mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 12:02:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-9610 Trigger on normal table can't insert into CONNECT engine table - Access Denied

Browse source 
in case of prelocking, don't check table->grant.privilege
in handler::external_lock(), do it in
handler::start_stmt().
This commit is contained in:
Sergei Golubchik 2016-04-26 17:00:47 +02:00
parent b7ad1ba5d1
commit 4995bcffad
4 changed files with 27 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
storage/connect/ha_connect.cc
View file

@ -4054,7 +4054,7 @@ int ha_connect::delete_all_rows()
} // end of delete_all_rows
bool ha_connect::check_privileges(THD *thd, PTOS options, char *dbn)
bool ha_connect::check_privileges(THD *thd, PTOS options, char *dbn, bool quick)
{
const char *db= (dbn && *dbn) ? dbn : NULL;
TABTYPE type=GetRealType(options);
@ -4081,6 +4081,7 @@ bool ha_connect::check_privileges(THD *thd, PTOS options, char *dbn)
case TAB_VEC:
case TAB_JSON:
if (options->filename && *options->filename) {
if (!quick) {
char *s, path[FN_REFLEN], dbpath[FN_REFLEN];
#if defined(__WIN__)
s= "\\";
@ -4099,7 +4100,7 @@ bool ha_connect::check_privileges(THD *thd, PTOS options, char *dbn)
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
return true;
} // endif path
}
} else
return false;
@ -4121,10 +4122,13 @@ bool ha_connect::check_privileges(THD *thd, PTOS options, char *dbn)
Otherwise it's a DML, the table was normally opened, locked,
privilege were already checked, and table->grant.privilege is set.
With SQL SECURITY DEFINER, table->grant.privilege has definer's privileges.
Unless we're in prelocking mode, in this case table->grant.privilege
is only checked in start_stmt(), not in external_lock().
*/
if (!table || !table->mdl_ticket || table->mdl_ticket->get_type() == MDL_EXCLUSIVE)
return check_access(thd, FILE_ACL, db, NULL, NULL, 0, 0);
if (table->grant.privilege & FILE_ACL)
if ((!quick && thd->lex->requires_prelocking()) || table->grant.privilege & FILE_ACL)
return false;
status_var_increment(thd->status_var.access_denied_errors);
my_error(access_denied_error_code(thd->password), MYF(0),
@ -4308,6 +4312,9 @@ int ha_connect::start_stmt(THD *thd, thr_lock_type lock_type)
PGLOBAL g= GetPlug(thd, xp);
DBUG_ENTER("ha_connect::start_stmt");
if (check_privileges(thd, GetTableOptionStruct(), table->s->db.str, true))
DBUG_RETURN(HA_ERR_INTERNAL_ERROR);
// Action will depend on lock_type
switch (lock_type) {
case TL_WRITE_ALLOW_WRITE:

2
storage/connect/ha_connect.h
View file

@ -536,7 +536,7 @@ private:
DsMrr_impl ds_mrr;
protected:
bool check_privileges(THD *thd, PTOS options, char *dbn);
bool check_privileges(THD *thd, PTOS options, char *dbn, bool quick=false);
MODE CheckMode(PGLOBAL g, THD *thd, MODE newmode, bool *chk, bool *cras);
char *GetDBfromName(const char *name);

5
storage/connect/mysql-test/connect/r/grant3.result Normal file
View file

@ -0,0 +1,5 @@
create table tcon (i int) engine=Connect table_type=DOS file_name='tcon.dos';
create table tin (i int);
create trigger tr after insert on tin for each row insert into tcon values (new.i);
insert into tin values (1);
drop table tin,tcon;

11
storage/connect/mysql-test/connect/t/grant3.test Normal file
View file

@ -0,0 +1,11 @@
#
# MDEV-9610 Trigger on normal table can't insert into CONNECT engine table - Access Denied
#
create table tcon (i int) engine=Connect table_type=DOS file_name='tcon.dos';
create table tin (i int);
create trigger tr after insert on tin for each row insert into tcon values (new.i);
insert into tin values (1);
drop table tin,tcon;
let datadir=`select @@datadir`;
remove_file $datadir/test/tcon.dos;