MDEV-35384 Table performance_schema.session_status and other two tables are not shown in information_schema.tables for normal users

get_all_tables() skipped tables if the user has no privileges on the schema itself and no granted privilege on any tables in the schema. that is, it was skipping performance_schema tables (privileges on them aren't explicitly granted, but internally hard-coded) To fix: * extend ACL_internal_table_access::check() method with `bool any_combination_will_do` * fix all perfschema privilege checks to take it into account. * don't reuse table_acl_check object for all tables, initialize it for every table otherwise GRANT_INTERNAL_INFO will leak * remove incorrect privilege check from get_all_tables()
2025-08-08 11:22:35 +03:00 · 2024-11-14 18:56:09 +01:00
parent 0706c01b88
commit b79723ffe3
7 changed files with 105 additions and 52 deletions
--- a/storage/perfschema/pfs_engine_table.h
+++ b/storage/perfschema/pfs_engine_table.h
@@ -340,8 +340,8 @@ public:

  ~PFS_readonly_acl() = default;

-    ACL_internal_access_result check(privilege_t want_access,
-                                     privilege_t *save_priv) const override;
+  ACL_internal_access_result check(privilege_t want_access,
+    privilege_t *save_priv, bool any_combination_will_do) const override;
 };

 /** Singleton instance of PFS_readonly_acl. */
@@ -359,7 +359,7 @@ public:
  ~PFS_truncatable_acl() = default;

  ACL_internal_access_result check(privilege_t want_access,
-                                   privilege_t *save_priv) const override;
+    privilege_t *save_priv, bool any_combination_will_do) const override;
 };

 /** Singleton instance of PFS_truncatable_acl. */
@@ -377,7 +377,7 @@ public:
  ~PFS_updatable_acl() = default;

  ACL_internal_access_result check(privilege_t want_access,
-                                   privilege_t *save_priv) const override;
+    privilege_t *save_priv, bool any_combination_will_do) const override;
 };

 /** Singleton instance of PFS_updatable_acl. */
@@ -395,7 +395,7 @@ public:
  ~PFS_editable_acl() = default;

  ACL_internal_access_result check(privilege_t want_access,
-                                   privilege_t *save_priv) const override;
+    privilege_t *save_priv, bool any_combination_will_do) const override;
 };

 /** Singleton instance of PFS_editable_acl. */
@@ -412,7 +412,7 @@ public:
  ~PFS_unknown_acl() = default;

  ACL_internal_access_result check(privilege_t want_access,
-                                   privilege_t *save_priv) const override;
+    privilege_t *save_priv, bool any_combination_will_do) const override;
 };

 /** Singleton instance of PFS_unknown_acl. */
@@ -430,7 +430,8 @@ public:

  ~PFS_readonly_world_acl()
  {}
-  ACL_internal_access_result check(privilege_t want_access, privilege_t *save_priv) const override;
+  ACL_internal_access_result check(privilege_t want_access,
+    privilege_t *save_priv, bool any_combination_will_do) const override;
 };


@@ -449,7 +450,8 @@ public:

  ~PFS_truncatable_world_acl()
  {}
-  ACL_internal_access_result check(privilege_t want_access, privilege_t *save_priv) const override;
+  ACL_internal_access_result check(privilege_t want_access,
+    privilege_t *save_priv, bool any_combination_will_do) const override;
 };


@@ -469,7 +471,7 @@ class PFS_readonly_processlist_acl : public PFS_readonly_acl {
  {}

  ACL_internal_access_result check(privilege_t want_access,
-                                   privilege_t *save_priv) const override;
+    privilege_t *save_priv, bool any_combination_will_do) const override;
 };

 /** Singleton instance of PFS_readonly_processlist_acl */