A fix and a test case for Bug#34166 Server crash in SHOW OPEN TABLES and
pre-locking. The crash was caused by an implicit assumption in check_table_access() that table_list parameter is always a part of lex->query_tables. When iterating over the passed list of tables, check_table_access() used to stop only when lex->query_tables_last_not_own was reached. In case of pre-locking, lex->query_tables_last_own is not NULL and points to some element of lex->query_tables. When the parameter of check_table_access() was not part of lex->query_tables, loop invariant could never be violated and a crash would happen when the current table pointer would point beyond the end of the provided list. The fix is to change the signature of check_table_access() to also accept a numeric limit of loop iterations, similarly to check_grant(), and supply this limit in all places when we want to check access of tables that are outside lex->query_tables, or just want to check access to one table. mysql-test/r/information_schema.result: Update test results (Bug#34166). mysql-test/t/information_schema.test: Add a test case for Bug#34166. sql/mysql_priv.h: Change signature of check_table_access() to accept a numeric limit of tables to check. sql/sp_head.cc: Update to the new signature of check_table_access(). sql/sql_acl.cc: Improve code clarity: if there is a numeric limit, we should not need to look at first_not_own_table. sql/sql_base.cc: Update to the new signature of check_table_access(). sql/sql_cache.cc: Update to the new signature of check_table_access(). sql/sql_parse.cc: Update to the new signature of check_table_access(). Change check_table_access() to accept an optional numeric limit of tables to check. A crash would happen when check_table_access() was passed a list of tables that is not part of lex->query_tables and lex->query_tables_last_own was not NULL. sql/sql_plugin.cc: Update to the new signature of check_table_access(). sql/sql_prepare.cc: Update to the new signature of check_table_access(). sql/sql_show.cc: Update to the new signature of check_table_access(). Ensure that check_table_access() only checks access to the first table in the table list when called from list_open_tables(). list_open_tables() supplies a table list that is created on stack, whereas check_table_access() used to assume that the supplied list is a part of thd->lex. sql/sql_trigger.cc: Update to the new signature of check_table_access(). sql/sql_view.cc: Update to the new signature of check_table_access().
This commit is contained in:
unknown
parent
97355f4e0a
commit
39509d64c3
@ -1619,4 +1619,19 @@ Db Name Definer Time zone Type Execute at Interval value Interval field Starts E
|
|||||||
show events where Db= 'information_schema';
|
show events where Db= 'information_schema';
|
||||||
Db Name Definer Time zone Type Execute at Interval value Interval field Starts Ends Status Originator character_set_client collation_connection Database Collation
|
Db Name Definer Time zone Type Execute at Interval value Interval field Starts Ends Status Originator character_set_client collation_connection Database Collation
|
||||||
use test;
|
use test;
|
||||||
|
#
|
||||||
|
# Bug#34166: Server crash in SHOW OPEN TABLES and prelocking
|
||||||
|
#
|
||||||
|
drop table if exists t1;
|
||||||
|
drop function if exists f1;
|
||||||
|
create table t1 (a int);
|
||||||
|
create function f1() returns int
|
||||||
|
begin
|
||||||
|
insert into t1 (a) values (1);
|
||||||
|
return 0;
|
||||||
|
end|
|
||||||
|
show open tables where f1()=0;
|
||||||
|
show open tables where f1()=0;
|
||||||
|
drop table t1;
|
||||||
|
drop function f1;
|
||||||
End of 5.1 tests.
|
End of 5.1 tests.
|
||||||
|
|||||||
@ -1248,4 +1248,26 @@ show events from information_schema;
|
|||||||
show events where Db= 'information_schema';
|
show events where Db= 'information_schema';
|
||||||
use test;
|
use test;
|
||||||
|
|
||||||
|
--echo #
|
||||||
|
--echo # Bug#34166: Server crash in SHOW OPEN TABLES and prelocking
|
||||||
|
--echo #
|
||||||
|
--disable_warnings
|
||||||
|
drop table if exists t1;
|
||||||
|
drop function if exists f1;
|
||||||
|
--enable_warnings
|
||||||
|
create table t1 (a int);
|
||||||
|
delimiter |;
|
||||||
|
create function f1() returns int
|
||||||
|
begin
|
||||||
|
insert into t1 (a) values (1);
|
||||||
|
return 0;
|
||||||
|
end|
|
||||||
|
delimiter ;|
|
||||||
|
--disable_result_log
|
||||||
|
show open tables where f1()=0;
|
||||||
|
show open tables where f1()=0;
|
||||||
|
--enable_result_log
|
||||||
|
drop table t1;
|
||||||
|
drop function f1;
|
||||||
|
|
||||||
--echo End of 5.1 tests.
|
--echo End of 5.1 tests.
|
||||||
|
|||||||
@ -1015,7 +1015,7 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
|
|||||||
bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
|
bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv,
|
||||||
bool no_grant, bool no_errors, bool schema_db);
|
bool no_grant, bool no_errors, bool schema_db);
|
||||||
bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
|
bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
|
||||||
bool no_errors);
|
uint number, bool no_errors);
|
||||||
bool check_global_access(THD *thd, ulong want_access);
|
bool check_global_access(THD *thd, ulong want_access);
|
||||||
#else
|
#else
|
||||||
inline bool check_access(THD *thd, ulong access, const char *db,
|
inline bool check_access(THD *thd, ulong access, const char *db,
|
||||||
@ -1027,7 +1027,7 @@ inline bool check_access(THD *thd, ulong access, const char *db,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
inline bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
|
inline bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables,
|
||||||
bool no_errors)
|
uint number, bool no_errors)
|
||||||
{ return false; }
|
{ return false; }
|
||||||
inline bool check_global_access(THD *thd, ulong want_access)
|
inline bool check_global_access(THD *thd, ulong want_access)
|
||||||
{ return false; }
|
{ return false; }
|
||||||
|
|||||||
@ -2265,7 +2265,7 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access)
|
|||||||
bzero((char*) &tables,sizeof(tables));
|
bzero((char*) &tables,sizeof(tables));
|
||||||
tables.db= (char*) "mysql";
|
tables.db= (char*) "mysql";
|
||||||
tables.table_name= tables.alias= (char*) "proc";
|
tables.table_name= tables.alias= (char*) "proc";
|
||||||
*full_access= (!check_table_access(thd, SELECT_ACL, &tables, 1) ||
|
*full_access= (!check_table_access(thd, SELECT_ACL, &tables, 1, TRUE) ||
|
||||||
(!strcmp(sp->m_definer_user.str,
|
(!strcmp(sp->m_definer_user.str,
|
||||||
thd->security_ctx->priv_user) &&
|
thd->security_ctx->priv_user) &&
|
||||||
!strcmp(sp->m_definer_host.str,
|
!strcmp(sp->m_definer_host.str,
|
||||||
@ -2712,7 +2712,7 @@ int sp_instr::exec_open_and_lock_tables(THD *thd, TABLE_LIST *tables)
|
|||||||
Check whenever we have access to tables for this statement
|
Check whenever we have access to tables for this statement
|
||||||
and open and lock them before executing instructions core function.
|
and open and lock them before executing instructions core function.
|
||||||
*/
|
*/
|
||||||
if (check_table_access(thd, SELECT_ACL, tables, 0)
|
if (check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE)
|
||||||
|| open_and_lock_tables(thd, tables))
|
|| open_and_lock_tables(thd, tables))
|
||||||
result= -1;
|
result= -1;
|
||||||
else
|
else
|
||||||
|
|||||||
@ -3862,7 +3862,7 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
|
|||||||
of other queries). For simple queries first_not_own_table is 0.
|
of other queries). For simple queries first_not_own_table is 0.
|
||||||
*/
|
*/
|
||||||
for (i= 0, table= tables;
|
for (i= 0, table= tables;
|
||||||
table != first_not_own_table && i < number;
|
i < number && table != first_not_own_table;
|
||||||
table= table->next_global, i++)
|
table= table->next_global, i++)
|
||||||
{
|
{
|
||||||
/* Remove SHOW_VIEW_ACL, because it will be checked during making view */
|
/* Remove SHOW_VIEW_ACL, because it will be checked during making view */
|
||||||
|
|||||||
@ -799,7 +799,7 @@ OPEN_TABLE_LIST *list_open_tables(THD *thd, const char *db, const char *wild)
|
|||||||
table_list.table_name= share->table_name.str;
|
table_list.table_name= share->table_name.str;
|
||||||
table_list.grant.privilege=0;
|
table_list.grant.privilege=0;
|
||||||
|
|
||||||
if (check_table_access(thd,SELECT_ACL | EXTRA_ACL,&table_list,1))
|
if (check_table_access(thd,SELECT_ACL | EXTRA_ACL,&table_list, 1, TRUE))
|
||||||
continue;
|
continue;
|
||||||
/* need to check if we haven't already listed it */
|
/* need to check if we haven't already listed it */
|
||||||
for (table= open_list ; table ; table=table->next)
|
for (table= open_list ; table ; table=table->next)
|
||||||
|
|||||||
@ -1378,7 +1378,7 @@ def_week_frmt: %lu",
|
|||||||
table_list.db = table->db();
|
table_list.db = table->db();
|
||||||
table_list.alias= table_list.table_name= table->table();
|
table_list.alias= table_list.table_name= table->table();
|
||||||
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
||||||
if (check_table_access(thd,SELECT_ACL,&table_list,1))
|
if (check_table_access(thd,SELECT_ACL,&table_list, 1, TRUE))
|
||||||
{
|
{
|
||||||
DBUG_PRINT("qcache",
|
DBUG_PRINT("qcache",
|
||||||
("probably no SELECT access to %s.%s => return to normal processing",
|
("probably no SELECT access to %s.%s => return to normal processing",
|
||||||
|
|||||||
@ -495,7 +495,7 @@ static bool check_merge_table_access(THD *thd, char *db,
|
|||||||
tlist->db= db; /* purecov: inspected */
|
tlist->db= db; /* purecov: inspected */
|
||||||
}
|
}
|
||||||
error= check_table_access(thd, SELECT_ACL | UPDATE_ACL | DELETE_ACL,
|
error= check_table_access(thd, SELECT_ACL | UPDATE_ACL | DELETE_ACL,
|
||||||
table_list,0);
|
table_list, UINT_MAX, FALSE);
|
||||||
}
|
}
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
@ -1994,7 +1994,7 @@ mysql_execute_command(THD *thd)
|
|||||||
res= check_table_access(thd,
|
res= check_table_access(thd,
|
||||||
lex->exchange ? SELECT_ACL | FILE_ACL :
|
lex->exchange ? SELECT_ACL | FILE_ACL :
|
||||||
SELECT_ACL,
|
SELECT_ACL,
|
||||||
all_tables, 0);
|
all_tables, UINT_MAX, FALSE);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
res= check_access(thd,
|
res= check_access(thd,
|
||||||
@ -2019,7 +2019,7 @@ mysql_execute_command(THD *thd)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case SQLCOM_DO:
|
case SQLCOM_DO:
|
||||||
if (check_table_access(thd, SELECT_ACL, all_tables, 0) ||
|
if (check_table_access(thd, SELECT_ACL, all_tables, UINT_MAX, FALSE) ||
|
||||||
open_and_lock_tables(thd, all_tables))
|
open_and_lock_tables(thd, all_tables))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
@ -2116,7 +2116,7 @@ mysql_execute_command(THD *thd)
|
|||||||
case SQLCOM_BACKUP_TABLE:
|
case SQLCOM_BACKUP_TABLE:
|
||||||
{
|
{
|
||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (check_table_access(thd, SELECT_ACL, all_tables, 0) ||
|
if (check_table_access(thd, SELECT_ACL, all_tables, UINT_MAX, FALSE) ||
|
||||||
check_global_access(thd, FILE_ACL))
|
check_global_access(thd, FILE_ACL))
|
||||||
goto error; /* purecov: inspected */
|
goto error; /* purecov: inspected */
|
||||||
thd->enable_slow_log= opt_log_slow_admin_statements;
|
thd->enable_slow_log= opt_log_slow_admin_statements;
|
||||||
@ -2128,7 +2128,7 @@ mysql_execute_command(THD *thd)
|
|||||||
case SQLCOM_RESTORE_TABLE:
|
case SQLCOM_RESTORE_TABLE:
|
||||||
{
|
{
|
||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (check_table_access(thd, INSERT_ACL, all_tables, 0) ||
|
if (check_table_access(thd, INSERT_ACL, all_tables, UINT_MAX, FALSE) ||
|
||||||
check_global_access(thd, FILE_ACL))
|
check_global_access(thd, FILE_ACL))
|
||||||
goto error; /* purecov: inspected */
|
goto error; /* purecov: inspected */
|
||||||
thd->enable_slow_log= opt_log_slow_admin_statements;
|
thd->enable_slow_log= opt_log_slow_admin_statements;
|
||||||
@ -2677,7 +2677,8 @@ end_with_restore_list:
|
|||||||
case SQLCOM_CHECKSUM:
|
case SQLCOM_CHECKSUM:
|
||||||
{
|
{
|
||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (check_table_access(thd, SELECT_ACL | EXTRA_ACL, all_tables, 0))
|
if (check_table_access(thd, SELECT_ACL | EXTRA_ACL, all_tables,
|
||||||
|
UINT_MAX, FALSE))
|
||||||
goto error; /* purecov: inspected */
|
goto error; /* purecov: inspected */
|
||||||
res = mysql_checksum_table(thd, first_table, &lex->check_opt);
|
res = mysql_checksum_table(thd, first_table, &lex->check_opt);
|
||||||
break;
|
break;
|
||||||
@ -2685,7 +2686,8 @@ end_with_restore_list:
|
|||||||
case SQLCOM_REPAIR:
|
case SQLCOM_REPAIR:
|
||||||
{
|
{
|
||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (check_table_access(thd, SELECT_ACL | INSERT_ACL, all_tables, 0))
|
if (check_table_access(thd, SELECT_ACL | INSERT_ACL, all_tables,
|
||||||
|
UINT_MAX, FALSE))
|
||||||
goto error; /* purecov: inspected */
|
goto error; /* purecov: inspected */
|
||||||
thd->enable_slow_log= opt_log_slow_admin_statements;
|
thd->enable_slow_log= opt_log_slow_admin_statements;
|
||||||
res= mysql_repair_table(thd, first_table, &lex->check_opt);
|
res= mysql_repair_table(thd, first_table, &lex->check_opt);
|
||||||
@ -2704,7 +2706,8 @@ end_with_restore_list:
|
|||||||
case SQLCOM_CHECK:
|
case SQLCOM_CHECK:
|
||||||
{
|
{
|
||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (check_table_access(thd, SELECT_ACL | EXTRA_ACL , all_tables, 0))
|
if (check_table_access(thd, SELECT_ACL | EXTRA_ACL , all_tables,
|
||||||
|
UINT_MAX, FALSE))
|
||||||
goto error; /* purecov: inspected */
|
goto error; /* purecov: inspected */
|
||||||
thd->enable_slow_log= opt_log_slow_admin_statements;
|
thd->enable_slow_log= opt_log_slow_admin_statements;
|
||||||
res = mysql_check_table(thd, first_table, &lex->check_opt);
|
res = mysql_check_table(thd, first_table, &lex->check_opt);
|
||||||
@ -2715,7 +2718,8 @@ end_with_restore_list:
|
|||||||
case SQLCOM_ANALYZE:
|
case SQLCOM_ANALYZE:
|
||||||
{
|
{
|
||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (check_table_access(thd, SELECT_ACL | INSERT_ACL, all_tables, 0))
|
if (check_table_access(thd, SELECT_ACL | INSERT_ACL, all_tables,
|
||||||
|
UINT_MAX, FALSE))
|
||||||
goto error; /* purecov: inspected */
|
goto error; /* purecov: inspected */
|
||||||
thd->enable_slow_log= opt_log_slow_admin_statements;
|
thd->enable_slow_log= opt_log_slow_admin_statements;
|
||||||
res= mysql_analyze_table(thd, first_table, &lex->check_opt);
|
res= mysql_analyze_table(thd, first_table, &lex->check_opt);
|
||||||
@ -2735,7 +2739,8 @@ end_with_restore_list:
|
|||||||
case SQLCOM_OPTIMIZE:
|
case SQLCOM_OPTIMIZE:
|
||||||
{
|
{
|
||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (check_table_access(thd, SELECT_ACL | INSERT_ACL, all_tables, 0))
|
if (check_table_access(thd, SELECT_ACL | INSERT_ACL, all_tables,
|
||||||
|
UINT_MAX, FALSE))
|
||||||
goto error; /* purecov: inspected */
|
goto error; /* purecov: inspected */
|
||||||
thd->enable_slow_log= opt_log_slow_admin_statements;
|
thd->enable_slow_log= opt_log_slow_admin_statements;
|
||||||
res= (specialflag & (SPECIAL_SAFE_MODE | SPECIAL_NO_NEW_FUNC)) ?
|
res= (specialflag & (SPECIAL_SAFE_MODE | SPECIAL_NO_NEW_FUNC)) ?
|
||||||
@ -3064,7 +3069,7 @@ end_with_restore_list:
|
|||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (!lex->drop_temporary)
|
if (!lex->drop_temporary)
|
||||||
{
|
{
|
||||||
if (check_table_access(thd, DROP_ACL, all_tables, 0))
|
if (check_table_access(thd, DROP_ACL, all_tables, UINT_MAX, FALSE))
|
||||||
goto error; /* purecov: inspected */
|
goto error; /* purecov: inspected */
|
||||||
if (end_active_trans(thd))
|
if (end_active_trans(thd))
|
||||||
goto error;
|
goto error;
|
||||||
@ -3168,7 +3173,7 @@ end_with_restore_list:
|
|||||||
if (lex->autocommit && end_active_trans(thd))
|
if (lex->autocommit && end_active_trans(thd))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
if ((check_table_access(thd, SELECT_ACL, all_tables, 0) ||
|
if ((check_table_access(thd, SELECT_ACL, all_tables, UINT_MAX, FALSE) ||
|
||||||
open_and_lock_tables(thd, all_tables)))
|
open_and_lock_tables(thd, all_tables)))
|
||||||
goto error;
|
goto error;
|
||||||
if (lex->one_shot_set && not_all_support_one_shot(lex_var_list))
|
if (lex->one_shot_set && not_all_support_one_shot(lex_var_list))
|
||||||
@ -3210,7 +3215,8 @@ end_with_restore_list:
|
|||||||
/* we must end the trasaction first, regardless of anything */
|
/* we must end the trasaction first, regardless of anything */
|
||||||
if (end_active_trans(thd))
|
if (end_active_trans(thd))
|
||||||
goto error;
|
goto error;
|
||||||
if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, all_tables, 0))
|
if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, all_tables,
|
||||||
|
UINT_MAX, FALSE))
|
||||||
goto error;
|
goto error;
|
||||||
thd->in_lock_tables=1;
|
thd->in_lock_tables=1;
|
||||||
thd->options|= OPTION_TABLE_LOCK;
|
thd->options|= OPTION_TABLE_LOCK;
|
||||||
@ -3704,7 +3710,7 @@ end_with_restore_list:
|
|||||||
#endif
|
#endif
|
||||||
case SQLCOM_HA_OPEN:
|
case SQLCOM_HA_OPEN:
|
||||||
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
DBUG_ASSERT(first_table == all_tables && first_table != 0);
|
||||||
if (check_table_access(thd, SELECT_ACL, all_tables, 0))
|
if (check_table_access(thd, SELECT_ACL, all_tables, UINT_MAX, FALSE))
|
||||||
goto error;
|
goto error;
|
||||||
res= mysql_ha_open(thd, first_table, 0);
|
res= mysql_ha_open(thd, first_table, 0);
|
||||||
break;
|
break;
|
||||||
@ -3952,7 +3958,7 @@ create_sp_error:
|
|||||||
This will cache all SP and SF and open and lock all tables
|
This will cache all SP and SF and open and lock all tables
|
||||||
required for execution.
|
required for execution.
|
||||||
*/
|
*/
|
||||||
if (check_table_access(thd, SELECT_ACL, all_tables, 0) ||
|
if (check_table_access(thd, SELECT_ACL, all_tables, UINT_MAX, FALSE) ||
|
||||||
open_and_lock_tables(thd, all_tables))
|
open_and_lock_tables(thd, all_tables))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
@ -4299,7 +4305,7 @@ create_sp_error:
|
|||||||
}
|
}
|
||||||
case SQLCOM_DROP_VIEW:
|
case SQLCOM_DROP_VIEW:
|
||||||
{
|
{
|
||||||
if (check_table_access(thd, DROP_ACL, all_tables, 0) ||
|
if (check_table_access(thd, DROP_ACL, all_tables, UINT_MAX, FALSE) ||
|
||||||
end_active_trans(thd))
|
end_active_trans(thd))
|
||||||
goto error;
|
goto error;
|
||||||
/* Conditionally writes to binlog. */
|
/* Conditionally writes to binlog. */
|
||||||
@ -4778,7 +4784,7 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
|
|||||||
subselects_tables= subselects_tables->next_global;
|
subselects_tables= subselects_tables->next_global;
|
||||||
}
|
}
|
||||||
if (subselects_tables &&
|
if (subselects_tables &&
|
||||||
(check_table_access(thd, SELECT_ACL, subselects_tables, 0)))
|
(check_table_access(thd, SELECT_ACL, subselects_tables, UINT_MAX, FALSE)))
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@ -5011,39 +5017,39 @@ static bool check_show_access(THD *thd, TABLE_LIST *table)
|
|||||||
/*
|
/*
|
||||||
Check the privilege for all used tables.
|
Check the privilege for all used tables.
|
||||||
|
|
||||||
SYNOPSYS
|
@param thd Thread context
|
||||||
check_table_access()
|
@param want_access Privileges requested
|
||||||
thd Thread context
|
@param tables List of tables to be checked
|
||||||
want_access Privileges requested
|
@param number Check at most this number of tables.
|
||||||
tables List of tables to be checked
|
@param no_errors FALSE/TRUE - report/don't report error to
|
||||||
no_errors FALSE/TRUE - report/don't report error to
|
the client (using my_error() call).
|
||||||
the client (using my_error() call).
|
|
||||||
|
|
||||||
NOTES
|
@note
|
||||||
Table privileges are cached in the table list for GRANT checking.
|
Table privileges are cached in the table list for GRANT checking.
|
||||||
This functions assumes that table list used and
|
This functions assumes that table list used and
|
||||||
thd->lex->query_tables_own_last value correspond to each other
|
thd->lex->query_tables_own_last value correspond to each other
|
||||||
(the latter should be either 0 or point to next_global member
|
(the latter should be either 0 or point to next_global member
|
||||||
of one of elements of this table list).
|
of one of elements of this table list).
|
||||||
|
|
||||||
RETURN VALUE
|
@retval FALSE OK
|
||||||
FALSE - OK
|
@retval TRUE Access denied
|
||||||
TRUE - Access denied
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
bool
|
bool
|
||||||
check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
|
check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
|
||||||
bool no_errors)
|
uint number, bool no_errors)
|
||||||
{
|
{
|
||||||
TABLE_LIST *org_tables= tables;
|
TABLE_LIST *org_tables= tables;
|
||||||
TABLE_LIST *first_not_own_table= thd->lex->first_not_own_table();
|
TABLE_LIST *first_not_own_table= thd->lex->first_not_own_table();
|
||||||
|
uint i= 0;
|
||||||
Security_context *sctx= thd->security_ctx, *backup_ctx= thd->security_ctx;
|
Security_context *sctx= thd->security_ctx, *backup_ctx= thd->security_ctx;
|
||||||
/*
|
/*
|
||||||
The check that first_not_own_table is not reached is for the case when
|
The check that first_not_own_table is not reached is for the case when
|
||||||
the given table list refers to the list for prelocking (contains tables
|
the given table list refers to the list for prelocking (contains tables
|
||||||
of other queries). For simple queries first_not_own_table is 0.
|
of other queries). For simple queries first_not_own_table is 0.
|
||||||
*/
|
*/
|
||||||
for (; tables != first_not_own_table; tables= tables->next_global)
|
for (; i < number && tables != first_not_own_table;
|
||||||
|
tables= tables->next_global, i++)
|
||||||
{
|
{
|
||||||
if (tables->security_ctx)
|
if (tables->security_ctx)
|
||||||
sctx= tables->security_ctx;
|
sctx= tables->security_ctx;
|
||||||
@ -5093,7 +5099,7 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
|
|||||||
}
|
}
|
||||||
thd->security_ctx= backup_ctx;
|
thd->security_ctx= backup_ctx;
|
||||||
return check_grant(thd,want_access & ~EXTRA_ACL,org_tables,
|
return check_grant(thd,want_access & ~EXTRA_ACL,org_tables,
|
||||||
test(want_access & EXTRA_ACL), UINT_MAX, no_errors);
|
test(want_access & EXTRA_ACL), number, no_errors);
|
||||||
deny:
|
deny:
|
||||||
thd->security_ctx= backup_ctx;
|
thd->security_ctx= backup_ctx;
|
||||||
return TRUE;
|
return TRUE;
|
||||||
@ -6855,7 +6861,7 @@ bool multi_delete_precheck(THD *thd, TABLE_LIST *tables)
|
|||||||
|
|
||||||
/* sql_yacc guarantees that tables and aux_tables are not zero */
|
/* sql_yacc guarantees that tables and aux_tables are not zero */
|
||||||
DBUG_ASSERT(aux_tables != 0);
|
DBUG_ASSERT(aux_tables != 0);
|
||||||
if (check_table_access(thd, SELECT_ACL, tables, 0))
|
if (check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE))
|
||||||
DBUG_RETURN(TRUE);
|
DBUG_RETURN(TRUE);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -6864,7 +6870,7 @@ bool multi_delete_precheck(THD *thd, TABLE_LIST *tables)
|
|||||||
call check_table_access() safely.
|
call check_table_access() safely.
|
||||||
*/
|
*/
|
||||||
thd->lex->query_tables_own_last= 0;
|
thd->lex->query_tables_own_last= 0;
|
||||||
if (check_table_access(thd, DELETE_ACL, aux_tables, 0))
|
if (check_table_access(thd, DELETE_ACL, aux_tables, UINT_MAX, FALSE))
|
||||||
{
|
{
|
||||||
thd->lex->query_tables_own_last= save_query_tables_own_last;
|
thd->lex->query_tables_own_last= save_query_tables_own_last;
|
||||||
DBUG_RETURN(TRUE);
|
DBUG_RETURN(TRUE);
|
||||||
@ -7108,7 +7114,7 @@ bool create_table_precheck(THD *thd, TABLE_LIST *tables,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (tables && check_table_access(thd, SELECT_ACL, tables,0))
|
if (tables && check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
else if (lex->create_info.options & HA_LEX_CREATE_TABLE_LIKE)
|
else if (lex->create_info.options & HA_LEX_CREATE_TABLE_LIKE)
|
||||||
|
|||||||
@ -1619,7 +1619,7 @@ bool mysql_install_plugin(THD *thd, const LEX_STRING *name, const LEX_STRING *dl
|
|||||||
bzero(&tables, sizeof(tables));
|
bzero(&tables, sizeof(tables));
|
||||||
tables.db= (char *)"mysql";
|
tables.db= (char *)"mysql";
|
||||||
tables.table_name= tables.alias= (char *)"plugin";
|
tables.table_name= tables.alias= (char *)"plugin";
|
||||||
if (check_table_access(thd, INSERT_ACL, &tables, 0))
|
if (check_table_access(thd, INSERT_ACL, &tables, 1, FALSE))
|
||||||
DBUG_RETURN(TRUE);
|
DBUG_RETURN(TRUE);
|
||||||
|
|
||||||
/* need to open before acquiring LOCK_plugin or it will deadlock */
|
/* need to open before acquiring LOCK_plugin or it will deadlock */
|
||||||
|
|||||||
@ -1272,7 +1272,7 @@ static int mysql_test_select(Prepared_statement *stmt,
|
|||||||
ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL;
|
ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL;
|
||||||
if (tables)
|
if (tables)
|
||||||
{
|
{
|
||||||
if (check_table_access(thd, privilege, tables,0))
|
if (check_table_access(thd, privilege, tables, UINT_MAX, FALSE))
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
else if (check_access(thd, privilege, any_db,0,0,0,0))
|
else if (check_access(thd, privilege, any_db,0,0,0,0))
|
||||||
@ -1342,7 +1342,7 @@ static bool mysql_test_do_fields(Prepared_statement *stmt,
|
|||||||
THD *thd= stmt->thd;
|
THD *thd= stmt->thd;
|
||||||
|
|
||||||
DBUG_ENTER("mysql_test_do_fields");
|
DBUG_ENTER("mysql_test_do_fields");
|
||||||
if (tables && check_table_access(thd, SELECT_ACL, tables, 0))
|
if (tables && check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE))
|
||||||
DBUG_RETURN(TRUE);
|
DBUG_RETURN(TRUE);
|
||||||
|
|
||||||
if (open_normal_and_derived_tables(thd, tables, 0))
|
if (open_normal_and_derived_tables(thd, tables, 0))
|
||||||
@ -1374,7 +1374,7 @@ static bool mysql_test_set_fields(Prepared_statement *stmt,
|
|||||||
THD *thd= stmt->thd;
|
THD *thd= stmt->thd;
|
||||||
set_var_base *var;
|
set_var_base *var;
|
||||||
|
|
||||||
if (tables && check_table_access(thd, SELECT_ACL, tables, 0) ||
|
if (tables && check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE) ||
|
||||||
open_normal_and_derived_tables(thd, tables, 0))
|
open_normal_and_derived_tables(thd, tables, 0))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
|||||||
@ -4059,7 +4059,7 @@ int fill_schema_proc(THD *thd, TABLE_LIST *tables, COND *cond)
|
|||||||
proc_tables.table_name= proc_tables.alias= (char*) "proc";
|
proc_tables.table_name= proc_tables.alias= (char*) "proc";
|
||||||
proc_tables.table_name_length= 4;
|
proc_tables.table_name_length= 4;
|
||||||
proc_tables.lock_type= TL_READ;
|
proc_tables.lock_type= TL_READ;
|
||||||
full_access= !check_table_access(thd, SELECT_ACL, &proc_tables, 1);
|
full_access= !check_table_access(thd, SELECT_ACL, &proc_tables, 1, TRUE);
|
||||||
if (!(proc_table= open_proc_table_for_read(thd, &open_tables_state_backup)))
|
if (!(proc_table= open_proc_table_for_read(thd, &open_tables_state_backup)))
|
||||||
{
|
{
|
||||||
DBUG_RETURN(1);
|
DBUG_RETURN(1);
|
||||||
@ -4447,10 +4447,8 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
|
|||||||
Table_triggers_list *triggers= tables->table->triggers;
|
Table_triggers_list *triggers= tables->table->triggers;
|
||||||
int event, timing;
|
int event, timing;
|
||||||
|
|
||||||
#ifndef NO_EMBEDDED_ACCESS_CHECKS
|
if (check_table_access(thd, TRIGGER_ACL, tables, 1, TRUE))
|
||||||
if (check_table_access(thd, TRIGGER_ACL, tables, 1))
|
|
||||||
goto ret;
|
goto ret;
|
||||||
#endif
|
|
||||||
|
|
||||||
for (event= 0; event < (int)TRG_EVENT_MAX; event++)
|
for (event= 0; event < (int)TRG_EVENT_MAX; event++)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -418,7 +418,7 @@ bool mysql_create_or_drop_trigger(THD *thd, TABLE_LIST *tables, bool create)
|
|||||||
TABLE_LIST **save_query_tables_own_last= thd->lex->query_tables_own_last;
|
TABLE_LIST **save_query_tables_own_last= thd->lex->query_tables_own_last;
|
||||||
thd->lex->query_tables_own_last= 0;
|
thd->lex->query_tables_own_last= 0;
|
||||||
|
|
||||||
err_status= check_table_access(thd, TRIGGER_ACL, tables, 0);
|
err_status= check_table_access(thd, TRIGGER_ACL, tables, 1, FALSE);
|
||||||
|
|
||||||
thd->lex->query_tables_own_last= save_query_tables_own_last;
|
thd->lex->query_tables_own_last= save_query_tables_own_last;
|
||||||
|
|
||||||
|
|||||||
@ -1123,8 +1123,8 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
|
|||||||
if (!table->prelocking_placeholder &&
|
if (!table->prelocking_placeholder &&
|
||||||
(old_lex->sql_command == SQLCOM_SELECT && old_lex->describe))
|
(old_lex->sql_command == SQLCOM_SELECT && old_lex->describe))
|
||||||
{
|
{
|
||||||
if (check_table_access(thd, SELECT_ACL, view_tables, 1) &&
|
if (check_table_access(thd, SELECT_ACL, view_tables, UINT_MAX, TRUE) &&
|
||||||
check_table_access(thd, SHOW_VIEW_ACL, table, 1))
|
check_table_access(thd, SHOW_VIEW_ACL, table, UINT_MAX, TRUE))
|
||||||
{
|
{
|
||||||
my_message(ER_VIEW_NO_EXPLAIN, ER(ER_VIEW_NO_EXPLAIN), MYF(0));
|
my_message(ER_VIEW_NO_EXPLAIN, ER(ER_VIEW_NO_EXPLAIN), MYF(0));
|
||||||
goto err;
|
goto err;
|
||||||
@ -1134,7 +1134,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
|
|||||||
(old_lex->sql_command == SQLCOM_SHOW_CREATE) &&
|
(old_lex->sql_command == SQLCOM_SHOW_CREATE) &&
|
||||||
!table->belong_to_view)
|
!table->belong_to_view)
|
||||||
{
|
{
|
||||||
if (check_table_access(thd, SHOW_VIEW_ACL, table, 0))
|
if (check_table_access(thd, SHOW_VIEW_ACL, table, UINT_MAX, FALSE))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user