From e541c414816e904124ba7ab3075c3851da0addda Mon Sep 17 00:00:00 2001 From: Dyre Tjeldvoll Date: Thu, 24 Nov 2016 09:57:54 +0100 Subject: Bug#25092566: CREATE TABLE WITH DATA DIRECTORY CLAUSE DOES NOT REQUIRE SPECIAL PRIVILEGES Require FILE privilege when creating tables using external data directory or index directory. --- sql/sql_parse.cc | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'sql/sql_parse.cc') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index ac3901997f3..18cb758c9b5 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -35,6 +35,9 @@ #include "sql_insert.h" // mysql_insert #include "sql_update.h" // mysql_update, mysql_multi_update #include "sql_partition.h" // struct partition_info +#ifdef WITH_PARTITION_STORAGE_ENGINE +#include "partition_info.h" // has_external_data_or_index_dir +#endif /* WITH_PARTITION_STORAGE_ENGINE */ #include "sql_db.h" // mysql_change_db, mysql_create_db, // mysql_rm_db, mysql_upgrade_db, // mysql_alter_db, @@ -2413,7 +2416,6 @@ case SQLCOM_PREPARE: copy. */ Alter_info alter_info(lex->alter_info, thd->mem_root); - if (thd->is_fatal_error) { /* If out of memory when creating a copy of alter_info. */ @@ -2421,6 +2423,15 @@ case SQLCOM_PREPARE: goto end_with_restore_list; } + if (((lex->create_info.used_fields & HA_CREATE_USED_DATADIR) != 0 || + (lex->create_info.used_fields & HA_CREATE_USED_INDEXDIR) != 0) && + check_access(thd, FILE_ACL, NULL, NULL, NULL, FALSE, FALSE)) + { + res= 1; + my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "FILE"); + goto end_with_restore_list; + } + if ((res= create_table_precheck(thd, select_tables, create_table))) goto end_with_restore_list; @@ -2458,6 +2469,12 @@ case SQLCOM_PREPARE: #ifdef WITH_PARTITION_STORAGE_ENGINE { partition_info *part_info= thd->lex->part_info; + if (part_info != NULL && has_external_data_or_index_dir(*part_info) && + check_access(thd, FILE_ACL, NULL, NULL, NULL, FALSE, FALSE)) + { + res= -1; + goto end_with_restore_list; + } if (part_info && !(part_info= thd->lex->part_info->get_clone(true))) { res= -1; -- cgit v1.2.1 From 7849a27cfb1f175888878704d8f6708a23714538 Mon Sep 17 00:00:00 2001 From: Dyre Tjeldvoll Date: Wed, 22 Feb 2017 20:12:25 +0100 Subject: Bug#25514146: DB_NAME IS IGNORED WHEN CREATING TABLE WITH DATA DIRECTORY Problem: CREATE TABLE using a fully qualified name with INDEX DIR/DATA DIR option reports an error when the current database is not SET. check_access() was incorrectly called with NULL as the database argument in a situation where the database name was not needed for the particular privilege being checked. This will cause the current database to be used, or an error to be reported if there is no current database. Fix: Call check_access() with any_db as the database argument in this situation. --- sql/sql_parse.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sql/sql_parse.cc') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 18cb758c9b5..86763b6e3de 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -2425,7 +2425,7 @@ case SQLCOM_PREPARE: if (((lex->create_info.used_fields & HA_CREATE_USED_DATADIR) != 0 || (lex->create_info.used_fields & HA_CREATE_USED_INDEXDIR) != 0) && - check_access(thd, FILE_ACL, NULL, NULL, NULL, FALSE, FALSE)) + check_access(thd, FILE_ACL, any_db, NULL, NULL, FALSE, FALSE)) { res= 1; my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "FILE"); @@ -2470,7 +2470,7 @@ case SQLCOM_PREPARE: { partition_info *part_info= thd->lex->part_info; if (part_info != NULL && has_external_data_or_index_dir(*part_info) && - check_access(thd, FILE_ACL, NULL, NULL, NULL, FALSE, FALSE)) + check_access(thd, FILE_ACL, any_db, NULL, NULL, FALSE, FALSE)) { res= -1; goto end_with_restore_list; -- cgit v1.2.1