diff options
| author | unknown <pem@mysql.comhem.se> | 2004-03-02 11:52:19 +0100 |
|---|---|---|
| committer | unknown <pem@mysql.comhem.se> | 2004-03-02 11:52:19 +0100 |
| commit | 857b59578c61a15b842f30c1a9b1e0fad8c868a3 (patch) | |
| tree | e4d37d943a0f8050bd32aafb3fa2b7f3bdb4148e /sql | |
| parent | 23a6b4ed825b2ace2e4a81b6103f324a9300b301 (diff) | |
| download | mariadb-git-857b59578c61a15b842f30c1a9b1e0fad8c868a3.tar.gz | |
Fixed BUG#2777: Stored procedure doesn't observe definer's rights.
SQL SECURITY DEFINER must enforce reduced rights too, not just additional rights.
mysql-test/r/sp-security.result:
Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights.
mysql-test/t/sp-security.test:
Test case for BUG#2777: Make sure that SQL SECURITY DEFINER enforces reduced rights.
sql/sql_acl.cc:
Clear rights before changing them in acl_getroot_no_password so that
reduced rights work too, and take care of db acls as well.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_acl.cc | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 5febb49e110..d294055ff8a 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -794,6 +794,7 @@ int acl_getroot_no_password(THD *thd) { ulong user_access= NO_ACCESS; int res= 1; + uint i; ACL_USER *acl_user= 0; DBUG_ENTER("acl_getroot_no_password"); @@ -810,13 +811,16 @@ int acl_getroot_no_password(THD *thd) VOID(pthread_mutex_lock(&acl_cache->lock)); + thd->master_access= 0; + thd->db_access= 0; + /* Find acl entry in user database. This is specially tailored to suit the check we do for CALL of a stored procedure; thd->user is set to what is actually a priv_user, which can be ''. */ - for (uint i=0 ; i < acl_users.elements ; i++) + for (i=0 ; i < acl_users.elements ; i++) { acl_user= dynamic_element(&acl_users,i,ACL_USER*); if ((!acl_user->user && (!thd->user || !thd->user[0])) || @@ -832,6 +836,22 @@ int acl_getroot_no_password(THD *thd) if (acl_user) { + for (i=0 ; i < acl_dbs.elements ; i++) + { + ACL_DB *acl_db= dynamic_element(&acl_dbs, i, ACL_DB*); + if (!acl_db->user || + (thd->user && thd->user[0] && !strcmp(thd->user, acl_db->user))) + { + if (compare_hostname(&acl_db->host, thd->host, thd->ip)) + { + if (!acl_db->db || (thd->db && !strcmp(acl_db->db, thd->db))) + { + thd->db_access= acl_db->access; + break; + } + } + } + } thd->master_access= acl_user->access; thd->priv_user= acl_user->user ? thd->user : (char *) ""; |