revision-id: 730a22c1ce1010e853e7a3e807d1d07409ec4dfc (mariadb-10.2.10-28-g730a22c)
parent(s): 1e2d4f677e08294691a7d218acb3b9f78727ae18
author: Igor Babaev
committer: Igor Babaev
timestamp: 2017-11-13 16:06:04 -0800
message:
Fixed bug mdev-13453 Executing a query via CTE requires more permissions
than the query itself
ACL checks were not properly supported for tables used in CTE
specifications. This patch fixes the problem.
---
mysql-test/r/cte_nonrecursive.result | 58 ++++++++++++++++++++++++++++++++++++
mysql-test/t/cte_nonrecursive.test | 51 +++++++++++++++++++++++++++++++
sql/sql_acl.cc | 4 +++
sql/sql_cte.cc | 3 +-
sql/sql_parse.cc | 4 +++
5 files changed, 119 insertions(+), 1 deletion(-)
diff --git a/mysql-test/r/cte_nonrecursive.result b/mysql-test/r/cte_nonrecursive.result
index ebe1aae..92f9151 100644
--- a/mysql-test/r/cte_nonrecursive.result
+++ b/mysql-test/r/cte_nonrecursive.result
@@ -1147,3 +1147,61 @@ SELECT * FROM cte_test;
a
1
DROP VIEW cte_test;
+#
+# MDEV-13453:
+#
--- a/mysql-test/t/cte_nonrecursive.test
+++ b/mysql-test/t/cte_nonrecursive.test
@@ -790,3 +790,54 @@ SHOW CREATE VIEW cte_test;
SELECT * FROM cte_test;
DROP VIEW cte_test;
+
+--echo #
+--echo # MDEV-13453: privileges checking for CTE
+--echo #
+
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -7557,6 +7557,10 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
tl->correspondent_table ? tl->correspondent_table : tl;
sctx= t_ref->security_ctx ? t_ref->security_ctx : thd->security_ctx;
+ if (tl->with ||
+ (tl->with= tl->select_lex->find_table_def_in_with_clauses(tl)))
+ continue;
+
const ACL_internal_table_access *access=
get_cached_table_access(&t_ref->grant.m_internal,
t_ref->get_db_name(),
diff --git a/sql/sql_cte.cc b/sql/sql_cte.cc
index 6fe08e3..e1bd455 100644
--- a/sql/sql_cte.cc
+++ b/sql/sql_cte.cc
@@ -823,9 +823,10 @@ st_select_lex_unit *With_element::clone_parsed_spec(THD *thd,
tbl;
tbl= tbl->next_global)
{
- tbl->grant.privilege= with_table->grant.privilege;
spec_tables_tail= tbl;
}
+ if (check_table_access(thd, SELECT_ACL, spec_tables, FALSE, UINT_MAX, FALSE))
+ goto err;
if (spec_tables)
{
if (with_table->next_global)
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index bf5144b..39a4da9 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -3443,6 +3443,10 @@ mysql_execute_command(THD *thd)
ulong privileges_requested= lex->exchange ? SELECT_ACL | FILE_ACL :
SELECT_ACL;
+ res= check_dependencies_in_with_clauses(thd->lex->with_clauses_list);
+ if (res)
+ break;