diff options
| author | unknown <monty@mashka.mysql.fi> | 2003-05-08 00:12:46 +0300 |
|---|---|---|
| committer | unknown <monty@mashka.mysql.fi> | 2003-05-08 00:12:46 +0300 |
| commit | 97eef79b023c6210e3aea69a750383b2db748c68 (patch) | |
| tree | 60b20adcf362b4f6c7b1eca99610284503335375 /sql | |
| parent | 4d91444b15a9d156875b4ba7df2efc301e10845b (diff) | |
| parent | a57e7732897ee7973d82dccea0425c436845066a (diff) | |
| download | mariadb-git-97eef79b023c6210e3aea69a750383b2db748c68.tar.gz | |
Merge to get security patch
BitKeeper/etc/logging_ok:
auto-union
sql/sql_acl.cc:
Auto merged
tests/grant.pl:
Auto merged
tests/grant.res:
Auto merged
BitKeeper/triggers/post-commit:
use local file
client/mysqldump.c:
Merge to get crash fix
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_acl.cc | 9 | ||||
| -rw-r--r-- | sql/sql_base.cc | 9 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 12 |
3 files changed, 21 insertions, 9 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 3332e596146..f01248bb682 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -2520,8 +2520,8 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, } -bool check_grant_column (THD *thd,TABLE *table, const char *name, - uint length, uint show_tables) +bool check_grant_column(THD *thd,TABLE *table, const char *name, + uint length, uint show_tables) { GRANT_TABLE *grant_table; GRANT_COLUMN *grant_column; @@ -2529,6 +2529,8 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name, ulong want_access=table->grant.want_privilege; if (!want_access) return 0; // Already checked + if (!grant_option) + goto err2; pthread_mutex_lock(&LOCK_grant); @@ -2560,8 +2562,9 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name, #endif /* We must use my_printf_error() here! */ - err: +err: pthread_mutex_unlock(&LOCK_grant); +err2: if (!show_tables) { char command[128]; diff --git a/sql/sql_base.cc b/sql/sql_base.cc index f0aa8e9c351..03a1975b52a 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -1694,7 +1694,7 @@ Field *find_field_in_table(THD *thd,TABLE *table,const char *name,uint length, else thd->dupp_field=field; } - if (check_grants && check_grant_column(thd,table,name,length)) + if (check_grants && check_grant_column(thd,table,name,length)) return WRONG_GRANT; return field; } @@ -1719,8 +1719,8 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables) { found_table=1; Field *find=find_field_in_table(thd,tables->table,name,length, - grant_option && - tables->table->grant.want_privilege, + test(tables->table->grant. + want_privilege), 1); if (find) { @@ -1760,8 +1760,7 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables) for (; tables ; tables=tables->next) { Field *field=find_field_in_table(thd,tables->table,name,length, - grant_option && - tables->table->grant.want_privilege, + test(tables->table->grant.want_privilege), allow_rowid); if (field) { diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 2b1c05bfaeb..73983bc03b1 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -2559,7 +2559,17 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, if ((thd->master_access & want_access) == want_access) { - *save_priv=thd->master_access | thd->db_access; + /* + If we don't have a global SELECT privilege, we have to get the database + specific access rights to be able to handle queries of type + UPDATE t1 SET a=1 WHERE b > 0 + */ + db_access= thd->db_access; + if (!(thd->master_access & SELECT_ACL) && + (db && (!thd->db || strcmp(db,thd->db)))) + db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr, + thd->priv_user, db); /* purecov: inspected */ + *save_priv=thd->master_access | db_access; DBUG_RETURN(FALSE); } if (((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL)) || |