mirror of
https://github.com/MariaDB/server.git
synced 2025-07-13 02:22:51 +03:00
Bug #23675 Partitions: possible security breach via alter
now we return different error message if user doesn't have SELECT grants
This commit is contained in:
holyfoot/hf@mysql.com/hfmain.(none)
@ -19,7 +19,16 @@ revoke alter on mysqltest_1.* from mysqltest_1@localhost;
|
|||||||
alter table t1 drop partition p3;
|
alter table t1 drop partition p3;
|
||||||
ERROR 42000: ALTER command denied to user 'mysqltest_1'@'localhost' for table 't1'
|
ERROR 42000: ALTER command denied to user 'mysqltest_1'@'localhost' for table 't1'
|
||||||
revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
|
revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
|
||||||
drop user mysqltest_1@localhost;
|
|
||||||
drop table t1;
|
drop table t1;
|
||||||
|
create table t1 (s1 int);
|
||||||
|
insert into t1 values (1);
|
||||||
|
grant alter on mysqltest_1.* to mysqltest_1@localhost;
|
||||||
|
alter table t1 partition by list (s1) (partition p1 values in (2));
|
||||||
|
ERROR HY000: Table has no partition for some existing values
|
||||||
|
grant select, alter on mysqltest_1.* to mysqltest_1@localhost;
|
||||||
|
alter table t1 partition by list (s1) (partition p1 values in (2));
|
||||||
|
ERROR HY000: Table has no partition for value 1
|
||||||
|
drop table t1;
|
||||||
|
drop user mysqltest_1@localhost;
|
||||||
drop schema mysqltest_1;
|
drop schema mysqltest_1;
|
||||||
End of 5.1 tests
|
End of 5.1 tests
|
||||||
|
|||||||
@ -52,8 +52,30 @@ disconnect conn3;
|
|||||||
connection default;
|
connection default;
|
||||||
|
|
||||||
revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
|
revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
|
||||||
drop user mysqltest_1@localhost;
|
|
||||||
drop table t1;
|
drop table t1;
|
||||||
|
|
||||||
|
#
|
||||||
|
# Bug #23675 Partitions: possible security breach via alter
|
||||||
|
#
|
||||||
|
|
||||||
|
create table t1 (s1 int);
|
||||||
|
insert into t1 values (1);
|
||||||
|
grant alter on mysqltest_1.* to mysqltest_1@localhost;
|
||||||
|
connect (conn4,localhost,mysqltest_1,,mysqltest_1);
|
||||||
|
connection conn4;
|
||||||
|
--error 1514
|
||||||
|
alter table t1 partition by list (s1) (partition p1 values in (2));
|
||||||
|
connection default;
|
||||||
|
grant select, alter on mysqltest_1.* to mysqltest_1@localhost;
|
||||||
|
disconnect conn4;
|
||||||
|
connect (conn5,localhost,mysqltest_1,,mysqltest_1);
|
||||||
|
--error 1514
|
||||||
|
alter table t1 partition by list (s1) (partition p1 values in (2));
|
||||||
|
disconnect conn5;
|
||||||
|
connection default;
|
||||||
|
drop table t1;
|
||||||
|
|
||||||
|
drop user mysqltest_1@localhost;
|
||||||
drop schema mysqltest_1;
|
drop schema mysqltest_1;
|
||||||
|
|
||||||
--echo End of 5.1 tests
|
--echo End of 5.1 tests
|
||||||
|
|||||||
@ -598,7 +598,7 @@ class THD;
|
|||||||
void close_thread_tables(THD *thd, bool locked=0, bool skip_derived=0);
|
void close_thread_tables(THD *thd, bool locked=0, bool skip_derived=0);
|
||||||
bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *tables);
|
bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *tables);
|
||||||
bool check_single_table_access(THD *thd, ulong privilege,
|
bool check_single_table_access(THD *thd, ulong privilege,
|
||||||
TABLE_LIST *tables);
|
TABLE_LIST *tables, bool no_errors);
|
||||||
bool check_routine_access(THD *thd,ulong want_access,char *db,char *name,
|
bool check_routine_access(THD *thd,ulong want_access,char *db,char *name,
|
||||||
bool is_proc, bool no_errors);
|
bool is_proc, bool no_errors);
|
||||||
bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);
|
bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);
|
||||||
|
|||||||
@ -849,15 +849,27 @@ void partition_info::print_no_partition_found(TABLE *table)
|
|||||||
{
|
{
|
||||||
char buf[100];
|
char buf[100];
|
||||||
char *buf_ptr= (char*)&buf;
|
char *buf_ptr= (char*)&buf;
|
||||||
my_bitmap_map *old_map= dbug_tmp_use_all_columns(table, table->read_set);
|
TABLE_LIST table_list;
|
||||||
|
|
||||||
if (part_expr->null_value)
|
bzero(&table_list, sizeof(table_list));
|
||||||
buf_ptr= (char*)"NULL";
|
table_list.db= table->s->db.str;
|
||||||
|
table_list.table_name= table->s->table_name.str;
|
||||||
|
|
||||||
|
if (check_single_table_access(current_thd,
|
||||||
|
SELECT_ACL, &table_list, TRUE))
|
||||||
|
my_message(ER_NO_PARTITION_FOR_GIVEN_VALUE,
|
||||||
|
ER(ER_NO_PARTITION_FOR_GIVEN_VALUE_SILENT), MYF(0));
|
||||||
else
|
else
|
||||||
longlong2str(err_value, buf,
|
{
|
||||||
part_expr->unsigned_flag ? 10 : -10);
|
my_bitmap_map *old_map= dbug_tmp_use_all_columns(table, table->read_set);
|
||||||
my_error(ER_NO_PARTITION_FOR_GIVEN_VALUE, MYF(0), buf_ptr);
|
if (part_expr->null_value)
|
||||||
dbug_tmp_restore_column_map(table->read_set, old_map);
|
buf_ptr= (char*)"NULL";
|
||||||
|
else
|
||||||
|
longlong2str(err_value, buf,
|
||||||
|
part_expr->unsigned_flag ? 10 : -10);
|
||||||
|
my_error(ER_NO_PARTITION_FOR_GIVEN_VALUE, MYF(0), buf_ptr);
|
||||||
|
dbug_tmp_restore_column_map(table->read_set, old_map);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
Set up buffers and arrays for fields requiring preparation
|
Set up buffers and arrays for fields requiring preparation
|
||||||
|
|||||||
@ -6053,3 +6053,5 @@ ER_DUP_ENTRY_WITH_KEY_NAME 23000 S1009
|
|||||||
ER_BINLOG_PURGE_EMFILE
|
ER_BINLOG_PURGE_EMFILE
|
||||||
eng "Too many files opened, please execute the command again"
|
eng "Too many files opened, please execute the command again"
|
||||||
ger "Zu viele offene Dateien, bitte f<>hren Sie den Befehl noch einmal aus"
|
ger "Zu viele offene Dateien, bitte f<>hren Sie den Befehl noch einmal aus"
|
||||||
|
ER_NO_PARTITION_FOR_GIVEN_VALUE_SILENT
|
||||||
|
eng "Table has no partition for some existing values"
|
||||||
|
|||||||
@ -5781,7 +5781,7 @@ bool setup_tables_and_check_access(THD *thd,
|
|||||||
{
|
{
|
||||||
if (leaves_tmp->belong_to_view &&
|
if (leaves_tmp->belong_to_view &&
|
||||||
check_single_table_access(thd, first_table ? want_access_first :
|
check_single_table_access(thd, first_table ? want_access_first :
|
||||||
want_access, leaves_tmp))
|
want_access, leaves_tmp, FALSE))
|
||||||
{
|
{
|
||||||
tables->hide_view_error(thd);
|
tables->hide_view_error(thd);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|||||||
@ -4433,6 +4433,8 @@ static bool execute_sqlcom_select(THD *thd, TABLE_LIST *all_tables)
|
|||||||
thd Thread handler
|
thd Thread handler
|
||||||
privilege requested privilege
|
privilege requested privilege
|
||||||
all_tables global table list of query
|
all_tables global table list of query
|
||||||
|
no_errors FALSE/TRUE - report/don't report error to
|
||||||
|
the client (using my_error() call).
|
||||||
|
|
||||||
RETURN
|
RETURN
|
||||||
0 - OK
|
0 - OK
|
||||||
@ -4440,7 +4442,7 @@ static bool execute_sqlcom_select(THD *thd, TABLE_LIST *all_tables)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
bool check_single_table_access(THD *thd, ulong privilege,
|
bool check_single_table_access(THD *thd, ulong privilege,
|
||||||
TABLE_LIST *all_tables)
|
TABLE_LIST *all_tables, bool no_errors)
|
||||||
{
|
{
|
||||||
Security_context * backup_ctx= thd->security_ctx;
|
Security_context * backup_ctx= thd->security_ctx;
|
||||||
|
|
||||||
@ -4456,12 +4458,12 @@ bool check_single_table_access(THD *thd, ulong privilege,
|
|||||||
db_name= all_tables->db;
|
db_name= all_tables->db;
|
||||||
|
|
||||||
if (check_access(thd, privilege, db_name,
|
if (check_access(thd, privilege, db_name,
|
||||||
&all_tables->grant.privilege, 0, 0,
|
&all_tables->grant.privilege, 0, no_errors,
|
||||||
test(all_tables->schema_table)))
|
test(all_tables->schema_table)))
|
||||||
goto deny;
|
goto deny;
|
||||||
|
|
||||||
/* Show only 1 table for check_grant */
|
/* Show only 1 table for check_grant */
|
||||||
if (grant_option && check_grant(thd, privilege, all_tables, 0, 1, 0))
|
if (grant_option && check_grant(thd, privilege, all_tables, 0, 1, no_errors))
|
||||||
goto deny;
|
goto deny;
|
||||||
|
|
||||||
thd->security_ctx= backup_ctx;
|
thd->security_ctx= backup_ctx;
|
||||||
@ -4489,7 +4491,7 @@ deny:
|
|||||||
|
|
||||||
bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
|
bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
|
||||||
{
|
{
|
||||||
if (check_single_table_access (thd,privilege,all_tables))
|
if (check_single_table_access (thd,privilege,all_tables, FALSE))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
/* Check rights on tables of subselects and implictly opened tables */
|
/* Check rights on tables of subselects and implictly opened tables */
|
||||||
@ -4502,7 +4504,7 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
|
|||||||
*/
|
*/
|
||||||
if (view && subselects_tables->belong_to_view == view)
|
if (view && subselects_tables->belong_to_view == view)
|
||||||
{
|
{
|
||||||
if (check_single_table_access (thd, privilege, subselects_tables))
|
if (check_single_table_access (thd, privilege, subselects_tables, FALSE))
|
||||||
return 1;
|
return 1;
|
||||||
subselects_tables= subselects_tables->next_global;
|
subselects_tables= subselects_tables->next_global;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user