Am 14.11.2017 um 01:06 schrieb IgorBabaev:

revision-id: 730a22c1ce1010e853e7a3e807d1d07409ec4dfc (mariadb-10.2.10-28-g730a22c) parent(s): 1e2d4f677e08294691a7d218acb3b9f78727ae18 author: Igor Babaev committer: Igor Babaev timestamp: 2017-11-13 16:06:04 -0800 message:

Fixed bug mdev-13453 Executing a query via CTE requires more permissions than the query itself

ACL checks were not properly supported for tables used in CTE specifications. This patch fixes the problem.

--- mysql-test/r/cte_nonrecursive.result | 58 ++++++++++++++++++++++++++++++++++++ mysql-test/t/cte_nonrecursive.test | 51 +++++++++++++++++++++++++++++++ sql/sql_acl.cc | 4 +++ sql/sql_cte.cc | 3 +- sql/sql_parse.cc | 4 +++ 5 files changed, 119 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/cte_nonrecursive.result b/mysql-test/r/cte_nonrecursive.result index ebe1aae..92f9151 100644 --- a/mysql-test/r/cte_nonrecursive.result +++ b/mysql-test/r/cte_nonrecursive.result @@ -1147,3 +1147,61 @@ SELECT * FROM cte_test; a 1 DROP VIEW cte_test; +# +# MDEV-13453: +# [skip] --- a/mysql-test/t/cte_nonrecursive.test +++ b/mysql-test/t/cte_nonrecursive.test @@ -790,3 +790,54 @@ SHOW CREATE VIEW cte_test; SELECT * FROM cte_test;

DROP VIEW cte_test; + +--echo # +--echo # MDEV-13453: privileges checking for CTE +--echo # + This is for sure do not match results above, so please fix it and make sure that full test suite passed.

[skip]

--- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -7557,6 +7557,10 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, tl->correspondent_table ? tl->correspondent_table : tl; sctx= t_ref->security_ctx ? t_ref->security_ctx : thd->security_ctx;

+ if (tl->with || + (tl->with= tl->select_lex->find_table_def_in_with_clauses(tl))) + continue; + const ACL_internal_table_access *access= get_cached_table_access(&t_ref->grant.m_internal, t_ref->get_db_name(), diff --git a/sql/sql_cte.cc b/sql/sql_cte.cc index 6fe08e3..e1bd455 100644 --- a/sql/sql_cte.cc +++ b/sql/sql_cte.cc @@ -823,9 +823,10 @@ st_select_lex_unit *With_element::clone_parsed_spec(THD *thd, tbl; tbl= tbl->next_global) { - tbl->grant.privilege= with_table->grant.privilege; spec_tables_tail= tbl; } + if (check_table_access(thd, SELECT_ACL, spec_tables, FALSE, UINT_MAX, FALSE)) + goto err; if (spec_tables) { if (with_table->next_global) diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index bf5144b..39a4da9 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3443,6 +3443,10 @@ mysql_execute_command(THD *thd) ulong privileges_requested= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL;

+ res= check_dependencies_in_with_clauses(thd->lex->with_clauses_list); + if (res) + break;

Above works only for SELECT, do we support CTE in subselects which can be put everywhere?

+ if (all_tables) res= check_table_access(thd, privileges_requested, _______________________________________________ commits mailing list commits@mariadb.org https://lists.askmonty.org/cgi-bin/mailman/listinfo/commits