diff options
| author | unknown <venu@myvenu.com> | 2003-02-24 17:22:02 -0800 |
|---|---|---|
| committer | unknown <venu@myvenu.com> | 2003-02-24 17:22:02 -0800 |
| commit | 6957a85c242952bd605262151e6d6713e8ecb64a (patch) | |
| tree | 76959fdf81cc04794e659258e176357d9b5287d2 /sql/sql_prepare.cc | |
| parent | cf00101b23c6e17441fa26cd0974808ab83caaf6 (diff) | |
| download | mariadb-git-6957a85c242952bd605262151e6d6713e8ecb64a.tar.gz | |
Fix for the prepared statement access checks
Diffstat (limited to 'sql/sql_prepare.cc')
| -rw-r--r-- | sql/sql_prepare.cc | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 3cb4c4e8244..7639f32353c 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -454,8 +454,17 @@ static bool mysql_test_insert_fields(PREP_STMT *stmt, List_item *values; DBUG_ENTER("mysql_test_insert_fields"); - if (!(table= open_ltable(thd,table_list,table_list->lock_type))) - DBUG_RETURN(1); + my_bool update=(thd->lex.value_list.elements ? UPDATE_ACL : 0); + ulong privilege= (thd->lex.duplicates == DUP_REPLACE ? + INSERT_ACL | DELETE_ACL : INSERT_ACL | update); + + if (check_access(thd,privilege,table_list->db, + &table_list->grant.privilege) || + (grant_option && check_grant(thd,privilege,table_list)) || + open_and_lock_tables(thd, table_list)) + DBUG_RETURN(1); + + table= table_list->table; if ((values= its++)) { @@ -502,7 +511,10 @@ static bool mysql_test_upd_fields(PREP_STMT *stmt, TABLE_LIST *table_list, THD *thd= stmt->thd; DBUG_ENTER("mysql_test_upd_fields"); - if (open_and_lock_tables(thd, table_list)) + if (check_access(thd,UPDATE_ACL,table_list->db, + &table_list->grant.privilege) || + (grant_option && check_grant(thd,UPDATE_ACL,table_list)) || + open_and_lock_tables(thd, table_list)) DBUG_RETURN(1); if (setup_tables(table_list) || @@ -545,6 +557,15 @@ static bool mysql_test_select_fields(PREP_STMT *stmt, TABLE_LIST *tables, select_result *result= thd->lex.result; DBUG_ENTER("mysql_test_select_fields"); + ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL; + if (tables) + { + if (check_table_access(thd, privilege, tables)) + DBUG_RETURN(1); + } + else if (check_access(thd, privilege, "*any*")) + DBUG_RETURN(1); + if ((&lex->select_lex != lex->all_selects_list && lex->unit.create_total_list(thd, lex, &tables, 0))) DBUG_RETURN(1); @@ -716,8 +737,8 @@ static void init_stmt_execute(PREP_STMT *stmt) TODO: When the new table structure is ready, then have a status bit to indicate the table is altered, and re-do the setup_* and open the tables back. - */ - if (tables) + */ + for (; tables ; tables= tables->next) tables->table= 0; //safety - nasty init } |