From c07b3670d714db6429dc45486f7a71b230ae152d Mon Sep 17 00:00:00 2001 From: "dlenev@mockturtle.local" <> Date: Wed, 23 May 2007 15:22:13 +0400 Subject: [PATCH] 5.0 version of fix for: Bug #23667 "CREATE TABLE LIKE is not isolated from alteration by other connections" Bug #18950 "CREATE TABLE LIKE does not obtain LOCK_open" As well as: Bug #25578 "CREATE TABLE LIKE does not require any privileges on source table". The first and the second bugs resulted in various errors and wrong binary log order when one tried to execute concurrently CREATE TABLE LIKE statement and DDL statements on source table or DML/DDL statements on its target table. The problem was caused by incomplete protection/table-locking against concurrent statements implemented in mysql_create_like_table() routine. We solve it by simply implementing such protection in proper way (see comment for sql_table.cc for details). The third bug allowed user who didn't have any privileges on table create its copy and therefore circumvent privilege check for SHOW CREATE TABLE. This patch solves this problem by adding privilege check, which was missing. Finally it also removes some duplicated code from mysql_create_like_table(). Note that, altough tests covering concurrency-related aspects of CREATE TABLE LIKE behaviour will only be introduced in 5.1, they were run manually for this patch as well. --- mysql-test/r/grant2.result | 24 ++++++++++ mysql-test/t/grant2.test | 44 ++++++++++++++++++ sql/handler.h | 1 + sql/mysql_priv.h | 5 +-- sql/sql_parse.cc | 37 ++++++++++++---- sql/sql_table.cc | 91 ++++++++++++++++++-------------------- sql/sql_yacc.yy | 21 ++------- 7 files changed, 146 insertions(+), 77 deletions(-) diff --git a/mysql-test/r/grant2.result b/mysql-test/r/grant2.result index ff9b7bc6f1f..93098e68070 100644 --- a/mysql-test/r/grant2.result +++ b/mysql-test/r/grant2.result @@ -380,3 +380,27 @@ drop function f2; drop table t2; REVOKE ALL PRIVILEGES, GRANT OPTION FROM `a@`@localhost; drop user `a@`@localhost; +drop database if exists mysqltest_1; +drop database if exists mysqltest_2; +drop user mysqltest_u1@localhost; +create database mysqltest_1; +create database mysqltest_2; +grant all on mysqltest_1.* to mysqltest_u1@localhost; +use mysqltest_2; +create table t1 (i int); +show create table mysqltest_2.t1; +ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1' +create table t1 like mysqltest_2.t1; +ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1' +grant select on mysqltest_2.t1 to mysqltest_u1@localhost; +show create table mysqltest_2.t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `i` int(11) default NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +create table t1 like mysqltest_2.t1; +use test; +drop database mysqltest_1; +drop database mysqltest_2; +drop user mysqltest_u1@localhost; +End of 5.0 tests diff --git a/mysql-test/t/grant2.test b/mysql-test/t/grant2.test index d08a9e3f83d..4a3324b1833 100644 --- a/mysql-test/t/grant2.test +++ b/mysql-test/t/grant2.test @@ -513,3 +513,47 @@ disconnect bug13310; connection default; REVOKE ALL PRIVILEGES, GRANT OPTION FROM `a@`@localhost; drop user `a@`@localhost; + + +# +# Bug#25578 "CREATE TABLE LIKE does not require any privileges on source table" +# +--disable_warnings +drop database if exists mysqltest_1; +drop database if exists mysqltest_2; +--enable_warnings +--error 0,ER_CANNOT_USER +drop user mysqltest_u1@localhost; + +create database mysqltest_1; +create database mysqltest_2; +grant all on mysqltest_1.* to mysqltest_u1@localhost; +use mysqltest_2; +create table t1 (i int); + +# Connect as user with all rights on mysqltest_1 but with no rights on mysqltest_2. +connect (user1,localhost,mysqltest_u1,,mysqltest_1); +connection user1; +# As expected error is emitted +--error ER_TABLEACCESS_DENIED_ERROR +show create table mysqltest_2.t1; +# This should emit error as well +--error ER_TABLEACCESS_DENIED_ERROR +create table t1 like mysqltest_2.t1; + +# Now let us check that SELECT privilege on the source is enough +connection default; +grant select on mysqltest_2.t1 to mysqltest_u1@localhost; +connection user1; +show create table mysqltest_2.t1; +create table t1 like mysqltest_2.t1; + +# Clean-up +connection default; +use test; +drop database mysqltest_1; +drop database mysqltest_2; +drop user mysqltest_u1@localhost; + +--echo End of 5.0 tests + diff --git a/sql/handler.h b/sql/handler.h index 9863d541b5f..a59b7a09740 100644 --- a/sql/handler.h +++ b/sql/handler.h @@ -162,6 +162,7 @@ #define HA_LEX_CREATE_TMP_TABLE 1 #define HA_LEX_CREATE_IF_NOT_EXISTS 2 +#define HA_LEX_CREATE_TABLE_LIKE 4 #define HA_OPTION_NO_CHECKSUM (1L << 17) #define HA_OPTION_NO_DELAY_KEY_WRITE (1L << 18) #define HA_MAX_REC_LENGTH 65535 diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index f03ef487154..3d061c9eb9e 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -816,9 +816,8 @@ bool mysql_alter_table(THD *thd, char *new_db, char *new_name, Alter_info *alter_info, uint order_num, ORDER *order, bool ignore); bool mysql_recreate_table(THD *thd, TABLE_LIST *table_list); -bool mysql_create_like_table(THD *thd, TABLE_LIST *table, - HA_CREATE_INFO *create_info, - Table_ident *src_table); +bool mysql_create_like_table(THD *thd, TABLE_LIST *table, TABLE_LIST *src_table, + HA_CREATE_INFO *create_info); bool mysql_rename_table(enum db_type base, const char *old_db, const char * old_name, diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 7e58b36a939..6277a6c0c10 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -75,6 +75,7 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables); static void remove_escape(char *name); static bool append_file_to_dir(THD *thd, const char **filename_ptr, const char *table_name); +static bool check_show_create_table_access(THD *thd, TABLE_LIST *table); const char *any_db="*any*"; // Special symbol for check_access @@ -3080,9 +3081,9 @@ mysql_execute_command(THD *thd) else { /* regular create */ - if (lex->name) - res= mysql_create_like_table(thd, create_table, &create_info, - (Table_ident *)lex->name); + if (lex->create_info.options & HA_LEX_CREATE_TABLE_LIKE) + res= mysql_create_like_table(thd, create_table, select_tables, + &create_info); else { res= mysql_create_table(thd, create_table->db, @@ -3319,11 +3320,7 @@ end_with_restore_list: first_table->skip_temporary= 1; if (check_db_used(thd, all_tables) || - check_access(thd, SELECT_ACL | EXTRA_ACL, first_table->db, - &first_table->grant.privilege, 0, 0, - test(first_table->schema_table))) - goto error; - if (grant_option && check_grant(thd, SELECT_ACL, all_tables, 2, UINT_MAX, 0)) + check_show_create_table_access(thd, first_table)) goto error; res= mysqld_show_create(thd, first_table); break; @@ -7519,6 +7516,25 @@ bool insert_precheck(THD *thd, TABLE_LIST *tables) } +/** + @brief Check privileges for SHOW CREATE TABLE statement. + + @param thd Thread context + @param table Target table + + @retval TRUE Failure + @retval FALSE Success +*/ + +static bool check_show_create_table_access(THD *thd, TABLE_LIST *table) +{ + return check_access(thd, SELECT_ACL | EXTRA_ACL, table->db, + &table->grant.privilege, 0, 0, + test(table->schema_table)) || + grant_option && check_grant(thd, SELECT_ACL, table, 2, UINT_MAX, 0); +} + + /* CREATE TABLE query pre-check @@ -7583,6 +7599,11 @@ bool create_table_precheck(THD *thd, TABLE_LIST *tables, if (tables && check_table_access(thd, SELECT_ACL, tables,0)) goto err; } + else if (lex->create_info.options & HA_LEX_CREATE_TABLE_LIKE) + { + if (check_show_create_table_access(thd, tables)) + goto err; + } error= FALSE; err: diff --git a/sql/sql_table.cc b/sql/sql_table.cc index 079cc0d6456..4a9f6074b59 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -2718,7 +2718,8 @@ bool mysql_preload_keys(THD* thd, TABLE_LIST* tables) SYNOPSIS mysql_create_like_table() thd Thread object - table Table list (one table only) + table Table list element for target table + src_table Table list element for source table create_info Create info table_ident Src table_ident @@ -2727,61 +2728,52 @@ bool mysql_preload_keys(THD* thd, TABLE_LIST* tables) TRUE error */ -bool mysql_create_like_table(THD* thd, TABLE_LIST* table, - HA_CREATE_INFO *create_info, - Table_ident *table_ident) +bool mysql_create_like_table(THD* thd, TABLE_LIST* table, TABLE_LIST *src_table, + HA_CREATE_INFO *create_info) { TABLE **tmp_table; char src_path[FN_REFLEN], dst_path[FN_REFLEN]; char *db= table->db; char *table_name= table->table_name; - char *src_db; - char *src_table= table_ident->table.str; int err; bool res= TRUE; db_type not_used; - - TABLE_LIST src_tables_list; DBUG_ENTER("mysql_create_like_table"); - DBUG_ASSERT(table_ident->db.str); /* Must be set in the parser */ - src_db= table_ident->db.str; /* - Validate the source table + By taking name-lock on the source table and holding LOCK_open mutex we + ensure that no concurrent DDL operation will mess with this table. Note + that holding only name-lock is not enough for this, because it won't block + other DDL statements that only take name-locks on the table and don't + open it (simple name-locks are not exclusive between each other). + + Unfortunately, simply opening this table is not enough for our purproses, + since in 5.0 ALTER TABLE may change .FRM files on disk even if there are + connections that still have old version of table open. This 'optimization' + was removed in 5.1 so there we open the source table instead of taking + name-lock on it. + + We also have to acquire LOCK_open to make copying of .frm file, call to + ha_create_table() and binlogging atomic against concurrent DML and DDL + operations on the target table. */ - if (table_ident->table.length > NAME_LEN || - (table_ident->table.length && - check_table_name(src_table,table_ident->table.length))) - { - my_error(ER_WRONG_TABLE_NAME, MYF(0), src_table); - DBUG_RETURN(TRUE); - } - if (!src_db || check_db_name(src_db)) - { - my_error(ER_WRONG_DB_NAME, MYF(0), src_db ? src_db : "NULL"); - DBUG_RETURN(-1); - } - - bzero((gptr)&src_tables_list, sizeof(src_tables_list)); - src_tables_list.db= src_db; - src_tables_list.table_name= src_table; - - if (lock_and_wait_for_table_name(thd, &src_tables_list)) + if (lock_and_wait_for_table_name(thd, src_table)) goto err; - if ((tmp_table= find_temporary_table(thd, src_db, src_table))) + pthread_mutex_lock(&LOCK_open); + + if ((tmp_table= find_temporary_table(thd, src_table->db, + src_table->table_name))) strxmov(src_path, (*tmp_table)->s->path, reg_ext, NullS); else { - strxmov(src_path, mysql_data_home, "/", src_db, "/", src_table, - reg_ext, NullS); + strxmov(src_path, mysql_data_home, "/", src_table->db, "/", + src_table->table_name, reg_ext, NullS); /* Resolve symlinks (for windows) */ fn_format(src_path, src_path, "", "", MYF(MY_UNPACK_FILENAME)); - if (lower_case_table_names) - my_casedn_str(files_charset_info, src_path); if (access(src_path, F_OK)) { - my_error(ER_BAD_TABLE_ERROR, MYF(0), src_table); + my_error(ER_BAD_TABLE_ERROR, MYF(0), src_table->table_name); goto err; } } @@ -2791,10 +2783,13 @@ bool mysql_create_like_table(THD* thd, TABLE_LIST* table, */ if (mysql_frm_type(thd, src_path, ¬_used) != FRMTYPE_TABLE) { - my_error(ER_WRONG_OBJECT, MYF(0), src_db, src_table, "BASE TABLE"); + my_error(ER_WRONG_OBJECT, MYF(0), src_table->db, src_table->table_name, + "BASE TABLE"); goto err; } + DBUG_EXECUTE_IF("sleep_create_like_before_check_if_exists", my_sleep(6000000);); + /* Validate the destination table @@ -2810,27 +2805,22 @@ bool mysql_create_like_table(THD* thd, TABLE_LIST* table, } else { - bool exists; strxmov(dst_path, mysql_data_home, "/", db, "/", table_name, reg_ext, NullS); fn_format(dst_path, dst_path, "", "", MYF(MY_UNPACK_FILENAME)); /* - Note that this critical section should actually cover most - of mysql_create_like_table() function. See bugs #18950 and - #23667 for more information. - Also note that starting from 5.1 we obtain name-lock on - target table instead of inspecting table cache for presence + Note that starting from 5.1 we obtain name-lock on target + table instead of inspecting table cache for presence of open placeholders (see comment in mysql_create_table()). */ - pthread_mutex_lock(&LOCK_open); - exists= (table_cache_has_open_placeholder(thd, db, table_name) || - !access(dst_path, F_OK)); - pthread_mutex_unlock(&LOCK_open); - if (exists) + if (table_cache_has_open_placeholder(thd, db, table_name) || + !access(dst_path, F_OK)) goto table_exists; } + DBUG_EXECUTE_IF("sleep_create_like_before_copy", my_sleep(6000000);); + /* Create a new table by copying from source table */ @@ -2843,6 +2833,8 @@ bool mysql_create_like_table(THD* thd, TABLE_LIST* table, goto err; } + DBUG_EXECUTE_IF("sleep_create_like_before_ha_create", my_sleep(6000000);); + /* As mysql_truncate don't work on a new table at this stage of creation, instead create the table directly (for both normal @@ -2867,6 +2859,8 @@ bool mysql_create_like_table(THD* thd, TABLE_LIST* table, goto err; /* purecov: inspected */ } + DBUG_EXECUTE_IF("sleep_create_like_before_binlogging", my_sleep(6000000);); + // Must be written before unlock if (mysql_bin_log.is_open()) { @@ -2891,8 +2885,7 @@ table_exists: my_error(ER_TABLE_EXISTS_ERROR, MYF(0), table_name); err: - pthread_mutex_lock(&LOCK_open); - unlock_table_name(thd, &src_tables_list); + unlock_table_name(thd, src_table); pthread_mutex_unlock(&LOCK_open); DBUG_RETURN(res); } diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index c1da870960b..b970bcaedd6 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -1483,7 +1483,6 @@ create: lex->create_info.options=$2 | $4; lex->create_info.db_type= (enum db_type) lex->thd->variables.table_type; lex->create_info.default_table_charset= NULL; - lex->name=0; } create2 { Lex->current_select= &Lex->select_lex; } @@ -2763,27 +2762,15 @@ create2: | opt_create_table_options create3 {} | LIKE table_ident { - LEX *lex=Lex; - THD *thd= lex->thd; - if (!(lex->name= (char *)$2)) + Lex->create_info.options|= HA_LEX_CREATE_TABLE_LIKE; + if (!Lex->select_lex.add_table_to_list(YYTHD, $2, NULL, 0, TL_READ)) MYSQL_YYABORT; - if ($2->db.str == NULL && - thd->copy_db_to(&($2->db.str), &($2->db.length))) - { - MYSQL_YYABORT; - } } | '(' LIKE table_ident ')' { - LEX *lex=Lex; - THD *thd= lex->thd; - if (!(lex->name= (char *)$3)) + Lex->create_info.options|= HA_LEX_CREATE_TABLE_LIKE; + if (!Lex->select_lex.add_table_to_list(YYTHD, $3, NULL, 0, TL_READ)) MYSQL_YYABORT; - if ($3->db.str == NULL && - thd->copy_db_to(&($3->db.str), &($3->db.length))) - { - MYSQL_YYABORT; - } } ;