Merge from mysql-5.0-security to mysql-5.1-security
Text conflict in sql/sp_head.cc
This commit is contained in:
commit
7f2ddaa9fe
@ -567,3 +567,33 @@ DROP USER 'tester';
|
||||
DROP USER 'Tester';
|
||||
DROP DATABASE B48872;
|
||||
End of 5.0 tests.
|
||||
#
|
||||
# Bug#11882603 SELECT_ACL ON ANY COLUMN IN MYSQL.PROC ALLOWS TO SEE
|
||||
# DEFINITION OF ANY ROUTINE.
|
||||
#
|
||||
DROP DATABASE IF EXISTS db1;
|
||||
CREATE DATABASE db1;
|
||||
CREATE PROCEDURE db1.p1() SELECT 1;
|
||||
CREATE USER user2@localhost IDENTIFIED BY '';
|
||||
GRANT SELECT(db) ON mysql.proc TO user2@localhost;
|
||||
# Connection con2 as user2
|
||||
# The below statements before disclosed info from body_utf8 column.
|
||||
SHOW CREATE PROCEDURE db1.p1;
|
||||
ERROR 42000: PROCEDURE p1 does not exist
|
||||
SHOW PROCEDURE CODE db1.p1;
|
||||
ERROR 42000: PROCEDURE p1 does not exist
|
||||
# Check that SHOW works with SELECT grant on whole table
|
||||
# Connection default
|
||||
GRANT SELECT ON mysql.proc TO user2@localhost;
|
||||
# Connection con2
|
||||
# This should work
|
||||
SHOW CREATE PROCEDURE db1.p1;
|
||||
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
|
||||
p1 CREATE DEFINER=`root`@`localhost` PROCEDURE `p1`()
|
||||
SELECT 1 latin1 latin1_swedish_ci latin1_swedish_ci
|
||||
SHOW PROCEDURE CODE db1.p1;
|
||||
Pos Instruction
|
||||
0 stmt 0 "SELECT 1"
|
||||
# Connection default
|
||||
DROP USER user2@localhost;
|
||||
DROP DATABASE db1;
|
||||
|
@ -926,6 +926,46 @@ DROP DATABASE B48872;
|
||||
|
||||
--echo End of 5.0 tests.
|
||||
|
||||
--echo #
|
||||
--echo # Bug#11882603 SELECT_ACL ON ANY COLUMN IN MYSQL.PROC ALLOWS TO SEE
|
||||
--echo # DEFINITION OF ANY ROUTINE.
|
||||
--echo #
|
||||
|
||||
--disable_warnings
|
||||
DROP DATABASE IF EXISTS db1;
|
||||
--enable_warnings
|
||||
|
||||
CREATE DATABASE db1;
|
||||
CREATE PROCEDURE db1.p1() SELECT 1;
|
||||
CREATE USER user2@localhost IDENTIFIED BY '';
|
||||
GRANT SELECT(db) ON mysql.proc TO user2@localhost;
|
||||
|
||||
--echo # Connection con2 as user2
|
||||
connect (con2, localhost, user2);
|
||||
--echo # The below statements before disclosed info from body_utf8 column.
|
||||
--error ER_SP_DOES_NOT_EXIST
|
||||
SHOW CREATE PROCEDURE db1.p1;
|
||||
--error ER_SP_DOES_NOT_EXIST
|
||||
SHOW PROCEDURE CODE db1.p1;
|
||||
|
||||
--echo # Check that SHOW works with SELECT grant on whole table
|
||||
--echo # Connection default
|
||||
connection default;
|
||||
GRANT SELECT ON mysql.proc TO user2@localhost;
|
||||
|
||||
--echo # Connection con2
|
||||
connection con2;
|
||||
--echo # This should work
|
||||
SHOW CREATE PROCEDURE db1.p1;
|
||||
SHOW PROCEDURE CODE db1.p1;
|
||||
|
||||
--echo # Connection default
|
||||
connection default;
|
||||
disconnect con2;
|
||||
DROP USER user2@localhost;
|
||||
DROP DATABASE db1;
|
||||
|
||||
|
||||
# Wait till all disconnects are completed
|
||||
--source include/wait_until_count_sessions.inc
|
||||
|
||||
|
@ -2386,7 +2386,8 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access)
|
||||
bzero((char*) &tables,sizeof(tables));
|
||||
tables.db= (char*) "mysql";
|
||||
tables.table_name= tables.alias= (char*) "proc";
|
||||
*full_access= (!check_table_access(thd, SELECT_ACL, &tables, 1, TRUE) ||
|
||||
*full_access= ((!check_table_access(thd, SELECT_ACL, &tables, 1, TRUE) &&
|
||||
(tables.grant.privilege & SELECT_ACL) != 0) ||
|
||||
(!strcmp(sp->m_definer_user.str,
|
||||
thd->security_ctx->priv_user) &&
|
||||
!strcmp(sp->m_definer_host.str,
|
||||
|
Loading…
x
Reference in New Issue
Block a user