mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-21560 Assertion `grant_table || grant_table_role' failed in check_grant_all_columns

Browse source 
With RETURNING it can happen that the user has some privileges on
the table (namely, DELETE), but later needs different privileges
on individual columns (namely, SELECT).

Do the same as in check_grant_column() - ER_COLUMNACCESS_DENIED_ERROR,
not an assert.
This commit is contained in:
Sergei Golubchik 2020-06-13 12:49:22 +02:00
parent 805340936a
commit b58586aae9
3 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
mysql-test/main/grant5.result
View file

@ -225,4 +225,21 @@ drop user twg@'%';
insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('localhost','','otto','t1','root@localhost','select');
flush privileges;
delete from mysql.tables_priv where db='';
create database db;
create table db.t1 (a int);
insert into db.t1 values (1);
create user foo;
grant delete on db.* to foo;
connect con1,localhost,foo,,;
show create table db.t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
delete from db.t1 returning *;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'a' in table 't1'
disconnect con1;
connection default;
drop database db;
drop user foo;
# End of 10.4 tests

17
mysql-test/main/grant5.test
View file

@ -182,4 +182,21 @@ insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('l
flush privileges;
delete from mysql.tables_priv where db='';
#
# MDEV-21560 Assertion `grant_table || grant_table_role' failed in check_grant_all_columns
#
create database db;
create table db.t1 (a int);
insert into db.t1 values (1);
create user foo;
grant delete on db.* to foo;
--connect (con1,localhost,foo,,)
show create table db.t1;
--error ER_COLUMNACCESS_DENIED_ERROR
delete from db.t1 returning *;
--disconnect con1
--connection default
drop database db;
drop user foo;
--echo # End of 10.4 tests

3
sql/sql_acl.cc
View file

@ -8335,7 +8335,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg,
grant_table= grant->grant_table_user;
grant_table_role= grant->grant_table_role;
DBUG_ASSERT (grant_table || grant_table_role);
if (!grant_table && !grant_table_role)
goto err;
}
}