From 56719ad7f42f9eb1a84a6ad5c03203bd2a5d263b Mon Sep 17 00:00:00 2001 From: "tsmith@ramayana.hindu.god" <> Date: Fri, 22 Feb 2008 16:56:34 -0700 Subject: [PATCH] Bug #34053: normal users can enable innodb_monitor logging The check_global_access() function was made available to InnoDB, but was not defined in the embedded server library. InnoDB, as a plugin, is not recompiled when the embedded server is built. This caused a link failure when compiling applications which use the embedded server. The fix here is to always define check_global_access() externally; in the embedded server case, it is defined to just return OK. Also, don't run the test case for this bug in embedded server. --- mysql-test/t/innodb_bug34053.test | 1 + sql/mysql_priv.h | 5 --- sql/sql_parse.cc | 62 ++++++++++++++++--------------- 3 files changed, 34 insertions(+), 34 deletions(-) diff --git a/mysql-test/t/innodb_bug34053.test b/mysql-test/t/innodb_bug34053.test index 5fbe09070b8..b935e45c06d 100644 --- a/mysql-test/t/innodb_bug34053.test +++ b/mysql-test/t/innodb_bug34053.test @@ -2,6 +2,7 @@ # Make sure http://bugs.mysql.com/34053 remains fixed. # +-- source include/not_embedded.inc -- source include/have_innodb.inc SET storage_engine=InnoDB; diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index 5ed670c32ed..2c43959815e 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -1051,12 +1051,7 @@ inline bool check_table_access(THD *thd, ulong want_access, TABLE_LIST *tables, #endif /* MYSQL_SERVER */ #if defined MYSQL_SERVER || defined INNODB_COMPATIBILITY_HOOKS -#ifndef NO_EMBEDDED_ACCESS_CHECKS bool check_global_access(THD *thd, ulong want_access); -#else -inline bool check_global_access(THD *thd, ulong want_access) -{ return false; } -#endif /*NO_EMBEDDED_ACCESS_CHECKS*/ #endif /* MYSQL_SERVER || INNODB_COMPATIBILITY_HOOKS */ #ifdef MYSQL_SERVER diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 55ae30d37ad..4dd600835ce 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -4989,35 +4989,6 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, } -/** - check for global access and give descriptive error message if it fails. - - @param thd Thread handler - @param want_access Use should have any of these global rights - - @warning - One gets access right if one has ANY of the rights in want_access. - This is useful as one in most cases only need one global right, - but in some case we want to check if the user has SUPER or - REPL_CLIENT_ACL rights. - - @retval - 0 ok - @retval - 1 Access denied. In this case an error is sent to the client -*/ - -bool check_global_access(THD *thd, ulong want_access) -{ - char command[128]; - if ((thd->security_ctx->master_access & want_access)) - return 0; - get_privilege_desc(command, sizeof(command), want_access); - my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), command); - return 1; -} - - static bool check_show_access(THD *thd, TABLE_LIST *table) { switch (get_schema_table_idx(table->schema_table)) { @@ -5260,6 +5231,39 @@ bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table) #endif /*NO_EMBEDDED_ACCESS_CHECKS*/ + +/** + check for global access and give descriptive error message if it fails. + + @param thd Thread handler + @param want_access Use should have any of these global rights + + @warning + One gets access right if one has ANY of the rights in want_access. + This is useful as one in most cases only need one global right, + but in some case we want to check if the user has SUPER or + REPL_CLIENT_ACL rights. + + @retval + 0 ok + @retval + 1 Access denied. In this case an error is sent to the client +*/ + +bool check_global_access(THD *thd, ulong want_access) +{ +#ifndef NO_EMBEDDED_ACCESS_CHECKS + char command[128]; + if ((thd->security_ctx->master_access & want_access)) + return 0; + get_privilege_desc(command, sizeof(command), want_access); + my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), command); + return 1; +#else + return 0; +#endif +} + /**************************************************************************** Check stack size; Send error if there isn't enough stack to continue ****************************************************************************/