Hi Sergei!

Please review the deny refactoring commit in https://github.com/MariaDB/server/pull/2704. It introduces the exact lex_cstring change you suggested below here.

Vicențiu


On 5 September 2023 22:43:22 EEST, Sergei Golubchik via developers <developers@lists.mariadb.org> wrote:
Hi, Oleksandr,

On Sep 04, Oleksandr Byelkin wrote:
revision-id: 44e692d0dbc (mariadb-11.0.1-228-g44e692d0dbc)
parent(s): 9cb75f333fa
author: Oleksandr Byelkin
committer: Oleksandr Byelkin
timestamp: 2023-09-04 14:12:29 +0200
message:

MDEV-29167 new db-level SHOW CREATE ROUTINE privilege

-- Create general_log if CSV is enabled.
diff --git a/scripts/mariadb_system_tables_fix.sql b/scripts/mariadb_system_tables_fix.sql
--- a/scripts/mariadb_system_tables_fix.sql
+++ b/scripts/mariadb_system_tables_fix.sql
@@ -706,6 +706,9 @@ ALTER TABLE db modify Delete_history_priv enum('N','Y') COLLATE utf8mb3_general_

UPDATE user SET Delete_history_priv = Super_priv WHERE @had_user_delete_history_priv = 0;

+ALTER TABLE db ADD Show_create_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N' AFTER Delete_history_priv;
+ALTER TABLE db modify Show_create_routine_priv enum('N','Y') COLLATE utf8mb3_general_ci NOT NULL DEFAULT 'N';

Why two statements?

+
ALTER TABLE user ADD plugin char(64) CHARACTER SET latin1 DEFAULT '' NOT NULL AFTER max_user_connections,
ADD authentication_string TEXT NOT NULL AFTER plugin;
ALTER TABLE user CHANGE auth_string authentication_string TEXT NOT NULL;
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -9003,7 +9008,7 @@ bool check_routine_level_acl(THD *thd, const char *db, const char *name,
NULL, db,
sctx->priv_role,
name, sph, 0)))
- no_routine_acl= !(grant_proc->privs & SHOW_PROC_ACLS);
+ no_routine_acl= !(grant_proc->privs & SHOW_PROC_NO_DEF_ACLS);

Oh, now I get it. All the time up until this line I thought that
SHOW_PROC_NO_DEF_ACLS means "privileges that *not a definer* of the
routine needs to have"

And now I see that it means to "show procedure without definition".

Please, rename to something, like, SHOW_PROC_EXISTANCE or
SHOW_PROC_NO_BODY or even SHOW_PROC_WITHOUT_DEFINITION. But
SHOW_PROC_NO_DEF is rather misleading.

}
mysql_rwlock_unlock(&LOCK_grant);
return no_routine_acl;
@@ -9237,7 +9242,7 @@ static const char *command_array[]=
"CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE", "DELETE HISTORY",
"SET USER", "FEDERATED ADMIN", "CONNECTION ADMIN", "READ_ONLY ADMIN",
"REPLICATION SLAVE ADMIN", "REPLICATION MASTER ADMIN", "BINLOG ADMIN",
- "BINLOG REPLAY", "SLAVE MONITOR"
+ "BINLOG REPLAY", "SLAVE MONITOR", "SHOW CREATE ROUTINE"
};

static uint command_lengths[]=
@@ -9250,7 +9255,7 @@ static uint command_lengths[]=
11, 5, 7, 17, 14,
8, 15, 16, 15,
23, 24, 12,
- 13, 13
+ 13, 13, 19

May be you'll change these two arrays into one of LEX_CSTRING's ?
in a separate commit, of course.

};

diff --git a/sql/sql_show.cc b/sql/sql_show.cc
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -6676,7 +6677,8 @@ int store_schema_params(THD *thd, TABLE *table, TABLE *proc_table,
DBUG_RETURN(0);

if (!full_access)
- full_access= !strcmp(sp_user, definer.str);
+ full_access= !check_db_routine_access(thd, SHOW_CREATE_ROUTINE_ACL,
+ db.str, name.str, sph, TRUE);

Wait, I thought we agreed that to see a routine body one has to
be either the definer or granted SHOW CREATE ROUTINE.

As far as I can see check_db_routine_access doesn't check for the
user being the definer.

if (!full_access &&
check_some_routine_access(thd, db.str, name.str, sph))
DBUG_RETURN(0);

Regards,
Sergei
VP of MariaDB Server Engineering
and security@mariadb.org
developers mailing list -- developers@lists.mariadb.org
To unsubscribe send an email to developers-leave@lists.mariadb.org