database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00
Code Activity

Bug #34053: normal users can enable innodb_monitor logging

Browse Source 
The check_global_access() function was made available to InnoDB, but
was not defined in the embedded server library.  InnoDB, as a plugin,
is not recompiled when the embedded server is built.  This caused a
link failure when compiling applications which use the embedded server.

The fix here is to always define check_global_access() externally; in
the embedded server case, it is defined to just return OK.

Also, don't run the test case for this bug in embedded server.


mysql-test/t/innodb_bug34053.test:
  Disable this test on embedded server - it tests privilege
  checks which are not in place there.
sql/mysql_priv.h:
  Since check_global_access() may be used from some storage engine plugins
  (InnoDB, currently), and the plugins are not recompiled for the embedded
  server, it must be defined externally even for NO_EMBEDDED_ACCESS_CHECKS.
sql/sql_parse.cc:
  Since check_global_access() may be used from some storage engine plugins
  (InnoDB, currently), and the plugins are not recompiled for the embedded
  server, it must be defined externally even for NO_EMBEDDED_ACCESS_CHECKS.
This commit is contained in:
unknown
2008-02-22 16:56:34 -07:00
parent d7cf77eee1
commit 482d60082f
3 changed files with 34 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
sql/sql_parse.cc
View File

@ -4989,35 +4989,6 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
}
/**
check for global access and give descriptive error message if it fails.
@param thd Thread handler
@param want_access Use should have any of these global rights
@warning
One gets access right if one has ANY of the rights in want_access.
This is useful as one in most cases only need one global right,
but in some case we want to check if the user has SUPER or
REPL_CLIENT_ACL rights.
@retval
0 ok
@retval
1 Access denied. In this case an error is sent to the client
*/
bool check_global_access(THD *thd, ulong want_access)
{
char command[128];
if ((thd->security_ctx->master_access & want_access))
return 0;
get_privilege_desc(command, sizeof(command), want_access);
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), command);
return 1;
}
static bool check_show_access(THD *thd, TABLE_LIST *table)
{
switch (get_schema_table_idx(table->schema_table)) {
@ -5260,6 +5231,39 @@ bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table)
#endif /*NO_EMBEDDED_ACCESS_CHECKS*/
/**
check for global access and give descriptive error message if it fails.
@param thd Thread handler
@param want_access Use should have any of these global rights
@warning
One gets access right if one has ANY of the rights in want_access.
This is useful as one in most cases only need one global right,
but in some case we want to check if the user has SUPER or
REPL_CLIENT_ACL rights.
@retval
0 ok
@retval
1 Access denied. In this case an error is sent to the client
*/
bool check_global_access(THD *thd, ulong want_access)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
char command[128];
if ((thd->security_ctx->master_access & want_access))
return 0;
get_privilege_desc(command, sizeof(command), want_access);
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), command);
return 1;
#else
return 0;
#endif
}
/****************************************************************************
Check stack size; Send error if there isn't enough stack to continue
****************************************************************************/