mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-29 02:05:57 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix for the prepared statement access checks

Browse source
This commit is contained in:
venu@myvenu.com 2003-02-24 17:22:02 -08:00
parent 245a6f8404
commit 0ed4b9c0ba
1 changed files with 26 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
sql/sql_prepare.cc
View file

@ -454,8 +454,17 @@ static bool mysql_test_insert_fields(PREP_STMT *stmt,
List_item *values; List_item *values;
DBUG_ENTER("mysql_test_insert_fields"); DBUG_ENTER("mysql_test_insert_fields");
if (!(table= open_ltable(thd,table_list,table_list->lock_type))) my_bool update=(thd->lex.value_list.elements ? UPDATE_ACL : 0);
DBUG_RETURN(1); ulong privilege= (thd->lex.duplicates == DUP_REPLACE ?
INSERT_ACL | DELETE_ACL : INSERT_ACL | update);
if (check_access(thd,privilege,table_list->db,
&table_list->grant.privilege) ||
(grant_option && check_grant(thd,privilege,table_list)) ||
open_and_lock_tables(thd, table_list))
DBUG_RETURN(1);
table= table_list->table;
if ((values= its++)) if ((values= its++))
{ {
@ -502,7 +511,10 @@ static bool mysql_test_upd_fields(PREP_STMT *stmt, TABLE_LIST *table_list,
THD *thd= stmt->thd; THD *thd= stmt->thd;
DBUG_ENTER("mysql_test_upd_fields"); DBUG_ENTER("mysql_test_upd_fields");
if (open_and_lock_tables(thd, table_list)) if (check_access(thd,UPDATE_ACL,table_list->db,
&table_list->grant.privilege) ||
(grant_option && check_grant(thd,UPDATE_ACL,table_list)) ||
open_and_lock_tables(thd, table_list))
DBUG_RETURN(1); DBUG_RETURN(1);
if (setup_tables(table_list) || if (setup_tables(table_list) ||
@ -545,6 +557,15 @@ static bool mysql_test_select_fields(PREP_STMT *stmt, TABLE_LIST *tables,
select_result *result= thd->lex.result; select_result *result= thd->lex.result;
DBUG_ENTER("mysql_test_select_fields"); DBUG_ENTER("mysql_test_select_fields");
ulong privilege= lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL;
if (tables)
{
if (check_table_access(thd, privilege, tables))
DBUG_RETURN(1);
}
else if (check_access(thd, privilege, "*any*"))
DBUG_RETURN(1);
if ((&lex->select_lex != lex->all_selects_list && if ((&lex->select_lex != lex->all_selects_list &&
lex->unit.create_total_list(thd, lex, &tables, 0))) lex->unit.create_total_list(thd, lex, &tables, 0)))
DBUG_RETURN(1); DBUG_RETURN(1);
@ -716,8 +737,8 @@ static void init_stmt_execute(PREP_STMT *stmt)
TODO: When the new table structure is ready, then have a status bit TODO: When the new table structure is ready, then have a status bit
to indicate the table is altered, and re-do the setup_* to indicate the table is altered, and re-do the setup_*
and open the tables back. and open the tables back.
*/ */
if (tables) for (; tables ; tables= tables->next)
tables->table= 0; //safety - nasty init tables->table= 0; //safety - nasty init
} }