mirror of
				https://github.com/MariaDB/server.git
				synced 2025-10-26 01:18:31 +02:00 
			
		
		
		
	 145932a57b
			
		
	
	
	145932a57b
	
	
	
		
			
			There was a bug in the ACL internal data structures GRANT_TABLE and GRANT_COLUMN. The semantics are: GRANT_TABLE::init_cols and GRANT_COLUMN::init_privs represent the bits that correspond to the privilege bits stored in the physical tables. The other struct members GRANT_TABLE::cols and GRANT_COLUMN::privs represent the actual access bits, as they may be modified through role grants. The error in logic was mixing the two fields and thus we ended up storing the logical access bits in the physical tables, instead of the physical (init_xxx) bits. This caused subsequent DBUG_ASSERT failures when dropping the involved roles.
		
			
				
	
	
		
			40 lines
		
	
	
	
		
			1 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			40 lines
		
	
	
	
		
			1 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| --source include/not_embedded.inc
 | |
| 
 | |
| create user foo;
 | |
| create database some_db;
 | |
| create table some_db.t1 (a int, b int, secret int);
 | |
| 
 | |
| create role r_select_column;
 | |
| create role r_active_column;
 | |
| grant r_select_column to r_active_column;
 | |
| grant r_active_column to foo;
 | |
| 
 | |
| grant select(a) on some_db.t1 to r_select_column;
 | |
| select * from mysql.tables_priv order by user;
 | |
| grant insert(a) on some_db.t1 to r_active_column;
 | |
| select * from mysql.tables_priv order by user;
 | |
| 
 | |
| --connect (con1, localhost, foo,,)
 | |
| --error ER_TABLEACCESS_DENIED_ERROR
 | |
| insert into some_db.t1(a) values (1);
 | |
| set role r_active_column;
 | |
| insert into some_db.t1(a) values (1);
 | |
| disconnect con1;
 | |
| 
 | |
| connection default;
 | |
| revoke insert(a) on some_db.t1 from r_active_column;
 | |
| 
 | |
| --connect (con1, localhost, foo,,)
 | |
| --error ER_TABLEACCESS_DENIED_ERROR
 | |
| insert into some_db.t1(a) values (1);
 | |
| set role r_active_column;
 | |
| --error ER_TABLEACCESS_DENIED_ERROR
 | |
| insert into some_db.t1(a) values (1);
 | |
| disconnect con1;
 | |
| 
 | |
| connection default;
 | |
| 
 | |
| drop role r_select_column;
 | |
| drop role r_active_column;
 | |
| drop user foo;
 | |
| drop database some_db;
 |