From 1bd81f6b817cc9b8e0b61d126b7ad159117e1b29 Mon Sep 17 00:00:00 2001
From: Alexander Nozdrin <alexander.nozdrin@oracle.com>
Date: Wed, 15 Dec 2010 19:00:01 +0300
Subject: Patch for Bug#57952 (privilege change is not taken into account by
 EXECUTE).

The user-visible problem was that changes to column-level privileges,
happened in between of PREPARE and EXECUTE of a prepared statement, were
neglected. I.e. a prepared statement could be executed with the
column-level privileges as of PREPARE-time. The problem existed for
column-level privileges only.

A similar problem existed for stored programs: the changes between
executions didn't have an effect.

Technically the thing is that table references are cached in
Prepared_statement::prepare() call. In subsequent
Prepared_statement::execute() calls those cached values are used.
There are two functions to get a field by name: find_field_in_table() and
find_field_in_table_ref(). On prepare-phase find_field_in_table_ref() is
called, on execute-phase -- find_field_in_table() because the table is
cached. find_field_in_table() does not check column-level privileges and
expects the caller to do that. The problem was that this check was
forgotten.

The fix is to check them there as it happens in find_field_in_table_ref().
---
 mysql-test/r/grant.result |  74 +++++++++++++++++++++++++++++++++
 mysql-test/t/grant.test   | 101 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 175 insertions(+)

(limited to 'mysql-test')

diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result
index 7a5b0520f7c..e7ae6612746 100644
--- a/mysql-test/r/grant.result
+++ b/mysql-test/r/grant.result
@@ -1156,4 +1156,78 @@ CURRENT_USER()
 root@localhost
 SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
 SET PASSWORD FOR CURRENT_USER() = PASSWORD("");
+
+# Bug#57952
+
+DROP DATABASE IF EXISTS mysqltest1;
+DROP DATABASE IF EXISTS mysqltest2;
+CREATE DATABASE mysqltest1;
+CREATE DATABASE mysqltest2;
+use mysqltest1;
+CREATE TABLE t1(a INT, b INT);
+INSERT INTO t1 VALUES (1, 1);
+CREATE TABLE t2(a INT);
+INSERT INTO t2 VALUES (2);
+CREATE TABLE mysqltest2.t3(a INT);
+INSERT INTO mysqltest2.t3 VALUES (4);
+CREATE USER testuser@localhost;
+GRANT CREATE ROUTINE, EXECUTE ON mysqltest1.* TO testuser@localhost;
+GRANT SELECT(b) ON t1 TO testuser@localhost;
+GRANT SELECT    ON t2 TO testuser@localhost;
+GRANT SELECT    ON mysqltest2.* TO testuser@localhost;
+
+# Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
+PREPARE s1 FROM 'SELECT b FROM t1';
+PREPARE s2 FROM 'SELECT a FROM t2';
+PREPARE s3 FROM 'SHOW TABLES FROM mysqltest2';
+CREATE PROCEDURE p1() SELECT b FROM t1;
+CREATE PROCEDURE p2() SELECT a FROM t2;
+CREATE PROCEDURE p3() SHOW TABLES FROM mysqltest2;
+CALL p1;
+b
+1
+CALL p2;
+a
+2
+CALL p3;
+Tables_in_mysqltest2
+t3
+
+# Connection: default
+REVOKE SELECT ON t1 FROM testuser@localhost;
+GRANT SELECT(a) ON t1 TO testuser@localhost;
+REVOKE SELECT ON t2 FROM testuser@localhost;
+REVOKE SELECT ON mysqltest2.* FROM testuser@localhost;
+
+# Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
+#   - Check column-level privileges...
+EXECUTE s1;
+ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
+SELECT b FROM t1;
+ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
+EXECUTE s1;
+ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
+CALL p1;
+ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
+#   - Check table-level privileges...
+SELECT a FROM t2;
+ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
+EXECUTE s2;
+ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
+CALL p2;
+ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
+#   - Check database-level privileges...
+SHOW TABLES FROM mysqltest2;
+ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
+EXECUTE s3;
+ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
+CALL p3;
+ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
+
+# Connection: default
+DROP DATABASE mysqltest1;
+DROP DATABASE mysqltest2;
+DROP USER testuser@localhost;
+use test;
+
 End of 5.0 tests
diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test
index 1b2b8465c83..21e3bbf5842 100644
--- a/mysql-test/t/grant.test
+++ b/mysql-test/t/grant.test
@@ -1166,6 +1166,107 @@ SELECT CURRENT_USER();
 SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
 SET PASSWORD FOR CURRENT_USER() = PASSWORD("");
 
+#
+# Bug#57952: privilege change is not taken into account by EXECUTE.
+#
+
+--echo
+--echo # Bug#57952
+--echo
+
+--disable_warnings
+DROP DATABASE IF EXISTS mysqltest1;
+DROP DATABASE IF EXISTS mysqltest2;
+--enable_warnings
+
+CREATE DATABASE mysqltest1;
+CREATE DATABASE mysqltest2;
+
+use mysqltest1;
+CREATE TABLE t1(a INT, b INT);
+INSERT INTO t1 VALUES (1, 1);
+
+CREATE TABLE t2(a INT);
+INSERT INTO t2 VALUES (2);
+
+CREATE TABLE mysqltest2.t3(a INT);
+INSERT INTO mysqltest2.t3 VALUES (4);
+
+CREATE USER testuser@localhost;
+GRANT CREATE ROUTINE, EXECUTE ON mysqltest1.* TO testuser@localhost;
+GRANT SELECT(b) ON t1 TO testuser@localhost;
+GRANT SELECT    ON t2 TO testuser@localhost;
+GRANT SELECT    ON mysqltest2.* TO testuser@localhost;
+
+--echo
+--echo # Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
+--connect (bug57952_con1,localhost,testuser,,mysqltest1)
+PREPARE s1 FROM 'SELECT b FROM t1';
+PREPARE s2 FROM 'SELECT a FROM t2';
+PREPARE s3 FROM 'SHOW TABLES FROM mysqltest2';
+
+CREATE PROCEDURE p1() SELECT b FROM t1;
+CREATE PROCEDURE p2() SELECT a FROM t2;
+CREATE PROCEDURE p3() SHOW TABLES FROM mysqltest2;
+
+CALL p1;
+CALL p2;
+CALL p3;
+
+--echo
+--echo # Connection: default
+--connection default
+REVOKE SELECT ON t1 FROM testuser@localhost;
+GRANT SELECT(a) ON t1 TO testuser@localhost;
+REVOKE SELECT ON t2 FROM testuser@localhost;
+REVOKE SELECT ON mysqltest2.* FROM testuser@localhost;
+
+--echo
+--echo # Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
+--connection bug57952_con1
+--echo #   - Check column-level privileges...
+--error ER_COLUMNACCESS_DENIED_ERROR
+EXECUTE s1;
+
+--error ER_COLUMNACCESS_DENIED_ERROR
+SELECT b FROM t1;
+
+--error ER_COLUMNACCESS_DENIED_ERROR
+EXECUTE s1;
+
+--error ER_COLUMNACCESS_DENIED_ERROR
+CALL p1;
+
+--echo #   - Check table-level privileges...
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT a FROM t2;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+EXECUTE s2;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+CALL p2;
+
+--echo #   - Check database-level privileges...
+--error ER_DBACCESS_DENIED_ERROR
+SHOW TABLES FROM mysqltest2;
+
+--error ER_DBACCESS_DENIED_ERROR
+EXECUTE s3;
+
+--error ER_DBACCESS_DENIED_ERROR
+CALL p3;
+
+--echo
+--echo # Connection: default
+--connection default
+--disconnect bug57952_con1
+DROP DATABASE mysqltest1;
+DROP DATABASE mysqltest2;
+DROP USER testuser@localhost;
+use test;
+--echo
+
 --echo End of 5.0 tests
 
 disconnect master;
-- 
cgit v1.2.1