diff options
| author | unknown <jani@a88-113-38-195.elisa-laajakaista.fi> | 2007-04-13 10:25:33 +0300 |
|---|---|---|
| committer | unknown <jani@a88-113-38-195.elisa-laajakaista.fi> | 2007-04-13 10:25:33 +0300 |
| commit | e628ba73e37221a4ab433acdd3004b5c627b0c71 (patch) | |
| tree | ddaa7e5c8b1062849706364dc349e5d30bef220c /sql | |
| parent | 830803a23b017530a76f176d635d83c1adc588e8 (diff) | |
| parent | f036fbcd45ff6481a910d4fa6ebf86b73bb883c7 (diff) | |
| download | mariadb-git-e628ba73e37221a4ab433acdd3004b5c627b0c71.tar.gz | |
Merge a88-113-38-195.elisa-laajakaista.fi:/home/my/new/mysql-5.0-marvel
into a88-113-38-195.elisa-laajakaista.fi:/home/my/new/mysql-5.1-marvel
client/mysql.cc:
Auto merged
client/mysql_upgrade.c:
Auto merged
client/mysqlbinlog.cc:
Auto merged
client/mysqldump.c:
Auto merged
mysql-test/r/sp.result:
Auto merged
mysql-test/t/grant.test:
Auto merged
mysql-test/t/sp.test:
Auto merged
mysys/my_malloc.c:
Auto merged
mysys/my_static.c:
Auto merged
mysys/safemalloc.c:
Auto merged
sql/ha_ndbcluster.cc:
Auto merged
sql/handler.cc:
Auto merged
sql/item.cc:
Auto merged
sql/item_cmpfunc.cc:
Auto merged
sql/item_func.h:
Auto merged
sql/log.cc:
Auto merged
sql/log_event.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql/opt_range.cc:
Auto merged
sql/sp.cc:
Auto merged
sql/sp_head.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_class.h:
Auto merged
sql/sql_delete.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_load.cc:
Auto merged
sql/sql_select.cc:
Auto merged
sql/sql_show.cc:
Auto merged
sql/sql_table.cc:
Auto merged
sql-common/client.c:
Auto merged
sql-common/my_time.c:
Auto merged
sql/sql_update.cc:
Auto merged
sql/table.cc:
Auto merged
storage/archive/ha_archive.cc:
Auto merged
storage/heap/hp_write.c:
Auto merged
storage/innobase/handler/ha_innodb.cc:
Auto merged
storage/ndb/src/mgmclient/CommandInterpreter.cpp:
Auto merged
mysql-test/r/grant.result:
Merged from 5.0
sql/sql_db.cc:
Merged from 5.0
sql/sql_parse.cc:
Merged from 5.0
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/mysql_priv.h | 2 | ||||
| -rw-r--r-- | sql/sql_db.cc | 43 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 98 | ||||
| -rw-r--r-- | sql/sql_show.cc | 2 |
4 files changed, 106 insertions, 39 deletions
diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index fe7a567365e..85792727f34 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -1134,6 +1134,8 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond); int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond); bool get_schema_tables_result(JOIN *join, enum enum_schema_table_state executed_place); +enum enum_schema_tables get_schema_table_idx(ST_SCHEMA_TABLE *schema_table); + #define is_schema_db(X) \ !my_strcasecmp(system_charset_info, INFORMATION_SCHEMA_NAME.str, (X)) diff --git a/sql/sql_db.cc b/sql/sql_db.cc index 618b9d515bb..cfd610638ce 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -1437,30 +1437,27 @@ bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name, bool force_switch) DBUG_PRINT("info",("Use database: %s", new_db_file_name.str)); #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (!force_switch) /* FIXME: this is BUG#27337. */ + db_access= + test_all_bits(sctx->master_access, DB_ACLS) ? + DB_ACLS : + acl_get(sctx->host, + sctx->ip, + sctx->priv_user, + new_db_file_name.str, + FALSE) | sctx->master_access; + + if (!force_switch && + !(db_access & DB_ACLS) && + (!grant_option || check_grant_db(thd, new_db_file_name.str))) { - db_access= (test_all_bits(sctx->master_access, DB_ACLS) ? - DB_ACLS : - acl_get(sctx->host, - sctx->ip, - sctx->priv_user, - new_db_file_name.str, - FALSE) | sctx->master_access); - - if (!force_switch && - !(db_access & DB_ACLS) && - (!grant_option || check_grant_db(thd, new_db_file_name.str))) - { - my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), - sctx->priv_user, - sctx->priv_host, - new_db_file_name.str); - general_log_print(thd, COM_INIT_DB, ER(ER_DBACCESS_DENIED_ERROR), - sctx->priv_user, sctx->priv_host, - new_db_file_name.str); - my_free(new_db_file_name.str, MYF(0)); - DBUG_RETURN(TRUE); - } + my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), + sctx->priv_user, + sctx->priv_host, + new_db_file_name.str); + general_log_print(thd, COM_INIT_DB, ER(ER_DBACCESS_DENIED_ERROR), + sctx->priv_user, sctx->priv_host, new_db_file_name.str); + my_free(new_db_file_name.str, MYF(0)); + DBUG_RETURN(TRUE); } #endif diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 9c9a41a81fe..53404792dea 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1359,7 +1359,8 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident, enum enum_schema_tables schema_table_idx) { DBUG_ENTER("prepare_schema_table"); - SELECT_LEX *sel= 0; + SELECT_LEX *schema_select_lex= NULL; + switch (schema_table_idx) { case SCH_SCHEMATA: #if defined(DONT_ALLOW_SHOW_COMMANDS) @@ -1367,11 +1368,9 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident, ER(ER_NOT_ALLOWED_COMMAND), MYF(0)); /* purecov: inspected */ DBUG_RETURN(1); #else - if ((specialflag & SPECIAL_SKIP_SHOW_DB) && - check_global_access(thd, SHOW_DB_ACL)) - DBUG_RETURN(1); break; #endif + case SCH_TABLE_NAMES: case SCH_TABLES: case SCH_VIEWS: @@ -1390,23 +1389,15 @@ int prepare_schema_table(THD *thd, LEX *lex, Table_ident *table_ident, { DBUG_RETURN(1); } - db.str= lex->select_lex.db; + schema_select_lex= new SELECT_LEX(); + db.str= schema_select_lex->db= lex->select_lex.db; + schema_select_lex->table_list.first= NULL; db.length= strlen(db.str); if (check_db_name(&db)) { my_error(ER_WRONG_DB_NAME, MYF(0), db.str); DBUG_RETURN(1); } - if (check_access(thd, SELECT_ACL, db.str, &thd->col_access, 0, 0, - is_schema_db(db.str))) - DBUG_RETURN(1); /* purecov: inspected */ - if (!thd->col_access && check_grant_db(thd, db.str)) - { - my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), - thd->security_ctx->priv_user, thd->security_ctx->priv_host, - db.str); - DBUG_RETURN(1); - } break; } #endif @@ -4698,6 +4689,83 @@ bool check_global_access(THD *thd, ulong want_access) } +static bool check_show_access(THD *thd, TABLE_LIST *table) +{ + switch (get_schema_table_idx(table->schema_table)) + { + case SCH_SCHEMATA: + return (specialflag & SPECIAL_SKIP_SHOW_DB) && + check_global_access(thd, SHOW_DB_ACL); + + case SCH_TABLE_NAMES: + case SCH_TABLES: + case SCH_VIEWS: + case SCH_TRIGGERS: + { + const char *dst_db_name= table->schema_select_lex->db; + + DBUG_ASSERT(dst_db_name); + + if (check_access(thd, SELECT_ACL, dst_db_name, + &thd->col_access, FALSE, FALSE, + is_schema_db(dst_db_name))) + { + return TRUE; + } + + if (!thd->col_access && check_grant_db(thd, dst_db_name)) + { + my_error(ER_DBACCESS_DENIED_ERROR, MYF(0), + thd->security_ctx->priv_user, + thd->security_ctx->priv_host, + dst_db_name); + return TRUE; + } + + return FALSE; + } + + case SCH_COLUMNS: + case SCH_STATISTICS: + { + TABLE_LIST *dst_table= + (TABLE_LIST *) table->schema_select_lex->table_list.first; + + DBUG_ASSERT(dst_table); + + if (check_access(thd, SELECT_ACL | EXTRA_ACL, + dst_table->db, + &dst_table->grant.privilege, + FALSE, FALSE, + test(dst_table->schema_table))) + { + return FALSE; + } + + return grant_option && + check_grant(thd, SELECT_ACL, dst_table, 2, UINT_MAX, FALSE); + } + + case SCH_OPEN_TABLES: + case SCH_VARIABLES: + case SCH_STATUS: + case SCH_PROCEDURES: + case SCH_CHARSETS: + case SCH_COLLATIONS: + case SCH_COLLATION_CHARACTER_SET_APPLICABILITY: + case SCH_USER_PRIVILEGES: + case SCH_SCHEMA_PRIVILEGES: + case SCH_TABLE_PRIVILEGES: + case SCH_COLUMN_PRIVILEGES: + case SCH_TABLE_CONSTRAINTS: + case SCH_KEY_COLUMN_USAGE: + break; + } + + return FALSE; +} + + /* Check the privilege for all used tables. diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 19cabb874b9..0a04ba3e8cf 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -2564,7 +2564,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) */ thd->reset_n_backup_open_tables_state(&open_tables_state_backup); - if (lsel) + if (lsel && lsel->table_list.first) { TABLE_LIST *show_table_list= (TABLE_LIST*) lsel->table_list.first; bool res; |