database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Fix for bug#7214: information_schema: unauthorized user can see metadata

Browse Source 
the fix for 'columns' table only
    Rights check for 'routines' table is already done
    (see WL2131 Access control for SHOW ... PROCEDURE|FUNCTION ...)
    rename 'testtets' database to 'mysqltest' to keep number of
      DBs which created by mysql-test as small as possible


mysql-test/r/information_schema.result:
  Fix for bug#7214: information_schema: unauthorized user can see metadata
mysql-test/t/information_schema.test:
  Fix for bug#7214: information_schema: unauthorized user can see metadata
sql/sql_show.cc:
  Fix for bug#7214: information_schema: unauthorized user can see metadata
This commit is contained in:
unknown
2005-04-05 15:12:15 +05:00
parent 2c8de4269d
commit 82091c8467
3 changed files with 70 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
mysql-test/r/information_schema.result
View File

@ -22,11 +22,11 @@ mysql
test
show databases where `database` = 't%';
Database
create database testtets;
create table testtets.t1(a int, b VARCHAR(30), KEY string_data (b));
create database mysqltest;
create table mysqltest.t1(a int, b VARCHAR(30), KEY string_data (b));
create table test.t2(a int);
create table t3(a int, KEY a_data (a));
create table testtets.t4(a int);
create table mysqltest.t4(a int);
create view v1 (c) as select table_name from information_schema.TABLES;
select * from v1;
c
@ -62,11 +62,11 @@ time_zone_name
time_zone_transition
time_zone_transition_type
user
t1
t4
t2
t3
v1
t1
t4
select c,table_name from v1
left join information_schema.TABLES v2 on (v1.c=v2.table_name)
where v1.c like "t%";
@ -80,10 +80,10 @@ time_zone_leap_second time_zone_leap_second
time_zone_name time_zone_name
time_zone_transition time_zone_transition
time_zone_transition_type time_zone_transition_type
t2 t2
t3 t3
t1 t1
t4 t4
t2 t2
t3 t3
select c, v2.table_name from v1
right join information_schema.TABLES v2 on (v1.c=v2.table_name)
where v1.c like "t%";
@ -97,18 +97,18 @@ time_zone_leap_second time_zone_leap_second
time_zone_name time_zone_name
time_zone_transition time_zone_transition
time_zone_transition_type time_zone_transition_type
t2 t2
t3 t3
t1 t1
t4 t4
t2 t2
t3 t3
select table_name from information_schema.TABLES
where table_schema = "testtets" and table_name like "t%";
where table_schema = "mysqltest" and table_name like "t%";
table_name
t1
t4
select * from information_schema.STATISTICS where TABLE_SCHEMA = "testtets";
select * from information_schema.STATISTICS where TABLE_SCHEMA = "mysqltest";
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME NON_UNIQUE INDEX_SCHEMA INDEX_NAME SEQ_IN_INDEX COLUMN_NAME COLLATION CARDINALITY SUB_PART PACKED NULLABLE INDEX_TYPE COMMENT
NULL testtets t1 1 testtets string_data 1 b A NULL NULL NULL YES BTREE
NULL mysqltest t1 1 mysqltest string_data 1 b A NULL NULL NULL YES BTREE
show keys from t3 where Key_name = "a_data";
Table Non_unique Key_name Seq_in_index Column_name Collation Cardinality Sub_part Packed Null Index_type Comment
t3 1 a_data 1 a A NULL NULL NULL YES BTREE
@ -133,13 +133,22 @@ c varchar(64) utf8_general_ci NO select,insert,update,references
select * from information_schema.COLUMNS where table_name="t1"
and column_name= "a";
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME ORDINAL_POSITION COLUMN_DEFAULT IS_NULLABLE DATA_TYPE CHARACTER_MAXIMUM_LENGTH CHARACTER_OCTET_LENGTH NUMERIC_PRECISION NUMERIC_SCALE CHARACTER_SET_NAME COLLATION_NAME COLUMN_TYPE COLUMN_KEY EXTRA PRIVILEGES COLUMN_COMMENT
NULL testtets t1 a 1 NULL YES int NULL NULL 11 0 NULL NULL int(11) select,insert,update,references
show columns from testtets.t1 where field like "%a%";
NULL mysqltest t1 a 1 NULL YES int NULL NULL 11 0 NULL NULL int(11) select,insert,update,references
show columns from mysqltest.t1 where field like "%a%";
Field Type Null Key Default Extra
a int(11) YES NULL
grant select (a) on mysqltest.t1 to mysqltest_2@localhost;
select table_name, column_name, privileges from information_schema.columns
where table_schema = 'mysqltest' and table_name = 't1';
table_name column_name privileges
t1 a select
show columns from mysqltest.t1;
Field Type Null Key Default Extra
a int(11) YES NULL
b varchar(30) YES MUL NULL
drop view v1;
drop tables testtets.t4, testtets.t1, t2, t3;
drop database testtets;
drop tables mysqltest.t4, mysqltest.t1, t2, t3;
drop database mysqltest;
select * from information_schema.CHARACTER_SETS
where CHARACTER_SET_NAME like 'latin1%';
CHARACTER_SET_NAME DEFAULT_COLLATE_NAME DESCRIPTION MAXLEN
@ -352,8 +361,8 @@ GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRAN
'mysqltest_1'@'localhost' NULL test t1 a REFERENCES NO
delete from mysql.user where user='mysqltest_1' or user='mysqltest_2';
delete from mysql.db where user='mysqltest_1' or user='mysqltest_2';
delete from mysql.tables_priv where user='mysqltest_1';
delete from mysql.columns_priv where user='mysqltest_1';
delete from mysql.tables_priv where user='mysqltest_1' or user='mysqltest_2';
delete from mysql.columns_priv where user='mysqltest_1' or user='mysqltest_2';
flush privileges;
drop table t1;
create table t1 (a int null, primary key(a));

29
mysql-test/t/information_schema.test
View File

@ -17,11 +17,11 @@ show databases where `database` = 't%';
# Test for information_schema.tables &
# show tables
create database testtets;
create table testtets.t1(a int, b VARCHAR(30), KEY string_data (b));
create database mysqltest;
create table mysqltest.t1(a int, b VARCHAR(30), KEY string_data (b));
create table test.t2(a int);
create table t3(a int, KEY a_data (a));
create table testtets.t4(a int);
create table mysqltest.t4(a int);
create view v1 (c) as select table_name from information_schema.TABLES;
select * from v1;
select c,table_name from v1
@ -33,9 +33,9 @@ right join information_schema.TABLES v2 on (v1.c=v2.table_name)
where v1.c like "t%";
select table_name from information_schema.TABLES
where table_schema = "testtets" and table_name like "t%";
where table_schema = "mysqltest" and table_name like "t%";
select * from information_schema.STATISTICS where TABLE_SCHEMA = "testtets";
select * from information_schema.STATISTICS where TABLE_SCHEMA = "mysqltest";
show keys from t3 where Key_name = "a_data";
show tables like 't%';
@ -46,11 +46,19 @@ show full columns from mysql.db like "Insert%";
show full columns from v1;
select * from information_schema.COLUMNS where table_name="t1"
and column_name= "a";
show columns from testtets.t1 where field like "%a%";
show columns from mysqltest.t1 where field like "%a%";
grant select (a) on mysqltest.t1 to mysqltest_2@localhost;
connect (user3,localhost,mysqltest_2,,);
connection user3;
select table_name, column_name, privileges from information_schema.columns
where table_schema = 'mysqltest' and table_name = 't1';
show columns from mysqltest.t1;
connection default;
drop view v1;
drop tables testtets.t4, testtets.t1, t2, t3;
drop database testtets;
drop tables mysqltest.t4, mysqltest.t1, t2, t3;
drop database mysqltest;
# Test for information_schema.CHARACTER_SETS &
# SHOW CHARACTER SET
@ -107,7 +115,6 @@ mysql.proc b where a.ROUTINE_NAME = convert(b.name using utf8);
select count(*) from information_schema.ROUTINES;
connect (user1,localhost,mysqltest_1,,);
connect (user3,localhost,mysqltest_2,,);
connection user1;
select ROUTINE_NAME, ROUTINE_DEFINITION from information_schema.ROUTINES;
--error 1305
@ -166,8 +173,8 @@ select * from information_schema.TABLE_PRIVILEGES where grantee like '%mysqltest
select * from information_schema.COLUMN_PRIVILEGES where grantee like '%mysqltest_1%';
delete from mysql.user where user='mysqltest_1' or user='mysqltest_2';
delete from mysql.db where user='mysqltest_1' or user='mysqltest_2';
delete from mysql.tables_priv where user='mysqltest_1';
delete from mysql.columns_priv where user='mysqltest_1';
delete from mysql.tables_priv where user='mysqltest_1' or user='mysqltest_2';
delete from mysql.columns_priv where user='mysqltest_1' or user='mysqltest_2';
flush privileges;
drop table t1;