/sql_base.cc:
* Check_table_access has new signature
sql/sql_cache.cc:
* Check_table_access has new signature
sql/sql_parse.cc:
* Rewrote function documentation in doxygen comments for: check_access,
check_table_acces, check_grant.
* Removed EXTRA_ACL flag where it doesn't hold any meaningful purpose anymore
and replaced it with a function parameter where any privileges on any column
combination would satisfy the requirement.
* Fixed privilege check for SHOW COLUMNS and SHOW INDEX
* Modified check_table_access to gain clarity in what EXTRA_ACL actually does.
* Modified check_access to gain clarity in what EXTRA_ACL actually does.
* Fixed privilege check for CREATE TABLE .. LIKE .. ; It now requires SELECT
privileges on the table.
* Fixed privilege check for SHOW CREATE TABLE ..; It now requires any privilege
on the table level.
sql/sql_plugin.cc:
* check_table_access has new signature
sql/sql_prepare.cc:
* check_table_access has new signature
sql/sql_show.cc:
* check_table_access has new signature
sql/sql_trigger.cc:
* check_table_access has new signature
sql/sql_update.cc:
* check grant has new signature
sql/sql_view.cc:
* check_table_access has new signature
Diffstat (limited to 'sql/sql_cache.cc')
| -rw-r--r-- | sql/sql_cache.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_cache.cc b/sql/sql_cache.cc index 9f427f39265..e4eb1e012b5 100644 --- a/sql/sql_cache.cc +++ b/sql/sql_cache.cc @@ -1545,7 +1545,7 @@ def_week_frmt: %lu, in_trans: %d, autocommit: %d", table_list.db = table->db(); table_list.alias= table_list.table_name= table->table(); #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (check_table_access(thd,SELECT_ACL,&table_list, 1, TRUE)) + if (check_table_access(thd,SELECT_ACL,&table_list, FALSE, 1,TRUE)) { DBUG_PRINT("qcache", ("probably no SELECT access to %s.%s => return to normal processing", |