From 0114c0a733d74775ff17d72285339a65c0bc9689 Mon Sep 17 00:00:00 2001 From: "anozdrin/alik@booka.opbmk" <> Date: Thu, 22 Mar 2007 00:34:15 +0300 Subject: [PATCH 1/3] Fix for BUG#24040: Create View don't succed with "all privileges" on a database. The problem was that we required not less privileges on the base tables than we have on the view. The fix is to be more flexible and allow to create such a view (necessary privileges will be checked at the runtime). --- mysql-test/r/view_grant.result | 97 +++++++++++++++++++++++++--- mysql-test/t/view_grant.test | 111 +++++++++++++++++++++++++++------ sql/sql_view.cc | 35 +++++++---- 3 files changed, 203 insertions(+), 40 deletions(-) diff --git a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result index 45cf5076fe1..3ddf4ca979c 100644 --- a/mysql-test/r/view_grant.result +++ b/mysql-test/r/view_grant.result @@ -282,15 +282,6 @@ create view mysqltest.v3 as select b from mysqltest.t2; grant create view, update on mysqltest.v3 to mysqltest_1@localhost; drop view mysqltest.v3; create view mysqltest.v3 as select b from mysqltest.t2; -grant create view, update, insert on mysqltest.v3 to mysqltest_1@localhost; -drop view mysqltest.v3; -create view mysqltest.v3 as select b from mysqltest.t2; -ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 'v3' -create table mysqltest.v3 (b int); -grant select(b) on mysqltest.v3 to mysqltest_1@localhost; -drop table mysqltest.v3; -create view mysqltest.v3 as select b from mysqltest.t2; -ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 'v3' create view v4 as select b+1 from mysqltest.t2; ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 't2' grant create view,update,select on test.* to mysqltest_1@localhost; @@ -773,4 +764,92 @@ DROP DATABASE mysqltest_db1; DROP DATABASE mysqltest_db2; DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u2@localhost; +DROP DATABASE IF EXISTS mysqltest1; +DROP DATABASE IF EXISTS mysqltest2; +CREATE DATABASE mysqltest1; +CREATE DATABASE mysqltest2; +CREATE TABLE mysqltest1.t1(c1 INT); +CREATE TABLE mysqltest1.t2(c2 INT); +CREATE TABLE mysqltest1.t3(c3 INT); +CREATE TABLE mysqltest1.t4(c4 INT); +INSERT INTO mysqltest1.t1 VALUES (11), (12), (13), (14); +INSERT INTO mysqltest1.t2 VALUES (21), (22), (23), (24); +INSERT INTO mysqltest1.t3 VALUES (31), (32), (33), (34); +INSERT INTO mysqltest1.t4 VALUES (41), (42), (43), (44); +GRANT SELECT ON mysqltest1.t1 TO mysqltest_u1@localhost; +GRANT INSERT ON mysqltest1.t2 TO mysqltest_u1@localhost; +GRANT SELECT, UPDATE ON mysqltest1.t3 TO mysqltest_u1@localhost; +GRANT SELECT, DELETE ON mysqltest1.t4 TO mysqltest_u1@localhost; +GRANT ALL PRIVILEGES ON mysqltest2.* TO mysqltest_u1@localhost; + +---> connection: bug24040_con +SELECT * FROM mysqltest1.t1; +c1 +11 +12 +13 +14 +INSERT INTO mysqltest1.t2 VALUES(25); +UPDATE mysqltest1.t3 SET c3 = 331 WHERE c3 = 31; +DELETE FROM mysqltest1.t4 WHERE c4 = 44; +CREATE VIEW v1 AS SELECT * FROM mysqltest1.t1; +CREATE VIEW v2 AS SELECT * FROM mysqltest1.t2; +CREATE VIEW v3 AS SELECT * FROM mysqltest1.t3; +CREATE VIEW v4 AS SELECT * FROM mysqltest1.t4; +SELECT * FROM v1; +c1 +11 +12 +13 +14 +INSERT INTO v2 VALUES(26); +UPDATE v3 SET c3 = 332 WHERE c3 = 32; +DELETE FROM v4 WHERE c4 = 43; +CREATE VIEW v12 AS SELECT c1, c2 FROM mysqltest1.t1, mysqltest1.t2; +ERROR 42000: create view command denied to user 'mysqltest_u1'@'localhost' for column 'c2' in table 'v12' +CREATE VIEW v13 AS SELECT c1, c3 FROM mysqltest1.t1, mysqltest1.t3; +CREATE VIEW v14 AS SELECT c1, c4 FROM mysqltest1.t1, mysqltest1.t4; +CREATE VIEW v21 AS SELECT c2, c1 FROM mysqltest1.t2, mysqltest1.t1; +ERROR 42000: create view command denied to user 'mysqltest_u1'@'localhost' for column 'c1' in table 'v21' +CREATE VIEW v23 AS SELECT c2, c3 FROM mysqltest1.t2, mysqltest1.t3; +ERROR 42000: create view command denied to user 'mysqltest_u1'@'localhost' for column 'c3' in table 'v23' +CREATE VIEW v24 AS SELECT c2, c4 FROM mysqltest1.t2, mysqltest1.t4; +ERROR 42000: create view command denied to user 'mysqltest_u1'@'localhost' for column 'c4' in table 'v24' +CREATE VIEW v31 AS SELECT c3, c1 FROM mysqltest1.t3, mysqltest1.t1; +CREATE VIEW v32 AS SELECT c3, c2 FROM mysqltest1.t3, mysqltest1.t2; +ERROR 42000: create view command denied to user 'mysqltest_u1'@'localhost' for column 'c2' in table 'v32' +CREATE VIEW v34 AS SELECT c3, c4 FROM mysqltest1.t3, mysqltest1.t4; +CREATE VIEW v41 AS SELECT c4, c1 FROM mysqltest1.t4, mysqltest1.t1; +CREATE VIEW v42 AS SELECT c4, c2 FROM mysqltest1.t4, mysqltest1.t2; +ERROR 42000: create view command denied to user 'mysqltest_u1'@'localhost' for column 'c2' in table 'v42' +CREATE VIEW v43 AS SELECT c4, c3 FROM mysqltest1.t4, mysqltest1.t3; + +---> connection: default +SELECT * FROM mysqltest1.t1; +c1 +11 +12 +13 +14 +SELECT * FROM mysqltest1.t2; +c2 +21 +22 +23 +24 +25 +26 +SELECT * FROM mysqltest1.t3; +c3 +331 +332 +33 +34 +SELECT * FROM mysqltest1.t4; +c4 +41 +42 +DROP DATABASE mysqltest1; +DROP DATABASE mysqltest2; +DROP USER mysqltest_u1@localhost; End of 5.0 tests. diff --git a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test index 0785b74dd47..815b07badf8 100644 --- a/mysql-test/t/view_grant.test +++ b/mysql-test/t/view_grant.test @@ -350,25 +350,6 @@ drop view mysqltest.v3; connection user1; create view mysqltest.v3 as select b from mysqltest.t2; -# give UPDATE and INSERT privilege (to get more privileges then underlying -# table) -connection root; -grant create view, update, insert on mysqltest.v3 to mysqltest_1@localhost; -drop view mysqltest.v3; -connection user1; --- error 1143 -create view mysqltest.v3 as select b from mysqltest.t2; - - -# If we would get more privileges on VIEW then we have on -# underlying tables => creation prohibited -connection root; -create table mysqltest.v3 (b int); -grant select(b) on mysqltest.v3 to mysqltest_1@localhost; -drop table mysqltest.v3; -connection user1; --- error 1143 -create view mysqltest.v3 as select b from mysqltest.t2; # Expression need select privileges -- error 1143 @@ -1035,4 +1016,96 @@ DROP USER mysqltest_u1@localhost; DROP USER mysqltest_u2@localhost; +# +# BUG#24040: Create View don't succed with "all privileges" on a database. +# + +# Prepare. + +--disable_warnings +DROP DATABASE IF EXISTS mysqltest1; +DROP DATABASE IF EXISTS mysqltest2; +--enable_warnings + +CREATE DATABASE mysqltest1; +CREATE DATABASE mysqltest2; + +# Test. + +CREATE TABLE mysqltest1.t1(c1 INT); +CREATE TABLE mysqltest1.t2(c2 INT); +CREATE TABLE mysqltest1.t3(c3 INT); +CREATE TABLE mysqltest1.t4(c4 INT); + +INSERT INTO mysqltest1.t1 VALUES (11), (12), (13), (14); +INSERT INTO mysqltest1.t2 VALUES (21), (22), (23), (24); +INSERT INTO mysqltest1.t3 VALUES (31), (32), (33), (34); +INSERT INTO mysqltest1.t4 VALUES (41), (42), (43), (44); + +GRANT SELECT ON mysqltest1.t1 TO mysqltest_u1@localhost; +GRANT INSERT ON mysqltest1.t2 TO mysqltest_u1@localhost; +GRANT SELECT, UPDATE ON mysqltest1.t3 TO mysqltest_u1@localhost; +GRANT SELECT, DELETE ON mysqltest1.t4 TO mysqltest_u1@localhost; + +GRANT ALL PRIVILEGES ON mysqltest2.* TO mysqltest_u1@localhost; + +--connect (bug24040_con,localhost,mysqltest_u1,,mysqltest2) +--echo +--echo ---> connection: bug24040_con + +SELECT * FROM mysqltest1.t1; +INSERT INTO mysqltest1.t2 VALUES(25); +UPDATE mysqltest1.t3 SET c3 = 331 WHERE c3 = 31; +DELETE FROM mysqltest1.t4 WHERE c4 = 44; + +CREATE VIEW v1 AS SELECT * FROM mysqltest1.t1; +CREATE VIEW v2 AS SELECT * FROM mysqltest1.t2; +CREATE VIEW v3 AS SELECT * FROM mysqltest1.t3; +CREATE VIEW v4 AS SELECT * FROM mysqltest1.t4; + +SELECT * FROM v1; +INSERT INTO v2 VALUES(26); +UPDATE v3 SET c3 = 332 WHERE c3 = 32; +DELETE FROM v4 WHERE c4 = 43; + +--error ER_COLUMNACCESS_DENIED_ERROR +CREATE VIEW v12 AS SELECT c1, c2 FROM mysqltest1.t1, mysqltest1.t2; +CREATE VIEW v13 AS SELECT c1, c3 FROM mysqltest1.t1, mysqltest1.t3; +CREATE VIEW v14 AS SELECT c1, c4 FROM mysqltest1.t1, mysqltest1.t4; + +--error ER_COLUMNACCESS_DENIED_ERROR +CREATE VIEW v21 AS SELECT c2, c1 FROM mysqltest1.t2, mysqltest1.t1; +--error ER_COLUMNACCESS_DENIED_ERROR +CREATE VIEW v23 AS SELECT c2, c3 FROM mysqltest1.t2, mysqltest1.t3; +--error ER_COLUMNACCESS_DENIED_ERROR +CREATE VIEW v24 AS SELECT c2, c4 FROM mysqltest1.t2, mysqltest1.t4; + +CREATE VIEW v31 AS SELECT c3, c1 FROM mysqltest1.t3, mysqltest1.t1; +--error ER_COLUMNACCESS_DENIED_ERROR +CREATE VIEW v32 AS SELECT c3, c2 FROM mysqltest1.t3, mysqltest1.t2; +CREATE VIEW v34 AS SELECT c3, c4 FROM mysqltest1.t3, mysqltest1.t4; + +CREATE VIEW v41 AS SELECT c4, c1 FROM mysqltest1.t4, mysqltest1.t1; +--error ER_COLUMNACCESS_DENIED_ERROR +CREATE VIEW v42 AS SELECT c4, c2 FROM mysqltest1.t4, mysqltest1.t2; +CREATE VIEW v43 AS SELECT c4, c3 FROM mysqltest1.t4, mysqltest1.t3; + +--connection default +--echo +--echo ---> connection: default + +SELECT * FROM mysqltest1.t1; +SELECT * FROM mysqltest1.t2; +SELECT * FROM mysqltest1.t3; +SELECT * FROM mysqltest1.t4; + +# Cleanup. + +-- disconnect bug24040_con + +DROP DATABASE mysqltest1; +DROP DATABASE mysqltest2; +DROP USER mysqltest_u1@localhost; + + --echo End of 5.0 tests. diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 7143df8474a..cb3570105a7 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -492,35 +492,46 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, /* Compare/check grants on view with grants of underlying tables */ + + fill_effective_table_privileges(thd, &view->grant, view->db, + view->table_name); + + { + Item *report_item= NULL; + uint final_priv= VIEW_ANY_ACL; + for (sl= select_lex; sl; sl= sl->next_select()) { DBUG_ASSERT(view->db); /* Must be set in the parser */ List_iterator_fast it(sl->item_list); Item *item; - fill_effective_table_privileges(thd, &view->grant, view->db, - view->table_name); while ((item= it++)) { - Item_field *fld; + Item_field *fld= item->filed_for_view_update(); uint priv= (get_column_grant(thd, &view->grant, view->db, view->table_name, item->name) & VIEW_ANY_ACL); - if ((fld= item->filed_for_view_update())) + + if (fld && !fld->field->table->s->tmp_table) { - /* - Do we have more privileges on view field then underlying table field? - */ - if (!fld->field->table->s->tmp_table && (~fld->have_privileges & priv)) + final_priv&= fld->have_privileges; + + if (~fld->have_privileges & priv) + report_item= item; + } + } + } + + if (!final_priv) { - /* VIEW column has more privileges */ + DBUG_ASSERT(report_item); + my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0), "create view", thd->security_ctx->priv_user, - thd->security_ctx->priv_host, item->name, + thd->security_ctx->priv_host, report_item->name, view->table_name); res= TRUE; goto err; - } - } } } #endif From 25b49e99cd9fc7e01a94b7350cc7e9e89c882647 Mon Sep 17 00:00:00 2001 From: "serg@sergbook.mysql.com" <> Date: Thu, 22 Mar 2007 20:55:59 +0200 Subject: [PATCH 2/3] Bug#27171 mysqlbinlog produces different output depends from option -R Server starts any binlog dump from Format_description_log_event, this shifted all offset calculations in mysqlbinlog and made it to stop the dump earlier than --stop-position. Now mysqlbinlog takes Format_description_log_event into account --- client/mysqlbinlog.cc | 15 +++++++++---- mysql-test/r/mysqlbinlog2.result | 36 ++++++++++++++++++++++++++++++++ mysql-test/t/mysqlbinlog2.test | 8 +++++++ 3 files changed, 55 insertions(+), 4 deletions(-) diff --git a/client/mysqlbinlog.cc b/client/mysqlbinlog.cc index 7489cdb334c..d8ea3d5f255 100644 --- a/client/mysqlbinlog.cc +++ b/client/mysqlbinlog.cc @@ -1040,7 +1040,7 @@ static int dump_remote_log_entries(PRINT_EVENT_INFO *print_event_info, uint logname_len; NET* net; int error= 0; - my_off_t old_off= start_position_mot; + my_off_t old_off= min(start_position_mot, BIN_LOG_HEADER_SIZE); char fname[FN_REFLEN+1]; DBUG_ENTER("dump_remote_log_entries"); @@ -1192,10 +1192,17 @@ could be out of memory"); } } /* - Let's adjust offset for remote log as for local log to produce - similar text. + Let's adjust offset for remote log as for local log to produce + similar text and to have --stop-position to work identically. + + Exception - the server sends Format_description_log_event + in the beginning of the dump, and only after it the event from + start_position. Let the old_off reflect it. */ - old_off+= len-1; + if (old_off < start_position_mot) + old_off= start_position_mot; + else + old_off+= len-1; } err: diff --git a/mysql-test/r/mysqlbinlog2.result b/mysql-test/r/mysqlbinlog2.result index 51ca19654c7..03b0e16d32a 100644 --- a/mysql-test/r/mysqlbinlog2.result +++ b/mysql-test/r/mysqlbinlog2.result @@ -122,6 +122,24 @@ DELIMITER ; ROLLBACK /* added by mysqlbinlog */; /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/; +--- start and stop positions --- +/*!40019 SET @@session.max_insert_delayed_threads=0*/; +/*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/; +DELIMITER /*!*/; +SET INSERT_ID=4/*!*/; +use test/*!*/; +SET TIMESTAMP=1579609946/*!*/; +SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/; +SET @@session.sql_mode=0/*!*/; +/*!\C latin1 *//*!*/; +SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/; +insert into t1 values(null, "d")/*!*/; +SET INSERT_ID=5/*!*/; +DELIMITER ; +# End of log file +ROLLBACK /* added by mysqlbinlog */; +/*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/; + --- start-datetime -- /*!40019 SET @@session.max_insert_delayed_threads=0*/; /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/; @@ -481,6 +499,24 @@ DELIMITER ; ROLLBACK /* added by mysqlbinlog */; /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/; +--- start and stop positions --- +/*!40019 SET @@session.max_insert_delayed_threads=0*/; +/*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/; +DELIMITER /*!*/; +SET INSERT_ID=4/*!*/; +use test/*!*/; +SET TIMESTAMP=1579609946/*!*/; +SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/; +SET @@session.sql_mode=0/*!*/; +/*!\C latin1 *//*!*/; +SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/; +insert into t1 values(null, "d")/*!*/; +SET INSERT_ID=5/*!*/; +DELIMITER ; +# End of log file +ROLLBACK /* added by mysqlbinlog */; +/*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/; + --- start-datetime -- /*!40019 SET @@session.max_insert_delayed_threads=0*/; /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/; diff --git a/mysql-test/t/mysqlbinlog2.test b/mysql-test/t/mysqlbinlog2.test index 6afae538f04..14b213cd9cc 100644 --- a/mysql-test/t/mysqlbinlog2.test +++ b/mysql-test/t/mysqlbinlog2.test @@ -55,6 +55,10 @@ select "--- stop-position --" as ""; --enable_query_log --exec $MYSQL_BINLOG --short-form --stop-position=600 $MYSQLTEST_VARDIR/log/master-bin.000001 --disable_query_log +select "--- start and stop positions ---" as ""; +--enable_query_log +--exec $MYSQL_BINLOG --short-form --start-position=600 --stop-position 725 $MYSQLTEST_VARDIR/log/master-bin.000001 +--disable_query_log select "--- start-datetime --" as ""; --enable_query_log --exec $MYSQL_BINLOG --short-form "--start-datetime=2020-01-21 15:32:24" $MYSQLTEST_VARDIR/log/master-bin.000001 @@ -111,6 +115,10 @@ select "--- stop-position --" as ""; --enable_query_log --exec $MYSQL_BINLOG --short-form --stop-position=600 --read-from-remote-server --user=root --host=127.0.0.1 --port=$MASTER_MYPORT master-bin.000001 --disable_query_log +select "--- start and stop positions ---" as ""; +--enable_query_log +--exec $MYSQL_BINLOG --short-form --start-position=600 --stop-position 725 --read-from-remote-server --user=root --host=127.0.0.1 --port=$MASTER_MYPORT master-bin.000001 +--disable_query_log select "--- start-datetime --" as ""; --enable_query_log --exec $MYSQL_BINLOG --short-form "--start-datetime=2020-01-21 15:32:24" --read-from-remote-server --user=root --host=127.0.0.1 --port=$MASTER_MYPORT master-bin.000001 From 30c8ec9fdcea771ce7732d6b9ed99371e0921b7b Mon Sep 17 00:00:00 2001 From: "anozdrin/alik@booka.opbmk" <> Date: Fri, 23 Mar 2007 14:12:11 +0300 Subject: [PATCH 3/3] Fix for BUG#9504: Stored procedures: execute privilege doesn't make 'use database' okay. The problem was that we didn't check stored-routine privileges in check_grant_db(). The patch adds this check. --- mysql-test/r/grant.result | 47 +++++++++++++++++++ mysql-test/r/sp-security.result | 35 ++++++++++---- mysql-test/t/grant.test | 83 +++++++++++++++++++++++++++++++++ mysql-test/t/sp-security.test | 77 ++++++++++++++++++------------ sql/sql_acl.cc | 31 +++++++++++- 5 files changed, 233 insertions(+), 40 deletions(-) diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index d63e4181026..73d5bf94264 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -972,4 +972,51 @@ REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij123456789 ERROR HY000: String '1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY' is too long for host name (should be no longer than 60) GRANT PROCESS ON * TO user@localhost; ERROR 3D000: No database selected +DROP DATABASE IF EXISTS mysqltest1; +DROP DATABASE IF EXISTS mysqltest2; +DROP DATABASE IF EXISTS mysqltest3; +DROP DATABASE IF EXISTS mysqltest4; +CREATE DATABASE mysqltest1; +CREATE DATABASE mysqltest2; +CREATE DATABASE mysqltest3; +CREATE DATABASE mysqltest4; +CREATE PROCEDURE mysqltest1.p_def() SQL SECURITY DEFINER +SELECT 1; +CREATE PROCEDURE mysqltest2.p_inv() SQL SECURITY INVOKER +SELECT 1; +CREATE FUNCTION mysqltest3.f_def() RETURNS INT SQL SECURITY DEFINER +RETURN 1; +CREATE FUNCTION mysqltest4.f_inv() RETURNS INT SQL SECURITY INVOKER +RETURN 1; +GRANT EXECUTE ON PROCEDURE mysqltest1.p_def TO mysqltest_1@localhost; +GRANT EXECUTE ON PROCEDURE mysqltest2.p_inv TO mysqltest_1@localhost; +GRANT EXECUTE ON FUNCTION mysqltest3.f_def TO mysqltest_1@localhost; +GRANT EXECUTE ON FUNCTION mysqltest4.f_inv TO mysqltest_1@localhost; +GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost; + +---> connection: bug9504_con1 +use mysqltest1; +use mysqltest2; +use mysqltest3; +use mysqltest4; +use test; +CALL mysqltest1.p_def(); +1 +1 +CALL mysqltest2.p_inv(); +1 +1 +SELECT mysqltest3.f_def(); +mysqltest3.f_def() +1 +SELECT mysqltest4.f_inv(); +mysqltest4.f_inv() +1 + +---> connection: default +DROP DATABASE mysqltest1; +DROP DATABASE mysqltest2; +DROP DATABASE mysqltest3; +DROP DATABASE mysqltest4; +DROP USER mysqltest_1@localhost; End of 5.0 tests diff --git a/mysql-test/r/sp-security.result b/mysql-test/r/sp-security.result index 26b3f352a1f..8462bafe0e3 100644 --- a/mysql-test/r/sp-security.result +++ b/mysql-test/r/sp-security.result @@ -8,22 +8,29 @@ create procedure db1_secret.dummy() begin end; drop procedure db1_secret.dummy; use db1_secret; create table t1 ( u varchar(64), i int ); +insert into t1 values('test', 0); create procedure stamp(i int) insert into db1_secret.t1 values (user(), i); show procedure status like 'stamp'; Db Name Type Definer Modified Created Security_type Comment db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER -create function db() returns varchar(64) return database(); +create function db() returns varchar(64) +begin +declare v varchar(64); +select u into v from t1 limit 1; +return v; +end| show function status like 'db'; Db Name Type Definer Modified Created Security_type Comment db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER call stamp(1); select * from t1; u i +test 0 root@localhost 1 select db(); db() -db1_secret +test grant execute on procedure db1_secret.stamp to user1@'%'; grant execute on function db1_secret.db to user1@'%'; grant execute on procedure db1_secret.stamp to ''@'%'; @@ -31,25 +38,34 @@ grant execute on function db1_secret.db to ''@'%'; call db1_secret.stamp(2); select db1_secret.db(); db1_secret.db() -db1_secret +test select * from db1_secret.t1; ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1' create procedure db1_secret.dummy() begin end; ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret' drop procedure db1_secret.dummy; ERROR 42000: PROCEDURE db1_secret.dummy does not exist +drop procedure db1_secret.stamp; +ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db1_secret.stamp' +drop function db1_secret.db; +ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db1_secret.db' call db1_secret.stamp(3); select db1_secret.db(); db1_secret.db() -db1_secret +test select * from db1_secret.t1; ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1' create procedure db1_secret.dummy() begin end; ERROR 42000: Access denied for user ''@'%' to database 'db1_secret' drop procedure db1_secret.dummy; ERROR 42000: PROCEDURE db1_secret.dummy does not exist +drop procedure db1_secret.stamp; +ERROR 42000: alter routine command denied to user ''@'%' for routine 'db1_secret.stamp' +drop function db1_secret.db; +ERROR 42000: alter routine command denied to user ''@'%' for routine 'db1_secret.db' select * from t1; u i +test 0 root@localhost 1 user1@localhost 2 anon@localhost 3 @@ -64,21 +80,22 @@ db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 IN call stamp(4); select * from t1; u i +test 0 root@localhost 1 user1@localhost 2 anon@localhost 3 root@localhost 4 select db(); db() -db1_secret +test call db1_secret.stamp(5); -ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret' +ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't1' select db1_secret.db(); -ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret' +ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1' call db1_secret.stamp(6); -ERROR 42000: Access denied for user ''@'%' to database 'db1_secret' +ERROR 42000: INSERT command denied to user ''@'localhost' for table 't1' select db1_secret.db(); -ERROR 42000: Access denied for user ''@'%' to database 'db1_secret' +ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1' drop database if exists db2; create database db2; use db2; diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index 82bf011d32f..92ed69d3f4b 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -875,4 +875,87 @@ GRANT PROCESS ON * TO user@localhost; disconnect con1; connection default; + +# +# BUG#9504: Stored procedures: execute privilege doesn't make 'use database' +# okay. +# + +# Prepare. + +--disable_warnings +DROP DATABASE IF EXISTS mysqltest1; +DROP DATABASE IF EXISTS mysqltest2; +DROP DATABASE IF EXISTS mysqltest3; +DROP DATABASE IF EXISTS mysqltest4; +--enable_warnings + +CREATE DATABASE mysqltest1; +CREATE DATABASE mysqltest2; +CREATE DATABASE mysqltest3; +CREATE DATABASE mysqltest4; + +CREATE PROCEDURE mysqltest1.p_def() SQL SECURITY DEFINER + SELECT 1; + +CREATE PROCEDURE mysqltest2.p_inv() SQL SECURITY INVOKER + SELECT 1; + +CREATE FUNCTION mysqltest3.f_def() RETURNS INT SQL SECURITY DEFINER + RETURN 1; + +CREATE FUNCTION mysqltest4.f_inv() RETURNS INT SQL SECURITY INVOKER + RETURN 1; + +GRANT EXECUTE ON PROCEDURE mysqltest1.p_def TO mysqltest_1@localhost; +GRANT EXECUTE ON PROCEDURE mysqltest2.p_inv TO mysqltest_1@localhost; +GRANT EXECUTE ON FUNCTION mysqltest3.f_def TO mysqltest_1@localhost; +GRANT EXECUTE ON FUNCTION mysqltest4.f_inv TO mysqltest_1@localhost; + +GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost; + +# Test. + +--connect (bug9504_con1,localhost,mysqltest_1,,) +--echo +--echo ---> connection: bug9504_con1 + +# - Check that we can switch to the db; + +use mysqltest1; + +use mysqltest2; + +use mysqltest3; + +use mysqltest4; + +# - Check that we can call stored routines; + +use test; + +CALL mysqltest1.p_def(); + +CALL mysqltest2.p_inv(); + +SELECT mysqltest3.f_def(); + +SELECT mysqltest4.f_inv(); + +# Cleanup. + +--connection default +--echo +--echo ---> connection: default + +--disconnect bug9504_con1 + +DROP DATABASE mysqltest1; +DROP DATABASE mysqltest2; +DROP DATABASE mysqltest3; +DROP DATABASE mysqltest4; + +DROP USER mysqltest_1@localhost; + + --echo End of 5.0 tests diff --git a/mysql-test/t/sp-security.test b/mysql-test/t/sp-security.test index a5d509f29b7..38c72fd4fa6 100644 --- a/mysql-test/t/sp-security.test +++ b/mysql-test/t/sp-security.test @@ -28,6 +28,7 @@ drop procedure db1_secret.dummy; use db1_secret; create table t1 ( u varchar(64), i int ); +insert into t1 values('test', 0); # A test procedure and function create procedure stamp(i int) @@ -35,7 +36,16 @@ create procedure stamp(i int) --replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00' show procedure status like 'stamp'; -create function db() returns varchar(64) return database(); +delimiter |; +create function db() returns varchar(64) +begin + declare v varchar(64); + + select u into v from t1 limit 1; + + return v; +end| +delimiter ;| --replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00' show function status like 'db'; @@ -63,14 +73,18 @@ call db1_secret.stamp(2); select db1_secret.db(); # ...but not this ---error 1142 +--error ER_TABLEACCESS_DENIED_ERROR select * from db1_secret.t1; # ...and not this ---error 1044 +--error ER_DBACCESS_DENIED_ERROR create procedure db1_secret.dummy() begin end; ---error 1305 +--error ER_SP_DOES_NOT_EXIST drop procedure db1_secret.dummy; +--error ER_PROCACCESS_DENIED_ERROR +drop procedure db1_secret.stamp; +--error ER_PROCACCESS_DENIED_ERROR +drop function db1_secret.db; # @@ -83,14 +97,18 @@ call db1_secret.stamp(3); select db1_secret.db(); # ...but not this ---error 1142 +--error ER_TABLEACCESS_DENIED_ERROR select * from db1_secret.t1; # ...and not this ---error 1044 +--error ER_DBACCESS_DENIED_ERROR create procedure db1_secret.dummy() begin end; ---error 1305 +--error ER_SP_DOES_NOT_EXIST drop procedure db1_secret.dummy; +--error ER_PROCACCESS_DENIED_ERROR +drop procedure db1_secret.stamp; +--error ER_PROCACCESS_DENIED_ERROR +drop function db1_secret.db; # @@ -121,9 +139,9 @@ select db(); connection con2user1; # This should not work ---error 1044 +--error ER_TABLEACCESS_DENIED_ERROR call db1_secret.stamp(5); ---error 1044 +--error ER_TABLEACCESS_DENIED_ERROR select db1_secret.db(); # @@ -132,9 +150,9 @@ select db1_secret.db(); connection con3anon; # This should not work ---error 1044 +--error ER_TABLEACCESS_DENIED_ERROR call db1_secret.stamp(6); ---error 1044 +--error ER_TABLEACCESS_DENIED_ERROR select db1_secret.db(); # @@ -165,7 +183,7 @@ use db2; create procedure p () insert into t2 values (1); # Check that this doesn't work. ---error 1142 +--error ER_TABLEACCESS_DENIED_ERROR call p(); connect (con4user2,localhost,user2,,); @@ -174,7 +192,7 @@ connection con4user2; use db2; # This should not work, since p is executed with definer's (user1's) rights. ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR call p(); select * from t2; @@ -207,9 +225,9 @@ alter procedure p modifies sql data; drop procedure p; # This should NOT work ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR alter procedure q modifies sql data; ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR drop procedure q; connection con1root; @@ -260,30 +278,30 @@ connect (con4userc,localhost,userc,,); connection con2usera; call sptest.p1(1); ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR grant execute on procedure sptest.p1 to userb@localhost; ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR drop procedure sptest.p1; connection con3userb; ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR call sptest.p1(2); ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR grant execute on procedure sptest.p1 to userb@localhost; ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR drop procedure sptest.p1; connection con4userc; call sptest.p1(3); grant execute on procedure sptest.p1 to userb@localhost; ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR drop procedure sptest.p1; connection con3userb; call sptest.p1(4); ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR grant execute on procedure sptest.p1 to userb@localhost; ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR drop procedure sptest.p1; connection con1root; @@ -332,7 +350,7 @@ delimiter ;// connect (user1,localhost,user1,,test); connection user1; use mysqltest; --- error 1370 +-- error ER_PROCACCESS_DENIED_ERROR select bug_9503(); connection root; @@ -401,13 +419,13 @@ grant usage on *.* to mysqltest_1@localhost; connect (n1,localhost,mysqltest_1,,information_schema,$MASTER_MYPORT,$MASTER_MYSOCK); connection n1; ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR call mysqltest_1.p1(); disconnect n1; # Test also without a current database connect (n2,localhost,mysqltest_1,,*NO-ONE*,$MASTER_MYPORT,$MASTER_MYSOCK); connection n2; ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR call mysqltest_1.p1(); disconnect n2; @@ -433,9 +451,9 @@ end; create user user_bug12812@localhost IDENTIFIED BY 'ABC'| --replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK connect (test_user_12812,localhost,user_bug12812,ABC,test)| ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR SELECT test.bug12812()| ---error 1370 +--error ER_PROCACCESS_DENIED_ERROR CREATE VIEW v1 AS SELECT test.bug12812()| # Cleanup connection default| @@ -489,7 +507,8 @@ drop database db_bug14834; # -# BUG#14533: 'desc tbl' in stored procedure causes error 1142 +# BUG#14533: 'desc tbl' in stored procedure causes error +# ER_TABLEACCESS_DENIED_ERROR # create database db_bug14533; use db_bug14533; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ee15f95f305..ebf9385d177 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3893,6 +3893,26 @@ err2: } +static bool check_grant_db_routine(THD *thd, const char *db, HASH *hash) +{ + Security_context *sctx= thd->security_ctx; + + for (uint idx= 0; idx < hash->records; ++idx) + { + GRANT_NAME *item= (GRANT_NAME*) hash_element(hash, idx); + + if (strcmp(item->user, sctx->priv_user) == 0 && + strcmp(item->db, db) == 0 && + compare_hostname(&item->host, sctx->host, sctx->ip)) + { + return FALSE; + } + } + + return TRUE; +} + + /* Check if a user has the right to access a database Access is accepted if he has a grant for any table/routine in the database @@ -3904,9 +3924,10 @@ bool check_grant_db(THD *thd,const char *db) Security_context *sctx= thd->security_ctx; char helping [NAME_LEN+USERNAME_LENGTH+2]; uint len; - bool error= 1; + bool error= TRUE; len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1; + rw_rdlock(&LOCK_grant); for (uint idx=0 ; idx < column_priv_hash.records ; idx++) @@ -3917,11 +3938,17 @@ bool check_grant_db(THD *thd,const char *db) !memcmp(grant_table->hash_key,helping,len) && compare_hostname(&grant_table->host, sctx->host, sctx->ip)) { - error=0; // Found match + error= FALSE; /* Found match. */ break; } } + + if (error) + error= check_grant_db_routine(thd, db, &proc_priv_hash) && + check_grant_db_routine(thd, db, &func_priv_hash); + rw_unlock(&LOCK_grant); + return error; }