diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2020-07-29 12:17:31 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2020-07-29 14:56:24 +0200 |
| commit | e54a7ac1b38f77b64a0aafeb165082a9788d56f8 (patch) | |
| tree | 1bb752e4f4e56b6d0daffe62666f4be04e80cf43 | |
| parent | 2ba70f69fd6cb3508de2744191c200c11d2fcd5f (diff) | |
| download | mariadb-git-e54a7ac1b38f77b64a0aafeb165082a9788d56f8.tar.gz | |
MDEV-23010 UPDATE privilege at Database and Table level fail to update with SELECT command denied to user
check both column- and table-level grants when looking for SELECT
privilege on UPDATE statement.
| -rw-r--r-- | mysql-test/r/grant5.result | 10 | ||||
| -rw-r--r-- | mysql-test/t/grant5.test | 22 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 10 |
3 files changed, 39 insertions, 3 deletions
diff --git a/mysql-test/r/grant5.result b/mysql-test/r/grant5.result index 8c32d90a640..01ec063c1d9 100644 --- a/mysql-test/r/grant5.result +++ b/mysql-test/r/grant5.result @@ -23,3 +23,13 @@ ERROR HY000: Table 'user' was not locked with LOCK TABLES REVOKE PROCESS ON *.* FROM u; ERROR HY000: Table 'user' was not locked with LOCK TABLES DROP TABLE t1; +create database mysqltest1; +use mysqltest1; +create table t1(id int); +insert t1 values(2); +create user u1@localhost; +grant select on mysqltest1.t1 to u1@localhost; +grant update on mysqltest1.* to u1@localhost; +update mysqltest1.t1 set id=1 where id=2; +drop user u1@localhost; +drop database mysqltest1; diff --git a/mysql-test/t/grant5.test b/mysql-test/t/grant5.test index 649bba7d1ca..74a69952124 100644 --- a/mysql-test/t/grant5.test +++ b/mysql-test/t/grant5.test @@ -20,6 +20,7 @@ show grants for foo; # role --error ER_DBACCESS_DENIED_ERROR show grants for foo@'%'; # user --connection default +--disconnect conn_1 drop user test, foo; drop role foo; @@ -33,3 +34,24 @@ REVOKE EXECUTE ON PROCEDURE sp FROM u; --error ER_TABLE_NOT_LOCKED REVOKE PROCESS ON *.* FROM u; DROP TABLE t1; + +# +# MDEV-23010 UPDATE privilege at Database and Table level fail to update with SELECT command denied to user +# +create database mysqltest1; +use mysqltest1; +create table t1(id int); +insert t1 values(2); +create user u1@localhost; +grant select on mysqltest1.t1 to u1@localhost; +grant update on mysqltest1.* to u1@localhost; +connect u1, localhost, u1; +update mysqltest1.t1 set id=1 where id=2; +connection default; +disconnect u1; +drop user u1@localhost; +drop database mysqltest1; + +# +# End of 10.1 tests +# diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index b2703dba76f..7925ec58852 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -7135,9 +7135,13 @@ static void check_grant_column_int(GRANT_TABLE *grant_table, const char *name, { if (grant_table) { - GRANT_COLUMN *grant_column= column_hash_search(grant_table, name, length); - if (grant_column) - *want_access&= ~grant_column->rights; + *want_access&= ~grant_table->privs; + if (*want_access & grant_table->cols) + { + GRANT_COLUMN *grant_column= column_hash_search(grant_table, name, length); + if (grant_column) + *want_access&= ~grant_column->rights; + } } } |