database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

PR #1127 and PR #1150

Browse Source 
PR#1127: Fix is_check_constraints.result to be compatibile with 10.3

The patch is done according to the original patch for MDEV-14474
1edd09c325 and not one which is merged on server
d526679efd.
This patch includes:
- Rename from `is_check_constraint` to `is_check_constraints` to tests
and results
- Per review, change the order of fields in IS check_constraints table by adding
the column `table_name` before `constraint_name`. According to the standard
2006 there is no `table_name` column.
- Original patch and one in `10.3` supports embedded server this patch doesn't
support. After the merge `10.3` will not support also.
- Don't use patch c8b8b01b61 to change the length of `CHECK_CLAUSE` field

PR#1150: MDEV-18440: Information_schema.check_constraints possible data leak

This patch is extension of PR 1127 and includes:
- Check for table grants
- Additional test according to the MDEV specification
This commit is contained in:
Anel Husakovic
2019-01-24 03:06:56 -08:00
committed by Vicențiu Ciorbaru
parent f0aa073f2b
commit a134f1ebb1
3 changed files with 83 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
mysql-test/suite/funcs_1/r/is_check_constraint.result → mysql-test/suite/funcs_1/r/is_check_constraints.result
View File

@ -119,3 +119,29 @@ disconnect con1;
connection default; connection default;
DROP USER boo1; DROP USER boo1;
DROP USER boo2; DROP USER boo2;
#
# MDEV-18440: Information_schema.check_constraints possible data leak
#
CREATE USER foo;
CREATE DATABASE db;
USE db;
CREATE TABLE t1 (a int, b int, CONSTRAINT CHECK (b > 0));
INSERT INTO t1 VALUES (1, 2), (2, 3);
GRANT SELECT (a) ON t1 TO foo;
SHOW GRANTS FOR foo;
Grants for foo@%
GRANT USAGE ON *.* TO 'foo'@'%'
GRANT SELECT (a) ON `db`.`t1` TO 'foo'@'%'
SELECT * FROM information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA TABLE_NAME CONSTRAINT_NAME CHECK_CLAUSE
def db t1 CONSTRAINT_1 `b` > 0
CONNECT con1,localhost, foo,, db;
SELECT a FROM t1;
a
1
2
SELECT * FROM information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA TABLE_NAME CONSTRAINT_NAME CHECK_CLAUSE
connection default;
DROP USER foo;
DROP DATABASE db;

33
mysql-test/suite/funcs_1/t/is_check_constraint.test → mysql-test/suite/funcs_1/t/is_check_constraints.test
View File

@ -40,7 +40,7 @@ CREATE TABLE t1
CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints
CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint
) ENGINE=InnoDB; ) ENGINE=InnoDB;
--sorted_result --sorted_result
SELECT * from information_schema.check_constraints; SELECT * from information_schema.check_constraints;
ALTER TABLE t1 ALTER TABLE t1
@ -55,7 +55,7 @@ start_date DATE,
end_date DATE, end_date DATE,
CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint
)ENGINE=Innodb; )ENGINE=Innodb;
--sorted_result --sorted_result
SELECT * from information_schema.check_constraints; SELECT * from information_schema.check_constraints;
ALTER TABLE t1 ALTER TABLE t1
@ -70,12 +70,12 @@ a int,
b int check (b>0), # field constraint named 'b' b int check (b>0), # field constraint named 'b'
CONSTRAINT b check (b>10) # table constraint CONSTRAINT b check (b>10) # table constraint
) ENGINE=InnoDB; ) ENGINE=InnoDB;
--sorted_result --sorted_result
SELECT * from information_schema.check_constraints; SELECT * from information_schema.check_constraints;
DISCONNECT con1; DISCONNECT con1;
CONNECT(con2, localhost, boo2,, test); CONNECT(con2, localhost, boo2,, test);
--sorted_result --sorted_result
SELECT * from information_schema.check_constraints; SELECT * from information_schema.check_constraints;
DISCONNECT con2; DISCONNECT con2;
@ -90,3 +90,28 @@ DISCONNECT con1;
--CONNECTION default --CONNECTION default
DROP USER boo1; DROP USER boo1;
DROP USER boo2; DROP USER boo2;
--echo #
--echo # MDEV-18440: Information_schema.check_constraints possible data leak
--echo #
CREATE USER foo;
CREATE DATABASE db;
USE db;
CREATE TABLE t1 (a int, b int, CONSTRAINT CHECK (b > 0));
INSERT INTO t1 VALUES (1, 2), (2, 3);
GRANT SELECT (a) ON t1 TO foo;
SHOW GRANTS FOR foo;
--sorted_result
SELECT * FROM information_schema.check_constraints;
CONNECT(con1,localhost, foo,, db);
SELECT a FROM t1;
--sorted_result
SELECT * FROM information_schema.check_constraints;
--CONNECTION default
DROP USER foo;
DROP DATABASE db;

35
sql/sql_show.cc
View File

@ -6526,7 +6526,7 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables,
LEX_STRING *table_name) LEX_STRING *table_name)
{ {
DBUG_ENTER("get_check_constraints_record"); DBUG_ENTER("get_check_constraints_record");
if(res) if (res)
{ {
if (thd->is_error()) if (thd->is_error())
push_warning(thd, Sql_condition::WARN_LEVEL_WARN, push_warning(thd, Sql_condition::WARN_LEVEL_WARN,
@ -6535,15 +6535,32 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables,
thd->clear_error(); thd->clear_error();
DBUG_RETURN(0); DBUG_RETURN(0);
} }
if(!tables->view) if (!tables->view)
{ {
StringBuffer<MAX_FIELD_WIDTH> str(system_charset_info); StringBuffer<MAX_FIELD_WIDTH> str(system_charset_info);
#ifndef NO_EMBEDDED_ACCESS_CHECKS
TABLE_LIST table_acl_check;
bzero((char*) &table_acl_check, sizeof(table_acl_check));
#endif
for (uint i= 0; i < tables->table->s->table_check_constraints; i++) for (uint i= 0; i < tables->table->s->table_check_constraints; i++)
{ {
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!(thd->col_access & TABLE_ACLS))
{
table_acl_check.db= db_name->str;
table_acl_check.db_length= db_name->length;
table_acl_check.table_name= table_name->str;
table_acl_check.table_name_length= table_name->length;
table_acl_check.grant.privilege= thd->col_access;
if (check_grant(thd, TABLE_ACLS, &table_acl_check, FALSE, 1, TRUE))
continue;
}
#endif
Virtual_column_info *check= tables->table->check_constraints[i]; Virtual_column_info *check= tables->table->check_constraints[i];
table->field[0]->store(STRING_WITH_LEN("def"), system_charset_info); table->field[0]->store(STRING_WITH_LEN("def"), system_charset_info);
table->field[3]->store(check->name.str, check->name.length, table->field[3]->store(check->name.str, check->name.length,
system_charset_info); system_charset_info);
/* Make sure the string is empty between each print. */
str.length(0); str.length(0);
check->print(&str); check->print(&str);
table->field[4]->store(str.ptr(), str.length(), system_charset_info); table->field[4]->store(str.ptr(), str.length(), system_charset_info);
@ -6551,8 +6568,7 @@ static int get_check_constraints_record(THD *thd, TABLE_LIST *tables,
DBUG_RETURN(1); DBUG_RETURN(1);
} }
} }
DBUG_RETURN(res);
DBUG_RETURN(0);
} }
static int get_schema_constraints_record(THD *thd, TABLE_LIST *tables, static int get_schema_constraints_record(THD *thd, TABLE_LIST *tables,
@ -9370,11 +9386,14 @@ ST_FIELD_INFO spatial_ref_sys_fields_info[]=
ST_FIELD_INFO check_constraints_fields_info[]= ST_FIELD_INFO check_constraints_fields_info[]=
{ {
{"CONSTRAINT_CATALOG", FN_REFLEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, {"CONSTRAINT_CATALOG", FN_REFLEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
{"CONSTRAINT_SCHEMA", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, {"CONSTRAINT_SCHEMA", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
OPEN_FULL_TABLE},
{"TABLE_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, {"TABLE_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE},
{"CONSTRAINT_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, {"CONSTRAINT_NAME", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
{"CHECK_CLAUSE", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0, OPEN_FULL_TABLE}, OPEN_FULL_TABLE},
{0, 0, MYSQL_TYPE_STRING, 0, 0, 0, SKIP_OPEN_TABLE } {"CHECK_CLAUSE", NAME_CHAR_LEN, MYSQL_TYPE_STRING, 0, 0, 0,
OPEN_FULL_TABLE},
{0, 0, MYSQL_TYPE_STRING, 0, 0, 0, SKIP_OPEN_TABLE}
}; };
/* /*