diff options
| author | unknown <monty@narttu.mysql.fi> | 2003-05-14 01:55:23 +0300 |
|---|---|---|
| committer | unknown <monty@narttu.mysql.fi> | 2003-05-14 01:55:23 +0300 |
| commit | 7297502a7bc6ab09d8e7c6cbd822bba4d58d4977 (patch) | |
| tree | 368f75f4fe446f07c137bbca857906c67f1d9a61 /sql/sql_parse.cc | |
| parent | bf75db781db2327bb22f994dad6eaade9c68a4d3 (diff) | |
| download | mariadb-git-7297502a7bc6ab09d8e7c6cbd822bba4d58d4977.tar.gz | |
Fix for checking global_access rights
Diffstat (limited to 'sql/sql_parse.cc')
| -rw-r--r-- | sql/sql_parse.cc | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 002af61fae6..ad2f7f9a8bd 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1482,9 +1482,8 @@ mysql_execute_command(void) } case SQLCOM_SHOW_SLAVE_STAT: { - /* Accept two privileges */ - if (check_global_access(thd, SUPER_ACL) && - check_global_access(thd, REPL_CLIENT_ACL)) + /* Accept one of two privileges */ + if (check_global_access(thd, SUPER_ACL | REPL_CLIENT_ACL)) goto error; LOCK_ACTIVE_MI; res = show_master_info(thd,active_mi); @@ -1493,9 +1492,8 @@ mysql_execute_command(void) } case SQLCOM_SHOW_MASTER_STAT: { - /* Accept two privileges */ - if (check_global_access(thd, SUPER_ACL) && - check_global_access(thd, REPL_CLIENT_ACL)) + /* Accept one of two privileges */ + if (check_global_access(thd, SUPER_ACL | REPL_CLIENT_ACL)) goto error; res = show_binlog_info(thd); break; @@ -2620,12 +2618,29 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, } -/* check for global access and give descriptive error message if it fails */ +/* + check for global access and give descriptive error message if it fails + + SYNOPSIS + check_global_access() + thd Thread handler + want_access Use should have any of these global rights + + WARNING + One gets access rigth if one has ANY of the rights in want_access + This is useful as one in most cases only need one global right, + but in some case we want to check if the user has SUPER or + REPL_CLIENT_ACL rights. + + RETURN + 0 ok + 1 Access denied. In this case an error is sent to the client +*/ bool check_global_access(THD *thd, ulong want_access) { char command[128]; - if ((thd->master_access & want_access) == want_access) + if ((thd->master_access & want_access)) return 0; get_privilege_desc(command, sizeof(command), want_access); net_printf(&thd->net,ER_SPECIFIC_ACCESS_DENIED_ERROR, |